WorldWideScience

Sample records for thermal security risks

  1. Security 2020 Reduce Security Risks This Decade

    CERN Document Server

    Howard, Doug; Schneier, Bruce

    2010-01-01

    Identify real security risks and skip the hype After years of focusing on IT security, we find that hackers are as active and effective as ever. This book gives application developers, networking and security professionals, those that create standards, and CIOs a straightforward look at the reality of today's IT security and a sobering forecast of what to expect in the next decade. It debunks the media hype and unnecessary concerns while focusing on the knowledge you need to combat and prioritize the actual risks of today and beyond.IT security needs are constantly evolving; this guide examine

  2. Managing information technology security risk

    Science.gov (United States)

    Gilliam, David

    2003-01-01

    Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

  3. Information risk and security modeling

    Science.gov (United States)

    Zivic, Predrag

    2005-03-01

    This research paper presentation will feature current frameworks to addressing risk and security modeling and metrics. The paper will analyze technical level risk and security metrics of Common Criteria/ISO15408, Centre for Internet Security guidelines, NSA configuration guidelines and metrics used at this level. Information IT operational standards view on security metrics such as GMITS/ISO13335, ITIL/ITMS and architectural guidelines such as ISO7498-2 will be explained. Business process level standards such as ISO17799, COSO and CobiT will be presented with their control approach to security metrics. Top level, the maturity standards such as SSE-CMM/ISO21827, NSA Infosec Assessment and CobiT will be explored and reviewed. For each defined level of security metrics the research presentation will explore the appropriate usage of these standards. The paper will discuss standards approaches to conducting the risk and security metrics. The research findings will demonstrate the need for common baseline for both risk and security metrics. This paper will show the relation between the attribute based common baseline and corporate assets and controls for risk and security metrics. IT will be shown that such approach spans over all mentioned standards. The proposed approach 3D visual presentation and development of the Information Security Model will be analyzed and postulated. Presentation will clearly demonstrate the benefits of proposed attributes based approach and defined risk and security space for modeling and measuring.

  4. Improving Information Security Risk Management

    Science.gov (United States)

    Singh, Anand

    2009-01-01

    manaOptimizing risk to information to protect the enterprise as well as to satisfy government and industry mandates is a core function of most information security departments. Risk management is the discipline that is focused on assessing, mitigating, monitoring and optimizing risks to information. Risk assessments and analyses are critical…

  5. Health Security and Risk Aversion.

    Science.gov (United States)

    Herington, Jonathan

    2016-09-01

    Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

  6. Information security risk analysis

    CERN Document Server

    Peltier, Thomas R

    2001-01-01

    Effective Risk AnalysisQualitative Risk AnalysisValue AnalysisOther Qualitative MethodsFacilitated Risk Analysis Process (FRAP)Other Uses of Qualitative Risk AnalysisCase StudyAppendix A: QuestionnaireAppendix B: Facilitated Risk Analysis Process FormsAppendix C: Business Impact Analysis FormsAppendix D: Sample of ReportAppendix E: Threat DefinitionsAppendix F: Other Risk Analysis OpinionsIndex

  7. Information Security Risk Analysis

    CERN Document Server

    Peltier, Thomas R

    2010-01-01

    Offers readers with the knowledge and the skill-set needed to achieve a highly effective risk analysis assessment. This title demonstrates how to identify threats and then determine if those threats pose a real risk. It is suitable for industry and academia professionals.

  8. MELTER: A model of the thermal response of cargos transported in the Safe-Secure Trailer subject to fire environments for risk assessment applications

    International Nuclear Information System (INIS)

    Larsen, M.E.

    1994-08-01

    MELTER is an analysis of cargo responses inside a fire-threatened Safe-Secure Trailer (SST) developed for the Defense Program Transportation Risk Assessment (DPTRA). Many simplifying assumptions are required to make the subject problem tractable. MELTER incorporates modeling which balances the competing requirements of execution speed, generality, completeness of essential physics, and robustness. Input parameters affecting the analysis include those defining the fire scenario, those defining the cargo loaded in the SST, and those defining properties of the SST. For a specified fire, SST, and cargo geometry MELTER predicts the critical fire duration that will lead to a failure. The principal features of the analysis include: (a) Geometric considerations to interpret fire-scenario descriptors in terms of a thermal radiation boundary condition, (b) a simple model of the SST's wall combining the diffusion model for radiation through optically-thick media with an endothermic reaction front to describe the charring of dimensional, rigid foam in the SST wall, (c) a transient radiation enclosure model, (d) a one-dimensional, spherical idealization of the shipped cargos providing modularity so that cargos of interest can be inserted into the model, and (e) associated numerical methods to integrate coupled, differential equations and find roots

  9. reputation Risks through Information Security Incidents

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2014-05-01

    Full Text Available The article deals with accounting reputational risks arising through information security breaches in the management of a business entity. Security breach incidents which results to the loss of reputation are identified. Based on this analysis the definition of reputational risk in information security is given.

  10. Security risks arising from portable storage devices

    CSIR Research Space (South Africa)

    Molotsi, K

    2012-10-01

    Full Text Available of the security risks arising from the use of PSDs, and further provides possible security countermeasures to help organisations and users to protect their digital assets. APPROACH Literature review: ? To investigate security risks posed by PSDs... technology in the workplace. International Journal of Electronic Security and Digital Forensics. 3(1): 73?81 [3] Kim, K., Kim, E. & Hong S. (2009). Privacy information protection in portable device. Proceedings of International Conference on Convergence...

  11. Information security risk assessment, aggregation, and mitigation

    NARCIS (Netherlands)

    Lenstra, A.K.; Voss, T.; Wang, H.; Pieprzyk, J.; Varadharajan, V.

    2004-01-01

    As part of their compliance process with the Basel 2 operational risk management requirements, banks must define how they deal with information security risk management. In this paper we describe work in progress on a new quantitative model to assess and aggregate information security risks that is

  12. Security Risk Assessment in Software Development Projects

    OpenAIRE

    Svendsen, Heidi

    2017-01-01

    Software security is increasing in importance, linearly with vulnerabilities caused by software flaws. It is not possible to spend all the project s resources on software security. To spend the resources given to security in an effective way, one should know what is most important to protect. By performing a risk analysis the project know which vulnerabilities they face. A risk analysis will prioritise the vulnerabilities, and when the vulnerabilities are prioritised the project know where th...

  13. Nuclear Thermal Propulsion Development Risks

    Science.gov (United States)

    Kim, Tony

    2015-01-01

    There are clear advantages of development of a Nuclear Thermal Propulsion (NTP) for a crewed mission to Mars. NTP for in-space propulsion enables more ambitious space missions by providing high thrust at high specific impulse ((is) approximately 900 sec) that is 2 times the best theoretical performance possible for chemical rockets. Missions can be optimized for maximum payload capability to take more payload with reduced total mass to orbit; saving cost on reduction of the number of launch vehicles needed. Or missions can be optimized to minimize trip time significantly to reduce the deep space radiation exposure to the crew. NTR propulsion technology is a game changer for space exploration to Mars and beyond. However, 'NUCLEAR' is a word that is feared and vilified by some groups and the hostility towards development of any nuclear systems can meet great opposition by the public as well as from national leaders and people in authority. The public often associates the 'nuclear' word with weapons of mass destruction. The development NTP is at risk due to unwarranted public fears and clear honest communication of nuclear safety will be critical to the success of the development of the NTP technology. Reducing cost to NTP development is critical to its acceptance and funding. In the past, highly inflated cost estimates of a full-scale development nuclear engine due to Category I nuclear security requirements and costly regulatory requirements have put the NTP technology as a low priority. Innovative approaches utilizing low enriched uranium (LEU). Even though NTP can be a small source of radiation to the crew, NTP can facilitate significant reduction of crew exposure to solar and cosmic radiation by reducing trip times by 3-4 months. Current Human Mars Mission (HMM) trajectories with conventional propulsion systems and fuel-efficient transfer orbits exceed astronaut radiation exposure limits. Utilizing extra propellant from one additional SLS launch and available

  14. Critical infrastructure cyber-security risk management

    OpenAIRE

    Spyridopoulos, T.; Maraslis, K.; Tryfonas, T.; Oikonomou, G.

    2017-01-01

    Traditional IT cyber-security risk management methods are based on the evaluation of risks calculated as the likelihood of cyber-security incidents occurring. However, these probabilities are usually estimations or guesses based on past experience and incomplete data. Incorrect estimations can lead to errors in the evaluation of risks that can ultimately affect the protection of the system. This issue is also transferred to methods used in Industrial Control Systems (ICSs), as they are mainly...

  15. Competition, Speculative Risks, and IT Security Outsourcing

    Science.gov (United States)

    Cezar, Asunur; Cavusoglu, Huseyin; Raghunathan, Srinivasan

    Information security management is becoming a more critical and, simultaneously, a challenging function for many firms. Even though many security managers are skeptical about outsourcing of IT security, others have cited reasons that are used for outsourcing of traditional IT functions for why security outsourcing is likely to increase. Our research offers a novel explanation, based on competitive externalities associated with IT security, for firms' decisions to outsource IT security. We show that if competitive externalities are ignored, then a firm will outsource security if and only if the MSSP offers a quality (or a cost) advantage over in-house operations, which is consistent with the traditional explanation for security outsourcing. However, a higher quality is neither a prerequisite nor a guarantee for a firm to outsource security. The competitive risk environment and the nature of the security function outsourced, in addition to quality, determine firms' outsourcing decisions. If the reward from the competitor's breach is higher than the loss from own breach, then even if the likelihood of a breach is higher under the MSSP the expected benefit from the competitive demand externality may offset the loss from the higher likelihood of breaches, resulting in one or both firms outsourcing security. The incentive to outsource security monitoring is higher than that of infrastructure management because the MSSP can reduce the likelihood of breach on both firms and thus enhance the demand externality effect. The incentive to outsource security monitoring (infrastructure management) is higher (lower) if either the likelihood of breach on both firms is lower (higher) when security is outsourced or the benefit (relative to loss) from the externality is higher (lower). The benefit from the demand externality arising out of a security breach is higher when more of the customers that leave the breached firm switch to the non-breached firm.

  16. Risk assessment techniques for civil aviation security

    Energy Technology Data Exchange (ETDEWEB)

    Tamasi, Galileo, E-mail: g.tamasi@enac.rupa.i [Ente Nazionale per l' Aviazione Civile-Direzione Progetti, Studi e Ricerche, Via di Villa Ricotti, 42, 00161 Roma (Italy); Demichela, Micaela, E-mail: micaela.demichela@polito.i [SAfeR-Centro Studi su Sicurezza, Affidabilita e Rischi, Dipartimento di Scienza dei Materiali e Ingegneria Chimica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129 Torino (Italy)

    2011-08-15

    Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

  17. Risk assessment techniques for civil aviation security

    International Nuclear Information System (INIS)

    Tamasi, Galileo; Demichela, Micaela

    2011-01-01

    Following the 9/11 terrorists attacks in New York a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimization of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyze the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness.

  18. Risk and Soviet Security Decisions

    National Research Council Canada - National Science Library

    Hull, Andrew

    1990-01-01

    .... There are several exceptions to general Soviet risk aversion in using military power. But in each instance, the Soviet Union has fared rather badly when it chanced large risks in pursuit of correspondingly high potential gains...

  19. Climate Change and Risks to National Security

    Science.gov (United States)

    Titley, D.

    2017-12-01

    Climate change impacts national security in three ways: through changes in the operating environments of the military; by increasing risks to security infrastructure, specifically bases and training ranges; and by exacerbating and accelerating the risks of state collapse and conflict in regions that are already fragile and unstable. Additionally there will be unique security challenges in the Arctic as sea-ice melts out and human activities increase across multiple dimensions. Military forces will also likely see increased demand for Humanitarian Assistance and Disaster Relief resulting from a combination of increased human population, rising sea-level, and potentially stronger and wetter storms. The talk will explore some of the lesser known aspects of these changes, examine selected climate-driven 'wild cards' that have the potential to disrupt regional and global security, and explore how migration in the face of a changing climate may heighten security issues. I will assess the positions U.S. executive and legislative branches with respect to climate & security, and how those positions have evolved since the November 2016 election, sometimes in counter-intuitive ways. The talk will close with some recommended courses of action the security enterprise can take to manage this climate risk.

  20. Securing the energy industry : perspectives in security risk management

    Energy Technology Data Exchange (ETDEWEB)

    Hurd, G.L. [Anadarko Canada Corp., Calgary, AB (Canada)

    2003-07-01

    This presentation offered some perspectives in security risk management as it relates to the energy sector. Since the events of September 11, 2001 much attention has been given to terrorism and the business is reviewing protection strategies. The paper made reference to each of the following vulnerabilities in the energy sector: information technology, globalization, business restructuring, interdependencies, political/regulatory change, and physical/human factors. The vulnerability of information technology is that it can be subject to cyber and virus attacks. Dangers of globalization lie in privacy and information security, forced nationalization, organized crime, and anti-globalization efforts. It was noted that the Y2K phenomenon provided valuable lessons regarding interdependencies and the effects of power outages, water availability, transportation disruption, common utility corridor accidents, and compounding incidents. The paper also noted the conflict between the government's desire to have a resilient infrastructure that can withstand and recover from attacks versus a company's ability to afford this capability. The physical/human factors that need to be considered in risk management include crime, domestic terrorism, and disasters such as natural disasters, industrial disasters and crisis. The energy industry has geographically dispersed vulnerable systems. It has done a fair job of physical security and has good emergency management practices, but it was noted that the industry cannot protect against all threats. A strategy of vigilance and awareness is needed to deal with threats. Other strategies include contingency planning, physical security, employee communication, and emergency response plans. tabs., figs.

  1. Security risks in IP telephony

    OpenAIRE

    Řezáč, Filip; Vozňák, Miroslav

    2010-01-01

    This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT) as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against...

  2. Security Risks in IP Telephony

    Directory of Open Access Journals (Sweden)

    Filip Rezac

    2010-01-01

    Full Text Available This paper deals with VoIP communication security and various techniques of VoIP attacks. We divided these threats in several categories according to their specific behaviour and their impact on the affected system. We also tried to find effective methods to prevent or mitigate these attacks. We focused our work on Spam over Internet Telephony (SPIT as a real threat for the future. We have developed both a tool generating SPIT attacks and AntiSPIT tool defending communication systems against SPIT attacks. AntiSPIT represents an effective protection based on statistical blacklist and works without participation of the called party which is a significant advantage.

  3. Optimal security investments and extreme risk.

    Science.gov (United States)

    Mohtadi, Hamid; Agiwal, Swati

    2012-08-01

    In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one-period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance. © 2012 Society for Risk Analysis.

  4. Vulnerability Identification Errors in Security Risk Assessments

    OpenAIRE

    Taubenberger, Stefan

    2014-01-01

    At present, companies rely on information technology systems to achieve their business objectives, making them vulnerable to cybersecurity threats. Information security risk assessments help organisations to identify their risks and vulnerabilities. An accurate identification of risks and vulnerabilities is a challenge, because the input data is uncertain. So-called ’vulnerability identification errors‘ can occur if false positive vulnerabilities are identified, or if vulnerabilities remain u...

  5. Information Security Risk Assessment in Hospitals.

    Science.gov (United States)

    Ayatollahi, Haleh; Shagerdi, Ghazal

    2017-01-01

    To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

  6. Evaluation of thermal risk assessment

    International Nuclear Information System (INIS)

    Loos, J.J.; Perry, E.S.

    1993-01-01

    Risk assessment was done in 1983 to estimate the ecological hazard of increasing the generating load and thermal output of an electric generating station. Subsequently, long-term monitoring in the vicinity of the station allowed verification of the predictions made in the risk assessment. This presentation will review the efficacy of early risk assessment methods in producing useful predictions from a resource management point of view. In 1984, the Chalk Point Generating facility of the Potomac Electric Power Company increased it's median generating load by 100%. Prior to this operational change, the Academy of Natural Sciences of Philadelphia synthesized site specific data, model predictions, and results from literature to assess the risk of additional waste heat to the Patuxent River subestuary of Chesapeake Bay. Risk was expressed as the number of days per year that various species of fish and the blue crab would be expected to avoid the discharge vicinity. Accuracy of these predictions is assessed by comparing observed fish and crab distributions and their observed frequencies of avoidance to those predicted. It is concluded that the predictions of this early risk assessment were sufficiently accurate to produce a reliable resource management decision

  7. Risk to Water Security on Small Islands

    Science.gov (United States)

    Holding, S. T.; Allen, D. M.

    2013-12-01

    The majority of fresh water available on small islands is shallow groundwater that forms a freshwater lens. Freshwater lenses are generally limited in extent and as such are vulnerable to many stressors that impact water security. These include stressors related to climate change, such as sea level rise, as well as those related to human impacts, such as contamination. Traditionally, water security assessments have focussed on indicators that provide a snapshot of the current condition. However, recent work suggests that in order to effectively manage the water system, it is also important to consider uncertain future impacts to the system by evaluating how different stressors might impact water security. In this study, a framework for assessing risk to water security was developed and tested on Andros Island in The Bahamas. The assessment comprises two main components that characterise the water system: numerical modelling studies and a hazard survey. A baseline numerical model of the freshwater lens throughout Andros Island was developed to simulate the morphology of the freshwater lens and estimate the freshwater resources currently available. The model was prepared using SEAWAT, a density-dependent flow and solute transport code. Various stressors were simulated in the model to evaluate the response of the freshwater lens to predicted future shifts in climate patterns, sea level rise, and changes in water use. A hazard survey was also conducted on the island to collect information related to the storage of contaminants, sanitation infrastructure, waste disposal practices and groundwater abstraction rates. The results of the survey form a geo-spatial database of the location and associated hazards to the freshwater lens. The resulting risk framework provides a ranking of overall risk to water security based on information from the numerical modelling and hazard survey. The risk framework is implemented in a Geographic Information System (GIS) and provides a map

  8. Practical Methods for Information Security Risk Management

    Directory of Open Access Journals (Sweden)

    Cristian AMANCEI

    2011-01-01

    Full Text Available The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.

  9. INFORMATION SECURITY RISK ASSESSMENT USING EXISTING LEGAL AND METHODOLOGICAL BASE

    Directory of Open Access Journals (Sweden)

    A. I. Trubei

    2015-01-01

    Full Text Available The article provides a survey of the existing regulatory framework for information security riskmanagement. Practical methods for information security risk and vulnerability assessment are proposed.

  10. Risk Analysis and Security Countermeasure Selection

    CERN Document Server

    Norman, Thomas L

    2009-01-01

    Explains how to evaluate the appropriateness of security countermeasures, from a cost-effectiveness perspective. This title guides readers from basic principles to complex processes in a step-by-step fashion, evaluating DHS-approved risk assessment methods, including CARVER, API/NPRA, RAMCAP, and various Sandia methodologies

  11. Information Security Risks on a University Campus

    Directory of Open Access Journals (Sweden)

    Amer A. Al-Rawas

    2002-06-01

    Full Text Available This paper is concerned with issues relating to security in the provision of information systems (IS services within a campus environment. It is based on experiences with a specific known environment; namely Sultan Qaboos University. In considering the risks and challenges that face us in the provision of IS services we need to consider a number of interwoven subject areas.  These are: the importance of information to campus communities, the types of information utilised, and the risk factors that relate to the provision of IS services. Based on our discussion of the risk factors identified within this paper, we make a number of recommendations for improving security within any environment that wishes to take the matter seriously. These recommendations are classified into three main groups: general, which are applicable to the entire institution; social, aimed at the work attitudes of staff and students; and technical, addressing the skills and technologies required.

  12. Towards Agile Security Risk Management in RE and Beyond

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Bakalova, Z.; Tun, Thein Tan; Daneva, Maia

    Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security

  13. Audit Teknologiinformasiatas Physical Security Control Dan Logical Security Control Serta Penentuan Kondisi Security Risk Studi Kasus: PT Talc Indonesia

    OpenAIRE

    Inggrid; Arfianti, Rizka I; Utami, Viany

    2009-01-01

    Abstract The fast growth of technology has an impact to the accounting field. This relates to the term of information technology (17) auditing. One of the risI6 of using information technology in business which can be fatal enough i fignored is security risk Security risk can be reduced by security controls which include physical security control and logical security contra Information technology auditing is the process of collecting and evaluating evidence to determine whether or not a co...

  14. Security engineering: Phisical security measures for high-risk personnel

    Directory of Open Access Journals (Sweden)

    Jelena S. Cice

    2013-06-01

    Full Text Available The design of physical security measures is a specialized technical area that does not fall in the normal skill record and resume of commanders, architects, engineers, and project managers. This document provides guidance to those parties tasked with implementing existing and emerging physical protection system requirements: -    Creation of a single-source reference for the design and construction of physical security measures for high-risk personnel (HRP. -    Promulgation of multi-service standard recommendations and considerations. -    Potential increase of productivity of HRP and reduced temporary housing costs through clarification of considerations, guidance on planning, and provision of design solutions. -    Reduction of facility project costs. -    Better performance of modernized facilities, in terms of force protection, than original facilities. Throughout this process you must ensure: confidentiality, appropriate Public Relations, sustainability, compliance with all industrial guidelines and legal and regulatory requirement, constant review and revision to accommodate new circumstances or threats. Introduction Physical security is an extremely broad topic. It encompasses access control devices such as smart cards, air filtration and fireproofing. It is also heavily reliant on infrastructure. This means that many of the ideal physical security measures may not be economically or physically feasible for existing sites. Many businesses do not have the option of building their own facility from the ground up; thus physical security often must be integrated into an existing structure. This limits the overall set of security measures that can be installed. There is an aspect of physical security that is often overlooked; the humans that interact with it. Humans commit crime for a number of reasons. The document focuses on two building types: the HRP office and the HRP residence. HRP are personnel who are likely to be

  15. RISK MANAGEMENT FROM THE INFORMATION SECURITY PERSPECTIVE

    Directory of Open Access Journals (Sweden)

    Riza Ionuț

    2017-11-01

    Full Text Available Risk management has emerged ever since the appearance of human communities and it has developed at a slow rate. Over time, a significant improvement was made, from accepting hazards to the identification, evaluation and control of unwanted events, threat prevention and exploitation of opportunities through scientific risk management actions. The fundamental role of research in cyber security is to concentrate the efforts on those contexts and conditions which determine the way in which key players reach a common understanding of the way to conceive and eventually answer to certain challenges in cyber security. In order to build a clear perception of these effects, this work presents the main elements which define cyber space, to come to the aid of turning the management process into an efficient one, especially when talking about cyber space as a space for conflicts, both economic and political.

  16. Asset backed securities : risks, ratings and quantitative modelling

    NARCIS (Netherlands)

    Jönsson, B.H.B.; Schoutens, W.

    2009-01-01

    Asset backed securities (ABSs) are structured finance products backed by pools of assets and are created through a securitisation process. The risks in asset backed securities, such as, credit risk, prepayment risk, market risks, operational risk, and legal risks, are directly connected with the

  17. Aviation Security, Risk Assessment, and Risk Aversion for Public Decisionmaking

    Science.gov (United States)

    Stewart, Mark G.; Mueller, John

    2013-01-01

    This paper estimates risk reductions for each layer of security designed to prevent commercial passenger airliners from being commandeered by terrorists, kept under control for some time, and then crashed into specific targets. Probabilistic methods are used to characterize the uncertainty of rates of deterrence, detection, and disruption, as well…

  18. THE MODEL FOR RISK ASSESSMENT ERP-SYSTEMS INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    V. S. Oladko

    2016-12-01

    Full Text Available The article deals with the problem assessment of information security risks in the ERP-system. ERP-system functions and architecture are studied. The model malicious impacts on levels of ERP-system architecture are composed. Model-based risk assessment, which is the quantitative and qualitative approach to risk assessment, built on the partial unification 3 methods for studying the risks of information security - security models with full overlapping technique CRAMM and FRAP techniques developed.

  19. A Security Risk Measurement for the RAdAC Model

    National Research Council Canada - National Science Library

    Britton, David W; Brown, Ian A

    2007-01-01

    .... The intent is to quantify the risk involved in a single information transaction. Additionally, this thesis will attempt to identify the risk factors involved when calculating the total security risk measurement...

  20. Security engineering: systems engineering of security through the adaptation and application of risk management

    Science.gov (United States)

    Gilliam, David P.; Feather, Martin S.

    2004-01-01

    Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

  1. Development of a cyber security risk model using Bayesian networks

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman; Heo, Gyunyoung

    2015-01-01

    Cyber security is an emerging safety issue in the nuclear industry, especially in the instrumentation and control (I and C) field. To address the cyber security issue systematically, a model that can be used for cyber security evaluation is required. In this work, a cyber security risk model based on a Bayesian network is suggested for evaluating cyber security for nuclear facilities in an integrated manner. The suggested model enables the evaluation of both the procedural and technical aspects of cyber security, which are related to compliance with regulatory guides and system architectures, respectively. The activity-quality analysis model was developed to evaluate how well people and/or organizations comply with the regulatory guidance associated with cyber security. The architecture analysis model was created to evaluate vulnerabilities and mitigation measures with respect to their effect on cyber security. The two models are integrated into a single model, which is called the cyber security risk model, so that cyber security can be evaluated from procedural and technical viewpoints at the same time. The model was applied to evaluate the cyber security risk of the reactor protection system (RPS) of a research reactor and to demonstrate its usefulness and feasibility. - Highlights: • We developed the cyber security risk model can be find the weak point of cyber security integrated two cyber analysis models by using Bayesian Network. • One is the activity-quality model signifies how people and/or organization comply with the cyber security regulatory guide. • Other is the architecture model represents the probability of cyber-attack on RPS architecture. • The cyber security risk model can provide evidence that is able to determine the key element for cyber security for RPS of a research reactor

  2. Security Risks Management in Selected Academic Libraries in Osun ...

    African Journals Online (AJOL)

    The survival of a library depends to a large extent on how secured its collections are. Security of collections constitutes a critical challenge facing academic libraries in Nigeria. It is against this background that this study investigated the security risks management in selected academic libraries in Osun State, Nigeria.

  3. Risk Based Security Management at Research Reactors

    Energy Technology Data Exchange (ETDEWEB)

    Ek, David R. [Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)

    2015-09-01

    This presentation provides a background of what led to the international emphasis on nuclear security and describes how nuclear security is effectively implemented so as to preserve the societal benefits of nuclear and radioactive materials.

  4. Security Risks: Management and Mitigation in the Software Life Cycle

    Science.gov (United States)

    Gilliam, David P.

    2004-01-01

    A formal approach to managing and mitigating security risks in the software life cycle is requisite to developing software that has a higher degree of assurance that it is free of security defects which pose risk to the computing environment and the organization. Due to its criticality, security should be integrated as a formal approach in the software life cycle. Both a software security checklist and assessment tools should be incorporated into this life cycle process and integrated with a security risk assessment and mitigation tool. The current research at JPL addresses these areas through the development of a Sotfware Security Assessment Instrument (SSAI) and integrating it with a Defect Detection and Prevention (DDP) risk management tool.

  5. Improving organisational resilience through enterprise security risk management.

    Science.gov (United States)

    Petruzzi, John; Loyear, Rachelle

    Enterprise Security Risk Management (ESRM) is a new philosophy and method of managing security programmes through the use of traditional risk principles. As a philosophy and life cycle, ESRM is focused on creating a business partnership between security practitioners and business leaders to more effectively provide protection against security risks in line with acceptable risk tolerances as defined by business asset owners and stakeholders. This paper explores the basics of the ESRM philosophy and life cycle and also shows how embracing the ESRM philosophy and implementing a risk-based security management model in the business organisation can lead to higher levels of organisational resilience as desired by organisation leaders, executives and the board of directors.

  6. Limiting Future Proliferation and Security Risks

    International Nuclear Information System (INIS)

    Bari, R.

    2011-01-01

    A major new technical tool for evaluation of proliferation and security risks has emerged over the past decade as part the activities of the Generation IV International Forum. The tool has been developed by a consensus group from participating countries and organizations and is termed the Proliferation Resistance and Physical Protection (PR and PP) Evaluation Methodology. The methodology defines a set of challenges, analyzes system response to these challenges, and assesses outcomes. The challenges are the threats posed by potential actors (proliferant states or sub-national adversaries). It is of paramount importance in an evaluation to establish the objectives, capabilities, resources, and strategies of the adversary as well as the design and protection contexts. Technical and institutional characteristics are both used to evaluate the response of the system and to determine its resistance against proliferation threats and robustness against sabotage and terrorism threats. The outcomes of the system response are expressed in terms of a set of measures, which thereby define the PR and PP characteristics of the system. This paper summarizes results of applications of the methodology to nuclear energy systems including reprocessing facilities and large and small modular reactors. The use of the methodology in the design phase a facility will be discussed as it applies to future safeguards concepts.

  7. Risk-informed, performance-based safety-security interface

    International Nuclear Information System (INIS)

    Mrowca, B.; Eltawila, F.

    2012-01-01

    Safety-security interface is a term that is used as part of the commercial nuclear power security framework to promote coordination of the many potentially adverse interactions between plant security and plant safety. Its object is to prevent the compromise of either. It is also used to describe the concept of building security into a plant's design similar to the long standing practices used for safety therefore reducing the complexity of the operational security while maintaining or enhancing overall security. With this in mind, the concept of safety-security interface, when fully implemented, can influence a plant's design, operation and maintenance. It brings the approach use for plant security to one that is similar to that used for safety. Also, as with safety, the application of risk-informed techniques to fully implement and integrate safety and security is important. Just as designers and operators have applied these techniques to enhance and focus safety, these same techniques can be applied to security to not only enhance and focus the security but also to aid in the implementation of effective techniques to address the safety-security interfaces. Implementing this safety-security concept early within the design process can prevent or reduce security vulnerabilities through low cost solutions that often become difficult and expensive to retrofit later in the design and/or post construction period. These security considerations address many of the same issues as safety in ensuring that the response of equipment and plant personnel are adequate. That is, both safety and security are focused on reaching safe shutdown and preventing radiological release. However, the initiation of challenges and the progression of actions in response these challenges and even the definitions of safe shutdown can be considerably different. This paper explores the techniques and limitations that are employed to fully implement a risk-informed, safety-security interface

  8. Potential risks and threats to international security

    Directory of Open Access Journals (Sweden)

    Iurie RICHICINSCHI

    2016-12-01

    Full Text Available Today we can ascertain with certainty that in the early part of the 21st century, the challenges addressed to the current security environment tend to become increasingly diffuse, less predictable and multidimensional, being both a feature of external security, as well as an internal one and, of course, becoming an indispensable part of security policies and strategies. Therefore, the need for international cooperation as a foundation for the stability of the security environment has increased. It should provide a sense of trust and peace by ensuring the absence of danger both for the individual and for the community to which he belongs.

  9. MINIMIZATION OF IMPACTS PERTAINING TO EXTERNAL AND INTERNAL ENERGY SECURITY THREATS OF THERMAL POWER PLANTS

    Directory of Open Access Journals (Sweden)

    V. N. Nagornov

    2012-01-01

    Full Text Available The paper contains a classification of internal and external threats for thermal power plants and recommendations on minimization of these risks. A set of concrete measures aimed at ensuring TPP energy security has been presented in the paper. The system comprises preventive measures aimed at reducing the possibilities of emergence and implementation of internal and external threats. The system also presupposes to decrease susceptibility of fuel- and energy supply systems to the threats, and application of liquidation measures that ensure elimination of emergency situation consequences and restoration of the conditions concerning fuel- and power supply to consumers.

  10. National security risks? Uncertainty, austerity and other logics of risk in the UK government’s National Security Strategy

    NARCIS (Netherlands)

    Hammerstad, A.; Boas, I.J.C.

    2015-01-01

    Risk scholars within Security Studies have argued that the concept of security has gone through a fundamental transformation away from a threat-based conceptualisation of defence, urgency
    and exceptionality to one of preparedness, precautions and prevention of future risks, some of which are

  11. Security breaches: tips for assessing and limiting your risks.

    Science.gov (United States)

    Coons, Leeanne R

    2011-01-01

    As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

  12. Context-sensitive Information security Risk identification and evaluation techniques

    NARCIS (Netherlands)

    Ionita, Dan

    2014-01-01

    The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no

  13. Applications of nuclear safety probabilistic risk assessment to nuclear security for optimized risk mitigation

    Energy Technology Data Exchange (ETDEWEB)

    Donnelly, S.K.; Harvey, S.B. [Amec Foster Wheeler, Toronto, Ontario (Canada)

    2016-06-15

    Critical infrastructure assets such as nuclear power generating stations are potential targets for malevolent acts. Probabilistic methodologies can be applied to evaluate the real-time security risk based upon intelligence and threat levels. By employing this approach, the application of security forces and other protective measures can be optimized. Existing probabilistic safety analysis (PSA) methodologies and tools employed. in the nuclear industry can be adapted to security applications for this purpose. Existing PSA models can also be adapted and enhanced to consider total plant risk, due to nuclear safety risks as well as security risks. By creating a Probabilistic Security Model (PSM), safety and security practitioners can maximize the safety and security of the plant while minimizing the significant costs associated with security upgrades and security forces. (author)

  14. Agent of opportunity risk mitigation: people, engineering, and security efficacy.

    Science.gov (United States)

    Graham, Margaret E; Tunik, Michael G; Farmer, Brenna M; Bendzans, Carly; McCrillis, Aileen M; Nelson, Lewis S; Portelli, Ian; Smith, Silas; Goldberg, Judith D; Zhang, Meng; Rosenberg, Sheldon D; Goldfrank, Lewis R

    2010-12-01

    Agents of opportunity (AO) are potentially harmful biological, chemical, radiological, and pharmaceutical substances commonly used for health care delivery and research. AOs are present in all academic medical centers (AMC), creating vulnerability in the health care sector; AO attributes and dissemination methods likely predict risk; and AMCs are inadequately secured against a purposeful AO dissemination, with limited budgets and competing priorities. We explored health care workers' perceptions of AMC security and the impact of those perceptions on AO risk. Qualitative methods (survey, interviews, and workshops) were used to collect opinions from staff working in a medical school and 4 AMC-affiliated hospitals concerning AOs and the risk to hospital infrastructure associated with their uncontrolled presence. Secondary to this goal, staff perception concerning security, or opinions about security behaviors of others, were extracted, analyzed, and grouped into themes. We provide a framework for depicting the interaction of staff behavior and access control engineering, including the tendency of staff to "defeat" inconvenient access controls. In addition, 8 security themes emerged: staff security behavior is a significant source of AO risk; the wide range of opinions about "open" front-door policies among AMC staff illustrates a disparity of perceptions about the need for security; interviewees expressed profound skepticism concerning the effectiveness of front-door access controls; an AO risk assessment requires reconsideration of the security levels historically assigned to areas such as the loading dock and central distribution sites, where many AOs are delivered and may remain unattended for substantial periods of time; researchers' view of AMC security is influenced by the ongoing debate within the scientific community about the wisdom of engaging in bioterrorism research; there was no agreement about which areas of the AMC should be subject to stronger access

  15. The new risk paradigm for chemical process security and safety.

    Science.gov (United States)

    Moore, David A

    2004-11-11

    The world of safety and security in the chemical process industries has certainly changed since 11 September, but the biggest challenges may be yet to come. This paper will explain that there is a new risk management paradigm for chemical security, discuss the differences in interpreting this risk versus accidental risk, and identify the challenges we can anticipate will occur in the future on this issue. Companies need to be ready to manage the new chemical security responsibilities and to exceed the expectations of the public and regulators. This paper will outline the challenge and a suggested course of action.

  16. Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

    Science.gov (United States)

    Shim, Woohyun

    2010-01-01

    An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

  17. Evaluating the Security Risks of System Using Hidden Markov Models

    African Journals Online (AJOL)

    System security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of ...

  18. Using Financial Instruments to Transfer the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Pankaj Pandey

    2016-05-01

    Full Text Available For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information security event. Thus, this article addresses the limitations in the cyber-(reinsurance markets with a set of capital market-based financial instruments. This article presents a set of information security derivatives, namely options, vanilla options, swap, and futures that can be traded at an information security prediction market. Furthermore, this article demonstrates the usefulness of information security derivatives in a given scenario and presents an evaluation of the same in comparison with cyber-insurance. In our analysis, we found that the information security derivatives can at least be a partial solution to the problems in the cyber-insurance markets. The information security derivatives can be used as an effective tool for information elicitation and aggregation, cyber risk pricing, risk hedging, and strategic decision making for information security risk management.

  19. ArgueSecure: Out-of-the-box Risk Assessment

    NARCIS (Netherlands)

    Ionita, Dan; Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Baltuta, Andrei

    Most established security risk assessment methodologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed

  20. Information security risk management for ISO27001/ISO27002

    CERN Document Server

    Calder, A; Watkins, S

    2010-01-01

    Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

  1. Safety and security risk assessments--now demystified!

    Science.gov (United States)

    White, Donald E

    2011-01-01

    Safety/security risk assessments no longer need to spook nor baffle healthcare safety/security managers. This grid template provides at-at-glance quick lookup of the possible threats, the affected people and things, a priority ranking of these risks, and a workable solution for each risk. Using the standard document, spreadsheet, or graphics software already available on your computer, you can easily use a scientific method to produce professional looking risk assessments that get quickly understood by both senior managers and first responders alike!

  2. Global water risks and national security: Building resilience (Invited)

    Science.gov (United States)

    Pulwarty, R. S.

    2013-12-01

    The UN defines water security as the capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability. This definition highlights complex and interconnected challenges and underscores the centrality of water for environmental services and human aactivities. Global risks are expressed at the national level. The 2010 Quadrennial Defense Review and the 2010 National Security Strategy identify climate change as likely to trigger outcomes that will threaten U.S. security including how freshwater resources can become a security issue. Impacts will be felt on the National Security interest through water, food and energy security, and critical infrastructure. This recognition focuses the need to consider the rates of change in climate extremes, in the context of more traditional political, economic, and social indicators that inform security analyses. There is a long-standing academic debate over the extent to which resource constraints and environmental challenges lead to inter-state conflict. It is generally recognized that water resources as a security issue to date exists mainly at the substate level and has not led to physical conflict between nation states. In conflict and disaster zones, threats to water security increase through inequitable and difficult access to water supply and related services, which may aggravate existing social fragility, tensions, violence, and conflict. This paper will (1) Outline the dimensions of water security and its links to national security (2) Analyze water footprints and management risks for key basins in the US and around the world, (3) map the link between global water security and national concerns, drawing lessons from the drought of 2012 and elsewhere

  3. Risk evaluation system for facility safeguards and security planning

    International Nuclear Information System (INIS)

    Udell, C.J.; Carlson, R.L.

    1987-01-01

    The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planing assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily

  4. Risk evaluation system for facility safeguards and security planning

    International Nuclear Information System (INIS)

    Udell, C.J.; Carlson, R.L.

    1987-01-01

    The Risk Evaluation System (RES) is an integrated approach to determining safeguards and security effectiveness and risk. RES combines the planning and technical analysis into a format that promotes an orderly development of protection strategies, planning assumptions, facility targets, vulnerability and risk determination, enhancement planning, and implementation. In addition, the RES computer database program enhances the capability of the analyst to perform a risk evaluation of the facility. The computer database is menu driven using data input screens and contains an algorithm for determining the probability of adversary defeat and risk. Also, base case and adjusted risk data records can be maintained and accessed easily

  5. Asset Identification for Security Risk Assessment in Web Applications

    OpenAIRE

    Hisham M. Haddad; Brunil D. Romero

    2009-01-01

    As software applications become more complex they require more security, allowing them to reach an appropriate level of quality to manage information, and therefore achieving business objectives. Web applications represent one segment of software industry where security risk assessment is essential. Web engineering must address new challenges to provide new techniques and tools that guarantee high quality application development. This work focuses asset identification, the initial step in sec...

  6. Guidelines for developing NASA (National Aeronautics and Space Administration) ADP security risk management plans

    Science.gov (United States)

    Tompkins, F. G.

    1983-01-01

    This report presents guidance to NASA Computer security officials for developing ADP security risk management plans. The six components of the risk management process are identified and discussed. Guidance is presented on how to manage security risks that have been identified during a risk analysis performed at a data processing facility or during the security evaluation of an application system.

  7. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version)

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.

    2010-01-01

    Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present Risk-Based Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security

  8. Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

    Energy Technology Data Exchange (ETDEWEB)

    Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory

    2009-01-01

    The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

  9. Game Theoretic Risk Analysis of Security Threats

    CERN Document Server

    Bier, Vicki M

    2008-01-01

    Introduces reliability and risk analysis in the face of threats by intelligent agents. This book covers applications to networks, including problems in both telecommunications and transportation. It provides a set of tools for applying game theory TO reliability problems in the presence of intentional, intelligent threats

  10. An approach to security risk assessment.

    Science.gov (United States)

    Engells, Thomas E

    2012-01-01

    Use of a brief survey instrument described in this article can be a useful means of obtaining actionable information in regards to risk assessment and crime prevention, the author points out. The survey yields data that assists in the prioritization of effort that can enhance the impact of a limited pool of qualified specialists.

  11. Insuring Life : Value, Security and Risk

    NARCIS (Netherlands)

    Lobo-Guerrero, Luis

    2016-01-01

    This book is a contribution to the scholarly engagement with the wider problem of governing through risk and the politics of uncertainty. It takes life insurance as an empirical site from which to ask: what is the kind of governance created through insurance an instance of, and how does it

  12. Professional Autonomy and Security Risks of Journalists in Colombia

    Directory of Open Access Journals (Sweden)

    Miguel E. Garcés Prettel

    2017-01-01

    Full Text Available This paper analyzes the relationship between professional autonomy and security risks of journalists in Colombia. A correlational-transversal research was conducted with a sample of 751 journalists who filled out the questionnaire “Worlds of Journalism Study”. The results show significant differences on the attacks received by the journalists depending on gender, news beat, region, news media, years of experience, capacity and educational level of journalists. Attacks on journalists correlates positively with the autonomy to publish and write news on governments, armed forces, criminal gangs and structural social problems (poverty, status of ethnic minorities, socioeconomic inequality, environmental damage the latter being a predictor of high risk security.

  13. Risk assessment of climate systems for national security.

    Energy Technology Data Exchange (ETDEWEB)

    Backus, George A.; Boslough, Mark Bruce Elrick; Brown, Theresa Jean; Cai, Ximing; Conrad, Stephen Hamilton; Constantine, Paul G; Dalbey, Keith R.; Debusschere, Bert J.; Fields, Richard; Hart, David Blaine; Kalinina, Elena Arkadievna; Kerstein, Alan R.; Levy, Michael; Lowry, Thomas Stephen; Malczynski, Leonard A.; Najm, Habib N.; Overfelt, James Robert; Parks, Mancel Jordan; Peplinski, William J.; Safta, Cosmin; Sargsyan, Khachik; Stubblefield, William Anthony; Taylor, Mark A.; Tidwell, Vincent Carroll; Trucano, Timothy Guy; Villa, Daniel L.

    2012-10-01

    Climate change, through drought, flooding, storms, heat waves, and melting Arctic ice, affects the production and flow of resource within and among geographical regions. The interactions among governments, populations, and sectors of the economy require integrated assessment based on risk, through uncertainty quantification (UQ). This project evaluated the capabilities with Sandia National Laboratories to perform such integrated analyses, as they relate to (inter)national security. The combining of the UQ results from climate models with hydrological and economic/infrastructure impact modeling appears to offer the best capability for national security risk assessments.

  14. 6 CFR 27.200 - Information regarding security risk for a chemical facility.

    Science.gov (United States)

    2010-01-01

    ... chemical facility. 27.200 Section 27.200 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.200 Information regarding security risk for a chemical facility. (a) Information to determine security risk. In order to...

  15. Nuclear Thermal Rocket (NTR) Development Risk Communication

    Science.gov (United States)

    Kim, Tony

    2014-01-01

    nuclear radiation from Fukushima" which focus on mis-information and fear mongering. Nuclear power and NTR are powerful resources that can open many doors for future prosperity and capability. With great power comes great responsibility. Radiation and its effects need to be better understood, quantified, and communicated. A human mission to mars has its own risks of deep space radiation and is considered a considerable risk at 400 milli-Sieverts per year in deep space and 245 milli-Sieverts per year on the surface of Mars as measured by the Mars Curiosity mission. Although these quantities of ionizing radiation are within the astronaut career limit, it exceeds the yearly average amounts of ionizing radiation. Astronaut crews have experienced these levels of radiation before, but for durations shorter than a year, and a mission to Mars could possibly be 3 years in length. There is also evidence that people can comfortably handle higher levels of ionizing radiation where the radiation occurs naturally like Ramsar, Iran when people can experience 270 milli-Sieverts per year. A risk posture that the development, test, and flight of an NTR will meet opposition from groups who oppose nuclear energy must be likely and the impact can be sever to the effort. Active risk mitigation must be taken for an NTR full-scale development project. The NTR design must take into account safety for transport and off nominal conditions. Nuclear fuel element must consider containment of fission products and Low Enriched Uranium (LEU) that may meet less opposition should be considered for safety and security reasons. Even though testing was conducted on Rover/NERVA safely and successfully in the 60's with exhaust sent heavenward in to open air, modern testing of NTR must consider full containment and no release of ionizing radiation to the public and must meet the current requirement of no more than 0.1 milli-Sieverts per year to the public. 0.1 milli-Sieverts is equivalent to eating one banana or

  16. Hydrocomplexity: Addressing water security and emergent environmental risks

    Science.gov (United States)

    Kumar, Praveen

    2015-07-01

    Water security and emergent environmental risks are among the most significant societal concerns. They are highly interlinked to other global risks such as those related to climate, human health, food, human migration, biodiversity loss, urban sustainability, etc. Emergent risks result from the confluence of unanticipated interactions from evolving interdependencies between complex systems, such as those embedded in the water cycle. They are associated with the novelty of dynamical possibilities that have significant potential consequences to human and ecological systems, and not with probabilities based on historical precedence. To ensure water security we need to be able to anticipate the likelihood of risk possibilities as they present the prospect of the most impact through cascade of vulnerabilities. They arise due to a confluence of nonstationary drivers that include growing population, climate change, demographic shifts, urban growth, and economic expansion, among others, which create novel interdependencies leading to a potential of cascading network effects. Hydrocomplexity aims to address water security and emergent risks through the development of science, methods, and practices with the potential to foster a "Blue Revolution" akin to the Green revolution for food security. It blends both hard infrastructure based solution with soft knowledge driven solutions to increase the range of planning and design, management, mitigation and adaptation strategies. It provides a conceptual and synthetic framework to enable us to integrate discovery science and engineering, observational and information science, computational and communication systems, and social and institutional approaches to address consequential water and environmental challenges.

  17. Development of Risk Assessment Methodology for State's Nuclear Security Regime

    International Nuclear Information System (INIS)

    Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo

    2011-01-01

    Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

  18. Security surveillance challenges and proven thermal imaging capabilities in real-world applications

    Science.gov (United States)

    Francisco, Glen L.; Roberts, Sharon

    2004-09-01

    Uncooled thermal imaging was first introduced to the public in early 1980's by Raytheon (legacy Texas Instruments Defense Segment Electronics Group) as a solution for military applications. Since the introduction of this technology, Raytheon has remained the leader in this market as well as introduced commercial versions of thermal imaging products specifically designed for security, law enforcement, fire fighting, automotive and industrial uses. Today, low cost thermal imaging for commercial use in security applications is a reality. Organizations of all types have begun to understand the advantages of using thermal imaging as a means to solve common surveillance problems where other popular technologies fall short. Thermal imaging has proven to be a successful solution for common security needs such as: ¸ vision at night where lighting is undesired and 24x7 surveillance is needed ¸ surveillance over waterways, lakes and ports where water and lighting options are impractical ¸ surveillance through challenging weather conditions where other technologies will be challenged by atmospheric particulates ¸ low maintenance requirements due to remote or difficult locations ¸ low cost over life of product Thermal imaging is now a common addition to the integrated security package. Companies are relying on thermal imaging for specific applications where no other technology can perform.

  19. Quantitative Security Risk Assessment of Android Permissions and Applications

    OpenAIRE

    Wang , Yang; Zheng , Jun; Sun , Chen; Mukkamala , Srinivas

    2013-01-01

    Part 6: Mobile Computing; International audience; The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose DroidRisk, a framework for quantitative security risk assessment of both Android permissions and applications (apps) based on permission request patterns from benign apps and malware, which aims ...

  20. Analyzing State Security Risks in South China Sea Conflict

    Directory of Open Access Journals (Sweden)

    Дмитрий Владимирович Пивоваров

    2009-09-01

    Full Text Available The article is devoted to the regional security issues in South East Asia. The author analyses the international relations that go closely to the foreign policy and foreign policy strategy problems. The author proposes risk analysis as a new and promising method in political science to generate foreign policy plans and analyze international conflicts and problems.

  1. Enterprise Architecture-Based Risk and Security Modelling and Analysis

    NARCIS (Netherlands)

    Jonkers, Henk; Quartel, Dick; Kordy, Barbara; Ekstedt, Mathias; Seong Kim, Deng

    2016-01-01

    The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects

  2. Reconciling Malicious and Accidental Risk in Cyber Security

    NARCIS (Netherlands)

    Pieters, Wolter; Lukszo, Zofia; Hadziosmanovic, D.; van den Berg, Jan

    Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from

  3. Managing climatic risks for enhanced food security: Key information capabilities

    NARCIS (Netherlands)

    Balaghi, R.; Badjeck, M.C.; Bakari, D.; Pauw, de E.D.; Wit, de A.J.W.; Defourny, P.; Donato, S.; Gommes, R.; Jlibene, M.; Ravelo, A.C.; Sivakumar, M.V.K.; Telahigue, N.; Tychon, B.

    2010-01-01

    Food security is expected to face increasing challenges from climatic risks that are more and more exacerbated by climate change, especially in the developing world. This document lists some of the main capabilities that have been recently developed, especially in the area of operational

  4. Agent-Based Modelling for Security Risk Assessment

    NARCIS (Netherlands)

    Janssen, S.A.M.; Sharpans'kykh, Alexei; Bajo, J.; Vale, Z.; Hallenborg, K.; Rocha, A.P.; Mathieu, P.; Pawlewski, P.; Del Val, E.; Novais, P.; Lopes, F.; Duque Méndez, N.D.; Julián, V.; Holmgren, J.

    2017-01-01

    Security Risk Assessment is commonly performed by using traditional methods based on linear probabilistic tools and informal expert judgements. These methods lack the capability to take the inherent dynamic and intelligent nature of attackers into account. To partially address the limitations,

  5. Security Risks and Protection in Online Learning: A Survey

    Science.gov (United States)

    Chen, Yong; He, Wu

    2013-01-01

    This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have…

  6. Data security and risk assessment in cloud computing

    Directory of Open Access Journals (Sweden)

    Li Jing

    2018-01-01

    Full Text Available Cloud computing has attracted more and more attention as it reduces the cost of IT infrastructure of organizations. In our country, business Cloud services, such as Alibaba Cloud, Huawei Cloud, QingCloud, UCloud and so on are gaining more and more uses, especially small or median organizations. In the cloud service scenario, the program and data are migrating into cloud, resulting the lack of trust between customers and cloud service providers. However, the recent study on Cloud computing is mainly focused on the service side, while the data security and trust have not been sufficiently studied yet. This paper investigates into the data security issues from data life cycle which includes five steps when an organization uses Cloud computing. A data management framework is given out, including not only the data classification but also the risk management framework. Concretely, the data is divided into two varieties, business and personal information. And then, four classification levels (high, medium, low, normal according to the different extent of the potential adverse effect is introduced. With the help of classification, the administrators can identify the application or data to implement corresponding security controls. At last, the administrators conduct the risk assessment to alleviate the risk of data security. The trust between customers and cloud service providers will be strengthen through this way.

  7. Breach Risk Magnitude: A Quantitative Measure of Database Security.

    Science.gov (United States)

    Yasnoff, William A

    2016-01-01

    A quantitative methodology is described that provides objective evaluation of the potential for health record system breaches. It assumes that breach risk increases with the number of potential records that could be exposed, while it decreases when more authentication steps are required for access. The breach risk magnitude (BRM) is the maximum value for any system user of the common logarithm of the number of accessible database records divided by the number of authentication steps needed to achieve such access. For a one million record relational database, the BRM varies from 5.52 to 6 depending on authentication protocols. For an alternative data architecture designed specifically to increase security by separately storing and encrypting each patient record, the BRM ranges from 1.3 to 2.6. While the BRM only provides a limited quantitative assessment of breach risk, it may be useful to objectively evaluate the security implications of alternative database organization approaches.

  8. Flood Risk Assessment Based On Security Deficit Analysis

    Science.gov (United States)

    Beck, J.; Metzger, R.; Hingray, B.; Musy, A.

    Risk is a human perception: a given risk may be considered as acceptable or unac- ceptable depending on the group that has to face that risk. Flood risk analysis of- ten estimates economic losses from damages, but neglects the question of accept- able/unacceptable risk. With input from land use managers, politicians and other stakeholders, risk assessment based on security deficit analysis determines objects with unacceptable risk and their degree of security deficit. Such a risk assessment methodology, initially developed by the Swiss federal authorities, is illustrated by its application on a reach of the Alzette River (Luxembourg) in the framework of the IRMA-SPONGE FRHYMAP project. Flood risk assessment always involves a flood hazard analysis, an exposed object vulnerability analysis, and an analysis combing the results of these two previous analyses. The flood hazard analysis was done with the quasi-2D hydraulic model FldPln to produce flood intensity maps. Flood intensity was determined by the water height and velocity. Object data for the vulnerability analysis, provided by the Luxembourg government, were classified according to their potential damage. Potential damage is expressed in terms of direct, human life and secondary losses. A thematic map was produced to show the object classification. Protection goals were then attributed to the object classes. Protection goals are assigned in terms of an acceptable flood intensity for a certain flood frequency. This is where input from land use managers and politicians comes into play. The perception of risk in the re- gion or country influences the protection goal assignment. Protection goals as used in Switzerland were used in this project. Thematic maps showing the protection goals of each object in the case study area for a given flood frequency were produced. Com- parison between an object's protection goal and the intensity of the flood that touched the object determine the acceptability of the risk and the

  9. Automated procedure for performing computer security risk analysis

    International Nuclear Information System (INIS)

    Smith, S.T.; Lim, J.J.

    1984-05-01

    Computers, the invisible backbone of nuclear safeguards, monitor and control plant operations and support many materials accounting systems. Our automated procedure to assess computer security effectiveness differs from traditional risk analysis methods. The system is modeled as an interactive questionnaire, fully automated on a portable microcomputer. A set of modular event trees links the questionnaire to the risk assessment. Qualitative scores are obtained for target vulnerability, and qualitative impact measures are evaluated for a spectrum of threat-target pairs. These are then combined by a linguistic algebra to provide an accurate and meaningful risk measure. 12 references, 7 figures

  10. RiskREP : risk-based security requirements elicitation and prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  11. Cost estimation of thermal and nuclear power using annual securities report

    International Nuclear Information System (INIS)

    Matsuo, Yuji; Nagatomi, Yu; Murakami, Tomoko

    2011-01-01

    Cost estimation of generation cost derived from various power sources was widely conducted using model plant or annual securities report of electric utilities. Although annual securities report method was subjected to some limitation in methodology itself, useful information was obtained for cost comparison of thermal and nuclear power. Studies on generation cost evaluation of thermal and nuclear power based on this method during past five years showed that nuclear power cost was almost stable 7 Yen/kWh and thermal power cost was varying 9 - 12 Yen/kWh dependent on violent fluctuations of primary energy cost. Nuclear power was expected cost increase due to enhanced safety requirements or damage compensation of accidents as well as decommissioning and back-end cost, which were difficult to evaluate accurately with annual securities report. Further comprehensive and accurate cost estimation should be encouraged including these items. (T. Tanaka)

  12. Cyber Security Risk Assessment for the KNICS Safety Systems

    International Nuclear Information System (INIS)

    Lee, C. K.; Park, G. Y.; Lee, Y. J.; Choi, J. G.; Kim, D. H.; Lee, D. Y.; Kwon, K. C.

    2008-01-01

    In the Korea Nuclear I and C Systems Development (KNICS) project the platforms for plant protection systems are developed, which function as a reactor shutdown, actuation of engineered safety features and a control of the related equipment. Those are fully digitalized through the use of safety-grade programmable logic controllers (PLCs) and communication networks. In 2006 the Regulatory Guide 1.152 (Rev. 02) was published by the U.S. NRC and it describes the application of a cyber security to the safety systems in the Nuclear Power Plant (NPP). Therefore it is required that the new requirements are incorporated into the developed platforms to apply to NPP, and a cyber security risk assessment is performed. The results of the assessment were input for establishing the cyber security policies and planning the work breakdown to incorporate them

  13. The thermal relay design to improve power system security for the HTS cables in Icheon substation

    International Nuclear Information System (INIS)

    Lee, Hansang; Yang, Byeong-Mo; Jang, Gilsoo

    2013-01-01

    Highlights: •It is important to study thermal characteristics of the HTS cable. •The thermal relay in the Icheon substation has been developed. •Well-designed thermal relay has been verified through PSCAD/EMTDC simulations. -- Abstract: This paper proposes a model for thermal protection relay for the high temperature superconducting (HTS) cables and thermal protection scheme in Icheon substation in Korea. The thermal protection is one of the most important factors to guarantee the reliability of the HTS cable as well as power system security. The superconductivity of the HTS cables, which can be guaranteed by the liquid nitrogen near 70 K, can be threatened by the large fault current. To avoid the overheating in HTS cable and to secure the power system operation with the HTS cable, the thermal protection relay should be considered. To find the optimal thermal-protection scheme, the model for the superconducting power system has been achieved in Icheon substation and the thermal protection scheme has been verified through PSCAD/EMTDC simulation

  14. The thermal relay design to improve power system security for the HTS cables in Icheon substation

    Energy Technology Data Exchange (ETDEWEB)

    Lee, Hansang, E-mail: hslee80@kiu.ac.kr [School of Railway and Electrical Engineering, Kyungil University, Hayang-eup, Gyeongsan-si, Gyeongsangbuk-do 712-701 (Korea, Republic of); Yang, Byeong-Mo [Korea Electric Power Research Institute, Munji-dong, Yuseong-gu, Daejeon 305-760 (Korea, Republic of); Jang, Gilsoo, E-mail: gjang@korea.ac.kr [School of Electrical Engineering, Korea University, Anam-dong 5-ga, Seongbuk-gu, Seoul 136-713 (Korea, Republic of)

    2013-11-15

    Highlights: •It is important to study thermal characteristics of the HTS cable. •The thermal relay in the Icheon substation has been developed. •Well-designed thermal relay has been verified through PSCAD/EMTDC simulations. -- Abstract: This paper proposes a model for thermal protection relay for the high temperature superconducting (HTS) cables and thermal protection scheme in Icheon substation in Korea. The thermal protection is one of the most important factors to guarantee the reliability of the HTS cable as well as power system security. The superconductivity of the HTS cables, which can be guaranteed by the liquid nitrogen near 70 K, can be threatened by the large fault current. To avoid the overheating in HTS cable and to secure the power system operation with the HTS cable, the thermal protection relay should be considered. To find the optimal thermal-protection scheme, the model for the superconducting power system has been achieved in Icheon substation and the thermal protection scheme has been verified through PSCAD/EMTDC simulation.

  15. Risk assessment for sustainable food security in China according to integrated food security--taking Dongting Lake area for example.

    Science.gov (United States)

    Qi, Xiaoxing; Liu, Liming; Liu, Yabin; Yao, Lan

    2013-06-01

    Integrated food security covers three aspects: food quantity security, food quality security, and sustainable food security. Because sustainable food security requires that food security must be compatible with sustainable development, the risk assessment of sustainable food security is becoming one of the most important issues. This paper mainly focuses on the characteristics of sustainable food security problems in the major grain-producing areas in China. We establish an index system based on land resources and eco-environmental conditions and apply a dynamic assessment method based on status assessments and trend analysis models to overcome the shortcomings of the static evaluation method. Using fuzzy mathematics, the risks are categorized into four grades: negligible risk, low risk, medium risk, and high risk. A case study was conducted in one of China's major grain-producing areas: Dongting Lake area. The results predict that the status of the sustainable food security in the Dongting Lake area is unsatisfactory for the foreseeable future. The number of districts at the medium-risk range will increase from six to ten by 2015 due to increasing population pressure, a decrease in the cultivated area, and a decrease in the effective irrigation area. Therefore, appropriate policies and measures should be put forward to improve it. The results could also provide direct support for an early warning system-which could be used to monitor food security trends or nutritional status so to inform policy makers of impending food shortages-to prevent sustainable food security risk based on some classical systematic methods. This is the first research of sustainable food security in terms of risk assessment, from the perspective of resources and the environment, at the regional scale.

  16. AUTOCHTHONOUS APPROACHING IN THE MANAGEMENT OF THE SECURITY RISK

    Directory of Open Access Journals (Sweden)

    Burtescu Emil

    2008-05-01

    Full Text Available An optimal management for a corporation, no matter what size the corporation is, it must contain the management of the security risk. On the importance that is given to the risk management can depend the well functioning of the corporation. An important role in this process has the owner of the business and the way that this one understands the risk. A good understanding of the risk by the owner will have as effect the allocation of sufficient funds to implement controls meant to bring the risk level in order to be an acceptable one. The autochthonous corporations, in a great part even because of the inexistence of reglementations in this domain, have an empiric approach of the phenomena.

  17. Using Financial Instruments to Transfer the Information Security Risks

    OpenAIRE

    Pankaj Pandey; Einar Snekkenes

    2016-01-01

    For many individuals and organizations, cyber-insurance is the most practical and only way of handling a major financial impact of an information security event. However, the cyber-insurance market suffers from the problem of information asymmetry, lack of product diversity, illiquidity, high transaction cost, and so on. On the other hand, in theory, capital market-based financial instruments can provide a risk transfer mechanism with the ability to absorb the adverse impact of an information...

  18. Information security risk management and incompatible parts of organization

    OpenAIRE

    Talabeigi, Elham; Naeeini, Seyyed Gholamreza Jalali

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in...

  19. A review of game theory approach to cyber security risk management

    African Journals Online (AJOL)

    A review of game theory approach to cyber security risk management. ... This paper presents a review of game theoretic-based model for cyber security risk management. Specifically, issues on ... AJOL African Journals Online. HOW TO USE ...

  20. Information security risk management and incompatible parts of organization

    Directory of Open Access Journals (Sweden)

    Elham Talabeigi

    2016-11-01

    Full Text Available Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value:  The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  1. Information security risk management and incompatible parts of organization

    Energy Technology Data Exchange (ETDEWEB)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-07-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  2. Information security risk management and incompatible parts of organization

    International Nuclear Information System (INIS)

    Talabeigi, E.; Naeeini, S.G.J.

    2016-01-01

    Purpose: we prepared a questionnaire to evaluate Incompatible parts and also risk management in University of Science and Technology E-Learning Center and studying the Incompatible parts impacts on utility of organization. Design/methodology/approach: By using coalitional game theory we present a new model to recognize the degrees of incompatibility among independent divisions of an organization with dependent security assets. Based on positive and negative interdependencies in the parts, the model provides how the organization can decrease the security risks through non-cooperation rather than cooperation. we implement the proposed model of this paper by analyzing the data which have been provided by questionnaires from different three managers' ideas of Iran University of Science and Technology E-Learning Center located in Iran University of Science and Technology, Tehran, Iran. Findings: In general, by collecting data and analyzing them, the survey showed that Incompatible parts of organizations have negative impacts on utility of organization risk management process. Furthermore, it adds values to other organizations and provides the best practices in planning, developing, implementing and monitoring risk management in organizations. Research limitations/implications: Since Information security and also Risk Management are still areas which need to improve in some Iranian universities, we couldn’t consider them in our analysis. On the other hand, due to questionnaire limitation, the study’s sample size is 1. This size may be considered large for our statistical analysis. Originality/value: The main contribution of this paper is to propose a model for non-cooperation among a number of divisions in a organization and using risk management factors.

  3. Cyber security risk assessment for SCADA and DCS networks.

    Science.gov (United States)

    Ralston, P A S; Graham, J H; Hieb, J L

    2007-10-01

    The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

  4. A comprehensive Network Security Risk Model for process control networks.

    Science.gov (United States)

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

  5. Communicating Health Risks under Pressure: Homeland Security Applications

    International Nuclear Information System (INIS)

    Garrahan, K.G.; Collie, S.L.

    2006-01-01

    The U.S. Environmental Protection Agency's (EPA) Office of Research and Development (ORD) Threat and Consequence Assessment Division (TCAD) within the National Homeland Security Research Center (NHSRC) has developed a tool for rapid communication of health risks and likelihood of exposure in preparation for terrorist incidents. The Emergency Consequence Assessment Tool (ECAT) is a secure web-based tool designed to make risk assessment and consequence management faster and easier for high priority terrorist threat scenarios. ECAT has been designed to function as 'defensive play-book' for health advisors, first responders, and decision-makers by presenting a series of evaluation templates for priority scenarios that can be modified for site-specific applications. Perhaps most importantly, the risk communication aspect is considered prior to an actual release event, so that management or legal advisors can concur on general risk communication content in preparation for press releases that can be anticipated in case of an actual emergency. ECAT serves as a one-stop source of information for retrieving toxicological properties for agents of concern, estimating exposure to these agents, characterizing health risks, and determining what actions need to be undertaken to mitigate the risks. ECAT has the capability to be used at a command post where inputs can be checked and communicated while the response continues in real time. This front-end planning is intended to fill the gap most commonly identified during tabletop exercises: a need for concise, timely, and informative risk communication to all parties. Training and customization of existing chemical and biological release scenarios with modeling of exposure to air and water, along with custom risk communication 'messages' intended for public, press, shareholders, and other partners enable more effective communication during times of crisis. For DOE, the ECAT could serve as a prototype that would be amenable to

  6. Anticipating Interruptions. Security and risk in a liberalized electricity infrastructure

    Energy Technology Data Exchange (ETDEWEB)

    Silvast, A.

    2013-11-01

    During the past ten years, a number of social scientists have emphasized the importance of material infrastructures like electricity supply as a research topic for the social sciences. The developing of such new perspectives concerning infrastructures also includes uncertainties and risks. This research analyzes the management of uncertainties in the Finnish electricity infrastructure by posing the following research question: how are electricity interruptions, or blackouts, anticipated in Finland and how are these interruptions managed as risks? The main research methodology of the work is multi-sited field work. The empirical materials include interviews with experts and lay people (33 interviews); participant observation in two electricity control rooms; an electricity consumer survey (115 respondents); and also a number of infrastructure and security policy documents and observations from electricity security seminars. The materials were primarily gathered between 2004 and 2008. Social science research often links risks with major current social changes or socio-cultural risk perceptions. In recent international social science discussions, however, a new research topic has emerged - those styles of reasoning and techniques of governance that are deployed to manage risk as a practical matter. My study explores these themes empirically by focusing on the specific habitual practices of risk management in the Finnish electricity infrastructure. The work develops various also semi-ethnographic inquiries into infrastructure risk techniques like monitor screening of real-time risks in electricity control rooms; the management of risks in a liberalized electricity market; the emergence of Finnish reasoning about blackouts from a specific historical background; and the ways in which electricity consumers respond to blackouts in their homes. In addition, the work reflects upon the position of a risk researcher in those situations when the research subjects do not define

  7. Security Events and Vulnerability Data for Cybersecurity Risk Estimation.

    Science.gov (United States)

    Allodi, Luca; Massacci, Fabio

    2017-08-01

    Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastructure of an organization's security operation center to quantitatively estimate the probability of attack. Our methodology specifically addresses untargeted attacks delivered by automatic tools that make up the vast majority of attacks in the wild against users and organizations. We consider two-stage attacks whereby the attacker first breaches an Internet-facing system, and then escalates the attack to internal systems by exploiting local vulnerabilities in the target. Our methodology factors in the power of the attacker as the number of "weaponized" vulnerabilities he/she can exploit, and can be adjusted to match the risk appetite of the organization. We illustrate our methodology by using data from a large financial institution, and discuss the significant mismatch between traditional qualitative risk assessments and our quantitative approach. © 2017 Society for Risk Analysis.

  8. Security risks in nuclear waste management: Exceptionalism, opaqueness and vulnerability.

    Science.gov (United States)

    Vander Beken, Tom; Dorn, Nicholas; Van Daele, Stijn

    2010-01-01

    This paper analyses some potential security risks, concerning terrorism or more mundane forms of crime, such as fraud, in management of nuclear waste using a PEST scan (of political, economic, social and technical issues) and some insights of criminologists on crime prevention. Nuclear waste arises as spent fuel from ongoing energy generation or other nuclear operations, operational contamination or emissions, and decommissioning of obsolescent facilities. In international and EU political contexts, nuclear waste management is a sensitive issue, regulated specifically as part of the nuclear industry as well as in terms of hazardous waste policies. The industry involves state, commercial and mixed public-private bodies. The social and cultural dimensions--risk, uncertainty, and future generations--resonate more deeply here than in any other aspect of waste management. The paper argues that certain tendencies in regulation of the industry, claimed to be justified on security grounds, are decreasing transparency and veracity of reporting, opening up invisible spaces for management frauds, and in doing allowing a culture of impunity in which more serious criminal or terrorist risks could arise. What is needed is analysis of this 'exceptional' industry in terms of the normal cannons of risk assessment - a task that this paper begins. Copyright 2009 Elsevier Ltd. All rights reserved.

  9. Building Psychological Contracts in Security-Risk Environments

    DEFF Research Database (Denmark)

    Ramirez, Jacobo; Madero, Sergio; Vélez-Zapata, Claudia

    2015-01-01

    This paper examines the reciprocal obligations between employers and employees that are framed as psychological contracts in security-risk environments. A total of 30 interviews based on psychological contract frameworks, duty-of-care strategies in terms of human resource management (HRM) systems...... and the impacts of narcoterrorism on firms were conducted with human resources (HR) personnel, line managers and subordinates at eight national and multinational corporations (MNCs) with subsidiaries in Colombia and Mexico. Our findings generally support the existence of a relational psychological contract in our...... sample. Duty-of-care strategies based on both HRM systems and the sensitivities of HR personnel and line managers to the narcoterrorism context, in combination with both explicit and implicit security policies, tend to be the sources of the content of psychological contracts. We propose a psychological...

  10. Managing Security Risks in an Industrial Investment – Analysis Directions

    Directory of Open Access Journals (Sweden)

    Stefan Dragomir

    2016-05-01

    Full Text Available This paper achieved an analysis of some important management strategies for an investment, in correlation with index of global pollution. Environmental security assessment shall be determined taking into account the workplace security and effects on health, safety of workers in an industry investment. It is necessary to observe and collect a larger number of data generated by the development of an industrial process, so as to make a deep analysis on global pollution index and how it is affected industrial investment environment. This research shows how can the substances that infest the environment to produce much damage and influence the environmental factors (air, water, soil, landscape, fauna and flora. When we know the risks that characterize the plant equipment, we can protect the life and we can protect the environment for a sustainable development in the future.

  11. Security of Energy Supply - Indicators for Measuring Vulnerability and Risk

    International Nuclear Information System (INIS)

    Heinrich, C.

    2010-01-01

    In an era of increasing globalization, secure and affordable energy supplies are an essential requirement for economies to work, much less develop and grow in the long term. The present study, Energy security of supply - indicators for measuring vulnerability and risk, develops a broad methodical assessment concept to raise awareness among policy makers and the public regarding the vulnerability of energy supplies to potential energy crises. It explores the different aspects of vulnerability, from the primary energy level to energy infrastructure (storage, networks, power plant parks) to the efficiency and cost of energy consumption for end users. The individual characteristics of the formal concept were quantitatively evaluated for several OECD regions (Germany, UK, Sweden, Poland, Italy, France and the US) using a comprehensive empirical database and reduced to a single indicator for assessing energy supply vulnerability. Part of the database comprises historical observations for the period between 1978 and 2007.(author).

  12. [Occupational risks among public safety and security forces].

    Science.gov (United States)

    Candura, S M; Verni, P; Minelli, C M; Rosso, G L; Cappelli, M I; Strambi, S; Martellosio, V

    2006-01-01

    The present paper tries to identify the occupational risk factors (physical, chemical, biological, psychological), variable depending on jobs and tasks, to which the heterogeneous public safety/security workers are exposed. The fight against criminality and public order maintenance imply (sometimes fatal) traumatic risks, and expose to psychophysical and sensorial tiring, unfavourable macro- and microclimatic conditions, the risk of baropathy (air navigation, underwater activities), noise (generated by firearms and several other sources), vibrations and shakings (automatic weapons, transport vehicles), the risk of electric injury, ionizing (X and gamma rays) and non-inonizing (ultraviolet rays, microwaves and radiofrequencies, electromagnetic fields) radiations. Chemical hazards include carbon monoxide and other combustion products (fires, urban traffic), substances released in chemical accidents, tear gases, lead (firing grounds, metal works, environmental pollution), solvents, lubrificants and cutting oils (mechanic repair and maintenance), laboratory materials and reagents, irritant and/or sensitizing agents contained in gloves. The main biological risks are tetanus, blood-borne diseases (viral hepatitis, AIDS), aerogenous diseases (e.g., tuberculosis, Legionnaire's disease, epidemic cerebrospinal meningitis), dog- or horse-transmitted zoonosis. Finally, emotional, psychosomatic and behavioural stress-related disorders (e.g., burn-out syndrome, post-traumatic stress disorder) are typically frequent. The presence of numerous and diversified hazards among public safety/security forces imposes the adoption of occupational medicine measures, including risk assessment, health education, technical and environmental prevention, personal protective devices, sanitary surveillance and biological monitoring, clinical interventions (diagnosis, therapy and rehabilitation of occupational accidents and illnesses), prompt medico-legal evaluation of occupational

  13. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based Requirements Prioritization method (RiskREP) that extends misuse case-based methods with IT architecture based risk assessment and countermeasure definition and prioritization. Countermeasure prioritizati...

  14. Risk assessment of security systems based on entropy theory and the Neyman–Pearson criterion

    International Nuclear Information System (INIS)

    Lv, Haitao; Yin, Chao; Cui, Zongmin; Zhan, Qin; Zhou, Hongbo

    2015-01-01

    For a security system, the risk assessment is an important method to verdict whether its protection effectiveness is good or not. In this paper, a security system is regarded abstractly as a network by the name of a security network. A security network is made up of security nodes that are abstract functional units with the ability of detecting, delaying and responding. By the use of risk entropy and the Neyman–Pearson criterion, we construct a model to computer the protection probability of any position in the area where a security network is deployed. We provide a solution to find the most vulnerable path of a security network and the protection probability on the path is considered as the risk measure. Finally, we study the effect of some parameters on the risk and the breach protection probability of a security network. Ultimately, we can gain insight about the risk assessment of a security system. - Highlights: • A security system is regarded abstractly as a network made up of security nodes. • We construct a model to computer the protection probability provided by a security network. • We provide a better solution to find the most vulnerable path of a security network. • We build a risk assessment model for a security network based on the most vulnerable path

  15. Integrated homeland security system with passive thermal imaging and advanced video analytics

    Science.gov (United States)

    Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert

    2007-04-01

    A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection

  16. TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS

    OpenAIRE

    Sen-Tarng Lai

    2015-01-01

    E-commerce is an important information system in the network and digital age. However, the network intrusion, malicious users, virus attack and system security vulnerabilities have continued to threaten the operation of the e-commerce, making e-commerce security encounter serious test. How to improve ecommerce security has become a topic worthy of further exploration. Combining routine security test and security event detection procedures, this paper proposes the Two-Layer Secure ...

  17. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    OpenAIRE

    Jinsoo Shin; Hanseong Son; Gyunyoung Heo

    2017-01-01

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluatio...

  18. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2011-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, we present a Risk-Based

  19. Risks and threats of tax state security and methods of their neutralization

    Directory of Open Access Journals (Sweden)

    Y.V. Lebedzevych

    2016-12-01

    Full Text Available The article substantiates the relevance of the study to ensure security of the state tax. Scientists studied different approaches to defining the essence of the concept of "security tax" on the key features that would satisfy the interests of all subjects of tax relations and the necessity of legal consolidation of this concept. Analyzed the economic, social and legal nature of the existence of the security tax, identified key indicators of fiscal security of Ukraine. To determine the effectiveness of the tax administration in the interests of the tax security highlights the main threats, tax security risks caused by external and internal factors, and propose measures for their elimination and prevent the possibility of their occurrence. The stages of tax risk management with effective building security tax, designed structurally-logic of the tax risk management security.

  20. A cooperative model for IS security risk management in distributed environment.

    Science.gov (United States)

    Feng, Nan; Zheng, Chundong

    2014-01-01

    Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

  1. A Dual Perspective on Risks and Security Within Research Assistantships

    Directory of Open Access Journals (Sweden)

    Johannes Petrus Rossouw

    2013-01-01

    Full Text Available Although research assistantships are considered research learning venues in graduate education, there is a scarcity of literature that examines ethical elements attached to the employment of graduate student research assistants or the position of their research supervisors. This article explores the need to implement formal regulations specific to research assistantships in order to increase security and decrease risks for research assistants and research supervisors. Relationships between research assistants and research supervisors have some similarities with regular employment relationships; yet some distinct differences arise due to the educational and developmental nature of research assistantships. The article is written from a dual perspective reflecting the authors’ roles (a research supervisor and a research assistant, respectively and institutional locations (Faculties of Education in South Africa and Canada. The authors draw from existing literature, an analysis of institutional policies and practices at their universities, and their personal and professional experiences to illustrate risks that research assistants and their supervisors may face within research assistantships. They assess the extent to which existing and proposed policies and practices influence working conditions and safeguard experiences within graduate research assistantships. The findings reveal that research assistantships are a unique form of employment focused on educational and professional development that requires specific documentation of expected standards of practice. The authors argue that lack of clear regulations exposes both parties to unnecessary risks and offer recommendations for creating a “Standards of Good Practice” document that will be useful for individuals engaged in research assistantships.

  2. HOW TO CALCULATE INFORMATION VALUE FOR EFFECTIVE SECURITY RISK ASSESSMENT

    Directory of Open Access Journals (Sweden)

    Mario Sajko

    2006-12-01

    Full Text Available The actual problem of information security (infosec risk assessment is determining the value of information property or asset. This is particularly manifested through the use of quantitative methodology in which it is necessary to state the information value in quantitative sizes. The aim of this paper is to describe the evaluation possibilities of business information values, and the criteria needed for determining importance of information. For this purpose, the dimensions of information values will be determined and the ways used to present the importance of information contents will be studied. There are two basic approaches that can be used in evaluation: qualitative and quantitative. Often they are combined to determine forms of information content. The proposed criterion is the three-dimension model, which combines the existing experiences (i.e. possible solutions for information value assessment with our own criteria. An attempt for structuring information value in a business environment will be made as well.

  3. INFORMATION SECURITY RISKS OPTIMIZATION IN CLOUDY SERVICES ON THE BASIS OF LINEAR PROGRAMMING

    Directory of Open Access Journals (Sweden)

    I. A. Zikratov

    2013-01-01

    Full Text Available The paper discusses theoretical aspects of secure cloud services creation for information processing of various confidentiality degrees. A new approach to the reasoning of information security composition in distributed computing structures is suggested, presenting the problem of risk assessment as an extreme problem of decisionmaking. Linear programming method application is proved to minimize the risk of information security for given performance security in compliance with the economic balance for the maintenance of security facilities and cost of services. An example is given to illustrate the obtained theoretical results.

  4. Information Security for Business: the Necessity of Reputational Risk Management

    Directory of Open Access Journals (Sweden)

    Vitaly Eduardovich Dorokhov

    2015-06-01

    Full Text Available The article presents the analysis of actual information security problems in commercial segment. The main directions in regulations of the Russian Federation connected with information security assurance are defined. The results indicate the insufficiency of legal regulation in prevention of reputational losses due to information security incidents

  5. Information security risk management for computerized health information systems in hospitals: a case study of Iran.

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

  6. Information security risk management for computerized health information systems in hospitals: a case study of Iran

    Science.gov (United States)

    Zarei, Javad; Sadoughi, Farahnaz

    2016-01-01

    Background In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran. Materials and methods This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health. Results Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals. Conclusion Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. PMID:27313481

  7. Video calls from lay bystanders to dispatch centers - risk assessment of information security.

    Science.gov (United States)

    Bolle, Stein R; Hasvold, Per; Henriksen, Eva

    2011-09-30

    Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

  8. a review of game theory approach to cyber security risk management

    African Journals Online (AJOL)

    HOD

    Keywords: Cyber Security, Risk Management, Game Theory, Model. 1. INTRODUCTION. Risk is ... behaviors. This implies they are triggered by self- motivated goal .... embrace diligence verification of the recipient of the email as well as lack of ...

  9. Risk management and security services interaction--a must in today's health care environment.

    Science.gov (United States)

    Stultz, M S

    1990-01-01

    The author shows why risk managers and security directors are natural partners in the effort of a hospital to reduce risks from such occurrences as baby kidnappings, serial killers, thefts, and rapes/sexual assaults.

  10. Russian spent marine fuel as a global security risk

    International Nuclear Information System (INIS)

    Gussgard, K.; Reistad, O.

    2001-01-01

    Russian marine fuel is a trans-national security concern. This paper focuses on specific technical properties of Russian marine nuclear fuel especially relevant for evaluating different aspects on nuclear proliferation, in addition to risks associated with regional environmental degradation and illegal diversion of radiological substances. Russian fresh fuel for marine reactors has been involved in several significant cases of illicit trafficking of special nuclear materials. The amount and quality of nuclear materials in Russian spent marine fuel give also reason for concern. Not less than 200 marine reactor cores are ready for having their spent fuel unloaded and preliminary stored on shore in the Far East and North West of Russia, and large amounts of spent naval fuel have been stored at Russian military bases for decades. In order to assess the security risks associated with Russian spent marine fuel, this paper discusses the material attractiveness of spent fuel from all types of Russian marine reactors. The calculations are based on a model of a light water moderated Russian icebreaker reactor. The computer tool HELIOS, used for modelling the reactor and the reactor operations, has been extensively qualified by comparisons with experimental data and international benchmark problems for reactor physics codes as well as through feedback from applications. Some of these benchmarks and studies include fuel enrichments up to 90% in Russian marine reactors. Several fuel data cases are discussed in the paper, focusing especially on: 1) early fuel designs with low initial enrichment; 2) more modern fuel designs used in third and fourth generation of Russian submarines probably with intermediate enriched fuel; and 3) marine fuel with initial enrichment levels close to weapons-grade material. In each case the fuel has been burned until k eff has reached below 1. Case 1) has been evaluated, the calculations made as basis for this paper have concentrated on fuel with

  11. The Concepts of Risk, Safety, and Security: Applications in Everyday Language.

    Science.gov (United States)

    Boholm, Max; Möller, Niklas; Hansson, Sven Ove

    2016-02-01

    The concepts of risk, safety, and security have received substantial academic interest. Several assumptions exist about their nature and relation. Besides academic use, the words risk, safety, and security are frequent in ordinary language, for example, in media reporting. In this article, we analyze the concepts of risk, safety, and security, and their relation, based on empirical observation of their actual everyday use. The "behavioral profiles" of the nouns risk, safety, and security and the adjectives risky, safe, and secure are coded and compared regarding lexical and grammatical contexts. The main findings are: (1) the three nouns risk, safety, and security, and the two adjectives safe and secure, have widespread use in different senses, which will make any attempt to define them in a single unified manner extremely difficult; (2) the relationship between the central risk terms is complex and only partially confirms the distinctions commonly made between the terms in specialized terminology; (3) whereas most attempts to define risk in specialized terminology have taken the term to have a quantitative meaning, nonquantitative meanings dominate in everyday language, and numerical meanings are rare; and (4) the three adjectives safe, secure, and risky are frequently used in comparative form. This speaks against interpretations that would take them as absolute, all-or-nothing concepts. © 2015 Society for Risk Analysis.

  12. 28 CFR 105.11 - Individuals not requiring a security risk assessment.

    Science.gov (United States)

    2010-07-01

    ... requiring a security risk assessment. (a) Citizens and nationals of the United States. A citizen or national... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Individuals not requiring a security risk assessment. 105.11 Section 105.11 Judicial Administration DEPARTMENT OF JUSTICE (CONTINUED) CRIMINAL HISTORY...

  13. Development of an Automated Security Risk Assessment Methodology Tool for Critical Infrastructures.

    Energy Technology Data Exchange (ETDEWEB)

    Jaeger, Calvin Dell; Roehrig, Nathaniel S.; Torres, Teresa M.

    2008-12-01

    This document presents the security automated Risk Assessment Methodology (RAM) prototype tool developed by Sandia National Laboratories (SNL). This work leverages SNL's capabilities and skills in security risk analysis and the development of vulnerability assessment/risk assessment methodologies to develop an automated prototype security RAM tool for critical infrastructures (RAM-CITM). The prototype automated RAM tool provides a user-friendly, systematic, and comprehensive risk-based tool to assist CI sector and security professionals in assessing and managing security risk from malevolent threats. The current tool is structured on the basic RAM framework developed by SNL. It is envisioned that this prototype tool will be adapted to meet the requirements of different CI sectors and thereby provide additional capabilities.

  14. Mitigating Thermal Runaway Risk in Lithium Ion Batteries

    Science.gov (United States)

    Darcy, Eric; Jeevarajan, Judy; Russell, Samuel

    2014-01-01

    The JSC/NESC team has successfully demonstrated Thermal Runaway (TR) risk reduction in a lithium ion battery for human space flight by developing and implementing verifiable design features which interrupt energy transfer between adjacent electrochemical cells. Conventional lithium ion (li-Ion) batteries can fail catastrophically as a result of a single cell going into thermal runaway. Thermal runaway results when an internal component fails to separate electrode materials leading to localized heating and complete combustion of the lithium ion cell. Previously, the greatest control to minimize the probability of cell failure was individual cell screening. Combining thermal runaway propagation mitigation design features with a comprehensive screening program reduces both the probability, and the severity, of a single cell failure.

  15. FlySec: a risk-based airport security management system based on security as a service concept

    Science.gov (United States)

    Kyriazanos, Dimitris M.; Segou, Olga E.; Zalonis, Andreas; Thomopoulos, Stelios C. A.

    2016-05-01

    Complementing the ACI/IATA efforts, the FLYSEC European H2020 Research and Innovation project (http://www.fly-sec.eu/) aims to develop and demonstrate an innovative, integrated and end-to-end airport security process for passengers, enabling a guided and streamlined procedure from the landside to airside and into the boarding gates, and offering for an operationally validated innovative concept for end-to-end aviation security. FLYSEC ambition turns through a well-structured work plan into: (i) innovative processes facilitating risk-based screening; (ii) deployment and integration of new technologies and repurposing existing solutions towards a risk-based Security paradigm shift; (iii) improvement of passenger facilitation and customer service, bringing security as a real service in the airport of tomorrow;(iv) achievement of measurable throughput improvement and a whole new level of Quality of Service; and (v) validation of the results through advanced "in-vitro" simulation and "in-vivo" pilots. On the technical side, FLYSEC achieves its ambitious goals by integrating new technologies on video surveillance, intelligent remote image processing and biometrics combined with big data analysis, open-source intelligence and crowdsourcing. Repurposing existing technologies is also in the FLYSEC objectives, such as mobile application technologies for improved passenger experience and positive boarding applications (i.e. services to facilitate boarding and landside/airside way finding) as well as RFID for carry-on luggage tracking and quick unattended luggage handling. In this paper, the authors will describe the risk based airport security management system which powers FLYSEC intelligence and serves as the backend on top of which FLYSEC's front end technologies reside for security services management, behaviour and risk analysis.

  16. Reducing risks to food security from climate change

    DEFF Research Database (Denmark)

    Campbell, Bruce Morgan; Vermeulen, Sonja Joy; Aggarwal, Pramod

    2016-01-01

    , with very little attention paid to more systems components of cropping, let alone other dimensions of food security. Given the serious threats to food security, attention should shift to an action-oriented research agenda, where we see four key challenges: (a) changing the culture of research; (b) deriving...

  17. Beyond sectors, before the world : Finance, security and risk

    NARCIS (Netherlands)

    Kessler, Oliver

    While security and finance are certainly different social spheres, the fact that we can detect similar shifts in both points to the existence of something that precedes these 'realities'. If finance and security are said to be different, intertwined and related, the question then arises as to what

  18. Risk and business goal based security requirement and countermeasure prioritization

    NARCIS (Netherlands)

    Herrmann, A.; Morali, A.; Etalle, S.; Wieringa, R.J.; Niedrite, L.; Strazdina, R.; Wangler, B.

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. Currently companies achieve this by means of

  19. Designing a Physical Security System for Risk Reduction in a Hypothetical Nuclear Facility

    International Nuclear Information System (INIS)

    Saleh, A.A.; Abd Elaziz, M.

    2017-01-01

    Physical security in a nuclear facility means detection, prevention and response to threat, the ft, sabotage, unauthorized access and illegal transfer involving radioactive and nuclear material. This paper proposes a physical security system designing concepts to reduce the risk associated with variant threats to a nuclear facility. This paper presents a study of the unauthorized removal and sabotage in a hypothetical nuclear facility considering deter, delay and response layers. More over, the study involves performing any required upgrading to the security system by investigating the nuclear facility layout and considering all physical security layers design to enhance the weakness for risk reduction

  20. Management of information security risks in a federal public institution: a case study

    Directory of Open Access Journals (Sweden)

    Jackson Gomes Soares Souza

    2016-11-01

    Full Text Available Public institutions bound to the Brazilian federal public sector must apply security measures, policies, procedures and guidelines as information assets protection measures. This case study sought to determine whether the management of information security risks is applied in a federal public institution according to Information Technology (I.T. managers perceptions and the results expose the importance of the roles played by people, responsibilities, policies, standards, procedures and their implementation aiming greater control of information security risks and opportunities related to information technology security.

  1. Reducing security risk using data loss prevention technology.

    Science.gov (United States)

    Beeskow, John

    2015-11-01

    Data loss/leakage protection (DLP) technology seeks to improve data security by answering three fundamental questions: > Where are confidential data stored? > Who is accessing the information? > How are data being handled?

  2. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    OpenAIRE

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    2012-01-01

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justificat...

  3. Exploring public perceptions of energy security risks in the UK

    International Nuclear Information System (INIS)

    Demski, Christina; Poortinga, Wouter; Pidgeon, Nick

    2014-01-01

    Along with climate change and affordability, concerns about energy security are key drivers behind proposals for major energy system change in the UK and numerous other countries. Unlike climate change we know very little about how the public thinks and feels about this aspect of sustainability and energy policy. Beyond engaging critically with conceptual and theoretical discussions, empirical data from two surveys (Cardiff postal survey, N=520; online UK survey, N=499) using a ten item energy security scale are presented and discussed. Here we show that aspects of energy security are certainly of concern to the UK public, with particularly high concern around dependence on fossil fuels/imports and relatively lower expressed concern for actual disruption of energy supply. However public concerns around energy security are only emerging, and likely to change depending on the context in which it is discussed (e.g. in comparison to climate change). In addition, findings from public interviews are used to further contextualise the survey findings, showing unfamiliarity among the UK public with regards to the term “energy security”. We discuss implications, and further work that would be useful for understanding public perceptions in more depth. - highlights: • Exploring public views on energy security using a 10 item scale. • Concerns over energy security is relatively high but susceptible to framing. • Patterns of concern for different energy security aspects examined. • The term energy security is unfamiliar, only an emerging concern among UK publics. • Further discussion on the meanings and implications of these perceptions

  4. Overseas Risks to China’s Energy Security and Potential Countermeasures

    Directory of Open Access Journals (Sweden)

    Chi Zhang

    2014-12-01

    Full Text Available This article discusses the overseas risks to China’s energy security and provides suggestions for how to safeguard China’s energy security. The key to China’s energy security is supply security. This means obtaining enough and continued energy supply at affordable prices which can be divided into two factors: one is purchasing energy at reasonable prices; the other is having uninterrupted energy import. Accordingly, the major overseas challenges to China’s energy security are the surging international oil prices and the problem of safeguarding energy imports. There are both merits and shortcomings to the energy security concept of realism and that of neo-liberalism. Suggestions for how to secure China’s energy supply should be based on China’s conditions as well as a critique of the two theoretical perspectives and should include three aspects: energy diplomacy, military development and strategic oil reserves.

  5. Airports at Risk: The Impact of Information Sources on Security Decisions

    OpenAIRE

    Kirschenbaum, Avi; Mariani, Michele; Van Gulijk, Coen; Rapaport, Carmit; Lubasz, Sharon

    2012-01-01

    Security decisions in high risk organizations such as airports involve obtaining ongoing and frequent information about potential threats. Utilizing questionnaire survey data from a sample of airport\\ud employees in European Airports across the continent, we analyzed \\ud how both formal and informal sources of security information affect employee's decisions to comply with the security rules and\\ud directives. This led us to trace information network flows to assess its impact on the degree e...

  6. Network Security Risk Assessment System Based on Attack Graph and Markov Chain

    Science.gov (United States)

    Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

    2017-10-01

    Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

  7. Lethal stakes: rig-hand killings show rising security risks abroad

    International Nuclear Information System (INIS)

    Lorenz, A.

    1999-01-01

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards

  8. Lethal stakes: rig-hand killings show rising security risks abroad

    Energy Technology Data Exchange (ETDEWEB)

    Lorenz, A

    1999-05-03

    The increasing demands for protection money from foreign exploration and pipeline construction companies by left-wing guerrilla groups in various South American countries led to greater attention being focused on security services. This paper discusses the various alternatives to consider when choosing a security service. The experience of a Canadian pipeline company with projects in South America, and in need of security services, is described. The company felt that it was important that the security firm have a Calgary presence. It ended up hiring Calgary Protection Concepts Corporation, which is run by former Canadian police and intelligence officers, who provide a wide range of security services. Staff spend time in the country involved to look over the local security situation, develop contacts with local intelligence officers, and contract overseas agents who arrange for bodyguards, escorts and armored cars. ProCon also helps companies develop crisis management plans, guiding senior personnel through scenarios such as kidnapping, extortion and civil strife. ProCon also has a 24-hour emergency assistance call centre to provide immediate advice, to notify personnel and family members and to monitor the situation. Trust is key to hiring an outside security service since the security firm becomes party to extremely confidential information. Top security firms usually specialize in either security work or political risk analysis, but not both. The reason for this is that there are big differences in mentality, training and capabilities between studying risks and actively guarding against hazards.

  9. Safety Risk Management for Homeland Defense and Security Responders

    National Research Council Canada - National Science Library

    Meyers, Tommey H

    2005-01-01

    .... Coast Guard and the U.S. Navy. This revealed that Operational Risk Management (ORM), a risk-based decision-making tool that systematically balances risk and mission completion, and Crew Resource Management (CRM...

  10. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    NARCIS (Netherlands)

    Chockalingam, Sabarathinam; Hadziosmanovic, D.; Pieters, Wolter; Texeira, Andre; van Gelder, Pieter

    2016-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by

  11. Coping with global environmental change, disasters and security: threats, challenges, vulnerabilities and risks

    NARCIS (Netherlands)

    Brauch, H.G.; Oswald Spring, Ú.; Mesjasz, C.; Grin, J.; Kameri-Mbote, P.; Chourou, B.; Dunay, P.; Birkmann, J.

    2011-01-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10

  12. Security risks associated with radio frequency identification in medical environments.

    Science.gov (United States)

    Hawrylak, Peter J; Schimke, Nakeisha; Hale, John; Papa, Mauricio

    2012-12-01

    Radio frequency identification (RFID) is a form of wireless communication that is used to identify assets and people. RFID has significant benefits to the medical environment. However, serious security threats are present in RFID systems that must be addressed in a medical environment. Of particular interest are threats to patient privacy and safety based on interception of messages, interruption of communication, modification of data, and fabrication of messages and devices. This paper presents an overview of these security threats present in RFID systems in a medical environment and provides guidance on potential solutions to these threats. This paper provides a roadmap for researchers and implementers to address the security issues facing RFID in the medical space.

  13. Remodeling Strategic Staff Safety and Security Risks Management in Nigerian Tertiary Institutions

    Directory of Open Access Journals (Sweden)

    Sunday S. AKPAN

    2015-10-01

    Full Text Available This paper examined safety and security risk management in tertiary institutions in Nigeria. The frequent attacks at workplace, especially schools, have placed safety and security in the front burner of discussion in both business and political circles. This therefore, forms the imperative for the conduct of this study. The work adopted a cross sectional survey research design and collected data from respondents who are security personnel of the University of Uyo. Analysis of data was done with simple percentage statistics while the research hypotheses were tested with mean and simple regression and correlation statistics. The findings of the study revealed that assassination, kidnappings and bombings were principal risk incidents threatening the safety and security of staff in University of Uyo. A significant positive relationship was found between the funding of security management and workers’ performance. It was discovered specifically that employment screening, regular training of security personnel, regular safety and security meetings and strategic security policy formation were the main strategies for managing safety and security in University of Uyo. The paper concluded that safety and security management and control involves every worker (management and staff of University of Uyo. It was recommended, among others, that management should be more committed to safety and security management in the University by means of making safety and security issues an integral part of University’s strategic plan and also by adopting the management line model – one form of management structure-where safety and security are located, with other general management responsibilities. This way, the resurgent cases of kidnapping, hired assassination, etc. would be reduced if not completely eradicated in the University.

  14. AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps

    OpenAIRE

    Chen, Sen; Meng, Guozhu; Su, Ting; Fan, Lingling; Xue, Yinxing; Liu, Yang; Xu, Lihua; Xue, Minhui; Li, Bo; Hao, Shuang

    2018-01-01

    Contemporary financial technology (FinTech) that enables cashless mobile payment has been widely adopted by financial institutions, such as banks, due to its convenience and efficiency. However, FinTech has also made massive and dynamic transactions susceptible to security risks. Given large financial losses caused by such vulnerabilities, regulatory technology (RegTech) has been developed, but more comprehensive security risk assessment is specifically desired to develop robust, scalable, an...

  15. Security risk assessment and protection in the chemical and process industry

    OpenAIRE

    Reniers, Genserik; van Lerberghe, Paul; van Gulijk, Coen

    2014-01-01

    This article describes a security risk assessment and protection methodology that was developed for use in the chemical- and process industry in Belgium. The approach of the method follows a risk-based approach that follows desing principles for chemical safety. That approach is beneficial for workers in the chemical industry because they recognize the steps in this model from familiar safety models .The model combines the rings-of-protection approach with generic security practices including...

  16. Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

    OpenAIRE

    Chockalingam, Sabarathinam; Hadziosmanovic, Dina; Pieters, Wolter; Teixeira, Andre; van Gelder, Pieter

    2017-01-01

    Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic l...

  17. Security, Privacy, Threats and Risks in Cloud Computing ― A Vital Review

    OpenAIRE

    Goyal, Sumit

    2016-01-01

    Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (p...

  18. The threat nets approach to information system security risk analysis

    NARCIS (Netherlands)

    Mirembe, Drake

    2015-01-01

    The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security

  19. Automated analysis of security requirements through risk-based argumentation

    NARCIS (Netherlands)

    Yu, Yijun; Nunes Leal Franqueira, V.; Tun, Thein Tan; Wieringa, Roelf J.; Nuseibeh, Bashar

    2015-01-01

    Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about

  20. Mitigating risks by integrating business continuity and security.

    Science.gov (United States)

    Shaw, Scott; Smith, Nicholas

    2010-11-01

    There has been much discussion regarding the topic of business continuity and security convergence. This paper provides a realistic overview of the union of the two disciplines and offers no/low-cost programme elements that may be used for organisations considering or in the midst of convergence efforts.

  1. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

    NARCIS (Netherlands)

    Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt

    Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently companies achieve this by means of

  2. Secure Multiparty Computation for Cooperative Cyber Risk Assessment

    Science.gov (United States)

    2016-11-01

    that the organizations can compute relevant statistics and analyses on the global infrastructure while still keeping the details of their local...mitigation. In Australasian Conference on Information Security and Privacy, pages 391–401. Springer Berlin Heidelberg, 2004. [5] Fabrizio Smeraldi and Pasquale

  3. Outage Risk Assessment and Management (ORAM) thermal-hydraulics toolkit

    International Nuclear Information System (INIS)

    Denny, V.E.; Wassel, A.T.; Issacci, F.; Pal Kalra, S.

    2004-01-01

    A PC-based thermal-hydraulic toolkit for use in support of outage optimization, management and risk assessment has been developed. This mechanistic toolkit incorporates simple models of key thermal-hydraulic processes which occur during an outage, such as recovery from or mitigation of outage upsets; this includes heat-up of water pools following loss of shutdown cooling, inadvertent drain down of the RCS, boiloff of coolant inventory, heatup of the uncovered core, and reflux cooling. This paper provides a list of key toolkit elements, briefly describes the technical basis and presents illustrative results for RCS transient behavior during reflux cooling, peak clad temperatures for an uncovered core and RCS response to loss of shutdown cooling. (author)

  4. National Security and the Accelerating Risks of Climate Change

    Science.gov (United States)

    2014-05-01

    there would be too much. Over the coming decades, projected climate change likely will cause Australia, portions of India , and much of inland China...significant potential water , food, and energy insecurity; political instability; extreme weather events; and other manifestations of climate change ...production, and human sustenance. In light of projected climate change , stresses on the water -food-energy nexus are a mounting security concern

  5. A decision support system for corporations cyber security risk management

    OpenAIRE

    Molina, Gabriela del Rocio Roldan

    2017-01-01

    This thesis presents a decision aiding system named C3-SEC (Contex-aware Corporative Cyber Security), developed in the context of a master program at Polytechnic Institute of Leiria, Portugal. The research dimension and the corresponding software development process that followed are presented and validated with an application scenario and case study performed at Universidad de las Fuerzas Armadas ESPE – Ecuador. C3-SEC is a decision aiding software intended to support cyber ri...

  6. Risk-Based Aviation Security: Diffusion and Acceptance

    Science.gov (United States)

    2012-03-01

    The authors 32 recommended use of DOI for builders of social networking sites to examine the attributes of the model to see how they...November 23, 2011, from http://www.stltoday.com/news/ multimedia /full-body- scanners-arrive-at-lambert-airport/image_898152d8-f8ac-5c61-8fd6...Department of Homeland Security: Progress report on implementation of mission and management functions (GAO-07-454). Retrieved August 31, 2011, from

  7. A review of cyber security risk assessment methods for SCADA systems

    OpenAIRE

    Cherdantseva, Yulia; Burnap, Peter; Blyth, Andrew; Eden, Peter; Jones, Kevin; Soulsby, Hugh; Stoddart, Kristan

    2016-01-01

    This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluat...

  8. MAVEN Information Security Governance, Risk Management, and Compliance (GRC): Lessons Learned

    Science.gov (United States)

    Takamura, Eduardo; Gomez-Rosa, Carlos A.; Mangum, Kevin; Wasiak, Fran

    2014-01-01

    As the first interplanetary mission managed by the NASA Goddard Space Flight Center, the Mars Atmosphere and Volatile EvolutioN (MAVEN) had three IT security goals for its ground system: COMPLIANCE, (IT) RISK REDUCTION, and COST REDUCTION. In a multiorganizational environment in which government, industry and academia work together in support of the ground system and mission operations, information security governance, risk management, and compliance (GRC) becomes a challenge as each component of the ground system has and follows its own set of IT security requirements. These requirements are not necessarily the same or even similar to each other's, making the auditing of the ground system security a challenging feat. A combination of standards-based information security management based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), due diligence by the Mission's leadership, and effective collaboration among all elements of the ground system enabled MAVEN to successfully meet NASA's requirements for IT security, and therefore meet Federal Information Security Management Act (FISMA) mandate on the Agency. Throughout the implementation of GRC on MAVEN during the early stages of the mission development, the Project faced many challenges some of which have been identified in this paper. The purpose of this paper is to document these challenges, and provide a brief analysis of the lessons MAVEN learned. The historical information documented herein, derived from an internal pre-launch lessons learned analysis, can be used by current and future missions and organizations implementing and auditing GRC.

  9. Spent Nuclear Fuel Transportation Risk Assessment Methodology for Homeland Security

    International Nuclear Information System (INIS)

    Teagarden, Grant A.; Canavan, Kenneth T.; Nickell, Robert E.

    2006-01-01

    In response to increased interest in risk-informed decision making regarding terrorism, EPRI was selected by U.S. DHS and ASME to develop and demonstrate a nuclear sector specific methodology for owner / operators to utilize in performing a Risk Analysis and Management for Critical Asset Protection (RAMCAP) assessment for the transportation of spent nuclear fuel (SNF). The objective is to characterize SNF transportation risk for risk management opportunities and to provide consistent information for DHS decision making. The method uses a characterization of risk as a function of Consequence, Vulnerability, and Threat. Worst reasonable case scenarios characterize risk for a benchmark set of threats and consequence types. A trial application was successfully performed and implementation is underway by one utility. (authors)

  10. Security Risk Assessment Process for UAS in the NAS CNPC Architecture

    Science.gov (United States)

    Iannicca, Dennis Christopher; Young, Daniel Paul; Suresh, Thadhani; Winter, Gilbert A.

    2013-01-01

    This informational paper discusses the risk assessment process conducted to analyze Control and Non-Payload Communications (CNPC) architectures for integrating civil Unmanned Aircraft Systems (UAS) into the National Airspace System (NAS). The assessment employs the National Institute of Standards and Technology (NIST) Risk Management framework to identify threats, vulnerabilities, and risks to these architectures and recommends corresponding mitigating security controls. This process builds upon earlier work performed by RTCA Special Committee (SC) 203 and the Federal Aviation Administration (FAA) to roadmap the risk assessment methodology and to identify categories of information security risks that pose a significant impact to aeronautical communications systems. A description of the deviations from the typical process is described in regards to this aeronautical communications system. Due to the sensitive nature of the information, data resulting from the risk assessment pertaining to threats, vulnerabilities, and risks is beyond the scope of this paper

  11. Risk, security and technology: governing football supporters in the twenty-first century

    NARCIS (Netherlands)

    Spaaij, R.

    2013-01-01

    This paper critically examines the security and risk management technologies that are being used to conduct and pre-empt the behaviour of football supporters. It is shown how, in the Netherlands, pre-emptive risk management in the governing of football supporters involves a dispersed and fragmented

  12. A Risk Management Process for Consumers: The Next Step in Information Security

    NARCIS (Netherlands)

    van Cleeff, A.

    2010-01-01

    Simply by using information technology, consumers expose themselves to considerable security risks. Because no technical or legal solutions are readily available, and awareness programs have limited impact, the only remedy is to develop a risk management process for consumers. Consumers need to

  13. National security and the accelerating risk of climate change

    Directory of Open Access Journals (Sweden)

    Lee Gunn

    2017-06-01

    Full Text Available Since 2006, retired U.S. admirals and generals have been examining our changing physical world and assessing the impact of those changes on the security of the nation. A Military Advisory Board (MAB, convened by the CNA Corporation, a non-profit research and analysis institution that operates the Center for Naval Analyses and Institute for Public Research has issued two reports on the changing climate’s national security implications. The first report, published in 2007, stated that the changing climate would be destabilizing in many parts of the world. Climate change, in fact, would be a “threat multiplier”, the report claimed, and result in new and more urgent calls for the American military to provide humanitarian assistance and disaster relief (HADR as well as help sustain order and ensure conditions that would permit trade and prosperity worldwide. The MAB recommended urgent action by the Defense Department to prepare for new missions in new places; and that the Defense Department explicitly recognize missions stemming from the changing climate. CNA’s MAB then published three reports on energy, relating to climate change, one each on: the coming age of renewables, the nation’s energy dependence, and the future of energy in terms of America’s international competitiveness (CNA-MAB, 2009; CNA-MAB, 2010; CNA-MAB, 2011. In 2014, the Military Advisory Board noted that the climate was changing more quickly than had been forecast in 2007. Undertaking a new climate study, the board concluded that more needed to be done, and done quickly, to prepare for and confront the “catalyst for conflict” that the board now saw in climate change. Guest Editors’ Note: The following commentary derives from a presentation by Vice Admiral Lee Gunn, U.S. Navy (Ret., delivered by invitation at the American Association for the Advancement of Science Meeting, San Jose, California, February 13, 2015. Prior to his advisory role for the U.S. Military and

  14. Interest Rate Risk Management and the Use of Derivative Securities

    Directory of Open Access Journals (Sweden)

    Ioana-Diana PĂUN

    2013-12-01

    Full Text Available This study aims to demonstrate the utility of derivative financial instruments for the management of interest rate risk that is faced by banks and financial institutions, and to provide an efficient flow of monitoring and control thereof. Banking institutions can now use a combination of balance sheet and off balance sheet measures, i.e. gap method, of interest rate risk management, in order to control exposure of short-term rates and derivatives to control the residual interest rate exposures. The result of the study shows that banks can achieve better diversification and risk management using derivatives.

  15. Thermal extremes mortality risk assessment in urban areas

    Directory of Open Access Journals (Sweden)

    Paulo Canário

    2010-06-01

    Full Text Available The impact of heat waves on mortality has been the subject of numerous studies and the focus of attention of various national and international governmental bodies. In the summer of 2003 alone, which was exceptionally hot, the number of deaths in 12 European countries increased by 70,000. The overall trend of warming will lead to an increase in frequency, duration and intensity of heat waves and to an increase in heat related mortality. The need to assess the risk of death due to extreme heat, at a detailed spatial scale, has determined the implementation of a research project based on a general model of risk for potentially destructive natural phenomena; the model uses the relationship between hazard and vulnerability and was designed primarily for urban areas. The major hazardous meteorological variables are those that determine the thermal complex (air temperature, radiative temperature, wind and humidity and the variables related to air quality (mainly ozone and Particulate matter. Vulnerability takes into account the population sensitivity (at various spatial scales and their exposure to thermal extremes.

  16. Homeland Security: A Risk Management Approach Can Guide Preparedness Efforts

    National Research Council Canada - National Science Library

    Decker, Raymond

    2001-01-01

    .... Mail and postal workers. As requested, my testimony will focus on the work we have done over the past five years on combating terrorism and our recommendations advocating a risk management approach for such programs...

  17. A Cyber Security Risk Assessment of Hospital Infrastructure including TLS/SSL and other Threats

    OpenAIRE

    Millar, Stuart

    2016-01-01

    Cyber threats traditionally target governments, financial institutions and businesses. However, of growing concern is the threat to healthcare organizations. This study conducts a cyber security risk assessment of a theoretical hospital environment, to include TLS/SSL, which is an encryption protocol for network communications, plus other physical, logical and human threats. Despite significant budgets in the UK for the NHS, the spend on cyber security appears worryingly low and many hospital...

  18. Integrating Security Risk Management into Business Process Management for the Cloud

    OpenAIRE

    Goettelmann , Elio; Mayer , Nicolas; Godart , Claude

    2014-01-01

    International audience; Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effect...

  19. Predictors of mother-child interaction quality and child attachment security in at-risk families.

    Science.gov (United States)

    De Falco, Simona; Emer, Alessandra; Martini, Laura; Rigo, Paola; Pruner, Sonia; Venuti, Paola

    2014-01-01

    Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  20. A total risk assessment methodology for security assessment

    International Nuclear Information System (INIS)

    Auilar, Richard; Pless, Daniel J.; Kaplan, Paul Garry; Silva, Consuelo Juanita; Rhea, Ronald Edward; Wyss, Gregory Dane; Conrad, Stephen Hamilton

    2009-01-01

    Sandia National Laboratories performed a two-year Laboratory Directed Research and Development project to develop a new collaborative risk assessment method to enable decision makers to fully consider the interrelationships between threat, vulnerability, and consequence. A five-step Total Risk Assessment Methodology was developed to enable interdisciplinary collaborative risk assessment by experts from these disciplines. The objective of this process is promote effective risk management by enabling analysts to identify scenarios that are simultaneously achievable by an adversary, desirable to the adversary, and of concern to the system owner or to society. The basic steps are risk identification, collaborative scenario refinement and evaluation, scenario cohort identification and risk ranking, threat chain mitigation analysis, and residual risk assessment. The method is highly iterative, especially with regard to scenario refinement and evaluation. The Total Risk Assessment Methodology includes objective consideration of relative attack likelihood instead of subjective expert judgment. The 'probability of attack' is not computed, but the relative likelihood for each scenario is assessed through identifying and analyzing scenario cohort groups, which are groups of scenarios with comparable qualities to the scenario being analyzed at both this and other targets. Scenarios for the target under consideration and other targets are placed into cohort groups under an established ranking process that reflects the following three factors: known targeting, achievable consequences, and the resources required for an adversary to have a high likelihood of success. The development of these target cohort groups implements, mathematically, the idea that adversaries are actively choosing among possible attack scenarios and avoiding scenarios that would be significantly suboptimal to their objectives. An adversary who can choose among only a few comparable targets and scenarios (a

  1. Cyber security risk evaluation of a nuclear I and C using BN and ET

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Dept. of Nuclear Engineering, Kyung Hee University, Yongin (Korea, Republic of); Son, Han Seong [Computer and Game Science, Joongbu University, Geumsan (Korea, Republic of)

    2017-04-15

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  2. Cyber security risk evaluation of a nuclear I and C using BN and ET

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Son, Han Seong

    2017-01-01

    Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks

  3. Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

    Directory of Open Access Journals (Sweden)

    Jinsoo Shin

    2017-04-01

    Full Text Available Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

  4. Effect of Steel Framing for Securing Drywall Panels on Thermal and Humidity Parameters of the Outer Walls

    Science.gov (United States)

    Major, Maciej; Kosiń, Mariusz

    2017-12-01

    The paper analyses the effect of steel framing used to secure drywall panels on thermal and humidity properties of outer walls. In the practice of building a light structure, the most popular components are steel and wood studs. They are used to obtain framing for building a wall (an outer wall in this study). Analysis presented in this study concerned the corner of the outer wall build using the technology of light steel framing. Computer simulation was used to perform thermal and humidity analysis for the joint of the outer wall.

  5. Effect of Steel Framing for Securing Drywall Panels on Thermal and Humidity Parameters of the Outer Walls

    Directory of Open Access Journals (Sweden)

    Major Maciej

    2017-12-01

    Full Text Available The paper analyses the effect of steel framing used to secure drywall panels on thermal and humidity properties of outer walls. In the practice of building a light structure, the most popular components are steel and wood studs. They are used to obtain framing for building a wall (an outer wall in this study. Analysis presented in this study concerned the corner of the outer wall build using the technology of light steel framing. Computer simulation was used to perform thermal and humidity analysis for the joint of the outer wall.

  6. Work-related violence against security guards--who is most at risk?

    Science.gov (United States)

    Leino, Tuula; Selin, Risto; Summala, Heikki; Virtanen, Marianna

    2011-01-01

    Studies on violence in the work of security guards are largely lacking. This study is unique in that it focuses on security guards (n=1,010) in Finland, and assesses the different forms, prevalence, and risk factors of the work-related violence they often face. Information to a survey instrument was obtained by first interviewing 30 volunteers. Then we made a cross-sectional mailed survey that was sent to a randomized group of 2,000 security guards. The response rate was 52. We found the prevalence of verbal aggression, threats of assault, and physical acts against security guards at least once a month to be 39%, 19%, and 15% respectively. As regards risk factors and who is most at risk, our results show that male gender, young age, low work experience, late working hours, and time pressure were associated with all three forms of work-related violence. Unlike other forms of violence, verbal aggression was highly prevalent outside the metropolitan area and directed towards both more and less experienced security guards. In prevention policies for violence, it is important to identify high-risk groups such as those who have less work experience.

  7. Risk-based security cost-benefit analysis: method and example applications - 59381

    International Nuclear Information System (INIS)

    Wyss, Gregory; Hinton, John; Clem, John; Silva, Consuelo; Duran, Felicia A.

    2012-01-01

    Document available in abstract form only. Full text of publication follows: Decision makers wish to use risk-based cost-benefit analysis to prioritize security investments. However, understanding security risk requires estimating the likelihood of attack, which is extremely uncertain and depends on unquantifiable psychological factors like dissuasion and deterrence. In addition, the most common performance metric for physical security systems, probability of effectiveness at the design basis threat [P(E)], performs poorly in cost-benefit analysis. It is extremely sensitive to small changes in adversary characteristics when the threat is near a systems breaking point, but very insensitive to those changes under other conditions. This makes it difficult to prioritize investment options on the basis of P(E), especially across multiple targets or facilities. To overcome these obstacles, a Sandia National Laboratories Laboratory Directed Research and Development project has developed a risk-based security cost-benefit analysis method. This approach characterizes targets by how difficult it would be for adversaries to exploit each targets vulnerabilities to induce consequences. Adversaries generally have success criteria (e.g., adequate or desired consequences and thresholds for likelihood of success), and choose among alternative strategies that meet these criteria while considering their degree of difficulty in achieving their successful outcome. Investments reduce security risk as they reduce the severity of consequences available and/or increase the difficulty for an adversary to successfully accomplish their most advantageous attack

  8. Risk and confidence: towards a new social contract for security

    International Nuclear Information System (INIS)

    Heriard-Dubreuil, G.

    2002-01-01

    The situation of radiation protection should be put in the more general perspective of risk governance where new patterns of risk governance necessitate periodic updating of social trust within open decision making processes. This trend also affects the traditional risk governance patterns in the sense that their legitimacy is grounded on social delegation and no more on authority or scientific evidence. Whatever is the dominant pattern of risk governance there is consequently a real challenge for radiation protection to explicit and share with society the rationales of its expertise. This is why the spreading of a radiation protection culture is a key challenge for a better integration of radiation protection in modern societies. Standards and norms should no more be prepared in the darkness of internalized decision making processes limited to Public Authorities, experts and operators. The use of standards should also be clearly linked with the acquisition and maintenance of a radiation protection culture. Radiation protection cannot remain in the hand of a few specialists. It should become a concern for all the exposed categories of actors in the relevant contexts. (author)

  9. 76 FR 41278 - Cargo Security Risk Reduction; Public Listening Sessions

    Science.gov (United States)

    2011-07-13

    ....mil/hq/cg5/cg544/cdc.asp or the Federal Docket Management System at http://www.Regulations.gov . For... important for the Coast Guard, in concert with stakeholders, to implement a holistic strategy to mitigate... risk management and shared responsibility between public and private sector stakeholders, across the...

  10. Optimisation of the securities portfolio as a part of the risk management process

    Directory of Open Access Journals (Sweden)

    Srečko Devjak

    2004-01-01

    Full Text Available Securities of Slovene companies are listed at the Ljubljana Stock Exchange. Market capitalisation at the Ljubljana Stock Exchange has been growing since 1996 due to new listings of equities. On the basis of financial data time series for listed equities, the financial investor can calculate a risk for each individual security with a selected risk measure and can determine an optimal portfolio, subject to selected constraints. In this paper, we shall consequently determine an optimal portfolio of equities for the financial investor, investing his assets only in selected equities listed at the Ljubljana Stock Exchange. Selecting an appropriate risk measure is especially important for a commercial bank in a risk management process. Commercial banks can use internal models in the risk management process and for the purpose of capital charges as well. An optimal portfolio will be calculated, using a non-linear mathematical model.

  11. Safety and security in transportation of radioactive material- the perception of risk

    Energy Technology Data Exchange (ETDEWEB)

    Ericsson, A.M.; Jaernry, C. [AMC Konsult AB, Bromma (Sweden)

    2004-07-01

    Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations.

  12. Safety and security in transportation of radioactive material- the perception of risk

    International Nuclear Information System (INIS)

    Ericsson, A.M.; Jaernry, C.

    2004-01-01

    Since the event of September 11, 2001, the way most people look at transportation risk has changed. There is now a lot more focusing on the security concerns related to the transportation of radioactive material. Most people are now more concerned about the risk of terrorist actions or sabotage than of accidents. This is probably due to the fact that the safety record for transportation of radioactive material has so far been very good and that most people experience terrorism and sabotage more scaring and less controllable than general accidents. This paper will compare the safety and the security regulations and discuss synergies and contradictions between the sets of regulations

  13. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K.

    2012-01-01

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases

  14. Design concept of CSRAS (Cyber Security Risk Analysis and Assessment System) for digital I and C systems

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, D. Y.; Lee, C. K. [KAERI, Daejeon (Korea, Republic of)

    2012-10-15

    The instrumentation and control (I and C) systems in nuclear power plants (NPPs) have been digitalized recently. Hence, cyber security becomes an important feature to be incorporated into the I and C systems. The Regulatory Guide 5.71 published by U.C NRC in 2010 presents a comprehensive set of security controls for the cyber security of I and C systems in NPPs. However, the application of security controls specified in the RG 5.71 in a specific I and C system still requires many analysis efforts based on the understanding of the security controls, since the guideline does not provide the details to system designers or developers regarding what, where, and how to apply the security controls. To apply security controls to I and C systems, cyber security requirements should be identified based on the cyber security policy and program, then the design and implementation of security controls should be performed along with the I and C system development life cycle. It can be assumed that cyber security requirements are identified during the system design(SD) phase and the design and implementation of security controls is performed during the component design(CD) phase. When identifying security requirements and performing the design and implementation of security controls, cyber security risk assessments should be processed with the understanding of the characteristics of target systems. In this study, the Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls considering based on a general cyber security risk assessment procedure with the consideration of the characteristics of I and C systems and the development phases.

  15. A 3S Risk ?3SR? Assessment Approach for Nuclear Power: Safety Security and Safeguards.

    Energy Technology Data Exchange (ETDEWEB)

    Forrest, Robert; Reinhardt, Jason Christian; Wheeler, Timothy A.; Williams, Adam David

    2017-11-01

    Safety-focused risk analysis and assessment approaches struggle to adequately include malicious, deliberate acts against the nuclear power industry's fissile and waste material, infrastructure, and facilities. Further, existing methods do not adequately address non- proliferation issues. Treating safety, security, and safeguards concerns independently is inefficient because, at best, it may not take explicit advantage of measures that provide benefits against multiple risk domains, and, at worst, it may lead to implementations that increase overall risk due to incompatibilities. What is needed is an integrated safety, security and safeguards risk (or "3SR") framework for describing and assessing nuclear power risks that can enable direct trade-offs and interactions in order to inform risk management processes -- a potential paradigm shift in risk analysis and management. These proceedings of the Sandia ePRA Workshop (held August 22-23, 2017) are an attempt to begin the discussions and deliberations to extend and augment safety focused risk assessment approaches to include security concerns and begin moving towards a 3S Risk approach. Safeguards concerns were not included in this initial workshop and are left to future efforts. This workshop focused on four themes in order to begin building out a the safety and security portions of the 3S Risk toolkit: 1. Historical Approaches and Tools 2. Current Challenges 3. Modern Approaches 4. Paths Forward and Next Steps This report is organized along the four areas described above, and concludes with a summary of key points. 2 Contact: rforres@sandia.gov; +1 (925) 294-2728

  16. The Shortage of Dentists: A Risk to National Security?

    Science.gov (United States)

    2008-03-19

    Shammari, et al., “Risk Indicators for Tooth Loss Due to Periodontal Disease ,” Journal of Periodontology (November 2005): 1910-1918. 62 Adapted from...the discussion on unmet treatment needs). Oral Disease : Impact on the Nation and Military Dental caries and periodontitis are chronic...destructive processes that generally become more severe over time. The single most common chronic childhood disease is dental caries.60 Periodontal disease

  17. An exploratory risk perception study of attitudes toward homeland security systems.

    Science.gov (United States)

    Sanquist, Thomas F; Mahy, Heidi; Morris, Frederic

    2008-08-01

    Understanding the issues surrounding public acceptance of homeland security systems is important for balancing security needs and potential civil liberties infringements. A psychometric survey was used in an exploratory study of attitudes regarding homeland security systems. Psychometric rating data were obtained from 182 respondents on psychological attributes associated with 12 distinct types of homeland security systems. An inverse relationship was observed for the overall rating attributes of acceptability and risk of civil liberties infringement. Principal components analysis (PCA) yielded a two-factor solution with the rating scale loading pattern suggesting factors of perceived effectiveness and perceived intrusiveness. These factors also showed an inverse relationship. The 12 different homeland security systems showed significantly different scores on the rating scales and PCA factors. Of the 12 systems studied, airport screening, canine detectors, and radiation monitoring at borders were found to be the most acceptable, while email monitoring, data mining, and global positioning satellite (GPS) tracking were found to be least acceptable. Students rated several systems as more effective than professionals, but the overall pattern of results for both types of subjects was similar. The data suggest that risk perception research and the psychometric paradigm are useful approaches for quantifying attitudes regarding homeland security systems and policies and can be used to anticipate potentially significant public acceptance issues.

  18. L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

    Science.gov (United States)

    Zelkin, Natalie; Henriksen, Stephen

    2011-01-01

    This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

  19. Development of Risk Assessment Methodology for State's Nuclear Security Regime

    Energy Technology Data Exchange (ETDEWEB)

    Jang, Sung Soon; Seo, Hyung Min; Lee, Jung Ho; Kwak, Sung Woo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-05-15

    Threats of nuclear terrorism are increasing after 9/11 terrorist attack. Treats include nuclear explosive device (NED) made by terrorist groups, radiological damage caused by a sabotage aiming nuclear facilities, and radiological dispersion device (RDD), which is also called 'dirty bomb'. In 9/11, Al Qaeda planed to cause radiological consequences by the crash of a nuclear power plant and the captured airplane. The evidence of a dirty bomb experiment was found in Afganistan by the UK intelligence agency. Thus, the international communities including the IAEA work substantial efforts. The leaders of 47 nations attended the 2010 nuclear security summit hosted by President Obama, while the next global nuclear summit will be held in Seoul, 2012. Most states established and are maintaining state's nuclear security regime because of the increasing threat and the international obligations. However, each state's nuclear security regime is different and depends on the state's environment. The methodology for the assessment of state's nuclear security regime is necessary to design and implement an efficient nuclear security regime, and to figure out weak points. The IAEA's INPRO project suggests a checklist method for State's nuclear security regime. The IAEA is now researching more quantitative methods cooperatively with several countries including Korea. In this abstract, methodologies to evaluate state's nuclear security regime by risk assessment are addressed

  20. Coping with global environmental change, disasters and security. Threats, challenges, vulnerabilities and risks

    Energy Technology Data Exchange (ETDEWEB)

    Brauch, Hans Guenter [Freie Univ. Berlin (Germany). Dept. of Political and Social Sciences; UNU-EHS, Bonn (DE). College of Associated Scientists and Advisors (CASA); Oswald Spring, Ursula [National Univ. of Mexico, Cuernavaca (MX). Regional Multidisciplinary Research Centre (CRIM); Mesjasz, Czeslaw [Cracow Univ. of Exonomics (Poland). Faculty of Management; Grin, John [Amsterdam Univ. (Netherlands). Dept. of Political Science; Dutch Knowledge network for Systems Innovations and Transitions (KSI), Amsterdam (Netherlands); Kameri-Mbote, Patricia [Strathmore Univ., Nairobi (Kenya). Dept. of Law; International Environmental Law Research Centre, Nairobi (Kenya); Chourou, Bechir [Univ. of Tunis-Carthage, Hammam-Chatt (Tunisia); Dunay, Pal [Geneva Centre for Security Policy (Switzerland). International Training Course in Security Policy; Birkmann, Joern (eds.) [United Nations Univ. (UNU), Bonn (DE). Inst. for Environment and Human Security (EHS)

    2011-07-01

    This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10 parts concepts of military and political hard security and economic, social, environmental soft security with a regional focus on the Near East, North and Sub-Sahara Africa and Asia and on hazards in urban centres. The major focus is on coping with global environmental change: climate change, desertification, water, food and health and with hazards and strategies on social vulnerability and resilience building and scientific, international, regional and national political strategies, policies and measures including early warning of conflicts and hazards. The book proposes a political geo-ecology and discusses a 'Fourth Green Revolution' for the Anthropocene era of earth history. (orig.)

  1. A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks

    Directory of Open Access Journals (Sweden)

    Rustu Yilmaz

    2016-05-01

    Full Text Available Universities are the leading institutions that are the sources of educated human population who both produce information and ensure to develop new products and new services by using information effectively, and who are needed in every area. Therefore, universities are expected to be institutions where information and information management are used efficiently. In the present study, the topics such as infrastructure, operation, application, information, policy and human-based information security at universities were examined within the scope of the information security standards which are highly required and intended to be available at each university today, and then a comparative analysis was conducted specific to Turkey. Within the present study, the Microsoft Security Assessment Tool developed by Microsoft was used as the risk analysis tool. The analyses aim to enable the universities to compare their information systems with the information systems of other universities within the scope of the information security awareness, and to make suggestions in this regard.

  2. For telehealth to succeed, privacy and security risks must be identified and addressed.

    Science.gov (United States)

    Hall, Joseph L; McGraw, Deven

    2014-02-01

    The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

  3. Physical security and IT convergence: Managing the cyber-related risks.

    Science.gov (United States)

    McCreight, Tim; Leece, Doug

    The convergence of physical security devices into the corporate network is increasing, due to the perceived economic benefits and efficiencies gained from using one enterprise network. Bringing these two networks together is not without risk. Physical devices like closed circuit television cameras (CCTV), card access readers, and heating, ventilation and air conditioning controllers (HVAC) are typically not secured to the standards we expect for corporate computer networks. These devices can pose significant risks to the corporate network by creating new avenues to exploit vulnerabilities in less-than-secure implementations of physical systems. The ASIS Information Technology Security Council (ITSC) developed a white paper describing steps organisations can take to reduce the risks this convergence can pose, and presented these concepts at the 2015 ASIS/ISC2 Congress in Anaheim, California. 1 This paper expands upon the six characteristics described by ITSC, and provides business continuity planners with information on how to apply these recommendations to physical security devices that use the corporate network.

  4. NPP physical protection and information security as necessary conditions for reducing nuclear and radiation accident risks

    International Nuclear Information System (INIS)

    Pogosov, O.Yu.; Derevyanko, O.V.

    2017-01-01

    The paper focuses on the fact that nuclear failures and incidents can lead to radioactive contamination of NPP premises. Nuclear and radiation hazard may be caused by malefactors in technological processes when applying computers or inadequate control in case of insufficient level of information security.The researchers performed analysis of factors for reducing risks of nuclear and radiation accidents at NPPs considering specific conditions related to information security of NPP physical protection systems. The paper considers connection of heterogeneous factors that may increase the risk of NPP accidents, possibilities and ways to improve adequate modelling of security of information with limited access directly related to the functioning of automated set of engineering and technical means for NPP physical protection. Within the overall Hutchinson formalization, it is proposed to include additional functional dependencies on indicators specific for NPPs into analysis algorithms.

  5. A Risk-Sensitive Portfolio Optimization Problem with Fixed Incomes Securities

    OpenAIRE

    Goel, Mayank; Kumar, K. Suresh

    2007-01-01

    We discuss a class of risk-sensitive portfolio optimization problems. We consider the portfolio optimization model investigated by Nagai in 2003. The model by its nature can include fixed income securities as well in the portfolio. Under fairly general conditions, we prove the existence of optimal portfolio in both finite and infinite horizon problems.

  6. A threat-vulnerability based risk analysis model for cyber physical system security

    CSIR Research Space (South Africa)

    Ledwaba, Lehlogonolo

    2017-01-01

    Full Text Available model. An analysis of the Natanz system shows that, with an actual case security-risk score at Mitigation level 5, the infested facilities barely avoided a situation worse than the one which occurred. The paper concludes with a discussion on the need...

  7. Policy risk in action: pension reforms and social security wealth in Hungary, Czech Republic, and Slovakia

    Czech Academy of Sciences Publication Activity Database

    Dušek, Libor; Kopecsni, J.

    -, 9/2008 (2008), s. 1-34 R&D Projects: GA ČR GA402/05/0711 Institutional research plan: CEZ:AV0Z70850503 Keywords : pension reforms * social security * policy risk Subject RIV: AH - Economics http://ies.fsv.cuni.cz/default/file/download/id/8361

  8. A Model for an Information Security Risk Management (ISRM) Framework for Saudi Arabian Organisations

    Science.gov (United States)

    Alshareef, Naser

    2016-01-01

    Countries in the Gulf represent thriving, globally important commercial centres. They have embraced technology and modern management methods, often originating in the western countries. In adapting to quite different cultures these do not always operate as successfully. The adoption and practices of the Information Security Risk Management (ISRM)…

  9. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jinsoo; Heo, Gyunyoung [Kyung Hee Univ., Yongin (Korea, Republic of); Son, Hanseong [Joongbu Univ., Geumsan (Korea, Republic of); Park, Jaekwan [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2013-05-15

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  10. Carboy Security Risk Analysis Model of I and C System Using Bayesian Network

    International Nuclear Information System (INIS)

    Shin, Jinsoo; Heo, Gyunyoung; Son, Hanseong; Park, Jaekwan

    2013-01-01

    The Korea Institute of Nuclear Safety (KINS) as a regulatory agency declares the R. G 8.22 for applying cyber security in Korea in 2011. In nuclear power industrial, ShinUljin 1, 2 unit and Shingori 3, 4 unit are demonstrating the cyber security for the first time. And in terms of research, the National Security Research Institute and the Korea Atomic Energy Research Institute are developing the nuclear power plant cyber security system in Korean. Currently, these cyber securities like regulation, demonstration and research are focused on nuclear power plant. However, cyber security is also important for the nuclear research reactor like a HANARO which is in Daejeon, primarily due to its characteristic as research reactor since since people access more than power plant. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected final risk by evaluating input score for each checklist. In this way, you can see an important checklist. Further, if the cyber-attack occurs, it is possible to provide an evidentiary material that is able to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetratio test scenario according to each situation. Analysis of the key elements of cyber security is possible to study through the activity-quality and architecture analysis model of cyber security. It is possible to analyze the extent reflected in the final risk by evaluating input score for each checklist, in this way, you can see an important checklist. Furthermore, if the cyber-attack occurs, it is possible to provide an evidentiary material that enables to determine the key check element corresponding to each situation via a reverse calculation of BN. Finally, Utilization is possible to create a simulated penetration test scenario according to

  11. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

    Science.gov (United States)

    Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

    2011-01-01

    In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

  12. Predictors of mother-child interaction quality and child attachment security in at-risk families

    Directory of Open Access Journals (Sweden)

    Simona eDe Falco

    2014-08-01

    Full Text Available Child healthy development is largely influenced by parent-child interaction and a secure parent-child attachment is predictively associated with positive outcomes in numerous domains of child development. However, the parent-child relationship can be affected by several psychosocial and socio-demographic risk factors that undermine its quality and in turn play a negative role in short and long term child psychological health. Prevention and intervention programs that support parenting skills in at-risk families can efficiently reduce the impact of risk factors on mother and child psychological health. This study examines predictors of mother-child interaction quality and child attachment security in a sample of first-time mothers with psychosocial and/or socio-demographic risk factors. Forty primiparous women satisfying specific risk criteria participated in a longitudinal study with their children from pregnancy until 18 month of child age. A multiple psychological and socioeconomic assessment was performed. The Emotional Availability Scales were used to measure the quality of emotional exchanges between mother and child at 12 months and the Attachment Q-Sort served as a measure of child attachment security at 18 months. Results highlight both the effect of specific single factors, considered at a continuous level, and the cumulative risk effect of different co-occurring factors, considered at binary level, on mother-child interaction quality and child attachment security. Implication for the selection of inclusion criteria of intervention programs that support parenting skills in at-risk families are discussed.

  13. The Effect of Knowledge of Online Security Risks on Consumer Decision Making in B2C e-Commerce

    Science.gov (United States)

    Wang, Ping An

    2010-01-01

    This dissertation research studied how different degrees of knowledge of online security risks affect B2C (business-to-consumer) e-commerce consumer decision making. Online information security risks, such as identity theft, have increasingly become a major factor inhibiting the potential growth of e-commerce. On the other hand, e-commerce…

  14. Managing the risks of legacy radioactive sources from a security perspective

    International Nuclear Information System (INIS)

    Alexander, Mark; Murray, Allan

    2008-01-01

    The safety and security risk posed by highly radioactive, long-lived sources at the end of their normal use has not been consistently well-managed in previous decades. The Brazilian Cs-137 accident in 1986 and the Thailand Co-60 accident in 2000 are prime examples of the consequences that ensue from the loss of control of highly dangerous sources after their normal use. With the new international emphasis on security of radioactive sources throughout their life cycle, there is now further incentive to address the management of risks posed by legacy, highly dangerous radioactive sources. The ANSTO South-East Asia Regional Security of Radioactive Sources (RSRS) Project has identified, and is addressing, a number of legacy situations that have arisen as a result of inadequate management practices in the past. Specific examples are provided of these legacy situations and the lessons learned for managing the consequent safety and security risk, and for future complete life-cycle management of highly radioactive sources. (author)

  15. Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

    Energy Technology Data Exchange (ETDEWEB)

    Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M. [Battelle Memorial Inst., Columbus, OH (United States); Abkowitz, M. [Dept. of Civil Engineering, Vanderbilt Univ., Nashville, TN (United States)

    2004-07-01

    Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort.

  16. Spatio-temporal dynamics of security investments in an interdependent risk environment

    Science.gov (United States)

    Shafi, Kamran; Bender, Axel; Zhong, Weicai; Abbass, Hussein A.

    2012-10-01

    In a globalised world where risks spread through contagion, the decision of an entity to invest in securing its premises from stochastic risks no longer depends solely on its own actions but also on the actions of other interacting entities in the system. This phenomenon is commonly seen in many domains including airline, logistics and computer security and is referred to as Interdependent Security (IDS). An IDS game models this decision problem from a game-theoretic perspective and deals with the behavioural dynamics of risk-reduction investments in such settings. This paper enhances this model and investigates the spatio-temporal aspects of the IDS games. The spatio-temporal dynamics are studied using simple replicator dynamics on a variety of network structures and for various security cost tradeoffs that lead to different Nash equilibria in an IDS game. The simulation results show that the neighbourhood configuration has a greater effect on the IDS game dynamics than network structure. An in-depth empirical analysis of game dynamics is carried out on regular graphs, which leads to the articulation of necessary and sufficient conditions for dominance in IDS games under spatial constraints.

  17. Truck shipment risks for assessing hazardous materials - a new paradigm incorporating safety and security

    International Nuclear Information System (INIS)

    Greenberg, A.; McSweeney, T.; Allen, J.; Lepofsky, M.; Abkowitz, M.

    2004-01-01

    Recent terrorist events, most notably September 11, 2001, have taught us that transportation risk management must be performed with a different lens to accommodate terrorism scenarios that would have previously been considered unlikely to warrant serious attention. Given these circumstances, a new paradigm is needed for managing the risks associated with highway transport of hazardous materials. In particular, this paradigm must: 1) more explicitly consider security threat and vulnerability, and 2) integrate security considerations into an overall framework for addressing natural and man-made disasters, be they accidental or planned. This paper summarizes the results of a study sponsored by the U.S. Department of Transportation, Federal Motor Carrier Safety Administration for the purpose of exploring how a paradigm might evolve in which both safety and security risks can be evaluated as a systematic, integrated process. The work was directed at developing a methodology for assessing the impacts of hazardous materials safety and security incident consequences when transported by highway. This included consideration of the manner in which these materials could be involved in initiating events as well as potential outcomes under a variety of release conditions. The methodology is subsequently applied to various classes of hazardous materials to establish an economic profile of the impacts that might be expected if a major release were to occur. The paper concludes with a discussion of the findings and implications associated with this effort

  18. An analysis of security price risk and return among publicly traded pharmacy corporations.

    Science.gov (United States)

    Gilligan, Adrienne M; Skrepnek, Grant H

    2013-01-01

    Community pharmacies have been subject to intense and increasing competition in the past several decades. To determine the security price risk and rate of return of publicly traded pharmacy corporations present on the major U.S. stock exchanges from 1930 to 2009. The Center of Research in Security Prices (CRSP) database was used to examine monthly security-level stock market prices in this observational retrospective study. The primary outcome of interest was the equity risk premium, with analyses focusing upon financial metrics associated with risk and return based upon modern portfolio theory (MPT) including: abnormal returns (i.e., alpha), volatility (i.e., beta), and percentage of returns explained (i.e., adjusted R(2)). Three equilibrium models were estimated using random-effects generalized least squares (GLS): 1) the Capital Asset Pricing Model (CAPM); 2) Fama-French Three-Factor Model; and 3) Carhart Four-Factor Model. Seventy-five companies were examined from 1930 to 2009, with overall adjusted R(2) values ranging from 0.13 with the CAPM to 0.16 with the Four-Factor model. Alpha was not significant within any of the equilibrium models across the entire 80-year time period, though was found from 1999 to 2009 in the Three- and Four-Factor models to be associated with a large, significant, and negative risk-adjusted abnormal returns of -33.84%. Volatility varied across specific time periods based upon the financial model employed. This investigation of risk and return within publicly listed pharmacy corporations from 1930 to 2009 found that substantial losses were incurred particularly from 1999 to 2009, with risk-adjusted security valuations decreasing by one-third. Copyright © 2013 Elsevier Inc. All rights reserved.

  19. Climate change, nuclear risks and nuclear disarmament. From security threats to sustainable peace

    Energy Technology Data Exchange (ETDEWEB)

    Scheffran, Juergen [Hamburg Univ. (Germany). Research Group Climate Change and Security

    2009-07-01

    In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security

  20. Climate change, nuclear risks and nuclear disarmament. From security threats to sustainable peace

    International Nuclear Information System (INIS)

    Scheffran, Juergen

    2009-01-01

    In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security

  1. IRSN 2007 barometer: perception of risks and security by French people. Global results

    International Nuclear Information System (INIS)

    2007-07-01

    This report presents under the form of graphs and comments the results of the annual IRSN opinion poll on matters of risk and security. The IRSN is the French Institute of Radioprotection and Nuclear Safety. Different themes are analysed: the present concerns for French people (in the present society, for the environment, about industrial risks and the image of science), the perception of expertise (who should control an installation, the role and the image of scientific experts, access to expertise documents), the public interest in risk issues (topic of interest, participation to information sessions), the attitude in front of 30 risk situations (presently perceived risks, confidence in public authorities to ensure their protection, truth about information on hazards, hierarchy of 30 situations). The last part is dedicated to the nuclear domain (nuclear risk, skill and credibility of interveners)

  2. Integrating a flexible modeling framework (FMF) with the network security assessment instrument to reduce software security risk

    Science.gov (United States)

    Gilliam, D. P.; Powell, J. D.

    2002-01-01

    This paper presents a portion of an overall research project on the generation of the network security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

  3. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    Science.gov (United States)

    Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

  4. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

    Directory of Open Access Journals (Sweden)

    Valerie J.M. Watzlaf

    2010-10-01

    Full Text Available Voice over the Internet Protocol (VoIP systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR therapy that can provide voice and video teleconferencing between patients and therapists.  Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care, and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.   

  5. VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

    Science.gov (United States)

    Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

    2010-01-01

    Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.

  6. Addressing the supply security of the nuclear fuel cycle: a US merchant generator risk acceptance perspective

    International Nuclear Information System (INIS)

    Jordan, R. P.; Benavides, P.A.

    2006-01-01

    With the current rising markets across the nuclear fuel supply spectrum, understanding and managing nuclear fuel cycle supply security risk becomes an increasingly important consideration. In addressing this area, Constellation Energy is implementing an integrated multifaceted approach as consistent with a comprehensive risk profile covering the nuclear fuel supply industry. This approach is founded on use of a utility traditional procurement strategy, as dependent on the qualitative parameters of supply origination diversification, geopolitical stability, contracting duration and individual supplier financial bases. However, Constellation also adds an additional consideration into development of this nuclear fuel supply risk profile. To do such, qualitative assessments covering specific supplier risks, as based on the parameters of supplier management and organizational structure, design capacities (applicable to fabrication and enrichment only), operational history as applicable to forward-looking performance, regulatory or legal history and financial performance are also considered. Constellation overlays the risks of future availabilities, catastrophic occurrences and prices for each nuclear fuel material and service component onto a quantitative set of results. The overall focus of these assessments is the creation of a risk management perspective directed towards determining the potential loss or delay of nuclear fuel supply for our operating reactors. The conclusion of this effort is an integrated assessment of the nuclear fuel supply security as applicable to the Constellation-specific structured risk profile. Use of this assessment allows Constellation to target appropriate suppliers of interest in the marketplace and form the fundamental bases for the Constellation procurement strategy while managing risks associated with nuclear fuel cycle supply security. (authors)

  7. You Outsource the Service but Not the Risk: Supply Chain Risk Management for the Cyber Security of Safety Critical Systems

    OpenAIRE

    Johnson, Chris W.

    2016-01-01

    Companies increasingly form interdependent relationships between contractors and sub-contractors that extend\\ud across national borders and legal jurisdictions. In consequence, supply chain risk management (SCRM) is an\\ud increasing concern for the cyber security of safety-critical systems. The following pages argue that outsourcing\\ud undermines SCRM by eroding technical expertise, which companies need to select and audit their suppliers. They\\ud are still held accountable when the failure o...

  8. Strategic information security

    CERN Document Server

    Wylder, John

    2003-01-01

    Introduction to Strategic Information SecurityWhat Does It Mean to Be Strategic? Information Security Defined The Security Professional's View of Information Security The Business View of Information SecurityChanges Affecting Business and Risk Management Strategic Security Strategic Security or Security Strategy?Monitoring and MeasurementMoving Forward ORGANIZATIONAL ISSUESThe Life Cycles of Security ManagersIntroductionThe Information Security Manager's Responsibilities The Evolution of Data Security to Information SecurityThe Repository Concept Changing Job Requirements Business Life Cycles

  9. Risk perception and environmental health concerns in conditions of social security threat

    International Nuclear Information System (INIS)

    Kolarova, D.

    1998-01-01

    Full text of publication follows: this study explores the connection between the perception of different societal risk, health concerns and behavioral attitudes of people in condition of social security threat. Two small and two big industrial towns were chosen in order to observe the social and psychological price of the structural changes in the industry such as unemployment and its reflection on the households and the individuals' social attitudes. Key stakeholders were interviewed and questionnaire survey was carried out. The results showed high level of risk sensitivity and health concerns when people felt threatened by lack of social and economic security. The pollution was found to be important problem when it caused direct and obvious risk to human health and the environment. In the same time reverse environmental behavior like insensitiveness and neglectful attitude was observed in cases when the health consequences of the pollution were perceived to be unclear and with delayed effect. In situation of a great socio-economic threat noninvolvement helped the individuals to adapt. The research proved the influence of several risk characteristics on risk perception. It was found a connection between the risk perception and risk controllability, voluntariness of exposure and cost/benefits distribution. In the study areas respondents' judgments on these characteristics reflected directly their social status and material state. The study presented here is in progress - it i's supported by research grant from Open Society Foundation. (author)

  10. Multi-risk infants: predicting attachment security from sociodemographic, psychosocial, and health risk among African-American preterm infants.

    Science.gov (United States)

    Candelaria, Margo; Teti, Douglas M; Black, Maureen M

    2011-08-01

    Ecological and transactional theories link child outcomes to accumulated risk. This study hypothesized that cumulative risk was negatively related to attachment, and that maternal sensitivity mediated linkages between risk and attachment. One hundred and twelve high-risk African-American premature infant-mother dyads participated. Psychosocial (maternal depression, stress and self-efficacy) and sociodemographic risk (poverty, maternal education, marital status) were maternal self-report (0-4 months). Infant health risk was obtained from hospital charts. Infant-mother attachment (12 months) and maternal sensitivity (4 months) were assessed with Q-sort measures. Psychosocial and sociodemographic risk, but not infant health risk, negatively related to attachment. Both were mediated by maternal sensitivity. The impact of risk domains on attachment security was mediated by maternal sensitivity. Results emphasize the need for early intervention programs targeting premature infants to identify and address environmental and personal factors that place parenting at risk. © 2011 The Authors. Journal of Child Psychology and Psychiatry © 2011 Association for Child and Adolescent Mental Health.

  11. Security and Risk Analysis of Nuclear Safeguards Instruments Using Attack Trees

    International Nuclear Information System (INIS)

    Naumann, I.; Wishard, B.

    2015-01-01

    The IAEA's nuclear safeguards instruments must be frequently evaluated against attack vectors, which are extremely varied and, at first approximation, may seem inconsequential, but are not. To accurately analyze the impact of attacks on a multi-component system requires a highly structured and well-documented assessment. Tree structures, such as fault trees, have long been used to assess the consequences of selecting potential solutions and their impact on risk. When applied to security threats by introducing threat agents (adversaries) and vulnerabilities, this approach can be extremely valuable in uncovering previously unidentified risks and identifying mitigation steps. This paper discusses how attack trees can be used for the security analysis of nuclear safeguards instruments. The root node of such a tree represents an objective that negatively impacts security such as disclosing and/or falsifying instrument data or circumventing safeguards methods. Usually, this objective is rather complex and attaining it requires a combination of several security breaches which may vary on how much funding or what capabilities are required in order to execute them. Thus, it is necessary to break the root objective into smaller, less complex units. Once a leaf node describes a reasonably comprehensible action, it is the security experts' task to allocate levels of difficulty and funding to this node. Eventually, the paths from the leaf nodes to the root node describe all possible combinations of actions necessary to carry out a successful attack. The use of a well-structured attack tree facilitates the developer in thinking like the adversary providing more effective security solutions. (author)

  12. Assessing and managing security risk in IT systems a structured methodology

    CERN Document Server

    McCumber, John

    2004-01-01

    SECURITY CONCEPTSUsing ModelsIntroduction: Understanding, Selecting, and Applying Models Understanding AssetsLayered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in SecuritySecurity in Context Reference Defining Information SecurityConfidentiality, Integrity, and Availability Information AttributesIntrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources ReferencesUnderstanding Threat and Its Relatio

  13. Environmental and climate security: improving scenario methodologies for science and risk assessment

    Science.gov (United States)

    Briggs, C. M.; Carlsen, H.

    2010-12-01

    Governments and popular discussions have increasingly referred to concepts of ‘climate security’, often with reference to IPCC data. Development of effective methodologies to translate complex, scientific data into risk assessments has lagged, resulting in overly simplistic political assumptions of potential impacts. Climate security scenarios have been developed for use by security and military agencies, but effective engagement by scientific communities requires an improved framework. Effective use of data requires improvement both of climate projections, and the mapping of cascading impacts across interlinked, complex systems. In this research we propose a process for systematic generation of subsets of scenarios (of arbitrary size) from a given set of variables with possible interlinkages. The variables could include climatic changes as well as other global changes of concerns in a security context. In coping with possible challenges associated with the nexus of climate change and security - where deep structural uncertainty and possible irreversible changes are of primary interest - it is important to explore the outer limits of the relevant uncertainties. Therefore the proposed process includes a novel method that will help scenario developers in generating scenario sets where the scenarios are in a quantifiable sense maximally different and therefore best ‘span’ the whole set of scenarios. When downscaled onto a regional level, this process can provide guidance to potentially significant and abrupt geophysical changes, where high uncertainty has often prevented communication of risks. Potential physical changes can then be used as starting points for mapping cascading effects across networks, including topological analysis to identify critically vulnerable nodes and fragile systems, the existence of positive or negative feedback loops, and possible intervention points. Advanced knowledge of both potential geo-physical shifts and related non

  14. Discursive Overlap and Conflictive Fragmentation of Risk and Security in the Geopolitics of Energy

    Directory of Open Access Journals (Sweden)

    Julio E. Rubio

    2013-03-01

    Full Text Available As it touches all aspects of human activity and society in general, energy has become an object of discourse. Two main discourses have formed on the use of energy: risk discourse and security discourse. While environmental changes and oil depletion continue, a new application for the term security has appeared: energy security. This concept can be interpreted within the terms of risk discourse, which is oriented towards rational consensus and decision making, or as an exercise of power, sovereignty and hegemony. The boundaries between interpretations are often unclear. Thus, in an institutional framework that has fragmented principles, norms and rules, opposing discourses will overlap. Political agents and institutions deploy strategies based on these discourses. With this overlapping of discourses, the performative powers of different institutions clash, thus creating conflictive fragmentation in a governance architecture. The purpose of this investigation is to analyze the use of, replication of, and ambiguities surrounding the concept of energy security, so as to understand how and why these discourses overlap and the profound consequences that this overlap may have for present and future energy use, environmental negotiations, and political climate.

  15. Risk and Argument: A Risk-based Argumentation Method for Practical Security

    NARCIS (Netherlands)

    Nunes Leal Franqueira, V.; Tun, Thein Tan; Yu, Yijun; Wieringa, Roelf J.; Nuseibeh, Bashar

    When showing that a software system meets certain security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and threats from potential attackers. In earlier work, Haley et al. [1] showed structured argumentation could deal

  16. Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

    Science.gov (United States)

    Ahmad, Mushtaq

    Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

  17. Global Hotspots of Conflict Risk between Food Security and Biodiversity Conservation

    OpenAIRE

    Molotoks, Amy; Dawson, Terence Peter

    2017-01-01

    The global challenges of food security and biodiversity are rarely addressed together, though recently there has been an increasing awareness that the two issues are closely related. The majority of land available for agriculture is already used for food production, but despite the productivity gains, one in nine people worldwide are classified as food insecure. There is an increasing risk that addressing food insecurity through methods such as agricultural expansion orintensification could l...

  18. Developing a Comprehensive Approach Could Help DOD Better Manage National Security Risks in the Supply Chain

    Science.gov (United States)

    2016-02-01

    supply chains for rare earths.20 According to Industrial Analysis Center officials, only 10 percent of surveys sent to prime contractors for 79...the Supply Chain Report to Congressional Committees February 2016 GAO-16-161 United States Government Accountability Office United...Developing a Comprehensive Approach Could Help DOD Better Manage National Security Risks in the Supply Chain Why GAO Did This Study DOD depends on

  19. Policy risk in action: pension reforms and social security wealth in Hungary, Czech Republic, and Slovakia

    Czech Academy of Sciences Publication Activity Database

    Dušek, Libor; Kopecsni, J.

    2008-01-01

    Roč. 58, 7-8 (2008), s. 329-358 ISSN 0015-1920 R&D Projects: GA MŠk LC542 Institutional research plan: CEZ:AV0Z70850503 Keywords : pension reforms * social security * policy risk Subject RIV: AH - Economics Impact factor: 0.275, year: 2008 http://journal.fsv.cuni.cz/storage/1137_dusek-kopecsni_-_329-358-opravené.pdf

  20. Water security, risk, and economic growth: Insights from a dynamical systems model

    Science.gov (United States)

    Dadson, Simon; Hall, Jim W.; Garrick, Dustin; Sadoff, Claudia; Grey, David; Whittington, Dale

    2017-08-01

    Investments in the physical infrastructure, human capital, and institutions needed for water resources management have been noteworthy in the development of most civilizations. These investments affect the economy in two distinct ways: (i) by improving the factor productivity of water in multiple economic sectors, especially those that are water intensive such as agriculture and energy and (ii) by reducing acute and chronic harmful effects of water-related hazards like floods, droughts, and water-related diseases. The need for capital investment to mitigate risks and promote economic growth is widely acknowledged, but prior conceptual work on the relationship between water-related investments and economic growth has focused on the productive and harmful roles of water in the economy independently. Here the two influences are combined using a simple, dynamical systems model of water-related investment, risk, and growth. In cases where initial water security is low, initial investment in water-related assets enables growth. Without such investment, losses due to water-related hazards exert a drag on economic growth and may create a poverty trap. The presence and location of the poverty trap is context-specific and depends on the exposure of productive water-related assets to water-related risk. Exogenous changes in water-related risk can potentially push an economy away from a growth path toward a poverty trap. Our investigation shows that an inverted-U-shaped investment relation between the level of investment in water security and the current level of water security leads to faster rates of growth than the alternatives that we consider here, and that this relation is responsible for the "S"-curve that is posited in the literature. These results illustrate the importance of accounting for environmental and health risks in economic models and offer insights for the design of robust policies for investment in water-related productive assets to manage risk, in the face

  1. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    Energy Technology Data Exchange (ETDEWEB)

    Shin, Jin Soo; Heo, Gyun Young [Kyung Hee University, Youngin (Korea, Republic of); Kang, Hyun Gook [KAIST, Dajeon (Korea, Republic of); Son, Han Seong [Joongbu University, Chubu (Korea, Republic of)

    2014-08-15

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility.

  2. Methodology for Applying Cyber Security Risk Evaluation from BN Model to PSA Model

    International Nuclear Information System (INIS)

    Shin, Jin Soo; Heo, Gyun Young; Kang, Hyun Gook; Son, Han Seong

    2014-01-01

    There are several advantages to use digital equipment such as cost, convenience, and availability. It is inevitable to use the digital I and C equipment replaced analog. Nuclear facilities have already started applying the digital system to I and C system. However, the nuclear facilities also have to change I and C system even though it is difficult to use digital equipment due to high level of safety, irradiation embrittlement, and cyber security. A cyber security which is one of important concerns to use digital equipment can affect the whole integrity of nuclear facilities. For instance, cyber-attack occurred to nuclear facilities such as the SQL slammer worm, stuxnet, DUQU, and flame. The regulatory authorities have published many regulatory requirement documents such as U.S. NRC Regulatory Guide 5.71, 1.152, IAEA guide NSS-17, IEEE Standard, and KINS Regulatory Guide. One of the important problem of cyber security research for nuclear facilities is difficulty to obtain the data through the penetration experiments. Therefore, we make cyber security risk evaluation model with Bayesian network (BN) for nuclear reactor protection system (RPS), which is one of the safety-critical systems to trip the reactor when the accident is happened to the facilities. BN can be used for overcoming these problems. We propose a method to apply BN cyber security model to probabilistic safety assessment (PSA) model, which had been used for safety assessment of system, structure and components of facility. The proposed method will be able to provide the insight of safety as well as cyber risk to the facility

  3. Risk Informed Approach for Nuclear Security Measures for Nuclear and Other Radioactive Material out of Regulatory Control. Implementing Guide

    International Nuclear Information System (INIS)

    2015-01-01

    This publication provides guidance to States for developing a risk informed approach and for conducting threat and risk assessments as the basis for the design and implementation of sustainable nuclear security systems and measures for prevention of, detection of, and response to criminal and intentional unauthorised acts involving nuclear and other radioactive material out of regulatory control. It describes concepts and methodologies for a risk informed approach, including identification and assessment of threats, targets, and potential consequences; threat and risk assessment methodologies, and the use of risk informed approaches as the basis for informing the development and implementation of nuclear security systems and measures. The publication is an Implementing Guide within the IAEA Nuclear Security Series and is intended for use by national policy makers, law enforcement agencies and experts from competent authorities and other relevant organizations involved in the establishment, implementation, maintenance or sustainability of nuclear security systems and measures related to nuclear and other radioactive material out of regulatory control

  4. Framework for generating expert systems to perform computer security risk analysis

    International Nuclear Information System (INIS)

    Smith, S.T.; Lim, J.J.

    1985-01-01

    At Los Alamos we are developing a framework to generate knowledge-based expert systems for performing automated risk analyses upon a subject system. The expert system is a computer program that models experts' knowledge about a topic, including facts, assumptions, insights, and decision rationale. The subject system, defined as the collection of information, procedures, devices, and real property upon which the risk analysis is to be performed, is a member of the class of systems that have three identifying characteristics: a set of desirable assets (or targets), a set of adversaries (or threats) desiring to obtain or to do harm to the assets, and a set of protective mechanisms to safeguard the assets from the adversaries. Risk analysis evaluates both vulnerability to and the impact of successful threats against the targets by determining the overall effectiveness of the subject system safeguards, identifying vulnerabilities in that set of safeguards, and determining cost-effective improvements to the safeguards. As a testbed, we evaluate the inherent vulnerabilities and risks in a system of computer security safeguards. The method considers safeguards protecting four generic targets (physical plant of the computer installation, its hardware, its software, and its documents and displays) against three generic threats (natural hazards, direct human actions requiring the presence of the adversary, and indirect human actions wherein the adversary is not on the premises-perhaps using such access tools as wiretaps, dialup lines, and so forth). Our automated procedure to assess the effectiveness of computer security safeguards differs from traditional risk analysis methods

  5. [Security of hospital infusion practices: From an a priori risk analysis to an improvement action plan].

    Science.gov (United States)

    Pignard, J; Cosserant, S; Traore, O; Souweine, B; Sautou, V

    2016-03-01

    Infusion in care units, and all the more in intensive care units, is a complex process which can be the source of many risks for the patient. Under cover of an institutional approach for the improvement of the quality and safety of patient healthcare, a risk mapping infusion practices was performed. The analysis was focused on intravenous infusion situations in adults, the a priori risk assessment methodology was applied and a multidisciplinary work group established. Forty-three risks were identified for the infusion process (prescription, preparation and administration). The risks' assessment and the existing means of control showed that 48% of them would have a highly critical patient security impact. Recommendations were developed for 20 risks considered to be most critical, to limit their occurrence and severity, and improve their control level. An institutional action plan was developed and validated in the Drug and Sterile Medical Devices Commission. This mapping allowed the realization of an exhaustive inventory of potential risks associated with the infusion. At the end of this work, multidisciplinary groups were set up to work on different themes and regular quarterly meetings were established to follow the progress of various projects. Risk mapping will be performed in pediatric and oncology unit where the risks associated with the handling of toxic products is omnipresent. Copyright © 2015 Académie Nationale de Pharmacie. Published by Elsevier Masson SAS. All rights reserved.

  6. Financial security

    NARCIS (Netherlands)

    de Goede, M.; Burgess, J.P.

    2010-01-01

    1. Introduction J. Peter Burgess Part 1: New Security Concepts 2. Civilizational Security Brett Bowden 3. Risk Oliver Kessler 4. Small Arms Keith Krause 5. Critical Human Security Taylor Owen 6. Critical Geopolitics Simon Dalby Part 2: New Security Subjects 7. Biopolitics Michael Dillon 8. Gendered

  7. Top management turnover and firm default risk: Evidence from the Chinese securities market

    Directory of Open Access Journals (Sweden)

    Wei Ting

    2011-06-01

    Full Text Available China has moved rapidly from a socialist planned economy to a market economy. As a result, many enterprises in China are seeking talented top management to increase their performance and decrease their default risk. Studies abound regarding top management turnover and its relationship with firm performance, however, few studies have connected top management turnover with firm default risk. In China, a market with extensive financial fraud, firm default risk is an important factor and thus we explore this relationship in the Chinese securities market. Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period. In addition, following changes in top management, such firms default less than other companies.

  8. Top management turnover and firm default risk:Evidence from the Chinese securities market

    Institute of Scientific and Technical Information of China (English)

    Wei; Ting

    2011-01-01

    China has moved rapidly from a socialist planned economy to a market economy.As a result,many enterprises in China are seeking talented top management to increase their performance and decrease their default risk.Studies abound regarding top management turnover and its relationship with firm performance,however,few studies have connected top management turnover with firm default risk.In China,a market with extensive financial fraud,firm default risk is an important factor and thus we explore this relationship in the Chinese securities market.Our results indicate that firms with higher default risk are more likely to change their top management in the next financial reporting period.In addition,following changes in top management,such firms default less than other companies.

  9. A unified framework for risk and vulnerability analysis covering both safety and security

    International Nuclear Information System (INIS)

    Aven, Terje

    2007-01-01

    Recently, we have seen several attempts to establish adequate risk and vulnerability analyses tools and related management frameworks dealing not only with accidental events but also security problems. These attempts have been based on different analysis approaches and using alternative building blocks. In this paper, we discuss some of these and show how a unified framework for such analyses and management tasks can be developed. The framework is based on the use of probability as a measure of uncertainty, as seen through the eyes of the assessor, and define risk as the combination of possible consequences and related uncertainties. Risk and vulnerability characterizations are introduced incorporating ideas both from vulnerability analyses literature as well as from the risk classification scheme introduced by Renn and Klinke

  10. Risk-informed approach for safety, safeguards, and security (3S) by design

    International Nuclear Information System (INIS)

    Suzuki, Mitsutoshi; Burr, Tom; Howell, John

    2011-01-01

    Over several decades the nuclear energy society worldwide has developed safety assessment methodology based on probabilistic risk analysis for incorporating its benefit into design and accident prevention for nuclear reactors. Although safeguards and security communities have different histories and technical aspects compared to safety, risk assessment as a supplement to their current requirements could be developed to promote synergism between Safety, Safeguards, and Security (3S) and to install effective countermeasures in the design of complex nuclear fuel cycle facilities. Since the 3S initiative was raised by G8 countries at Hokkaido Toyako-Summit in 2008, one approach to developing synergism in a 3S By Design (3SBD) process has been the application of risk-oriented assessment methodology. In the existing regulations of safeguards and security, a risk notion has already been considered for inherent threat and hazard recognition. To integrate existing metrics into a risk-oriented approach, several mathematical methods have already been surveyed, with attention to the scarcity of intentional acts in the case of safeguards and the sparseness of actual event data. A two-dimensional probability distribution composed of measurement error and incidence probabilities has been proposed to formalize inherent difficulties in the International Atomic Energy Agency (IAEA) safeguards criteria. In particular, the incidence probability that is difficult to estimate has been explained using a Markov model and game theory. In this work, a feasibility study of 3SBD is performed for an aqueous reprocessing process, and synergetic countermeasures are presented for preliminary demonstration of 3SBD. Although differences and conflicts between individual 'S' communities exist, the integrated approach would be valuable for optimization and balance between the 3S design features as well as for effective and efficient implementation under existing regulation frameworks. In addition

  11. Regional cooperation to reduce the safety and security risks of Orphan radioactive sources

    International Nuclear Information System (INIS)

    Howard, Geoffrey; Hacker, Celia; Murray, Allan; Romallosa, Kristine; Caseria, Estrella; Africa del Castillo, Lorena

    2008-01-01

    ANSTO's Regional Security of Radioactive Sources (RSRS) Project, in cooperation with the Philippine Nuclear Research Institute (PNRI), has initiated a program to reduce the safety and security risks of orphan radioactive sources in the Philippines. Collaborative work commenced in February 2006 during the Regional Orphan Source Search and Methods Workshop, co-hosted by ANSTO and the US National Nuclear Security Administration. Further professional development activities have occurred following requests by PNRI to ANSTO to support improvements in PNRI's capability and training programs to use a range of radiation survey equipment and on the planning and methods for conducting orphan source searches. The activities, methods and outcomes of the PNRI-ANSTO cooperative program are described, including: i.) Delivering a training workshop which incorporates use of source search and nuclide identification equipment and search methodology; and train-the-trainer techniques for effective development and delivery of custom designed training in the Philippines; ii.) Support and peer review of course work on Orphan Source Search Equipment and Methodology developed by PNRI Fellows; iii.) Supporting the delivery of the inaugural National Training Workshop on Orphan Source Search hosted by PNRI in the Philippines; iv.) Partnering in searching for orphan sources in Luzon, Philippines, in May 2007. The methods employed during these international cooperation activities are establishing a new model of regional engagement that emphasises sustainability of outcomes for safety and security of radioactive sources. (author)

  12. Development of information security and vulnerability risk management system for J-PARC

    International Nuclear Information System (INIS)

    Ishikawa, Hiroyuki; Tate, Akihiro; Murakami, Tadashi

    2012-02-01

    In J-PARC (Japan Proton Accelerator Research Complex) we have set up intra-network (internal network, we will abbreviate it as JLAN, below) to support research activity and communication among users. In JLAN, we set up various kinds of security devices to keep JLAN secure. However, the servers which provide information or service to public are still in danger of being accessed illegally. If there is an illegal access, that may cause defacement of data or information leak. Furthermore, the victim servers are manipulated by the malicious attackers, and they themselves attack the external information equipments. Vulnerability of servers enables unauthorized access. So, vulnerability test with use of a vulnerability tool is one of the most effective ways to take measures for vulnerability of the equipments. However, it is not enough to just conduct a vulnerability test. It is also essential for information security to take measures to cover constantly for the vulnerability of servers. We focused on the points above, and developed the vulnerability testing system for security. It is not only a testing tool for the vulnerability of servers, but also management system which enables the server administrators in charge of taking measures for vulnerabilities to manage risks and handles PDCA (Plan-Do-Check-Action) cycles as countermeasure for vulnerability. In this paper, we report the technologies and ingenuities for the development of the above system. (author)

  13. SECTOR-SPECIFIC STRUCTURE OF THE REGIONAL ECONOMY AS A FACTOR OF ELEVATION OF RISKS TO ITS ECONOMIC SECURITY

    Directory of Open Access Journals (Sweden)

    Rostislav BILYK

    2016-07-01

    Full Text Available The article analyzes a sector-specific specialization of the regional economy in Ukraine. It also reveals possibility and conditions of transformation of a sector-specific specialization of the region and risks to its economic security. The article suggests an assessment of influence of a sector-specific specialization on occurrence of threats to the economic security of the region.

  14. Use of risk assessment methods for security design and analysis of nuclear and radioactive facilities

    International Nuclear Information System (INIS)

    Vasconcelos, Vanderley de; Andrade, Marcos C.; Jordao, Elizabete

    2011-01-01

    The objective of this work is to evaluate the applicability of risk assessment methods for analyzing the physical protection of nuclear and radioactive facilities. One of the important processes for physical protection in nuclear and radioactive facilities is the identifying of areas containing nuclear materials, structures, systems or components to be protected from sabotage, which could directly or indirectly lead to unacceptable radiological consequences. A survey of the international guidelines and recommendations about vital area identification, design basis threat (DBT), and the security of nuclear and radioactive facilities was carried out. The traditional methods used for quantitative risk assessment, like FMEA (Failure Mode and Effect Analysis), Event and Decision Trees, Fault and Success Trees, Vulnerability Assessment, Monte Carlo Simulation, Probabilistic Safety Assessment, Scenario Analysis, and Game Theory, among others, are highlighted. The applicability of such techniques to security issues, their pros and cons, the general resources needed to implement them, as data or support software, are analyzed. Finally, an approach to security design and analysis, beginning with a qualitative and preliminary examination to determine the range of possible scenarios, outcomes, and the systems to be included in the analyses, and proceeding to a progressively use of more quantitative techniques is presented. (author)

  15. Failing States as Epidemiologic Risk Zones: Implications for Global Health Security.

    Science.gov (United States)

    Hirschfeld, Katherine

    Failed states commonly experience health and mortality crises that include outbreaks of infectious disease, violent conflict, reductions in life expectancy, and increased infant and maternal mortality. This article draws from recent research in political science, security studies, and international relations to explore how the process of state failure generates health declines and outbreaks of infectious disease. The key innovation of this model is a revised definition of "the state" as a geographically dynamic rather than static political space. This makes it easier to understand how phases of territorial contraction, collapse, and regeneration interrupt public health programs, destabilize the natural environment, reduce human security, and increase risks of epidemic infectious disease and other humanitarian crises. Better understanding of these dynamics will help international health agencies predict and prepare for future health and mortality crises created by failing states.

  16. Controls Mitigating the Risk of Confidential Information Disclosure by Facebook: Essential Concern in Auditing Information Security

    Directory of Open Access Journals (Sweden)

    Ivan Ognyanov Kuyumdzhiev

    2014-08-01

    Full Text Available Facebook allows people to easily share information about themselves which in some cases could be classified as confidential or sensitive in the organisation they’re working for. In this paper we discuss the type of data stored by Facebook and the scope of the terms “confidential” and “sensitive data”. The intersection of these areas shows that there is high possibility for confidential data disclosure in organisations with none or ineffective security policy. This paper proposes a strategy for managing the risks of information leakage. We define five levels of controls against posting non-public data on Facebook - security policy, applications installed on employees’ workstations, specific router software or firmware, software in the cloud, Facebook itself. Advantages and disadvantages of every level are evaluated. As a result we propose developing of new control integrated in the social media.

  17. Federal securities law and the need to disclose the risk of canceling nuclear plant

    International Nuclear Information System (INIS)

    Sponseller, D.

    1984-01-01

    Almost every electric utility company involved in nuclear plant construction has experienced difficulty as a result of the deteriorating condition of the nuclear industry as a whole. The thrust of a growing number of lawsuits brought against electric companies for alleged violations of federal securities laws is that the companies failed to reveal cost overruns, delays, and the risk of cancellation and write-off of nuclear plants in their annual reports and registration statements. A review of several suits and the disclosure requirements of securities statutes concludes that, although investors have known about utility problems, they have just become aware this year that the entire financial viability of the electric companies is threatened

  18. Threats and risks to information security: a practical analysis of free access wireless networks

    Science.gov (United States)

    Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

    2017-08-01

    Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

  19. Information security governance: a risk assessment approach to health information systems protection.

    Science.gov (United States)

    Williams, Patricia A H

    2013-01-01

    It is no small task to manage the protection of healthcare data and healthcare information systems. In an environment that is demanding adaptation to change for all information collection, storage and retrieval systems, including those for of e-health and information systems, it is imperative that good information security governance is in place. This includes understanding and meeting legislative and regulatory requirements. This chapter provides three models to educate and guide organisations in this complex area, and to simplify the process of information security governance and ensure appropriate and effective measures are put in place. The approach is risk based, adapted and contextualized for healthcare. In addition, specific considerations of the impact of cloud services, secondary use of data, big data and mobile health are discussed.

  20. Evaluation of Cyber Security and Modelling of Risk Propagation with Petri Nets

    Directory of Open Access Journals (Sweden)

    Marcin Szpyrka

    2017-02-01

    Full Text Available This article presents a new method of risk propagation among associated elements. On thebasis of coloured Petri nets, a new class called propagation nets is defined. This class providesa formal model of a risk propagation. The proposed method allows for model relations betweennodes forming the network structure. Additionally, it takes into account the bidirectional relationsbetween components as well as relations between isomorphic, symmetrical components in variousbranches of the network. This method is agnostic in terms of use in various systems and it canbe adapted to the propagation model of any systems’ characteristics; however, it is intentionallyproposed to assess the risk of critical infrastructures. In this paper, as a proof of concept example, weshow the formal model of risk propagation proposed within the project Cyberspace Security ThreatsEvaluation System of the Republic of Poland. In the article, the idea of the method is presented aswell as its use case for evaluation of risk for cyber threats. With the adaptation of Petri nets, it ispossible to evaluate the risk for the particular node and assess the impact of this risk for all relatednodes including hierarchic relations of components as well as isomorphism of elements.

  1. A Cyber Security Risk Assessment Procedure for Digital I and C Systems in NPPs

    International Nuclear Information System (INIS)

    Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y.

    2011-01-01

    Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper

  2. A Cyber Security Risk Assessment Procedure for Digital I and C Systems in NPPs

    Energy Technology Data Exchange (ETDEWEB)

    Song, J. G.; Lee, J. W.; Lee, C. K.; Kwon, K. C.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-10-15

    Digital Instrumentation and Control (I and C) systems in nuclear power plants (NPPs) use general digital technologies similar to those used in IT systems. However, one of significant differences between the two systems resides in the duration of their service life. The I and C systems in NPPs operate for more than 20 years. IT systems, on the other hand, are in service for about 3 to 5 years. Hence, a one-time risk assessment for IT systems is normally acceptable. In contrast, the risk assessment for the I and C systems in NPPs should be recursively performed during their longer operation life. A recursive procedure for cyber security risk assessment of the I and C systems in NPPs is studied and proposed in this paper

  3. Security negotiation

    OpenAIRE

    Mitrović, Miroslav M.; Ivaniš, Željko

    2013-01-01

    Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...

  4. The Risks of Strategic Decisions in the Sphere of Financial and Economic Security of Public-Private Partnership

    Directory of Open Access Journals (Sweden)

    Solodovnik Olesia O.

    2017-06-01

    Full Text Available The article is aimed at studying and substantiating the theoretical and methodological aspects of development, analysis and assessment of strategic decisions in the sphere of financial and economic security of public-private partnership (PPP in the context of the risks of their implementation. A study on the essence and characteristics of strategic decisions in the sphere of financial and economic security of PPP has led to the conclusion that each such decision should be considered and assessed in the context of the risks of its implementation, and the risk theory could be seen as the scientific basis for defining strategic alternatives and developing a criteria base for assessing them. The article proposes a list and systematization of the PPP risks that allow to: itemize the risks to the external and internal environment of PPP and to identify the prerequisites and sources of threats to the financial and economic interests of parties to the partnership; analyze and evaluate the strategic alternatives for risk distribution among partners in the context of implications for financial and economic security of PPP; determine the risks of achieving the objectives of the strategy for financial and economic security of PPP and to evaluate alternative strategies in terms of partners; account the potential occurrence and development of systemic risks and threats to the financial and economic security of PPP, as well as the use of complementary protective mechanisms; evaluate the results of a strategy to protect the financial and economic interests of parties to the PPP.

  5. Thin film CdTe based neutron detectors with high thermal neutron efficiency and gamma rejection for security applications

    Energy Technology Data Exchange (ETDEWEB)

    Smith, L.; Murphy, J.W. [Materials Science and Engineering, University of Texas at Dallas, Richardson, TX 75080 (United States); Kim, J. [Korean Research Institute of Standards and Science, Daejeon 305-600 (Korea, Republic of); Rozhdestvenskyy, S.; Mejia, I. [Materials Science and Engineering, University of Texas at Dallas, Richardson, TX 75080 (United States); Park, H. [Korean Research Institute of Standards and Science, Daejeon 305-600 (Korea, Republic of); Allee, D.R. [Flexible Display Center, Arizona State University, Phoenix, AZ 85284 (United States); Quevedo-Lopez, M. [Materials Science and Engineering, University of Texas at Dallas, Richardson, TX 75080 (United States); Gnade, B., E-mail: beg031000@utdallas.edu [Materials Science and Engineering, University of Texas at Dallas, Richardson, TX 75080 (United States)

    2016-12-01

    Solid-state neutron detectors offer an alternative to {sup 3}He based detectors, but suffer from limited neutron efficiencies that make their use in security applications impractical. Solid-state neutron detectors based on single crystal silicon also have relatively high gamma-ray efficiencies that lead to false positives. Thin film polycrystalline CdTe based detectors require less complex processing with significantly lower gamma-ray efficiencies. Advanced geometries can also be implemented to achieve high thermal neutron efficiencies competitive with silicon based technology. This study evaluates these strategies by simulation and experimentation and demonstrates an approach to achieve >10% intrinsic efficiency with <10{sup −6} gamma-ray efficiency.

  6. A cyber security risk assessment for the design of I and C system in nuclear power plants

    International Nuclear Information System (INIS)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young

    2012-01-01

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  7. A cyber security risk assessment for the design of I and C system in nuclear power plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Jae Gu; Lee, Jung Woon; Lee, Cheal Kwon; Kwon, Kee Choon; Lee, Dong Young [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2012-12-15

    The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the life cycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

  8. Execution of a self-directed risk assessment methodology to address HIPAA data security requirements

    Science.gov (United States)

    Coleman, Johnathan

    2003-05-01

    This paper analyzes the method and training of a self directed risk assessment methodology entitled OCTAVE (Operationally Critical Threat Asset and Vulnerability Evaluation) at over 170 DOD medical treatment facilities. It focuses specifically on how OCTAVE built interdisciplinary, inter-hierarchical consensus and enhanced local capabilities to perform Health Information Assurance. The Risk Assessment Methodology was developed by the Software Engineering Institute at Carnegie Mellon University as part of the Defense Health Information Assurance Program (DHIAP). The basis for its success is the combination of analysis of organizational practices and technological vulnerabilities. Together, these areas address the core implications behind the HIPAA Security Rule and can be used to develop Organizational Protection Strategies and Technological Mitigation Plans. A key component of OCTAVE is the inter-disciplinary composition of the analysis team (Patient Administration, IT staff and Clinician). It is this unique composition of analysis team members, along with organizational and technical analysis of business practices, assets and threats, which enables facilities to create sound and effective security policies. The Risk Assessment is conducted in-house, and therefore the process, results and knowledge remain within the organization, helping to build consensus in an environment of differing organizational and disciplinary perspectives on Health Information Assurance.

  9. 6 CFR 27.205 - Determination that a chemical facility “presents a high level of security risk.”

    Science.gov (United States)

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Determination that a chemical facility âpresents... SECURITY, OFFICE OF THE SECRETARY CHEMICAL FACILITY ANTI-TERRORISM STANDARDS Chemical Facility Security Program § 27.205 Determination that a chemical facility “presents a high level of security risk.” (a...

  10. Assessment of inhalation risk due to radioactivity released from coal-based thermal power plant

    International Nuclear Information System (INIS)

    Sahu, S.K.; Pandit, G.G.; Shukla, V.K.; Puranik, V.D.; Kushwaha, H.S.

    2006-01-01

    In India, the coal based thermal power plants have been the major source of power generation in the past and would continue for decades to come. As the coal contains naturally occurring primordial radionuclides the burning of pulverized coal to produce energy for generation of electricity in thermal power plants will result in the emission of a variety of natural radioactive elements into the environment in the vicinity of thermal power plants. In this paper we have used two different methods for characterization of uncertainty in inhalation risk to the general public around 10 Kms radius in the neighborhood of a coal-fired thermal power plant. (author)

  11. Investigation into the risk perceptions of investors in the securities of nuclear-dependent electric utilities

    International Nuclear Information System (INIS)

    Spudeck, R.E.

    1983-01-01

    Two weeks prior to the Three Mile Island accident, March 15, 1979, the Nuclear Regulatory Commission ordered five operating nuclear plants shut down in order to reexamine safety standards in these plants. Reports in the popular and trade press during this time suggested that these events, particularly the accident at Three Mile Island, caused investors in the securities of electric utilities that had nuclear-generation facilities to revise their risk perceptions. This study was designed to examine the impact of both the Nuclear Regulatory Commission order and the accident at Three Mile Island on investor risk perceptions. Selected categories of electric utilities were chosen to examine any differential risk effects resulting from these events. An asset pricing model devoid of many of the restrictive assumptions of more familiar models was used to model investor behavior. The findings suggest that the events described did cause investors to revise upward their perceptions of systematic risk regarding different categories of electric utilities. More specifically, those electric utilities that were operating nuclear plants in 1979 experienced the largest and most sustained increase in systematic risk. However, electric utilities that in 1979 had no operating nuclear plants, but had planned and committed funds for nuclear plants in the future, also experienced increases in systematic risk

  12. Risk in the Clouds?: Security Issues Facing Government Use of Cloud Computing

    Science.gov (United States)

    Wyld, David C.

    Cloud computing is poised to become one of the most important and fundamental shifts in how computing is consumed and used. Forecasts show that government will play a lead role in adopting cloud computing - for data storage, applications, and processing power, as IT executives seek to maximize their returns on limited procurement budgets in these challenging economic times. After an overview of the cloud computing concept, this article explores the security issues facing public sector use of cloud computing and looks to the risk and benefits of shifting to cloud-based models. It concludes with an analysis of the challenges that lie ahead for government use of cloud resources.

  13. Scenario-based approach to risk analysis in support of cyber security

    Energy Technology Data Exchange (ETDEWEB)

    Gertman, D. I.; Folkers, R.; Roberts, J. [Idaho National Laboratory, Roberts and Folkers Associates, LLC, Idaho Falls, ID 83404 (United States)

    2006-07-01

    The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward

  14. Scenario-based approach to risk analysis in support of cyber security

    International Nuclear Information System (INIS)

    Gertman, D. I.; Folkers, R.; Roberts, J.

    2006-01-01

    The US infrastructure is continually challenged by hostile nation states and others who would do us harm. Cyber vulnerabilities and weaknesses are potential targets and are the result of years of construction and technological improvement in a world less concerned with security than is currently the case. As a result, cyber attack presents a class of challenges for which we are just beginning to prepare. What has been done in the nuclear, chemical and energy sectors as a means of anticipating and preparing for randomly occurring accidents and off-normal events is to develop scenarios as a means by which to prioritize and quantify risk and to take action. However, the number of scenarios risk analysts can develop is almost limitless. How do we ascertain which scenario has the greatest merit? One of the more important contributions of probabilistic risk analysis (PRA) has been to quantify the initiating event probability associated with various classes of accidents; and to quantify the occurrence of various conditions, i.e., end-states, as a function of these important accident sequences. Typically, various classes of conditions are represented by scenarios and are quantified in terms of cut sets and binned into end states. For example, the nuclear industry has a well-defined set of initiating events that are studied in assessing risk. The maturation of risk analysis for cyber security from accounting for barriers or looking at conditions statically to one of ascertaining the probability associated with certain events is, in part, dependent upon the adoption of a scenario-based approach. For example, scenarios take into account threats to personnel and public safety; economic damage, and compromises to major operational and safety functions. Scenarios reflect system, equipment, and component configurations as well as key human-system interactions related to event detection, diagnosis, mitigation and restoration of systems. As part of a cyber attack directed toward

  15. A global assessment of wildfire risks to human and environmental water security

    Science.gov (United States)

    Robinne, François-Nicolas; Parisien, Marc-André; Flannigan, Mike; Miller, Carol; Bladon, Kevin D.

    2017-04-01

    Extreme wildfire events extensively affect hydrosystem stability and generate an important threat to the reliability of the water supply for human and natural communities. While actively studied at the watershed scale, the development of a global vision of wildfire risk to water security has only been undertaken recently, pointing at potential water security concerns in an era of global changes. In order to address this concern, we propose a global-scale analysis of the wildfire risk to surface water supplies based on the Driving forces-Pressures-States-Impacts-Responses (DPSIR) framework. This framework relies on the cause-and-effect relationships existing between the five categories of the DPSIR chain. Based on the literature, we gathered an extensive set of spatial indicators relevant to fire-induced hydrological hazards and water consumption patterns by human and natural communities. Each indicator was assigned a DPSIR category. Then, we collapsed the information in each category using a principal component analysis in order to extract the most relevant pixel-based information provided by each spatial indicator. Finally, we compiled our five categories using an additive indexation process to produce a spatially-explicit index of the wildfire-water risk (WWR). For comparison purposes, we aggregated index scores by global hydrological regions, or hydrobelts, for analysis. Overall, our results show a distinct pattern of medium-to-high risk levels in areas where sizeable wildfire activity, water resources, and water consumption are concomitant, which mainly encompasses temperate and sub-tropical zones. A closer look at hydrobelts reveals differences in the factors driving the risk, with fire activity being the primary factor of risk in the circumboreal forest, and freshwater resource density being prevalent in tropical areas. We also identified major urban areas across the world whose source waters should be protected from extreme fire events, particularly when

  16. Risk management methodology applied at thermal power plant

    International Nuclear Information System (INIS)

    Coppolino, R.

    2007-01-01

    Nowadays, the responsibility of the environmental risks, connected the productive processes and to the products of an enterprise, represent one of the main aspects which an adequate management approach has to foresee. In this paper it has been evaluated the guidelines followed by Edipower Thermoelectric Power plant of S. Filippo di Mela (ME). These guidelines were given in order to manage the chemical risk connected to the usage of various chemicals with which the workers get in touch when identifying the risks of the methodology introduced by the AZ/NZS 4360:2004 Risk Management Standard

  17. Addressing 2030 EU policy framework for energy and climate: Cost, risk and energy security issues

    International Nuclear Information System (INIS)

    Llano-Paz, Fernando de; Martínez Fernandez, Paulino; Soares, Isabel

    2016-01-01

    The different energy sources, their costs and impacts on the environment determine the electricity production process. Energy planning must solve the existence of uncertainty through the diversification of power generation technologies portfolio. The European Union energy and environmental policy has been mainly based on promoting the security of supply, efficiency, energy savings and the promotion of Renewable Energy Sources. The recent European Commission communication “Towards an European Energy Union: A secure, sustainable, competitive and affordable energy for every European” establishes the path for the European future. This study deals with the analysis of the latest EU “Energy Union” goals through the application of Markowitz portfolio theory considering technological real assets. The EU targets are assessed under a double perspective: economic and environmental. The model concludes that implementing a high share of Renewable Energy target in the design of European Policies is not relevant: the maximization of Renewable Energy share could be achieved considering a sole Low Emissions of carbon dioxide policy. Additionally it is confirmed the need of Nuclear energy in 2030: a zero nuclear energy share in 2030 European Mix is not possible, unless the technological limits participation for Renewable Energy Sources were increased. - Highlights: • Implementing a high RES share target in European Policies could not be relevant. • Maximizing RES share could be achieved considering a sole Low Emissions policy. • The EU 2030 Nuclear energy 50% shutting down could be feasible. • Minimizing risk portfolio presents high diversification and energy security levels.

  18. Fish farming as an innovative strategy for promoting food security in drought risk regions of Zimbabwe

    Directory of Open Access Journals (Sweden)

    Elvin Shava

    2017-11-01

    Full Text Available This article examines the implementation of fish farming as an innovative and economic strategy for promoting food security and dietary diversities among vulnerable households in drought risk areas of Zimbabwe. The declining climatic conditions and lack of economic opportunities in Mwenezi district of Zimbabwe attracted the attention of three nongovernmental organisations (NGOs to implement fish farming as an innovative mechanism to stimulate food security and generate employment in the district. The article used a qualitative research approach that includes semi-structured interviews and secondary data. The purposive sampling technique was adopted to interview participants in Mwenezi district who were involved in fish farming to assess and explore the experiences and benefits they derive from such development projects. Results for the article revealed that fish farming was well embraced by local communities as it led to improvements in food security, household income and employment regeneration. The local government including traditional leadership (Chiefs and Headmen’s supported the NGO activities as they benefited local communities. The article concludes that although fish farming was instrumental in regenerating employment, some participants still fail to participate because of laziness and desire to maintain dependency syndrome. The article recommends the NGOs to launch awareness campaigns in rural communities and increase networking with the donor community which is fundamental in attracting sustainable funding. The government can also promote fish farming in vulnerable rural communities by providing funding and capacity building programmes.

  19. Reve{a,i}ling the risks: a phenomenology of information security

    NARCIS (Netherlands)

    Pieters, Wolter

    2010-01-01

    In information security research, perceived security usually has a negative meaning, when it is used in contrast to actual security. From a phenomenological perspective, however, perceived security is all we have. This paper develops a phenomenological account of information security, in which a

  20. Reve{a,i}ling the risks: a phenomenology of information security

    NARCIS (Netherlands)

    Pieters, Wolter

    2009-01-01

    In information security research, perceived security usually has a negative meaning, when it is used in contrast to actual security. From a phenomenological perspective, however, perceived security is all we have. In this paper, we develop a phenomenological account of information security, where we

  1. Communicating Uncertainty about Climate Change for Application to Security Risk Management

    Science.gov (United States)

    Gulledge, J. M.

    2011-12-01

    The science of climate change has convincingly demonstrated that human activities, including the release of greenhouse gases, land-surface changes, particle emissions, and redistribution of water, are changing global and regional climates. Consequently, key institutions are now concerned about the potential social impacts of climate change. For example, the 2010 Quadrennial Defense Review Report from the U.S. Department of Defense states that "climate change, energy security, and economic stability are inextricably linked." Meanwhile, insured losses from climate and weather-related natural disasters have risen dramatically over the past thirty years. Although these losses stem largely from socioeconomic trends, insurers are concerned that climate change could exacerbate this trend and render certain types of climate risk non-diversifiable. Meanwhile, the climate science community-broadly defined as physical, biological, and social scientists focused on some aspect of climate change-remains largely focused scholarly activities that are valued in the academy but not especially useful to decision makers. On the other hand, climate scientists who engage in policy discussions have generally permitted vested interests who support or oppose climate policies to frame the discussion of climate science within the policy arena. Such discussions focus on whether scientific uncertainties are sufficiently resolved to justify policy and the vested interests overstate or understate key uncertainties to support their own agendas. Consequently, the scientific community has become absorbed defending scientific findings to the near exclusion of developing novel tools to aid in risk-based decision-making. For example, the Intergovernmental Panel on Climate Change (IPCC), established expressly for the purpose of informing governments, has largely been engaged in attempts to reduce unavoidable uncertainties rather than helping the world's governments define a science-based risk

  2. [Protocols of health security in the light of some examples of risk management].

    Science.gov (United States)

    Postel-Vinay, Nicolas; Coquin, Yves

    2005-11-30

    Throughout medical training, medical risk management is a subject that has been insufficiently addressed and treated without a global vision. Yet the different dangers often make the front page of a media that addresses the question of health security when there is a failure of the system or new legal developments. Added to this disequilibrium of communication and training is the great complexity of risk management. Not only is the nature of the potentially dangerous agents extraordinarily varied but also the entity that detects the risk is sometimes a stranger to the causes of its appearance. The surrounding regulations are themselves complex and dense. Using the examples that have arisen over the last 2 or 3 years, this article describes the current French protocols in risk management, that rely upon the agencies delivering their expertise, certain of which are endowed with the power of policing these regulations. In practice, the doctor should understand the role of these agencies, know how to find the validated information that they can provide, and understand his role in this picture. A role that is perceived as far away as long as the risk has not emerged, but is in the forefront once the event arises.

  3. Risk Assessment Generated by Usage of ICT and Information Security Measures

    Directory of Open Access Journals (Sweden)

    Ilie TAMAS

    2006-01-01

    Full Text Available Information societies involve the usage of information technology and communications (ITC on a large scale. The dependence on ITC is an unquestionable problem in the present, because we assist to a generality of computers usage in all economic and social life activities. That is why organization information systems became accessible at the global level and there are permanently open for a quick exchange of information between different categories of users located by different geographical nods. The ITC usage involves the existing of some risks that should be known, evaluation and based on these, we must have information systems security measure. We consider that the risk is an indicator very important that must be permanently assess in the usage process of the information system based on ITC. Risk management suppose a permanently evaluation of these problems and also restrain by some practical actions who goes to the decrease of its effects. From the expose point of view, in this paper work it is presented the results of research based on specialty literature and current cases from practical activities, regarding the risks of ITC usage and their diminishing measure. There are distinguished the main factors (threat, vulnerability and impact who affect the information risk and on the other way, diminishing measure of the action to these factors for optimum working of an economic and social organism who use ITC. We consider that through proposed measures we assume safety in design process, implement and usage of the informational systems based on ITC.

  4. Scenario-neutral Food Security Risk Assessment: A livestock Heat Stress Case Study

    Science.gov (United States)

    Broman, D.; Rajagopalan, B.; Hopson, T. M.

    2015-12-01

    Food security risk assessments can provide decision-makers with actionable information to identify critical system limitations, and alternatives to mitigate the impacts of future conditions. The majority of current risk assessments have been scenario-led and results are limited by the scenarios - selected future states of the world's climate system and socioeconomic factors. A generic scenario-neutral framework for food security risk assessments is presented here that uses plausible states of the world without initially assigning likelihoods. Measures of system vulnerabilities are identified and system risk is assessed for these states. This framework has benefited greatly by research in the water and natural resource fields to adapt their planning to provide better risk assessments. To illustrate the utility of this framework we develop a case study using livestock heat stress risk within the pastoral system of West Africa. Heat stress can have a major impact not only on livestock owners, but on the greater food production system, decreasing livestock growth, milk production, and reproduction, and in severe cases, death. A heat stress index calculated from daily weather is used as a vulnerability measure and is computed from historic daily weather data at several locations in the study region. To generate plausible states, a stochastic weather generator is developed to generate synthetic weather sequences at each location, consistent with the seasonal climate. A spatial model of monthly and seasonal heat stress provide projections of current and future livestock heat stress measures across the study region, and can incorporate in seasonal climate and other external covariates. These models, when linked with empirical thresholds of heat stress risk for specific breeds offer decision-makers with actionable information for use in near-term warning systems as well as for future planning. Future assessment can indicate under which states livestock are at greatest risk

  5. Cyber-security: industrials must stop denying the risk of cyber-attacks

    International Nuclear Information System (INIS)

    Hausermann, L.

    2015-01-01

    The risk of cyber-attacks of industrial sites is real. Recently the Anvers port and the Bakou-Tbilissi-Ceyhan pipeline have been attacked. In both cases hackers succeeded: they were able to track sea containers in which drug was concealed and recover it in the Anvers port and in the case of the pipeline the hackers took control of the control system and were able to trigger a huge explosion by shunning security systems and allowing damaging pressure surges. The massive use of digital systems and of automated systems in various industrial sectors has led to huge network of inter-connected smart devices whose purpose is not to process data but to monitor and control. All these devices and equipment are controlled by software whose weaknesses and fault lines multiply the risk of cyber-attacks even for 'closed' networks. While the total hacking of a nuclear power plant is highly unlikely, real threats exist and must be taken into account. Innovative solutions based on the mapping of the fluxes of the system and combined with an inventory of all its weaknesses may pave the way towards cyber-security. (A.C.)

  6. A Review and Comparative Analysis of Security Risks and Safety Measures of Mobile Health Apps

    Directory of Open Access Journals (Sweden)

    Karen Scott

    2015-11-01

    Full Text Available In line with a patient-centred model of healthcare, Mobile Health applications (mhealth apps provide convenient and equitable access to health and well-being resources and programs that can enable consumers to monitor their health related problems, understand specific medical conditions and attain personal fitness goals. This increase in access and control comes with an increase in risk and responsibility to identify and manage the associated risks, such as the privacy and security of consumers’ personal and health information. Based on a review of the literature, this paper identifies a set of risk and safety features for evaluating mHealth apps and uses those features to conduct a comparative analysis of the 20 most popular mHealth apps. The comparative analysis reveals that current mHealth apps do pose a risk to consumers. To address the safety and privacy concerns, recommendations to consumers and app developers are offered together with consideration of mHealth app future trends.

  7. Multi-objective hybrid PSO-APO algorithm based security constrained optimal power flow with wind and thermal generators

    Directory of Open Access Journals (Sweden)

    Kiran Teeparthi

    2017-04-01

    Full Text Available In this paper, a new low level with teamwork heterogeneous hybrid particle swarm optimization and artificial physics optimization (HPSO-APO algorithm is proposed to solve the multi-objective security constrained optimal power flow (MO-SCOPF problem. Being engaged with the environmental and total production cost concerns, wind energy is highly penetrating to the main grid. The total production cost, active power losses and security index are considered as the objective functions. These are simultaneously optimized using the proposed algorithm for base case and contingency cases. Though PSO algorithm exhibits good convergence characteristic, fails to give near optimal solution. On the other hand, the APO algorithm shows the capability of improving diversity in search space and also to reach a near global optimum point, whereas, APO is prone to premature convergence. The proposed hybrid HPSO-APO algorithm combines both individual algorithm strengths, to get balance between global and local search capability. The APO algorithm is improving diversity in the search space of the PSO algorithm. The hybrid optimization algorithm is employed to alleviate the line overloads by generator rescheduling during contingencies. The standard IEEE 30-bus and Indian 75-bus practical test systems are considered to evaluate the robustness of the proposed method. The simulation results reveal that the proposed HPSO-APO method is more efficient and robust than the standard PSO and APO methods in terms of getting diverse Pareto optimal solutions. Hence, the proposed hybrid method can be used for the large interconnected power system to solve MO-SCOPF problem with integration of wind and thermal generators.

  8. Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

    Directory of Open Access Journals (Sweden)

    Audrey Guinchard

    2011-01-01

    Full Text Available Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war.

  9. THE FOOD RUSH. A SECURITY RISK AND A CAUSE FOR INTERNATIONAL INTERVENTION

    Directory of Open Access Journals (Sweden)

    Liliana FILIP

    2017-04-01

    Full Text Available Access to food is more than ever a question of interest. The world needs to produce at least 50% more food to feed 9 billion people by 2050. The land, biodiversity, oceans, forests, and other forms of natural capital are being depleted at unprecedented rates. Unless we change how we grow our food and manage our natural capital, food security – especially for the world’s poorest – will be at risk. In this context we expect that the struggle for food to generate migration, conflicts and, why not, international intervention defined by the new Copenhagen School of Security Studies paradigm. Since March 2008 governments, UN agencies and many social movements have adopted positions on the causes of the food crisis and the means to address it. Unfortunately, while these parties are trying to coordinate their activities and suggest new approaches, the old recipes for producing more food are often brought up. Contradictory proposals are made and the thought given to the causes underlying hunger and the food crisis (social, economic and political discrimination and exclusion has gone largely unheeded. The first Millennium Development Goal, which called for cutting the percentage of hungry people by half by 2015, is clearly out of reach. But the food crisis might lead to a new world food order.

  10. Probabilistic inhalation risk assessment due to radioactivity released from coal fired thermal power plants

    International Nuclear Information System (INIS)

    Tiwari, M.; Ajmal, P.Y.; Bhangare, R.C.; Sahu, S.K.; Pandit, G.G.

    2014-01-01

    This paper deals with assessment of radiological risk to the general public around in the neighborhood of a 1000 MWe coal-based thermal power plant. We have used Monte Carlo simulation for characterization of uncertainty in inhalation risk due to radionuclide escaping from the stack of thermal power plant. Monte Carlo simulation treats parameters as random variables bound to a given probabilistic distribution to evaluate the distribution of the resulting output. Risk assessment is the process that estimates the likelihood of occurrence of adverse effects to humans and ecological receptors as a result of exposure to hazardous chemical, radiation, and/or biological agents. Quantitative risk characterization involves evaluating exposure estimates against a benchmark of toxicity, such as a cancer slope factor. Risk is calculated by multiplying the carcinogenic slope factor (SF) of the radionuclide by the dose an individual receives. The collective effective doses to the population living in the neighborhood of coal-based thermal power plant were calculated using Gaussian plume dispersion model. Monte Carlo Analysis is the most widely used probabilistic method in risk assessment. The MCA technique treats any uncertain parameter as random variable that obeys a given probabilistic distribution. This technique is widely used for analyzing probabilistic uncertainty. In MCA computer simulation are used to combine multiple probability distributions associated with the dose and SF depicted in risk equation. Thus we get a probabilistic distribution for the risk

  11. Risk Identification in the Early Design Stage Using Thermal Simulations—A Case Study

    Directory of Open Access Journals (Sweden)

    Seyed Masoud Sajjadian

    2018-01-01

    Full Text Available The likely increasing temperature predicted by UK Climate Impacts Program (UKCIP underlines the risk of overheating and potential increase in cooling loads in most of UK dwellings. This could also increase the possibility of failure in building performance evaluation methods and add even more uncertainty to the decision-making process in a low-carbon building design process. This paper uses a 55-unit residential unit project in Cardiff, UK as a case study to evaluate the potential of thermal simulations to identify risk in the early design stage. Overheating, increase in energy loads, carbon emissions, and thermal bridges are considered as potential risks in this study. DesignBuilder (DesignBuilder Software Ltd., Stroud, UK was the dynamic thermal simulation software used in this research. Simulations compare results in the present, 2050, and 2080 time slices and quantifies the overall cooling and heating loads required to keep the operative temperature within the comfort zone. Overall carbon emissions are also calculated and a considerable reduction in the future is predicted. Further analysis was taken by THERM (Lawrence Berkeley National Laboratory, Berkeley, CA, USA and Psi THERM (Passivate, London, UK to evaluate the thermal bridge risk in most common junctions of the case study and the results reveal the potential of thermal assessment methods to improve design details before the start of construction stage.

  12. Satellite Data and Machine Learning for Weather Risk Management and Food Security.

    Science.gov (United States)

    Biffis, Enrico; Chavez, Erik

    2017-08-01

    The increase in frequency and severity of extreme weather events poses challenges for the agricultural sector in developing economies and for food security globally. In this article, we demonstrate how machine learning can be used to mine satellite data and identify pixel-level optimal weather indices that can be used to inform the design of risk transfers and the quantification of the benefits of resilient production technology adoption. We implement the model to study maize production in Mozambique, and show how the approach can be used to produce countrywide risk profiles resulting from the aggregation of local, heterogeneous exposures to rainfall precipitation and excess temperature. We then develop a framework to quantify the economic gains from technology adoption by using insurance costs as the relevant metric, where insurance is broadly understood as the transfer of weather-driven crop losses to a dedicated facility. We consider the case of irrigation in detail, estimating a reduction in insurance costs of at least 30%, which is robust to different configurations of the model. The approach offers a robust framework to understand the costs versus benefits of investment in irrigation infrastructure, but could clearly be used to explore in detail the benefits of more advanced input packages, allowing, for example, for different crop varieties, sowing dates, or fertilizers. © 2017 Society for Risk Analysis.

  13. Data Security Risk Estimation for Information-Telecommunication Systems on the basis of Cloud Computing

    Directory of Open Access Journals (Sweden)

    Anatoly Valeryevich Tsaregorodtsev

    2014-02-01

    Full Text Available Cloud computing will be one of the most common IT technologies to deploy applications, due to its key features: on-demand network access to a shared pool of configurable computing resources, flexibility and good quality/price ratio. Migrating to cloud architecture enables organizations to reduce the overall cost of implementing and maintaining the infrastructure and reduce development time for new business applications. There are many factors that influence the information security environment of cloud, as its multitenant architecture brings new and more complex problems and vulnerabilities. And the approach to risk estimation used in making decisions about the migration of critical data in the cloud infrastructure of the organization are proposed in the paper.

  14. Risk Management in Agriculture for Food Security in Latin America and the Caribbean

    Science.gov (United States)

    Martinez, A.; National Research CouncilScientific; Technological Research (Conicet)

    2013-05-01

    The Americas are extremely important as a unique contributor to Food Security. It provides from tropical to temperate crops. Not only they are able to feed their own population, but contribute significantly to the food supply of the population in developed, emergent and underdeveloped countries. This fact has given the region a unique responsibility to develop a regional risk-management strategy to manage food insecurity at a local, national, regional and global level. Although international agencies such as UN Food and Agriculture Organization (FAO), Instituto Interamericano para la Cooperación en Agricultura (IICA) and the regional centres of the Consultative Group for International Agriculture Research (CGIAR) and the World Bank (WB), are engaged in actions for Risk Management in Agriculture for reducing Food Insecurity. However there is a need to build a framework and/or comprehensive regional strategy for the Americas. It would identify areas for promoting research projects where natural and social science work together for producing relevant scientific information and tools i.e. maps, indicators, models and scenarios, early warning systems, etc. to cooperate with both policy and decision makers in the public and private sectors. This would eventually lead to a comprehensive regional programme for reducing food insecurity. The purpose of International Council for Science-International Research and the International Research for Disaster Risk programme (ICSU-IRDR) and ICSU Regional Office for Latinamerica and the Caribbean (ICSU-ROLAC) is to promote the cooperation of the relevant scientific fields in both natural science and social science in a multi and trans-disciplinary approach on risk management to reduce food insecurity. Also both ICSU-IRDR and ICSU-ROLAC are building a case for the inclusion of the scientific community in the revision of the Hjogo Framework for Action for Disaster Reduction to be held in 2015 as risk management for reducing food

  15. Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

    Science.gov (United States)

    Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

    2013-08-09

    Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality

  16. Security of attachment and quality of mother-toddler social interaction in a high-risk sample.

    Science.gov (United States)

    Haltigan, John D; Lambert, Brittany L; Seifer, Ronald; Ekas, Naomi V; Bauer, Charles R; Messinger, Daniel S

    2012-02-01

    The quality of children's social interactions and their attachment security with a primary caregiver are two widely studied indices of socioemotional functioning in early childhood. Although both Bowlby and Ainsworth suggested that the parent-child interactions underlying the development of attachment security could be distinguished from other aspects of parent-child interaction (e.g., play), relatively little empirical research has examined this proposition. The aim of the current study was to explore this issue by examining concurrent relations between toddler's attachment security in the Strange Situation Procedure and quality of mother-child social interaction in a high-risk sample of toddlers characterized by prenatal cocaine exposure and low levels of maternal education. Analyses of variance suggested limited relations between attachment security and quality of social interaction. Further research examining the interrelations among various components of the parent-child relationship is needed. Copyright © 2011 Elsevier Inc. All rights reserved.

  17. Review of depopulation of the border villages in the context of national security risk

    Directory of Open Access Journals (Sweden)

    Vukmirović Jovanka A.

    2016-01-01

    Full Text Available According to internationally comparable statistical indicators, Serbia is among the countries with the highest development disparities (regional and local, both among Balkan neighbors and European scale. Large differences in development occur during the second half of the last century, a period culminating in the failed socio-economic transition of the millennium. Devastation and depopulation are causal phenomena, the population rapidly leaving impoverished areas and gravitate to the larger centers. Conditionally speaking, the more developed cities continue to develop while poor towns and villages are still poor. Proverb says, 'Whose sheep, that and the mountains. ' Emptying the territory highly correlated with an increase in surface area of agricultural land uncultivated, thus permanently extinguished agriculture as the main activity and main source of income in rural areas. Emptying the territory is the biggest development problem in Serbia, but also represents one of the biggest national security risks. Increasingly, the question whether Serbia will in the future be able to keep the territory in which he remains without population and whether the threshold bezbednostnog risk isšražnjene administration of the territory in the border areas. This paper presents a statistical description of census data in 1971, 1981, 1991, 2002 and 2011 as well as the analysis of demographic trends in border settlements for the considered period. The paper also proposed a set of measures and recommendations for overcoming depopulation, in accordance with available resources and the natural limits of border settlements.

  18. Labor rights of employees of the private security providers in El Salvador, and their relation to psychosocial risk

    Directory of Open Access Journals (Sweden)

    Carlos Alberto Coca Muñoz

    2014-11-01

    Full Text Available This paper draws the attention of the academic community, businessmen, worker associations/unions, and public decision makers to the relation between preventing psychosocial risks for private security workers in El Salvador, and the respect for their worker rights as enshrined in the Constitution of the Republic, the Labor Code, and the General Law for the Prevention of Risk at the Workplace. It addresses the doctrine and legal framework of psychosocial risk, and government responsibility in terms of occupational security and health –specifically, the intervention of work inspections by the Ministry of Labor, and verifying psychosocial risks.DOI: http://dx.doi.org/10.5377/rpsp.v4i1.1557

  19. Stochastic Security and Risk-Constrained Scheduling for an Autonomous Microgrid with Demand Response and Renewable Energy Resources

    DEFF Research Database (Denmark)

    Vahedipour-Dahraie, Mostafa; Rashidizadeh-Kermani, Homa; Najafi, Hamid Reza

    2017-01-01

    is to determine the optimal scheduling with considering risk aversion and system frequency security to maximise the expected profit of operator. To deal with various uncertainties, a riskconstrained two-stage stochastic programming model is proposed where the risk aversion of MG operator is modelled using...... of customers can be effectively applied to balance the demand and supply in electricity networks. This study presents a novel stochastic model from a microgrid (MG) operator perspective for energy and reserve scheduling considering risk management strategy. It is assumed that the MG operator can procure energy...... conditional value at risk method. Extensive numerical results are shown to demonstrate the effectiveness of the proposed framework....

  20. Critical Success Factors for an Effective Security Risk Management Program in an Organization: An Exploratory Case Study

    Science.gov (United States)

    Zafar, Humayun

    2010-01-01

    This study investigates differences in perception between layers of management (executive, middle, and lower) and staff with regard to the influence of critical success factors (CSFs) on security risk management (SRM) effectiveness. This is an in-depth case study conducted at a Fortune 500 company. Rockart's (1979) CSF method is modified through…

  1. Food Security and Cardiovascular Disease Risk Among Adults in the United States: Findings From the National Health and Nutrition Examination Survey, 2003–2008

    Science.gov (United States)

    2013-01-01

    Introduction Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. Methods A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003–2008 was conducted. Four levels of food security status were defined by using 10 questions. Results Among all participants, 83.9% had full food security, 6.7% had marginal food security, 5.8% had low food security, and 3.6% had very low food security. After adjustment, mean hemoglobin A1c was 0.15% greater and mean concentration of C-reactive protein was 0.8 mg/L greater among participants with very low food security than among those with full food security. The adjusted mean concentration of cotinine among participants with very low food security was almost double that of participants with full food security (112.8 vs 62.0 ng/mL, P security status and systolic blood pressure or concentrations of total cholesterol, high-density lipoprotein cholesterol, or non-high-density lipoprotein cholesterol were observed. Participants aged 30 to 59 years with very low food security were more likely to have a predicted 10-year cardiovascular disease risk greater than 20% than fully food secure participants (adjusted prevalence ratio, 2.38; 95% CI, 1.31–4.31). Conclusion Adults aged 30 to 59 years with very low food security showed evidence of increased predicted 10-year cardiovascular disease risk. PMID:24309090

  2. Food security and cardiovascular disease risk among adults in the United States: findings from the National Health and Nutrition Examination Survey, 2003-2008.

    Science.gov (United States)

    Ford, Earl S

    2013-12-05

    Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003-2008 was conducted. Four levels of food security status were defined by using 10 questions. Among all participants, 83.9% had full food security, 6.7% had marginal food security, 5.8% had low food security, and 3.6% had very low food security. After adjustment, mean hemoglobin A1c was 0.15% greater and mean concentration of C-reactive protein was 0.8 mg/L greater among participants with very low food security than among those with full food security. The adjusted mean concentration of cotinine among participants with very low food security was almost double that of participants with full food security (112.8 vs 62.0 ng/mL, P security status and systolic blood pressure or concentrations of total cholesterol, high-density lipoprotein cholesterol, or non-high-density lipoprotein cholesterol were observed. Participants aged 30 to 59 years with very low food security were more likely to have a predicted 10-year cardiovascular disease risk greater than 20% than fully food secure participants (adjusted prevalence ratio, 2.38; 95% CI, 1.31-4.31). Adults aged 30 to 59 years with very low food security showed evidence of increased predicted 10-year cardiovascular disease risk.

  3. Cloud Security and Privacy An Enterprise Perspective on Risks and Compliance

    CERN Document Server

    Mather, Tim; Latif, Shahed

    2009-01-01

    You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure. Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn deta

  4. A risk-based approach to designing effective security force training exercises

    International Nuclear Information System (INIS)

    Bott, T.F.; Eisenhawer, S.W.

    2002-01-01

    The effectiveness of a security force in protecting a nuclear facility is often evaluated using training exercises that pit a group of simulated attackers against a security team. In the situation studied here, a security force was regularly tested by a regulatory body with the responsibility for security oversight. It was observed that the regulators were continually imposing more challenging security scenarios by assigning increasingly sophisticated facility knowledge to the attackers. Not surprisingly, the security forces' assessed effectiveness decreased until eventually they were unable to successfully resist the attacks. Security managers maintained that the knowledge attributed to the attackers was becoming increasingly unrealistic and feared they would be forced to concentrate resources on unrealistic scenarios at the expense of more credible threats.

  5. Uranium and thorium mining and milling: material security and risk assessment

    International Nuclear Information System (INIS)

    Steinhaeusler, F.; Zaitseva, L.

    2005-01-01

    several of the following pre-requisites in order to breach the current level of security at mining and milling facilities: covert political support; covert support by members of the security forces and/or intelligence community; adequate transport capability for bulk shipments or material by rail, road, ship, or air; corruption at the level of government officials, such as export control agencies, customs officers, and border guards. The number of illicit trafficking cases involving uranium and thorium that are known to have occurred shows that the current system of physical protection and accounting is in need of improvement. In order to reduce this risk in the future a series of practically applicable actions are recommended. (author)

  6. Perceptions of the risk of child abduction or loss and the utility of child electronic security devices.

    Science.gov (United States)

    Dixon, R M; Pasnak, R

    1997-09-01

    Perceptions of the susceptibility of young children to becoming lost or being abducted, and of the potential usefulness of child electronic security devices, were examined via a questionnaire. Data were provided by 41 volunteers, most of them from a local government office centre. The questionnaire asked for demographic data, and then for the risk of a child being abducted or lost when under the supervision of different caregivers and in different situations. The probable effectiveness of three common abductor ploys was also addressed. The questionnaire concluded with 10 questions about child electronic security devices. Respondents viewed mothers, fathers, and grandparents as equally responsible caregivers and young adults/babysitters as the least responsible. These effects diminished as the age of the children increased. The garden at home was judged to be the most secure environment for children of all ages, while an amusement park was judged the least secure environment. Children were perceived to be more at risk of an abduction when a stranger asked for physical assistance or to take them to the hospital because their parents were hurt, than when asked for directions. Furthermore, the respondents expressed a moderately strong need for child electronic security devices, and viewed parents who use them as more responsible than those who do not.

  7. Risk factors and visual fatigue of baggage X-ray security screeners: a structural equation modelling analysis.

    Science.gov (United States)

    Yu, Rui-Feng; Yang, Lin-Dong; Wu, Xin

    2017-05-01

    This study identified the risk factors influencing visual fatigue in baggage X-ray security screeners and estimated the strength of correlations between those factors and visual fatigue using structural equation modelling approach. Two hundred and five X-ray security screeners participated in a questionnaire survey. The result showed that satisfaction with the VDT's physical features and the work environment conditions were negatively correlated with the intensity of visual fatigue, whereas job stress and job burnout had direct positive influences. The path coefficient between the image quality of VDT and visual fatigue was not significant. The total effects of job burnout, job stress, the VDT's physical features and the work environment conditions on visual fatigue were 0.471, 0.469, -0.268 and -0.251 respectively. These findings indicated that both extrinsic factors relating to VDT and workplace environment and psychological factors including job burnout and job stress should be considered in the workplace design and work organisation of security screening tasks to reduce screeners' visual fatigue. Practitioner Summary: This study identified the risk factors influencing visual fatigue in baggage X-ray security screeners and estimated the strength of correlations between those factors and visual fatigue. The findings were of great importance to the workplace design and the work organisation of security screening tasks to reduce screeners' visual fatigue.

  8. Thermal disposal of waste containing nanomaterials: first investigations on a methodology for risk management

    International Nuclear Information System (INIS)

    Ounoughene, G.; Joubert, A.; Le Coq, L.; LeBihan, O.; Debray, B.; Chivas-Joly, C.; Longuet, C.; Lopez-Cuesta, J-M.

    2017-01-01

    Considering the wide use and production of NMs since last two decades, these trendy nanomaterials (NMs) are expected to end up in thermal disposal and waste incineration plants (WIP). It seems relevant to assess the risks related to the thermal disposal and incineration of waste containing NMs (WCNMs). The objective of this work is to present a first approach to develop a preliminary methodology for risk management in order (1) to give insights on nanosafety of exposed operators and on potential environmental risks related to the incineration and thermal disposal of WCNMs, and (2) to eventually support decision-makers and incineration plant managers. Therefore, the main challenge is to find (a) key parameter(s) which would govern the decision related to risk management of NMs thermal disposal. On the one hand, we focused on the relevant literature studies about experimental works on incineration of NMs. On the other hand, we conducted an introductory discussion with a group of experts. The review of this literature highlights that the nano-object’s nanostructure destruction appears as a relevant indicator of the risks related to the NMs incineration. As a consequence, we defined a “temperature of nanostructure destruction” (TND) which would be the temperature from which the nanostructure will be destroyed. This parameter has been assumed to be a consistent indicator to develop a preliminary methodology. If the combustion chamber temperature is higher than the TND of the NM (or if they are close to each other), then the nanostructure will be destroyed and no risks related to NMs remain. If the TND of the NMs is higher than the combustion chamber temperature, then the nanostructure will not be destroyed and risks related to NMs have to be considered. As a result, five groups of NMs have been identified. WCNMs including carbonic NMs appear to be in good position to be destroyed safely in WIP. On the other hand, based on this criterion, there would be no

  9. Thermal disposal of waste containing nanomaterials: first investigations on a methodology for risk management

    Science.gov (United States)

    Ounoughene, G.; LeBihan, O.; Debray, B.; Chivas-Joly, C.; Longuet, C.; Joubert, A.; Lopez-Cuesta, J.-M.; Le Coq, L.

    2017-06-01

    Considering the wide use and production of NMs since last two decades, these trendy nanomaterials (NMs) are expected to end up in thermal disposal and waste incineration plants (WIP). It seems relevant to assess the risks related to the thermal disposal and incineration of waste containing NMs (WCNMs). The objective of this work is to present a first approach to develop a preliminary methodology for risk management in order (1) to give insights on nanosafety of exposed operators and on potential environmental risks related to the incineration and thermal disposal of WCNMs, and (2) to eventually support decision-makers and incineration plant managers. Therefore, the main challenge is to find (a) key parameter(s) which would govern the decision related to risk management of NMs thermal disposal. On the one hand, we focused on the relevant literature studies about experimental works on incineration of NMs. On the other hand, we conducted an introductory discussion with a group of experts. The review of this literature highlights that the nano-object’s nanostructure destruction appears as a relevant indicator of the risks related to the NMs incineration. As a consequence, we defined a “temperature of nanostructure destruction” (TND) which would be the temperature from which the nanostructure will be destroyed. This parameter has been assumed to be a consistent indicator to develop a preliminary methodology. If the combustion chamber temperature is higher than the TND of the NM (or if they are close to each other), then the nanostructure will be destroyed and no risks related to NMs remain. If the TND of the NMs is higher than the combustion chamber temperature, then the nanostructure will not be destroyed and risks related to NMs have to be considered. As a result, five groups of NMs have been identified. WCNMs including carbonic NMs appear to be in good position to be destroyed safely in WIP. On the other hand, based on this criterion, there would be no

  10. Community Savings Groups, Financial Security, and HIV Risk Among Female Sex Workers in Iringa, Tanzania.

    Science.gov (United States)

    Mantsios, Andrea; Galai, Noya; Mbwambo, Jessie; Likindikoki, Samuel; Shembilu, Catherine; Mwampashi, Ard; Beckham, S W; Leddy, Anna; Davis, Wendy; Sherman, Susan; Kennedy, Caitlin; Kerrigan, Deanna

    2018-02-24

    This study assessed the association between community savings group participation and consistent condom use (CCU) among female sex workers (FSW) in Iringa, Tanzania. Using cross-sectional data from a survey of venue-based FSW (n = 496), logistic regression was used to examine the associations between financial indicators including community savings group participation and CCU. Over one-third (35%) of the women participated in a savings group. Multivariable regression results indicated that participating in a savings group was significantly associated with nearly two times greater odds of CCU with new clients in the last 30 days (aOR = 1.77, 95% CI 1.10-2.86). Exploratory mediation analysis indicated that the relationship between savings group participation and CCU was partially mediated by financial security, as measured by monthly income. Findings indicate that community savings groups may play an important role in reducing sexual risk behaviors of FSW and hold promise as part of comprehensive, community-led HIV prevention strategies among FSW.

  11. Digital Health Data: A Comprehensive Review of Privacy and Security Risks and Some Recommendations

    Directory of Open Access Journals (Sweden)

    Shahidul Islam Khan

    2016-08-01

    Full Text Available In today’s world, health data are being produced in ever\\-increasing amounts due to extensive use of medical devices generating data in digital form. These data are stored in diverse formats at different health information systems. Medical practitioners and researchers can be benefited significantly if these massive heterogeneous data could be integrated and made accessible through a common platform. On the other hand, digital health data containing protected health information (PHI are the main target of the cybercriminals. In this paper, we have provided a state of the art review of the security threats in the integrated healthcare information systems. According to our analysis, healthcare data servers are leading target of the hackers because of monetary value. At present, attacks on healthcare organizations' data are 1.25 times higher compared to five years ago. We have provided some important recommendations to minimize the risk of attacks and to reduce the chance of compromising patients' privacy after any successful attack.

  12. Prediction of Maintenance Period of Equipment Through Risk Assessment of Thermal Power Plants

    Energy Technology Data Exchange (ETDEWEB)

    Song, Gee Wook; Kim, Bum Shin; Choi, Woo Song; Park, Myung Soo [KEPCO Research Institute, Daejeon (Korea, Republic of)

    2013-10-15

    Risk-based inspection (RBI) is a well-known method that is used to optimize inspection activities based on risk analysis in order to identify the high-risk components of major facilities such as power plants. RBI, when implemented and maintained properly, improves plant reliability and safety while reducing unplanned outages and repair costs. Risk is given by the product of the probability of failure (Pof) and the consequence of failure (COF). A semi-quantitative method is generally used for risk assessment. Semi-quantitative risk assessment complements the low accuracy of qualitative risk assessment and the high expense and long calculation time of quantitative risk assessment. The first step of RB I is to identify important failure modes and causes in the equipment. Once these are defined, the Pof and COF can be assessed for each failure. During Pof and COF assessment, an effective inspection method and range can be easily found. In this paper, the calculation of the Pof is improved for accurate risk assessment. A modified semi-quantitative risk assessment was carried out for boiler facilities of thermal power plants, and the next maintenance schedules for the equipment were decided.

  13. Prediction of Maintenance Period of Equipment Through Risk Assessment of Thermal Power Plants

    International Nuclear Information System (INIS)

    Song, Gee Wook; Kim, Bum Shin; Choi, Woo Song; Park, Myung Soo

    2013-01-01

    Risk-based inspection (RBI) is a well-known method that is used to optimize inspection activities based on risk analysis in order to identify the high-risk components of major facilities such as power plants. RBI, when implemented and maintained properly, improves plant reliability and safety while reducing unplanned outages and repair costs. Risk is given by the product of the probability of failure (Pof) and the consequence of failure (COF). A semi-quantitative method is generally used for risk assessment. Semi-quantitative risk assessment complements the low accuracy of qualitative risk assessment and the high expense and long calculation time of quantitative risk assessment. The first step of RB I is to identify important failure modes and causes in the equipment. Once these are defined, the Pof and COF can be assessed for each failure. During Pof and COF assessment, an effective inspection method and range can be easily found. In this paper, the calculation of the Pof is improved for accurate risk assessment. A modified semi-quantitative risk assessment was carried out for boiler facilities of thermal power plants, and the next maintenance schedules for the equipment were decided

  14. Computer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets

    National Research Council Canada - National Science Library

    Dacey, Robert

    2001-01-01

    .... Accordingly, the security of these systems and data is essential to avoiding disruptions in critical operations, as well as to helping prevent data tampering, fraud, and inappropriate disclosure...

  15. Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

    Science.gov (United States)

    Navare, Jyoti; Gemikonakli, Orhan

    Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

  16. 21st Century Security Manager

    OpenAIRE

    Stelian ARION

    2010-01-01

    We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers ...

  17. Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

    Science.gov (United States)

    Thompson, Eleanor Elizabeth

    2014-01-01

    That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

  18. 48 CFR 1352.237-70 - Security processing requirements-high or moderate risk contracts.

    Science.gov (United States)

    2010-10-01

    ... background inquiries pertaining to verification of name, physical description, marital status, present and... undergo security processing by the Department's Office of Security before being eligible to work on the.... citizens must have: (1) Official legal status in the United States; (2) Continuously resided in the United...

  19. Quantification of Gains and Risks of Static Thermal Rating Based on Typical Meteorological Year

    Czech Academy of Sciences Publication Activity Database

    Heckenbergerová, Jana; Musílek, P.; Filimonenkov, K.

    2013-01-01

    Roč. 44, č. 1 (2013), s. 227-235 ISSN 0142-0615 R&D Projects: GA MŠk LD12009 Grant - others:GA AV ČR(CZ) M100300904 Institutional support: RVO:67985807 Keywords : Overhead power transmission lines * Conductor ampacity * Probabilistic static thermal rating * Typical meteorological year * Risk tolerance * Energy throughput Subject RIV: JE - Non-nuclear Energetics, Energy Consumption ; Use Impact factor: 3.432, year: 2012

  20. Food Security and Cardiovascular Disease Risk Among Adults in the United States: Findings From the National Health and Nutrition Examination Survey, 2003?2008

    OpenAIRE

    Ford, Earl S.

    2013-01-01

    Introduction Little is known about the relationship between food security status and predicted 10-year cardiovascular disease risk. The objective of this study was to examine the associations between food security status and cardiovascular disease risk factors and predicted 10-year risk in a national sample of US adults. Methods A cross-sectional analysis using data from 10,455 adults aged 20 years or older from the National Health and Nutrition Examination Survey 2003?2008 was conducted. Fou...

  1. Evaluation of risk and benefit in thermal effusivity sensor for monitoring lubrication process in pharmaceutical product manufacturing.

    Science.gov (United States)

    Uchiyama, Jumpei; Kato, Yoshiteru; Uemoto, Yoshifumi

    2014-08-01

    In the process design of tablet manufacturing, understanding and control of the lubrication process is important from various viewpoints. A detailed analysis of thermal effusivity data in the lubrication process was conducted in this study. In addition, we evaluated the risk and benefit in the lubrication process by a detailed investigation. It was found that monitoring of thermal effusivity detected mainly the physical change of bulk density, which was changed by dispersal of the lubricant and the coating powder particle by the lubricant. The monitoring of thermal effusivity was almost the monitoring of bulk density, thermal effusivity could have a high correlation with tablet hardness. Moreover, as thermal effusivity sensor could detect not only the change of the conventional bulk density but also the fractional change of thermal conductivity and thermal capacity, two-phase progress of lubrication process could be revealed. However, each contribution of density, thermal conductivity, or heat capacity to thermal effusivity has the risk of fluctuation by formulation. After carefully considering the change factor with the risk to be changed by formulation, thermal effusivity sensor can be a useful tool for monitoring as process analytical technology, estimating tablet hardness and investigating the detailed mechanism of the lubrication process.

  2. Perceived Information Security, Information Privacy, Risk and Institutional Trust on Consumer€™s Trust in E-commerce

    OpenAIRE

    Parengkuan, Frane Maorets

    2014-01-01

    E-commerce is widely being used in nowadays generation where the business entrepreneur from small to large institution, has widely taken advantage on the internet to promote business and deliver information about their product. Consumer trust is an important aspect of e-commerce, and understanding its antecedents and consequences is a prime concern. This research designed to find out the influence of Perceived Information Security, Privacy, Risk and Institutional Trust on Consumers Trust in E...

  3. Regional disaster risk management strategies for food security: Probing Southern African Development Community channels for influencing national policy

    Directory of Open Access Journals (Sweden)

    Happy M. Tirivangasi

    2018-05-01

    Full Text Available Natural disasters and food insecurity are directly interconnected. Climate change related hazards such as floods, hurricanes, tsunamis, droughts and other risks can weaken food security and severely impact agricultural activities. Consequently, this has an impact on market access, trade, food supply, reduced income, increased food prices, decreased farm income and employment. Natural disasters create poverty, which in turn increases the prevalence of food insecurity and malnutrition. It is clear that disasters put food security at risk. The poorest people in the community are affected by food insecurity and disasters; hence, there is a need to be prepared as well as be in a position to manage disasters. Without serious efforts to address them, the risks of disasters will become an increasingly serious obstacle to sustainable development and the achievement of sustainable development goals, particularly goal number 2 ‘end hunger, achieve food security and improved nutrition and promote sustainable agriculture’. In recent years, countries in southern Africa have experienced an increase in the frequency, magnitude and impact of climate change–related hazards such as droughts, veld fire, depleting water resources and flood events. This research aims to reveal Southern African Development Community disaster risk management strategies for food security to see how they an influence and shape policy at the national level in southern Africa. Sustainable Livelihood approach was adopted as the main theoretical framework for the study. The qualitative Analysis is based largely on data from databases such as national reports, regional reports and empirical findings on the disaster management–sustainable development nexus.

  4. Security Policies for Mitigating the Risk of Load Altering Attacks on Smart Grid Systems

    Energy Technology Data Exchange (ETDEWEB)

    Ryutov, Tatyana; AlMajali, Anas; Neuman, Clifford

    2015-04-01

    While demand response programs implement energy efficiency and power quality objectives, they bring potential security threats to the Smart Grid. The ability to influence load in a system enables attackers to cause system failures and impacts the quality and integrity of power delivered to customers. This paper presents a security mechanism to monitor and control load according to a set of security policies during normal system operation. The mechanism monitors, detects, and responds to load altering attacks. We examined the security requirements of Smart Grid stakeholders and constructed a set of load control policies enforced by the mechanism. We implemented a proof of concept prototype and tested it using the simulation environment. By enforcing the proposed policies in this prototype, the system is maintained in a safe state in the presence of load drop attacks.

  5. Risk factors for oral diseases among workers with and without dental insurance in a national social security scheme in India.

    Science.gov (United States)

    Singh, Abhinav; Purohit, Bharathi M; Masih, Nitin; Kahndelwal, Praveen Kumar

    2014-04-01

    The target population for this cross sectional study comprises subjects with and without social security in a national social security scheme. The study aimed to compare and assess the risk factors for oral diseases among insured (organised sector) and non-insured workers (unorganised sector) in New Delhi, India. The sample comprised a total of 2,752 subjects. Of these, 960 workers belonged to the formal or organised sector with a social security and dental health insurance and 1,792 had no social security or dental insurance from the informal or unorganised sector. Significant differences were noted between the two groups for literacy levels, between-meal sugar consumption, tobacco-related habits and utilisation of dental care. Bleeding/calculus and periodontal pockets were present among 25% and 65.4% of insured workers, respectively. Similarly, 13.6% and 84.5% of non-insured workers had bleeding/calculus and periodontal pockets, respectively. The mean DMFT (decayed, missing, filled teeth) value among the insured workers and non-insured workers was 3.27 ± 1.98 and 3.75 ± 1.80, respectively. The association between absence of health insurance and dental caries was evident with an odds ratio (OR) of 1.94. Subjects with below graduate education were more prone to dental caries (OR = 1.62). Subjects who cleaned their teeth two or more times a day were less likely to have dental caries (OR = 1.47). Utilisation of dental care was inversely related to dental caries (OR = 1.25). The major risk factors for oral diseases in both the groups with similar socio-economic status were the lack of social security and health insurance, low literacy levels, high tobacco consumption and low levels of dental care utilisation. © 2013 FDI World Dental Federation.

  6. MANAGEMENT OF SECURITY FOR BANK LOANS ON THE BASIS OF RISK MANAGEMENT

    Directory of Open Access Journals (Sweden)

    Viktoriia Kovalenko

    2016-03-01

    Full Text Available The article aims to study methods and tools for risk management to ensure bank loans.  Proved that the effectiveness of risk management to ensure bank loans depends on consistency,  adequacy methods of evaluation, quality monitoring and timely response system of the banks and the  regulator. The article is to develop recommendations to improve the effectiveness of risk management providing bank loans considering the risks inherent in the process support mortgage portfolio of banks in the  face of considerable uncertainty functioning banks. It is proved that the risk provision of bank loans in the loan management should be considered  through risk characteristics that form the aggregate credit risk. Substantiated that risk management software meets the classic risk management, which identifies  four main stages: identification; risk assessment software; control risk; minimizing risk. Keywords: credit risk provision, loan, risk management, reserves.JEL: G 28

  7. Multi-Risk Infants: Predicting Attachment Security from Sociodemographic, Psychosocial, and Health Risk among African-American Preterm Infants

    Science.gov (United States)

    Candelaria, Margo; Teti, Douglas M.; Black, Maureen M.

    2011-01-01

    Background: Ecological and transactional theories link child outcomes to accumulated risk. This study hypothesized that cumulative risk was negatively related to attachment, and that maternal sensitivity mediated linkages between risk and attachment. Methods: One hundred and twelve high-risk African-American premature infant-mother dyads…

  8. Assessing heat-related health risk in Europe via the Universal Thermal Climate Index (UTCI)

    Science.gov (United States)

    Di Napoli, Claudia; Pappenberger, Florian; Cloke, Hannah L.

    2018-03-01

    In this work, the potential of the Universal Thermal Climate Index (UTCI) as a heat-related health risk indicator in Europe is demonstrated. The UTCI is a bioclimate index that uses a multi-node human heat balance model to represent the heat stress induced by meteorological conditions to the human body. Using 38 years of meteorological reanalysis data, UTCI maps were computed to assess the thermal bioclimate of Europe for the summer season. Patterns of heat stress conditions and non-thermal stress regions are identified across Europe. An increase in heat stress up to 1 °C is observed during recent decades. Correlation with mortality data from 17 European countries revealed that the relationship between the UTCI and death counts depends on the bioclimate of the country, and death counts increase in conditions of moderate and strong stress, i.e., when UTCI is above 26 and 32 °C. The UTCI's ability to represent mortality patterns is demonstrated for the 2003 European heatwave. These findings confirm the importance of UTCI as a bioclimatic index that is able to both capture the thermal bioclimatic variability of Europe, and relate such variability with the effects it has on human health.

  9. The Department of Homeland Security's Risk Assessment Methodology: Evolution, Issues, and Options for Congress

    National Research Council Canada - National Science Library

    Masse, Todd; O'Neil, Siobhan; Rollins, John

    2007-01-01

    .... Secretary Chertoff has stated "DHS must base its work on priorities driven by risk" and, increasingly, risk assessment and subsequent risk mitigation have influenced all of the department's efforts...

  10. Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

    International Nuclear Information System (INIS)

    Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y.

    2011-01-01

    With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

  11. Development Methodology of a Cyber Security Risk Analysis and Assessment Tool for Digital I and C Systems in Nuclear Power Plant

    Energy Technology Data Exchange (ETDEWEB)

    Cha, K. H.; Lee, C. K.; Song, J. G.; Lee, Y. J.; Kim, J. Y.; Lee, J. W.; Lee, D. Y. [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

    2011-05-15

    With the use of digital computers and communication networks the hot issues on cyber security were raised about 10 years ago. The scope of cyber security application has now been extended from the safety Instrumentation and Control (I and C) system to safety important systems, plant security system, and emergency preparedness system. Therefore, cyber security should be assessed and managed systematically throughout the development life cycle of I and C systems in order for their digital assets to be protected from cyber attacks. Fig. 1 shows the concept of a cyber security risk management of digital I and C systems in nuclear power plants (NPPs). A lot of cyber security risk assessment methods, techniques, and supported tools have been developed for Information Technology (IT) systems, but they have not been utilized widely for cyber security risk assessments of the digital I and C systems in NPPs. The main reason is a difference in goals between IT systems and nuclear I and C systems. Confidentiality is important in IT systems, but availability and integrity are important in nuclear I and C systems. Last year, it was started to develop a software tool to be specialized for the development process of nuclear I and C systems. This paper presents a development methodology of the Cyber Security Risk analysis and Assessment Tool (CSRAT) for the digital I and C systems in NPP

  12. Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection.

    Science.gov (United States)

    Oğüt, Hulisi; Raghunathan, Srinivasan; Menon, Nirup

    2011-03-01

    The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms' self-protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self-protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self-protection levels. If self-protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self-protection level, then self-protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self-protection and insurance levels by offering a subsidy on self-protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self-protection of a firm is not observable to an insurer, then self-protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management. © 2010 Society for Risk Analysis.

  13. Radon in thermal waters and radon risk in chosen thermal water spas in V4 countries - preliminary results

    International Nuclear Information System (INIS)

    Holy, K.; Blahusiak, P.; Muellerova, M.; Grzadziel, D.; Kozak, K.; Mazur, J.; Kovacs, T.; Nagy, E.; Shahrokhi, A.; Neznal, M.; Neznal, M.

    2014-01-01

    The territory of V4 countries is rich in thermal springs. Some boreholes reach a depth of 2000 m and temperatures up to 70 grad C. 222 Rn concentrations in some thermal waters can exceed 1000 Bq/l, however this concentration is not constant. In V4 countries, there is a long tradition in using thermal waters in spa care. In thermal spas, radon is released from the water, and is transported along with its decay products into human respiratory tract, which is potentially harmful to human health. Thus, controlling the levels of radon concentration in thermal waters, homes and workplaces of spas is justified. The aim of this project is the study of radon 222 Rn concentration in thermal waters and in thermal spas in V4 countries. The measurements are carried out a few times during at least one year in order to observe seasonal variability. The obtained results will serve to determine annual effective doses for employees who spend ca. 8 hours a day inside spa buildings. It will be also possible to assess the effective doses for patients (users) of the pools with the highest registered radon concentrations. We carry out measurements in 3 existing thermal water spas in each of the countries: Slovakia, Poland and Hungary, and in 1 thermal water spas in the Czech Republic,according to choice of partners. (authors)

  14. Report: EPA’s Information Systems and Data Are at Risk Due to Insufficient Training of Personnel With Significant Information Security Responsibilities

    Science.gov (United States)

    Report #14-P-0142, March 21, 2014. The EPA places its information systems and data at risk due to an organizational structure that has not specified required duties and responsibilities to ensure personnel are trained on key information security roles.

  15. RISK-DET : ICT Security Awareness Aspect Combining Education and Cognitive Sciences

    NARCIS (Netherlands)

    Schaff, Guillaume; Harpes, Carlo; Aubigny, Matthieu; Junger, Marianne; Martin, Romain; Leist, Arno; Pankowski, Tadeusz

    2014-01-01

    This paper explains the main innovation of a risk assessment tool, called RISK-DET, which will include an ICT risk awareness aspect supported by a specific application: Voozio 2.0. The design of the RISK-DET tool considers the implementation of the emergent ICT (Information and Communication

  16. Specifying nurse’s experiences of risk management is one of the patient security challenges in social security hospital: A phenomenological approach

    Directory of Open Access Journals (Sweden)

    Sedighe Teimuri

    2016-06-01

    Full Text Available Patient safety is regarded as prevention and damage adjustment due to elimination of errors related to mentioned hygienic care which decreases the mistakes by the help of applying practical methods and causes not occurrence of events. So this study was conducted aimed at specifying the experiences of nurses as a challenge to patient safety in social security hospital of Zahedan in 2015. This study is a qualitative research with a phenomenological approach. Participants of this study have been selected from nurse population on the basis of purposeful sampling. The sampling continued until the completeness of the data. 14 participants of this study consist of 2 supervisors, 1 head nurse and 11 nurses aged from 22-45 years old and all married. Data collection developed through deep, nonstructural interviews which were tape recorded and transcribed word by word. The data were then analyzed in Collaizzi’s7 step method. At the end of interview analysis, 130 codes were elicited and two themes were drawn named risk management and human resources management. Risk management consists of sub concepts; the policy of punishments of managers, inefficient management of medical errors and human resources management include sub concepts; The shortage of nurse forces, inefficient selection of nurses and increase in authenticity requirements. inefficient risk management is one of the most important patient safety challenges related to medical errors which should be specifically taken into account and intensify the encouragement system and the policy of not punishing nurses should be used in order to remove the mentioned challenges related to establishment of patient safety system.

  17. Equilibrium in Securities Markets with Heterogeneous Investors and Unspanned Income Risk

    DEFF Research Database (Denmark)

    Christensen, Peter Ove; Larsen, Kasper; Munk, Claus

    -free rate (and the expected stock return) is lower in the economy with unspanned income risk due to an increased demand for precautionary savings. The reduction in the risk-free rate is highest when the more risk-averse investors face the largest unspanned income risk. In numerical examples with reasonable......We provide the first closed-form solution for the equilibrium risk-free rate and the equilibrium stock price in a continuous-time economy with heterogeneous investor preferences and unspanned income risk. We show that lowering the fraction of income risk spanned by the market produces a lower...... equilibrium risk-free rate and a lower stock market Sharpe ratio, partly due to changes in the aggregate consumption dynamics. If we fix the aggregate consumption dynamics, the Sharpe ratio is the same as in an otherwise identical representative agent economy in which all risks are spanned, whereas the risk...

  18. SECURITY RISKS, MYTHS IN A TRANSITIONING SUB-NATIONAL REGIONAL ECONOMY (CROSS RIVER STATE AND IMAGINATIVE GEOGRAPHIES OF NIGERIA

    Directory of Open Access Journals (Sweden)

    J. K. UKWAYI

    2015-03-01

    Full Text Available The emergence of an “international community” through accumulation of perceived risks that contrasts with those risks (of considerably lower levels of seriousness compared to those perceived constitutes one of the interesting (or intriguing subjects of risks and disaster studies surrounding the 9/11 era. The constructions of “imaginative geographies”, have frequently been biased in the practices that underlie the mapping of the foreign places tend to put-down the affected regions in their “paintings” for the global community. The latter are subsequently “demonized” in their ratings of competence for participating in world trade, tourism, travel, among other social/cultural, and economic and political activities. The objective of this article is to highlight how the exaggeration of risks (contrasted to actually existing/lived risks, practices that are frequently associated with such adverse “imaginative geographies” poses sub-national regional development dilemma in Nigeria’s Niger Delta. We trace the roots of adverse “imaginative geographies” of Nigeria to the Abacha dictatorship (1993-1997. Then we highlight the mixed characteristics of the Niger Delta conditions during the “return of positive image recapture” by Nigeria’s federal government (re-democratisation of the Fourth Republic, 1999-present, re-branding campaigns; as well as adverse conditions present. Most significantly, we show that despite these adversities, a combination of favorable geographical size, differentiation, sub-national regional security programme formulation and management taking aims at diversification have created “large oases” of peace and security in Cross River State, a part of the Niger Delta that has been completely unscathed by insurgencies of the nearby sub-national region and further away national origin. Apart from identifying sub-national regions qualifying for delisting from “adverse imaginative geographies” due to

  19. Security risk assessment and management in chemical plants : Challenges and new trends

    NARCIS (Netherlands)

    Khakzad Rostami, N.; Martinez, Imee Su; Kwon, Hyuk-Myun; Stewart, Constantine; Perera, Rohan; Reniers, G.L.L.M.E.

    2017-01-01

    he present study is to point out the outcomes of the Sem-inar on the Chemical Weapon Convention and Chemical Safety and Security Management for Member States in the Asia Region held by Organization for the Prohibition of Chemical Weapons in Doha, Qatar, in February 2017. The seminar was aimed at

  20. Higher Stakes--The Hidden Risks of School Security Fences for Children's Learning Environments

    Science.gov (United States)

    Rooney, Tonya

    2015-01-01

    In a move away from the open or low-fenced grounds that have traditionally been a feature of Australian school design, the last decade has seen a growth in the installation of high-security fences around schools. These structures, far from being passive and neutral, act to redefine the possibilities for movement and connectivity in the local…

  1. 75 FR 10973 - Hazardous Materials: Risk-Based Adjustment of Transportation Security Plan Requirements

    Science.gov (United States)

    2010-03-09

    ... (explosive) material; (3) More than 1 L (1.06 qt.) per package of a material poisonous by inhalation in... controlled; and 6.1 materials poisonous by inhalation. We also proposed to require security plans for any... happens very rapidly, and in the process, the propane combines readily with air to form fuel air mixtures...

  2. Information Security Maturity as an Integral Part of ISMS based Risk Management Tools

    NARCIS (Netherlands)

    Fetler, Ben; Harpes, Carlo

    2016-01-01

    Measuring the continuous improvement of Information Security Management Systems (ISMS) is often neglected as most organizations do not know how to extract key-indicators that could be used for this purpose. The underlying work presents a six-level maturity model which can be fully integrated in a

  3. Child Self-Regulation, Parental Secure Base Scripts, and At-Risk Kindergartners' Academic Achievement

    Science.gov (United States)

    McLear, Caitlin; Trentacosta, Christopher J.; Smith-Darden, Joanne

    2016-01-01

    Research Findings: Early reading and mathematics skills predict later academic success, and child self-regulation and secure parent-child relationships are both predictors of early academic skills. Self-regulatory and family relationship factors have rarely been studied together as predictors of early academic success in populations of young…

  4. Security management

    International Nuclear Information System (INIS)

    Adams, H.W.

    1990-01-01

    Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

  5. Thermal remote sensing approach combined with field spectroscopy for detecting underground structures intended for defence and security purposes in Cyprus

    Science.gov (United States)

    Melillos, George; Themistocleous, Kyriacos; Hadjimitsis, Diofantos G.

    2018-04-01

    The purpose of this paper is to present the results obtained from unmanned aerial vehicle (UAV) using multispectral with thermal imaging sensors and field spectroscopy campaigns for detecting underground structures. Airborne thermal prospecting is based on the principle that there is a fundamental difference between the thermal characteristics of underground structures and the environment in which they are structure. This study aims to combine the flexibility and low cost of using an airborne drone with the accuracy of the registration of a thermal digital camera. This combination allows the use of thermal prospection for underground structures detection at low altitude with high-resolution information. In addition vegetation indices such as the Normalized Difference Vegetation Index (NDVI) and Simple Ratio (SR), were utilized for the development of a vegetation index-based procedure aiming at the detection of underground military structures by using existing vegetation indices or other in-band algorithms. The measurements were taken at the following test areas such as: (a) vegetation area covered with the vegetation (barley), in the presence of an underground military structure (b) vegetation area covered with the vegetation (barley), in the absence of an underground military structure. It is important to highlight that this research is undertaken at the ERATOSTHENES Research Centre which received funding to be transformed to an EXcellence Research Centre for Earth SurveiLlance and Space-Based MonItoring Of the EnviRonment (Excelsior) from the HORIZON 2020 Widespread-04-2017: Teaming Phase 1(Grant agreement no: 763643).

  6. Evaluation of a temporal fire risk index in Mediterranean forests from NOAA thermal IR

    International Nuclear Information System (INIS)

    Vidal, A.; Pinglo, F.; Durand, H.; Devaux-Ros, C.; Maillet, A.

    1994-01-01

    Mediterranean forests are regularly subjected to a large number of fires; 537,000 ha were burned during the severe European drought of 1990. The French Ministries of Environment, Interior, and Agriculture are trying to implement efficient methods to prevent forest fires and to reduce their incidence. Fire risk is composed of human, ecological, and climatic factors that are already accounted for in prevention methods. However, the importance of biophysical factors, especially the water status of forest trees, bushes, grasses, and litter should also be considered. In a first step, thermal infrared data from NOAA-AVHRR daily images covering an 18-month period were used to estimate temporal variations of forest evapotranspiration through an energy budget-based relationship. Results were related to statistics on fire starts, in order to derive a fire risk index that can be used for a real-time regional alarm. (author)

  7. Security-constrained self-scheduling of generation companies in day-ahead electricity markets considering financial risk

    International Nuclear Information System (INIS)

    Amjady, Nima; Vahidinasab, Vahid

    2013-01-01

    Highlights: ► A security-constrained self-scheduling is presented. ► The proposed framework takes into account the uncertainty of the predicted market prices. ► We model the risk and profit tradeoff of a GENCO based on an efficient multi-objective model. ► Unit commitment and inter-temporal constraints of generators are considered in an MIP model. ► Simulation results are presented on the IEEE 30-bus and IEEE 118-bus test systems. - Abstract: In this paper, a new security-constrained self-scheduling framework incorporating the transmission flow limits in both steady state conditions and post-contingent states is presented to produce efficient bidding strategy for generation companies (GENCOs) in day-ahead electricity markets. Moreover, the proposed framework takes into account the uncertainty of the predicted market prices and models the risk and profit tradeoff of a GENCO based on an efficient multi-objective model. Furthermore, unit commitment and inter-temporal constraints of generators are considered in the suggested model converting it to a mixed-integer programming (MIP) optimization problem. Sensitivity of the proposed framework with respect to both the level of the market prices and adopted risk level is also evaluated in the paper. Simulation results are presented on the IEEE 30-bus and IEEE 118-bus test systems illustrating the performance of the proposed self-scheduling model.

  8. Simulating the Adaptive Mechanisms to Reduce the Risks of Occurence of Threats to the Economic Security of Enterprise

    Directory of Open Access Journals (Sweden)

    Glushchevsky Vyacheslav V.

    2017-09-01

    Full Text Available The article is concerned with addressing the topical problem of effectively countering real and potential threats to economic security of enterprises and reducing the risks of their occurrence. The article is aimed at simulating the adaptive mechanisms to counteract external influences on the marketing component of enterprise’s economic security and developing a system of measures for removing threats to price destabilization of its orders portfolio based on a modern economic-mathematical instrumentarium. The common causes of the threats occurrence related to the price policy of enterprise and the tactics of the contractual processes with the business partners have been explored. Hidden reserves for price maneuvering in concluding contracts with customers have been identified. An algorithmic model for an adaptive pricing task in terms of an assortment of industrial enterprise has been built. On the basis of this model, mechanisms have been developed to counteract the threats of occurrence and aggravation of a «price conflict» between the producing enterprise and the potential customers of its products, and to advise on how to remove the risks of their occurrence. Prospects for using the methodology together with the instrumentarium for economic-mathematical modeling in terms of tasks of the price risks management have been indicated.

  9. Fracture risk assessment for the pressurized water reactor pressure vessel under pressurized thermal shock events

    International Nuclear Information System (INIS)

    Chou, Hsoung-Wei; Huang, Chin-Cheng

    2016-01-01

    Highlight: • The PTS loading conditions consistent with the USNRC's new PTS rule are applied as the loading condition for a Taiwan domestic PWR. • The state-of-the-art PFM technique is employed to analyze a reactor pressure vessel. • Novel flaw model and embrittlement correlation are considered in the study. • The RT-based regression formula of NUREG-1874 was also utilized to evaluate the failure risks of RPV. • For slightly embrittled RPV, the SO-1 type PTSs play more important role than other types of PTS. - Abstract: The fracture risk of the pressurized water reactor pressure vessel of a Taiwan domestic nuclear power plant has been evaluated according to the technical basis of the U.S.NRC's new pressurized thermal shock (PTS) screening criteria. The ORNL's FAVOR code and the PNNL's flaw models were employed to perform the probabilistic fracture mechanics analysis associated with plant specific parameters of the domestic reactor pressure vessel. Meanwhile, the PTS thermal hydraulic and probabilistic risk assessment data analyzed from a similar nuclear power plant in the United States for establishing the new PTS rule were applied as the loading conditions. Besides, an RT-based regression formula derived by the U.S.NRC was also utilized to verify the through-wall cracking frequencies. It is found that the through-wall cracking of the analyzed reactor pressure vessel only occurs during the PTS events resulted from the stuck-open primary safety relief valves that later reclose, but with only an insignificant failure risk. The results indicate that the Taiwan domestic PWR pressure vessel has sufficient structural margin for the PTS attack until either the current license expiration dates or during the proposed extended operation periods.

  10. Disentangling determinants of insecticide use to manage production, food security, and health risks in Cambodia and Vietnam: evidence from household surveys and risk-assessment experiments

    Directory of Open Access Journals (Sweden)

    Wei Zhang, PhD

    2018-05-01

    Full Text Available Background: Insect pest problems are among the main causes of crop yield losses in global agriculture. Insecticides protect households from food-security and income shocks, but can induce human health and environmental risks. Semi-subsistence farm households (SSFHs, which farm for both consumption and market, make decisions about crop management and output allocation to maximise food consumption, income, and health outcomes, depending on their risk preferences and other household and community characteristics. In this study, we aimed to disentangle the determinants of insecticide use by SSFHs and identify whether health consideration has had any effect on insecticide use. Methods: In this econometric analysis, we used field data collected from household surveys and risk-assessment experiments in 2014 in Cambodia and Vietnam to analyse insecticide use among more than 1000 SSFHs. Findings: We found that crops (except for rice whose outputs were used to a greater degree for consumption were less likely to be sprayed with insecticides or were sprayed fewer times. Health-conscious households (as indicated by the use of modern-fuel cooking stoves and reported concern over food safety as a main reason for maintaining home gardens consistently refrained from spraying, but this tendency diminished as output allocation shifted toward commercial use, suggesting a possible moral-hazard phenomenon. Farmers were more likely to apply insecticides to crops of high food security or dietary importance, such as rice, although the difference between fresh produce and grain produce in risk of insecticide residue exposure might also have contributed to the difference in insecticide use between rice and non-rice crops. The two samples from Cambodia and Vietnam had similarities regarding the deterring effect of health consideration and differences in other factors affecting insecticide use, such as risk preference, landholding size, household head's education level

  11. Risk Scan: A Review of Risk Assessment Capability and Maturity within the Canadian Safety and Security Program

    Science.gov (United States)

    2014-06-01

    SCADA / ICS Cyber Test Lab initiated in 2013 Psychosocial – academic research exists,; opportunity for sharing and developing impact assessment...ecosystems and species at risk), accidents / system failure (rail; pipelines ; ferries CSSP strategy for the North Focus on regional l(and local) problem...Guidance; business planning; environmental scan; proposal evaluation; and performance measurement Program Risk Management – Guidelines for project

  12. Human health risk assessment database, "the NHSRC toxicity value database": supporting the risk assessment process at US EPA's National Homeland Security Research Center.

    Science.gov (United States)

    Moudgal, Chandrika J; Garrahan, Kevin; Brady-Roberts, Eletha; Gavrelis, Naida; Arbogast, Michelle; Dun, Sarah

    2008-11-15

    The toxicity value database of the United States Environmental Protection Agency's (EPA) National Homeland Security Research Center has been in development since 2004. The toxicity value database includes a compilation of agent property, toxicity, dose-response, and health effects data for 96 agents: 84 chemical and radiological agents and 12 biotoxins. The database is populated with multiple toxicity benchmark values and agent property information from secondary sources, with web links to the secondary sources, where available. A selected set of primary literature citations and associated dose-response data are also included. The toxicity value database offers a powerful means to quickly and efficiently gather pertinent toxicity and dose-response data for a number of agents that are of concern to the nation's security. This database, in conjunction with other tools, will play an important role in understanding human health risks, and will provide a means for risk assessors and managers to make quick and informed decisions on the potential health risks and determine appropriate responses (e.g., cleanup) to agent release. A final, stand alone MS ACESSS working version of the toxicity value database was completed in November, 2007.

  13. Human health risk assessment database, 'the NHSRC toxicity value database': Supporting the risk assessment process at US EPA's National Homeland Security Research Center

    International Nuclear Information System (INIS)

    Moudgal, Chandrika J.; Garrahan, Kevin; Brady-Roberts, Eletha; Gavrelis, Naida; Arbogast, Michelle; Dun, Sarah

    2008-01-01

    The toxicity value database of the United States Environmental Protection Agency's (EPA) National Homeland Security Research Center has been in development since 2004. The toxicity value database includes a compilation of agent property, toxicity, dose-response, and health effects data for 96 agents: 84 chemical and radiological agents and 12 biotoxins. The database is populated with multiple toxicity benchmark values and agent property information from secondary sources, with web links to the secondary sources, where available. A selected set of primary literature citations and associated dose-response data are also included. The toxicity value database offers a powerful means to quickly and efficiently gather pertinent toxicity and dose-response data for a number of agents that are of concern to the nation's security. This database, in conjunction with other tools, will play an important role in understanding human health risks, and will provide a means for risk assessors and managers to make quick and informed decisions on the potential health risks and determine appropriate responses (e.g., cleanup) to agent release. A final, stand alone MS ACESSS working version of the toxicity value database was completed in November, 2007

  14. A National Security Strategy for Sweden: Balancing Risks and Opportunities in the 21st Century

    Science.gov (United States)

    2010-04-01

    physics and chemistry. The Intergovernmental Panel on Climate Change (IPCC) links a higher concentration of greenhouse gases to an increase in atmospheric...Command and Staff College. International Security Studies: AY10 Coursebook . Montgomery, 2009. Air Command and Staff College. War Studies Course: AY10... Coursebook . Montgomery, 2009. Assadourian, Eric (Project Director at the World Watch Institute). Vital Signs 2007-2008; The Trends that are Shaping Our

  15. An Integrated Framework For Power And ICT System Risk-Based Security Assessment

    OpenAIRE

    Emanuele Ciapessoni*,; Diego Cirio

    2014-01-01

    Power system (PS) is exposed to natural and man-related threats which may affect the security of power supply, depending on the vulnerabilities of the system to the threats themselves as well as on the pre-fault operating conditions. Threats regard not only the power components, but also the Information and Communications Technology (ICT) systems involved in PS control and protection. The resulting picture is characterized by significant uncertainties, especially as far as hig...

  16. EL ANÁLISIS DE RIESGO EN LA SEGURIDAD DE LA INFORMACIÓN // RISK ANALYSIS ON THE INFORMATION SECURITY

    Directory of Open Access Journals (Sweden)

    Manuel Mújica

    2010-12-01

    Full Text Available El propósito de este artículo consiste en ofrecer un conjunto de reflexiones conceptuales sobre la seguridad de la información y específicamente sobre el análisis de riesgos y su importancia en las organizaciones. Por lo que, el recurso más importante y afectado en toda organización pública y privada, grande o pequeña, es la información, por lo cual toda organización debe estar alerta e implementar sistemas de seguridad basados en un análisis de riesgo para evitar o mitigar las consecuencias no deseadas. El análisis de riesgo es un proceso que permite identificar las amenazas y vulnerabilidades de una organización con el objetivo de generar controles que minimicen los efectos de los riesgos, el cual implica determinar que o cuáles activos proteger, de qué o de quién hay que protegerlos y cómo hacerlo. El análisis de riesgos debe realizarse de forma continua dado que es necesario evaluar periódicamente si los riesgos identificados y la exposición a los mismos se mantienen vigentes; y es de vital importancia porque permite identificar los impactos futuros en la estructura de riesgos de la organización. Internacionalmente existe una norma, ISO 27005:2008 publicada en junio del año 2008, que establece criterios sobre la gestión del riesgo de la seguridad de la información y proporciona un marco normalizado que sirve de guía para definir metodologías propias para cada organización, esta norma sirve de apoyo a la norma ISO 27001:2005 que proporciona un modelo para establecer, implementar, operar, monitorear, revisar, mantener y mejorar un sistema de gestión de seguridad de la información (SGSI. // Abstract: The purpose of this paper is to provide a set of conceptual thinking on information security and specifically on risk analysis and its importance in organizations. So, the most important and affected resource in any public or private, large or small organization, is the information collected, processed, stored and made

  17. Diagnosis Of The Risk For Carotid Artery Stenos Based On Thermal Model In Infrared Images

    Directory of Open Access Journals (Sweden)

    Fatemeh Valipoori Goodarzi

    2017-02-01

    Full Text Available Background and purpose: Ischemic stroke is the third leading cause of death and a common cause of hospitalization in the United States of America and is also an important factor for Inability of patients and carotid stenos is one of the most important factors in creating it. Now, Imaging studies include: Angiography, MRI, CT scan and Doppler ultrasonography , are used to detect carotid artery stenos that is one of the most important causes of ischemic stroke. However, each method has unique advantages and disadvantages, that many of them will have a compromise between performance and accuracy versus easy usage and cost considerations. In contrast, in this paper, thermography is used as a non-invasive and cost effective to detect carotid artery Stenos and thus the risk of stroke. Materials and methods: This study is done on a series of thermal images obtained from the Clinical Center in California. In this imaging, the automatic detection of carotid artery stenos and thus Risk for stroke was done, based on: (1 the difference of average temperature between the right and left carotid arteries in the neck (2 The presence or absence of internal and external carotid arteries. Results: In this study, with the survey conducted by a specialist brain of patients had been previously, the accuracy of this work is confirmed. the techniques and points that are Experimental and  scientifically based  and obtained in this study, can help to doctors for Early detection of Artery disease, based on analysis of thermal images . Conclusion: The method presented in this paper is considered as a non-invasive and cost-effective method that automatically operates to detect the carotid arteries and prevent the Risk for stroke.

  18. Computer security engineering management

    International Nuclear Information System (INIS)

    McDonald, G.W.

    1988-01-01

    For best results, computer security should be engineered into a system during its development rather than being appended later on. This paper addresses the implementation of computer security in eight stages through the life cycle of the system; starting with the definition of security policies and ending with continuing support for the security aspects of the system throughout its operational life cycle. Security policy is addressed relative to successive decomposition of security objectives (through policy, standard, and control stages) into system security requirements. This is followed by a discussion of computer security organization and responsibilities. Next the paper directs itself to analysis and management of security-related risks, followed by discussion of design and development of the system itself. Discussion of security test and evaluation preparations, and approval to operate (certification and accreditation), is followed by discussion of computer security training for users is followed by coverage of life cycle support for the security of the system

  19. Security and Emergency Management Division

    Data.gov (United States)

    Federal Laboratory Consortium — Volpe's Security and Emergency Management Division identifies vulnerabilities, risks, and opportunities to improve the security of transportation systems, critical...

  20. Stochastic risk-averse coordinated scheduling of grid integrated energy storage units in transmission constrained wind-thermal systems within a conditional value-at-risk framework

    International Nuclear Information System (INIS)

    Hemmati, Reza; Saboori, Hedayat; Saboori, Saeid

    2016-01-01

    In recent decades, wind power resources have been integrated in the power systems increasingly. Besides confirmed benefits, utilization of large share of this volatile source in power generation portfolio has been faced system operators with new challenges in terms of uncertainty management. It is proved that energy storage systems are capable to handle projected uncertainty concerns. Risk-neutral methods have been proposed in the previous literature to schedule storage units considering wind resources uncertainty. Ignoring risk of the cost distributions with non-desirable properties may result in experiencing high costs in some unfavorable scenarios with high probability. In order to control the risk of the operator decisions, this paper proposes a new risk-constrained two-stage stochastic programming model to make optimal decisions on energy storage and thermal units in a transmission constrained hybrid wind-thermal power system. Risk-aversion procedure is explicitly formulated using the conditional value-at-risk measure, because of possessing distinguished features compared to the other risk measures. The proposed model is a mixed integer linear programming considering transmission network, thermal unit dynamics, and storage devices constraints. The simulations results demonstrate that taking the risk of the problem into account will affect scheduling decisions considerably depend on the level of the risk-aversion. - Highlights: • Risk of the operation decisions is handled by using risk-averse programming. • Conditional value-at-risk is used as risk measure. • Optimal risk level is obtained based on the cost/benefit analysis. • The proposed model is a two-stage stochastic mixed integer linear programming. • The unit commitment is integrated with ESSs and wind power penetration.

  1. The IRSN 2006 barometer. The opinion on risks and security of the French population. Global results

    International Nuclear Information System (INIS)

    2006-01-01

    This report presents and comments the results of a survey during which a sample of the French population has been questioned on their current concerns (about the society, about the environment, about their opinion on industrial risks, on scientific expertise, on who should control a risky installation), the opinion on 28 risk situations (risks to which French people feel exposed, confidence in authorities, truth of information on hazards, hierarchy of the 28 situations, acceptability of installations), the opinion on the nuclear activity and industry (the nuclear risk, the credibility and expertise of interveners, and the issue of radioactive wastes and public debate)

  2. 75 FR 75486 - Maritime Security Directive 104-6 (Rev. 4); Guidelines for U.S. Vessels Operating in High Risk...

    Science.gov (United States)

    2010-12-03

    ... Directive 104-6 (Rev. 4); Guidelines for U.S. Vessels Operating in High Risk Waters AGENCY: Coast Guard, DHS... Maritime Transportation Security Act (MTSA) on international voyages through or in designated high risk... MARSEC Directives are available at your local Captain of the Port (COTP) office. Phone numbers and...

  3. Security seal

    Science.gov (United States)

    Gobeli, Garth W.

    1985-01-01

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to "fingerprints" are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  4. Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

    OpenAIRE

    Audrey Guinchard

    2011-01-01

    Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing ant...

  5. INFORMATION SYSTEM SECURITY (CYBER SECURITY

    Directory of Open Access Journals (Sweden)

    Muhammad Siddique Ansari

    2016-03-01

    Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

  6. Risk-Based Approach for Thermal Treatment of Soils Contaminated with Heavy Metals

    Directory of Open Access Journals (Sweden)

    Cocârţă D. M.

    2013-04-01

    Full Text Available In the actual context of limited soil resources and the significant degree of environmental pollution, public administrations and authorities are interested in restoring contaminated sites paying attention to the impact of these soils on human health. This paper aims to present the efficiency of the the incineration as a method for treatment of the contaminated soils t based on human health risk assessment. Through various experimentations, the following metals have been studied: Zn, Cu, Fe, Mn, Ni, Pb, Cr, Co, Cd, Hg, As and Be. The most important and interesting results concerning both thermal treatment removal efficiency and associated human health risk assessments were achieved concerning Cd, Pb and Ni contaminants. The behavior of Cadmium (Cd, Lead (Pb and Nickel (Ni concentrations from heavy metals incineration soil has been analyzed for three incineration temperatures (600°C, 800°C and 1000°C and two resident times of soil within the incineration reactor (30 min. and 60 min.. In this case, the level of contaminants in the treated soil can be reduced but not enough to ensure an acceptable risk for human health.

  7. The IRSN 2008 barometer. The opinion on risks and security of the French population. Global results

    International Nuclear Information System (INIS)

    2008-01-01

    This report presents and comments the results of a survey during which a sample of the French population has been questioned on their current concerns (about the society, about the environment, about quantitative criteria of risk management and about the image of science), on their opinion of scientific expertise (who should control a risky installation, the role and image of experts, the access to expertise files, the perception of pluralist structures), the opinion on 31 risk situations (risks to which French people feel exposed, confidence in authorities, truth of information on hazards, hierarchy of the 31 situations), the opinion on the nuclear activity and industry (the nuclear risk, the credibility and expertise of interveners), incidents which occurred in 2007, the demand of information on the nuclear risk), and on their opinion about radiotherapy accidents in France

  8. What we need to know ...and when. Educating the public about nuclear terrorist risks can help raise levels of security

    International Nuclear Information System (INIS)

    Khripunov, I.

    2006-01-01

    Nuclear power infrastructures could be the target of terrorist acts of theft, sabotage, unauthorized access or other malicious acts given their radiological and chemical content and potential for building weapons. Attacks on its major components, including fuel production, reactors, waste handling, and reprocessing facilities, would lead to serious consequences-even if there is little or no damage to a nuclear power plant itself and other related structures. Public fear of nuclear radiation, in combination with a possibly massive resultant blackout and other aggravating factors, could create significant distress and panic. In other words, successful terrorist attempts to attack nuclear power infrastructure can easily bring about systemic disaster. Systemic risks impact society on a large scale and their effects may spread much further from the original hazardous source. Those risks widely affect systems that society depends on, such as health, transport, environment, telecommunications. Their consequences may be technical, social, environmental, psychological and economic and involve different stakeholders. In this context, however, one important stakeholder has been under-appreciated, under-utilized and somewhat misunderstood: the general public. The nuclear power infrastructure must learn how to efficiently communicate to the public and develop better options for public risk communication that relate to deliberate attacks or accidents. The public is also a challenging stockholder because citizens are deeply split regarding the acceptability and value of nuclear power generation and tend to express their feelings emotionally. However, there is growing recognition that because of skyrocketing oil prices and evidence of the greenhouse effect, nuclear power may be approaching renaissance. Hence, the public must no longer be looked upon only as potential victims or panicked masses but rather as an important contributing factor for better nuclear security throughout

  9. An Updated Comprehensive Risk Analysis for Radioisotopes Identified of High Risk to National Security in the Event of a Radiological Dispersion Device Scenario

    Science.gov (United States)

    Robinson, Alexandra R.

    An updated global survey of radioisotope production and distribution was completed and subjected to a revised "down-selection methodology" to determine those radioisotopes that should be classified as potential national security risks based on availability and key physical characteristics that could be exploited in a hypothetical radiological dispersion device. The potential at-risk radioisotopes then were used in a modeling software suite known as Turbo FRMAC, developed by Sandia National Laboratories, to characterize plausible contamination maps known as Protective Action Guideline Zone Maps. This software also was used to calculate the whole body dose equivalent for exposed individuals based on various dispersion parameters and scenarios. Derived Response Levels then were determined for each radioisotope using: 1) target doses to members of the public provided by the U.S. EPA, and 2) occupational dose limits provided by the U.S. Nuclear Regulatory Commission. The limiting Derived Response Level for each radioisotope also was determined.

  10. An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System

    Directory of Open Access Journals (Sweden)

    Halima Ibrahim Kure

    2018-05-01

    Full Text Available A cyber-physical system (CPS is a combination of physical system components with cyber capabilities that have a very tight interconnectivity. CPS is a widely used technology in many applications, including electric power systems, communications, and transportation, and healthcare systems. These are critical national infrastructures. Cybersecurity attack is one of the major threats for a CPS because of many reasons, including complexity and interdependencies among various system components, integration of communication, computing, and control technology. Cybersecurity attacks may lead to various risks affecting the critical infrastructure business continuity, including degradation of production and performance, unavailability of critical services, and violation of the regulation. Managing cybersecurity risks is very important to protect CPS. However, risk management is challenging due to the inherent complex and evolving nature of the CPS system and recent attack trends. This paper presents an integrated cybersecurity risk management framework to assess and manage the risks in a proactive manner. Our work follows the existing risk management practice and standard and considers risks from the stakeholder model, cyber, and physical system components along with their dependencies. The approach enables identification of critical CPS assets and assesses the impact of vulnerabilities that affect the assets. It also presents a cybersecurity attack scenario that incorporates a cascading effect of threats and vulnerabilities to the assets. The attack model helps to determine the appropriate risk levels and their corresponding mitigation process. We present a power grid system to illustrate the applicability of our work. The result suggests that risk in a CPS of a critical infrastructure depends mainly on cyber-physical attack scenarios and the context of the organization. The involved risks in the studied context are both from the technical and

  11. Security Bingo

    CERN Multimedia

    Computer Security Team

    2011-01-01

    Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

  12. Socio-Hydrological Observatory for Water Security (SHOWS): Examples of Adaptation Strategies With Next Challenges from Brazilian Risk Areas

    Science.gov (United States)

    Souza, F. A. A. D.; Mendiondo, E. M.; Taffarello, D.; Guzmán-Arias, D.; Fava, M. C.; Abreu, F.; Freitas, C. C.; de Macedo, M. B.; Estrada, C. R.; do Lago, C. A.

    2017-12-01

    In Brazil, more than 40,000 hot-spot areas, with vulnerable human settlements with ca. 120 million inhabitants and responsible of 60% of Brazilian Gross Net Product, are threatened by hydrological-driven disaster risks. In these areas, local resilient actions and adaptation strategies do integrate the current Brazilian Act and Regulation of Laws of urban waters, climate change and civil protection. However, these initiatives are still under slow progress, especially to cope with floods, landslides, droughts, progressive biodiversity losses and energy burnouts. Here we address these hot-spots through the concept of Socio-Hydrological Observatory for Water Security (SHOWS), with a mix of adaptation strategies, open-source, big data analysis and societal feedbacks. On the one hand, SHOWS merges strategies like the dynamic framework of water security (Srinivasan et al, 2017), drought risk mapping (Rossato et al, 2017) and water securitization under varying water demand and climate change until year 2100 (Mohor & Mendiondo, 2017; Guzmán-Arias et al, 2017). SHOWS acknowledges different perspectives of water insecurity, several spatiotemporal scales and regime shifts in socio-hydrologic systems. On the one hand, SHOWS links field monitoring during water insecurity hazards (Taffarello et al, 2016), ecosystem-based adaptation networks, and decision-making and big data sources to disaster management (Horita et al, 2017). By using selected examples from two Brazilian running interdisciplinary research aliances, i.e. CAPES-ProAlertas CEMADEN-CEPED/USP and the CNPq/FAPESP National Institute of Science & Technology on Climate Change-II Water Security, we also face the limits, the pros and cons of SHOWS' assumptions. Through real-cases paradoxes, (i.e. 2013/2014 drought), water dashboards and coevolution trends (i.e. impacts on river basin committees from scenarios until 2050, 2100 in NE & SE Brazil), SHOWS helps on guiding decisionmaking for next societal steps of water

  13. An Online Risk Monitor System (ORMS) to Increase Safety and Security Levels in Industry

    International Nuclear Information System (INIS)

    Zubair, M; Ur Rahman, Khalil; Ul Hassan, Mehmood

    2013-01-01

    The main idea of this research is to develop an Online Risk Monitor System (ORMS) based on Living Probabilistic Safety Assessment (LPSA). The article highlights the essential features and functions of ORMS. The basic models and modules such as, Reliability Data Update Model (RDUM), running time update, redundant system unavailability update, Engineered Safety Features (ESF) unavailability update and general system update have been described in this study. ORMS not only provides quantitative analysis but also highlights qualitative aspects of risk measures. ORMS is capable of automatically updating the online risk models and reliability parameters of equipment. ORMS can support in the decision making process of operators and managers in Nuclear Power Plants

  14. An Online Risk Monitor System (ORMS) to Increase Safety and Security Levels in Industry

    Science.gov (United States)

    Zubair, M.; Rahman, Khalil Ur; Hassan, Mehmood Ul

    2013-12-01

    The main idea of this research is to develop an Online Risk Monitor System (ORMS) based on Living Probabilistic Safety Assessment (LPSA). The article highlights the essential features and functions of ORMS. The basic models and modules such as, Reliability Data Update Model (RDUM), running time update, redundant system unavailability update, Engineered Safety Features (ESF) unavailability update and general system update have been described in this study. ORMS not only provides quantitative analysis but also highlights qualitative aspects of risk measures. ORMS is capable of automatically updating the online risk models and reliability parameters of equipment. ORMS can support in the decision making process of operators and managers in Nuclear Power Plants.

  15. Global thermal niche models of two European grasses show high invasion risks in Antarctica.

    Science.gov (United States)

    Pertierra, Luis R; Aragón, Pedro; Shaw, Justine D; Bergstrom, Dana M; Terauds, Aleks; Olalla-Tárraga, Miguel Ángel

    2017-07-01

    The two non-native grasses that have established long-term populations in Antarctica (Poa pratensis and Poa annua) were studied from a global multidimensional thermal niche perspective to address the biological invasion risk to Antarctica. These two species exhibit contrasting introduction histories and reproductive strategies and represent two referential case studies of biological invasion processes. We used a multistep process with a range of species distribution modelling techniques (ecological niche factor analysis, multidimensional envelopes, distance/entropy algorithms) together with a suite of thermoclimatic variables, to characterize the potential ranges of these species. Their native bioclimatic thermal envelopes in Eurasia, together with the different naturalized populations across continents, were compared next. The potential niche of P. pratensis was wider at the cold extremes; however, P. annua life history attributes enable it to be a more successful colonizer. We observe that particularly cold summers are a key aspect of the unique Antarctic environment. In consequence, ruderals such as P. annua can quickly expand under such harsh conditions, whereas the more stress-tolerant P. pratensis endures and persist through steady growth. Compiled data on human pressure at the Antarctic Peninsula allowed us to provide site-specific biosecurity risk indicators. We conclude that several areas across the region are vulnerable to invasions from these and other similar species. This can only be visualized in species distribution models (SDMs) when accounting for founder populations that reveal nonanalogous conditions. Results reinforce the need for strict management practices to minimize introductions. Furthermore, our novel set of temperature-based bioclimatic GIS layers for ice-free terrestrial Antarctica provide a mechanism for regional and global species distribution models to be built for other potentially invasive species. © 2017 John Wiley & Sons Ltd.

  16. Managing cyber-risk and security in the global supply chain: a systems analysis approach to risk, structure and behaviour

    DEFF Research Database (Denmark)

    Sepúlveda Estay, Daniel Alberto

    -term legal ramifications. As a result, little information about attacks and their consequences is published. Supply chains continue to prepare for cyber-attacks through a mix of traditional risk and resilience frameworks, protecting their networks through patches, firewalls and antiviruses, or financially...

  17. The IRSN 2010 barometer. The opinion on risks and security of the French population. Global results

    International Nuclear Information System (INIS)

    2010-01-01

    This report presents and comments the results of a survey during which a sample of the French population has been questioned on their current concerns (about the society, about the environment, about the image of science), on their opinion on scientific expertise (who should control a risky installation, the role and image of experts, the access to expertise files, the perception of pluralist structures), the opinion on 32 risk situations (risks to which French people feel exposed, confidence in authorities, truth of information on hazards, hierarchy of the 32 situations), the opinion on the nuclear activity and industry (the nuclear risk, the credibility and expertise of interveners, incidents which occurred in 2008, the demand of information on the nuclear risk)

  18. The IRSN 2009 barometer. The opinion on risks and security of the French population. Global results

    International Nuclear Information System (INIS)

    2009-01-01

    This report presents and comments the results of a survey during which a sample of the French population has been questioned on their current concerns (about the society, about the environment, about the image of science), on their opinion on scientific expertise (who should control a risky installation, the role and image of experts, the access to expertise files, the perception of pluralist structures), the opinion on 31 risk situations (risks to which French people feel exposed, confidence in authorities, truth of information on hazards, hierarchy of the 31 situations), the opinion on the nuclear activity and industry (the nuclear risk, the credibility and expertise of interveners, incidents which occurred in 2008, the demand of information on the nuclear risk)

  19. Cognitive maps for risk assessment in providing cloud computing data security

    OpenAIRE

    Konrad, U.; Penzina, V.

    2013-01-01

    Cloud Computing (CC) became a new milestone in era of information technology. Almost unlimited possibilities for the storing information, data processing and virtual machine creation discovered unique perspectives. However, new technologies bring new threats, risks and serious consequences.

  20. Notes on risks analysis and security management in a hospital organization: a case study in a city of Rio de Janeiro

    Directory of Open Access Journals (Sweden)

    Priscila Carneiro Hamada

    2016-04-01

    Full Text Available This study aimed to analyze the processes of security management in a hospital in a big city at Rio de Janeiro’s State. The research method used was case study, strategy chosen by include both direct observation as a series of interviews. The obtained results allowed to highlight the importance of security management in a hospital, educate employees, assess risk scenarios, control the logistics flows of patients and contaminated products and waste.

  1. Water security, risk and economic growth: lessons from a dynamical systems model

    Science.gov (United States)

    Dadson, Simon; Hall, Jim; Garrick, Dustin; Sadoff, Claudia; Grey, David; Whittington, Dale

    2016-04-01

    Investments in the physical infrastructure, human capital, and institutions needed for water resources management have been a noteworthy feature in the development of most civilisations. These investments affect the economy in two distinct ways: (i) by improving the factor productivity of water in multiple sectors of the economy, especially those that are water intensive such as agriculture and energy; and (ii) by reducing the acute and chronic harmful effects of water-related hazards like floods, droughts, and water-related diseases. The need for capital investment to mitigate these risks in order to promote economic growth is widely acknowledged, but prior work to conceptualise the relationship between water-related risks and economic growth has focused on the productive and harmful roles of water in the economy independently. Here the two influences are combined using a simple, dynamical model of water-related investment, risk, and growth at the national level. The model suggests the existence of a context-specific threshold above which growth proceeds along an 'S'-curve. In many cases there is a requirement for initial investment in water-related assets to enable growth. Below the threshold it is possible for a poverty trap to arise. The presence and location of the poverty trap is context-specific and depends on the relative exposure of productive water-related assets to risk, compared with risks faced by assets in the wider economy. Exogenous changes in the level of water-related risk (through, for example, climate and land cover change) can potentially push an economy away from a growth path towards a poverty trap. These results illustrate the value of accounting for environmental risk in models of economic growth and may offer guidance in the design of robust policies for investment in water-related productive assets to manage risk, particularly in the face of global and regional environmental change.

  2. A Pilot Examination of the Methods Used to Counteract Insider Threat Security Risks Associated with the Use of Radioactive Materials in the Research and Clinical Setting.

    Science.gov (United States)

    Tsenov, B G; Emery, R J; Whitehead, L W; Gonzalez, J Reingle; Gemeinhardt, G L

    2018-03-01

    While many organizations maintain multiple layers of security control methodologies to prevent outsiders from gaining unauthorized access, persons such as employees or contractors who have been granted legitimate access can represent an "insider threat" risk. Interestingly, some of the most notable radiological events involving the purposeful contamination or exposure of individuals appear to have been perpetrated by insiders. In the academic and medical settings, radiation safety professionals focus their security efforts on (1) ensuring controls are in place to prevent unauthorized access or removal of sources, and (2) increasing security controls for the unescorted accessing of large sources of radioactivity (known as "quantities of concern"). But these controls may not completely address the threat insiders represent when radioactive materials below these quantities are present. The goal of this research project was to characterize the methodologies currently employed to counteract the insider security threat for the misuse or purposeful divergence of radioactive materials used in the academic and medical settings. A web-based survey was used to assess how practicing radiation safety professionals in academic and medical settings anticipate, evaluate, and control insider threat security risks within their institutions. While all respondents indicated that radioactive sources are being used in amounts below quantities of concern, only 6 % consider insider threat security issues as part of the protocol review for the use of general radioactive materials. The results of this survey identify several opportunities for improvement for institutions to address security gaps.

  3. Electrical markets, energy security and technology diversification: nuclear as cover against gas and carbon price risks?

    International Nuclear Information System (INIS)

    Roques, F.A.; Newbery, D.M.; Nuttall, W.J.; Neufville, R. de

    2005-01-01

    Recent tension in the oil and gas markets has brought back the concept of energy offer diversification. Electrical production technology diversification in a country helps improve the security of supply and make up for the negative effects of hydrocarbons price variations. The portfolio and real options theories help to quantify the optimum diversification level for a country or a power company. The cover value of a nuclear investment for a power company facing cost uncertainties (price of gas and of carbon dioxide emission permit) and proceeds (price of electricity) is assessed. A strong link between the prices of gas and electricity reduces incentives to private producers to diversify, disputing the capacity of a liberalized electrical market to achieve optimum technology diversity from a domestic point of view. (authors)

  4. Surviving security how to integrate people, process, and technology

    CERN Document Server

    Andress, Amanda

    2003-01-01

    WHY DO I NEED SECURITY? Introduction The Importance of an Effective Security Infrastructure People, Process, and Technology What Are You Protecting Against? Types of Attacks Types of Attackers Security as a Competitive Advantage Choosing a Solution Finding Security Employees The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK What Is Risk? Embracing Risk Information Security Risk Assessment Assessing Risk Insurance SECURITY POLICIES AND PROCEDURES Internal Focus Is Key Security Awareness and Education Policy Life Cycle Developing Policies Components of a Security Policy Sample Security Po

  5. The IRSN 2012 barometer. The opinion on risks and security of the French population. Global results

    International Nuclear Information System (INIS)

    El Jammal, Marie-Helene; Rollinger, Francois; Mur, Emmanuelle

    2012-01-01

    This report presents and comments the results of a survey during which a sample of the French population has been questioned on their current concerns (what is the most concerning issue in the present society and in the environment, science within concerns), on their opinion on scientific expertise (who should control a risky installation, the role and image of experts, the access to expertise files, the perception of pluralist structures), on their opinion on 33 risk situations (risks to which French people feel exposed, confidence in authorities to protect them, truth of information on hazards, hierarchy of the 33 situations), on their opinion on the nuclear activity and industry (the nuclear risk, the credibility and expertise of interveners), and on the Fukushima accident (perception of the accident, quality of information, expectations on the assessment of nuclear power stations)

  6. Emerging information technologies in accounting and related security risks – what is the impact on the Romanian accounting profession

    Directory of Open Access Journals (Sweden)

    Sînziana-Maria Rîndașu

    2017-12-01

    Full Text Available This study investigates whether aspiring and professional accountants understand the benefits and security challenges brought by emerging technologies such as: Big Data, data analytics, cloud computing and mobile technologies. 115 participants took part in a survey during January and February 2017, all having at least one year of practical experience in accounting or audit and 80% of them being affiliated with national or international accounting professional bodies. The research has three key findings: (1 Professional accountants and auditors are having in average a theoretical knowledge of the emerging technologies in the accounting field, but they still need to enhance their skills to exploit them efficiently, (2 Mobile technologies started to be adopted by the Romanian practitioners and (3 The profession has become aware of the security risks brought by emerging technologies in the digital accounting. The accounting profession is on the verge of change and the practitioners do not yet possess sufficient skills regarding the analyzed emerging technologies. As per this, the professional bodies and academic environment should reassess their curricula to enforce the necessary changes for preparing practitioners to successfully face the future challenges and avoid their replacement by other professions more qualified.

  7. Center for computer security: Computer Security Group conference. Summary

    Energy Technology Data Exchange (ETDEWEB)

    None

    1982-06-01

    Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

  8. Security dialogues: building better relationships between security and business

    OpenAIRE

    Ashenden, Debi; Lawrence, Darren

    2016-01-01

    In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes. By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.

  9. Initial risk assessment for a single stage to orbit nuclear thermal rocket

    Energy Technology Data Exchange (ETDEWEB)

    Labib, Satira, E-mail: Satira.Labib@duke-energy.com; King, Jeffrey, E-mail: kingjc@mines.edu

    2015-06-15

    Highlights: • The risks posed by the surface launch of a nuclear thermal rocket are considered. • Radiation exposure at the public viewing distance is insignificant. • Production of fission products and actinides during launch is limited. • The production of activated argon around the rocket may be a significant concern. - Abstract: In order to consider the possibility of a nuclear thermal rocket (NTR) ground launch, it is necessary to evaluate the risks from such a launch. This includes analysis of the radiation dose rate around the rocket, determining the rate of activation of the materials near the launch, and considering the radionuclides present in the core after the launch. This paper evaluates the potential risk of the NTR ground launch for a range of payloads from 1 to 15 metric tons (MT) using three NTR reactor cores (40, 80, and 120 cm in length) designed in a previous study, based on data produced by MCNP5 and MCNPX models. At the same power level, the 40 cm core length reactor results in the lowest radiation dose rate of the three reactors. Radiation dose rates decrease to background levels 3.5 km from the launch site. After a 1-year decay time, all of the activated materials produced by an NTR launch would be classified as Class A low-level waste. The activation of air produces significant amounts of argon-41 and nitrogen-16 within 100 m of the launch. The derived air concentration (DAC) ratio of the activation products decays to less than unity within 2 days, with only argon-41 remaining. After 10 min of full power operation, the 120 cm core for a 15 MT payload contains 2.5 × 10{sup 13}, 1.4 × 10{sup 12} and 1.5 × 10{sup 12} Bq of {sup 131}I, {sup 137}Cs, and {sup 90}Sr, respectively. The decay heat after shutdown increases with increasing reactor power with a maximum decay heat of 108 kW immediately after shutdown for the 15 MT payload.

  10. When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist.

    Science.gov (United States)

    Blanke, Sandra J; McGrady, Elizabeth

    2016-07-01

    Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on "best practices." Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. © 2016 American Society for Healthcare Risk Management of the American Hospital Association.

  11. A macro-economic framework for evaluation of cyber security risks related to protection of intellectual property.

    Science.gov (United States)

    Andrijcic, Eva; Horowitz, Barry

    2006-08-01

    The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.

  12. A new cyber security risk evaluation method for oil and gas SCADA based on factor state space

    International Nuclear Information System (INIS)

    Yang, Li; Cao, Xiedong; Li, Jie

    2016-01-01

    Based on comprehensive analysis of the structure and the potential safety problem of oil and gas SCADA(Supervisor control and data acquisition) network, aiming at the shortcomings of traditional evaluation methods, combining factor state space and fuzzy comprehensive evaluation method, a new network security risk evaluation method of oil and gas SCADA is proposed. First of all, formal description of factor state space and its complete mathematical definition were presented; secondly, factor fuzzy evaluation steps were discussed; then, using analytic hierarchy method, evaluation index system for oil and gas SCADA system was established, the index weights of all factors were determined by two-two comparisons; structure design of three layers in reasoning machine was completed. Experiments and tests show that the proposed method is accurate, reliable and practical. Research results provide the template and the new method for the other industries.

  13. Edgeware Security Risk Management: A Three Essay Thesis on Cloud, Virtualization and Wireless Grid Vulnerabilities

    Science.gov (United States)

    Brooks, Tyson T.

    2013-01-01

    This thesis identifies three essays which contribute to the foundational understanding of the vulnerabilities and risk towards potentially implementing wireless grid Edgeware technology in a virtualized cloud environment. Since communication networks and devices are subject to becoming the target of exploitation by hackers (e.g. individuals who…

  14. Examining Long Term Climate Related Security Risks through the Use of Gaming and Scenario Planning

    Science.gov (United States)

    2016-10-24

    for example, the India player felt they had to achieve near-peer military parity with the China and Southwest Asia players before they would invest...the game scenario, we use gender neutral pronouns (e.g., they, their) throughout. 1. David King et al., Climate Change: A Risk Assessment, ed

  15. Critical visualization: a case for rethinking how we visualize risk and security

    NARCIS (Netherlands)

    Hall, Peter; Heath, Claude; Coles-Kemp, Lizzie

    2015-01-01

    In an era of high-profile hacks, information leaks and cybercrime, cybersecurity is the focus of much corporate and state-funded research. Data visualization is regarded as an important tool in the detection and prediction of risk and vulnerability in cybersecurity, but discussion tends to remain at

  16. Assessing future risks to agricultural productivity, water resources and food security: How can remote sensing help?

    Science.gov (United States)

    Thenkabail, Prasad S.; Knox, Jerry W.; Ozdogan, Mutlu; Gumma, Murali Krishna; Congalton, Russell G.; Wu, Zhuoting; Milesi, Cristina; Finkral, Alex; Marshall, Mike; Mariotto, Isabella; You, Songcai; Giri, Chandra; Nagler, Pamela

    2012-01-01

    Although global food production has been rising, the world sti ll faces a major food security challenge. Over one billion people are currently undernourished (Wheeler and Kay, 2010). By the 2050s, the human population is projected to grow to 9.1 billion. Over three-quarters of these people will be living in developing countries, in regions that already lack the capacity to feed their populations . Under current agricultural practices, the increased demand for food would require in excess of one billion hectares of new cropland, nearly equivalent to the land area of the United States, and would lead to significant increases in greenhouse gases (Tillman et al., 2011). Since climate is the primary determinant of agricultural productivity, changes to it will influence not only crop yields, but also hydrologic balances and supplies of inputs to managed farming systems, and may lead to a shift in the geographic location of some crops . Therefore, not only must crop productivity (yield per unit of land; kg/m2) increase, but water productivity (yield per unit of water or "crop per drop"; kg/m3) must increase as well in order to feed a burgeoning population against a backdrop

  17. Demographics and Volatile Social Security Wealth: Political Risks of Benefit Rule Changes in Germany

    OpenAIRE

    Christoph Borgmann; Matthias Heidler

    2003-01-01

    In this paper we address the question how the generosity of the benefit rule of the German public pension system has changed during the past three decades and how this development can be explained by demographic changes. Firstly, we illustrate the political risk of benefit rule changes for individuals. We find that depending on the birth year and the considered scenario the relative losses vary between 30 and nearly 60 percent. Secondly, we estimate how demographic developments have triggered...

  18. Critical visualization: a case for rethinking how we visualize risk and security

    OpenAIRE

    Hall, Peter; Heath, Claude; Coles-Kemp, Lizzie

    2015-01-01

    In an era of high-profile hacks, information leaks and cybercrime, cybersecurity is the focus of much corporate and state-funded research. Data visualization is regarded as an important tool in the detection and prediction of risk and vulnerability in cybersecurity, but discussion tends to remain at the level of the usability of visualization tools and how to reduce the cognitive load on the consumers of the visualizations. This focus is rooted in a desire to simplify the complexity of cybers...

  19. Bring-Your-Own-Device (BYOD): An Evaluation of Associated Risks to Corporate Information Security

    OpenAIRE

    Yeboah-Boateng, Ezer Osei; Boaten, Francis Edmund

    2016-01-01

    This study evaluates the cyber-risks to Business Information Assets posed by the adoption of Bring-Your-Own-Device (BYOD) to the workplace. BYOD is an emerging trend where employees bring and use personal computing devices on the companys network to access applications and sensitive data like emails, calendar and scheduling applications, documents, etc. Employees are captivated by BYOD because they can have access to private items as well as perform certain job functions while being unrestric...

  20. A cooperative building up of care security: patient participation to risk management in radiotherapy

    International Nuclear Information System (INIS)

    Pernet, A.; Mollo, V.; Giraud, P.

    2010-01-01

    Based on observations of radiotherapy consultations, interviews of professionals (physicians and operators), of ex-patients and patients under treatment, and on analysis of questionnaires sent to patients, this study aimed at understanding how, and to which levels, participation of patients can optimize risk management. It outlines the major role of therapeutic information and education of patients, but also of health professionals, in order to reach a shared cooperative management of cares. Short communication

  1. IRSN 2014 opinion survey - The perception of risks and security by the French population. Global results

    International Nuclear Information System (INIS)

    El Jammal, Marie-Helene; Mur, Emmanuelle; Rollinger, Francois; Schuler, Matthieu; Tchernia, Jean-Francois

    2014-06-01

    A first and synthetic part of this report comments the most remarkable results of the opinion survey. It first addresses results related to a context of economic crisis (importance of the economic crisis and unemployment as major concerns for French people, environmental concerns) and then analyzes the different aspects of the nuclear risk, from the accident to nuclear safety: strong fears of a nuclear accident, Fukushima and Chernobyl are immediately present in people's mind, concerns about nuclear are also related to the environment and health, the actual benefit of nuclear is an economic one, nuclear safety is a major challenge on which French people doubt, French people wish a citizen look on nuclear safety, the opinion of French people on nuclear worsened in 2013. Then, this report, illustrated by several graphs, presents and discusses the results of an annual opinion survey on the present concerns of French people (in the present society, for the environment, and as far as science is concerned), the opinion of French people on expertise (about who must control a risky installation, about the role and image of scientific experts, about the diffusion and sharing of scientific expertise, and about the perception of pluralistic structures), on the attitude of French people in front of 33 risk situations (risks to which French people feel exposed to, confidence of French people in authorities to protect them, the truth of information on hazards, the hierarchy of 33 situations according to 3 aspects and their relationship with installation acceptability). The fourth part addresses more particularly the nuclear sector: expectations in terms of nuclear risk management, fear of a serious accident, benefits and drawbacks of nuclear energy, skill and credibility of interveners. Graphs notably present the evolution of opinions with respect to last year or over the past years

  2. [Perceived risks and victimization of military and civil police in the public (in)security domain].

    Science.gov (United States)

    Minayo, Maria Cecília de Souza; Souza, Edinilsa Ramos de; Constantino, Patrícia

    2007-11-01

    This study was based on a larger survey on the socioeconomic, quality-of-life, occupational, and health characteristics of military and civil police in the State of Rio de Janeiro, Brazil. The study triangulated quantitative methods (an anonymous questionnaire in a random sample of clusters involving 46 police units and 2,678 police force members) and qualitative ones (18 focus groups with 143 police force members, 24 individual semi-structured interviews, and field observations). The article specifically approaches the issues of victimization and perceived risks among on-duty and off-duty police. Data were processed and analyzed according to risk-related variables. We performed a content analysis, comparing strata within and between police forces, according to thematic lines. This empirical approach is supported by secondary data analyses. According to our analysis, the police are the greatest victims in the performance of their duties, especially military police and those from both forces involved in direct law enforcement activities. Different variables are associated with risk in the two forces, with an emphasis on work conditions and especially involvement in other activities during their official off-duty time.

  3. 21st Century Security Manager

    Directory of Open Access Journals (Sweden)

    Stelian ARION

    2010-11-01

    Full Text Available We live in world of uncertainty that generates major paradigms changing that affect security risk management. Modern organization’s security risks management can’t be done without a profound knowlegde and daily practice for security governance, security risk management and resilience. 21st Century security manager need to deal with several areas of konwledge in order to succesfully manage security risks. The document presents the advantages, disadvantages and challenges for security managers thah have government backgroud, or IT security backgroud, or are promoted from organization’s inside leaders. There are six different areas of knowledge that successful security programs of the future must incorporate, either in the knowledge base of their leaders or in the collective knowledge of the leading staff. They are government elements, security organization, emerging issue awareness, IT security, business elements and executive leadership.

  4. Critical thinking: assessing the risks to the future security of supply of critical metals

    Science.gov (United States)

    Gunn, Gus

    2015-04-01

    Increasing world population, the spread of prosperity across the globe and the demands of new technologies have led to a revival of concerns about the availability of raw materials needed by society. Despite scare stories about resource depletion, physical exhaustion of minerals is considered to be unlikely. However, we do need to know which materials might be of concern so that we can develop strategies to secure adequate supplies and to mitigate the effects of supply disruption. This requirement has led to renewed interest in criticality, a term that is generally used to refer to metals and minerals of high economic importance that have a relatively high likelihood of supply disruption. The European Union (EU) developed a quantitative methodology for the assessment of criticality which led to the definition of 14 raw materials as critical to the EU economy (EC, 2010). This has succeeded in raising awareness of potential supply issues and in helping to prioritise requirements for new policies and supporting research. The EU has recently assessed a larger number of candidate materials of which 20 are now identified as critical to the EU (EC, 2014). These include metals such as indium, mostly used in flat-screen displays, antimony for flame retardants and cobalt for rechargeable batteries, alloys and a host of other products. Although there is no consensus on the methodology for criticality assessments and broad analyses at this scale are inevitably imperfect, they can, nevertheless, provide early warning of supply problems. However, in order to develop more rigorous and dynamic assessments of future availability detailed analysis of the whole life-cycle of individual metals to identify specific problems and develop appropriate solutions is required. New policies, such as the Raw Materials Initiative (2008) and the European Innovation Partnership on Raw Materials (2013), have been developed by the European Commission (EC) and are aimed at securing sustainable

  5. Risk management framework a lab-based approach to securing information systems

    CERN Document Server

    Broad, James

    2013-01-01

    The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly im

  6. Safe and secure at work?: findings from the 2002 Workplace Risk Supplement.

    Science.gov (United States)

    Jenkins, E Lynn; Fisher, Bonnie S; Hartley, Dan

    2012-01-01

    To examine employee's perception of safety and related workplace safety and prevention issues, including their use of self-protection measures and victimization experience. The Workplace Risk Supplement (WRS) to the National Crime Victimization Survey (NCVS) was administered to 55,158 employed respondents who were 16 years or older. Trained U.S. Census Bureau interviewers administered the WRS in all households selected for the NCVS during the 6-month reference period from January through June 2002. Responses from the 55,158 WRS respondents were weighted to obtain national estimates, resulting in 142,410,858 cases. The demographic distribution of WRS respondents is very similar to that of the U.S. labor force. Seven percent of respondents reported that they worried about someone in their workplace attacking them, while nearly 4% experienced victimization. The majority indicated that they felt that their workplace, the neighborhood around their workplace, and places they traveled to as part of their job were either "Very Safe" or "Somewhat Safe" from crime. Six percent carried some type of self protection while at work although this varied by occupation. Employees largely feel safe from violence while working. Differences in victimization by occupation bolster efforts to focus workplace violence prevention in high-risk occupations.

  7. Dynamic model of minimax control over economic security state of the region in the presence of risks

    Directory of Open Access Journals (Sweden)

    Andrey Fedorovich Shorikov

    2012-06-01

    Full Text Available Investigation and solution of management of economic security state in the region (MESSR requires development of a dynamic economic-mathematical model that takes into account the presence of control actions, uncontrolled parameters (risk modeling errors, etc. and availability of information deficit. At the same time, the existing approaches to solving such problems are based primarily on static models and the use of stochastic modeling of the device, which is required for the application of knowledge of the probability characteristics of the main model parameters and special conditions for the realization of the process. We should note that to use the apparatus of stochastic modeling, very strict conditions are required, which in practice are usually not feasible in advance In this paper, we propose to use a deterministic approach for modeling and solving the original problem in the form of a dynamic programming problem of minimax control (optimization of a guaranteed result MESSR at the determined point of time, taking into account the availability of risks of deterministic and stochastic nature (combined risks model. At thesametime, under therisks in thesocial and economic system we understand thefactors that negatively catastrophically affect the results of the reviewed processes inside it. For an effective use, a technique of prediction and assessment of time rows and stochastic risks in MESSR optimization process is presented, which can serve as a basis for the development of appropriate computer software. To solve the problem of program minimax control MESSR in the presence of risks, we propose a method which is reduced to the realization of a finite number of solutions of linear and convex mathematical programming and discrete optimization problem. The proposed method makes it possible to develop efficient numerical procedures to implement computer simulation of the dynamics of the problem, build program minimax control and gain optimal

  8. Microsoft Azure security

    CERN Document Server

    Freato, Roberto

    2015-01-01

    This book is intended for Azure administrators who want to understand the application of security principles in distributed environments and how to use Azure to its full capability to reduce the risks of security breaches. Only basic knowledge of the security processes and services of Microsoft Azure is required.

  9. Stochastic Optimization of Supply Chain Risk Measures –a Methodology for Improving Supply Security of Subsidized Fuel Oil in Indonesia

    Directory of Open Access Journals (Sweden)

    Adinda Yuanita

    2015-08-01

    Full Text Available Monte Carlo simulation-based methods for stochastic optimization of risk measures is required to solve complex problems in supply security of subsidized fuel oil in Indonesia. In order to overcome constraints in distribution of subsidized fuel in Indonesia, which has the fourth largest population in the world—more than 250,000,000 people with 66.5% of productive population, and has more than 17,000 islands with its population centered around the nation's capital only—it is necessary to have a measurable and integrated risk analysis with monitoring system for the purpose of supply security of subsidized fuel. In consideration of this complex issue, uncertainty and probability heavily affected this research. Therefore, this research did the Monte Carlo sampling-based stochastic simulation optimization with the state-of-the-art "FIRST" parameter combined with the Sensitivity Analysis to determine the priority of integrated risk mitigation handling so that the implication of the new model design from this research may give faster risk mitigation time. The results of the research identified innovative ideas of risk based audit on supply chain risk management and new FIRST (Fairness, Independence, Reliable, Sustainable, Transparent parameters on risk measures. In addition to that, the integration of risk analysis confirmed the innovative level of priority on sensitivity analysis. Moreover, the findings showed that the new risk mitigation time was 60% faster than the original risk mitigation time.

  10. [Remedy for shortage or risk for national security? The search for oil in Switzerland].

    Science.gov (United States)

    Haller, Lea; Gisler, Monika

    2014-03-01

    Over several decades, geologists, entrepreneurs, politicians, and public authorities dealt with a potential petroleum occurrence in Switzerland. They provided scientific expertise, granted concessions, invested capital and sank bore holes. Although the endeavour was never successful economically, it reveals how closely related geopolitical situations and the exploitation of natural resources were. This article investigates the search for crude oil in Switzerland from the 1930s until the 1960s, combining a history of science and technology perspective with a history of the political regulations and economic considerations concerning the extractive industry. It traces the changing fears and hopes about potential oil occurrences in Switzerland: From an investment to overcome future shortages, to the risk of imperial desires if oil would be found in abundance.

  11. Risky business. Fossil risk mitigation and enhanced energy security from renewables

    International Nuclear Information System (INIS)

    Awerbuch, S.

    2006-01-01

    It is argued that the cost estimates associated with the development and diversification of energy policies may be flawed. The document points out that renewables such as wind can be used as a hedge against risk in a balanced portfolio. The calculation of future generating costs is a crucial factor to be taken into account but the figures for the future are highly uncertain. It is argued that traditional electricity costs, in terms of kWh, are unreliable and should be given little weight in energy policy deliberations. It is suggested that investor groups should be asked to submit firm fixed-price bids for providing wind, coal and gas-base electricity over the next 25-30 years. Wind and other fixed-cost energy sources can help nations avoid costly economic consequences stemming from fluctuation in the price of oil

  12. ICT security management

    OpenAIRE

    SCHREURS, Jeanne; MOREAU, Rachel

    2007-01-01

    Security becomes more and more important and companies are aware that it has become a management problem. It’s critical to know what are the critical resources and processes of the company and their weaknesses. A security audit can be a handy solution. We have developed BEVA, a method to critically analyse the company and to uncover the weak spots in the security system. BEVA results also in a general security score and security scores for each security factor. These will be used in the risk ...

  13. Android apps security

    CERN Document Server

    Gunasekera, Sheran

    2012-01-01

    Android Apps Security provides guiding principles for how to best design and develop Android apps with security in mind. It explores concepts that can be used to secure apps and how developers can use and incorporate these security features into their apps. This book will provide developers with the information they need to design useful, high-performing, and secure apps that expose end-users to as little risk as possible.  Overview of Android OS versions, features, architecture and security.  Detailed examination of areas where attacks on applications can take place and what controls should b

  14. Perception of health risks of electromagnetic fields by MRI radiographers and airport security officers compared to the general Dutch working population: a cross sectional analysis.

    Science.gov (United States)

    van Dongen, Diana; Smid, Tjabe; Timmermans, Daniëlle R M

    2011-11-09

    The amount of exposure to electromagnetic fields (EMF) at work is mainly determined by an individual's occupation and may differ from exposure at home. It is, however, unknown how different occupational groups perceive possible adverse health effects of EMF. Three occupational groups, the general Dutch working population (n = 567), airport security officers who work with metal detectors (n = 106), and MRI radiographers who work with MRI (n = 193), were compared on perceived risk of and positive and negative feelings towards EMF in general and of different EMF sources, and health concerns by using analyses of variances. Data were collected via an internet survey. Overall, MRI radiographers had a lower perceived risk, felt less negative, and more positive towards EMF and different sources of EMF than the general working population and the security officers. For security officers, feeling more positive about EMF was not significantly related to perceived risk of EMF in general or EMF of domestic sources. Feeling positive about a source did not generalize to a lower perceived risk, while negative feelings were stronger related to perceived risk. MRI radiographers had fewer health concerns regarding EMF than the other two groups, although they considered it more likely that EMF could cause physical complaints. These data show that although differences in occupation appear to be reflected in different perceptions of EMF, the level of occupational exposure to EMF as such does not predict the perceived health risk of EMF. © 2011 van Dongen et al; licensee BioMed Central Ltd.

  15. Perception of health risks of electromagnetic fields by MRI radiographers and airport security officers compared to the general Dutch working population: a cross sectional analysis

    Directory of Open Access Journals (Sweden)

    van Dongen Diana

    2011-11-01

    Full Text Available Abstract Background The amount of exposure to electromagnetic fields (EMF at work is mainly determined by an individual's occupation and may differ from exposure at home. It is, however, unknown how different occupational groups perceive possible adverse health effects of EMF. Methods Three occupational groups, the general Dutch working population (n = 567, airport security officers who work with metal detectors (n = 106, and MRI radiographers who work with MRI (n = 193, were compared on perceived risk of and positive and negative feelings towards EMF in general and of different EMF sources, and health concerns by using analyses of variances. Data were collected via an internet survey. Results Overall, MRI radiographers had a lower perceived risk, felt less negative, and more positive towards EMF and different sources of EMF than the general working population and the security officers. For security officers, feeling more positive about EMF was not significantly related to perceived risk of EMF in general or EMF of domestic sources. Feeling positive about a source did not generalize to a lower perceived risk, while negative feelings were stronger related to perceived risk. MRI radiographers had fewer health concerns regarding EMF than the other two groups, although they considered it more likely that EMF could cause physical complaints. Conclusions These data show that although differences in occupation appear to be reflected in different perceptions of EMF, the level of occupational exposure to EMF as such does not predict the perceived health risk of EMF.

  16. Extinction risks forced by climatic change and intraspecific variation in the thermal physiology of a tropical lizard.

    Science.gov (United States)

    Pontes-da-Silva, Emerson; Magnusson, William E; Sinervo, Barry; Caetano, Gabriel H; Miles, Donald B; Colli, Guarino R; Diele-Viegas, Luisa M; Fenker, Jessica; Santos, Juan C; Werneck, Fernanda P

    2018-04-01

    Temperature increases can impact biodiversity and predicting their effects is one of the main challenges facing global climate-change research. Ectotherms are sensitive to temperature change and, although predictions indicate that tropical species are highly vulnerable to global warming, they remain one of the least studied groups with respect to the extent of physiological variation and local extinction risks. We model the extinction risks for a tropical heliothermic teiid lizard (Kentropyx calcarata) integrating previously obtained information on intraspecific phylogeographic structure, eco-physiological traits and contemporary species distributions in the Amazon rainforest and its ecotone to the Cerrado savannah. We also investigated how thermal-biology traits vary throughout the species' geographic range and the consequences of such variation for lineage vulnerability. We show substantial variation in thermal tolerance of individuals among thermally distinct sites. Thermal critical limits were highly correlated with operative environmental temperatures. Our physiological/climatic model predicted relative extinction risks for local populations within clades of K. calcarata for 2050 ranging between 26.1% and 70.8%, while for 2070, extinction risks ranged from 52.8% to 92.8%. Our results support the hypothesis that tropical-lizard taxa are at high risk of local extinction caused by increasing temperatures. However, the thermo-physiological differences found across the species' distribution suggest that local adaptation may allow persistence of this tropical ectotherm in global warming scenarios. These results will serve as basis to further research to investigate the strength of local adaptation to climate change. Persistence of Kentropyx calcarata also depends on forest preservation, but the Amazon rainforest is currently under high deforestation rates. We argue that higher conservation priority is necessary so the Amazon rainforest can fulfill its capacity to

  17. Interparental conflict, children's security with parents, and long-term risk of internalizing problems: A longitudinal study from ages 2 to 10.

    Science.gov (United States)

    Brock, Rebecca L; Kochanska, Grazyna

    2016-02-01

    Although the negative impact of marital conflict on children has been amply documented, few studies have examined the process of risk in a long-term, longitudinal design. We examined parent-child attachment security as a mechanism that may account for the impact of interparental conflict on children's long-term risk of internalizing problems. Sixty-two community mothers, fathers, and children were followed from ages 2 to 10. Parents reported on their conflicts when their children were 2. Trained observers produced parent-child attachment security scores (Attachment Q-Set, Waters, 1987), based on lengthy naturalistic observations of the child with each parent. Parents rated children's internalizing problems at age 10. A conditional process model and bootstrap approach were implemented to examine conditional indirect effects of conflict on child internalizing problems through attachment security for girls versus boys. Maladaptive marital conflict (destructive strategies, severity of arguments) increased internalizing problems 8 years later due to the undermined security for girls, whereas negative emotional aftermath of conflict (unresolved, lingering tension) increased internalizing problems for both boys and girls. The emotional aftermath of conflict is often overlooked, yet it appears to be a key dimension influencing emotional security in the family system, with significant consequences for children's development.

  18. Interparental conflict, children’s security with parents, and long-term risk of internalizing problems: A longitudinal study from ages 2 to 10

    Science.gov (United States)

    Brock, Rebecca L.; Kochanska, Grazyna

    2015-01-01

    Although the negative impact of marital conflict on children has been amply documented, few studies have examined the process of risk in a long-term, longitudinal design. We examined parent–child attachment security as a mechanism that may account for the impact of interparental conflict on children’s long-term risk of internalizing problems. Sixty-two community mothers, fathers, and children were followed from ages 2 to 10. Parents reported on their conflicts when their children were 2. Trained observers produced parent–child attachment security scores (Attachment Q-Set, Waters, 1987), based on lengthy naturalistic observations of the child with each parent. Parents rated children’s internalizing problems at age 10. A conditional process model and bootstrap approach were implemented to examine conditional indirect effects of conflict on child internalizing problems through attachment security for girls versus boys. Maladaptive marital conflict (destructive strategies, severity of arguments) increased internalizing problems 8 years later due to the undermined security for girls, whereas negative emotional aftermath of conflict (unresolved, lingering tension) increased internalizing problems for both boys and girls. The emotional aftermath of conflict is often overlooked, yet it appears to be a key dimension influencing emotional security in the family system, with significant consequences for children’s development. PMID:25797703

  19. Outsourcing information security

    CERN Document Server

    Axelrod, Warren

    2004-01-01

    This comprehensive and timely resource examines security risks related to IT outsourcing, clearly showing you how to recognize, evaluate, minimize, and manage these risks. Unique in its scope, this single volume offers you complete coverage of the whole range of IT security services and fully treats the IT security concerns of outsourcing. The book helps you deepen your knowledge of the tangible and intangible costs and benefits associated with outsourcing IT and IS functions.

  20. Alternative security

    International Nuclear Information System (INIS)

    Weston, B.H.

    1990-01-01

    This book contains the following chapters: The Military and Alternative Security: New Missions for Stable Conventional Security; Technology and Alternative Security: A Cherished Myth Expires; Law and Alternative Security: Toward a Just World Peace; Politics and Alternative Security: Toward a More Democratic, Therefore More Peaceful, World; Economics and Alternative Security: Toward a Peacekeeping International Economy; Psychology and Alternative Security: Needs, Perceptions, and Misperceptions; Religion and Alternative Security: A Prophetic Vision; and Toward Post-Nuclear Global Security: An Overview

  1. Security concept in 'MyAngelWeb' a website for the individual patient at risk of emergency.

    Science.gov (United States)

    Pinciroli, F; Nahaissi, D; Boschini, M; Ferrari, R; Meloni, G; Camnasio, M; Spaggiari, P; Carnerone, G

    2000-11-01

    We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

  2. Security concept in 'MyAngelWeb((R))' a website for the individual patient at risk of emergency.

    Science.gov (United States)

    Pinciroli; Nahaissi; Boschini; Ferrari; Meloni; Camnasio; Spaggiari; Carnerone

    2000-11-01

    We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

  3. Homeland Security

    Science.gov (United States)

    Provides an overview of EPA's homeland security roles and responsibilities, and links to specific homeland security issues: water security, research, emergency response, recovery, and waste management.

  4. Public and physician's expectations and ethical concerns about electronic health record: Benefits outweigh risks except for information security.

    Science.gov (United States)

    Entzeridou, Eleni; Markopoulou, Evgenia; Mollaki, Vasiliki

    2018-02-01

    Electronic Health Record systems (EHRs) offer numerous benefits in health care but also pose certain risks. As we progress toward the implementation of EHRs, a more in-depth understanding of attitudes that influence overall levels of EHR support is required. To record public and physicians' awareness, expectations for, and ethical concerns about the use of EHRs. A convenience sample was surveyed for both the public and physicians. The Public's Questionnaire was distributed to the public in a printed and an online version. The Physicians' Questionnaire was distributed to physicians in an online version. The questionnaires requested demographic characteristics followed by close-ended questions enquiring about awareness, perceived impact, perceived risks, and ethical issues raised by EHR use. In total, 46% of the public and 91% of physicians were aware of EHRs. Physicians' and public opinions were comparable concerning the positive impact of EHRs on better, more effective, and faster decisions on the patients' health, on better coordination between hospitals/clinics and on quality and reduced cost of health care. However, physicians were concerned that an EHR system would be a burden for their finances, for their time concerning training on the system, for their everyday workload and workflow. The majority of the public generally agreed that they would worry about the possibility that a non-authorized, third party might gain access to their personal health information (48.8%), and that they would worry about future discriminations due to possible disclosure of their health information (48.8%). Most physicians disagreed that EHRs will disrupt the doctor-patient relationship (58.1%) but they would worry about the safety of their patients' information (53.1%). Overall, both the public and physicians were in favor of the implementation of an EHR system, evaluating that possible benefits are more important than possible risks. The majority of the public believed that

  5. Security Dilemma

    DEFF Research Database (Denmark)

    Wivel, Anders

    2011-01-01

    What is a security dilemma? What are the consequences of security dilemmas in international politics?......What is a security dilemma? What are the consequences of security dilemmas in international politics?...

  6. European Energy Security and Nord Stream: A Case Study of the Nord Stream Pipeline, Its Opportunities and Risks for Europe, and Its Impact on European Energy Security

    Science.gov (United States)

    2011-06-01

    2010, 5.75% of all petrol -driven cars will run on bio- fuels. This target will not be achieved. 119 Ibid., 22–23. 120 Belkin, The European Union’s...insecurity, as is the case with Algeria, Egypt, Tunisia and Libya. This possible risk has already been identified by the European Commission in 2006.273

  7. Evaluation of thermal striping risks: Limitation of cracks initiation and propagation

    International Nuclear Information System (INIS)

    Drubay, B.; Acker, D.

    1994-01-01

    Thermal striping is the effect of a rapid random oscillation of surface temperature inducing a corresponding fluctuation of surface strains. It occurs on components situated in the mixing zone of coolant streams of different temperatures and is characterised by large numbers of strain cycles having the potential to add to the fatigue damage produced by strain cycles associated with all other plant operating events. The purpose of this paper is to describe the R and D works performed in the frame of the European Fast Reactor project between 1985 and 1992 on the thermal striping: experimental works and validation of assessment methodology. (author)

  8. Software Assurance in Acquisition: Mitigating Risks to the Enterprise. A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing

    Science.gov (United States)

    2009-02-01

    Monitoring ISO /IEC 12207 2008(E) IEEE 1062 1998 PMBOK 3.0 Initiating Closing 3. Monitoring & Controlling 1. Planning 2. Executing Follow-on...software life cycles [ ISO /IEC 15026]. Software assurance is a key element of national security and homeland security. It is critical because dramatic...they are met. This may also include a plan for testing that SwA requirements are met. The [NDIA] and [ ISO /IEC 15026] provide details on structure and

  9. Nuclear terrorism: Identifying and combating the risks. International conference on nuclear security, 16 March 2005, London, UK

    International Nuclear Information System (INIS)

    ElBaradei, M.

    2005-01-01

    Security strategies, for many centuries, have been based on boundaries: the strategic placement of cities and borders to take advantage of natural barriers; defences that relied on walls, trenches and armadas; and the use of ethnic, religious or other groupings to distinguish friend from foe. In the 20th Century, the advent of airplanes, submarines and ballistic missiles began to undermine this approach to security by enabling the remote delivery of destruction on a scale previously not envisioned. But the change that has altered the international security landscape the most drastically is, in fact, globalization. The global community has become interdependent, with the constant movement of people, ideas and goods. Many aspects of modern life, communication, the global marketplace and, most recently, the rise in international terrorism - clearly indicate that our understanding of and approaches to national and international security must be adjusted, in keeping with new realities. This statement discusses: Nuclear Security and the Protection Against Nuclear Terrorism, IAEA Nuclear Security Plan of Activities founded on measures to guard against thefts of nuclear and other radioactive material and to protect related facilities against malicious acts; cooperation with other organizations and efforts

  10. Statistical security for Social Security.

    Science.gov (United States)

    Soneji, Samir; King, Gary

    2012-08-01

    The financial viability of Social Security, the single largest U.S. government program, depends on accurate forecasts of the solvency of its intergenerational trust fund. We begin by detailing information necessary for replicating the Social Security Administration's (SSA's) forecasting procedures, which until now has been unavailable in the public domain. We then offer a way to improve the quality of these procedures via age- and sex-specific mortality forecasts. The most recent SSA mortality forecasts were based on the best available technology at the time, which was a combination of linear extrapolation and qualitative judgments. Unfortunately, linear extrapolation excludes known risk factors and is inconsistent with long-standing demographic patterns, such as the smoothness of age profiles. Modern statistical methods typically outperform even the best qualitative judgments in these contexts. We show how to use such methods, enabling researchers to forecast using far more information, such as the known risk factors of smoking and obesity and known demographic patterns. Including this extra information makes a substantial difference. For example, by improving only mortality forecasting methods, we predict three fewer years of net surplus, $730 billion less in Social Security Trust Funds, and program costs that are 0.66% greater for projected taxable payroll by 2031 compared with SSA projections. More important than specific numerical estimates are the advantages of transparency, replicability, reduction of uncertainty, and what may be the resulting lower vulnerability to the politicization of program forecasts. In addition, by offering with this article software and detailed replication information, we hope to marshal the efforts of the research community to include ever more informative inputs and to continue to reduce uncertainties in Social Security forecasts.

  11. Analysis of risk and dose when using thermal protection on non-fissile and fissile-excepted UF{sub 6} 48-inch cylinder packages

    Energy Technology Data Exchange (ETDEWEB)

    Chambers, D.B.; Lowe, L.M. [SENES Consultants Ltd., Richmond Hill, ON (Canada); Elizabeth Darrough, M.; Jones, R.H.

    2004-07-01

    An industry consortium of owners of large (i.e., the 48-inch or 48X and 48Y) cylinders commissioned an independent study to evaluate the safety of using thermal protective covers on the cylinders and the likelihood that the cylinders would experience the regulations' hypothetical thermal accident. The study examined the demonstrable risks of the protective covers, i.e., increased dose to workers and the potential for accidents associated with the extra handling, vs. the theoretical risk of the UF{sub 6} cylinders' encountering the hypothetical fire, to evaluate the appropriateness of using the thermal protective covers.

  12. Analysis of risk and dose when using thermal protection on non-fissile and fissile-excepted UF6 48-inch cylinder packages

    International Nuclear Information System (INIS)

    Chambers, D.B.; Lowe, L.M.; Elizabeth Darrough, M.; Jones, R.H.

    2004-01-01

    An industry consortium of owners of large (i.e., the 48-inch or 48X and 48Y) cylinders commissioned an independent study to evaluate the safety of using thermal protective covers on the cylinders and the likelihood that the cylinders would experience the regulations' hypothetical thermal accident. The study examined the demonstrable risks of the protective covers, i.e., increased dose to workers and the potential for accidents associated with the extra handling, vs. the theoretical risk of the UF 6 cylinders' encountering the hypothetical fire, to evaluate the appropriateness of using the thermal protective covers

  13. Automated security management

    CERN Document Server

    Al-Shaer, Ehab; Xie, Geoffrey

    2013-01-01

    In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

  14. Auditing Organizational Security

    Science.gov (United States)

    2017-01-01

    Organi- zation for Standardiza- tion ( ISO ): ISO 27000 : Information Systems Se- curity Management. A robust program of internal auditing of a...improvement is the basis and underpinning of the ISO . All processes must be considered ongoing and never at an “end state.” Top management develops a...security management system, including security policies and security objectives, plus threats and risks. Orga- nizations already working with ISO 9000

  15. Security Evolution.

    Science.gov (United States)

    De Patta, Joe

    2003-01-01

    Examines how to evaluate school security, begin making schools safe, secure schools without turning them into fortresses, and secure schools easily and affordably; the evolution of security systems into information technology systems; using schools' high-speed network lines; how one specific security system was developed; pros and cons of the…

  16. Security planning an applied approach

    CERN Document Server

    Lincke, Susan

    2015-01-01

    This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serv

  17. Hygro thermal simulation to predict the risk of frost damage in masonry : effects of climate change

    NARCIS (Netherlands)

    van Aarle, M.A.P.; Schellen, H.L.; van Schijndel, A.W.M.

    2015-01-01

    According to the Royal Netherlands Meteorological Institute (KNMI) climate change will result in an increase of air temperature and rainfall intensities for the Netherlands in winter in future. In this paper we investigate the effect of the risk of frost damage to masonry. The risk of frost damage

  18. Energy systems security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Energy Systems Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to electricity transmission grids and their protection, risk assessment of energy systems, analysis of interdependent energy networks. Methods to manage electricity transmission disturbances so as to avoid blackouts are discussed, and self-healing energy system and a nano-enabled power source are presented.

  19. Radioactive contamination and health risk assessment due to burning of coal in thermal energy generation

    International Nuclear Information System (INIS)

    Kant, K.

    2008-01-01

    Full text: Radon being a ubiquitous air pollutant has global impact and its monitoring in the environment at work places is essential from health and hygiene point of view. In thermal power plants, a lot of coal is burnt which contains radionuclides which are released into the environment and are hazardous. Radon is the main culprit in the local radioactive contamination of the environment due to burning of coal in thermal energy generation. It has been reported by several researchers (Nikl and Vegvari 1992, Bodizs et al. 1992) that the concentrations of the isotopes U 238 and Ra 226 become 3-5 times more than those in the coal itself in the coal slag and fly ash obtained by burning the coal in coal fired power plants. Several researchers have reported radon levels in thermal power plants (Bodizs et al. 1992, Rawat et al. 1991, Nikl and Vevgari 1992, Papastefanou and Charalanbous 1979, Kant et al. 2001). Keeping in view the environmental pollution caused due to the burning of coal in thermal power stations, there is an upsurge in the establishment of nuclear and gas turbine power stations in recent times. An increased share of gas and nuclear in power generation could lead to lower emissions. Also, considerable emphasis is being laid on developing non-polluting and renewable energy sources like water, air, solar energy and others. In this study, measurement of radon and its progeny levels was carried out over long integrated times in thermal power plant in Haryana by using LR-115, Type- II (Kodak Pathe, France), plastic track detectors commonly known as solid state nuclear track detectors (SS NTDs). Alpha particles emitted from radon cause radiation damage tracks, which were subsequently revealed by chemical etching in NaOH. These alpha tracks registered were counted by optical microscope at suitable magnification and converted into radon concentration. The findings indicate that it is very important to carry out these studies and the results of the full study will

  20. Finding Security Patterns to Countermeasure Software Vulnerabilities

    OpenAIRE

    Borstad, Ole Gunnar

    2008-01-01

    Software security is an increasingly important part of software development as the risk from attackers is constantly evolving through increased exposure, threats and economic impact of security breaches. Emerging security literature describes expert knowledge such as secure development best practices. This knowledge is often not applied by software developers because they lack security awareness, security training and secure development methods and tools. Existing methods and tools require to...

  1. The security aspect

    International Nuclear Information System (INIS)

    Clutterbuck, R.

    1984-01-01

    The question of the risks of deliberate criminal or politically motivated attack, theft or hijacking of irradiated fuel in transit is discussed. Headings; possible forms of interference; security measures; attractions and limitations as a target. (U.K.)

  2. Security in the internet

    International Nuclear Information System (INIS)

    Seibel, R.M.M.; Kocher, K.; Landsberg, P.

    2000-01-01

    Aim of the study: Is it possible to use the Internet as a secure media for transport of telemedicine? Which risks exist for routine use? In this article state of the art methods of security were analysed. Telemedicine in the Internet has severe risks, because patient data and hospital data of a secure Intranet can be manipulated by connecting it to the Web. Conclusions: Establishing of a firewall and the introduction of HPC (Health Professional Card) are minimizing the risk of un-authorized access to the hospital server. HPC allows good safety with digital signature and authentication of host and client of medical data. For secure e-mail PGP (Pretty Good Privacy) is easy to use as a standard protocol. Planning all activities exactly as well as following legal regulations are important requisites for reduction of safety risks in Internet. (orig.) [de

  3. Parental Dysphoria and Children's Adjustment: Marital Conflict Styles, Children's Emotional Security, and Parenting as Mediators of Risk

    Science.gov (United States)

    Du Rocher Schudlich, Tina D.; Cummings, E. Mark

    2007-01-01

    Dimensions of martial conflict, children's emotional security regarding interparental conflict, and parenting style were examined as mediators between parental dysphoria and child adjustment. A community sample of 262 children, ages 8-16, participated with their parents. Behavioral observations were made of parents' interactions during marital…

  4. Microsoft Windows Security Essentials

    CERN Document Server

    Gibson, Darril

    2011-01-01

    Windows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built. This straightforward guide begins each chapter by laying out a list of topics to be discussed,

  5. PRIVATE SECURITY IN SPORT

    Directory of Open Access Journals (Sweden)

    Dragan Vukasović

    2011-09-01

    Full Text Available Given the importance of sport for international integration, affirmation, a sense of belonging and other values of general interest, in order to maintain and open new prospects of development, it is necessary to form the private security system along with state security system, with a view to creating conditions for development sports athletes to achieve better results both in domestic and international competitions. Private security is only one element of an integrated security system which, with its efficient organization with the use of adequate means and measures should provide answers to new challenges, risks and threats. Private security in line with the new understanding of the concept of security has an important role in providing athletes.

  6. Stochastic Optimization of Supply Chain Risk Measures –a Methodology for Improving Supply Security of Subsidized Fuel Oil in Indonesia

    OpenAIRE

    Adinda Yuanita; Andi Noorsaman Sommeng; Anondho Wijonarko

    2015-01-01

    Monte Carlo simulation-based methods for stochastic optimization of risk measures is required to solve complex problems in supply security of subsidized fuel oil in Indonesia. In order to overcome constraints in distribution of subsidized fuel in Indonesia, which has the fourth largest population in the world—more than 250,000,000 people with 66.5% of productive population, and has more than 17,000 islands with its population centered around the nation's capital only—it is necessary to have a...

  7. Web Security, Privacy & Commerce

    CERN Document Server

    Garfinkel, Simson

    2011-01-01

    Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites. Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Exp

  8. The European supply security of petroleum and natural gas in the coming years. Economical and geopolitical risks

    International Nuclear Information System (INIS)

    Van der Linde, C.

    2001-01-01

    An overview is given of the geopolitical risks for oil and gas and (inter)national strategies to limit those risks. The risk assessment is motivated by the increasing dependency for European countries on imports of oil and gas from the Russian Federation, Caspian Sea region and the countries around the Persian Gulf in the next decades [nl

  9. Cyber security

    CERN Document Server

    Voeller, John G

    2014-01-01

    Cyber Security features articles from the Wiley Handbook of Science and Technology for Homeland Security covering topics related to cyber security metrics and measure  and related technologies that meet security needs. Specific applications to web services, the banking and the finance sector, and industrial process control systems are discussed.

  10. Investigating Safety, Safeguards and Security (3S) Synergies to Support Infrastructure Development and Risk-Informed Methodologies for 3S by Design

    International Nuclear Information System (INIS)

    Suzuki, M.; Izumi, Y.; Kimoto, T.; Naoi, Y.; Inoue, T.; Hoffheins, B.

    2010-01-01

    In 2008, Japan and other G8 countries pledged to support the Safeguards, Safety, and Security (3S) Initiative to raise awareness of 3S worldwide and to assist countries in setting up nuclear energy infrastructures that are essential cornerstones of a successful nuclear energy program. The goals of the 3S initiative are to ensure that countries already using nuclear energy or those planning to use nuclear energy are supported by strong national programs in safety, security, and safeguards not only for reliability and viability of the programs, but also to prove to the international audience that the programs are purely peaceful and that nuclear material is properly handled, accounted for, and protected. In support of this initiative, Japan Atomic Energy Agency (JAEA) has been conducting detailed analyses of the R and D programs and cultures of each of the 'S' areas to identify overlaps where synergism and efficiencies might be realized, to determine where there are gaps in the development of a mature 3S culture, and to coordinate efforts with other Japanese and international organizations. As an initial outcome of this study, incoming JAEA employees are being introduced to 3S as part of their induction training and the idea of a President's Award program is being evaluated. Furthermore, some overlaps in 3S missions might be exploited to share facility instrumentation as with Joint-Use-Equipment (JUE), in which cameras and radiation detectors, are shared by the State and IAEA. Lessons learned in these activities can be applied to developing more efficient and effective 3S infrastructures for incorporating into Safeguards by Design methodologies. They will also be useful in supporting human resources and technology development projects associated with Japan's planned nuclear security center for Asia, which was announced during the 2010 Nuclear Security Summit. In this presentation, a risk-informed approach regarding integration of 3S will be introduced. An initial

  11. Predicting the Air Quality, Thermal Comfort and Draught Risk for a Virtual Classroom with Desk-Type Personalized Ventilation Systems

    Directory of Open Access Journals (Sweden)

    Eusébio Z. E. Conceição

    2018-02-01

    Full Text Available This paper concerns the prediction of indoor air quality (IAQ, thermal comfort (TC and draught risk (DR for a virtual classroom with desk-type personalized ventilation system (PVS. This numerical study considers a coupling of the computational fluid dynamics (CFD, human thermal comfort (HTC and building thermal behavior (BTB numerical models. The following indexes are used: the predicted percentage of dissatisfied people (PPD index is used for the evaluation of the TC level; the carbon dioxide (CO2 concentration in the breathing zone is used for the calculation of IAQ; and the DR level around the occupants is used for the evaluation of the discomfort due to draught. The air distribution index (ADI, based in the TC level, the IAQ level, the effectiveness for heat removal and the effectiveness for contaminant removal, is used for evaluating the performance of the personalized air distribution system. The numerical simulation is made for a virtual classroom with six desks. Each desk is equipped with one PVS with two air terminal devices located overhead and two air terminal devices located below the desktop. In one numerical simulation six occupants are used, while in another simulation twelve occupants are considered. For each numerical simulation an air supply temperature of 20 °C and 24 °C is applied. The results obtained show that the ADI value is higher for twelve persons than for six persons in the classroom and it is higher for an inlet air temperature of 20 °C than for an inlet air temperature of 24 °C. In future works, more combinations of upper and lower air terminal devices located around the body area and more combinations of occupants located in the desks will be analyzed.

  12. Security studies

    International Nuclear Information System (INIS)

    Venot, R.

    2001-01-01

    Full text: Security studies constitute one of the major tools for evaluating the provisions implemented at facilities to protect and control Nuclear Material against unauthorized removal. Operators use security studies to demonstrate that they are complying with objectives set by the Competent Authority to counter internal or external acts aimed at unauthorized removal of NM. The paper presents the context of security studies carried out in France. The philosophy of these studies is based on a postulated unauthorized removal of NM and the study of the behavior of the systems implemented to control and protect NM in a facility. The potential unauthorized removal of NM usually may take place in two stages. The first stage involves the sequence leading to handling of the NM. It occurs inside the physical barriers of a facility and may include action involving the documents corresponding to Material Control and Accounting systems. At this stage it is possible to limit the risk of unauthorized removal of NM by means of detection capabilities of the MC and A systems. The second stage is more specific to theft and involves removing the NM out of the physical barriers of a facility in which they are being held, notably by affecting the Physical Protection System. Operators have to study, from a quantity and time lapse point of view, the ability of the installed systems to detect unauthorized removal, as well as the possibility of tampering with the systems to mask unlawful operations. Operators have also to analyze the sequences during which NM are accessed, removed from their containment and further removed from the facility in which they are stored. At each stage in the process, the probability of detection and the time taken to carry out the above actions have to be estimated. Of course, these two types of studies complement each other. Security studies have begun, in France, for more than fifteen years. Up to now more than fifty security studies are available in the

  13. INVESTIGATION OF THE RISK FACTORS FOR CORONARY ARTERY DISEASES IN EMPLOYEES AND THEIR SPOUSES OF THE ELAZIG SECURITY DEPARTMENT WHO ADMITTED TO MEDICAL DEPARTMENT OF THIS HEADQUARTER

    Directory of Open Access Journals (Sweden)

    Suleyman Erhan DEVECI

    2006-08-01

    Full Text Available This study was carried out with the aim of identifying risk factors coronary artery disease (CAD in the employees of Elazig Security Department. Questionnaires were applied to members and/or spouses (313 individuals of Elazig Security Department admitting to the Health Office for any reason in November-December 2003. Measurements for fasting blood sugar, serum cholesterol levels and blood pressure values were carried out. Of the individuals participating in this study, 1.9% reported having diabetes, 2.9% heart disease and 5.4% hypertension. Mean blood pressure measurements were; systolic 114.1±15.9 and diastolic 74.6±10.3 mmHg, mean fasting blood glucose values were reported as 90.9±16.6 mg/dl. 8.9% had high systolic and 7.7% had high diastolic blood pressure measurements, 16.0% had elevated total cholesterol and 3.5% had elevated fasting blood sugar levels. 36.7% reported to be current smokers, 20.8% reported having regular physical activity. 65.5% reported skipping meals and 47.3% reported eating snacks between the meals. In the group that was analyzed, the rates of smoking, sedentary life style and irregular eating habits that are considered as risk factors for CAD were high. [TAF Prev Med Bull 2006; 5(4.000: 235-243

  14. Developing an assessment of fire-setting to guide treatment in secure settings: the St Andrew's Fire and Arson Risk Instrument (SAFARI).

    Science.gov (United States)

    Long, Clive G; Banyard, Ellen; Fulton, Barbara; Hollin, Clive R

    2014-09-01

    Arson and fire-setting are highly prevalent among patients in secure psychiatric settings but there is an absence of valid and reliable assessment instruments and no evidence of a significant approach to intervention. To develop a semi-structured interview assessment specifically for fire-setting to augment structured assessments of risk and need. The extant literature was used to frame interview questions relating to the antecedents, behaviour and consequences necessary to formulate a functional analysis. Questions also covered readiness to change, fire-setting self-efficacy, the probability of future fire-setting, barriers to change, and understanding of fire-setting behaviour. The assessment concludes with indications for assessment and a treatment action plan. The inventory was piloted with a sample of women in secure care and was assessed for comprehensibility, reliability and validity. Staff rated the St Andrews Fire and Risk Instrument (SAFARI) as acceptable to patients and easy to administer. SAFARI was found to be comprehensible by over 95% of the general population, to have good acceptance, high internal reliability, substantial test-retest reliability and validity. SAFARI helps to provide a clear explanation of fire-setting in terms of the complex interplay of antecedents and consequences and facilitates the design of an individually tailored treatment programme in sympathy with a cognitive-behavioural approach. Further studies are needed to verify the reliability and validity of SAFARI with male populations and across settings.

  15. Dependence Structures and Systemic Risk of Government Securities Markets in Central and Eastern Europe: A CoVaR-Copula Approach

    Directory of Open Access Journals (Sweden)

    Lu Yang

    2018-01-01

    Full Text Available Abstract: In this study, we proposed a new empirical method by combining generalized autoregressive score functions and a copula model with high-frequency data to model the conditional time-varying joint distribution of the government bond yields between Poland/Czech Republic/Hungary, and Germany. Capturing the conditional time-varying joint distribution of these bond yields allowed us to precisely measure the dependence of the government securities markets. In particular, we found a high dependence of these government securities markets in the long term, but a low dependence in the short term. In addition, we report that the Czech Republic showed the highest dependence with Germany, while Hungary showed the lowest. Moreover, we found that the systemic risk dynamics were consistent with the idea that the global financial crisis not only had spillover effects on countries with weak economic fundamentals (e.g., Hungary, which had the highest systemic risk, but also had contagion effects for both CEEC-3 countries and Germany. Finally, we confirm that three major market events, namely the EU accession, the global financial crisis, and the European debt crisis, caused structural changes to the dynamic correlation.

  16. Security Expertise

    DEFF Research Database (Denmark)

    systematic study of security expertise and opens up a productive dialogue between science and technology studies and security studies to investigate the character and consequences of this expertise. In security theory, the study of expertise is crucial to understanding whose knowledge informs security making......This volume brings together scholars from different fields to explore the power, consequences and everyday practices of security expertise. Expertise mediates between different forms of knowledge: scientific and technological, legal, economic and political knowledge. This book offers the first...... and to reflect on the impact and responsibility of security analysis. In science and technology studies, the study of security politics adds a challenging new case to the agenda of research on expertise and policy. The contributors investigate cases such as academic security studies, security think tanks...

  17. Web security a whitehat perspective

    CERN Document Server

    Wu, Hanqing

    2015-01-01

    MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

  18. "Highly processed, highly packaged, very unhealthy. But they are low risk": exploring intersections between community food security and food safety.

    Science.gov (United States)

    Speed, Kelsey A; Meyer, Samantha B; Hanning, Rhona M; Majowicz, Shannon E

    2017-10-01

    Food insecurity and foodborne disease are important issues in Canada, and the public health actions taken to address them can be conceptualized as factors shaping the food environment. Given emerging evidence that these two areas may interrelate, the objective of this study was to explore ways in which community food security efforts and food safety practices (and the population health issues they aim to address) may intersect in British Columbia, Canada, and interpret what this might mean for conceptualizing and attaining healthier food environments. We conducted 14 key informant interviews with practitioners working in community food security and food safety in British Columbia, and used qualitative descriptive analysis to identify examples of intersections between the sectors. Participants identified four key ways that the two sectors intersect. They identified (1) how their daily practices to promote safe or healthy food could be helped or hindered by the activities of the other sector; (2) that historically disjointed policies that do not consider multiple health outcomes related to food may complicate the interrelationship; (3) that the relationship of these sectors is also affected by the fact that specific types of food products, such as fresh produce, can be considered both risky and beneficial; and (4) that both sectors are working towards the same goal of improved population health, albeit viewing it through slightly different lenses. Food security and food safety connect in several ways, with implications for characterizing and improving Canadian food environments. Collaboration across separated public health areas related to food is needed when designing new programs or policies aimed at changing the way Canadians eat.

  19. "Highly processed, highly packaged, very unhealthy. But they are low risk": exploring intersections between community food security and food safety

    Directory of Open Access Journals (Sweden)

    Kelsey A. Speed

    2017-10-01

    Full Text Available Introduction: Food insecurity and foodborne disease are important issues in Canada, and the public health actions taken to address them can be conceptualized as factors shaping the food environment. Given emerging evidence that these two areas may interrelate, the objective of this study was to explore ways in which community food security efforts and food safety practices (and the population health issues they aim to address may intersect in British Columbia, Canada, and interpret what this might mean for conceptualizing and attaining healthier food environments. Methods: We conducted 14 key informant interviews with practitioners working in community food security and food safety in British Columbia, and used qualitative descriptive analysis to identify examples of intersections between the sectors. Results: Participants identified four key ways that the two sectors intersect. They identified (1 how their daily practices to promote safe or healthy food could be helped or hindered by the activities of the other sector; (2 that historically disjointed policies that do not consider multiple health outcomes related to food may complicate the interrelationship; (3 that the relationship of these sectors is also affected by the fact that specific types of food products, such as fresh produce, can be considered both risky and beneficial; and (4 that both sectors are working towards the same goal of improved population health, albeit viewing it through slightly different lenses. Conclusion: Food security and food safety connect in several ways, with implications for characterizing and improving Canadian food environments. Collaboration across separated public health areas related to food is needed when designing new programs or policies aimed at changing the way Canadians eat.

  20. Automatic segmentation of thermal images of diabetic-at-risk feet using the snakes algorithm

    Science.gov (United States)

    Etehadtavakol, Mahnaz; Ng, E. Y. K.; Kaabouch, Naima

    2017-11-01

    Diabetes is a disease with multi-systemic problems. It is a leading cause of death, medical costs, and loss of productivity. Foot ulcers are one generally known problem of uncontrolled diabetes that can lead to amputation signs of foot ulcers are not always obvious. Sometimes, symptoms won't even show up until ulcer is infected. Hence, identification of pre-ulceration of the plantar surface of the foot in diabetics is beneficial. Thermography has the potential to identify regions of the plantar with no evidence of ulcer but yet risk. Thermography is a technique that is safe, easy, non-invasive, with no contact, and repeatable. In this study, 59 thermographic images of the plantar foot of patients with diabetic neuropathy are implemented using the snakes algorithm to separate two feet from background automatically and separating the right foot from the left on each image. The snakes algorithm both separates the right and left foot into segmented different clusters according to their temperatures. The hottest regions will have the highest risk of ulceration for each foot. This algorithm also worked perfectly for all the current images.

  1. The influence of thermal biology on road mortality risk in snakes.

    Science.gov (United States)

    Mccardle, Logan D; Fontenot, Clifford L

    2016-02-01

    Road mortality is a significant threat to terrestrial vertebrates in many areas, and the novel thermal environment of black-topped roads may represent ecological traps for some species and demographic groups. We investigated the relationship between ambient temperature and on-road detection in a snake assemblage in southeastern Louisiana by comparing observations of live snakes on a black-topped road, across measurements of air temperature and road temperature on survey days. Analyses indicated on-road detection of snakes was significantly influenced by ambient temperature conditions for five snake species. Additionally, road temperatures, and the difference between air and road temperatures, were strong drivers of on-road snake detections. Permutation analysis methods revealed that significant temperature related group (species or sex) structure exists in occurrences of snakes on the roadway, and that road temperature was the strongest driver of species differences. We also compared how air and road temperatures affected occurrence on the road between sexes in the colubrid snakes Nerodia fasciata, Nerodia cyclopion, Thamnophis proximus, and Pantherophis obsoletus. Males and females of the viviparous species N. fasciata, N. cyclopion, and T. proximus diverged significantly in temperature preferences, with females found under warmer conditions, while males and females of the oviparous species P. obsoletus did not. Road temperature was also the strongest driver of differences between sexes. Our results indicate that black-topped roads are an ecological trap that is heavily influenced by sex, reproductive condition, and species specific thermoregulatory requirements, particularly for viviparous species. Copyright © 2015 Elsevier Ltd. All rights reserved.

  2. ORDER SECURITY – NATIONAL SECURITY ADMINISTRATION. NATIONAL SECURITY DEFENSE AS SPECIAL ADMINISTRATION

    OpenAIRE

    Zoltán BALLA

    2009-01-01

    National security administration is the special executivedisposal activity of the national security agencies, the section of the state administration that helps the governmental work by reconnoitering and preventing with secret-servicing methods of the risks that shall harm or endanger the national security’s interests. The main operational principles of national security governing are the followings among others: - controlling the operation of national security organization belongs to the ex...

  3. The influence of chemistry concentration on the fracture risk of a reactor pressure vessel subjected to pressurized thermal shocks

    Energy Technology Data Exchange (ETDEWEB)

    Huang, Pin-Chiun [Institute of Nuclear Engineering and Science, National Tsing-Hua University, Hsinchu 30013, Taiwan, ROC (China); Chou, Hsoung-Wei, E-mail: hwchou@iner.gov.tw [Institute of Nuclear Energy Research, Taoyuan 32546, Taiwan, ROC (China); Ferng, Yuh-Ming [Institute of Nuclear Engineering and Science, National Tsing-Hua University, Hsinchu 30013, Taiwan, ROC (China)

    2016-02-15

    Highlights: • Probabilistic fracture mechanics method was used to analyze a reactor pressure vessel. • Effects of copper and nickel contents on RPV fracture probability under PTS were investigated and discussed. • Representative PTS transients of Beaver Valley nuclear power plant were utilized. • The range of copper and nickel contents of the RPV materials were suggested. • With different embrittlement levels the dominated PTS category is different. - Abstract: The radiation embrittlement behavior of reactor pressure vessel shell is influenced by the chemistry concentration of metal materials. This paper aims to study the effects of copper and nickel content variations on the fracture risk of pressurized water reactor (PWR) pressure vessel subjected to pressurized thermal shock (PTS) transients. The probabilistic fracture mechanics (PFM) code, FAVOR, which was developed by the Oak Ridge National Laboratory in the United States, is employed to perform the analyses. A Taiwan domestic PWR pressure vessel assumed with varied copper and nickel contents of beltline region welds and plates is investigated in the study. Some PTS transients analyzed from Beaver Valley Unit 1 for establishing the U.S. NRC's new PTS rule are applied as the loading condition. It is found that the content variation of copper and nickel will significantly affect the radiation embrittlement and the fracture probability of PWR pressure vessels. The results can be regarded as the risk incremental factors for comparison with the safety regulation requirements on vessel degradation as well as a reference for the operation of PWR plants in Taiwan.

  4. Watermarking security

    CERN Document Server

    Bas, Patrick; Cayre, François; Doërr, Gwenaël; Mathon, Benjamin

    2016-01-01

    This book explains how to measure the security of a watermarking scheme, how to design secure schemes but also how to attack popular watermarking schemes. This book gathers the most recent achievements in the field of watermarking security by considering both parts of this cat and mouse game. This book is useful to industrial practitioners who would like to increase the security of their watermarking applications and for academics to quickly master this fascinating domain.

  5. Security Locks

    Science.gov (United States)

    Hart, Kevin

    2010-01-01

    According to a 2008 "Year in Review" report by Educational Security Incidents, an online repository that collects data on higher education security issues, the total number of security incidents reported at universities and colleges worldwide rose to 173 in 2008, a 24.5 percent increase over 2007. The number of institutions…

  6. Pre-operative Screening and Manual Drilling Strategies to Reduce the Risk of Thermal Injury During Minimally Invasive Cochlear Implantation Surgery.

    Science.gov (United States)

    Dillon, Neal P; Fichera, Loris; Kesler, Kyle; Zuniga, M Geraldine; Mitchell, Jason E; Webster, Robert J; Labadie, Robert F

    2017-09-01

    This article presents the development and experimental validation of a methodology to reduce the risk of thermal injury to the facial nerve during minimally invasive cochlear implantation surgery. The first step in this methodology is a pre-operative screening process, in which medical imaging is used to identify those patients that present a significant risk of developing high temperatures at the facial nerve during the drilling phase of the procedure. Such a risk is calculated based on the density of the bone along the drilling path and the thermal conductance between the drilling path and the nerve, and provides a criterion to exclude high-risk patients from receiving the minimally invasive procedure. The second component of the methodology is a drilling strategy for manually-guided drilling near the facial nerve. The strategy utilizes interval drilling and mechanical constraints to enable better control over the procedure and the resulting generation of heat. The approach is tested in fresh cadaver temporal bones using a thermal camera to monitor temperature near the facial nerve. Results indicate that pre-operative screening may successfully exclude high-risk patients and that the proposed drilling strategy enables safe drilling for low-to-moderate risk patients.

  7. Climate change, energy security, and risk-debating nuclear new build in Finland, France and the UK

    International Nuclear Information System (INIS)

    Teraevaeinen, Tuula; Lehtonen, Markku; Martiskainen, Mari

    2011-01-01

    Concerns about climate change and energy security have been major arguments used to justify the recent return of nuclear power as a serious electricity generation option in various parts of the world. This article examines the recent public discussion in Finland, France, and the UK - three countries currently in the process of constructing or planning new nuclear power stations. To place the public discussion on nuclear power within the relationship between policy discourses and contexts, the article addresses three interrelated themes: the justifications and discursive strategies employed by nuclear advocates and critics, the similarities and differences in debates between the three countries, and the interaction between the country-specific state orientations and the argumentation concerning nuclear power. Drawing from documentary analysis and semi-structured interviews, the article identifies and analyses key discursive strategies and their use in the context of the respective state orientations: 'technology-and-industry-know-best' in Finland, 'government-knows-best' in France, and 'markets-know-best' in the UK. The nuclear debates illustrate subtle ongoing transformations in these orientations, notably in the ways in which the relations between markets, the state, and civil society are portrayed in the nuclear debates. - Highlights: → Focus on argumentation on new nuclear power in Finland, France, and the UK. → Nuclear power is justified by climate change, energy security, and independence. → The credibility of discursive strategies varies across countries. → Country-specific state orientations shape the success of discursive strategies. → Discursive strategies contain normative claims about state-society relations.

  8. Mitigating Docker Security Issues

    OpenAIRE

    Yasrab, Robail

    2018-01-01

    It is very easy to run applications in Docker. Docker offers an ecosystem that offers a platform for application packaging, distributing and managing within containers. However, Docker platform is yet not matured. Presently, Docker is less secured as compare to virtual machines (VM) and most of the other cloud technologies. The key of reason of Docker inadequate security protocols is containers sharing of Linux kernel, which can lead to risk of privileged escalations. This research is going t...

  9. Perspectives on Energy Security

    International Nuclear Information System (INIS)

    Carlsson-Kanyama, Annika; Holmgren, Aake J.; Joensson, Thomas; Larsson, Robert L.

    2007-05-01

    A common notion of 'Energy Security' is that it includes access to energy resources without risking the the survival of the state. 'Security of supply' is most often the concept emphasized in the political discourse on energy security and it includes both production as well as secure and safe delivery of energy to the end consumers. Another aspect of energy security is the need for reducing energy consumption by improving energy efficiency. In this report, eight chapters covering these and other perspectives on energy security are presented. Six of the chapters deal with the supply perspective. Included topics cover power politics and geopolitical perspectives regarding large infrastructure projects and the ambitions of the EU in this regard. Further, methods and approaches for conducting risk analyses of electricity supply systems as well as for improving the security of digital control systems are discussed. As climate change will affect the supply and distribution of energy, one chapter presents an overview of this topic. The consumption perspective is discussed against the backdrop of research about household consumption practices and the role of climate change for future consumption levels. Finally, the role of armed forces as a large energy users is touched upon, as well as how so-called 'future studies' have dealt with energy as a topic

  10. Safety and security of energy infrastructures in Europe - the EC - DG JRC's energy risks monitor (ERMON) project

    International Nuclear Information System (INIS)

    Kirchsteiger, C.

    2005-01-01

    Full text: Technological progress is directed towards fulfilling human needs for development and progress. At the same time, the detriments or risks arising from specific technologies can not be avoided. The potential public health, environmental and economic risk impact of technologies is therefore a topic of considerable public and professional debate across all different industry sectors, - from energy production to transport and process industries. This demonstrates the need for all different types of risks to be systematically assessed and managed in order to protect public health and safety, and to limit the environmental and economic impacts of potential accidents. Risk-based methods provide various qualitative and quantitative measures that can significantly support consistent decision-making on managing accidental risks related to a specific technology across its entire life cycle, both for harmful effects inside the installation and off-site (for fixed installations). However, these methods rarely consider the requirements of individuals who suddenly find themselves in need of information on the 'risk dimension' of a certain technology compared to alternatives with similar benefits. Therefore, there is a necessity that risk assessment methods and modeling data are consistent within a specific technology sector or across technological divides so that they can produce results that are, at least in principle, dependable and comparable. The paper starts with mapping of current regulation on managing the risks related to the operation of fixed industrial installations for energy production and chemical process industry in different member states of the enlarged European Union (EU) with regard to consistency in the risk assessment approaches, methods and data as used by industry and as required or recommended by the regulators, and the specific requirements related to damage compensation. The review shows that technological risks are dealt with quite

  11. Secure Java For Web Application Development

    CERN Document Server

    Bhargav, Abhay

    2010-01-01

    As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

  12. Security culture for nuclear facilities

    Science.gov (United States)

    Gupta, Deeksha; Bajramovic, Edita

    2017-01-01

    Natural radioactive elements are part of our environment and radioactivity is a natural phenomenon. There are numerous beneficial applications of radioactive elements (radioisotopes) and radiation, starting from power generation to usages in medical, industrial and agriculture applications. But the risk of radiation exposure is always attached to operational workers, the public and the environment. Hence, this risk has to be assessed and controlled. The main goal of safety and security measures is to protect human life, health, and the environment. Currently, nuclear security considerations became essential along with nuclear safety as nuclear facilities are facing rapidly increase in cybersecurity risks. Therefore, prevention and adequate protection of nuclear facilities from cyberattacks is the major task. Historically, nuclear safety is well defined by IAEA guidelines while nuclear security is just gradually being addressed by some new guidance, especially the IAEA Nuclear Security Series (NSS), IEC 62645 and some national regulations. At the overall level, IAEA NSS 7 describes nuclear security as deterrence and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear, other radioactive substances and their associated facilities. Nuclear security should be included throughout nuclear facilities. Proper implementation of a nuclear security culture leads to staff vigilance and a high level of security posture. Nuclear security also depends on policy makers, regulators, managers, individual employees and members of public. Therefore, proper education and security awareness are essential in keeping nuclear facilities safe and secure.

  13. Hybrid Electricity Markets with Long-Term Risk-Sharing Arrangements: Adapting Market Design to Security of Supply and decarbonization Objectives

    International Nuclear Information System (INIS)

    ROQUES, Fabien; FINON, Dominique

    2017-01-01

    The re-emergence of policy interventionism in electricity markets raises questions as to how market design can best be adapted to meeting the investment challenge associated with security of supply (SoS) and decarbonization objectives. This paper takes an institutionalist approach in terms of modularity of the market design, and reviews the standard historical approach towards competitive markets, in order to analyse the roles and interactions of the initial and additional market 'modules'. We argue that a number of additional modules is required to achieve long-term policy objectives, such as decarbonization and security of supply (SoS). But, in turn, they destabilise the initial modules of the market design, in particular by the entries of renewables. We review the international experience with hybrid market design and draw a number of policy recommendations at to best practices, as well as suggesting ways in which the initial market modules can be improved to prevent inconsistencies with the new modules. The move towards a hybrid market regime, which relies on a combination of planning, long-term risk sharing arrangements and improved markets entrenched in a function of short-term coordination, appears to be unavoidable where decarbonization policies are adopted. (authors)

  14. The Impact of a Home-Delivered Meal Program on Nutritional Risk, Dietary Intake, Food Security, Loneliness, and Social Well-Being.

    Science.gov (United States)

    Wright, Lauri; Vance, Lauren; Sudduth, Christina; Epps, James B

    2015-01-01

    Maintaining independence and continuing to live at home is one solution to manage the rising health care costs of aging populations in the United States; furthermore, seniors are at risk of malnutrition and food insecurity. Home-delivered meal programs are a tool to address food, nutrition, and well-being concerns of this population. Few studies have identified outcomes from these programs; this pilot study reviews the nutritional status, dietary intake, well-being, loneliness, and food security levels of seniors participating in a Meals on Wheels delivery service. Clients, new to the meal program, participated in pre- and postphone interviews, and 51 seniors completed the study. The survey was composed of five scales or questionnaires, and statistical analyses were conducted using SPSS. Improvements across all five measures were statistically significant after participating two months in the home-delivered meal program. Implications for further research, practice, and the Older Americans Act are discussed.

  15. IRSN opinion survey - The perception of risks and security by the French population. Global results June 2013

    International Nuclear Information System (INIS)

    2013-06-01

    After having commented the most remarkable results (importance of the economic crisis as a major concern for French people before environmental concerns, an improved perception of industrial risks, the Fukushima accident is fading away but specific traces remain, expectations regarding nuclear energy), this report, illustrated by several graphs, presents and discusses the results of an annual opinion survey on the present concerns of French people (in the present society, for the environment, and as far as science is concerned), the opinion of French people on expertise (about who must control a risky installation, about the role and image of scientific experts, about the diffusion and sharing of scientific expertise, and about the perception of pluralistic structures), on the attitude of French people in front of 33 risk situations (risks to which French people feel exposed to, confidence of French people in authorities to protect them, the truth of information on hazards, the hierarchy of 33 situations according to three aspects and their relationship with installation acceptability). The fourth part addresses more particularly the nuclear sector: nuclear risk, ability and credibility of interveners, debate on energy transition. A last part addresses the perception of the Fukushima accident. Graphs notably present the evolution of opinions with respect to last year or over the past years

  16. Technical and governance considerations for advanced metering infrastructure/smart meters: Technology, security, uncertainty, costs, benefits, and risks

    International Nuclear Information System (INIS)

    McHenry, Mark P.

    2013-01-01

    The fundamental role of policymakers when considering Advanced Metering Infrastructure (AMI), or ‘smart meters for energy and water infrastructure is to investigate a broad range of complex interrelated issues. These include alternative technical and non-technical options and deployment needs, the cost and benefits of the infrastructure (risks and mitigation measures), and the impact of a number of stakeholders: consumers, distributors, retailers, competitive market operators, competing technology companies, etc. The scale and number of potential variables in the AMI space is an almost unprecedented challenge to policymakers, with the anticipation of new ancillary products and services, associated market contestability, related regulatory and policy amendments, and the adequacy of consumer protection, education, and safety considerations requiring utmost due-diligence. Embarking on AMI investment entails significant technical, implementation, and strategic risk for governments and administering bodies, and an active effort is required to ensure AMI governance and planning maximises the potential benefits, and minimise uncertainties, costs, and risks to stakeholders. This work seeks to clarify AMI fundamentals and discusses the technical and related governance considerations from a dispassionate perspective, yet acknowledges many stakeholders tend to dichotomise debate, and obfuscate both advantages and benefits, and the converse. - Highlights: • AMI presents an almost unprecedented technical and governance policy challenge. • AMI enables vertical integration of electricity, gas, water, IT, and telco entities • AMI investments involve major technical, implementation, and strategic decisions. • Adequacy of consumer education, safety, privacy, and protection is paramount. • Policy must maximise AMI benefits and minimise uncertainties, costs, and risks

  17. OPTIONS FOR USE OF APPROPRIATE ANTICOAGULANT THERAPY IN PATIENTS WITH THERMAL INJURY WITH A HIGH RISK OF THROMBOEMBOLIC COMPLICATIONS DEVELOPMENT ASSOCIATED WITH RECURRENT INTESTINAL BLEEDING

    Directory of Open Access Journals (Sweden)

    V. S. Borisov

    2015-01-01

    Full Text Available ABSTRACT. Patients with major thermal injury require anticoagulant therapy during almost the whole period of the burn disease, forcing the physician to balance constantly between the risk of possible bleeding associated with surgical treatment and the risk of thrombosis development in patients demonstrating a number of factors predisposing to the development of VTС. We report a clinical case of appropriate anticoagulant therapy using the new oral anticoagulants in a patient with a high risk of VTС development and recurrent bleeding from the tumor of the ascending colon. 

  18. Biosafety and Biosecurity: A Relative Risk-Based Framework for Safer, More Secure, and Sustainable Laboratory Capacity Building.

    Science.gov (United States)

    Dickmann, Petra; Sheeley, Heather; Lightfoot, Nigel

    2015-01-01

    Laboratory capacity building is characterized by a paradox between endemicity and resources: countries with high endemicity of pathogenic agents often have low and intermittent resources (water, electricity) and capacities (laboratories, trained staff, adequate regulations). Meanwhile, countries with low endemicity of pathogenic agents often have high-containment facilities with costly infrastructure and maintenance governed by regulations. The common practice of exporting high biocontainment facilities and standards is not sustainable and concerns about biosafety and biosecurity require careful consideration. A group at Chatham House developed a draft conceptual framework for safer, more secure, and sustainable laboratory capacity building. The draft generic framework is guided by the phrase "LOCAL - PEOPLE - MAKE SENSE" that represents three major principles: capacity building according to local needs (local) with an emphasis on relationship and trust building (people) and continuous outcome and impact measurement (make sense). This draft generic framework can serve as a blueprint for international policy decision-making on improving biosafety and biosecurity in laboratory capacity building, but requires more testing and detailing development.

  19. Biosafety and Biosecurity: A relative risk-based framework for safer, more secure and sustainable laboratory capacity building

    Directory of Open Access Journals (Sweden)

    Petra eDickmann

    2015-10-01

    Full Text Available Background: Laboratory capacity building is characterized by a paradox between endemicity and resources: Countries with high endemicity of pathogenic agents often have low and intermittent resources (water, electricity and capacities (laboratories, trained staff, adequate regulations. Meanwhile, countries with low endemicity of pathogenic agents often have high containment facilities with costly infrastructure and maintenance governed by regulations. The common practice of exporting high biocontainment facilities and standards is not sustainable and concerns about biosafety and biosecurity require careful consideration. Methods: A group at Chatham House developed a draft conceptual framework for safer, more secure and sustainable laboratory capacity building. Results: The draft generic framework is guided by the phrase ‘LOCAL – PEOPLE – MAKE SENSE’ that represents three major principles: capacity building according to local needs (local with an emphasis on relationship and trust-building (people and continuous outcome and impact measurement (make sense. Conclusions: This draft generic framework can serve as a blueprint for international policy decision-making on improving biosafety and biosecurity in laboratory capacity building, but requires more testing and detailing development.

  20. [Chronic low back pain and associated risk factors, in patients with social security medical attention: A case-control study].

    Science.gov (United States)

    Durán-Nah, Jaime Jesús; Benítez-Rodríguez, Carlos René; Miam-Viana, Emilio Jesús

    2016-01-01

    Chronic low back pain (CLBP) is frequently seen in the orthopedic outpatient consultation. The aim of this paper is to identify risk factors associated with CLBP in patients cared for during the year 2012, at a General Hospital belonging to Instituto Mexicano del Seguro Social, in Yucatán, Mexico. Data of 95 patients with CLBP (cases) was compared with data of 190 patients without CLBP (controls) using a binary logistic model (BLM), from which odd ratios (OR) and 95 % confidence intervals (95 % CI) were obtained. School level, body mass index (BMI) as a continuous variable, story of heavy weight lifting, some types of comorbidities and dyslipidemia, were identified as statistically significant in the bivariate analysis (p ≤ 0.05 each). In a second step, secondary school level (OR 0.25, 95 % CI: 0.08-0.81), dyslipidemia (OR 0.26, 95 % CI: 0.12-0.56), heavy weights lifting (OR 0.22, 95 % CI: 0.12-0.42), and BMI (OR 1.22, 95 % CI: 1.12-1.32) were all identified by the BLM as statistically significant. In this sample, secondary school level, dislipidemia and heavy weights lifting reduced the risk of CLBP, while the BMI increased the risk.

  1. Reducing the threat of RDDs. It's not enough to plug gaps in security systems for radioactive sources. Needed are integrated 'cradle-to-grave' controls to prevent high-risk sources from finding their way into the wrong hands

    International Nuclear Information System (INIS)

    Ferguson, C.D.

    2003-01-01

    Common radioactive materials, such as commercial radioactive sources used in medicine, industry, and scientific research, could fuel radiological dispersal devices (RDDs). While the IAEA has worked toward improving the security of radioactive sources long before the September 11 attacks, the IAEA moved quickly after this date to increase its efforts to prevent these materials from becoming tools of radiological terror. IAEA Director General Elbaradei has spoken often about the need for a 'cradle-to-grave' protection system for radioactive materials. While the IAEA and several Member States have striven to establish such a system, more thinking and work are still required to develop an integrated, layered, and cooperative defense system for radioactive source security. Security improvement should be prioritized on those radioactive sources that pose the greatest security risks. Although perfect security systems do not exist a layered security system should be established. This means that multiple barriers should be in place to lessen the likelihood of a radiological terror act. A summary of the findings of the International Conference on Security of Radioactive sources held in March 2003 is included in this paper

  2. Securing Hadoop

    CERN Document Server

    Narayanan, Sudheesh

    2013-01-01

    This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

  3. Grid Security

    CERN Multimedia

    CERN. Geneva

    2004-01-01

    The aim of Grid computing is to enable the easy and open sharing of resources between large and highly distributed communities of scientists and institutes across many independent administrative domains. Convincing site security officers and computer centre managers to allow this to happen in view of today's ever-increasing Internet security problems is a major challenge. Convincing users and application developers to take security seriously is equally difficult. This paper will describe the main Grid security issues, both in terms of technology and policy, that have been tackled over recent years in LCG and related Grid projects. Achievements to date will be described and opportunities for future improvements will be addressed.

  4. Cryptographic Combinatorial Securities Exchanges

    Science.gov (United States)

    Thorpe, Christopher; Parkes, David C.

    We present a useful new mechanism that facilitates the atomic exchange of many large baskets of securities in a combinatorial exchange. Cryptography prevents information about the securities in the baskets from being exploited, enhancing trust. Our exchange offers institutions who wish to trade large positions a new alternative to existing methods of block trading: they can reduce transaction costs by taking advantage of other institutions’ available liquidity, while third party liquidity providers guarantee execution—preserving their desired portfolio composition at all times. In our exchange, institutions submit encrypted orders which are crossed, leaving a “remainder”. The exchange proves facts about the portfolio risk of this remainder to third party liquidity providers without revealing the securities in the remainder, the knowledge of which could also be exploited. The third parties learn either (depending on the setting) the portfolio risk parameters of the remainder itself, or how their own portfolio risk would change if they were to incorporate the remainder into a portfolio they submit. In one setting, these third parties submit bids on the commission, and the winner supplies necessary liquidity for the entire exchange to clear. This guaranteed clearing, coupled with external price discovery from the primary markets for the securities, sidesteps difficult combinatorial optimization problems. This latter method of proving how taking on the remainder would change risk parameters of one’s own portfolio, without revealing the remainder’s contents or its own risk parameters, is a useful protocol of independent interest.

  5. Thermal insulation

    International Nuclear Information System (INIS)

    Durston, J.G.; Birch, W.; Facer, R.I.; Stuart, R.A.

    1977-01-01

    Reference is made to liquid metal cooled nuclear reactors. In the arrangement described the reactor vessel is clad with thermal insulation comprising a layer of insulating blocks spaced from the wall and from each other; each block is rigidly secured to the wall, and the interspaces are substantially closed against convectional flow of liquid by resilient closure members. A membrane covering is provided for the layer of blocks, with venting means to allow liquid from the reactor vessel to penetrate between the covering and the layer of blocks. The membrane covering may comprise a stainless steel sheet ribbed in orthogonal pattern to give flexibility for the accommodation of thermal strain. The insulating blocks may be comprised of stainless steel or cellular or porous material and may be hollow shells containing ceramic material or gas fillings. (U.K.)

  6. Information Security Governance: When Compliance Becomes More Important than Security

    OpenAIRE

    Tan , Terence C. C.; Ruighaver , Anthonie B.; Ahmad , Atif

    2010-01-01

    International audience; Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational secu...

  7. Radioactive Waste SECURITY

    International Nuclear Information System (INIS)

    Brodowski, R.; Drapalik, M.; Gepp, C.; Gufler, K.; Sholly, S.

    2010-01-01

    The purpose of this work is to investigate the safety requirements for a radioactive waste repository, the fundamental problems involved and the legislative rules and arrangements for doing so. As the title already makes clear, the focus of this work is on aspects that can be assigned to the security sector - ie the security against the influence of third parties - and are to be distinguished from safety measures for the improvement of the technical safety aspects. In this context, mention is made of events such as human intrusion into guarded facilities, whereas e.g. a geological analysis on seismic safety is not discussed. For a variety of reasons, the consideration of security nuclear waste repositories in public discussions is increasingly taking a back seat, as ia. Terrorist threats can be considered as negligible risk or well calculable. Depending on the type of storage, different security aspects still have to be considered. (roessner)

  8. A semi-quantitative risk assessment method for analyzing the level of risk associated with parameters in design of thermal heavy oil Steam Assisted Gravity Drainage (SAGD) pipelines

    Energy Technology Data Exchange (ETDEWEB)

    Farrokhzad, M.A. [IMV Projects Inc., Alberta (Canada)

    2009-07-01

    During the design stage of a thermal heavy oil pipeline, the design engineer should include the consideration of more factors than what is normally used for the design of a conventional pipeline. In the Steam Assisted Gravity Drainage (SAGD) production, for the extraction of bitumen from oily soil, it is required that a stream of hot and pressurized steam (over 300 deg C) to be injected into the oil reservoir. The steam reaches the oily soil reservoir from a steam sour such as boilers by traveling through above-ground pipeline arrangements. As a result of the steam injection into the well site, bitumen oil is released from the oily soil. The produced bitumen also consists of high pressure and temperature (over 200 deg C) and requires a gathering pipeline arrangement for traveling to the processing plant. During the layout design, both steam injection and hot production lines are usually designed parallel with each other by using a series of anchor-loop-anchor supported by steel structures and pilings. The coexistence of two extremely hot pipelines (Injecting Steam and Production pipelines) on the aboveground pipe rack should be designed with extreme care. The higher than normal design temperature of these lines creates considerable lateral and longitudinal movements and heavy loads on the supporting structure and piling. In addition, since both lines contain high pressure mediums, the design engineer shall include a few more parameters than what is normally considered for conventional pipelines. These parameters include; sustain loads, slug forces, natural frequency, mechanical interactions, frictional forces on anchors and guides, and mechanical engagement of supporting components, as well as the effects of these loads on the steel structure-piling and their reaction with the surrounding soil. In addition the design engineer shall be aware of any potential failures associated with these physical and mechanical parameters, the impact and probability rationales and

  9. Conceptualizing energy security

    International Nuclear Information System (INIS)

    Winzer, Christian

    2012-01-01

    Energy security is one of the main targets of energy policy. However, the term has not been clearly defined, which makes it hard to measure and difficult to balance against other policy objectives. We review the multitude of definitions of energy security. They can be characterized according to the sources of risk, the scope of the impacts, and the severity filters in the form of the speed, size, sustention, spread, singularity and sureness of impacts. Using a stylized case study for three European countries, we illustrate how the selection of conceptual boundaries along these dimensions determines the outcome. This can be avoided by more clearly separating between security of supply and other policy objectives. This leads us to the definition of energy security as the continuity of energy supplies relative to demand. - Highlights: ► The widest energy security concept includes all risks that are caused by or have an impact on the energy supply chain. ► Authors narrow this down by choosing different risk sources, impact measures and subjective severity filters in their definitions. ► The selection of conceptual boundaries determines outcome of quantitative studies.

  10. Convergence of Corporate and Information Security

    OpenAIRE

    Syed; Rahman, M.; Donahue, Shannon E.

    2010-01-01

    As physical and information security boundaries have become increasingly blurry many organizations are experiencing challenges with how to effectively and efficiently manage security within the corporate. There is no current standard or best practice offered by the security community regarding convergence; however many organizations such as the Alliance for Enterprise Security Risk Management (AESRM) offer some excellent suggestions for integrating a converged security program. This paper rep...

  11. Literature Review on Cyber Security Investment Decisions

    OpenAIRE

    ŞENTÜRK, Hakan; ÇİL, Celal Zaim; SAĞIROĞLU, Şeref

    2016-01-01

    Severe financial losses incurred by cyber security attacks with increasing complexity and frequency, as well as booming cyber security sector offering variety of products as investment options have led the focus of the research in the field to the economic dimension of cyber security. The need for determination of methods to be used when making cyber security investment decisions under budget constraints have become prominent. In five sections as the cyber security investment strategies, risk...

  12. Implementing an Information Security Program

    Energy Technology Data Exchange (ETDEWEB)

    Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

    2017-11-01

    The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

  13. Social Security.

    Science.gov (United States)

    Social and Labour Bulletin, 1983

    1983-01-01

    This group of articles discusses a variety of studies related to social security and retirement benefits. These studies are related to both developing and developed nations and are also concerned with studying work conditions and government role in administering a democratic social security system. (SSH)

  14. Using intervention mapping for the development of a targeted secure web-based outreach strategy named SafeFriend, for Chlamydia trachomatis testing in young people at risk.

    Science.gov (United States)

    Theunissen, Kevin A T M; Hoebe, Christian J P A; Crutzen, Rik; Kara-Zaïtri, Chakib; de Vries, Nanne K; van Bergen, Jan E A M; van der Sande, Marianne A B; Dukers-Muijrers, Nicole H T M

    2013-10-22

    Many young people at high risk for Chlamydia trachomatis (Ct) are not reached by current sexual health care systems, such as general practitioners and public sexual health care centres (sexually transmitted infection clinics).Ct is the most frequently diagnosed bacterial sexually transmitted infection (STI) among sexually active people and in particular young heterosexuals. Innovative screening strategies are needed to interrupt the transmission of Ct among young people and connect the hidden cases to care. Intervention Mapping (IM), a systematic approach to develop theory- and evidence-based interventions, was used to develop a strategy to target Ct testing towards young people who are currently hidden to care in The Netherlands. Both clinical users (i.e. sexual health care nurses) and public users (i.e., young people at risk for Ct) were closely involved in the IM process. A needs assessment study was carried out using semi-structured interviews among users (N = 21), a literature search and by taking lessons learned from existing screening programmes. Theoretical methods and practical applications to reach high risk young people and influence testing were selected and translated into specific programme components. The IM approach resulted in the development of a secure and web-based outreach Ct screening strategy, named SafeFriend. It is developed to target groups of high-risk young people who are currently hidden to care. Key methods include web-based Respondent Driven Sampling, starting from young Ct positive sexual health care centre clients, to reach and motivate peers (i.e., sex partners and friends) to get tested for Ct. Testing and the motivation of peers were proposed as the desired behavioural outcomes and the Precaution Adoption Process Model was chosen as theoretical framework. End users, i.e., young people and sexual health care nurses were interviewed and included in the development process to increase the success of implementation. IM proved useful

  15. Information security management handbook

    CERN Document Server

    Tipton, Harold F

    2006-01-01

    Access Control Systems and Methodology. Telecommunications and Network Security. Security Management Practices. Application Program Security. Cryptography. Computer, System, and Security Architecture. Operations Security. Business Continuity Planning and Disaster Recovery Planning. Law, Investigation and Ethics. Physical Security.

  16. Using collateral to secure loans

    OpenAIRE

    Yaron Leitner

    2006-01-01

    In “Using Collateral to Secure Loans,” Yaron Leitner asks: Why is collateral used to secure some loans, but not others? And why does collateral potentially involve more risk? He considers these questions, looking at some of the explanations for using collateral, focusing on its benefits and drawbacks.

  17. No nuclear safety without security

    International Nuclear Information System (INIS)

    Anon.

    2016-01-01

    ead of Health and Safety - Nuclear Safety and Corporate Security at ENGIE Benelux, Pierre Doumont has the delicate job of defining and implementing measures, including cybersecurity, to prevent the risk of malevolent acts against tangible and intangible assets. He gives some hints on the contribution of nuclear security to safety.

  18. Information Security and the Internet.

    Science.gov (United States)

    Doddrell, Gregory R.

    1996-01-01

    As business relies less on "fortress" style central computers and more on distributed systems, the risk of disruption increases because of inadequate physical security, support services, and site monitoring. This article discusses information security and why protection is required on the Internet, presents a best practice firewall, and…

  19. Computer security

    CERN Document Server

    Gollmann, Dieter

    2011-01-01

    A completely up-to-date resource on computer security Assuming no previous experience in the field of computer security, this must-have book walks you through the many essential aspects of this vast topic, from the newest advances in software and technology to the most recent information on Web applications security. This new edition includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection. Serving as a helpful introduction, this self-study guide is a wonderful starting point for examining the variety of competing sec

  20. Secure PVM

    Energy Technology Data Exchange (ETDEWEB)

    Dunigan, T.H.; Venugopal, N.

    1996-09-01

    This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.