FS-OpenSecurity: A Taxonomic Modeling of Security Threats in SDN for Future Sustainable Computing

Directory of Open Access Journals (Sweden)

Yunsick Sung

2016-09-01

Full Text Available Software Defined Networking (SDN has brought many changes in terms of the interaction processes between systems and humans. It has become the key enabler of software defined architecture, which allows enterprises to build a highly agile Information Technology (IT infrastructure. For Future Sustainability Computing (FSC, SDN needs to deliver on many information technology commitments—more automation, simplified design, increased agility, policy-based management, and network management bond to more liberal IT workflow systems. To address the sustainability problems, SDN needs to provide greater collaboration and tighter integration with networks, servers, and security teams that will have an impact on how enterprises design, plan, deploy and manage networks. In this paper, we propose FS-OpenSecurity, which is a new and pragmatic security architecture model. It consists of two novel methodologies, Software Defined Orchestrator (SDO and SQUEAK, which offer a robust and secure architecture. The secure architecture is required for protection from diverse threats. Usually, security administrators need to handle each threat individually. However, handling threats automatically by adapting to the threat landscape is a critical demand. Therefore, the architecture must handle defensive processes automatically that are collaboratively based on intelligent external and internal information.

Security Requirements for New Threats at International Airports

Directory of Open Access Journals (Sweden)

Gabriel Nowacki

2018-03-01

Full Text Available The paper refers to security requirements for new threats international airports, taking specifically into consideration current challenges within processing of passengers, in light of types of current major threats, in a way ensuring positive passenger experience within their journey. In addition, within the scope of this paper, presented initial outcome of study research among professional aviation stakeholder?s environment, on current threats in the area of security and protection of airport infrastructure. The airports are a very demanding environment: seasonal traffic, fluctuating passenger volumes and last minute changes mean there is a lot of flexibility required in order to meet specific needs of airport authorities and their clients or the passengers (Dolnik, 2009. Therefore, security in aviation sector has been a big issue for civil aviation authorities, as airports are susceptible targets for terrorist attacks. The list of incidents is extensive and gets longer every year despite strict security measures. Within decades, aviation has become the backbone of our global economy bringing people to business, tourists to vacation destinations and products to markets. Statistically flying remains the safest mode of travelling compared to other modes of transportation. However, simultaneously terrorists and criminals continue in their quest to explore new ways of disrupting air transportation and the challenge to secure airports and airline assets remain real. This calls for greater awareness of security concerns in the aviation sector. The key element, how to protects against terrorist modus operandi, is to stay ahead of recent threats, incidents and breaches occurring worldwide. It requires implementation of effective data sharing systems, in order to proactively monitor potential risks and vulnerabilities within different type of aviation ecosystems.

Modeling and Security Threat Assessments of Data Processed in Cloud Based Information Systems

Directory of Open Access Journals (Sweden)

Darya Sergeevna Simonenkova

2016-03-01

Full Text Available The subject of the research is modeling and security threat assessments of data processed in cloud based information systems (CBIS. This method allow to determine the current security threats of CBIS, state of the system in which vulnerabilities exists, level of possible violators, security properties and to generate recommendations for neutralizing security threats of CBIS.

Increasing Awareness of Insider Information Security Threats in Human Resource Department

OpenAIRE

Burcin Cetin Karabat; Cagatay Karabat

2012-01-01

An insider threat for companies is defined as a threat caused by malicious user who is an employee company. In recent years, there are number of work on insider threats in information security technologies. These works shows that companies should increasingly and seriously should take into account these threats. Human factors in companies constitute one of the weakest links in information security technology and its products used in human resource (HR) management departments. In the literatur...

Cross-selling lending and underwriting : scope economies and incentives

OpenAIRE

Laux, Christian; Walz, Uwe

2009-01-01

We highlight the implications of combining underwriting services and lending for the choice of underwriters and for competition in the underwriting business. We show that cross-selling can increase underwriters' incentives, and we explain three phenomena: first, that cross-selling is important for universal banks to enter the investment banking business; second, that cross-selling is particularly attractive for highly leveraged borrowers; third, that less-than-market rates are no prerequisite...

Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

Science.gov (United States)

Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

2017-09-01

Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

Computer security threats faced by small businesses in Australia

OpenAIRE

Hutchings, Alice

2012-01-01

In this paper, an overview is provided of computer security threats faced by small businesses. Having identified the threats, the implications for small business owners are described, along with countermeasures that can be adopted to prevent incidents from occurring. The results of the Australian Business Assessment of Computer User Security (ABACUS) survey, commissioned by the Australian Institute of Criminology (AIC), are drawn upon to identify key risks (Challice 2009; Richards 2009). Addi...

Collective Study On Security Threats In VOIP Networks

Directory of Open Access Journals (Sweden)

Muhammad Zulkifl Hasan

2017-01-01

Full Text Available The Collective study will critically evaluate the voice over internet protocol VOIP Security threats issues amp challenges in the communication over the network the solution provided by different vendors. Authors will be discussing all security issues different protocols but main focus will be on SIP protocol its implementation and vendors VOIP security system.

Problems and Tools for the Detection of Threats to Personnel Security in the Region

Directory of Open Access Journals (Sweden)

Natalia Victorovna Kuznetsova

2016-12-01

Full Text Available The investigation of threats negatively affecting the state and the development of human resources as well as the varieties of security threats is of particular importance in the theory and practice of personnel security measures. The purpose of the article is to identify and classify the ideas of the main threats to personnel security of the region (the research is carried out on the example of the Irkutsk region. On the basis of the content analysis of Russian regulatory legal acts and scientific publications, external and internal threats to personnel security of the region are highlighted. As a result, the list of threats to personnel security of the region consisting of 37 stands is composed. The political, economic, demographic, social, technical and technological, ecological, legal, ethnocultural forms of threats are demonstrated. The authors came to the conclusion that the internal threats to personnel security of the region (first of all socio-economic are dominant. An assessment of the urgency and relevance of the threats to the personnel security of the region is given. With the use of the technology of the hierarchical factorial analysis, the types of threats (factors of the lowest level were identified and their influence on the general level of the urgency of personnel security threats (a factor of the highest level is estimated. It is revealed that legal threats, as well as threats caused by the low labour potential of the region, have the most significant impact on the estimation of the urgency of threats. The study applies the following analysis methods — a content analysis, the analysis of linear and cross-distribution, hierarchical factor and correlation analysis. The analysis is based on the data of the expert survey conducted in the Irkutsk region (2015. To determine the relationship (coherence of the expert evaluations, the Kendall’s coefficient of concordance is calculated. The received results can be used for studying

EMP Threats to US National Security: Congressional Responses

Science.gov (United States)

Huessy, Peter

2011-04-01

The US Congress is considering how best to respond to concerns that EMP is a real and present danger to US security. The threats come from a variety of areas: solar storms, non-nuclear EMP from man-made machines and devices; and nuclear EMP from a nuclear device exploded above CONUS or other critical areas important to the United States and its allies. Responses have to date included passage in the House of legislation to protect the electrical grid in the United States from such threats and hearings before the Homeland Security Committee. Additional efforts include examining missile defense responses, protection of the maritime domain, and hardening of US military and related civilian infrastructure. The House of Representatives has also examined what Europe, the European Union and NATO, both government and private industry, have done in these areas. Complicating matters are related issues of cyber-security and overall homeland security priorities.

KENYA’S CONSTITUTION AND CHILD TRAFFICKING AS A SECURITY THREAT

Directory of Open Access Journals (Sweden)

E.O.S. ODHIAMBO

2012-01-01

Full Text Available Human trafficking also referred to as modern-day slavery is seen as a security threat. Traditional security approaches to human trafficking call for analysis of trafficking as a threat to the Kenyan state and to Kenya’s control of its borders. Traditional security analyses of trafficking emphasize border security, migration controls, and international law enforcement cooperation. This article discusses three forms of child trafficking: sexual exploitation, forced labor and child soldiers and argues that the newly promulgated Kenyan constitution in chapter three on citizenship has a provision that can be interpreted as encouraging child trafficking.

PENGARUH REPUTASI UNDERWRITER DAN REPUTASI AUDITOR TERHADAP UNDERPRICING

Directory of Open Access Journals (Sweden)

Nurfauziah Nurfauziah

2015-11-01

Full Text Available AbstractStock prices in the primary market are set by agreement between the issuer with the underwriter. Underwriters have more information to the request of the issuer's shares, so the information can be used to obtain optimal agreement with the issuer is to minimize the risk of having to buy shares that are not sold cheaply. With that reputation, share price offered in the primary market is lower than expected after stocks entered in the secondary market or did not happen underpricing. Auditors are also able to influence the level of underpricing. Auditor reputation of quality and professionalism demonstrated auditors audited the financial statements of the company. Using auditors of reputation will reduce the opportunities for issuers to cheat in presenting inaccurate information to the market. For this reason, it is needed; a study examines the effect of Underwriter Reputation and Auditor Reputation on Underpricng. The research was carried out on companies that experience underpricing at initial public offering in 2007 until 2009. Based on examining 42 companies that have been underpricing showing no effect of both underwriter and auditor reputation toward underpricing individually as well as all together.Keywords: IPO, underwriter, auditor, underpricing.AbstrakHarga saham di pasar perdana ditetapkan berdasarkan kesepakatan antara emiten dengan underwriter. Underwriter memiliki informasi yang lebih banyak terhadap permintaan saham-saham emiten, sehingga informasi tersebut dapat digunakan untuk memperoleh kesepakatan optimal dengan emiten yaitu dengan memperkecil risiko keharusan membeli saham yang tidak laku terjual dengan harga murah. Dengan reputasinya itu, harga saham yang ditawarkan di pasar perdana diharapkan tidak lebih rendah dibandingkan setelah saham masuk di pasar sekunder atau tidak terjadi underpricing. Auditor juga mampu mempengaruhi tingkat underpricing. Reputasi auditor menunjukkan kualitas dan profesionalisme auditor yang

Secure in insecurity: The case of threat perception/acceptance in the Philippines

Directory of Open Access Journals (Sweden)

Amador IV Peleo

2015-12-01

Full Text Available Current theoretical and policy-based explanations of security in the Philippines have portrayed “politics” and “security” as distinct and separate fields. However, the recent “2011–2016 National Security Policy: Securing the Gains of Democracy”, has conflated “security” and “politics”, as may be observed in its two national security goals “to promote internal socio-political stability” and “to exercise full sovereignty over its territory”. Although likely derived from administrative expediency, the composite policy definition is also likely to result in the conceptualisation of political goals that are only partially attainable and of a security environment that will remain “unsecured”. As this appears to be a norm of governance in the Philippines, this paper examines the possibility that national security policy-making is likely more concerned with the survival of the regime during which the policy was created rather than with the long-term stabilisation of the entire state. Several theories may be useful in accounting for this behaviour; namely, small states conflict theory, securitisation theory and threat normalisation theory. This paper is intended to show that the definition of threat corresponds to threat-acceptance and may likely lead to threat-toleration than to threat-resolution.

The underwriting process of liability insurance in South Africa

Directory of Open Access Journals (Sweden)

Anderson, S. E.

2014-03-01

Full Text Available Liability risks may embody far-reaching financial consequences for individuals, business enterprises and professional people. This paper focuses on the underwriting process which should be taken into consideration by short-term insurers when they are underwriting the main types of liability insurance, which include employer’s, householder’s, personal, product, professional and public liability insurance. The improvement of financial decision-making by short-term insurers when underwriting liability insurance represents the objective of this research. A study of secondary data was done to identify the existing literature, which formed the basis for compiling a questionnaire to obtain primary data. The top 10 short-term insurers which are the market leaders of liability insurance in South Africa and who received more than 85% of the annual gross written premiums for liability insurance in South Africa, represented the sample of the empirical study. This paper highlights the importance of the underwriting factors concerning liability insurance, how often the stipulations of insurance policies should be adjusted by the short-term insurers to account for the underwriting factors, as well as the problem areas which the underwriters may experience when they are underwriting liability insurance. Possible solutions to solve the problem areas were also addressed

The cyber security threat stops in the boardroom.

Science.gov (United States)

Scully, Tim

The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.

17 CFR 270.27d-1 - Reserve requirements for principal underwriters and depositors to carry out the obligations to...

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Reserve requirements for....27d-1 Reserve requirements for principal underwriters and depositors to carry out the obligations to... reserve and as security for the purpose of assuring the refund of charges required by sections 27(d) and...

Information Warfare, Threats and Information Security

Directory of Open Access Journals (Sweden)

Dmitriy Nikolaevich Bespalov

2014-01-01

Full Text Available The article presents the opposite, but dependent on each other's reality - Revolutionary War information,information security goals and objectives of their study within the scheme "challenge-response", methodological and analytical support, the role of elites and the information society in promoting information security. One of the features of contemporaneityis the global spread of ICT, combined with poor governance and other difficulties in the construction of innovation infrastructures that are based on them in some countries. This leads to the reproduction of threats, primarily related to the ability to use ICT for purposes that are inconsistent with the objectives of maintaining international peace and security, compliance with the principles of non-use of force, non-interference in the internal affairs of states, etc. In this regard, include such terms as "a threat of information warfare", "information terrorism" and so forth. Information warfare, which stay in the policy declared the struggle for existence, and relationships are defined in terms of "friend-enemy", "ours-foreign". Superiority over the opponent or "capture of its territory" is the aim of political activity. And information security, serving activities similar process of political control, including a set of components, is a technology until their humanitarian. From the context and the decision itself is the ratio of the achieved results of information and political influence to the target - a positive image of Russia. Bringing its policy in line with the demands of a healthy public opinion provides conductivity of theauthorities initiatives in the country and increases the legitimacy of the Russian Federation actions in the world.

Structured settlement annuities, part 1: overview and the underwriting process.

Science.gov (United States)

Schmidt, C J; Singer, R B

2000-01-01

Structured settlement underwriting is the underwriting of medically impaired lives for the purchase of an annuity to fund the settlement. Other than risk assessment, structured settlement (SS) underwriting has little in common with traditional life insurance underwriting. Most noteworthy of these differences is the relative lack of actuarial data on which to base decisions about mortality and the necessity for prospective thinking about risk assessment. The purpose of this paper is to provide a foundation for understanding the structured settlement business and to contrast the underwriting of structured settlements with that of traditional life insurance. This is the first part of a two-part article on SS annuities. Part 2 deals with the mortality experience in SS annuitants and the life-table methodology used to calculate life expectancy for annuitants at increased mortality risk.

Security, Privacy, Threats and Risks in Cloud Computing ― A Vital Review

OpenAIRE

Goyal, Sumit

2016-01-01

Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (p...

A study of insider threat in nuclear security analysis using game theoretic modeling

International Nuclear Information System (INIS)

Kim, Kyo-Nam; Yim, Man-Sung; Schneider, Erich

2017-01-01

Highlights: • Implications of an insider threat in nuclear security were quantitatively analyzed. • The analysis was based on of a hypothetical nuclear facility and using game theoretic approach. • Through a sensitivity analysis, vulnerable paths and important parameters were identified. • The methodology can be utilized to prioritize the implementation of PPS improvements in a facility. - Abstract: An Insider poses a greater threat to the security system of a nuclear power plant (NPP) because of their ability to take advantage of their access rights and knowledge of a facility, to bypass dedicated security measures. If an insider colludes with an external terrorist group, this poses a key threat to the safety-security interface. However, despite the importance of the insider threat, few studies have been conducted to quantitatively analyze an insider threat. This research examines the quantitative framework for investigating the implications of insider threat, taking a novel approach. Conventional tools assessing the security threats to nuclear facilities focus on a limited number of attack pathways. These are defined by the modeler and are based on simple probabilistic calculations. They do not capture the adversary’s intentions nor do they account for their response and adaptation to defensive investments. As an alternative way of performing physical protection analysis, this research explores the use of game theoretic modeling of Physical Protection Systems (PPS) analysis by incorporating the implications of an insider threat, to address the issues of intentionality and interactions. The game theoretic approach has the advantage of modeling an intelligent adversary and insider who has an intention to do harm and complete knowledge of the facility. Through a quantitative assessment and sensitivity analysis, vulnerable but important parameters in this model were identified. This made it possible to determine which insider threat is more important. The

The global threat reduction initiative's radiological security cooperation with Russia - 59361

International Nuclear Information System (INIS)

Blanchard, Tiffany A.; Abramson, William J.; Russell, James W. Jr.; Roberts, Catherine K.

2012-01-01

The United States (U.S.) Department of Energy (DOE) / National Nuclear Security Administration's (NNSA) Global Threat Reduction Initiative (GTRI) supports both U.S. and international threat reduction goals by securing vulnerable nuclear and radiological material located at civilian sites throughout the world. GTRI's approach to reducing the threat posed by vulnerable, high-activity radioactive sources includes removing and disposing of orphan or disused radioactive sources; implementing physical security upgrades at civilian sites containing radioactive sources; and establishing a cooperative sustainability program at sites to ensure that upgrades are maintained. For many years GTRI has collaborated successfully with the Russian Federation and international partners to improve radiological security in Russia. This paper provides a synopsis of GTRI's accomplishments and cooperation with Russia in the following areas: 1.) recovering and disposing of orphan and disused radioactive sources, 2.) recovering and disposing of radioisotope thermoelectric generators (RTGs), and 3.) providing physical security upgrades at civilian sites that contain vulnerable radiological material. The success of GTRI's program to secure radiological material in the Russian Federation over the past decade is due largely to the hard work, technical expertise, and tenacity of the U.S. laboratory teams and the Russian partner organizations with whom GTRI has worked. GTRI plans to continue building on this history of cooperation in order to recover and secure additional, vulnerable radioactive sources in locations throughout Russia. GTRI also is committed to sustainability efforts so that facilities in Russia receiving physical protection equipment and training are prepared to eventually assume responsibility for those security upgrades. In the years to come, GTRI will combine financial support with capacity building to enhance Russia's domestic programs to address these challenges. Through

Security Evaluation of the Cyber Networks under Advanced Persistent Threats

NARCIS (Netherlands)

Yang, L.; Li, Pengdeng; Yang, Xiaofan; Tang, Yuan Yan

2017-01-01

Advanced persistent threats (APTs) pose a grave threat to cyberspace, because they deactivate all the conventional cyber defense mechanisms. This paper addresses the issue of evaluating the security of the cyber networks under APTs. For this purpose, a dynamic model capturing the APT-based

Review of July 2013 Nuclear Security Insider Threat Exercise November 2013

Energy Technology Data Exchange (ETDEWEB)

Pederson, Ann C. [ORNL; Snow, Catherine L. [ORNL; Townsend, Jeremy [ORNL; Shannon, Michael [ORNL

2013-11-01

This document is a review of the Nuclear Security Insider Threat Exercise which was hosted at ORNL in July 2013. Nuclear security culture and the insider threat are best learned through experience. Culture is inherently difficult to teach, and as such is best learned through modeled behaviors and learning exercise. This TTX, NSITE, is a tool that strives to aid students in learning what an effective (and ineffective) nuclear security culture might look like by simulating dynamic events that strengthen or weaken the nuclear security regime. The goals of NSITE are to stimulate complex thought and discussion and assist decision makers and management in determining the most effective policies and procedures for their country or facility.

13 CFR 115.15 - Underwriting and servicing standards.

Science.gov (United States)

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Underwriting and servicing standards. 115.15 Section 115.15 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION SURETY BOND... underwriting and the Surety's principles and practices on unguaranteed bonds. The Principal must satisfy the...

The Threat of Security: Hindering Technology Integration in the Classroom

Science.gov (United States)

Robinson, LeAnne K.; Brown, Abbie; Green, Tim

2007-01-01

For the last year the authors have been gathering examples of how perceived "threats of security" are hampering the integration of technology in teaching and learning. They hope that educators will examine both the challenges of increased security demands and ways in which security might enhance, rather than detract from, the use of technology for…

R2U2: Monitoring and Diagnosis of Security Threats for Unmanned Aerial Systems

Science.gov (United States)

Schumann, Johann; Moosbruger, Patrick; Rozier, Kristin Y.

2015-01-01

We present R2U2, a novel framework for runtime monitoring of security properties and diagnosing of security threats on-board Unmanned Aerial Systems (UAS). R2U2, implemented in FPGA hardware, is a real-time, REALIZABLE, RESPONSIVE, UNOBTRUSIVE Unit for security threat detection. R2U2 is designed to continuously monitor inputs from the GPS and the ground control station, sensor readings, actuator outputs, and flight software status. By simultaneously monitoring and performing statistical reasoning, attack patterns and post-attack discrepancies in the UAS behavior can be detected. R2U2 uses runtime observer pairs for linear and metric temporal logics for property monitoring and Bayesian networks for diagnosis of security threats. We discuss the design and implementation that now enables R2U2 to handle security threats and present simulation results of several attack scenarios on the NASA DragonEye UAS.

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

Science.gov (United States)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

Infrastructure, Attitude and Weather: Today’s Threats to Supply Chain Security

Directory of Open Access Journals (Sweden)

Stephen Blank

2016-06-01

Full Text Available The global economy can be viewed today as a myriad of border-crossing supply chain networks of production, supply, distribution and marketing systems. Given the enormous value embodied in these systems, and an environment increasingly characterized by uncertainty and vulnerability, it is not surprising that concern about supply chain security has intensified. Concern takes many forms. For example, how supply chains might be used as vehicles for criminal activity (smuggling, trafficking of narcotics and importing counterfeit goods or acts of terrorism (radio-active materials, bombs, even nukes in containers. Technology-based threats to supply chains, such as cybercrimes, data breaches and IT failures, now appear more frequently in the literature on supply chain security. These threats could result in substantial disruption to supply chains and damage to companies and their customers.Clima But larger storms are brewing, whose menace to supply chain security is greater still – and where actions to protect supply chains move more slowly. These include the continued deterioration of transportation infrastructure, a new posture on trade which views supply chains as threats to jobs and wages, and the impact of climate change. These threats do not lie off in the distant future; they are threats of today and tomorrow.

Threats to information security in a highly organized system of the “Smart city”

Science.gov (United States)

Kurcheeva, G. I.; Denisov, V. V.; Khvorostov, V. A.

2017-01-01

The article discusses issues related to comprehensive development and introduction of technologies such as “Smart city”. The urgency of accelerating the development of such highly organized systems, primarily in terms of reducing threats to information security, is emphasized in the paper. In accordance with authors’ analysis of the composition and structure of the threats to information security, “Accessibility”, “Integrity” and “Confidentiality” are highlighted. Violation of any of them leads to harmful effects on the information and other system resources. The protection of “Accessibility” mobilizes one third of all efforts to ensure information security that must be taken into account when allocating protective actions. The threats associated with failure of the supporting infrastructure are also significantly reduced. But the threats associated with failures of the system itself and failures of users are clearly increasing. There is a high level of society and production informatization, and the threats to information security are changing accordingly.

Addressing the Cyber-security and Cyber-terrorism Threats [video

OpenAIRE

Robi Sen; Center for Homeland Defense and Security Naval Postgraduate School

2015-01-01

While cyber terrorism is a relatively new threat in the world of national defense, the security issues we face are not necessarily new as a genre. In this segment, Chief Science Officer Robi Sen draws on the changing attitudes towards the cyber world. Topics include cooperation between law enforcement and hackers, the major motivations behind criminal hacking, and the realistic threats of cyber terrorism.

Discrete-Event Simulation with Agents for Modeling of Dynamic Asymmetric Threats in Maritime Security

National Research Council Canada - National Science Library

Ng, Chee W

2007-01-01

.... Discrete-event simulation (DES) was used to simulate a typical port-security, local, waterside-threat response model and to test the adaptive response of asymmetric threats in reaction to port-security procedures, while a multi-agent system (MAS...

Nuclear security: A global response to a global threat

International Nuclear Information System (INIS)

Amano, Yukiya

2016-01-01

The threat of nuclear terrorism is real. The possibility of criminals getting hold of nuclear and other radioactive material cannot be ruled out. Much progress has been made in tackling this threat nationally, regionally and globally, but more needs to be done. International cooperation is vital. As the global platform for cooperation in nuclear security, the IAEA helps countries to establish and maintain robust and sustainable national nuclear security regimes. We help ensure that measures are taken to protect nuclear and other radioactive material, as well as the facilities in which such material is housed, from malicious acts. This has been an important year for nuclear security with the entry into force of the Amendment to the Convention on the Physical Protection of Nuclear Material. This establishes legally binding commitments for countries to protect nuclear facilities as well as nuclear material in domestic use, storage and transport. I encourage all countries that have not yet done so to adhere to this Amendment and thereby contribute to a stronger global nuclear security regime. In this edition of the IAEA Bulletin, you will learn about the different areas of security where our work is making a real difference. We highlight the progress made in a number of countries.

Nuclear Threats and Security

Directory of Open Access Journals (Sweden)

Garry Jacobs

2012-10-01

Full Text Available This article presents highlights and insights from the International Conference on “Nuclear Threats and Security” organized by the World Academy of Art and Science in association with the European Leadership Network and the Dag Hammarskjöld University College of International Relations and Diplomacy and sponsored by NATO at the Inter-University Centre, Dubrovnik on September 14-16, 2012. The conference examined important issues related to nuclear non-proliferation and disarmament, the legality of nuclear weapons and their use, illicit trade in nuclear materials, the dangers of nuclear terrorism, nuclear- and cyber-security. Papers and video recordings of the major presentations and session summaries can be found here.

Software Development Initiatives to Identify and Mitigate Security Threats - Two Systematic Mapping Studies

Directory of Open Access Journals (Sweden)

Paulina Silva

2016-12-01

Full Text Available Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC; while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

A Cyber Security Risk Assessment of Hospital Infrastructure including TLS/SSL and other Threats

OpenAIRE

Millar, Stuart

2016-01-01

Cyber threats traditionally target governments, financial institutions and businesses. However, of growing concern is the threat to healthcare organizations. This study conducts a cyber security risk assessment of a theoretical hospital environment, to include TLS/SSL, which is an encryption protocol for network communications, plus other physical, logical and human threats. Despite significant budgets in the UK for the NHS, the spend on cyber security appears worryingly low and many hospital...

Threats to the National Economic Security of Ukraine at the Current Stage

Directory of Open Access Journals (Sweden)

Kuharskaya Natalia A.

2017-04-01

Full Text Available It is substantiated that the most important factor of the national economic security of the country is to match both the economic and the industrial relations systems to the economic development of the country. The article provides detailed consideration of the particularities of occurrence of threats to the national economic security of Ukraine by allocating seven major structural blocks, in which threats were not overcome during the years of independence, and some of them even became intensified: 1 institutional sphere; 2 social sphere; 3 financial sphere; 4 shadowing and corruptness of economy; 5 a high level of physical wear and tear of fixed assets and of the production infrastructure; 6 de-industrialization of economy; 7 innovative development. The main components of the national economic security, which would assist in overcoming these threats, have been developed.

The Food Security of Ukraine: Status, Threats, Prospects

Directory of Open Access Journals (Sweden)

Rudnichenko Yevhenii M.

2017-08-01

Full Text Available The article analyzes the existing approaches to the normative treatment of the category of «food security». An author’s own definition of the concept of «food security» has been proposed, which must be understood as the status of provision to society foods of adequate quality and sufficient quantity. An author’s own approach as to the feasibility of applying qualitative parameters for food security assessment and a critical attitude to quantitative indicators has been formulated. The Food security index and the Ukrainian rating for 2012-2016 with emphasizing the negative tendencies and developments have been provided. The article also provides a detailed characterization of the main indicators of Ukraine’s food security in 2016 by the three directions, which are: financial accessibility of foods; physical accessibility of foods; food quality and safety. Strengths and weaknesses of Ukraine’s food security and the main threats to food security were determined, the main prospects were allocated.

12 CFR 528.2a - Nondiscriminatory appraisal and underwriting.

Science.gov (United States)

2010-01-01

... 12 Banks and Banking 5 2010-01-01 2010-01-01 false Nondiscriminatory appraisal and underwriting. 528.2a Section 528.2a Banks and Banking OFFICE OF THRIFT SUPERVISION, DEPARTMENT OF THE TREASURY NONDISCRIMINATION REQUIREMENTS § 528.2a Nondiscriminatory appraisal and underwriting. (a) Appraisal. No savings...

Rethinking climate change as a security threat

Energy Technology Data Exchange (ETDEWEB)

Schoch, Corinne

2011-10-15

Once upon a time climate change was a strictly environment and development issue. Today it has become a matter of national and international security. Efforts to link climate change with violent conflict may not be based on solid evidence, but they have certainly captured the attention of governments. They have played a vital role in raising the much-needed awareness of climate change as an issue that deserves global action. But at what cost? Focusing on climate change as a security threat alone risks devolving humanitarian responsibilities to the military, ignoring key challenges and losing sight of those climate-vulnerable communities that stand most in need of protection.

RUSSIA'S ECONOMIC SECURITY: THREATS TO NATIONAL INTERESTS AND THEIR REFLECTION

Directory of Open Access Journals (Sweden)

M. N. Dudin

2014-01-01

Full Text Available The relevance of this study due to the fact that at the present time the situation inRussiais complemented by the negative consequences of market reforms in the economy. According to statistical studies in the country with infl ation of about 10% per year among the total population of more than 20% of people with incomes below the subsistence minimum, and the income gap between the highest-income populations and low-income groups more than 12 times. The inequitable distribution of material and spiritual wealth, unemployment (over 9%, ignoring the legitimate rights and interests of a particular person and their direct violation, corruption, alcoholism, drug addiction largely led to the reproduction of aggression, violence in the country. The recession has limited the ability of the material support of the institutions of culture, education, health. The majority of the population is a feeling of uncertainty, future uncertainty, anxiety, loss of landmarks.Objectives The purpose of this work is the identifi cation and characterization of threats to economic security of theRussian Federationat the present time, and to develop recommendations for the prevention of threats to the national interests ofRussia.Method’s. The methodological basis of this article was legal, comparative and economic-statistical methods of analysis. Results. In the framework of the submitted article, the authors found that threats to the economic security ofRussiaare potential dangers that can occur when inept and ineffi cient use of economic resources ofRussiaon the domestic and foreign markets. Major threats to the economic security of theRussian Federationare: bankruptcy, weak absorption lines; corruption; threats to small business development; investment crisis, the massive outfl ow of capital; the crisis in the social sphere; food addiction; the crisis of industrial policy, as well as strengthening the role and place of TNCs.Conclusions and Relevance. The practical

Evolution of the perception of the threats to security in Spain

Directory of Open Access Journals (Sweden)

Rafael Grasa

1993-07-01

Full Text Available security was internal, in other words, subversion and opposition to the regime. Public opinion, however, revealed that characteristics very different to those in the context of the western block existed, such as a void perception of the soviet threat as opposed to a marked antiamericanism for its support of the regime.This legacy of threats weighed heavily during the transition together with the existence of a cleavage between the armed forces, the political actors and public opinion regarding the real necessity of intergration into NATO. In the eighties there exists a clear differentiation between the threats perceived by public opinion and those considered by the political elites. With regard to the former,serious threats to Spain do not exist. only certain concerns when the subject of security took on importance in the field of public opinion, such as during the referendum campaign over NATO in 1986 which was mixed with the scarce perception of the soviet threat, theconstant danger represented by the United States and the slight rise in those who believed in the Moroccan threat, and the impact of the Gulf War in 1991 and the consequent increase of the threat represented by the arab countries. For the political actors, the mainthreat contemplated was the protection of territorial integrity on a stage closer to the western Mediterranean instead of a global threat to the western block something only considered at a theoretical level with the strategic concept of Spanish defence within the framework of participation in NATO.From 1992 onwards with the Defence Directive, the threat concept is replaced by that of risk and which recovers the importance given over to North Africa. It is argued in the belief that security is indivisible and must be shared not only with the European members. A greater convergence is also initiated in the nineties between the political actors and public opinion with respect to considering what are the risks in a global

THE EFFECT OF MULTINATIONAL UNDERWRITING FIRMS ON INTELLECTUAL CAPITAL DISCLOCURE IN INDONESIAN IPO PROSPECTUSES

Directory of Open Access Journals (Sweden)

Dezie L. Warganegara

2017-03-01

Full Text Available The objective of this study was to investigate the effects of multinational underwriters on intellectual capitaldisclosure in Indonesian IPO prospectuses. Intellectual capital disclosure practices were driven by the adviceof underwriters. Multinational underwriters had a greater capacity to produce more relevant information so itreduced the information gap for IPO market participants. The information included IC disclosure practices inIPO prospectuses. This study found that the nationality of underwriting firms positively affected the extent ofintellectual capital disclosure in Indonesian IPO prospectuses. Exposure to IPOs in other countries and theability to combine dispersed knowledge across their international branches seemed to have a positive effect onmulti-national underwriting firms in as much as it led to a higher standard of disclosure of intellectual capitalthan that of local underwriting firms.

METHODS FOR ASSESSING SECURITY THREATS CONFIDENTIAL INFORMATION FOR THE INFORMATION AND TELECOMMUNICATIONS SYSTEMS

Directory of Open Access Journals (Sweden)

E. V. Belokurova

2015-01-01

Full Text Available The article discusses the different approaches to assessing the safety of confidential information-term for information and telecommunication systems of various pre-appreciable destination in the presence of internal and external threats to its integrity and availability. The difficulty of ensuring the security of confidential information from exposure to information and telecommunication systems of external and internal threats at the present time, is of particular relevance. This problem is confirmed by the analysis of available statistical information on the impact of threats on the security circulating in the information and telecommunications system. Leak confidential information, intellectual property, information, know-how is the result of significant material and moral damage caused to the owner of the restricted information. The paper presents the structure of the indicators and criteria shows that the most promising are analytical criteria. However, their use to assess the level of security of confidential information is difficult due to the lack of appropriate mathematical models. The complexity of the problem is that existing traditional mathematical models are not always appropriate for the stated objectives. Therefore, it is necessary to develop mathematical models designed to assess the security of confidential information and its impact on information and telecommunication system threats.

A Game Theoretic Approach to Nuclear Security Analysis against Insider Threat

Energy Technology Data Exchange (ETDEWEB)

Kim, Kyonam; Kim, So Young; Yim, Mansung [Korea Advanced Institute of Science and Technology, Daejeon (Korea, Republic of); Schneider, Erich [Univ. of Texas at Austin, Texas (United States)

2014-05-15

As individuals with authorized access to a facility and system who use their trusted position for unauthorized purposes, insiders are able to take advantage of their access rights and knowledge of a facility to bypass dedicated security measures. They can also capitalize on their knowledge to exploit any vulnerabilities in safety-related systems, with cyber security of safety-critical information technology systems offering an important example of the 3S interface. While this Probabilistic Risk Assessment (PRA) approach is appropriate for describing fundamentally random events like component failure of a safety system, it does not capture the adversary's intentions, nor does it account for adversarial response and adaptation to defensive investments. To address these issues of intentionality and interactions, this study adopts a game theoretic approach. The interaction between defender and adversary is modeled as a two-person Stackelberg game. The optimal strategy of both players is found from the equilibrium of this game. A defender strategy consists of a set of design modifications and/or post-construction security upgrades. An attacker strategy involves selection of a target as well as a pathway to that target. In this study, application of the game theoretic approach is demonstrated using a simplified test case problem. Novel to our approach is the modeling of insider threat that affects the non-detection probability of an adversary. The game-theoretic approach has the advantage of modelling an intelligent adversary who has an intention and complete knowledge of the facility. In this study, we analyzed the expected adversarial path and security upgrades with a limited budget with insider threat modeled as increasing the non-detection probability. Our test case problem categorized three groups of adversary paths assisted by insiders and derived the largest insider threat in terms of the budget for security upgrades. Certainly more work needs to be done to

A Game Theoretic Approach to Nuclear Security Analysis against Insider Threat

International Nuclear Information System (INIS)

Kim, Kyonam; Kim, So Young; Yim, Mansung; Schneider, Erich

2014-01-01

As individuals with authorized access to a facility and system who use their trusted position for unauthorized purposes, insiders are able to take advantage of their access rights and knowledge of a facility to bypass dedicated security measures. They can also capitalize on their knowledge to exploit any vulnerabilities in safety-related systems, with cyber security of safety-critical information technology systems offering an important example of the 3S interface. While this Probabilistic Risk Assessment (PRA) approach is appropriate for describing fundamentally random events like component failure of a safety system, it does not capture the adversary's intentions, nor does it account for adversarial response and adaptation to defensive investments. To address these issues of intentionality and interactions, this study adopts a game theoretic approach. The interaction between defender and adversary is modeled as a two-person Stackelberg game. The optimal strategy of both players is found from the equilibrium of this game. A defender strategy consists of a set of design modifications and/or post-construction security upgrades. An attacker strategy involves selection of a target as well as a pathway to that target. In this study, application of the game theoretic approach is demonstrated using a simplified test case problem. Novel to our approach is the modeling of insider threat that affects the non-detection probability of an adversary. The game-theoretic approach has the advantage of modelling an intelligent adversary who has an intention and complete knowledge of the facility. In this study, we analyzed the expected adversarial path and security upgrades with a limited budget with insider threat modeled as increasing the non-detection probability. Our test case problem categorized three groups of adversary paths assisted by insiders and derived the largest insider threat in terms of the budget for security upgrades. Certainly more work needs to be done to

Accruals quality, underwriter reputation, and corporate bond underpricing: Evidence from China

Directory of Open Access Journals (Sweden)

Si Xu

2017-12-01

Full Text Available This study examines the relationship between accruals quality and the underpricing of corporate bonds in China and how underwriter reputation affects this relationship. We find that (1 accruals quality is negatively associated with the magnitude of bond underpricing and (2 the impact of low accruals quality on underpricing is partially offset by hiring reputable underwriters. A path analysis shows that approximately 11% of the effect of accruals quality on underpricing is attributable to the indirect path through reputable underwriters, suggesting that accruals quality is more effective than reputable underwriters in lowering bond underpricing. These findings are significant for initial bond offerings, but not for secondary bond offerings. We also find that low accruals quality is associated with more restrictive non-price contract terms such as greater collateral requirements and stricter covenants.

REGIONAL SECURITY IN THE HORN OF AFRICA: CONFLICTS, AGENDAS AND THREATS

Directory of Open Access Journals (Sweden)

Nilton César Fernandes Cardoso

2017-01-01

Full Text Available This paper aims at analyzing security dynamics in the Horn of Africa in the post-independence period, identifying the actors, agendas and threats. For this purpose, it is subdivided into three parts. The first one analyzes the security dynamics taking place in the Horn of Africa during the Cold War period, focusing on the regional rivalries and on the penetration of extraregional actors. In the second part, there is a discussion regarding the transformations which occurred in region in the immediate post-Cold War period, focusing both on the unities’ (states internal security dynamics and on the regional ones. The third and last section aims at identifying “new” threats and regional and international responses, as well as the emerging strategic importance of the region to traditional superpowers in the post-9/11 period, marked by the process of securitization.

Cyber terrorism and cyber-crime – threats for cyber security

OpenAIRE

Ackoski, Jugoslav; Dojcinovski, Metodija

2012-01-01

This paper has aim to give contribution in supporting efforts against cyber threats recognized as a cyber terrorism and cyber crime. Also, it has aim to show future challenges related to cyber security and their emerging threats – cyber war, cyber terrorism and cyber crime. Accelerate weapon development called ICT (Information Communication Technology) which is developed every day faster and faster, and development of human conscious on higher level about consequences of ICT enormous pene...

Entropy and Self-Organization - An Open System Approach to the Origins of Homeland Security Threats

Science.gov (United States)

2015-06-01

to properly understand homeland security threats and their origin directly impacts our ability to prevent or mitigate these threats. “Homeland...of new cognitive approaches or policy tools to eliminate or mitigate homeland security threats, perhaps even at the level of their root causes. A key...to self-similar ‘fractal’ structure. The frequency spectrum of 1/f noise or flicker noise with a power-law spectrum S (f) ≈ f⁻β.” Bak, Tang, and

Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

Science.gov (United States)

Thompson, Eleanor Elizabeth

2014-01-01

That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

Impact of Human Security Threats on Leadership and Political ...

African Journals Online (AJOL)

Human security threats in contemporary Africa have become a major political challenge. Whether it involves sectional conflicts, kidnapping, human trafficking, armed robbery they have continued to exert a far reaching impact on the leadership and political stability in the region. This paper is therefore an attempt to examine ...

Security Threats Emerging from the Middle East and North Africa

OpenAIRE

Çınar, Bekir

2015-01-01

The main security threats affecting the Middle East and North African (MENA) region arise from energy insecurity, immigration and terrorism. These threats would remain if authorities and other stake holders do not address the root causes of the problems, which are artificial national borders, authoritarian regimes and lack of pluralist education. This paper suggests that lifting state borders and setting up regional economic communities such as the EU may ease conflicts in the region which ca...

Illicit trafficking of nuclear and other radioactive material: The 'net' security threat

International Nuclear Information System (INIS)

Zaitseva, L.; Steinhausler, F.

2006-01-01

Illicit trafficking in nuclear and other radioactive material, which could be used for building a nuclear weapon or a radiological dispersal device, has been a subject of concern for more than a decade. A major obstacle to assessing the actual security threat due to nuclear trafficking is the inclusion in the analysis of incidents that do not represent a security threat, in the sense of being a possible pre-stage to a clandestine nuclear weapons programme or a terrorist operation involving a crude nuclear device or a radiological dispersal device. International transport of contaminated scrap metal, or discovery of lost or abandoned radioactive sources are examples of such incidents, which have little or no security relevance. This paper analyses the global data contained in the Database on Nuclear Smuggling, Theft and Orphan Radiation Sources (DSO) using special filters to discriminate between incidents that are of security relevance and those that are not. (author)

Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat/Effort Model

Directory of Open Access Journals (Sweden)

Zehui Wu

2017-01-01

Full Text Available SDN-based controller, which is responsible for the configuration and management of the network, is the core of Software-Defined Networks. Current methods, which focus on the secure mechanism, use qualitative analysis to estimate the security of controllers, leading to inaccurate results frequently. In this paper, we employ a quantitative approach to overcome the above shortage. Under the analysis of the controller threat model we give the formal model results of the APIs, the protocol interfaces, and the data items of controller and further provide our Threat/Effort quantitative calculation model. With the help of Threat/Effort model, we are able to compare not only the security of different versions of the same kind controller but also different kinds of controllers and provide a basis for controller selection and secure development. We evaluated our approach in four widely used SDN-based controllers which are POX, OpenDaylight, Floodlight, and Ryu. The test, which shows the similarity outcomes with the traditional qualitative analysis, demonstrates that with our approach we are able to get the specific security values of different controllers and presents more accurate results.

Predictive medical information and underwriting.

Science.gov (United States)

Dodge, John H

2007-01-01

Medical underwriting involves the application of actuarial science by analyzing medical information to predict the future risk of a claim. The objective is that individuals with like risk are treated in a like manner so that the premium paid is proportional to the risk of future claim.

Strategies to Minimize the Effects of Information Security Threats on Business Performance

Science.gov (United States)

Okoye, Stella Ifeyinwa

2017-01-01

Business leaders in Nigeria are concerned about the high rates of business failure and economic loss from security incidents and may not understand strategies for reducing the effects of information security threats on business performance. Guided by general systems theory and transformational leadership theory, the focus of this exploratory…

Organizational Security Threats Related to Portable Data Storage Devices: Qualitative Exploratory Inquiry

Science.gov (United States)

Cooper, Paul K.

2017-01-01

There has been a significant growth of portable devices capable of storing both personal data as well as sensitive organizational data. This growth of these portable devices has led to an increased threat of cyber-criminal activity. The purpose of this study was to gain a better understanding of security threats to the data assets of organizations…

Smart Grid Security: Threats, Challenges, and Solutions

OpenAIRE

Sanjab, Anibal; Saad, Walid; Guvenc, Ismail; Sarwat, Arif; Biswas, Saroj

2016-01-01

The cyber-physical nature of the smart grid has rendered it vulnerable to a multitude of attacks that can occur at its communication, networking, and physical entry points. Such cyber-physical attacks can have detrimental effects on the operation of the grid as exemplified by the recent attack which caused a blackout of the Ukranian power grid. Thus, to properly secure the smart grid, it is of utmost importance to: a) understand its underlying vulnerabilities and associated threats, b) quanti...

Significance of the institute of appeals under the conditions of increasing threats to national security

Directory of Open Access Journals (Sweden)

A. V. Kapulovskyi

2015-03-01

Full Text Available The article deals with the regulatory and scientific foundation for the development of the institute of citizens’ treatments in terms of obvious internal and external threats to national security. An attempt to construct an applicable model of management of public processes in terms of threats to national security, in which public opinion plays a key value. The fact that a successful resolution of problem of public participation in the preparation and acceptance of political decisions requires not only the presence of the constitutionally enshrined rights and duties and political institutions formed democratically, but also a variety of forms and ways of influencing in the activities of public authorities. At the same time, in a not declared, the so-called »hybrid» war, in which warfare are conducted locally - in some parts of the state and all other public and private institutions function in usual mode, tracking of possible threats to national security and factors that give rise to such threats should be carried out by means of both cleanly military, and civil means and methods. Thus, one of the most effective civil means of tracking such threats are the reception of citizens’ treatments, their processing and the adoption of appropriate response measures, in my opinion. Keywords: national security, public safety, human rights, public authorities, public interest.

Coping with global environmental change, disasters and security: threats, challenges, vulnerabilities and risks

NARCIS (Netherlands)

Brauch, H.G.; Oswald Spring, Ú.; Mesjasz, C.; Grin, J.; Kameri-Mbote, P.; Chourou, B.; Dunay, P.; Birkmann, J.

2011-01-01

This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10

17 CFR 229.801 - Securities Act industry guides.

Science.gov (United States)

2010-04-01

... 17 Commodity and Securities Exchanges 2 2010-04-01 2010-04-01 false Securities Act industry guides... AND CONSERVATION ACT OF 1975-REGULATION S-K List of Industry Guides § 229.801 Securities Act industry... claims and claim adjustment expenses of property-casualty insurance underwriters. (g) Guide 7...

Information security threats in web-portals on the open journal systems platform

Directory of Open Access Journals (Sweden)

Anton A. Abramov

2018-05-01

Full Text Available This article addresses the problem of security threats while working with web portals built on the Open Journal Systems platform. The Open Journal Systems (OJS platform was originally developed as part of the Public Knowledge Project and it is one of the most popular open-source platforms for web journals today. Based on the data available in the Public Knowledge Project, there were more than 10,000 active journals using the open journal systems platform by the end of 2016. A migration of a journal to such advanced and complex platform helps to handle the entire workflow over a single web portal. Therefore it is an important move and only peer-reviewed journals that are part of Russian and Worldwide citation systems go for it. At the same time the problem of keeping privacy for a manuscript before it is published is very important for these journals and for authors who submit it to the journal. The paper describes the most common threats for the web portals on the OJS platform as well as a particular model of the security threats, and suggests the measures that could help to neutralize these threats.

Security Measurement for Unknown Threats Based on Attack Preferences

Directory of Open Access Journals (Sweden)

Lihua Yin

2018-01-01

Full Text Available Security measurement matters to every stakeholder in network security. It provides security practitioners the exact security awareness. However, most of the works are not applicable to the unknown threat. What is more, existing efforts on security metric mainly focus on the ease of certain attack from a theoretical point of view, ignoring the “likelihood of exploitation.” To help administrator have a better understanding, we analyze the behavior of attackers who exploit the zero-day vulnerabilities and predict their attack timing. Based on the prediction, we propose a method of security measurement. In detail, we compute the optimal attack timing from the perspective of attacker, using a long-term game to estimate the risk of being found and then choose the optimal timing based on the risk and profit. We design a learning strategy to model the information sharing mechanism among multiattackers and use spatial structure to model the long-term process. After calculating the Nash equilibrium for each subgame, we consider the likelihood of being attacked for each node as the security metric result. The experiment results show the efficiency of our approach.

A Method to Analyze Threats and Vulnerabilities by Using a Cyber Security Test-bed of an Operating NPP

International Nuclear Information System (INIS)

Kim, Yong Sik; Son, Choul Woong; Lee, Soo Ill

2016-01-01

In order to implement cyber security controls for an Operating NPP, a security assessment should conduct in advance, and it is essential to analyze threats and vulnerabilities for a cyber security risk assessment phase. It might be impossible to perform a penetration test or scanning for a vulnerability analysis because the test may cause adverse effects on the inherent functions of ones. This is the reason why we develop and construct a cyber security test-bed instead of using real I and C systems in the operating NPP. In this paper, we propose a method to analyze threats and vulnerabilities of a specific target system by using a cyber security test-bed. The test-bed is being developed considering essential functions of the selected safety and non-safety system. This paper shows the method to analyze threats and vulnerabilities of a specific target system by using a cyber security test-bed. In order to develop the cyber security test-bed with both safety and non-safety functions, test-bed functions analysis and preliminary threats and vulnerabilities identification have been conducted. We will determine the attack scenarios and conduct the test-bed based vulnerability analysis

A Method to Analyze Threats and Vulnerabilities by Using a Cyber Security Test-bed of an Operating NPP

Energy Technology Data Exchange (ETDEWEB)

Kim, Yong Sik; Son, Choul Woong; Lee, Soo Ill [KHNP CRI, Daejeon (Korea, Republic of)

2016-10-15

In order to implement cyber security controls for an Operating NPP, a security assessment should conduct in advance, and it is essential to analyze threats and vulnerabilities for a cyber security risk assessment phase. It might be impossible to perform a penetration test or scanning for a vulnerability analysis because the test may cause adverse effects on the inherent functions of ones. This is the reason why we develop and construct a cyber security test-bed instead of using real I and C systems in the operating NPP. In this paper, we propose a method to analyze threats and vulnerabilities of a specific target system by using a cyber security test-bed. The test-bed is being developed considering essential functions of the selected safety and non-safety system. This paper shows the method to analyze threats and vulnerabilities of a specific target system by using a cyber security test-bed. In order to develop the cyber security test-bed with both safety and non-safety functions, test-bed functions analysis and preliminary threats and vulnerabilities identification have been conducted. We will determine the attack scenarios and conduct the test-bed based vulnerability analysis.

Weak and Failing States: Evolving Security Threats and U.S. Policy

National Research Council Canada - National Science Library

Wyler, Liana S

2008-01-01

.... national security goal since the end of the Cold War. Numerous U.S. government documents point to several threats emanating from states that are variously described as weak, fragile, vulnerable, failing, precarious, failed, in crisis, or collapsed...

78 FR 46295 - Enterprise Underwriting Standards

Science.gov (United States)

2013-07-31

... 2590-AA53 Enterprise Underwriting Standards AGENCY: Federal Housing Finance Agency. ACTION: Proposed...), (together, the Enterprises) relating to mortgage assets affected by Property Assessed Clean Energy (PACE... that were encumbered by this retrofit lending program that created a priority ahead of the Enterprise...

The Value of Bond Underwriter Relationships

DEFF Research Database (Denmark)

Daetz, Stine Louise; Dick-Nielsen, Jens; Nielsen, Mads Stenbo

and lower underpricing. However, if the underwriter becomes distressed, this spills over to the issuer's credit risk, because it weakens the relationship and increases the risk of involuntary relationship termination. The credit risk spillover is more pronounced for risky, opaque issuers with high rollover...

Prosedur Underwriting Bancassurance dan Asuransi Jiwa Syariah pada PT Asuransi Takaful Keluarga

Directory of Open Access Journals (Sweden)

Ella Patriana

2015-10-01

Full Text Available This study explains the comparative risk selection (of underwriting in bancassurance products and Islamic life insurance products at PT Family Takaful Insurance. The result revealed that the underwriting procedures of each product are different based on their characteristics. Full protection is designed as a simple of underwriting product only with age provisions and administrative requirements. Financing takaful products cover all financing from the banj. Thus, bank which does the insurance process will make these data as basic information about insurance customers. Since the bank is insured and apply risk selection process as risky selection process at most insurance companiesDOI: 10.15408/aiq.v4i1.2093

Risks and threats of tax state security and methods of their neutralization

Directory of Open Access Journals (Sweden)

Y.V. Lebedzevych

2016-12-01

Full Text Available The article substantiates the relevance of the study to ensure security of the state tax. Scientists studied different approaches to defining the essence of the concept of "security tax" on the key features that would satisfy the interests of all subjects of tax relations and the necessity of legal consolidation of this concept. Analyzed the economic, social and legal nature of the existence of the security tax, identified key indicators of fiscal security of Ukraine. To determine the effectiveness of the tax administration in the interests of the tax security highlights the main threats, tax security risks caused by external and internal factors, and propose measures for their elimination and prevent the possibility of their occurrence. The stages of tax risk management with effective building security tax, designed structurally-logic of the tax risk management security.

VIRTUAL REALITY: U.S. INFORMATION SECURITY THREATS CONCEPT AND ITS INTERNATIONAL DIMENSION

OpenAIRE

Elena Vladimirovna Batueva

2014-01-01

The development of ICT and the formation of the global information space changed the agenda of national and international security. Such key characteristics of cyberspace as openness, accessibility, anonymity, and identification complexity determined the rise of actors in cyber space and increased the level of cyber threats. Based on the analyses of the U.S. agencies' approach, the author defines three major groups of threats: use of ICT by states, criminals and terrorists. This concept is sh...

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

Science.gov (United States)

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Dealing with risk: Underwriting sovereign bond issues in London 1870-1914

OpenAIRE

Mikkelsen, Anders L.

2014-01-01

Using the records of several leading 19th century issuing houses, this paper analyses the transformation of underwriting practices in London's primary sovereign bond market from 1870 to 1914. It shows how underwriting risk developed from being a liability, which market intermediaries sought to avoid, to becoming a valuable financial commodity. The impetus for this development was increased competition in the loan business from the 1880s onwards, which weakened the negotiating position of issu...

The shape of uncertainty: underwriting decisions in the face of catastrophic risk

International Nuclear Information System (INIS)

Keykhah, M.

1998-01-01

This paper will explore how insurance and re-insurance underwriters price catastrophe risk from natural perils. It will first describe the theoretical nature of pricing risk, and outline studies of underwriting that propose analyzing decision making from a more behavioral than rational choice perspective. The paper then argues that in order to provide the appropriate context for probability (which is the focus of the studies on decision making under uncertainty), it may be helpful to look at the nature of choice within a market and organizational context. Moreover, the nature of probability itself is explored with a review to construct a broader analysis. Finally, it will be argued that the causal framework of the underwriter, in addition to inductive reasoning, provides a shape to uncertainty. (author)

Computer Security of NPP Instrumentation and Control Systems: Cyber Threats

International Nuclear Information System (INIS)

Klevtsov, A.L.; Trubchaninov, S.A.

2015-01-01

The paper is devoted to cyber threats, as one of the aspects in computer security of instrumentation and control systems for nuclear power plants (NPP). The basic concepts, terms and definitions are shortly addressed. The paper presents a detailed analysis of potential cyber threats during the design and operation of NPP instrumentation and control systems. Eleven major types of threats are considered, including: the malicious software and hardware Trojans (in particular, in commercial-off-the-shelf software and hardware), computer attacks through data networks and intrusion of malicious software from an external storage media and portable devices. Particular attention is paid to the potential use of lower safety class software as a way of harmful effects (including the intrusion of malicious fragments of code) on higher safety class software. The examples of actual incidents at various nuclear facilities caused by intentional cyber attacks or unintentional computer errors during the operation of software of systems important to NPP safety.

VIRTUAL REALITY: U.S. INFORMATION SECURITY THREATS CONCEPT AND ITS INTERNATIONAL DIMENSION

Directory of Open Access Journals (Sweden)

Elena Vladimirovna Batueva

2014-01-01

Full Text Available The development of ICT and the formation of the global information space changed the agenda of national and international security. Such key characteristics of cyberspace as openness, accessibility, anonymity, and identification complexity determined the rise of actors in cyber space and increased the level of cyber threats. Based on the analyses of the U.S. agencies' approach, the author defines three major groups of threats: use of ICT by states, criminals and terrorists. This concept is shared by the majority of the countries involved in the international dialogue on information security issues and is fundamental for providing cyber security policy on both national and international levels. The United States is developing a complex strategy for cyber space that includes maximization of ICT's advantages in all strategically important fields as well as improvement of national information systems and networks security. On the international level the main task for the American diplomacy is to guarantee the U.S. information dominance. The United States is the only country that takes part practically in all international and regional fora dealing with cyber security issues. However process of the development of a global cyber security regime is not going to be fast due to countries' different approaches to key definitions and lack of joint understanding of cyber security issues as well as due to the position of the countries, among all the United States, that are not interested in any new obligatory international norms and principles. Such American policy aims at saving the possibility of using cyberspace capacity in reaching political and military goals, thus keeping the global leadership.

Virtual Reality: U.S. Information Security Threats Concept And Its International Dimension

Directory of Open Access Journals (Sweden)

Elena Vladimirovna Batueva

2014-01-01

Full Text Available The development of ICT and the formation of the global information space changed the agenda of national and international security. Such key characteristics of cyberspace as openness, accessibility, anonymity, and identification complexity determined the rise of actors in cyber space and increased the level of cyber threats. Based on the analyses of the U.S. agencies' approach, the author defines three major groups of threats: use of ICT by states, criminals and terrorists. This concept is shared by the majority of the countries involved in the international dialogue on information security issues and is fundamental for providing cyber security policy on both national and international levels. The United States is developing a complex strategy for cyber space that includes maximization of ICT's advantages in all strategically important fields as well as improvement of national information systems and networks security. On the international level the main task for the American diplomacy is to guarantee the U.S. information dominance. The United States is the only country that takes part practically in all international and regional fora dealing with cyber security issues. However process of the development of a global cyber security regime is not going to be fast due to countries' different approaches to key definitions and lack of joint understanding of cyber security issues as well as due to the position of the countries, among all the United States, that are not interested in any new obligatory international norms and principles. Such American policy aims at saving the possibility of using cyberspace capacity in reaching political and military goals, thus keeping the global leadership.

PROSEDUR UNDERWRITING BANCASSURANCE DAN ASURANSI JIWA SYARIAH PADA PT. ASURANSI TAKÂFUL KELUARGA

Directory of Open Access Journals (Sweden)

Ella Patriana

2016-02-01

Full Text Available This study explains the comparative risk selection (of underwriting in bancassurance products and Islamic life insurance products at PT. Family Takaful Insurance. The result revealed that the underwriting procedures of each product are different based on their characteristics. Full protection is designed as a simple of underwriting product only with age provisions and administrative requirements. Financing takâful products cover all financing from the bank. Thus, bank which does the insurance process will make these data as basic information about insurance customers. Since the bank is insured, and apply risk selection process as risky selection process at most insurance companies.DOI: 10.15408/aiq.v4i1.2543

XRIndex: A brief screening tool for individual differences in security threat detection in x-ray images

Directory of Open Access Journals (Sweden)

Elena eRusconi

2015-08-01

Full Text Available X-ray imaging is a cost-effective technique at security checkpoints that typically require the presence of human operators. We have previously shown that self-reported Attention to Detail can predict threat detection performance with small-vehicle x-ray images (Rusconi et al., 2012. Here we provide evidence for the generality of such a link by having a large sample of naïve participants screen more typical dual-energy x-ray images of hand luggage. The results show that the Attention to Detail score is a linear predictor of threat detection accuracy. We then develop and fine-tune a novel self-report scale for security screening: the XRIndex, which improves on the Attention to Detail scale for predictive power and opacity to interpretation. The XRIndex is not redundant with any of the Big Five personality traits. We validate the XRIndex against security x-ray images with an independent sample of untrained participants and suggest that the XRIndex may be a useful aid for the identification of suitable candidates for professional security training with a focus on x-ray threat detection. Further studies are needed to determine whether this can also apply to trained professionals.

PORT SECURITY-Threats and Vulnerabilities

OpenAIRE

Kusi, Bernard

2015-01-01

The main objective of this thesis is to identify the threats and the vulnerabilities concerning Takoradi port, and finally recommend measure to overcome the identified threats and vul-nerabilities. Various categories of potential threats and vulnerabilities have been studied throughout the literature review. However, because each port presents a unique sets of threats and vulnerabilities, there was a need to look critically into how Takoradi port operations are being conducted in other to ide...

How to define and build an effective cyber threat intelligence capability how to understand, justify and implement a new approach to security

CERN Document Server

Dalziel, Henry; Carnall, James

2014-01-01

Intelligence-Led Security: How to Understand, Justify and Implement a New Approach to Security is a concise review of the concept of Intelligence-Led Security. Protecting a business, including its information and intellectual property, physical infrastructure, employees, and reputation, has become increasingly difficult. Online threats come from all sides: internal leaks and external adversaries; domestic hacktivists and overseas cybercrime syndicates; targeted threats and mass attacks. And these threats run the gamut from targeted to indiscriminate to entirely accidental. Amo

Transactional costs of the interaction between business and government as a threat to the economic security of the state

Directory of Open Access Journals (Sweden)

Evmenov Aleksandr

2018-01-01

Full Text Available The article considers the costs of the interaction between the state and business as a threat to the development of the economy of the Russian Federation from the point of view of ensuring economic security. The authors identified significant obstacles both from the business and from the government side, which pose a threat to economic security. The study is of interest for the further development of a system of providing the economic security of the Russian Federation.

Reducing the global threat of radiological terrorism in Central Asia and Caucus regions. The global threat reduction initiative approach to radioactive source security

International Nuclear Information System (INIS)

Smith, E.

2010-01-01

The security of radioactive sources is of worldwide concern, due to their wide use in civilian commerce and the potentially devastating effects of their misuse. In cooperation with host countries and international partners, the Global Threat Reduction Initiative has utilized a proven process for providing technical and financial assistance to protect radioactive sources in diverse uses and unique circumstances at hundreds of sites worldwide. The mission of the Department of Energy, National Nuclear Security Administration's program includes reducing the risk posed by vulnerable radiological materials that could be used in a Radioactive Dispersal Device). The program's objectives are to identify, consolidate, secure, and/or dispose of high-activity radiological materials to prevent their theft and malicious use. The Global Threat Reduction Initiative Program's scope is global, with projects in over 100 countries at more than 755 radiological sites, including industrial, medical and commercial facilities. In addition to working bilaterally, the Program works closely with the International Atomic Energy Agency (IAEA) and other partner countries. (author)

How do underwriters value initial public offerings? An empirical analysis of the french IPO market

NARCIS (Netherlands)

P.G.J. Roosenboom (Peter)

2007-01-01

textabstractThis paper investigates how French underwriters value the stocks of companies they bring public. Underwriters often use several valuation methods to determine their fair value estimate of the initial public offering (IPO) firm's equity. We investigate five of these valuation methods:

Nuclear Smuggling and Threats to Lithuanian Security

Directory of Open Access Journals (Sweden)

Murauskaitė Eglė

2016-12-01

Full Text Available The article explores threats related to illicit trafficking of radioactive materials and dual-use goods applicable in state level nuclear programs, actualizing the global trends for the Baltic region. The article points to Eastern Europe’s changing risk profile in this respect, as increasing penetration of Russian criminal groups inside Ukraine and the destabilized situations in neighboring countries create an environment where the risk of nuclear smuggling is on the rise. Criminal entities can be seen forming new bonds, with trafficking routes intersecting and zones of influence shifting - consequently, an unusual level of criminal involvement in nuclear smuggling is observed, alongside a geographic shift of smuggling patterns. In addition, states seeking materials and technologies for their military programs have taken a notable interest in this region as a way of circumventing international transit regulations. The article looks at the likely implications of these new nuclear smuggling trends for the security of the Baltic states. It suggests that Lithuania may soon be facing a relatively new threat, and one that it is ill-prepared to counter. The article discusses the risk factors and indicators to watch before that risk becomes reality, and offers ways for Lithuania to contribute to addressing these increasingly acute problems on a regional level.

Cyber Security Insider Threats :: Government’s Role in Protecting India’s Critical Infrastructure Sectors

OpenAIRE

Vohra, Pulkit

2014-01-01

This research identifies the problem of insider threats in the critical infrastructure sectors of India. It is structured to answer the research question: "Why insider threats should be the primary concern for Indian government to protect its critical infrastructure sectors.” It defines the critical infrastructure sectors and portrays the cyber security scenario of India. Also, through the research study, it identifies the lack of awareness and non-seriousness of employees in the critical sec...

Unpacking Terrorism, Revolution and Insurgency in Yemen: Real and Imagined Threats to Regional Security

Directory of Open Access Journals (Sweden)

Alexandra Lewis

2013-10-01

Full Text Available Recent months have seen a seeming escalation in the international threat posed by Al Qaeda in the Arabian Peninsula (AQAP, a terrorist network that has taken Yemen as its regional base of operations. In light of recent attacks, and resulting embassy closures, Yemen is a rising priority in the Western-led War on Terror. However, this has resulted in a side-lining of other security threats in Yemen, which may cause serious challenges to the authority of the Yemeni Government. In reality, the role of AQAP has been heavily manipulated throughout Yemen’s contemporary history: this was most evident during the 2011 Arab Spring, when both sides in the conflict claimed that Al Qaeda operatives were working with members of the other. Two years later, the true nature of the AQAP threat in Yemen is rarely questioned by external observers, yet remains largely shrouded in mystery. There is a need for more critical approaches to the AQAP challenges, which take the broader context of Yemeni security into account.

Children and adolescents facing a continuous security threat: Aggressive behavior and post-traumatic stress symptoms.

Science.gov (United States)

Nuttman-Shwartz, Orit

2017-07-01

There is extensive research evidence indicating that children and youth are the most vulnerable population for developing psychological symptoms relating to war and terror. Although studies have documented a wide range of detrimental emotional and behavioral effects of such exposure, much less is known about the effects of exposure to a continuous security threat for children and adolescents. Against this background, the current article examined the implications of continuous exposure to missile attacks among 1096 children and adolescents enrolled in public schools near the Israeli border with Gaza. Participants filled out quantitative questionnaires, which relate to the pathological consequences of continuous exposure to security threats, and to the role of the school and the community as a protective environment against disruptive behavior resulting from such exposure. The findings revealed that PTSS responses were mainly related to the security threat, whereas interpersonal aggression resulted from other types of traumatic events. Significant differences were found between aggression and posttraumatic symptoms, by age and gender. PTSS was found to be lower for older participants and higher for girls, whereas aggression was higher for boys and higher for older participants. Furthermore, the sense of belonging to the place of residence was negatively associated with PTSS as well as with aggressive behavior: the higher the participants' sense of belonging, the lower their levels of PTSS and aggressive responses. In contrast, the sense of belonging to the school was negatively associated only with aggressive behavior: the higher the participants' sense of belonging to the school, the lower their aggressive responses. The findings are discussed in the light of trauma theories and in light of the results of previous research. The study contributed to knowledge about the differential consequences of exposure to a security threat, and highlighted the importance of

A study of cyber security in hospitality industry- threats and countermeasures: case study in Reno, Nevada

OpenAIRE

Shabani, Neda

2017-01-01

The purpose of this study is to analyze cyber security and security practices of electronic information and network system, network threats, and techniques to prevent the cyber attacks in hotels. Helping the information technology directors and chief information officers (CIO) is the aim of this study to advance policy for security of electronic information in hotels and suggesting some techniques and tools to secure the computer networks. This research is completely qualitative while the cas...

Do New Mobile Devices in Enterprises Pose A Serious Security Threat?

OpenAIRE

Ali A Altalbe

2013-01-01

The purpose of this paper is to introduce a research proposal designed to explore the network securityissues concerning mobile devices protection. Many threats exist and they harm not only computers but handheld devices as well. The mobility of phones and their excessive use make them more vulnerable. The findings suggest a list of protections that can provide high level of security for new mobile devices.

Medical Underwriting In Long-Term Care Insurance: Market Conditions Limit Options For Higher-Risk Consumers.

Science.gov (United States)

Cornell, Portia Y; Grabowski, David C; Cohen, Marc; Shi, Xiaomei; Stevenson, David G

2016-08-01

A key feature of private long-term care insurance is that medical underwriters screen out would-be buyers who have health conditions that portend near-term physical or cognitive disability. We applied common underwriting criteria based on data from two long-term care insurers to a nationally representative sample of individuals in the target age range (50-71 years) for long-term care insurance. The screening criteria put upper bounds on the current proportion of Americans who could gain coverage in the individual market without changes to medical underwriting practice. Specifically, our simulations show that in the target age range, approximately 30 percent of those whose wealth meets minimum industry standards for suitability for long-term care insurance would have their application for such insurance rejected at the underwriting stage. Among the general population-without considering financial suitability-we estimated that 40 percent would have their applications rejected. The predicted rejection rates are substantially higher than the rejection rates of about 20-25 percent of applicants in the actual market. In evaluating reforms for long-term care financing and their potential to increase private insurance rates, as well as to reduce financial pressure on public safety-net programs, policy makers need to consider the role of underwriting in the market for long-term care insurance. Project HOPE—The People-to-People Health Foundation, Inc.

Illicit trafficking of nuclear and other radioactive material: the 'net' security threat

International Nuclear Information System (INIS)

Zaitseva, L.; Steinhaeusler, F.

2005-01-01

Full text: Illicit trafficking in nuclear and other radioactive material, which could lead to the creation of a nuclear device or a radiological dispersal device (RDD), has been a subject of concern for more than a decade now. This concern became even more pronounced after the September 11 th attacks in the United States, which demonstrated that modern day terrorists are willing and capable of inflicting mass casualties among civilian population in target countries in order to further their goals. The problem of illicit trafficking - intentional diversion and smuggling of nuclear fissile material and radioactive sources - has been closely watched and studied by several national institutions and international organizations. This resulted in the establishment of several nuclear smuggling databases, tracking illicit trafficking incidents. The number of such incidents for a given period varies widely between the different databases, reflecting the different sources of information used, the different geographical regions covered, as well as the different methodologies applied to data mining and data analysis. One major obstacle to assessing the actual security threat due to illicit trafficking is the inclusion of incidents in the analysis, which do not represent a security threat in the sense of being the pre-stage of a terrorist operation or a malevolent act. Such incidents mainly involve inadvertent movement of illegally disposed of radioactive sources in scrap metal or contaminated goods across international borders and discoveries of so called 'orphan' radiation sources. This paper analyzes the global data contained in the database on nuclear smuggling, theft and orphan radiation sources (DSTO) operated by the University of Salzburg, using special filters to discriminate between illicit trafficking incidents involving a criminal intent and those that do not. Thereby, the net security threat of illicit trafficking will be determined to help provide a realistic

Security of Cooperative Intelligent Transport Systems: Standards, Threats Analysis and Cryptographic Countermeasures

Directory of Open Access Journals (Sweden)

Elyes Ben Hamida

2015-07-01

Full Text Available Due to the growing number of vehicles on the roads worldwide, road traffic accidents are currently recognized as a major public safety problem. In this context, connected vehicles are considered as the key enabling technology to improve road safety and to foster the emergence of next generation cooperative intelligent transport systems (ITS. Through the use of wireless communication technologies, the deployment of ITS will enable vehicles to autonomously communicate with other nearby vehicles and roadside infrastructures and will open the door for a wide range of novel road safety and driver assistive applications. However, connecting wireless-enabled vehicles to external entities can make ITS applications vulnerable to various security threats, thus impacting the safety of drivers. This article reviews the current research challenges and opportunities related to the development of secure and safe ITS applications. It first explores the architecture and main characteristics of ITS systems and surveys the key enabling standards and projects. Then, various ITS security threats are analyzed and classified, along with their corresponding cryptographic countermeasures. Finally, a detailed ITS safety application case study is analyzed and evaluated in light of the European ETSI TC ITS standard. An experimental test-bed is presented, and several elliptic curve digital signature algorithms (ECDSA are benchmarked for signing and verifying ITS safety messages. To conclude, lessons learned, open research challenges and opportunities are discussed.

Security Analysis System to Detect Threats on a SIP VoIP Infrasctructure Elements

Directory of Open Access Journals (Sweden)

Filip Rezac

2011-01-01

Full Text Available SIP PBX is definitely the alpha and omega of any IP telephony infrastructure and frequently also provides other services than those related to VoIP traffic. These exchanges are, however, very often the target of attacks by external actors. The article describes a system that was developed on VSB-TU Ostrava as a testing tool to verify if the target VoIP PBX is adequately secured and protected against any real threats. The system tests the SIP element for several usually occurring attacks and it compiles evaluation of its overall security on the basis of successfully or unsuccessfully penetrations. The article describes the applications and algorithms that are used by system and the conclusion consists recommendations and guidelines to ensure effective protection against VoIP PBX threats. The system is designed as an open-source web application, thus allowing independent access and is fully extensible to other test modules.

MINIMIZATION OF IMPACTS PERTAINING TO EXTERNAL AND INTERNAL ENERGY SECURITY THREATS OF THERMAL POWER PLANTS

Directory of Open Access Journals (Sweden)

V. N. Nagornov

2012-01-01

Full Text Available The paper contains a classification of internal and external threats for thermal power plants and recommendations on minimization of these risks. A set of concrete measures aimed at ensuring TPP energy security has been presented in the paper. The system comprises preventive measures aimed at reducing the possibilities of emergence and implementation of internal and external threats. The system also presupposes to decrease susceptibility of fuel- and energy supply systems to the threats, and application of liquidation measures that ensure elimination of emergency situation consequences and restoration of the conditions concerning fuel- and power supply to consumers.

AR.Drone: security threat analysis and exemplary attack to track persons

Science.gov (United States)

Samland, Fred; Fruth, Jana; Hildebrandt, Mario; Hoppe, Tobias; Dittmann, Jana

2012-01-01

In this article we illustrate an approach of a security threat analysis of the quadrocopter AR.Drone, a toy for augmented reality (AR) games. The technical properties of the drone can be misused for attacks, which may relate security and/or privacy aspects. Our aim is to sensitize for the possibility of misuses and the motivation for an implementation of improved security mechanisms of the quadrocopter. We focus primarily on obvious security vulnerabilities (e.g. communication over unencrypted WLAN, usage of UDP, live video streaming via unencrypted WLAN to the control device) of this quadrocopter. We could practically verify in three exemplary scenarios that this can be misused by unauthorized persons for several attacks: high-jacking of the drone, eavesdropping of the AR.Drones unprotected video streams, and the tracking of persons. Amongst other aspects, our current research focuses on the realization of the attack of tracking persons and objects with the drone. Besides the realization of attacks, we want to evaluate the potential of this particular drone for a "safe-landing" function, as well as potential security enhancements. Additionally, in future we plan to investigate an automatic tracking of persons or objects without the need of human interactions.

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

Energy Technology Data Exchange (ETDEWEB)

McDonald, K [Mayo Clinic, Rochester, MN (United States); Curran, B [The Warren Alpert Medical School of Brown University, Providence, RI (United States)

2014-06-15

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusion Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

International Nuclear Information System (INIS)

McDonald, K; Curran, B

2014-01-01

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusion Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment

Today's threat and tomorrow's reaction

International Nuclear Information System (INIS)

Moore, L.R.

2002-01-01

Full text: The events of September 11 have only confirmed our past nightmares and warnings to industries, agencies, and governments. The threat of even more significant catastrophic attacks, using nuclear materials, was just as real ten years ago, as it is today. In many cases, our vulnerability remains the same as years ago. There is a dire need for all organizations to agree upon threats and vulnerabilities, and to implement appropriate protections, for nuclear materials or other 'means' to achieve an event of mass destruction. All appropriate organizations (industries, agencies, and governments) should be able to define, assess, and recognize international threats and vulnerabilities in the same manner. In complimentary fashion, the organizations should be able to implement safeguards against this consistent generic threat. On an international scale the same threats, and most vulnerabilities, pose high risks to all of these organizations and societies. Indeed, in today's world, the vulnerabilities of one nation may clearly pose great risk to another nation. Once threats and vulnerabilities are consistently recognized, we can begin to approach their mitigation in a more 'universal' fashion by the application of internationally recognized and accepted security measures. The path to recognition of these security measures will require agreement on many diverse issues. However, once there is general agreement, we can then proceed to the acquisition of diverse national and international resources with which to implement the security measures 'universally' to eliminate 'weak-links' in the chain of nuclear materials, on a truly international scale. I would like to discuss: developing a internationally acceptable 'generic' statement of threat, vulnerability assessment process, and security measure; proposing this international statement of threat, vulnerability assessment process, and appropriate security measures to organizations (industries, agencies, and governments

A study on the promotion of Japan's Nuclear Security Culture. Based on the Implementing Guide of IAEA and actually-occurred threat cases

International Nuclear Information System (INIS)

Inamura, Tomoaki

2014-01-01

The ministerial ordinance relating to the Nuclear Reactor Regulation Law, revised in 2012, requires licensees of nuclear facilities to establish a system to foster Nuclear Security Culture. However, such measures are introduced without thorough consideration of essentials of Nuclear Security Culture. This report aims to provide deeper understanding of the concept and raise issues relating to implementation of nuclear security measures by reviewing the Implementing Guide of Nuclear Security Culture published by International Atomic Energy Agency and related documents, as well as analyzing security threats that actually happened recently. The results are summarized as follows: 1) Two beliefs, namely, 'a credible threat exists' and 'nuclear security is important', form the basis of Nuclear Security Culture. Nuclear Security Culture bears a high degree of resemblance to Nuclear Safety Culture because the both assume the same organizational culture model. The differences between the two are derived from whether the malevolence of adversaries should be taken into consideration or not. As the questioning attitude plays an important role to implant the two beliefs, a proper management system of Nuclear Security Culture is necessary to cultivate it. 2) Based on the related documents and an analysis of the cases of actual threats, the following viewpoints should be made clear: (a) the role of the actors of Nuclear Security Culture, (b) flexible sensitivity to share the same understanding about the credible threat, (c) systematic revision of the related regulation about sensitive information management and security clearance of the personnel, and complementary measures such as hotline, (d) measures to encourage the positive action of the personnel, (e) how to construct continuous cycle of improvement of Nuclear Security Culture at state level. (author)

Secure Threat Information Exchange across the Internet of Things for Cyber Defense in a Fog Computing Environment

Directory of Open Access Journals (Sweden)

Mihai-Gabriel IONITA

2016-01-01

Full Text Available Threat information exchange is a critical part of any security system. Decisions regarding security are taken with more confidence and with more results when the whole security context is known. The fog computing paradigm enhances the use cases of the already used cloud computing systems by bringing all the needed resources to the end-users towards the edge of the network. While fog decentralizes the cloud, it is very important to correlate security events which happen in branch offices around the globe for correct and timely decisions. In this article, we propose an infrastructure based on custom locally installed OSSEC agents which communicate with a central AlienVault deployment for event correlation. The agents are based on a neural network which takes actions based on risk assessment inspired by the human immune system. All of the threat information is defined by STIX expressions and a TAXII server can share this information with foreign organizations. The proposed implementation can successfully be implemented in an IoT scenario, with added security for the “brownfiled” devices.

GLOBAL WARMING: IS A NEW THREAT?

Energy Technology Data Exchange (ETDEWEB)

Ayca Eminoglu

2008-09-30

In the Post Cold War era, the concepts of ''security'', ''national security'', and ''international security'' have changed with regard to their contents and meanings. Such developments made states to renew their national security policies. Security is a special form of politics as well. All security issues are political problems but not all political conflicts are security issues. In the Post Cold War era, differentiating and increasing numbers of elements that constitutes threat changed the concept of threat and widen the capacity of security. In this term, many elements lost its effect of being a threat but also new threatening elements emerged. Environmental problems, human rights, mass migration, micro nationalism, ethnic conflicts, religious fundamentalism, contagious diseases, international terrorism, economic instabilities, drug and weapon smuggling and human trafficking are the new problems emerged in international security agenda. Environmental problems no longer take place in security issues and can be mentioned as a ''low security'' issue. They are threats to the global commons i.e. the oceans, the seas, the ozone layer and the climate system, which are life supports for mankind as a whole. Global warming is one of the most important environmental issues of our day that effects human life in every field and can be defined as a 'serious threat to international security'. Because of global warming, environmental changes will occur and these changes will cause conflicting issues in international relations. Because of global warming dwindling freshwater supplies, food shortages, political instability and other conflicts may take place. Some IR scholars see a need for global cooperation in order to face the threat. At the background of global warming and its effects, states have to get preventive measures and normally, each state form its own measures, therefore as a

Threats to Security Posed by ISIS in Syria: A Human Security Approach

Directory of Open Access Journals (Sweden)

Lee-Ann Louw

2017-02-01

Full Text Available The civil war in Syria coupled with the attacks by ISIS, has resulted in one of the largest humanitarian crises since World War II. Although international efforts have resulted in regaining control of important cities, these military approaches have escalated and inflamed the violence of which innocent civilians bear the consequences. The continuing violence and resulting threats or insecurities negatively affect the lives, freedom, dignity and development of the people to name but a few. For that reason, the aim is to explore the applicability of a human security approach to the conflict in Syria that focuses on, among other aspects, minimising violence, mitigating the effects of the conflict, protecting people, restoring peace and eliminating the grounds that resulted in the development of these conditions in the first place.

An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

Science.gov (United States)

Barrett, Jason R; French, P Edward

2013-01-01

The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

Negotiable Collateral Damage: Civil Liberties Versus National Security in Times of Threat

Science.gov (United States)

2011-06-01

concept of defense. In his influential work, ―A Theory of Human Motivation,‖ published in 1943, Maslow theorized five hierarchical types of needs...rarely changes due to threats to national security; thus, this study does not reference this issue. 7 A. H. Maslow , "A Theory of Human Motivation...Americans living in the Pacific region of the United States. 52 Abraham Lincoln and Thomas Harry

MIGRATORY THREATS TO NATIONAL SECURITY OF UKRAINE: CURRENT CHALLENGES AND WAYS OF REGULATION

Directory of Open Access Journals (Sweden)

Mychailo Romaniuk

2016-11-01

Full Text Available The purpose of the article is to disclose the migratory threats which are connected with external and mass internal inter-regional migrations, which are caused by the annexation of the Crimea and military aggression in Donbas by Russia. Methodological and practical aspects of improving the management of intensive interstate and inter-regional migratory processes, negative consequences of which threaten national security of the country because of hybrid war in Donbas, illegal migration, worsening of the demographic situation, departure of scientists and specialists abroad are described in the article too. The main strategic objective, which consists of maintenance of state sovereignty, territorial integrity of Ukraine, and also integration in European and migratory space, ensuring close to the world standards of quality and length of life, realization of rights and freedoms of citizens, is formulated. Actions and tasks of the state migratory policy, ways and methods of regulation of external migrations of the population are considered. Principal reasons of external migrations of population are identified and analysed. The inwardly-regional, interregional and intergovernmental migrations of population of Ukraine in the years of its state independence (1991- 2014 are analyzed in details. The results of analysis showed that migratory activity goes down on inwardly-regional and interregional levels. Also intensity of exchange of population went down between the regions of country. At the same time Ukraine for years state independence through depopulation processes lost 6,5 million persons, and in the external migratory moving of population of loss made over 1 million persons. The problem of illegal external labour migration is considered. It is noted that illegal migration from Ukraine to the threats to national security in the Law of Ukraine "On the National Security of Ukraine" is not included, and a threat to national security posed by illegal

Deploying Difference: Security Threat Narratives and State Displacement from Protected Areas

Directory of Open Access Journals (Sweden)

Elizabeth Lunstrum

2018-01-01

Full Text Available State actors are increasingly treating protected areas as sites of security threats and policing resident communities as though they are the cause of this insecurity. This is translating into community eviction from protected areas that is authorised by security concerns and logics and hence not merely conservation concerns. We ground this claim by drawing upon empirical work from two borderland conservation areas: Mozambique's Limpopo National Park (LNP and Guatemala's Maya Biosphere Reserve (MBR. In both cases, we show how these security-provoked evictions are authorised by the mobilisation of interlocking axes of difference that articulate notions of territorial trespass with that of a racialised enemy. Rather than a new problem or phenomena, we show how these axes are rooted in prior histories of state actors rendering racialised subjects dangerous, Cold War histories in both cases and a longer colonial history with the LNP. We also show how standing behind these evictions is the nation-state and its practices of protected area territorialisation. From here, we illustrate how the rationale behind displacement from protected areas matters, as evictions become more difficult to contest once they are authorised by security considerations. The cases, however, differ in one key respect. While displacement from the LNP is an instance of conservation-induced displacement (CID, although one re-worked by security considerations, eviction from the MBR is motivated more centrally by security concerns yet takes advantage of protected area legislation. The study hence offers insight into a growing literature on conservation-security encounters and into different articulations of conservation, security, and displacement.

49 CFR 1522.121 - Security threat assessments for personnel of TSA-approved validation firms.

Science.gov (United States)

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security threat assessments for personnel of TSA... FOR ALL MODES OF TRANSPORTATION TSA-APPROVED VALIDATION FIRMS AND VALIDATORS TSA-Approved Validation... for personnel of TSA-approved validation firms. Each of the following must successfully complete a...

Redefining Maritime Security Threats in the Eastern Indian Ocean Region.

Energy Technology Data Exchange (ETDEWEB)

Banerjee, Arjun [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2017-08-01

This occasional paper analyzes the general security issues and trends relating to maritime trafficking of radiological and nuclear material using small vessels, minor ports, and unchecked areas of coastline existing in the Eastern Indian Ocean Region today. By the Eastern Indian Ocean Region is meant the area starting from the tip of the Indian peninsula in the west to the Straits of Malacca in the east. It lays focus on the potential sources of nuclear or radiological material that may be trafficked here. It further undertakes a study of the terrorist groups active in the region as well as the multinational or national interdiction organizations that have been created to counter maritime threats. It also seeks to discern the various technologies for detecting materials of concern available in the area. Finally, it ascertains possible methods and technologies to improve the maritime security system in the region.

DOE site-specific threat assessment

International Nuclear Information System (INIS)

West, D.J.; Al-Ayat, R.A.; Judd, B.R.

1985-01-01

A facility manager faced with the challenges of protecting a nuclear facility against potential threats must consider the likelihood and consequences of such threats, know the capabilities of the facility safeguards and security systems, and make informed decisions about the cost-effectivness of safeguards and security upgrades. To help meet these challenges, the San Francisco Operations Office of the Department of Energy, in conjunction with the Lawrence Livermore Laboratory, has developed a site-specific threat assessment approach and a quantitative model to improve the quality and consistency of site-specific threat assessment and resultant security upgrade decisions at sensitive Department of Energy facilities. 5 figs

Socio-Economic Correlates of Information Security Threats and Controls in Global Financial Services Industry: An Analysis

OpenAIRE

Princely Ifinedo

2015-01-01

Threats to data and information assets of Global Financial Services Industry (GFSI) are ever-present; such problems, if not well understood, could lead to huge negative impact. To some extent, the environment where a business operates does matter for its success. This study presents information about the relationships between selected socio-economic factors and information security threats and controls in the financial services industry. Essentially, it seeks to enrich the information provide...

Coping with global environmental change, disasters and security. Threats, challenges, vulnerabilities and risks

Energy Technology Data Exchange (ETDEWEB)

Brauch, Hans Guenter [Freie Univ. Berlin (Germany). Dept. of Political and Social Sciences; UNU-EHS, Bonn (DE). College of Associated Scientists and Advisors (CASA); Oswald Spring, Ursula [National Univ. of Mexico, Cuernavaca (MX). Regional Multidisciplinary Research Centre (CRIM); Mesjasz, Czeslaw [Cracow Univ. of Exonomics (Poland). Faculty of Management; Grin, John [Amsterdam Univ. (Netherlands). Dept. of Political Science; Dutch Knowledge network for Systems Innovations and Transitions (KSI), Amsterdam (Netherlands); Kameri-Mbote, Patricia [Strathmore Univ., Nairobi (Kenya). Dept. of Law; International Environmental Law Research Centre, Nairobi (Kenya); Chourou, Bechir [Univ. of Tunis-Carthage, Hammam-Chatt (Tunisia); Dunay, Pal [Geneva Centre for Security Policy (Switzerland). International Training Course in Security Policy; Birkmann, Joern (eds.) [United Nations Univ. (UNU), Bonn (DE). Inst. for Environment and Human Security (EHS)

2011-07-01

This policy-focused Global Environmental and Human Security Handbook for the Anthropo-cene (GEHSHA) addresses new security threats, challenges, vulnerabilities and risks posed by global environmental change and disasters. In 6 forewords, 5 preface essays 95 peer reviewed chapcountries analyse in 10 parts concepts of military and political hard security and economic, social, environmental soft security with a regional focus on the Near East, North and Sub-Sahara Africa and Asia and on hazards in urban centres. The major focus is on coping with global environmental change: climate change, desertification, water, food and health and with hazards and strategies on social vulnerability and resilience building and scientific, international, regional and national political strategies, policies and measures including early warning of conflicts and hazards. The book proposes a political geo-ecology and discusses a 'Fourth Green Revolution' for the Anthropocene era of earth history. (orig.)

The Added Value of Medical Testing in Underwriting Life Insurance

NARCIS (Netherlands)

Bronsema, J.; Brouwer, S.; de Boer, M.R.; Groothoff, J.W.

2015-01-01

Background In present-day life-insurance medical underwriting practice the risk assessment starts with a standard health declaration (SHD). Indication for additional medical screening depends predominantly on age and amount of insured capital. From a medical perspective it is questionable whether

46 CFR 308.8 - War risk insurance underwriting agency agreement.

Science.gov (United States)

2010-10-01

... companies or groups of domestic insurance companies authorized to do a marine insurance business in any States of the United States, appointing such companies or groups of companies as Underwriting Agents to... performance, indemnification effective date, amendment and termination, and nondiscrimination. ...

The Impact of Policy Incentives on Long-Term Care Insurance and Medicaid Costs: Does Underwriting Matter?

Science.gov (United States)

Cornell, Portia Y; Grabowski, David C

2018-05-16

To test whether underwriting modifies the effect of state-based incentives on individuals' purchase of long-term care insurance. Health and Retirement Study (HRS), 1996-2012. We estimated difference-in-difference regression models with an interaction of state policy indicators with individuals' probabilities of being approved for long-term care insurance. We imputed probabilities of underwriting approval for respondents in the HRS using a model developed with underwriting decisions from two U.S. insurance firms. We measured the elasticity response to long-term care insurance price using changes in simulated after-tax price as an instrumental variable for premium price. Tax incentives and Partnership programs increased insurance purchase by 3.62 percentage points and 1.8 percentage points, respectively, among those with the lowest risk (highest approval probability). Neither had any statistically significant effects among the highest risk individuals. We show that ignoring the effects of underwriting may lead to biased estimates of the potential state budget savings of long-term care insurance tax incentives. If the private market is to play a role in financing long-term care, policies need to address the underlying adverse selection problems. © Health Research and Educational Trust.

Cyber security information exchange to gain insight into the effects of cyber threats and incidents

NARCIS (Netherlands)

Fransen, F.; Smulders, A.C.M.; Kerkdijk, H.

2015-01-01

The last couple of years we have seen an increase in interests and initiatives in establishing threat intelligence sharing communities, and on the development of standards and platforms for automated cyber security information sharing. These initiatives are focused on helping organisations to

Classification of Device Behaviour in Internet of Things Infrastructures: Towards Distinguishing the Abnormal From Security Threats

OpenAIRE

Ferrando, Roman; Stacey, Paul

2017-01-01

Increasingly, Internet of Things (IoT) devices are being woven into the fabric of our physical world. With this rapidly expanding pervasive deployment of IoT devices, and supporting infrastructure, we are fast approaching the point where the problem of IoT based cyber-security attacks is a serious threat to industrial operations, business activity and social interactions that leverage IoT technologies. The number of threats and successful attacks against connected systems using IoT devices an...

12 CFR 614.4150 - Lending policies and loan underwriting standards.

Science.gov (United States)

2010-01-01

... determining that an applicant has the operational, financial, and management resources necessary to repay the debt from cashflow (2) That are appropriate for each loan program and the institution's risk-bearing... loan underwriting standards. Under the policies of its board, each institution shall adopt written...

The Human Threat to River Ecosystems at the Watershed Scale: An Ecological Security Assessment of the Songhua River Basin, Northeast China

Directory of Open Access Journals (Sweden)

Yuan Shen

2017-03-01

Full Text Available Human disturbances impact river basins by reducing the quality of, and services provided by, aquatic ecosystems. Conducting quantitative assessments of ecological security at the watershed scale is important for enhancing the water quality of river basins and promoting environmental management. In this study, China’s Songhua River Basin was divided into 204 assessment units by combining watershed and administrative boundaries. Ten human threat factors were identified based on their significant influence on the river ecosystem. A modified ecological threat index was used to synthetically evaluate the ecological security, where frequency was weighted by flow length from the grids to the main rivers, while severity was weighted by the potential hazard of the factors on variables of river ecosystem integrity. The results showed that individual factors related to urbanization, agricultural development and facility construction presented different spatial distribution characteristics. At the center of the plain area, the provincial capital cities posed the highest level of threat, as did the municipal districts of prefecture-level cities. The spatial relationships between hot spot locations of the ecological threat index and water quality, as well as the distribution areas of critically endangered species, were analyzed. The sensitivity analysis illustrated that alteration of agricultural development largely changed the ecological security level of the basin. By offering a reference for assessing ecological security, this study can enhance water environmental planning and management.

A Pilot Examination of the Methods Used to Counteract Insider Threat Security Risks Associated with the Use of Radioactive Materials in the Research and Clinical Setting.

Science.gov (United States)

Tsenov, B G; Emery, R J; Whitehead, L W; Gonzalez, J Reingle; Gemeinhardt, G L

2018-03-01

While many organizations maintain multiple layers of security control methodologies to prevent outsiders from gaining unauthorized access, persons such as employees or contractors who have been granted legitimate access can represent an "insider threat" risk. Interestingly, some of the most notable radiological events involving the purposeful contamination or exposure of individuals appear to have been perpetrated by insiders. In the academic and medical settings, radiation safety professionals focus their security efforts on (1) ensuring controls are in place to prevent unauthorized access or removal of sources, and (2) increasing security controls for the unescorted accessing of large sources of radioactivity (known as "quantities of concern"). But these controls may not completely address the threat insiders represent when radioactive materials below these quantities are present. The goal of this research project was to characterize the methodologies currently employed to counteract the insider security threat for the misuse or purposeful divergence of radioactive materials used in the academic and medical settings. A web-based survey was used to assess how practicing radiation safety professionals in academic and medical settings anticipate, evaluate, and control insider threat security risks within their institutions. While all respondents indicated that radioactive sources are being used in amounts below quantities of concern, only 6 % consider insider threat security issues as part of the protocol review for the use of general radioactive materials. The results of this survey identify several opportunities for improvement for institutions to address security gaps.

20 CFR 726.202 - Who may underwrite an operator's liability.

Science.gov (United States)

2010-04-01

... 20 Employees' Benefits 3 2010-04-01 2010-04-01 false Who may underwrite an operator's liability. 726.202 Section 726.202 Employees' Benefits EMPLOYMENT STANDARDS ADMINISTRATION, DEPARTMENT OF LABOR FEDERAL COAL MINE HEALTH AND SAFETY ACT OF 1969, AS AMENDED BLACK LUNG BENEFITS; REQUIREMENTS FOR COAL...

Climate change, nuclear risks and nuclear disarmament. From security threats to sustainable peace

Energy Technology Data Exchange (ETDEWEB)

Scheffran, Juergen [Hamburg Univ. (Germany). Research Group Climate Change and Security

2009-07-01

In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security

Climate change, nuclear risks and nuclear disarmament. From security threats to sustainable peace

International Nuclear Information System (INIS)

Scheffran, Juergen

2009-01-01

In the future, nuclear and climate risks may interfere with each other in a mutually enforcing way. Con-flicts induced by climate change could contribute to global insecurity and create more incentives for states to rely on military force, including nuclear weapons. Rather than being a direct cause of war, cli-mate change significantly affects the delicate balance between social and environmental systems in a way that could undermine human security and societal stability with potentially grave consequences for international security. Increased reliance on nuclear energy to reduce carbon emissions will contribute to the risks of nuclear proliferation. A renewed nuclear arms race would consume considerable resources and undermine the conditions for tackling the problem of climate change in a cooperative manner. Nuclear war itself would severely destabilize human societies and the environment, not to speak of the possibility of a nuclear winter that would disrupt the atmosphere. On the other hand, finding solutions to one problem area could help to find solutions in the other. Pre-venting the dangers of climate change and nuclear war requires an integrated set of strategies that ad-dress the causes as well as the impacts on the natural and social environment. Institutions are needed to strengthen common, ecological and human security, build and reinforce conflict-resolution mechanisms and low-carbon energy alternatives, and create sustainable lifecycles that respect the capabilities of the living world. This article examines the linkages between nuclear and climate risks, identifies areas where both threats converge, and offers an approach to move from living under these security threats to building sustain-able peace. By bringing to light the multidimensional interplay between climate change, nuclear risks and nuclear disarmament, this study aims to help the reader grasp their interconnectedness and recognize its critical implications for the strategic security

Insider Threat to Computer Security at Nuclear Facilities

Energy Technology Data Exchange (ETDEWEB)

West, Rebecca Lynn [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

2018-01-29

After completing this session, you should be able to: Describe the Insider Threat; Characterize the cyber insider threat; Describe preventive measures against the insider threat; Describe protective measures against the insider threat.

12 CFR 616.6300 - Leasing policies, procedures, and underwriting standards.

Science.gov (United States)

2010-01-01

... property and associated risks; (e) Property tax and sales tax reporting; (f) Title and ownership of leased... engaged in lease underwriting must adopt a written policy (or policies). Management, at the direction of the board, must develop procedures that reflect lease practices that control risk and comply with all...

Combining Trust and Behavioral Analysis to Detect Security Threats in Open Environments

Science.gov (United States)

2010-11-01

behavioral feature values. This would provide a baseline notional object trust and is formally defined as follows: TO(1)[0, 1] = ∑ 0,n:νbt wtP (S) (8...TO(2)[0, 1] = ∑ wtP (S) · identity(O,P ) (9) 28- 12 RTO-MP-IST-091 Combining Trust and Behavioral Analysis to Detect Security Threats in Open...respectively. The wtP weight function determines the significance of a particular behavioral feature in the final trust calculation. Note that the weight

Threats or threads: from usable security to secure experience

DEFF Research Database (Denmark)

Bødker, Susanne; Mathiasen, Niels Raabjerg

2008-01-01

While the domain of security dependent technologies brings new challenges to HCI research it seems that the results and breakthroughs of HCI have not been used in design of security dependent technologies. With exceptions, work in the research field of usable security may be criticized for focusing...... mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security...... dependent technologies. We apply McCarthy & Wright's [12] experience framework to the security domain and our collected stories. We point out that there are significant differences between being secure and having a secure experience, and conclude that classical usable security, focus on people's immediate...

A Biological Security Motivation System for Potential Threats: Are There Implications for Policy-Making?

Directory of Open Access Journals (Sweden)

Erik Z Woody

2013-09-01

Full Text Available Research indicates that there is a specially adapted, hard-wired brain circuit, the security motivation system, which evolved to manage potential threats, such as the possibility of contamination or predation. The existence of this system may have important implications for policy-making related to security. The system is sensitive to partial, uncertain cues of potential danger, detection of which activates a persistent, potent motivational state of wariness or anxiety. This state motivates behaviours to probe the potential danger, such as checking, and to correct for it, such as washing. Engagement in these behaviours serves as the terminating feedback for the activation of the system. Because security motivation theory makes predictions about what kinds of stimuli activate security motivation and what conditions terminate it, the theory may have applications both in understanding how policy-makers can best influence others, such as the public, and also in understanding the behavior of policy-makers themselves.

Simulating the Adaptive Mechanisms to Reduce the Risks of Occurence of Threats to the Economic Security of Enterprise

Directory of Open Access Journals (Sweden)

Glushchevsky Vyacheslav V.

2017-09-01

Full Text Available The article is concerned with addressing the topical problem of effectively countering real and potential threats to economic security of enterprises and reducing the risks of their occurrence. The article is aimed at simulating the adaptive mechanisms to counteract external influences on the marketing component of enterprise’s economic security and developing a system of measures for removing threats to price destabilization of its orders portfolio based on a modern economic-mathematical instrumentarium. The common causes of the threats occurrence related to the price policy of enterprise and the tactics of the contractual processes with the business partners have been explored. Hidden reserves for price maneuvering in concluding contracts with customers have been identified. An algorithmic model for an adaptive pricing task in terms of an assortment of industrial enterprise has been built. On the basis of this model, mechanisms have been developed to counteract the threats of occurrence and aggravation of a «price conflict» between the producing enterprise and the potential customers of its products, and to advise on how to remove the risks of their occurrence. Prospects for using the methodology together with the instrumentarium for economic-mathematical modeling in terms of tasks of the price risks management have been indicated.

BASIC CONCEPTS OF TAX SECURITY AS PART OF THE FINANCIAL SECURITY OF UKRAINE

Directory of Open Access Journals (Sweden)

Sergiy Golikov

2016-11-01

Full Text Available The purpose of the paper is to examine the essence of the term «tax security», its fundamental characteristics, such as threats, risks, interests and protection, defined how the state could provide them. The paper analyses economic, social and legal nature of the term. Key indicators of tax security of Ukraine identified and analyzed. In addition, the paper studies an integrated approach of tax security threats. In case of a big amount of threats, they divided to four main sources of threats: the state of the national economy, the state of the public finances, social features of the society and institutional environment. For each source, there have been identified and analyzed the most important factors of threats of tax security of Ukraine. Methodology. The survey based on an analysis of existing studies of Ukrainian and foreign scientists about the essence and nature of "tax security" for the last 10 years. In addition, to determine the essence and the concept, goals and objectives, methods and principles of the economic nature of the tax security, main risks, threats, expectations and results of efficient tax security identified. To build an integrated approach it is necessary to analyse all existing and potential factors of threats. There data used from reports of the State Statistics Service of Ukraine, Ministry of Economic Development and Trade of Ukraine, PWC and World Bank. Results of the survey showed that tax security is such a condition of tax security, when the process of harmonization of taxation provided under effective management of risks and threats that arise in tax area, by taking the necessary measures by the executive bodies to meet the interests of the state, society and taxpayers (business entities, organizations, people. Integrated approach of threats analysis of tax security shows that the most dangerous threats are those that are associated with poor economic development, considerable socio-economic stratification of

Threats to security and ischaemic heart disease deaths: the case of homicides in Mexico.

Science.gov (United States)

Lee, Eileen H; Bruckner, Tim A

2017-02-01

Ischaemic heart disease (IHD) ranks as the leading cause of death worldwide. Whereas much attention focuses on behavioural and lifestyle factors, less research examines the role of acute, ambient stressors. An unprecedented rise in homicides in Mexico over the past decade and the attendant media coverage and publicity have raised international concern regarding its potential health sequelae. We hypothesize that the rise in homicides in Mexico acts as an ecological threat to security and elevates the risk of both transient ischaemic events and myocardial infarctions, thereby increasing IHD deaths. We applied time-series methods to monthly counts of IHD deaths and homicides in Mexico for 156 months spanning January 2000 to December 2012. Methods controlled for strong temporal patterns in IHD deaths, the unemployment rate and changes in the population size at risk. After controlling for trend and seasonality in IHD deaths, a 1-unit increase in the logged count of homicides coincides with a 7% increase in the odds of IHD death in that same month (95% confidence interval: 0.04 - 0.10). Inference remains robust to additional sensitivity checks, including a state-level fixed effects analysis. Our findings indicate that the elevated level of homicides in Mexico serves as a population-level stressor that acutely increases the risk of IHD death. This research adds to the growing literature documenting the role of ambient threats, or perceived threats, to security on cardiovascular health. © The Author 2016; all rights reserved. Published by Oxford University Press on behalf of the International Epidemiological Association

Risk perception and environmental health concerns in conditions of social security threat

International Nuclear Information System (INIS)

Kolarova, D.

1998-01-01

Full text of publication follows: this study explores the connection between the perception of different societal risk, health concerns and behavioral attitudes of people in condition of social security threat. Two small and two big industrial towns were chosen in order to observe the social and psychological price of the structural changes in the industry such as unemployment and its reflection on the households and the individuals' social attitudes. Key stakeholders were interviewed and questionnaire survey was carried out. The results showed high level of risk sensitivity and health concerns when people felt threatened by lack of social and economic security. The pollution was found to be important problem when it caused direct and obvious risk to human health and the environment. In the same time reverse environmental behavior like insensitiveness and neglectful attitude was observed in cases when the health consequences of the pollution were perceived to be unclear and with delayed effect. In situation of a great socio-economic threat noninvolvement helped the individuals to adapt. The research proved the influence of several risk characteristics on risk perception. It was found a connection between the risk perception and risk controllability, voluntariness of exposure and cost/benefits distribution. In the study areas respondents' judgments on these characteristics reflected directly their social status and material state. The study presented here is in progress - it i's supported by research grant from Open Society Foundation. (author)

Smart Secure Homes: A Survey of Smart Home Technologies that Sense, Assess, and Respond to Security Threats.

Science.gov (United States)

Dahmen, Jessamyn; Cook, Diane J; Wang, Xiaobo; Honglei, Wang

2017-08-01

Smart home design has undergone a metamorphosis in recent years. The field has evolved from designing theoretical smart home frameworks and performing scripted tasks in laboratories. Instead, we now find robust smart home technologies that are commonly used by large segments of the population in a variety of settings. Recent smart home applications are focused on activity recognition, health monitoring, and automation. In this paper, we take a look at another important role for smart homes: security. We first explore the numerous ways smart homes can and do provide protection for their residents. Next, we provide a comparative analysis of the alternative tools and research that has been developed for this purpose. We investigate not only existing commercial products that have been introduced but also discuss the numerous research that has been focused on detecting and identifying potential threats. Finally, we close with open challenges and ideas for future research that will keep individuals secure and healthy while in their own homes.

Security an introduction

CERN Document Server

Purpura, Philip P

2011-01-01

Section I The History and Profession of SecurityDefinition, Role, and History of Security Security Defined The Contexts of Security The Roles of Security The History of Security Security in an Environment of Threats, Terrorism, and All-Hazards Threats and Hazards Terrorism National Strategies The Profession and Business of Security The Business of Security Professionalism and Security Associations Ethics Regulation of the Security Industry Security Training Higher Education Careers Section II Protecting People and AssetsSecurity Methodology Methodology Defined Security Business Proposals Secur

Radiological Threat Reduction (RTR) program: implementing physical security to protect large radioactive sources worldwide

International Nuclear Information System (INIS)

Lowe, Daniel L.

2004-01-01

The U.S. Department of Energy's Radiological Threat Reduction (RTR) Program strives to reduce the threat of a Radiological Dispersion Device (RDD) incident that could affect U.S. interests worldwide. Sandia National Laboratories supports the RTR program on many different levels. Sandia works directly with DOE to develop strategies, including the selection of countries to receive support and the identification of radioactive materials to be protected. Sandia also works with DOE in the development of guidelines and in training DOE project managers in physical protection principles. Other support to DOE includes performing rapid assessments and providing guidance for establishing foreign regulatory and knowledge infrastructure. Sandia works directly with foreign governments to establish cooperative agreements necessary to implement the RTR Program efforts to protect radioactive sources. Once necessary agreements are in place, Sandia works with in-country organizations to implement various security related initiatives, such as installing security systems and searching for (and securing) orphaned radioactive sources. The radioactive materials of interest to the RTR program include Cobalt 60, Cesium 137, Strontium 90, Iridium 192, Radium 226, Plutonium 238, Americium 241, Californium 252, and Others. Security systems are implemented using a standardized approach that provides consistency through out the RTR program efforts at Sandia. The approach incorporates a series of major tasks that overlap in order to provide continuity. The major task sequence is to: Establish in-country contacts - integrators, Obtain material characterizations, Perform site assessments and vulnerability assessments, Develop upgrade plans, Procure and install equipment, Conduct acceptance testing and performance testing, Develop procedures, and Conduct training. Other tasks are incorporated as appropriate and commonly include such as support of reconfiguring infrastructure, and developing security

Improving Insider Threat Training Awareness and Mitigation Programs at Nuclear Facilities.

Energy Technology Data Exchange (ETDEWEB)

Abbott, Shannon [Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

2017-06-01

In recent years, insider threat programs have become an important aspect of nuclear security, and nuclear security training courses. However, many nuclear security insider threat programs fail to address the insider threat attack and monitoring potential that exists on information technology (IT) systems. This failure is critical because of the importance of information technology and networks in today’s world. IT systems offer an opportunity to perpetrate dangerous insider attacks, but they also present an opportunity to monitor for them and prevent them. This paper suggests a number of best practices for monitoring and preventing insider attacks on IT systems, and proposes the development of a new IT insider threat tabletop that can be used to help train nuclear security practitioners on how best to implement IT insider threat prevention best practices. The development of IT insider threat best practices and a practical tabletop exercise will allow nuclear security practitioners to improve nuclear security trainings as it integrates a critical part of insider threat prevention into the broader nuclear security system.

An integrative approach to threat assessment and management: security and mental health response to a threatening client.

Science.gov (United States)

Farkas, Gary M; Tsukayama, John K

2012-01-01

Workplace violence threat assessment and management practices represent an interdisciplinary approach to the diversion of potentially dangerous employees and clients. This case study illustrates such an intervention in a complex situation involving a social service agency and its client. Following a curtailment of services and an arrest, the client developed an escalating homicidal anger toward the agency administrator. Once a Tarasoff warning was received, the agency contacted a security company who organized a threat assessment and management plan involving interdisciplinary collaboration. Information developed in the course of the assessment was presented to prosecutors, who facilitated the client's arrest and involuntary psychiatric commitment until he was judged to be no longer dangerous. This case ultimately involved an integration of the services of security, law enforcement, mental health professionals, prosecutors, the courts and the state mental health system in leading to a successful diversion of the client from a path of intended violence.

76 FR 70207 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Granting Approval of...

Science.gov (United States)

2011-11-10

... Change Regarding Professional Qualifications and Information Concerning Associated Persons November 3... proposed rule change consisting of amendments to Rule G-3, on professional qualifications, and Rule G-7, on.... Underwriting, trading or sales of municipal securities; 2. Financial advisory or consultant services for...

National Cyber Security Policy

Indian Academy of Sciences (India)

National Cyber Security Policy. Salient Features: Caters to ... Creating a secure cyber ecosystem. Creating an assurance framework. Encouraging Open Standards. Strengthening the Regulatory framework. Creating mechanisms for security threat early warning, vulnerability management and response to security threats.

THE CYBER THREAT AND THE PROBLEM OF INFORMATION SECURITY - A critical analysis of the concepts of cyber-power and cyber-space

Directory of Open Access Journals (Sweden)

Sebastian SÂRBU

2017-06-01

Full Text Available In this paper we approached from a researcher’s angle and analyzed the concepts of cyber-space, cyber-power from the security school perspective, from that of the international organizations, and from the civil society point of view. Therefore we referred to the documents and the international initiatives concerning the security of data transfer in the context of the current threats against cybernetic security on the one hand, and its interpretation as a threat to the values, rights and democratic freedoms of the civil society, on the other. The risk society is defined both through the grid of political sociology, of the Copenhagen school, as a key element of reference in this case, as well as through the necessity to build a safe cyber space, here being scrutinized in a value-based antithesis between terror and democracy / freedom of speech.

Game Theoretic Risk Analysis of Security Threats

CERN Document Server

Bier, Vicki M

2008-01-01

Introduces reliability and risk analysis in the face of threats by intelligent agents. This book covers applications to networks, including problems in both telecommunications and transportation. It provides a set of tools for applying game theory TO reliability problems in the presence of intentional, intelligent threats

Recent advances to address European Union Health Security from cross border chemical health threats.

Science.gov (United States)

Duarte-Davidson, R; Orford, R; Wyke, S; Griffiths, M; Amlôt, R; Chilcott, R

2014-11-01

The European Union (EU) Decision (1082/2013/EU) on serious cross border threats to health was adopted by the European Parliament in November 2013, in recognition of the need to strengthen the capacity of Member States to coordinate the public health response to cross border threats, whether from biological, chemical, environmental events or events which have an unknown origin. Although mechanisms have been in place for years for reporting cross border health threats from communicable diseases, this has not been the case for incidents involving chemicals and/or environmental events. A variety of collaborative EU projects have been funded over the past 10 years through the Health Programme to address gaps in knowledge on health security and to improve resilience and response to major incidents involving chemicals. This paper looks at the EU Health Programme that underpins recent research activities to address gaps in resilience, planning, responding to and recovering from a cross border chemical incident. It also looks at how the outputs from the research programme will contribute to improving public health management of transnational incidents that have the potential to overwhelm national capabilities, putting this into context with the new requirements as the Decision on serious cross border threats to health as well as highlighting areas for future development. Crown Copyright © 2014. Published by Elsevier Ltd. All rights reserved.

SIP threats detection system

OpenAIRE

Vozňák, Miroslav; Řezáč, Filip

2010-01-01

The paper deals with detection of threats in IP telephony, the authors developed a penetration testing system that is able to check up the level of protection from security threats in IP telephony. The SIP server is a key komponent of VoIP infrastructure and often becomes the aim of attacks and providers have to ensure the appropriate level of security. We have developed web-based penetration system which is able to check the SIP server if can face to the most common attacks.The d...

Cyber Threats to Nuclear Infrastructures

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson; Paul Moskowitz; Mark Schanfein; Trond Bjornard; Curtis St. Michel

2010-07-01

Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

Cyber Threats to Nuclear Infrastructures

International Nuclear Information System (INIS)

Anderson, Robert S.; Moskowitz, Paul; Schanfein, Mark; Bjornard, Trond; St. Michel, Curtis

2010-01-01

Nuclear facility personnel expend considerable efforts to ensure that their facilities can maintain continuity of operations against both natural and man-made threats. Historically, most attention has been placed on physical security. Recently however, the threat of cyber-related attacks has become a recognized and growing world-wide concern. Much attention has focused on the vulnerability of the electric grid and chemical industries to cyber attacks, in part, because of their use of Supervisory Control and Data Acquisition (SCADA) systems. Lessons learned from work in these sectors indicate that the cyber threat may extend to other critical infrastructures including sites where nuclear and radiological materials are now stored. In this context, this white paper presents a hypothetical scenario by which a determined adversary launches a cyber attack that compromises the physical protection system and results in a reduced security posture at such a site. The compromised security posture might then be malevolently exploited in a variety of ways. The authors conclude that the cyber threat should be carefully considered for all nuclear infrastructures.

Non-Traditional Security Threats in the Border Areas: Terrorism, Piracy, Environmental Degradation in Southeast Asian Maritime Domain

Science.gov (United States)

Dabova, E. L.

2013-11-01

In addition to facilitating peaceful trade and economic development, sovereign territory, territorial waters and international waters are being used by various criminal groups that pose threats to governments, businesses and civilian population in Southeast Asia. Nonstate criminal maritime activities were not receiving appropriate attention as they were overshadowed by traditional military security challenges. Yet more and more frequently, the non-traditional actors challenge lines of communication, jeopardize access to strategic resources, complicate traditional defence tasks, and harm the environment. Understanding the nature of non-traditional threats, and the ways to combat them, requires international legal, historical and political science analysis within a united problem-oriented approach. A fair critique to pure interest, power and knowledge -based theories of regime formation was developed by E.K. Leonard's1, who explained the evolution of the international system from the global governance perspective. The present study is based on the premise that pure nation-state approaches are incapable of providing a theoretical ground for addressing the growing influence of international criminal networks in South East Asia. From an international relations theory perspective, the author of this study agrees with D.Snidal2 that the hegemonic stability theory has "limits" and is insufficient in describing modern challenges to sustainable international security regime, including non-traditional threats, where collective action is more efficient from an interest and capability standpoint. At the same time the author of this study does not share the viewpoint on "marginalization"3 of international law in current international order due to its fragmentation and regionalization4 and "global power shifts"5 . The United Nations, as a global institution at the top of the vertical hierarchy of international legal order, and the EU as an example of "self-contained" regime along

26 CFR 1.823-6 - Determination of statutory underwriting income or loss.

Science.gov (United States)

2010-04-01

... TREASURY (CONTINUED) INCOME TAX (CONTINUED) INCOME TAXES Mutual Insurance Companies (other Than Life and Certain Marine Insurance Companies and Other Than Fire Or Flood Insurance Companies Which Operate on Basis... statutory underwriting income or loss for the taxable year, a mutual insurance company subject to the tax...

The Added Value of Medical Testing in Underwriting Life Insurance.

Directory of Open Access Journals (Sweden)

Jan Bronsema

Full Text Available In present-day life-insurance medical underwriting practice the risk assessment starts with a standard health declaration (SHD. Indication for additional medical screening depends predominantly on age and amount of insured capital. From a medical perspective it is questionable whether there is an association between the level of insured capital and medical risk in terms of mortality. The aim of the study is to examine the prognostic value of parameters from the health declaration and application form on extra mortality based on results from additional medical testing.A history register-based cohort study was conducted including about 15.000 application files accepted between 2007 and 2010. Blood pressure, lipids, cotinine and glucose levels were used as dependent variables in logistic regression models. Resampling validation was applied using 250 bootstrap samples to calculate area under the curves (AUC's. The AUC was used to discriminate between persons with and without at least 25% extra mortality.BMI and the overall assessment of the health declaration by an insurance physician or medical underwriter showed the strongest discrimination in multivariable analysis. Including all variables at minimum cut-off levels resulted in an AUC of 0.710 while by using a model with BMI, the assessment of the health declaration and gender, the AUC was 0.708. Including all variables at maximum cut-off levels lead to an AUC of 0.743 while a model with BMI, the assessment of the health declaration and age resulted in an AUC of 0.741.The outcome of this study shows that BMI and the overall assessment of the health declaration were the dominant variables to discriminate between applicants for life-insurance with and without at least 25 percent extra mortality. The variable insured capital set by insurers as factor for additional medical testing could not be established in this study population. The indication for additional medical testing at underwriting life

Pattern and security requirements engineering-based establishment of security standards

CERN Document Server

Beckers, Kristian

2015-01-01

Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standard

24 CFR 573.5 - Underwriting standards and availability of loan guarantee assistance.

Science.gov (United States)

2010-04-01

... acceptable financial risk under HUD's generally applicable loan underwriting standards based on the following: (1) The Borrower's ability to pay debt service; and (2) The value of the collateral assigned or... insufficient to make the guarantee an acceptable financial risk, or if the proposed interest rates or fees are...

Smart grid security

CERN Document Server

Goel, Sanjay; Papakonstantinou, Vagelis; Kloza, Dariusz

2015-01-01

This book on smart grid security is meant for a broad audience from managers to technical experts. It highlights security challenges that are faced in the smart grid as we widely deploy it across the landscape. It starts with a brief overview of the smart grid and then discusses some of the reported attacks on the grid. It covers network threats, cyber physical threats, smart metering threats, as well as privacy issues in the smart grid. Along with the threats the book discusses the means to improve smart grid security and the standards that are emerging in the field. The second part of the b

The Threat Among Us: Insiders Intensify Aviation Terrorism

Energy Technology Data Exchange (ETDEWEB)

Krull, Katie E. [Pacific Northwest National Lab. (PNNL), Richland, WA (United States)

2016-08-19

Aviation terrorism is powerful and symbolic, and will likely remain a staple target for terrorists aiming to inflict chaos and cause mass casualties similar to the 9/11 attacks on the U.S. The majority of international and domestic aviation terrorist attacks involves outsiders, or people who do not have direct access to or affiliation with a target through employment. However, several significant attacks and plots against the industry involved malicious employees motivated by suicide or devotion to a terrorist organization. Malicious insiders’ access and knowledge of aviation security, systems, networks, and infrastructure is valuable to terrorists, providing a different pathway for attacking the industry through the insider threat. Indicators and warnings of insider threats in these cases exist, providing insight into how security agencies, such as the Transportation Security Administration, can better predict and identify insider involvement. Understanding previous aviation insider threat events will likely aid in stimulating proactive security measures, rather than reactive responses. However, similar to traditional airport security measures, there are social, political, and economic challenges in protecting against the insider threat, including privacy concerns and cost-benefit analysis.

The application of nuclear and national security safeguard strategies to the insider threat in the private sector

International Nuclear Information System (INIS)

Campbell, G.K.

1991-01-01

This paper reports that the insider threat in commercial enterprises represents multi-billion dollar losses on an annual basis. While much of this experience is in low value, theft-related shrinkage, there are a growing number of organizations where the loss or compromise of critical assets or interruption of vital systems cannot be tolerated. In very real ways, the survival of the organization may turn on the hostile acts of knowledgeable insiders. The nuclear and National security information operations environments represents a baseline of experience from which the corporate world can draw for cost-effective, alternative approaches to this threat. However, it is equally clear that there are a variety of subtle and obvious constraints imposed by the private sector's mission, service delivery, lifestyle and cost-benefit requirements which dictate careful planning and user involvement in safeguards development and application. Where protection of our National security assets are grounded in a consequence-driven set of policies and standards, the private sector is often subject to the lack of a similar (but directly analogous) policy foundation

Assessing Psycho-Social Resilience in Diplomatic, Civilian & Military Personnel Serving in a High-Threat Security Environment during Counter-Insurgency and Counter-Terrorism Operations in Iraq

Directory of Open Access Journals (Sweden)

Anne Speckhard

2012-08-01

Full Text Available Currently thousands of military, diplomatic and civilian personnel are deployed under NATO, UN, and other multi-national, as well as national auspices in high-threat security environments, including active conflict zones such as Iraq and Afghanistan.  Soldiers are generally well trained and prepared psychologically to face armed conflict. Civilian contractors and diplomats, on the other hand, often are not.  Moreover in today’s high-threat security environments terrorists, insurgents and even child soldiers may be the opposing force, creating a more uncertain and anxiety provoking environment and more difficult to identify security threat. These facts have serious implications for the psycho-social resilience of diplomatic, civilian and military personnel deployed in such environments.  This article investigates psycho-social resilience in a small exploratory sample of US embassy staff, contractors and US forces serving in Iraq during 2007, a time when Improvised Explosive Devices (IEDs, roadside bombings, mortar attacks, kidnappings, murders and sniper fire were an everyday occurrence in Iraq.

FRAUDULENT TRANSACTIONS WITH BANK PLASTIC CARDS AS A THREAT TO ECONOMIC SECURITY IN THE BANKING SPHERE

Directory of Open Access Journals (Sweden)

Elena V. Ilinich

2013-01-01

Full Text Available Banks active development of cashless payments by plastic cards, the growing number of fraudulent transactions and the damage they cause, create new challenges and threats to economic security in the sphere of banking activity. The latest information technologies are active used by organized crime groups, the methods of committing crimes are changing and are not yet adequately reflected by banks and law enforcement agencies.

The potential distribution of cassava mealybug (Phenacoccus manihoti, a threat to food security for the poor.

Directory of Open Access Journals (Sweden)

Tania Yonow

Full Text Available The cassava mealybug is a clear and present threat to the food security and livelihoods of some of the world's most impoverished citizens. Niche models, such as CLIMEX, are useful tools to indicate where and when such threats may extend, and can assist with planning for biosecurity and the management of pest invasions. They can also contribute to bioeconomic analyses that underpin the allocation of resources to alleviate poverty. Because species can invade and establish in areas with climates that are different from those that are found in their native range, it is essential to define robust range-limiting mechanisms in niche models. To avoid spurious results when applied to novel climates, it is necessary to employ cross-validation techniques spanning different knowledge domains (e.g., distribution data, experimental results, phenological observations. We build upon and update a CLIMEX niche model by Parsa et al. (PloS ONE 7: e47675, correcting inconsistent parameters and re-fitting it based on a careful examination of geographical distribution data and relevant literature. Further, we consider the role of irrigation, the known distribution of cassava production and a targeted review of satellite imagery to refine, validate and interpret our model and results. In so doing, we bring new insights into the potential spread of this invasive insect, enabling us to identify potential bio-security threats and biological control opportunities. The fit of the revised model is improved, particularly in relation to the wet and dry limits to establishment, and the parameter values are biologically plausible and accord with published scientific literature.

Economic security of the Russian Federation: current status, level and threats

Directory of Open Access Journals (Sweden)

V. V. Grigoryeva

2017-01-01

Full Text Available The problems of national and economic security maintenanceis aggravating in modern conditions of globalization and international competition related to controlof market channels, technological, information and natural resources.Today Russia is making all efforts to protect its position on the world stage and improve the lives of its citizens.Despite the worsening of the present economic, political and social differences in the world, the Russian Federation has its own national interests, which can be possible to fulfill only on the basis of sustainable development of the national economic security system.The latter traditionally determines the ability of the state economic system to maintain normal conditions for the national economy functioning and the population activity. The national economic securitystabilitycan be estimated only by the application of elaborate tools of the economic development indicators analysis and the threshold values examinationaimed at the determination of the quality characteristic of actual and the most successful model of the economic activity.The analysis of the current Russian economic situation showed the presence of some serious problems existing in the national economy. The economic security level of Russia, having a tendency to increase in the period of 1998-2013, has been sharply reduced to critical points since 2014. So, it is necessary to take some measures to restructure the system of economic security of the state. Based on the research it was identified the list of the most dangerous threats to the modern Russian economy, which includes: low level of the country industrial production; the economy dependence on goods import and raw materials export; low living standards of the population; the rapid growth of the shadow economy and corruption; the lack of civil science and innovationdevelopment. The main strategic directions for economic security levelincrease in Russia today and in the future are aimed at

Analyzing Cyber-Physical Threats on Robotic Platforms.

Science.gov (United States)

Ahmad Yousef, Khalil M; AlMajali, Anas; Ghalyon, Salah Abu; Dweik, Waleed; Mohd, Bassam J

2018-05-21

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBot TM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications.

Analyzing Cyber-Physical Threats on Robotic Platforms

Directory of Open Access Journals (Sweden)

Khalil M. Ahmad Yousef

2018-05-01

Full Text Available Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications.

Forecast Of International Security Threat Of Russia In 2017

Directory of Open Access Journals (Sweden)

A. O. Bezrukov

2017-01-01

Full Text Available The article analyzes the threats to international security of Russia in 2017. It presents the analysis of the twelve situations, the development of which could have a significant effect on the interests of Russia in the field of international security. There is the most probable scenario for every situation and a list of conditions of its occurrence. The objective of the forecast is reduction of uncertainty of the future and the promotion of reasonable hypotheses about its likely scenarios. The forecast task is to help decision-makers, mentally put yourself in a situation in which realized one of the scenarios for the future and to encourage them to calculate their possible actions. In the preparation of the forecast two scenario analysis tools were used: the allocation of two key variables, the ratio of which determines the spectrum of the analyzed scenarios, and the key events method, which consists of several stages and allows to evaluate the prospect of implementing the scenario observed in real time. Authors conclude that the USA with the new president will be forced to choose between maintaining global posture and keeping order at home, and the EU will be absorbed by internal issues. In 2017 for Russia is important to keep the positive dynamics in the Transatlantic and Grand Eurasia regions, and in the Middle East. For this purpose it is necessary to ignore the provocations – mainly in Europe. The source of a new crisis may be NATO members discouraged by lack of attention to them by the USA or allies of Russia.

78 FR 75238 - Federal Housing Administration (FHA) Risk Management Initiatives: New Manual Underwriting...

Science.gov (United States)

2013-12-11

...-AJ07 Federal Housing Administration (FHA) Risk Management Initiatives: New Manual Underwriting... case numbers assigned on or after a date to be established by Mortgagee Letter following publication of... constrained. FHA played this role in the recent housing crisis, and the volume of FHA insurance increased...

One health security: an important component of the global health security agenda.

Science.gov (United States)

Gronvall, Gigi; Boddie, Crystal; Knutsson, Rickard; Colby, Michelle

2014-01-01

The objectives of the Global Health Security Agenda (GHSA) will require not only a "One Health" approach to counter natural disease threats against humans, animals, and the environment, but also a security focus to counter deliberate threats to human, animal, and agricultural health and to nations' economies. We have termed this merged approach "One Health Security." It will require the integration of professionals with expertise in security, law enforcement, and intelligence to join the veterinary, agricultural, environmental, and human health experts essential to One Health and the GHSA. Working across such different professions, which occasionally have conflicting aims and different professional cultures, poses multiple challenges, but a multidisciplinary and multisectoral approach is necessary to prevent disease threats; detect them as early as possible (when responses are likely to be most effective); and, in the case of deliberate threats, find who may be responsible. This article describes 2 project areas that exemplify One Health Security that were presented at a workshop in January 2014: the US government and private industry efforts to reduce vulnerabilities to foreign animal diseases, especially foot-and-mouth disease; and AniBioThreat, an EU project to counter deliberate threats to agriculture by raising awareness and implementing prevention and response policies and practices.

Secure Transportation Management

International Nuclear Information System (INIS)

Gibbs, P. W.

2014-01-01

Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

75 FR 60171 - Proposed Information Collection (Credit Underwriting Standards and Procedures for Processing VA...

Science.gov (United States)

2010-09-29

... DEPARTMENT OF VETERANS AFFAIRS [OMB Control No. 2900-0521] Proposed Information Collection (Credit Underwriting Standards and Procedures for Processing VA Guaranteed Loans) Activity: Comment Request AGENCY... comment on the proposed collection of certain information by the agency. Under the Paperwork Reduction Act...

78 FR 60379 - Proposed Information Collection (Credit Underwriting Standards and Procedures for Processing VA...

Science.gov (United States)

2013-10-01

... DEPARTMENT OF VETERANS AFFAIRS [OMB Control No. 2900-0521] Proposed Information Collection (Credit Underwriting Standards and Procedures for Processing VA Guaranteed Loans) Activity: Comment Request AGENCY... comment on the proposed collection of certain information by the agency. Under the Paperwork Reduction Act...

Addressing Software Security

Science.gov (United States)

Bailey, Brandon

2015-01-01

Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

Capacity in the energy underwriting market - an overview

International Nuclear Information System (INIS)

Mulhall, L.

1992-01-01

It is important to clarify the different definitions of capacity, and in the insurance business this work has two distinct interpretations. The capacity of a Lloyd's syndicate is described by its ability to write premium income. Of more interest is the maximum ability and willingness of an underwriter, whether Lloyds's or Company, to commit itself to catastrophe loss policies. Or put more simply, what is the size of their line? It is this capacity for covering high value catastrophic exposure or Target Risks that will be discussed using the definition that capacity in this case is: ''The ability of insurance markets to cover any single maximum loss''. (Author)

Cyber security threats in the power sector: Need for a domain specific regulatory framework in India

International Nuclear Information System (INIS)

Ananda Kumar, V.; Pandey, Krishan K.; Punia, Devendra Kumar

2014-01-01

India is poised to spend over USD 5.8 billion as part of the National Smart Grid Mission aimed to alleviate India's ailing power sector as part of its 12th Five year plan (2012–2017). The federal government sponsored Restructured Accelerated Power Development and Reforms Program (R-APDRP) is also focused on building ICT capability in the state electricity boards. Presently however, there is no power sector specific cyber security mandates or policies in India. The Stuxnet, Shamoon and Anonymous incidents have shown that cyber attacks can cause significant damage and pose a risk to National Critical Infrastructure. A lack of security planning as part of designing the Smart grids can potentially leave gaping holes in the country's power sector stability. The paper highlights key cyber security threats across the entire power sector value chain—from generation, to transmission and distribution. It is aimed at building the case for power sector specific cyber security regulations based on the experience of regulators in other critical infrastructure sectors like Banking and Telecom in India and power sector regulations internationally. - Highlights: • Cyber security in power sector is key to protecting national critical infrastructure. • Poor cyber security planning would impact the power sector in India. • A laissez-faire approach to cyber security in power sector may not yield results. • There is a need for power sector specific cyber security regulations

PROSEDUR UNDERWRITING PRODUK ASURANSI KESEHATAN KUMPULAN PADA PT. ASURANSI TAKAFUL KELUARGA

Directory of Open Access Journals (Sweden)

Miftahul Ulum

2016-02-01

Full Text Available Risiko adalah sesuatu yang dapat mengancam aktifitas perusahaan dan dapat menyebabkan gagalnya tujuan. Bagi perusahaan asuransi, risiko adalah ketika terjadi klaim dari peserta. Dengan adanya klaim maka perusahaan akan mengeluarkan sejumlah dana untuk pembayaran klaim tersebut sesuai dengan manfaat yang dijanjikan. Untuk itu, Proses underwriting harus dilakukan dengan cermat dan akurat agar tidak menimbulkan kerugian bagi perusahaan.DOI: 10.15408/aiq.v2i1.2476

Nuclear Security and the Way Forward

International Nuclear Information System (INIS)

Mrabit, Khammar

2013-01-01

Nuclear security has always been taken seriously. There is ample evidence that traditional deterrence does not necessarily obstruct those with malicious intent, who can also operate across borders. This understanding of the threat has highlighted the need to adopt a vigorous approach to protecting nuclear materials, associated facilities and activities in order to strengthen nuclear security worldwide. States recognize that there is a credible threat of nuclear or other radioactive material falling into the wrong hands and that this threat is global. An international legal framework for nuclear security, national nuclear security infrastructures, and the IAEA's leading role are some of the building blocks of an effective international nuclear security framework that contributes to effectively addressing this threat

13 CFR 107.825 - Purchasing securities from an underwriter or other third party.

Science.gov (United States)

2010-01-01

... ADMINISTRATION SMALL BUSINESS INVESTMENT COMPANIES Financing of Small Businesses by Licensees Structuring Licensee's Financing of Eligible Small Businesses: Types of Financing § 107.825 Purchasing securities from... Financing of the Small Business under the Act; or (2) The securities are acquired to finance a change of...

Implementing an Information Security Program

Energy Technology Data Exchange (ETDEWEB)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.; O' Neil, Lori Ross; Leitch, Rosalyn; Johnson, Christopher; Lewis, John G.; Rodger, Robert M.

2017-11-01

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to cover information security best practices, planning for an information security management system, and implementing security controls for information security.

Security systems engineering overview

Science.gov (United States)

Steele, Basil J.

1997-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

75 FR 76082 - Agency Information Collection (Credit Underwriting Standards and Procedures for Processing VA...

Science.gov (United States)

2010-12-07

... DEPARTMENT OF VETERANS AFFAIRS [OMB Control No. 2900-0521] Agency Information Collection (Credit Underwriting Standards and Procedures for Processing VA Guaranteed Loans) Activity Under OMB Review AGENCY... information abstracted below to the Office of Management and Budget (OMB) for review and comment. The PRA...

Securities regulation and implicit penalties

Directory of Open Access Journals (Sweden)

Donghua Chen

2011-06-01

Full Text Available The extant literature offers extensive support for the significant role played by institutions in financial markets, but implicit regulation and monitoring have yet to be examined. This study fills this void in the literature by employing unique Chinese datasets to explore the implicit regulation and penalties imposed by the Chinese government in regulating the initial public offering (IPO market. Of particular interest are the economic consequences of underwriting IPO deals for client firms that violate regulatory rules in China’s capital market. We provide evidence to show that the associated underwriters’ reputations are impaired and their market share declines. We further explore whether such negative consequences result from a market disciplinary mechanism or a penalty imposed by the government. To analyze the possibility of a market disciplinary mechanism at work, we investigate (1 the market reaction to other client firms whose IPO deals were underwritten by underwriters associated with a violation at the time the violation was publicly disclosed and (2 the under-pricing of IPO deals undertaken by these underwriters after such disclosure. To analyze whether the government imposes an implicit penalty, we examine the application processing time for future IPO deals underwritten by the associated underwriters and find it to be significantly longer than for IPO deals underwritten by other underwriters. Overall, there is little evidence to suggest that the market penalizes underwriters for the rule-violating behavior of their client firms in China. Instead, the Chinese government implicitly penalizes them by imposing more stringent criteria on and lengthening the processing time of the IPO deals they subsequently underwrite.

Analyzing Cyber-Physical Threats on Robotic Platforms †

Science.gov (United States)

2018-01-01

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications. PMID:29883403

Study on a Threat-Countermeasure Model Based on International Standard Information

Directory of Open Access Journals (Sweden)

Guillermo Horacio Ramirez Caceres

2008-12-01

Full Text Available Many international standards exist in the field of IT security. This research is based on the ISO/IEC 15408, 15446, 19791, 13335 and 17799 standards. In this paper, we propose a knowledge base comprising a threat countermeasure model based on international standards for identifying and specifying threats which affect IT environments. In addition, the proposed knowledge base system aims at fusing similar security control policies and objectives in order to create effective security guidelines for specific IT environments. As a result, a knowledge base of security objectives was developed on the basis of the relationships inside the standards as well as the relationships between different standards. In addition, a web application was developed which displays details about the most common threats to information systems, and for each threat presents a set of related security control policies from different international standards, including ISO/IEC 27002.

78 FR 4159 - Notice of Proposed Information Collection: Comment Request; Direct Endorsement Underwriter/HUD...

Science.gov (United States)

2013-01-18

... lender's analysis of the appraisal report, identify areas of weakness for future training, and removing lenders that consistently exhibits careless underwriting and subsequently affect the risk to the... information collected is used by FHA to monitor the quality of the lender's analysis of the appraisal report...

Status, progress and plans for the U.S. Department of Energy, National Nuclear Security Administration, Global Threat Reduction Initiative

International Nuclear Information System (INIS)

Bieniawski, Andrew

2005-01-01

This presentation discusses the efforts under the US Department of Energy/National Nuclear Security Administration's Global Threat Reduction Initiative, also known as GTRI. On May 26, 2004, then Secretary of Energy Abraham established GTRI. GTRI is a cooperative program to provide international support for countries' national programs to identify, secure, recover or facilitate the disposition of vulnerable nuclear and radiological materials around the world that pose a potential threat to the international community. The formation of GTRI consolidated a number of nonproliferation programs you may be familiar with that work together to minimize and, to the extent possible, eliminate the use of highly enriched uranium (HEU) in civil nuclear applications worldwide. In particular, the Office of Global Threat Reduction, which was set up to implement GTRI, has oversight of the Reduced Enrichment for Research and Test Reactors program, the Foreign Research Reactor Spent Nuclear Fuel Acceptance program, and the Russian Research Reactor Fuel Return program. This consolidation allows these three programs to work in concert to bring about the elimination of research reactor materials as a source of proliferation concern. This speech is highlighting the work that these programs have undertaken in cooperation with the global research reactor community and the importance placed on fuel development under the RERTR program It contains an update on the work done to support the US - Russian Presidential Bratislava Summit Statement

49 CFR 1544.303 - Bomb or air piracy threats.

Science.gov (United States)

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Bomb or air piracy threats. 1544.303 Section 1544... AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.303 Bomb or air piracy threats. (a) Flight.... (d) Notification. Upon receipt of any bomb threat against the security of a flight or facility, or...

Security of pipeline facilities

Energy Technology Data Exchange (ETDEWEB)

Lee, S.C. [Alberta Energy and Utilities Board, Calgary, AB (Canada); Van Egmond, C.; Duquette, L. [National Energy Board, Calgary, AB (Canada); Revie, W. [Canada Centre for Mineral and Energy Technology, Ottawa, ON (Canada)

2005-07-01

This working group provided an update on provincial, federal and industry directions regarding the security of pipeline facilities. The decision to include security issues in the NEB Act was discussed as well as the Pipeline Security Management Assessment Project, which was created to establish a better understanding of existing security management programs as well as to assist the NEB in the development and implementation of security management regulations and initiatives. Amendments to the NEB were also discussed. Areas of pipeline security management assessment include physical safety management; cyber and information security management; and personnel security. Security management regulations were discussed, as well as implementation policies. Details of the Enbridge Liquids Pipelines Security Plan were examined. It was noted that the plan incorporates flexibility for operations and is integrated with Emergency Response and Crisis Management. Asset characterization and vulnerability assessments were discussed, as well as security and terrorist threats. It was noted that corporate security threat assessment and auditing are based on threat information from the United States intelligence community. It was concluded that the oil and gas industry is a leader in security in North America. The Trans Alaska Pipeline Incident was discussed as a reminder of how costly accidents can be. Issues of concern for the future included geographic and climate issues. It was concluded that limited resources are an ongoing concern, and that the regulatory environment is becoming increasingly prescriptive. Other concerns included the threat of not taking international terrorism seriously, and open media reporting of vulnerability of critical assets, including maps. tabs., figs.

Computer Security: Computer security threats, vulnerabilities and attacks (3/4)

CERN Document Server

CERN. Geneva

2012-01-01

Antonio Perez Perez works in the Computer Security Team doing software development, sysadmin tasks and operations. He is also involved on grid security and does 1st line security support at CERN on ROTA. With the prevalence of modern information technologies and its increasing integration into our daily live, digital systems become more and more playground for evil people. While in the past, attacks were driven by fame& kudos, nowadays money is the motivating factor. Just the recent months have shown several successful attacks against e.g. Sony, PBS, UNESCO, RSAsecurity, Citibank, and others. Credit card information of hundreds of thousands of people got exposed. Affected companies not only lost their assets and data, also their reputation has suffered. Thus, proper computer security measures are essential. Without question, security must even more become an inherent ingredient when developing, deploying, and operating applications, web sites, and computing services. These lectures shall give an ove...

AP1000 Design for Security

International Nuclear Information System (INIS)

Long, L.B.; Cummins, W.E.; Winters, J.W.

2006-01-01

Nuclear power plants are protected from potential security threats through a combination of robust structures around the primary system and other vital equipment, security systems and equipment, and defensive strategy. The overall objective for nuclear power plant security is to protect public health and safety by ensuring that attacks or sabotage do not challenge the ability to safely shutdown the plant or protect from radiological releases. In addition, plants have systems, features and operational strategies to cope with external conditions, such as loss of offsite power, which could be created as part of an attack. Westinghouse considered potential security threats during design of the AP1000 PWR. The differences in plant configuration, safety system design, and safe shutdown equipment between existing plants and AP1000 affect potential vulnerabilities. This paper provides an evaluation of AP1000 with respect to vulnerabilities to security threats. The AP1000 design differs from the design of operating PWRs in the US in the configuration and the functional requirements for safety systems. These differences are intentional departures from conventional PWR designs which simplify plant design and enhance overall safety. The differences between the AP1000 PWR and conventional PWRs can impact vulnerabilities to security threats. The NRC addressed security concerns as part of their reviews for AP1000 Design Certification, and did not identify any security issues of concern. However, much of the detailed security design information for the AP1000 was deferred to the combined Construction and Operating License (COL) phase as many of the security issues are site-specific. Therefore, NRC review of security issues related to the AP1000 is not necessarily complete. Further, since the AP1000 plant design differs from existing PWRs, it is not obvious that the analyses and assessments prepared for existing plants also apply to the AP1000. We conclude that, overall, the AP1000

Cyber Security : Home User's Perspective

OpenAIRE

Ikonen, Mikko

2014-01-01

Cyber security is important to understand for home users. New technology allows for new cyber threats to emerge and new solutions must be considered to counter them. Nearly every device is connected to the Internet and this opens new possibilities and threats to cyber security. This Bachelor's thesis explores the different aspects of cyber security and suggests solutions to different cyber security issues found. The different aspects of cyber security under research here include personal ...

Cyber threat model for tactical radio networks

Science.gov (United States)

Kurdziel, Michael T.

2014-05-01

The shift to a full information-centric paradigm in the battlefield has allowed ConOps to be developed that are only possible using modern network communications systems. Securing these Tactical Networks without impacting their capabilities has been a challenge. Tactical networks with fixed infrastructure have similar vulnerabilities to their commercial counterparts (although they need to be secure against adversaries with greater capabilities, resources and motivation). However, networks with mobile infrastructure components and Mobile Ad hoc Networks (MANets) have additional unique vulnerabilities that must be considered. It is useful to examine Tactical Network based ConOps and use them to construct a threat model and baseline cyber security requirements for Tactical Networks with fixed infrastructure, mobile infrastructure and/or ad hoc modes of operation. This paper will present an introduction to threat model assessment. A definition and detailed discussion of a Tactical Network threat model is also presented. Finally, the model is used to derive baseline requirements that can be used to design or evaluate a cyber security solution that can be scaled and adapted to the needs of specific deployments.

76 FR 81516 - Homeland Security Advisory Council

Science.gov (United States)

2011-12-28

... Transportation Security Administration's (TSA) Frequent Traveler Program; examine evolving threats in cyber... Evolving Threats in Cyber Security. Basis for Closure: In accordance with Section 10(d) of the Federal... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0111] Homeland Security Advisory Council...

The Urban Crisis in Sub-Saharan Africa: A Threat to Human Security and Sustainable Development

Directory of Open Access Journals (Sweden)

Mediel Hove

2013-03-01

Full Text Available Urban centres have existed and have been evolving for many centuries across the world. However, the accelerated growth of urbanisation is a relatively recent phenomenon. The enormous size of urban populations and more significantly, the rapidity with which urban areas have been and are growing in many developing countries have severe social, economic and physical repercussions. This paper argues that the accelerated growth of urbanisation has amplified the demand for key services. However, the provision of shelter and basic services such as water and sanitation, education, public health, employment and transport has not kept pace with this increasing demand. Furthermore, accelerated and poorly managed urbanisation has resulted in various types of atmospheric, land and water pollution thereby jeopardising human security. This paper offers the conclusion that the increased environmental, social and economic problems associated with rapid urbanisation pose a threat to sustainable development, human security and, crucially, peace.

The nuclear threat and the Nuclear Threat Initiative

International Nuclear Information System (INIS)

Curtis, Charles

2001-01-01

Full text: President and chief operating officer of the Nuclear Threat Initiative (NTI), was invited by the IAEA Director General to speak about NTI and its mission at the IAEA Safeguards Symposium. Established by CNN founder Ted Turner and former U.S. Senator Sam Nunn, NTI is a charitable organization working to strengthen global security by reducing the risk of use and preventing the spread of nuclear, biological and chemical weapons. The foundation is global, concentrating not just on the United States, Russia, and other nations of the former Soviet Union, but also on those regions of greatest proliferation concern in Asia and the Middle East. NTI is working to close what it perceives as an increasingly dangerous gap between the threat from nuclear, biological and chemical weapons and the global response. NTI is supported by a pledge from Mr. Turner of at least $250 million over five years, among the largest sums any private individual has ever invested in these security issues. NTI's Board of Directors, an international team of experienced and knowledgeable experts, determines the overall direction of the foundation. (author)

Energy security in Yemen

International Nuclear Information System (INIS)

Torosyan, Emil

2009-09-01

Yemen, situated in the Arab world, has considerable energy resources. However, its history of repeated revolts, civil wars and terrorism and also the presence of the Wahabi movement and al Qaeda in the country constitute security issues for the energy industry and its infrastructure. The aim of this paper is to assess the impact level on the security of the energy sector in Yemen and the effect that the threats to that sector could have on global energy security. Analyses of the political environment, the security threats and the measures taken to respond to these threats have been carried out. Results showed that Yemen's resources are depleting and that the government is having trouble containing the escalation of conflicts; this situation could lead to Yemen's political collapse which could have an important impact on global energy security.

Opening of Offshore Oil Business in Mexico and Associated Framework to Cope with Potential Maritime Security Threats

Directory of Open Access Journals (Sweden)

Adriana Ávila-Zúáiga-Nordfjeld

2018-03-01

Full Text Available After 75 years of State oil monopoly, Mexico performed the first business oil round in 2015 involving the private sector. This auction-round offered 14 oil exploration fields located on the continental shelf to private companies. The development and exploitation of these hydrocarbon fields faces significant challenges regarding security. The economic loss for theft of hydrocarbons through illegal connections to pipelines is estimated to 973 million, 125 thousand U.S. dollar, only for the year of 2014. While productive research has been made, it has mainly focused on transportation systems and basically, pipelines. The development and establishment of policies prioritizing maritime security and protection of critical offshore infrastructure against theft of hydrocarbons, drugs organizations and terror attacks needs to be included in the national agenda to improve maritime security and mitigate potential security threats at sea, including damage to the marine environment. This could increase the trust of investors and stakeholders and would contribute to the faster development of new exploration and production fields. While the International Ship and Port Facility Security Code (ISPS Code is the cornerstone for the construction of the port?s security program and establishes the requirements of the Port Facility Security Plan (PFSP, including oil port facilities, it has not been fully implemented in several important Mexican ports. It is concluded that some important ports lack many of the core security processes, procedures and controls that should be included in any PFSP. This article briefly reviews the situation of the oil industry from a security perspective and discusses key elements of maritime security; addressing the necessity of the inclusion of maritime security and protection of critical oil infrastructure offshore in the national agenda that would provide for future research directions in the maritime security domain and contribute to

76 FR 77865 - Self-Regulatory Organizations; Municipal Securities Rulemaking Board; Order Instituting...

Science.gov (United States)

2011-12-14

... instead require underwriters to have actual knowledge whether an official has the power to bind the issuer... bind the issuer by contract with the underwriter and that, to the knowledge of the underwriter, is not... knowledge to perform the proposed underwriting as of the time the proposal is submitted and must not contain...

The cyber threat, trophy information and the fortress mentality.

Science.gov (United States)

Scully, Tim

2011-10-01

'It won't happen to me' is a prevalent mindset among senior executives in the private and public sectors when considering targeted cyber intrusions. This is exacerbated by the long-term adoption of a 'fortress mentality' towards cyber security, and by the attitude of many of our cyber-security professionals, who speak a different language when it comes to communicating cyber-security events to senior executives. The prevailing approaches to cyber security have clearly failed. Almost every week another serious, targeted cyber intrusion is reported, but reported intrusions are only the tip of the iceberg. Why have we got it so wrong? It must be acknowledged that cyber security is no longer the domain of cyber-security experts alone. Many more of us at various levels of leadership must understand, and be more deeply engaged in, the cyber-security challenge if we are to deal with the threat holistically and effectively. Governments cannot combat the cyber threat alone, particularly the so-called advanced persistent threat; they must work closely with industry as trusted partners. Industry will be the 'boots on the ground' in cyber security, but there are challenges to building this relationship, which must be based on sound principles.

Security systems engineering overview

International Nuclear Information System (INIS)

Steele, B.J.

1996-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.)

77 FR 50929 - Security Zones; 2012 RNC Bridge Security Zones, Captain of the Port St. Petersburg Zone, Tampa, FL

Science.gov (United States)

2012-08-23

... Convention have conducted threat, vulnerability, and risk analyses relating to the event. The convention is... mitigate the threats and vulnerabilities identified in the analysis discussed above. Security measures have... maritime stakeholders, including recreational boaters, from threats and security vulnerabilities. The Coast...

Threats and countermeasures for network security

Science.gov (United States)

Denning, Peter J.

1991-01-01

In the late 1980's, the traditional threat of anonymous break-ins to networked computers was joined by viruses and worms, multiplicative surrogates that carry out the bidding of their authors. Technologies for authentication and secrecy, supplemented by good management practices, are the principal countermeasures. Four articles on these subjects are presented.

A Quantitative Approach to Credit Risk Management in the Underwriting Process for the Retail Portfolio

Directory of Open Access Journals (Sweden)

Andreea Costea

2017-03-01

Full Text Available The core of this paper encloses a mathematical approach of credit risk management, based on a scorecard model used in the bank’s underwriting process. The main purpose of this paper is to present how to develop, validate and apply a rating model in practice. Using 21568 loan applications provided by one of the largest banks from Romania, a scorecard is built for the underwriting purposes. The customer data used in the modeling is based on socio-demographic characteristics. The model is developed according to a set of statistical methods for parameter estimation. A real-life example of how to use such a model in the strategic decisions of a bank is presented. The cut-off score for the acceptance of the applications is calibrated to a potential risk appetite of the main four banks in Romania. From an evaluative perspective, this paper is compatible with an exploratory approach to quantitative research methodology.

Measuring Transnational Organized Crime Threats to US National Security

Science.gov (United States)

2016-05-26

interests. These threats were separate from traditional regional or state-centered threats, and included such diverse issues as terrorism, mass migrations ...organizations as examples of TOC; the Sinaloa Cartel, the Yakuza, the Camorra. This conceptual framework leads to the conclusion that the best way to deal

33 CFR 101.405 - Maritime Security (MARSEC) Directives.

Science.gov (United States)

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC... SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Control Measures for Security § 101.405 Maritime... necessary to respond to a threat assessment or to a specific threat against the maritime elements of the...

Quantifying Security Threats and Their Impact

Energy Technology Data Exchange (ETDEWEB)

Aissa, Anis Ben [University of Tunis, Belvedere, Tunisia; Abercrombie, Robert K [ORNL; Sheldon, Frederick T [ORNL; Mili, Ali [New Jersey Insitute of Technology

2009-01-01

In earlier works, we present a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain as a result of security breakdowns. In this paper we illustrate this infrastructure by means of a sample example involving an e-commerce application.

From flip-flopping stereotypes to desecuritizing hybridity: Muslims as threats and security providers in Danish broadcast drama series

DEFF Research Database (Denmark)

Gad, Ulrik Pram

2017-01-01

by negative stereotypes; another is encouraged by how the very same stereotypes are ironically taken to extremes. Bearing in mind the intimate relation between identity and security, however, the stereotypical representation of difference is never innocent. The overall narratives of Danish public service...... broadcast series such as The Killing, Government and The Protectors rely on stereotypical security policy narratives identifying Muslims as threats. Even when stereotypes are creatively articulated to reverse the negative valuation, Muslim roles are distinctly charged or ‘securitized’ when compared to non......-Muslim roles. However, placing the ‘Muslim’ character centre stage allows a separate level of representation of a distinct role in the way stories articulate stereotypes, facilitating hybrid identities....

Information Security Behavioral Model: Towards Employees' Knowledge and Attitude

OpenAIRE

Mishra, Saurabh; Snehlata, Snehlata; Srivastava, Anjali

2014-01-01

Information Security has become a significant concern for today's organizations. The internal security threats acts as the most curtail type of security threat within an organization. These internal security threats are a result of poor conduct of security behavior by the employees within an organization. If not deal properly, it may hamper the auditing of organization. Auditing plays an important role in the business environment. Before conducting auditing it is essential to examine the beha...

Nuclear proliferation and the potential threat of nuclear terrorism. 8 November 2004, Sydney, Australia, Asia-Pacific Nuclear Safeguards and Security Conference

International Nuclear Information System (INIS)

ElBaradei, M.

2004-01-01

Today, the focus of the world is on nuclear proliferation and the potential threat of nuclear terrorism in Asia and the Pacific, and this address is presenting the perspectives on the challenges IAEA faces, and how the IAEA is working to strengthen nuclear security and the nuclear non-proliferation regime. But one would emphasize at the outset that, while much of our work must begin locally and regionally, we must not forget to think globally, because ultimately the existence of a nuclear threat anywhere is a threat everywhere, and as a global community, we will win or lose this battle together. This presentation, discusses cooperation, assistance, regional and international networks, and the importance of learning from each other. In effect, the focal subject is 'security culture', a mindset that, while providing the impetus for local and regional action, thinks globally and is fully capable of extending across borders. Sixty years ago, on a day in August, the dawn of the Nuclear Age in Asia left nearly a quarter of a million people dead, with two devices considered crude by modern standards. For six decades, we have managed to avoid a repeat of that event, but remain haunted by the prospect. It is my firm belief that we cannot move out from under the shadow of Hiroshima and Nagasaki until we are ready to make that move collectively, and build a system of security that transcends borders, that focuses on the equal value of every human life, and in which nuclear weapons have no place. May it not ultimately be said of our civilization that we created the inventions that led to our own demise

DNS security management

CERN Document Server

Dooley, Michael

2017-01-01

An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC), DNS firewall, server controls, and much more. In addition, the text includes discussions on security applications facilitated by DNS, such as anti-spam, SFP, and DANE.

To the Question on the Nature of Military Threats and Non-Military Responses

Directory of Open Access Journals (Sweden)

Sambu R. Tsyrendorzhjyev

2015-01-01

Full Text Available The notion of "military danger, military threats, military and non-military measures to Parry, and other definitions from the policy of the State to ensure the military security of the now widely used in journalism, conceptual, other documents and research. The attentive reader it is not difficult to notice the ambiguity in the interpretation of these concepts. This makes it difficult to not only the perception of the relevant topics for ensuring military security publications, but also the development of the theory and practice of ensuring the defence and security of the State. The author's view on the essence of the reasoning logic of non-military measures to counter military threats, as the ultimate goal of the article is the following.First the task of analyzing the concept of "national security", "object of national security" and understand the functions of the State, society and the individual to ensure national security. Decomposition of an object of national security, which is "national property" (the content of the concepts described in the article has made it possible to substantiate the basis for classification of national security threats and with better understanding of the nature, variety, Genesis. This provided a rationale for the role and the place of the tasks ensuring military security in the common task of ensuring national security, the correlation of military and non-military threats.The final phase of the research, the results of which are set out in the article is devoted to analysis of military threats, which made it possible to identify their main structural elements: source, media, military-political and strategic nature, install the main factors defining the content of these elements and their interaction. Based on these results, the proposed definition of the essence of non-military measures for counteracting of military threats, as well as guidelines for developing these measures.

49 CFR 1544.305 - Security Directives and Information Circulars.

Science.gov (United States)

2010-10-01

... threat assessment or to a specific threat against civil aviation, TSA issues a Security Directive setting... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT OPERATOR...

Computer Security Handbook

CERN Document Server

Bosworth, Seymour; Whyne, Eric

2012-01-01

The classic and authoritative reference in the field of computer security, now completely updated and revised With the continued presence of large-scale computers; the proliferation of desktop, laptop, and handheld computers; and the vast international networks that interconnect them, the nature and extent of threats to computer security have grown enormously. Now in its fifth edition, Computer Security Handbook continues to provide authoritative guidance to identify and to eliminate these threats where possible, as well as to lessen any losses attributable to them. With seventy-seven chapter

Three Essays on Information Security Policies

Science.gov (United States)

Yang, Yubao

2011-01-01

Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

Initial perspectives on process threat management

International Nuclear Information System (INIS)

Whiteley, James R. Rob; Mannan, M. Sam

2004-01-01

Terrorist and criminal acts are now considered credible risks in the process industries. Deliberate attacks on the nation's petroleum refineries and chemical plants would pose a significant threat to public welfare, national security, and the US economy. To-date, the primary response of government and industry has been on improved security to prevent attacks and the associated consequences. While prevention is clearly preferred, the potential for successful attacks must be addressed. If plant security is breached, the extent of the inflicted damage is determined by the available plant safety systems and procedures. We refer to this 'inside the gate' response as process threat management. The authors have initiated a joint industry/academia study to address: - the level of safety provided by existing plant equipment and safety systems in response to a terrorist act, and; - identification of process (rather than security) needs or opportunities to address this new safety concern. This paper describes the initial perspectives and issues identified by the team at the beginning of the study

Potential risks and threats to international security

Directory of Open Access Journals (Sweden)

Iurie RICHICINSCHI

2016-12-01

Full Text Available Today we can ascertain with certainty that in the early part of the 21st century, the challenges addressed to the current security environment tend to become increasingly diffuse, less predictable and multidimensional, being both a feature of external security, as well as an internal one and, of course, becoming an indispensable part of security policies and strategies. Therefore, the need for international cooperation as a foundation for the stability of the security environment has increased. It should provide a sense of trust and peace by ensuring the absence of danger both for the individual and for the community to which he belongs.

About Security in Contemporary World

Directory of Open Access Journals (Sweden)

Ladislav Hofreiter

2015-06-01

Full Text Available The task to ensure security in contemporary world is a complicated political, scientific-technological and socio-economic problem. As the security itself is complicated, multifactor and hierarchized phenomen also its investigation has to be of an interdisciplinary character. The character of security environment, the character of security risks and threats and also the character of tools for their elimination are essentially changing. The basis to security of social subject consisted in arrangement of the conditions for their existence, to surviving in the present time and advancement into the future. Assurance of this condition means it provided ability to the social subjects to eliminated threats that are defined. In situations of asymmetrical security, the threats are not always clearly defined. They often consist of their own structure systems, in relationships and status the subjects of internationals relations. Asymmetrical of security, by our opinion, presents a discrepancy, unbalance, non-parity between subjects of the international security environment. The unbalance, discrepancy, non-parity has political, military, economic, law, social and societal dimensions.

PBX Security and Forensics A Practical Approach

CERN Document Server

Androulidakis, Iosif I

2013-01-01

PBX Security and Forensics begins with an introduction to PBXs (Private Branch Exchanges) and the scene, statistics and involved actors. This book discusses confidentiality, integrity and availability threats in PBXs. The author examines the threats and the technical background as well as security and Forensics involving PBXs. The purpose of this book is to raise user awareness in regards to security and privacy threats present in PBXs, helping both users and administrators safeguard their systems.

An aviation security (AVSEC) screening demonstrator for the detection of non-metallic threats at 28-33 GHz

Science.gov (United States)

Salmon, Neil A.; Bowring, Nick; Hutchinson, Simon; Southgate, Matthew; O'Reilly, Dean

2013-10-01

The unique selling proposition of millimetre wave technology for security screening is that it provides a stand-off or portal scenario sensing capability for non-metallic threats. The capabilities to detect some non-metallic threats are investigated in this paper, whilst recommissioning the AVSEC portal screening system at the Manchester Metropolitan University. The AVSEC system is a large aperture (1.6 m) portal screening imager which uses spatially incoherent illumination at 28-33 GHz from mode scrambling cavities to illuminate the subject. The imaging capability is critically analysed in terms of this illumination. A novel technique for the measurement of reflectance, refractive index and extinction coefficient is investigated and this then use to characterise the signatures of nitromethane, hexane, methanol, bees wax and baking flour. Millimetre wave images are shown how these liquids in polycarbonate bottles and the other materials appear against the human body.

Advances in chemical sensing technologies for VOCs in breath for security/threat assessment, illicit drug detection, and human trafficking activity.

Science.gov (United States)

Giannoukos, S; Agapiou, A; Taylor, S

2018-01-17

On-site chemical sensing of compounds associated with security and terrorist attacks is of worldwide interest. Other related bio-monitoring topics include identification of individuals posing a threat from illicit drugs, explosive manufacturing, as well as searching for victims of human trafficking and collapsed buildings. The current status of field analytical technologies is directed towards the detection and identification of vapours and volatile organic compounds (VOCs). Some VOCs are associated with exhaled breath, where research is moving from individual breath testing (volatilome) to cell breath (microbiome) and most recently to crowd breath metabolites (exposome). In this paper, an overview of field-deployable chemical screening technologies (both stand-alone and those with portable characteristics) is given with application to early detection and monitoring of human exposome in security operations. On-site systems employed in exhaled breath analysis, i.e. mass spectrometry (MS), optical spectroscopy and chemical sensors are reviewed. Categories of VOCs of interest include (a) VOCs in human breath associated with exposure to threat compounds, and (b) VOCs characteristic of, and associated with, human body odour (e.g. breath, sweat). The latter are relevant to human trafficking scenarios. New technological approaches in miniaturised detection and screening systems are also presented (e.g. non-scanning digital light processing linear ion trap MS (DLP-LIT-MS), nanoparticles, mid-infrared photo-acoustic spectroscopy and hyphenated technologies). Finally, the outlook for rapid and precise, real-time field detection of threat traces in exhaled breath is revealed and discussed.

Transregional Threats and Maritime Security Cooperation

Science.gov (United States)

2017-08-01

continue to grow. As of 2015, China’s coast guard had 205 ships, more than the combined coast guards of Japan, Vietnam, Indonesia, Malaysia , and the...raised the possibility of China assisting the Philippines in maritime security. • China has maritime security initiatives with Malaysia and...Pakistan. They have also conducted maritime safety drills with their Omani counterparts. In recent years, the IRIN has made efforts to operate well

Security Threats on Wireless Sensor Network Protocols

OpenAIRE

H. Gorine; M. Ramadan Elmezughi

2016-01-01

In this paper, we investigate security issues and challenges facing researchers in wireless sensor networks and countermeasures to resolve them. The broadcast nature of wireless communication makes Wireless Sensor Networks prone to various attacks. Due to resources limitation constraint in terms of limited energy, computation power and memory, security in wireless sensor networks creates different challenges than wired network security. We will discuss several attempts at addressing the issue...

International forum on nuclear and biological decommissioning: Management of global security threats

International Nuclear Information System (INIS)

Aslanian, G.; Kouzminov, V.; Martellini, M.; Santesso, R.

1998-01-01

The Forum on Nuclear and Biological Decommissioning: Management of Global Security Threats was organized by the Landau Network-Centro Volta (LNCV) with the support of the UNESCO Venice Office, the Italian Ministry of Foreign Affairs, the Italian National Board for Alternative Energy Sources (ENEA), the Lombardy Region and the Municipality of Como. Subjects dealt with at the conference included the reconversion of nuclear and biological military equipment produced in the 50 years of the Cold War period and the effects of radio contamination on the environment and on human life. This conference was the most recent of a number of initiatives on reconversion organized in collaboration with the UNESCO Venice Office. The issues dealt with at the conference will be among the subjects for discussion at the UNESCO International School Science for Peace, which will be set up at the 'A. Volta' Center for Scientific Culture

Can experience overcome stereotypes in times of terror threat?

Directory of Open Access Journals (Sweden)

Mirya R. Holman

2017-02-01

Full Text Available Research on evaluations of leaders has frequently found that female leaders receive lower ratings in times of national security crisis. However, less is known about countervailing factors. We contend that partisanship and leadership experience in relevant domains are two factors that can counteract the negative effects of terrorist threat on evaluations of female political leaders. To test this expectation, we implemented a national study in 2012 containing terrorist threat and non-threat conditions, and then asked participants to evaluate political leaders. The results show that Republican leaders, including women, are unaffected by terrorist threat; in contrast, Democratic leaders are punished during times of terrorist threat, but this negative effect is smaller for then-Secretary of State Hillary Clinton compared to Nancy Pelosi, who lacks similar experience. In short, Republican partisanship is a strong countervailing factor, while leadership experience in national security more modestly countervails.

A Study on OS Selection Using ANP Based Choquet Integral in Terms of Cyber Threats

OpenAIRE

Goztepe, Kerim

2016-01-01

Critical systems are today exposed to new kinds of security threats. Cyber security is determine with cyberspace safe from threats, it is called cyber-threats. Cyber-threats is applied the malicious use of information and communication technologies or the behaviour of attackers. Because of the importance of cyber threats, operating system (OS) selection is a critical decision that can significantly affect future competitiveness and performance of an organization. It is increasingly valuable i...

Introduction to Administrative Programs that Mitigate the Insider Threat

Energy Technology Data Exchange (ETDEWEB)

Gerke, Gretchen K.; Rogers, Erin; Landers, John; DeCastro, Kara

2012-09-01

This presentation begins with the reality of the insider threat, then elaborates on these tools to mitigate the insider threat: Human Reliability Program (HRP); Nuclear Security Culture (NSC) Program; Employee Assistance Program (EAP).

Security negotiation

OpenAIRE

Mitrović, Miroslav M.; Ivaniš, Željko

2013-01-01

Contemporary security challenges, risks and threats represent a resultant of the achieved level of interaction between various entities within the paradigm of global security relations. Asymmetry and nonlinearity are main features of contemporary challenges in the field of global security. Negotiation in the area of security, namely the security negotiation, thus goes beyond just the domain of negotiation in conflicts and takes into consideration particularly asymmetric forms of possible sour...

Key issues in body armour: threats, materials and design

OpenAIRE

Horsfall, Ian

2012-01-01

This chapter will examine the mechanics and materials of body armour in military, police and some security related applications to protect the wearer from penetrative threats. These threats will include battlefield threats such as shell fragments and high velocity bullets, and threats to law enforcement personnel such as handgun bullets and knives. Regardless of whether the threat is a high velocity bullet, or a knife, the essential requirements of body armour are the same; first an interacti...

Managing Cisco network security

CERN Document Server

Knipp, Eric

2002-01-01

An in-depth knowledge of how to configure Cisco IP network security is a MUST for anyone working in today''s internetworked world"There''s no question that attacks on enterprise networks are increasing in frequency and sophistication..."-Mike Fuhrman, Cisco Systems Manager, Security ConsultingManaging Cisco Network Security, Second Edition offers updated and revised information covering many of Cisco''s security products that provide protection from threats, detection of network security incidents, measurement of vulnerability and policy compliance and management of security policy across an extended organization. These are the tools that network administrators have to mount defenses against threats. Chapters also cover the improved functionality and ease of the Cisco Secure Policy Manger software used by thousands of small-to-midsized businesses and a special section on the Cisco Aironet Wireless Security Solutions.Security from a real-world perspectiveKey coverage of the new technologies offered by the Cisc...

Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures

Directory of Open Access Journals (Sweden)

John Patrick Barrowclough

2018-01-01

Full Text Available The exponential rise of the cloud computing paradigm has led to the cybersecurity concerns, taking into account the fact that the resources are shared and mediated by a ‘hypervisor’ that may be attacked and user data can be compromised or hacked. In order to better define these threats to which a cloud hypervisor is exposed, we conducted an in-depth analysis and highlighted the security concerns of the cloud. We basically focused on the two particular issues, i.e., (a data breaches and (b weak authentication. For in-depth analysis, we have successfully demonstrated a fully functional private cloud infrastructure running on CloudStack for the software management and orchestrated a valid hack. We analyzed the popular open-source hypervisors, followed by an extensive study of the vulnerability reports associated with them. Based on our findings, we propose the characterization and countermeasures of hypervisor’s vulnerabilities. These investigations can be used to understand the potential attack paths on cloud computing and Cloud-of-Things (CoT applications and identify the vulnerabilities that enabled them.

Threat driven modeling framework using petri nets for e-learning system.

Science.gov (United States)

Khamparia, Aditya; Pandey, Babita

2016-01-01

Vulnerabilities at various levels are main cause of security risks in e-learning system. This paper presents a modified threat driven modeling framework, to identify the threats after risk assessment which requires mitigation and how to mitigate those threats. To model those threat mitigations aspects oriented stochastic petri nets are used. This paper included security metrics based on vulnerabilities present in e-learning system. The Common Vulnerability Scoring System designed to provide a normalized method for rating vulnerabilities which will be used as basis in metric definitions and calculations. A case study has been also proposed which shows the need and feasibility of using aspect oriented stochastic petri net models for threat modeling which improves reliability, consistency and robustness of the e-learning system.

A broadened typology on energy and security

International Nuclear Information System (INIS)

Johansson, Bengt

2013-01-01

A broadened typology describing the interconnection between energy and security is developed in this paper, with the aim of improving understanding of the relationship between energy and security by applying different research and policy perspectives. One approach involves studying energy as an object exposed to security threats, using concepts such as security of supply or security of demand. Another approach involves studying the role of the energy system as the subject in generating or enhancing insecurity. The latter approach includes studying the conflict-generating potential inherent in the economic value of energy, the risk of accidents and antagonistic attacks to energy infrastructure and the security risks related to the negative environmental impact of the energy system. In order to make a comprehensive analysis of the security consequences of proposed energy policies or strategies, all these aspects should be taken into account to varying degrees. The typology proposed here could be a valuable tool for ensuring that all security aspects have been considered. - Highlights: • The paper presents a broadened typology of energy and security, useful for policy analysis. • The energy system can be an object for security threats and as a subject generating or contributing to insecurity. • Energy as an object for security threats includes the concepts of security of supply and security of demand. • The economic value of energy can contribute to insecurity. • Technological and environmental risks of specific energy systems also provide potential threats to human security

Lack of skilled personnel as threat to HR security of industrial enterprises

Directory of Open Access Journals (Sweden)

Ozernikova Tatiana

2017-01-01

Full Text Available The article assesses the needs of Russian industrial enterprises for skilled labor. The authors consider deficiency in qualified personnel as a threat to the human resources security of industrial enterprises, and analyze its causes. The study includes the criteria to distinguish highly skilled employees in the labor force (education level, occupation, correspondence of performed work to education, and analysis of the dynamics of their number. It identifies the internal and external factors that have a significant influence on the number of qualified personnel. The external factors include the size of the salary, population growth due to migration, the regional level of the socio-economic development. The applied methods of analysis are single-factor analysis of variance (F-test, multiple regression and descriptive statistics. The analysis is based on the materials of the Russian Federal State Statistics Service, as well as on the Russian Longitudinal Monitoring Survey - Higher School of Economics.

Web threat and its implication for E-business in Nigeria ...

African Journals Online (AJOL)

Web threat is any threat that uses the internet to facilitate identity theft , fraud, espionage and intelligence gathering. Web -based vulnerabilities now outnumber traditional computer security concerns. Such threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ ...

Embedded Java security security for mobile devices

CERN Document Server

Debbabi, Mourad; Talhi, Chamseddine

2007-01-01

Java brings more functionality and versatility to the world of mobile devices, but it also introduces new security threats. This book contains a presentation of embedded Java security and presents the main components of embedded Java. It gives an idea of the platform architecture and is useful for researchers and practitioners.

Towards Formal Analysis of Insider Threats for Auctions

DEFF Research Database (Denmark)

Kammueller, Florian; Kerber, Manfred; Probst, Christian W.

2016-01-01

is meaningful to prove correctness and scrutinize vulnerability to security and privacy attacks. Surveying the threats in auctions and insider collusions, we present an approach to model and analyze auction protocols for insider threats using the interactive theorem prover Isabelle. As a case study, we use...

Defense against Insider Threat: a Framework for Gathering Goal-based Requirements

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; van Eck, Pascal; Pernici, B; Gulla, J.A.

2007-01-01

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a worrying situation, since insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. Despite their importance, insider threats are still not

Security model for VM in cloud

Science.gov (United States)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

THE BIOTERRORISM THREAT: TECHNOLOGICAL AND POLITICAL CONSIDERATIONS

Energy Technology Data Exchange (ETDEWEB)

J. F. PILAT

2000-03-01

Bioterrorism--along with biowarfare, from which it may not always be distinguishable in practice--will be a feature of the strategic landscape in the 21st century and is high on the US national security agenda. Bioterrorism poses a potential threat to the US population, agriculture, interests, friends and allies, and military forces (asymmetric threats). Yet these possibilities have not been widely pursued or realized by terrorists. The perceived threat is far worse than anything experienced to date, and is largely technologically driven.

E-learning stakeholders information security vulnerability model

OpenAIRE

Mohd Alwi, Najwa Hayaati

2012-01-01

The motivation to conduct this research has come from awareness that the Internet exposes the e-learning environment to information security threats and vulnerabilities. Information security management as practised as a top down approach in many organisations tend to detach of people’s responsibility in ensuring the security of e-learning. Literature has pointed out that people’s behaviour required to be addressed to control the information security threats. This research proposes an ISM huma...

Securing Networks from Modern Threats using Next Generation Firewalls

OpenAIRE

Delgiusto, Valter

2016-01-01

Classic firewalls have long been unable to cope with modern threats that ordinary Internet users are exposed to. This thesis discusses their successors - the next-generation firewalls. The first part of the thesis describes modern threats and attacks. We described in detail the DoS and APT attacks, which are among the most frequent and which may cause most damage to the system under attack. Then we explained the theoretical basics of firewalls and described the functionalities of next gen...

An Overview of Computer Network security and Research Technology

OpenAIRE

Rathore, Vandana

2016-01-01

The rapid development in the field of computer networks and systems brings both convenience and security threats for users. Security threats include network security and data security. Network security refers to the reliability, confidentiality, integrity and availability of the information in the system. The main objective of network security is to maintain the authenticity, integrity, confidentiality, availability of the network. This paper introduces the details of the technologies used in...

Security threats to automotive CAN networks-Practical examples and selected short-term countermeasures

International Nuclear Information System (INIS)

Hoppe, Tobias; Kiltz, Stefan; Dittmann, Jana

2011-01-01

The IT security of automotive systems is an evolving area of research. To analyse the current situation and the potentially growing tendency of arising threats we performed several practical tests on recent automotive technology. With a focus on automotive systems based on CAN bus technology, this article summarises the results of four selected tests performed on the control systems for the window lift, warning light and airbag control system as well as the central gateway. These results are supplemented in this article by a classification of these four attack scenarios using the established CERT taxonomy and an analysis of underlying security vulnerabilities, and especially, potential safety implications. With respect to the results of these tests, in this article we further discuss two selected countermeasures to address basic weaknesses exploited in our tests. These are adaptations of intrusion detection (discussing three exemplary detection patterns) and IT-forensic measures (proposing proactive measures based on a forensic model). This article discusses both looking at the four attack scenarios introduced before, covering their capabilities and restrictions. While these reactive approaches are short-term measures, which could already be added to today's automotive IT architecture, long-term concepts also are shortly introduced, which are mainly preventive but will require a major redesign. Beneath a short overview on respective research approaches, we discuss their individual requirements, potential and restrictions.

Cybercom Chief Details U.S. Cyber Threats

Science.gov (United States)

Security Robots Lasers RSS Feed Cybercom Chief Details U.S. Cyber Threats - December 2, 2014 Navy Adm . Rogers, the commander of U.S. Cyber Command, director of the National Security Agency and chief of the Framework for Cyber Sharing But before Cybercom can help commercial companies deal with cyber criminals and

Physical Protection System Design Analysis against Insider Threat based on Game Theoretic Modeling

Energy Technology Data Exchange (ETDEWEB)

Kim, Kyo-Nam; Suh, Young-A; Yim, Man-Sung [KAIST, Daejeon (Korea, Republic of); Schneider, Erich [The University of Texas, Austin (United States)

2015-05-15

This study explores the use of game-theoretic modeling of physical protection analysis by incorporating the implications of an insider threat. The defender-adversary interaction along with the inclusion of an insider is demonstrated using a simplified test case problem at an experimental fast reactor system. Non-detection probability and travel time are used as a baseline of physical protection parameters in this model. As one of the key features of the model is its ability to choose among security upgrades given the constraints of a budget, the study also performed cost benefit analysis for security upgrades options. In this study, we analyzed the expected adversarial path and security upgrades with a limited budget with insider threat modeled as increasing the non-detection probability. Our test case problem categorized three types of adversary paths assisted by the insider and derived the largest insider threat in terms of the budget for security upgrades. More work needs to be done to incorporate complex dimensions of insider threats, which include but are not limited to: a more realistic mapping of insider threat, accounting for information asymmetry between the adversary, insider, and defenders, and assignment of more pragmatic parameter values.

Physical Protection System Design Analysis against Insider Threat based on Game Theoretic Modeling

International Nuclear Information System (INIS)

Kim, Kyo-Nam; Suh, Young-A; Yim, Man-Sung; Schneider, Erich

2015-01-01

This study explores the use of game-theoretic modeling of physical protection analysis by incorporating the implications of an insider threat. The defender-adversary interaction along with the inclusion of an insider is demonstrated using a simplified test case problem at an experimental fast reactor system. Non-detection probability and travel time are used as a baseline of physical protection parameters in this model. As one of the key features of the model is its ability to choose among security upgrades given the constraints of a budget, the study also performed cost benefit analysis for security upgrades options. In this study, we analyzed the expected adversarial path and security upgrades with a limited budget with insider threat modeled as increasing the non-detection probability. Our test case problem categorized three types of adversary paths assisted by the insider and derived the largest insider threat in terms of the budget for security upgrades. More work needs to be done to incorporate complex dimensions of insider threats, which include but are not limited to: a more realistic mapping of insider threat, accounting for information asymmetry between the adversary, insider, and defenders, and assignment of more pragmatic parameter values

Emerging and Future Cyber Threats to Critical Systems

OpenAIRE

Djambazova , Edita; Almgren , Magnus; Dimitrov , Kiril; Jonsson , Erland

2010-01-01

Part 2: Adversaries; International audience; This paper discusses the emerging and future cyber threats to critical systems identified during the EU/FP7 project ICT-FORWARD. Threats were identified after extensive discussions with both domain experts and IT security professionals from academia, industry, and government organizations. The ultimate goal of the work was to identify the areas in which cyber threats could occur and cause serious and undesirable consequences, based on the character...

Managing threats from emerging technologies: can safeguards show the way?

International Nuclear Information System (INIS)

Leffer, Teri N.

2014-01-01

The system of international nuclear safeguards implemented by the International Atomic Energy Agency (IAEA) is primarily a means of verification of states’ commitments under various legal instruments, principally the Nuclear Non‑Proliferation Treaty (NPT), to utilize controlled nuclear fission for peaceful purposes only. However, the safeguards system can also be seen as a mechanism through which states acted to reduce the threat posed by a new technology that had a transformative impact on existing national security paradigms when it emerged in the twentieth century. In the twenty‑first century, new technologies with equally profound national security implications are emerging. These include biotechnology and synthetic biology, nano technology, information technology, cognitive science, robotics and artificial intelligence. Throughout its history, the safeguards system has evolved to accommodate new technologies, new undertakings and new threats. Because multiple emerging technologies now constitute potential national security threats, it is appropriate to consider whether and how the lessons and successes of the safeguards system, including its capacity to evolve in response to changing requirements, could be leveraged to mitigate the threat posed by these new technologies. This paper addresses the possibility of re‑imagining safeguards in a way that makes them applicable to a broader range of technology‑based threats without compromising their effectiveness for their original purpose.

Cyber threats within civil aviation

Science.gov (United States)

Heitner, Kerri A.

Existing security policies in civil aviation do not adequately protect against evolving cyber threats. Cybersecurity has been recognized as a top priority among some aviation industry leaders. Heightened concerns regarding cyber threats and vulnerabilities surround components utilized in compliance with the Federal Aviation Administration's (FAA) Next Generation Air Transportation (NextGen) implementation. Automated Dependent Surveillance-B (ADS-B) and Electronic Flight Bags (EFB) have both been exploited through the research of experienced computer security professionals. Civil aviation is essential to international infrastructure and if its critical assets were compromised, it could pose a great risk to public safety and financial infrastructure. The purpose of this research was to raise awareness of aircraft system vulnerabilities in order to provoke change among current national and international cybersecurity policies, procedures and standards. Although the education of cyber threats is increasing in the aviation industry, there is not enough urgency when creating cybersecurity policies. This project intended to answer the following questions: What are the cyber threats to ADS-B of an aircraft in-flight? What are the cyber threats to EFB? What is the aviation industry's response to the issue of cybersecurity and in-flight safety? ADS-B remains unencrypted while the FAA's mandate to implement this system is rapidly approaching. The cyber threat of both portable and non-portable EFB's have received increased publicity, however, airlines are not responding quick enough (if at all) to create policies for the use of these devices. Collectively, the aviation industry is not being proactive enough to protect its aircraft or airport network systems. That is not to say there are not leaders in cybersecurity advancement. These proactive organizations must set the standard for the future to better protect society and it's most reliable form of transportation.

Cyber Threat Assessment of Uplink and Commanding System for Mission Operation

Science.gov (United States)

Ko, Adans Y.; Tan, Kymie M. C.; Cilloniz-Bicchi, Ferner; Faris, Grant

2014-01-01

Most of today's Mission Operations Systems (MOS) rely on Ground Data System (GDS) segment to mitigate cyber security risks. Unfortunately, IT security design is done separately from the design of GDS' mission operational capabilities. This incoherent practice leaves many security vulnerabilities in the system without any notice. This paper describes a new way to system engineering MOS, to include cyber threat risk assessments throughout the MOS development cycle, without this, it is impossible to design a dependable and reliable MOS to meet today's rapid changing cyber threat environment.

The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)

Science.gov (United States)

Clarke, Marlon

2011-01-01

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

Threats to financial system security

Energy Technology Data Exchange (ETDEWEB)

McGovern, D.E.

1997-06-01

The financial system in the United States is slowly migrating from the bricks and mortar of banks on the city square to branch banks, ATM`s, and now direct linkage through computers to the home. Much work has been devoted to the security problems inherent in protecting property and people. The impact of attacks on the information aspects of the financial system has, however, received less attention. Awareness is raised through publicized events such as the junk bond fraud perpetrated by Milken or gross mismanagement in the failure of the Barings Bank through unsupervised trading activities by Leeson in Singapore. These events, although seemingly large (financial losses may be on the order of several billion dollars), are but small contributors to the estimated $114 billion loss to all types of financial fraud in 1993. Most of the losses can be traced to the contribution of many small attacks perpetrated against a variety of vulnerable components and systems. This paper explores the magnitude of these financial system losses and identifies new areas for security to be applied to high consequence events.

Personal privacy, information assurance, and the threat posed by malware techology

Science.gov (United States)

Stytz, Martin R.; Banks, Sheila B.

2006-04-01

In spite of our best efforts to secure the cyber world, the threats posed to personal privacy by attacks upon networks and software continue unabated. While there are many reasons for this state of affairs, clearly one of the reasons for continued vulnerabilities in software is the inability to assess their security properties and test their security systems while they are in development. A second reason for this growing threat to personal privacy is the growing sophistication and maliciousness of malware coupled with the increasing difficulty of detecting malware. The pervasive threat posed by malware coupled with the difficulties faced when trying to detect its presence or an attempted intrusion make addressing the malware threat one of the most pressing issues that must be solved in order to insure personal privacy to users of the internet. In this paper, we will discuss the threat posed by malware, the types of malware found in the wild (outside of computer laboratories), and current techniques that are available for from a successful malware penetration. The paper includes a discussion of anti-malware tools and suggestions for future anti-malware efforts.

Securing social media in the enterprise

CERN Document Server

Dalziel, Henry

2015-01-01

Securing Social Media in the Enterprise is a concise overview of the security threats posed by the use of social media sites and apps in enterprise network environments. Social media sites and apps are now a ubiquitous presence within enterprise systems and networks, and are vulnerable to a wide range of digital systems attacks. This brief volume provides security professionals and network systems administrators a much-needed dive into the most current threats, detection techniques, and defenses for these attacks, and provides a roadmap for best practices to secure and manage social media wi

13 CFR 108.825 - Purchasing securities from an underwriter or other third party.

Science.gov (United States)

2010-01-01

... ADMINISTRATION NEW MARKETS VENTURE CAPITAL (âNMVCâ) PROGRAM Financing of Small Businesses by NMVC Companies Structuring Nmvc Company's Financing of Eligible Small Businesses § 108.825 Purchasing securities from an... Financing of the Small Business. Limitations on Disposition of Assets ...

Reducing the risk of cyber threats in utilities through log management

Energy Technology Data Exchange (ETDEWEB)

Patnaik, A. [ArcSight, Cupertino, CA (United States)

2010-01-15

Electrical blackouts caused by terrorists hacking into targeted control systems have already occurred in Brazil. A patchwork of security tools is needed to reduce potential threats. The continuous collection and analysis of data is also needed to detect cyber threats. The real time correlation of logs across all systems, applications and users is needed to ensure the reliability and security of the power grid. Solutions must also integrate well with identity management sources in order to prevent remote access account hijacking. Effective log management can be used to detect threats and reduce the risk of power outages. 1 fig.

An updated taxonomy for characterizing hackers according to their threat properties

DEFF Research Database (Denmark)

Hald, Sara Ligaard; Pedersen, Jens Myrup

2012-01-01

The objective of this paper is to give an up-to-date terminology for and categorization of hackers on the Internet, and to characterize each category of hackers by their threat properties. To be able to prioritize defense efforts, security experts need an accurate taxonomy of attackers...... for the production of detailed and precise threat assessments. We take an existing taxonomy for hackers and update it to correspond to the terminology used by hackers and security experts. Also, the categories of hackers are updated to reflect the threat properties demonstrated in recent attacks, and each category...

Vehicular ad hoc network security and privacy

CERN Document Server

Lin, X

2015-01-01

Unlike any other book in this area, this book provides innovative solutions to security issues, making this book a must read for anyone working with or studying security measures. Vehicular Ad Hoc Network Security and Privacy mainly focuses on security and privacy issues related to vehicular communication systems. It begins with a comprehensive introduction to vehicular ad hoc network and its unique security threats and privacy concerns and then illustrates how to address those challenges in highly dynamic and large size wireless network environments from multiple perspectives. This book is richly illustrated with detailed designs and results for approaching security and privacy threats.

Physical security of nuclear facilities

International Nuclear Information System (INIS)

Dixon, H.

1987-01-01

A serious problem with present security systems at nuclear facilities is that the threats and standards prepared by the NRC and DOE are general, and the field offices are required to develop their own local threats and, on that basis, to prepared detailed specifications for security systems at sites in their jurisdiction. As a result, the capabilities of the systems vary across facilities. Five steps in particular are strongly recommended as corrective measures: 1. Those agencies responsible for civil nuclear facilities should jointly prepare detailed threat definitions, operational requirements, and equipment specifications to protect generic nuclear facilities, and these matters should be issued as policy. The agencies should provide sufficient detail to guide the design of specific security systems and to identify candidate components. 2. The DOE, NRC, and DOD should explain to Congress why government-developed security and other military equipment are not used to upgrade existing security systems and to stock future ones. 3. Each DOE and NRC facility should be assessed to determine the impact on the size of the guard force and on warning time when personnel-detecting radars and ground point sensors are installed. 4. All security guards and technicians should be investigated for the highest security clearance, with reinvestigations every four years. 5. The processes and vehicles used in intrafacility transport of nuclear materials should be evaluated against a range of threats and attack scenarios, including violent air and vehicle assaults. All of these recommendations are feasible and cost-effective. The appropriate congressional subcommittees should direct that they be implemented as soon as possible

Collective Study On Security Threats In MANET

Directory of Open Access Journals (Sweden)

Muhammad Zunnurain Hussain

2017-01-01

Full Text Available In this paper the authors will be discussing the security issues in MANET amp the methods to protect it. Authors will be talk about related work in securing the network different type of attacks how to sense these sorts of attack what are the features of MANET then will be describing what the requirements for securing network are. Investigation had been done in past to maintain the network from attacks but due to the feature of MANET inappropriate infrastructure and due to the disperse network quality it is open to attack. Authors will be tackling the defence against each attack. Solution has been suggested So that the users can use proper authentication techniques and network resources can be properly utilized.

Mobile IP: Security & application

NARCIS (Netherlands)

Tuquerres, G.; Salvador, M.R.; Sprenkels, Ron

1999-01-01

As required in the TGS Mobile IP Advanced Module, this paper presents a survey of common security threats which mobile IP networks are exposed to as well as some proposed solutions to deal with such threats.

Information Security Issues in Higher Education and Institutional Research

Science.gov (United States)

Custer, William L.

2010-01-01

Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

Chemical Sniffing Instrumentation for Security Applications.

Science.gov (United States)

Giannoukos, Stamatios; Brkić, Boris; Taylor, Stephen; Marshall, Alan; Verbeck, Guido F

2016-07-27

Border control for homeland security faces major challenges worldwide due to chemical threats from national and/or international terrorism as well as organized crime. A wide range of technologies and systems with threat detection and monitoring capabilities has emerged to identify the chemical footprint associated with these illegal activities. This review paper investigates artificial sniffing technologies used as chemical sensors for point-of-use chemical analysis, especially during border security applications. This article presents an overview of (a) the existing available technologies reported in the scientific literature for threat screening, (b) commercially available, portable (hand-held and stand-off) chemical detection systems, and (c) their underlying functional and operational principles. Emphasis is given to technologies that have been developed for in-field security operations, but laboratory developed techniques are also summarized as emerging technologies. The chemical analytes of interest in this review are (a) volatile organic compounds (VOCs) associated with security applications (e.g., illegal, hazardous, and terrorist events), (b) chemical "signatures" associated with human presence, and (c) threat compounds (drugs, explosives, and chemical warfare agents).

Nuclear and radiological Security: Introduction.

Energy Technology Data Exchange (ETDEWEB)

Miller, James Christopher [Los Alamos National Lab. (LANL), Los Alamos, NM (United States)

2016-02-24

Nuclear security includes the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear or other radioactive substances or their associated facilities. The presentation begins by discussing the concept and its importance, then moves on to consider threats--insider threat, sabotage, diversion of materials--with considerable emphasis on the former. The intrusion at Pelindaba, South Africa, is described as a case study. The distinction between nuclear security and security of radiological and portable sources is clarified, and the international legal framework is touched upon. The paper concludes by discussing the responsibilities of the various entities involved in nuclear security.

Nuclear and radiological Security: Introduction

International Nuclear Information System (INIS)

Miller, James Christopher

2016-01-01

Nuclear security includes the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear or other radioactive substances or their associated facilities. The presentation begins by discussing the concept and its importance, then moves on to consider threats--insider threat, sabotage, diversion of materials--with considerable emphasis on the former. The intrusion at Pelindaba, South Africa, is described as a case study. The distinction between nuclear security and security of radiological and portable sources is clarified, and the international legal framework is touched upon. The paper concludes by discussing the responsibilities of the various entities involved in nuclear security.

Intelligent Model for Video Survillance Security System

Directory of Open Access Journals (Sweden)

J. Vidhya

2013-12-01

Full Text Available Video surveillance system senses and trails out all the threatening issues in the real time environment. It prevents from security threats with the help of visual devices which gather the information related to videos like CCTV’S and IP (Internet Protocol cameras. Video surveillance system has become a key for addressing problems in the public security. They are mostly deployed on the IP based network. So, all the possible security threats exist in the IP based application might also be the threats available for the reliable application which is available for video surveillance. In result, it may increase cybercrime, illegal video access, mishandling videos and so on. Hence, in this paper an intelligent model is used to propose security for video surveillance system which ensures safety and it provides secured access on video.

Improving Network Security with Watchguard UTM Firewall

OpenAIRE

Lehmonen, Harri

2017-01-01

After working many years in close contact with end customers, the author has noticed that Finnish small and mid-size businesses are not paying as much attention to network security threats as they should. Even though different kind of security threats are probably present and reported often in news, very basic security practices are discarded and no resources are spent advancing the issue. The topic of this thesis is Improving Network Security with Watchguard’s UTM Firewall. It focuses o...

Reactive Aggregate Model Protecting Against Real-Time Threats

Science.gov (United States)

2014-09-01

IPv4 address space. Cisco products such as Auto Secure and Adaptive Security Appliance are effective for Cisco products, but large distributed...protection capability within GINA. GINA has no published history of implementation as an IPS. A. RAMPART DECISION MODEL In order to establish a threat

Cloud Computing Security: A Survey

Directory of Open Access Journals (Sweden)

Issa M. Khalil

2014-02-01

Full Text Available Cloud computing is an emerging technology paradigm that migrates current technological and computing concepts into utility-like solutions similar to electricity and water systems. Clouds bring out a wide range of benefits including configurable computing resources, economic savings, and service flexibility. However, security and privacy concerns are shown to be the primary obstacles to a wide adoption of clouds. The new concepts that clouds introduce, such as multi-tenancy, resource sharing and outsourcing, create new challenges to the security community. Addressing these challenges requires, in addition to the ability to cultivate and tune the security measures developed for traditional computing systems, proposing new security policies, models, and protocols to address the unique cloud security challenges. In this work, we provide a comprehensive study of cloud computing security and privacy concerns. We identify cloud vulnerabilities, classify known security threats and attacks, and present the state-of-the-art practices to control the vulnerabilities, neutralize the threats, and calibrate the attacks. Additionally, we investigate and identify the limitations of the current solutions and provide insights of the future security perspectives. Finally, we provide a cloud security framework in which we present the various lines of defense and identify the dependency levels among them. We identify 28 cloud security threats which we classify into five categories. We also present nine general cloud attacks along with various attack incidents, and provide effectiveness analysis of the proposed countermeasures.

Consideration on Measures against Insiders Threats in ROK

International Nuclear Information System (INIS)

Lee, Seungmin; Yim, Hobin; Hong, Yunjeong

2015-01-01

They can also threaten cyber security, safety measures, and material control and accountancy (MC and A). Insiders are likely to have the time to plan their actions. In addition, they may work with an external adversary who shares their objectives. Because of these reasons, IAEA published 'The Implementing Guide Preventive and Protective Measures against Insider Threats, IAEA Nuclear Security Series No. 8' to help understanding of the Member States. This paper focus on the current status of the measures to prevent, detect and respond to potential insiders at nuclear facilities in Republic of KOREA. Insiders are able to take advantage of their access rights and knowledge of facilities where they are working or have worked to bypass dedicated security measures. Therefore, insiders can be the most dangerous threats to cyber security, safety measures, and material control and accountancy of nuclear facilities. Preventive and protective measures against the potential insiders in the nuclear facilities are yet insufficient according to the security inspection results. Especially, preventive and protective measures for unauthorized removal of nuclear material by insiders are the weakest area of whole security systems and should be further strengthened

Consideration on Measures against Insiders Threats in ROK

Energy Technology Data Exchange (ETDEWEB)

Lee, Seungmin; Yim, Hobin; Hong, Yunjeong [Korea Institute of Nuclear Nonproliferation and Control, Daejeon (Korea, Republic of)

2015-05-15

They can also threaten cyber security, safety measures, and material control and accountancy (MC and A). Insiders are likely to have the time to plan their actions. In addition, they may work with an external adversary who shares their objectives. Because of these reasons, IAEA published 'The Implementing Guide Preventive and Protective Measures against Insider Threats, IAEA Nuclear Security Series No. 8' to help understanding of the Member States. This paper focus on the current status of the measures to prevent, detect and respond to potential insiders at nuclear facilities in Republic of KOREA. Insiders are able to take advantage of their access rights and knowledge of facilities where they are working or have worked to bypass dedicated security measures. Therefore, insiders can be the most dangerous threats to cyber security, safety measures, and material control and accountancy of nuclear facilities. Preventive and protective measures against the potential insiders in the nuclear facilities are yet insufficient according to the security inspection results. Especially, preventive and protective measures for unauthorized removal of nuclear material by insiders are the weakest area of whole security systems and should be further strengthened.

New nuclear power in the UK: A strategy for energy security?

International Nuclear Information System (INIS)

Watson, Jim; Scott, Alister

2009-01-01

The aim of this paper is to explore the extent to which the construction of new nuclear power plants in the UK can safeguard or enhance energy security. The paper starts with a discussion of energy security, and breaks it down into four main categories of threat. These include threats due to fossil fuel scarcity and external disruptions, problems due to a lack of investment in infrastructure, threats due to technology or infrastructure failure, and risks due to domestic activism or terrorism. The paper then discusses one of the most common strategies put forward to improve security-the promotion of diversity within energy systems. Following this, the paper assesses the potential for new nuclear investment to ameliorate security threats in each of the four categories introduced earlier in the paper. The paper concludes that whilst nuclear investment can help to mitigate some threats to UK energy security, the government's case for supporting this investment ignores some equally important security issues. As a result, the energy security case for nuclear power has not yet been made.

New nuclear power in the UK. A strategy for energy security?

Energy Technology Data Exchange (ETDEWEB)

Watson, Jim; Scott, Alister [Sussex Energy Group, SPRU, The Freeman Centre, University of Sussex, Brighton, East Sussex BN1 9QE (United Kingdom)

2009-12-15

The aim of this paper is to explore the extent to which the construction of new nuclear power plants in the UK can safeguard or enhance energy security. The paper starts with a discussion of energy security, and breaks it down into four main categories of threat. These include threats due to fossil fuel scarcity and external disruptions, problems due to a lack of investment in infrastructure, threats due to technology or infrastructure failure, and risks due to domestic activism or terrorism. The paper then discusses one of the most common strategies put forward to improve security - the promotion of diversity within energy systems. Following this, the paper assesses the potential for new nuclear investment to ameliorate security threats in each of the four categories introduced earlier in the paper. The paper concludes that whilst nuclear investment can help to mitigate some threats to UK energy security, the government's case for supporting this investment ignores some equally important security issues. As a result, the energy security case for nuclear power has not yet been made. (author)

New nuclear power in the UK: A strategy for energy security?

Energy Technology Data Exchange (ETDEWEB)

Watson, Jim, E-mail: w.j.watson@sussex.ac.u [Sussex Energy Group, SPRU, Freeman Centre, University of Sussex, Brighton, East Sussex BN1 9QE (United Kingdom); Scott, Alister [Sussex Energy Group, SPRU, Freeman Centre, University of Sussex, Brighton, East Sussex BN1 9QE (United Kingdom)

2009-12-15

The aim of this paper is to explore the extent to which the construction of new nuclear power plants in the UK can safeguard or enhance energy security. The paper starts with a discussion of energy security, and breaks it down into four main categories of threat. These include threats due to fossil fuel scarcity and external disruptions, problems due to a lack of investment in infrastructure, threats due to technology or infrastructure failure, and risks due to domestic activism or terrorism. The paper then discusses one of the most common strategies put forward to improve security-the promotion of diversity within energy systems. Following this, the paper assesses the potential for new nuclear investment to ameliorate security threats in each of the four categories introduced earlier in the paper. The paper concludes that whilst nuclear investment can help to mitigate some threats to UK energy security, the government's case for supporting this investment ignores some equally important security issues. As a result, the energy security case for nuclear power has not yet been made.

Modeling and Verification of Insider Threats Using Logical Analysis

DEFF Research Database (Denmark)

Kammuller, Florian; Probst, Christian W.

2017-01-01

and use a common trick from the formal verification of security protocols, showing that it is applicable to insider threats. We introduce briefly a three-step process of social explanation, illustrating that it can be applied fruitfully to the characterization of insider threats. We introduce the insider...

Terrorism: the threat of a radiological device

International Nuclear Information System (INIS)

Kingshott, B.F.

2005-01-01

Full text: This paper will discuss terrorism from the perspective of a terrorist organization building and detonating a 'dirty bomb' with a radiological component. The paper will discuss how such devices are made and how security of radiological material world wide will minimize the risk of such devices being used. It will discuss the threat assessments against nuclear waste processing and storage sites, threats to nuclear plants and other sites and the adequacy of current security. It will also discuss the phenomenon of suicide attacks by the bomb carriers and the role of the media in informing and educating the general public of the consequences should such a device be detonated. (author)

Providing security assurance in line with national DBT assumptions

Science.gov (United States)

Bajramovic, Edita; Gupta, Deeksha

2017-01-01

As worldwide energy requirements are increasing simultaneously with climate change and energy security considerations, States are thinking about building nuclear power to fulfill their electricity requirements and decrease their dependence on carbon fuels. New nuclear power plants (NPPs) must have comprehensive cybersecurity measures integrated into their design, structure, and processes. In the absence of effective cybersecurity measures, the impact of nuclear security incidents can be severe. Some of the current nuclear facilities were not specifically designed and constructed to deal with the new threats, including targeted cyberattacks. Thus, newcomer countries must consider the Design Basis Threat (DBT) as one of the security fundamentals during design of physical and cyber protection systems of nuclear facilities. IAEA NSS 10 describes the DBT as "comprehensive description of the motivation, intentions and capabilities of potential adversaries against which protection systems are designed and evaluated". Nowadays, many threat actors, including hacktivists, insider threat, cyber criminals, state and non-state groups (terrorists) pose security risks to nuclear facilities. Threat assumptions are made on a national level. Consequently, threat assessment closely affects the design structures of nuclear facilities. Some of the recent security incidents e.g. Stuxnet worm (Advanced Persistent Threat) and theft of sensitive information in South Korea Nuclear Power Plant (Insider Threat) have shown that these attacks should be considered as the top threat to nuclear facilities. Therefore, the cybersecurity context is essential for secure and safe use of nuclear power. In addition, States should include multiple DBT scenarios in order to protect various target materials, types of facilities, and adversary objectives. Development of a comprehensive DBT is a precondition for the establishment and further improvement of domestic state nuclear-related regulations in the

Antigovernment Groups. A Growing Threat to US Security

Energy Technology Data Exchange (ETDEWEB)

Swift, Alicia L. [Los Alamos National Laboratory

2016-04-25

Domestic terrorism is a growing threat in the United States, particularly from the 998 right-wing antigovernment (AG) groups in existence in 2015. In the years since the September 11, 2001 attacks in New York City, right-wing anti-government acts have oc- curred more often and killed more people in the United States than Muslim extremists. Such AG group members are often in uenced by racist, anti-Semitic, or anti-Islamic views, believe conspiracy theories about the government, and often refuse to pay taxes or participate in frivolous lawsuits in order to intentionally waste the government's time. There is, however, a violent element to these groups which participates in events ranging from the armed take-over of federal land in Oregon, to an armed stand-o with federal agents in Nevada, to the bombing of the Oklahoma City building which killed 168 people. Such acts may be conducted by a few individuals, as is the case of the Oklahoma City bombing, or an entire group. Such groups have a wide range of capabilities, with typical weapons including legal and illegal rearms, with a focus on purchasing fully automatic weapons; hand grenades, with some homemade; deadly tox- ins, like ricin (in multiple cases) and sodium cyanide (in one case); transportation, such as all-terrain vehicles (ATVs); arson, with the intent of destroying federal property; and explosives, often in large numbers and including pipe bombs, truck bombs, IEDs, and other homemade explosives. The growing acceptance of these violent methods by Republican congressmen and governors, however, only increases visibility of such groups and encourages their behavior. Coupled with the removal of the Department of Homeland Security's division responsible for monitoring such groups, the result could prove disastrous for the safety of United States citizens.

Ransomware - Threats Vulnerabilities And Recommendations

Directory of Open Access Journals (Sweden)

Nadeem Shah

2017-06-01

Full Text Available Attack methodologies transform with the transforming dynamics of technology. Consequently it becomes imperative that individuals and organization implement the highest levels of security within their devices and infrastructure for optimal protection against these rapidly evolving attacks. Ransomware is one such attack that never fails to surprise in terms of its ability to identify vulnerabilities and loopholes in technology. This paper discusses the categories of ransomware its common attack vectors and provides a threat landscape with the aim to highlight the true potential and destructive nature of such malware based attacks. In this paper we also present the most current ransomware attack that is still a potential threat and also provide recommendations and strategies for prevention and protection against these attacks. A novel solution is also discussed that could be further worked upon in the future by other researchers and vendors of security devices.

External threats to economic security of enterprises of shipping business

OpenAIRE

Khaiminova, Y.

2012-01-01

Розглядається морське піратство як загроза економічній безпеці підприємств судноплавного бізнесу. Досліджуються економічні наслідки морського піратства. Розглядаються напрями боротьби с морським піратством.Marine piracy as threat economic security of enterprises of shipping business was examined in the article. The economic consequences of marine piracy were investigated. Directions of fight of s are examined by marine piracy were considered....

Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation

Science.gov (United States)

Greitzer, Frank L.; Frincke, Deborah A.

The purpose of this chapter is to motivate the combination of traditional cyber security audit data with psychosocial data, to support a move from an insider threat detection stance to one that enables prediction of potential insider presence. Twodistinctiveaspects of the approach are the objectiveof predicting or anticipating potential risksandthe useoforganizational datain additiontocyber datato support the analysis. The chapter describes the challenges of this endeavor and reports on progressin definingausablesetof predictiveindicators,developingaframeworkfor integratingthe analysisoforganizationalandcyber securitydatatoyield predictions about possible insider exploits, and developing the knowledge base and reasoning capabilityof the system.We also outline the typesof errors that oneexpectsina predictive system versus a detection system and discuss how those errors can affect the usefulness of the results.

"The Islamic State Of Iraq And The Levant" (ISIL In The System Of Threats To The National Security Of Russia

Directory of Open Access Journals (Sweden)

Pavel V. Agapov

2014-09-01

Full Text Available In the present work authors analyze political, economic, military and many other aspects of the "Islamic State of Iraq and Levant" activity as essential factor of the destabilization in the region of the Middle East. Authors investigate destructive consequences of this terrorist religious group's positions strengthening for the national security of the Russian Federation and border states. Authors note that actions in Syria and Iraq have indirect, but transnational effect, pose threat to the interests of the national security of Russia, especially including one, conducted in Crimea with the use of Islamic radicals for this purpose, who are on the peninsula and territory of the Ukraine. In the present article authors note that every year in the process of the population's psychological fatigue strengthening, new losses among the military personnel and the intelligence services staff and also death of peaceful citizens, their positions will only amplify. "Defeatism" will become a powerful political force. Problem of the international legal aspect of the counteraction to the threat from the actions of foreign fighters-terrorists who are hired or accepted with ISIL, al-Nusra Front and other groups and organizations of the terrorist orientation is connected with the implementation of the UN Security Council Resolution 2178 (2014 made on September 24, 2014. It’s main objective – development of the nonviolent ways of the conflicts prevention and settlement for the purposes of the radicalization to the level generating terrorism risk degree decrease. In the conclusion authors argument that it is especially actual for the Russian regions, which is extremely vulnerable to extremism (North Caucasus, Volga Region.

Process Security in Chemical Engineering Education

Science.gov (United States)

Piluso, Cristina; Uygun, Korkut; Huang, Yinlun; Lou, Helen H.

2005-01-01

The threats of terrorism have greatly alerted the chemical process industries to assure plant security at all levels: infrastructure-improvement-focused physical security, information-protection-focused cyber security, and design-and-operation-improvement-focused process security. While developing effective plant security methods and technologies…

Protecting the source. Securing nuclear material and strong radiation sources. New threats of terrorism are prompting the need for swift action to better secure nuclear material and strong radiation sources. Are measures already in place enough? The Stanford-Salzburg initiative suggests not

International Nuclear Information System (INIS)

Steinhausler, F.; Bunn, G.

2003-01-01

At a time of growing concern over threats of terrorism, the security of nuclear and radioactive material is an urgent and serious issue. Working with a range of partners, the IAEA has put into place a multi-faceted Action Plan to help countries upgrade their capabilities. But more needs to be done to counter new types of threats. One particular area that needs to be strengthened is the physical protection of nuclear and radioactive material. The attacks of 11 September 2001 opened our eyes to i he urgent need to strengthen national physical protection (PP) practices for nuclear and other radioactive material. The principle that highly radioactive material will protect itself does not apply to the newest generation of terrorists. Existing PP systems were not designed to deal with the threat of suicidal terrorists commanding the numbers, skills, training, and resources available to those who carried out the attacks in the US. Moreover, because there are no mandatory international standards for domestic PP systems for nuclear or radioactive material, protection measures vary greatly from country to country. The IAEA recommended standards (Inference/225/Rev. 4) were not designed with the new terrorist threats in mind and national practices often fall short of even these recommendations. The result is inadequate protection against the new form of terrorism. Few argue the point that national physical protection practices for nuclear and other radioactive material need to be strengthened. This article summarizes a Stanford-Salzburg plan developed by experts from Stanford University's Center for International Security and Cooperation, (USA) and revised at the EU-Physical Protection NUMAT Conference in September 2002 in Salzburg, Austria. It includes six recommended elements to consider in addition to what the IAEA is now doing to improve PP practices around the world: Establish a global list of physical protection priorities; Create a multilateral security cooperation

49 CFR 15.5 - Sensitive security information.

Science.gov (United States)

2010-10-01

... held by the Federal government concerning threats against transportation or transportation systems and..., including threat images and descriptions of threat images for threat image projection systems. (10) Security... systems operated by the Federal government that have been identified by the DOT or DHS as critical to...

An Overview of Computer security

OpenAIRE

Annam, Shireesh Reddy

2001-01-01

As more business activities are being automated and an increasing number of computers are being used to store vital and sensitive information the need for secure computer systems becomes more apparent. These systems can be achieved only through systematic design; they cannot be achieved through haphazard seat-of-the-pants methods.This paper introduces some known threats to the computer security, categorizes the threats, and analyses protection mechanisms and techniques for countering the thre...

Systems Security Engineering

Science.gov (United States)

2010-08-22

environment that contains network- borne cybersecurity threats, an argument may be made that the firewall increases overall system functionality by reserving...the number of administered devices. This approach to security analysis is at once old and new. In the early days of eCommerce , security

Future consumer mobile phone security : a case study using the data centric security model

NARCIS (Netherlands)

van Cleeff, A.

2008-01-01

In the interconnected world that we live in, traditional security barriers are broken down. Developments such as outsourcing, increased usage of mobile devices and wireless networks each cause new security problems. To address the new security threats, a number of solutions have been suggested,

75 FR 28046 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-002...

Science.gov (United States)

2010-05-19

... security, law enforcement, immigration, intelligence, or other functions consistent with the routine uses... transportation operators, flight students, and others, where appropriate, for services related to security threat.... Enforce safety- and security-related regulations and requirements; 3. Assess and distribute intelligence...

Modeling and simulation of botnet based cyber-threats

Directory of Open Access Journals (Sweden)

Kasprzyk Rafał

2017-01-01

Full Text Available The paper presents an analysis of cyber-threats, with particular emphasis on the threats resulting from botnet activity. Botnets are the most common types of threats and often perceived as crucial in terms of national security. Their classification and methods of spreading are the basis for creating cyberspace model including the presence of different types of cyber-threats. A well-designed cyberspace model enables to construct an experimental environment that allows for the analysis of botnet characteristics, testing its resistance to various events and simulation of the spread and evolution. For this purpose, dedicated platforms with capabilities and functional characteristics to meet these requirements have been proposed.

Distance Measurement Methods for Improved Insider Threat Detection

Directory of Open Access Journals (Sweden)

Owen Lo

2018-01-01

Full Text Available Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a published method of detecting insider threats and applies Hidden Markov method on a CERT data set (CERT r4.2 and analyses a number of distance vector methods (Damerau–Levenshtein Distance, Cosine Distance, and Jaccard Distance in order to detect changes of behaviour, which are shown to have success in determining different insider threats.

MEMS and MOEMS for national security applications

Science.gov (United States)

Scott, Marion W.

2003-01-01

Major opportunities for microsystem insertion into commercial applications, such as telecommunications and medical prosthesis, are well known. Less well known are applications that ensure the security of our nation, the protection of its armed forces, and the safety of its citizens. Microsystems enable entirely new possibilities to meet National Security needs, which can be classed along three lines: anticipating security needs and threats, deterring the efficacy of identified threats, and defending against the application of these threats. In each of these areas, specific products that are enabled by MEMS and MOEMS are discussed. In the area of anticipating needs and threats, sensored microsystems designed for chem/bio/nuclear threats, and sensors for border and asset protection can significantly secure our borders, ports, and transportation systems. Key features for these applications include adaptive optics and spectroscopic capabilities. Microsystems to monitor soil and water quality can be used to secure critical infrastructure, food safety can be improved by in-situ identification of pathogens, and sensored buildings can ensure the architectural safety of our homes and workplaces. A challenge to commercializing these opportunities, and thus making them available for National Security needs, is developing predictable markets and predictable technology roadmaps. The integrated circuit manufacturing industry provides an example of predictable technology maturation and market insertion, primarily due to the existence of a "unit cell" that allows volume manufacturing. It is not clear that microsystems can follow an analogous path. The possible paths to affordable low-volume production, as well as the prospects of a microsystems unit cell, are discussed.

Medical Information Security

OpenAIRE

William C. Figg, Ph.D.; Hwee Joo Kam, M.S.

2011-01-01

Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs an...

Privacy and Security in Connected Vehicles Ecosystems

Directory of Open Access Journals (Sweden)

Marius POPA

2017-01-01

Full Text Available Modern vehicles could not be figured out without Internet connections in order to provide customers a wide range of services in the vehicle: infotainment platforms, third-party support, on-board and online monitor and maintenance, business analytics for car fleets. Exposure of the vehicles to the Internet turns them into targets for viruses, worms, Trojans, DoS and lot of other threats for connected vehicle security. Beside the classic threats of the Internet exposure, other new threats are introduced by the Internet of Things (IoT new technologies that are poor regulated or undefined yet from the security point of view. Also, the large variety of the IoT technologies not being standardized yet contribute to security issues in this area of the automotive industry. This paper provides an overview of the connected vehicle environment, considering the main components of such kind of system and the main security challenges to be considered for building reliable secure online systems for connected vehicles.

Software To Secure Distributed Propulsion Simulations

Science.gov (United States)

Blaser, Tammy M.

2003-01-01

Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

A Methodology to Integrate Security and Cost-effectiveness in ATM

OpenAIRE

Matarese, Francesca; Montefusco, Patrizia; Neves, José; Rocha, André

2014-01-01

The objective of this paper is the definition of a new methodology for carrying out security risk assessment in the air traffic management (ATM) domain so as to enhance security awareness and integrate secure and cost-effective design objectives. This process is carried out by modelling the system, identifying the assets, threats and vulnerabilities, prioritizing the threats and proposing cost-effective countermeasures for the weaknesses found. ATM security is concerned with securing ATM a...

Regional Security Partners: The Potential for Collective Security

National Research Council Canada - National Science Library

Tan, Jimmy

1999-01-01

...." The threat of big power and regional conflicts has diminished. However, the security landscape is now characterized by political fragmentation, Third World chaos, failed states, and ethnic conflicts among others...

COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKS

OpenAIRE

Sumant Ku Mohapatra; Biswa Ranjan Swain; Pravanjan Das

2015-01-01

This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8- security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manage...

Operations Security (OPSEC) Guide

Science.gov (United States)

2011-04-01

Request for Proposal TAC Threat Analysis Center TECHINT Technical Intelligence TMAP Telecommunications Monitoring and Assessment Program TTP...communications security, use of secure telephones, and a robust Telecommunications Monitoring and Assessment Program ( TMAP ) prevents undetermined...and AFI 33-219, Telecommunications Monitoring and Assessment Program ( TMAP ), or Information Assurance (IA) or Communications Security (COMSEC

Development of Cyber Security Scheme for Nuclear Power Plant

Energy Technology Data Exchange (ETDEWEB)

Hong, S. B.; Choi, Y. S.; Cho, J. W. (and others)

2009-12-15

Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures.

Development of Cyber Security Scheme for Nuclear Power Plant

International Nuclear Information System (INIS)

Hong, S. B.; Choi, Y. S.; Cho, J. W.

2009-12-01

Nuclear I and C system is considered to be safe on the cyber threat because of the use of exclusive communication network and operating system. But the trend of open architecture and standardization on the equipment of I and C system, it is not safe on the cyber threat such as hacking and cyber terror. It is needed to protect nuclear I and C systems by the cyber attack, Countermeasures of the cyber security is required a lot of time and endeavors because there are many factors on the environment of cyber security and cyber attack. For the nuclear cyber security, we should make structural framework and eliminate cyber vulnerabilities by the analysis of cyber environment. The framework for the cyber security includes planning, embodiment of security technologies, security audit, security management and security maintenance. In this report, we examined IT security technology and the trend of standard in the industrial I and C system, and proposed a method to construct cyber security for the nuclear power plant. We analysed the threat of cyber security, vulnerability and cyber risk, then we present a method for the cyber security structure and the countermeasures

SYSTEMATIZATION OF INTERNATIONAL EXPERIENCE OF ENSURING ECONOMIC SECURITY OF EXACERBATION OF THE THREATS AND CHALLENGES OF A NEW TYPE FOR NATIONAL AND INTERNATIONAL SECURITY

Directory of Open Access Journals (Sweden)

Tatyana Momot

2016-11-01

Full Text Available The aim of the work is to systematize the international experience of economic security both in terms of individual countries and the global economy as a whole. Setting such a goal it is associated with the growth of globalization and integration processes in the world economy, which are the new threat of economic security. Methods. Theoretical and methodological basis of the study were research and findings on issues of economic security at the level of the world economy as a whole and individual national economies in particular. We used such general scientific and special methods, such as analysis and synthesis, comparison, generalization, adaptation. The findings led to the conclusion that the protection of national interests and the formation of an economic security strategy – the most important functions of the state, the implementation of which is impossible without a system of self-regulation mechanisms and regulation. The government should implement a set of measures to promote economic growth, and that will guarantee the economic security of the country. These measures should cover all sectors of the economy. These measures include the implementation an active structural and social policies, enhancing the activity of the state in investment, financial, monetary and foreign economic sphere, the continuation of institutional reforms. The practical significance is to separate the differences used methodological approaches to ensure the economic security of the EU member countries and the CIS. This is explained by the fact that the first group of countries is focused on standards and borrows the experience of the leading EU countries (Germany, France, and the second group, located in the zone of influence of Russia (Moldova, Ukraine, Belarus, Kazakhstan, – on the Russian developments and standards. In turn, Russia in their design focuses more on standards to ensure economic security, which have been made in the period of the Soviet

Enterprise Mac Security Mac OS X Snow Leopard Security

CERN Document Server

Edge, Stephen Charles; Hunter, Beau; Sullivan, Gene; LeBlanc, Dee-Ann

2010-01-01

A common misconception in the Mac community is that Mac's operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats. Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing s

MILITARY TRADE UNIONS: A THREAT TO NATIONAL SECURITY ...

African Journals Online (AJOL)

sacrificed at the altar of soldiers' constitutional rights to form and join trade unions .... includes a rights-based culture, a rise in individualism, a change in the acceptance of ... military leadership with the military unions that poses the greatest threat to civil– ... 10 European Organisation of Military Associations, available at ...

17 CFR 229.508 - (Item 508) Plan of distribution.

Science.gov (United States)

2010-04-01

... business function of such underwriter(s) will be to sell the securities to be registered, or that the... acquisition, reorganization, readjustment or succession, describe briefly the general effect of the plan and...

Core software security security at the source

CERN Document Server

Ransome, James

2013-01-01

First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats.-Dr. Dena Haritos Tsamitis. Carnegie Mellon UniversityIn the wake of cloud computing and mobile apps, the issue of software security has never been more importan

Security Threats in Wireless Sensor Networks

DEFF Research Database (Denmark)

Giannetsos, Athanasios

2011-01-01

Over the last few years, technological advances in the design of processors, memory, and radio communications have propelled an active interest in the area of distributed sensor networking, in which a number of independent, self-sustainable nodes collaborate to perform a large sensing task. Secur...

Modified Small Business Network Security

OpenAIRE

Md. Belayet Ali; Oveget Das; Md. Shamim Hossain

2012-01-01

This paper covers some likely threats and effectivesteps for a secure small business. It also involves a flowchart tocomprehend the overall small business network security easilyand we identify a set of security issues and applyappropriate techniques to satisfy the correspondingsecurity requirements. In respect of all, this document isstrong enough for any small business network security.

Terrorist threats of nuclear facilities

International Nuclear Information System (INIS)

Jozsef Solymosi; Jozser Ronaky; Zoltan Levai; Arpad Vincze; Laszlo Foldi

2004-01-01

More than one year has passed since the terrible terrorist attacks against the United States. The tragic event fundamentally restructured our security policy approach and made requirements of countering terrorism a top priority of the 21st century. In one year a lot of studies were published and the majority of them analyses primarily the beginnings of terrorism then focus on the interrelations of causes and consequences of the attacks against the WTC. In most of the cases the authors can only put their questions most of which have remained unanswered to date. Meanwhile, in a short while after the attacks the secret assessments of threat levels of potential targets and areas were also prepared. One of the high priority fields is the issue of nuclear, biological, and chemical security, in short NBC-security. Here and now we focus on component N, that is the assessment techniques of nuclear security in short, without aiming at completeness. Our definite objective is to make non-expert readers understand - and present a concrete example as it is done in risk analysis - the real danger-level of nuclear facilities and especially the terrorist threat. Our objective is not to give tips to terrorists but to provide them with deterring arguments and at the same time calm worried people. In our communique we give an overview of international practice of nuclear antiterrorism and of preventive nuclear protection in Hungary. (author)

New Technology's Surprising Security Threats. Building Digital Libraries

Science.gov (United States)

Huwe, Terence

2005-01-01

In recent years, security issues have increasingly come to dominate the technological development process--although still in a more reactive than proactive mode. It now seems more important than ever to monitor security trends and policy developments, especially if technology is regarded as a potential community builder. This article suggests…

Truck bomb and insider threats to nuclear facilities

International Nuclear Information System (INIS)

Hirsch, D.

1987-01-01

In the nuclear field, two the these weak links in the security chain are the truck bomb threat and the insider threat. The risks associated with terrorist use of vehicular bombs against nuclear targets surfaced (actually, resurfaced) followed the terrorist attacks on the US Embassy annex and the Marine compound in Leb Concern was expressed that similar attacks against nuclear facilities could result in substantial damage and release of radioactivity. Since the current regulations of the NRC require licensees to protect only against attacks on foot (and even then, only against very small attacking forces), shortly after the Lebanon bombings, that agency commenced an urgent rulemaking to require its licensees to protect against truck bombs. Inexplicably, that rulemaking was called off after research results indicated that the truck bomb threat to nuclear facilities was even more serious than previously thought. Even were nuclear facilities adequately protected against external attack, be the aim theft or sabotage, the greatest security risk to these sites - the threat of action by insiders - would remain. The traditional methods of protecting against the insider threat - such as the two-person rule, strict compartmentalization of vital areas, and design features that make damage to two or more redundant systems by one individual difficult - are generally expensive and have encountered substantial resistance from the nuclear industry, which has restrained the NRC from requiring them

Ontario Hydro looks at security

International Nuclear Information System (INIS)

Green, B.J.; Kee, B.

1995-01-01

Ontario Hydro operates 20 CANDU reactors on three different sites. Since 1984, a review of security arrangements on all the sites has taken place on a five-yearly basis. The review process for 1995 is outlined. The three objectives were as follows: to assess current security threats and risks to the stations; to assess the adequacy of the existing programme to protect against current threats; by comparing the security programme against those of comparable entities to establish benchmarks for good practice as a basis for improvements at Ontario Hydro. Valuable insights gained through the review are listed. These could be useful to other utilities. (UK)

WIRELESS SENSOR NETWORKS – ARCHITECTURE, SECURITY REQUIREMENTS, SECURITY THREATS AND ITS COUNTERMEASURES

OpenAIRE

Ranjit Panigrahi; Kalpana Sharma; M.K. Ghose

2013-01-01

Wireless Sensor Network (WSN) has a huge range of applications such as battlefield, surveillance, emergency rescue operation and smart home technology etc. Apart from its inherent constraints such as limited memory and energy resources, when deployed in hostile environmental conditions, the sensor nodes are vulnerable to physical capture and other security constraints. These constraints put security as a major challenge for the researchers in the field of computer networking. T...

Space Station Program threat and vulnerability analysis

Science.gov (United States)

Van Meter, Steven D.; Veatch, John D.

1987-01-01

An examination has been made of the physical security of the Space Station Program at the Kennedy Space Center in a peacetime environment, in order to furnish facility personnel with threat/vulnerability information. A risk-management approach is used to prioritize threat-target combinations that are characterized in terms of 'insiders' and 'outsiders'. Potential targets were identified and analyzed with a view to their attractiveness to an adversary, as well as to the consequentiality of the resulting damage.

A New Framework to Minimize Insider Threats in Nuclear Power Operations

Energy Technology Data Exchange (ETDEWEB)

Suh, Young A; Yim, Man-Sung [KAIST, Daejeon (Korea, Republic of)

2016-10-15

In a 2008 report, IAEA presented preventive and protective measures against such threat. These are summarized as : (1) Exclude potential insiders by identifying undesirable behavior or characteristics, which may indicate motivation, prior to allowing them access; (2) Exclude further potential insiders by identifying undesirable behavior or characteristics, which may indicate motivation, after they have access; (3) Minimize opportunities for malicious acts by limiting access, authority and knowledge, and by other measures; (4) Detect, delay and respond to malicious acts. The nuclear security risk, i.e. insider threat, has concerned continuously because the existing physical protection system is only for outsider threats. In addition, with high possibility of use of multicultural workforce in newcomers' NPPs, the detection and prediction of insider threat is a hot potato. Thus, this paper suggested a new framework for predicting and detecting the insider threat. This framework integrates the behavioral indicators, stimulus monitoring and cognitive monitoring. This framework open a chance to detect and predict the insider before commits a crime accurately. This model can be direct application to reduce the security risks in multicultural environment.

A New Framework to Minimize Insider Threats in Nuclear Power Operations

International Nuclear Information System (INIS)

Suh, Young A; Yim, Man-Sung

2016-01-01

In a 2008 report, IAEA presented preventive and protective measures against such threat. These are summarized as : (1) Exclude potential insiders by identifying undesirable behavior or characteristics, which may indicate motivation, prior to allowing them access; (2) Exclude further potential insiders by identifying undesirable behavior or characteristics, which may indicate motivation, after they have access; (3) Minimize opportunities for malicious acts by limiting access, authority and knowledge, and by other measures; (4) Detect, delay and respond to malicious acts. The nuclear security risk, i.e. insider threat, has concerned continuously because the existing physical protection system is only for outsider threats. In addition, with high possibility of use of multicultural workforce in newcomers' NPPs, the detection and prediction of insider threat is a hot potato. Thus, this paper suggested a new framework for predicting and detecting the insider threat. This framework integrates the behavioral indicators, stimulus monitoring and cognitive monitoring. This framework open a chance to detect and predict the insider before commits a crime accurately. This model can be direct application to reduce the security risks in multicultural environment

Information Security Risk Assessment in Hospitals.

Science.gov (United States)

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

Security risks associated with radio frequency identification in medical environments.

Science.gov (United States)

Hawrylak, Peter J; Schimke, Nakeisha; Hale, John; Papa, Mauricio

2012-12-01

Radio frequency identification (RFID) is a form of wireless communication that is used to identify assets and people. RFID has significant benefits to the medical environment. However, serious security threats are present in RFID systems that must be addressed in a medical environment. Of particular interest are threats to patient privacy and safety based on interception of messages, interruption of communication, modification of data, and fabrication of messages and devices. This paper presents an overview of these security threats present in RFID systems in a medical environment and provides guidance on potential solutions to these threats. This paper provides a roadmap for researchers and implementers to address the security issues facing RFID in the medical space.

10 CFR 95.33 - Security education.

Science.gov (United States)

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

Defense against Insider Threat: a Framework for Gathering Goal-based Requirements

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; van Eck, Pascal

2006-01-01

Insider threat is becoming comparable to outsider threat in frequency of security events. This is a very worrying situation, as insider attacks have a high probability of success because insiders have authorized access and legitimate privileges. As a result, organizations can suffer financial losses

Auditing Organizational Security

Science.gov (United States)

2017-01-01

Organi- zation for Standardiza- tion ( ISO ): ISO 27000 : Information Systems Se- curity Management. A robust program of internal auditing of a...improvement is the basis and underpinning of the ISO . All processes must be considered ongoing and never at an “end state.” Top management develops a...security management system, including security policies and security objectives, plus threats and risks. Orga- nizations already working with ISO 9000

Security analysis of cyber-physical system

Science.gov (United States)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

The Current State of the International Security System

OpenAIRE

Ивашов, Леонид Григорьевич

2013-01-01

The author examines the modern geopolitical world and assesses the threats to Russia’s security. These threats are demonstrated to be hitched to the goals of the US National Strategy and, in particular, to the US plans on deployment of anti-ballistic missile system. The author argues that in this situation the mainstay of Russia’s foreign policy should become “security through cooperation.”Key words: international security, anti-ballistic missile, preemptive war, geopolitical centers, UN Secu...

Security of highly radioactive sources in Nepal

International Nuclear Information System (INIS)

Shrestha, Kamal K.

2010-01-01

Subsequent to 9/11, concerned countries and UN agencies have taken especial interest in the security of highly radioactive sources throughout the world. The IAEA Nuclear Security Plan (2006-2009) consequently made as a result of UN Security Council Resolution 1540 is binding to all States. The Global Threat Reduction Initiative (GTRI) of the US and the Global Threat Reduction Programme (GTRP) of UK have assisted the four hospitals in Nepal having more than 1,000 Curies of radioactivity in their Cobalt-60 sources used for teletherapy. The physical upgrade of the security of the nuclear materials has also been launched in Nepal for prevention of theft with malicious intention or threats. In this presentation, the radioisotopes in Nepal that comes under different categories according to TECDOC-1355 of IAEA will be described. Problems and issues regarding the security and protection of radioactive sources at hospitals, academic and research institutions that could be prevalent in many developing counties too will be discussed by taking a case study of one of the cancer hospitals in Kathmandu valley. (author)

Terrorism and global security: The nuclear threat

International Nuclear Information System (INIS)

Beres, L.R.

1987-01-01

In the seven years since this book was first published, the threat of nuclear terrorism has increased dramatically. The enormous destructive potential of nuclear technology inevitably raises the specter of the use of nuclear explosives or radioactivity by insurgent groups. The author explores the political bases of terrorism by considering the factors that might foster nuclear terrorism, the forms it could take, and the probable consequences of such acts. New to this edition is the author's examination of the essential distinctions between lawful insurgencies and terrorism, as well as his analysis of the impact of recent U.S. foreign policy. The author explores the United State's all-consuming rivalry with the Soviet Union, arguing that it has created an atmosphere ripe for anti-U.S. terrorism and that the only viable option for the super-powers is cooperation in an effort to control terrorist activities. He also discusses the ''Reagan doctrine,'' which he believes has increased the long-term threat of nuclear terrorism against the U.S. by its continuing support of authoritarian regimes and by its active opposition to Marxist regimes such as those in Nicaragua and Angola. The book concludes by presenting the first coherent strategy for countering nuclear terrorism-embracing both technological and behavioral measures. The proposal includes policies for deterrence and situation management on national and international scales and emphasizes the logic of a major reshaping of world order

Global threat reduction initiative (GTRI)

International Nuclear Information System (INIS)

Chamberlain, Travis

2009-01-01

The Global Threat Reduction Initiative (GTRI) is a vital part of the global efforts to combat nuclear terrorism. GTRI's unique mission to reduce and protect vulnerable nuclear and radiological material located at civilian sites both in the United States and abroad directly addresses recommendations of the bipartisan 9/11 Commission. GTRI efforts are focused on the first line of defense, namely securing or removing vulnerable nuclear and radiological material at the source. The international community has promulgated guidance on the best practice on the technical and administrative aspects of radiological source security, and the GTRI seeks to provide technical assistance to national bodies and individual facilities to adopt this best practice. This presentation will discuss security concepts that are implemented by the GTRI in cooperation with the Australian Nuclear Science and Technology Organization's Regional Security of Radioactive Sources Project. (author)

SPCC- Software Elements for Security Partition Communication Controller

Science.gov (United States)

Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.

2016-08-01

Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.

Materials for the information security education

International Nuclear Information System (INIS)

Yashiro, Shigeo; Aoki, Kazuhisa; Sato, Tomohiko; Tanji, Kazuhiro

2014-01-01

With the rapid progress of the utilization of Information Technology (IT), IT infrastructure (network environment and information system) became crucial as a lifeline for promoting business. At the same time, changes in the circumstances surrounding the IT infrastructure globalize the threat of cyber attacks and increase the risk of the information security such as unlawful access to an information system, viral infection, an alteration of a website, disclosure of subtlety information, destruction of an information system and so on. Information security measure is an important issue in Japan Atomic Energy Agency (JAEA). In order to protect the information property of JAEA from the threat, Center for Computational Science and e-Systems (CCSE) has been taking triadic measures for information security: (1) to lay down a set of information security rules, (2) to introduce security equipments to backbone network and (3) to provide information security education. This report is a summary of the contents of the information security education by e-learning. (author)

Security challenges for virtualization in cloud

International Nuclear Information System (INIS)

Tayab, A.

2015-01-01

Virtualization is a model that is vastly growing in IT industry. Virtualization provides more than one logical resource in one single physical machine. Infrastructure use cloud services and on behalf of virtualization, cloud computing is also a rapidly growing model of IT industry. Cloud provider and cloud user, both remain ignorant of each other's security. Since virtualization and cloud computing are rapidly expanding and becoming more and more complex in infrastructure, more security is required to protect them from potential attacks and security threats. Virtualization provides various benefits in terms of hardware utilization, resources protection, remote access and other resources. This paper intends to discuss the common exploits of security uses in the virtualized environment and focuses on the security threats from the attacker's perspective. This paper discuss the major areas of virtualized model environment and also address the security concerns. And finally presents a solution for secure valorization in IT infrastructure and to protect inter communication of virtual machines. (author)

Teaching RFID Information Systems Security

Science.gov (United States)

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Securing Chinese nuclear power development: further strengthening nuclear security

International Nuclear Information System (INIS)

Zhang Hui

2014-01-01

Chinese President Xi Jinping addresses China's new concept of nuclear security with four 'equal emphasis' at the third Nuclear Security Summit, and makes four commitments to strengthen nuclear security in the future. To convert President Xi's political commitments into practical, sustainable reality, China should take further steps to install a complete, reliable, and effective security system to ensure that all its nuclear materials and nuclear facilities are effectively protected against the full spectrum of plausible terrorist and criminal threats. This paper suggests the following measures be taken to improve China's existing nuclear security system, including updating and clarifying the requirements for a national level DBT; updating and enforcing existing regulations; further promoting nuclear security culture; balancing the costs of nuclear security, and further strengthening international cooperation on nuclear security. (author)

Computer Security: Security operations at CERN (4/4)

CERN Document Server

CERN. Geneva

2012-01-01

Stefan Lueders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and infrastructure control systems against cyber-threats. Subsequently, he joined the CERN Computer Security Incident Response Team and is today heading this team as CERN's Computer Security Officer with the mandate to coordinate all aspects of CERN's computer security --- office computing security, computer centre security, GRID computing security and control system security --- whilst taking into account CERN's operational needs. Dr. Lueders has presented on these topics at many different occasions to international bodies, governments, and companies, and published several articles. With the prevalence of modern information technologies and...

Use of computer programs to evaluate effectiveness of security systems

International Nuclear Information System (INIS)

Harris, L. Jr.; Goldman, L.A.; Mc Daniel, T.L.

1987-01-01

Thirty or more computer programs for security vulnerability analysis were developed from 1975 through 1980. Most of these programs are intended for evaluating security system effectiveness against outsider threats, but at least six programs are primarily oriented to insider threats. Some strengths and weaknesses of these programs are described. Six of these programs, four for outsider threats and two for insider threats, have been revised and adapted for use with IBM personal computers. The vulnerability analysis process is discussed with emphasis on data collection. The difference between design data and operational data is described. For performance-type operational data, such as detection probabilities and barrier delay times, the difference between unstressed and stressed performance data is discussed. Stressed performance data correspond to situations where an adversary attempts to weaken a security system by mitigating certain security measures. Suggestions are made on the combined use of manual analysis and computer analysis

Mobile Device Security: Perspectives of Future Healthcare Workers.

Science.gov (United States)

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients' protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students' perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants' perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority.

VoIP Security

OpenAIRE

Fontanini, Piero

2008-01-01

VOIP or Voice Over Internet Protocol is a common term for phone service over IP based networks. There are much information about VoIP and some of how VoIP can be secured. There is however no standard for VoIP and no general solution for VoIP Security. The security in VoIP systems today are often non existing or in best case weak and often based on proprietary solutions. This master thesis investigates threats to VoIP system and describes existing alternatives for securing Vo...

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

Science.gov (United States)

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

Cyber threats to health information systems: A systematic review.

Science.gov (United States)

Luna, Raul; Rhine, Emily; Myhra, Matthew; Sullivan, Ross; Kruse, Clemens Scott

2016-01-01

Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

Promoting nuclear security: What the IAEA is doing. The Agency is implementing a comprehensive programme aimed at stemming the threat of nuclear terrorism

International Nuclear Information System (INIS)

2003-01-01

The threat to public safety and security posed by some form of nuclear terrorism is not new. But in the wake of recent highly organized terrorist attacks in Kenya, Tanzania, the US, Indonesia, Saudi Arabia, Morocco and numerous other nations, the international community has come to recognize that new and stronger measures must be taken to protect against and prepare for a diverse range of terrorist scenarios. Given the multiplicity of targets and scenarios for terrorists, States must consider a comprehensive approach to combating nuclear terrorism. Among the key priorities: Adequate physical protection of all nuclear materials, radioactive materials and facilities plus transport systems; Proper regulatory control of nuclear and radioactive material; Effective detection and interdiction of illicit trafficking in nuclear and radioactive materials; Integration of nuclear safety and security systems for maximum benefits; and Readiness for implementing emergency response plans. The IAEA is assisting its Member States with these challenges in many ways. Through well-established activities, the Agency has been heavily involved in providing assistance and technical support to States in all these areas. The IAEA has established several advisory services to help Member States to assess the effectiveness and the need for improvement of their national physical oversight systems. The IAEA provides peer reviews in related areas such as regulatory or control infrastructures, and also supplies expert technical advice on the required upgrades. Several of these specialized services aim directly at protecting against terrorist threats. The International Nuclear Security Advisory Service is a new initiative that is providing specialized services promoting enhanced nuclear security. The International SSAC Advisory Service (ISSAS) is another new initiative providing advice to Member States in strengthening their SSAC. The IAEA also offers the EPREV (Emergency Preparedness REView

Argumentation-Based Security Requirements Elicitation: The Next Round

NARCIS (Netherlands)

Ionita, Dan; Bullee, Jan-Willem; Wieringa, Roelf J.

2014-01-01

Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of

Securing the Vista Environment

CERN Document Server

Gregory, Peter

2007-01-01

"Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclo

Preparing the Virtual Battlefield for War: A Cyber Threat "Survival Kit" for Commanders

National Research Council Canada - National Science Library

Moore, Carol

2004-01-01

.... The process presented in this paper merges the structured approach of the IPB with the software/network security community's "Security Threat Modeling" approach into a new process called Intelligence...

Analyzing Cyber-Physical Threats on Robotic Platforms

OpenAIRE

Khalil M. Ahmad Yousef; Anas AlMajali; Salah Abu Ghalyon; Waleed Dweik; Bassam J. Mohd

2018-01-01

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastat...

Examining the Relationship of Business Operations and the Information Security Culture in the United States

Science.gov (United States)

Wynn, Cynthia L.

2017-01-01

An increase in information technology has caused and increased in threats towards information security. Threats are malware, viruses, sabotage from employees, and hacking into computer systems. Organizations have to find new ways to combat vulnerabilities and threats of internal and external threats to protect their information security and…

75 FR 9919 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Science.gov (United States)

2010-03-04

... operating under a security program, and all-cargo carriers. These five categories are: security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), cargo... Verification Form, Aircraft Operator or Air Carrier Reporting Template, Security Threat Assessment Application...

Planning a radar system for protection from the airborne threat

International Nuclear Information System (INIS)

Greneker, E.F.; McGee, M.C.

1986-01-01

A planning methodology for developing a radar system to protect nuclear materials facilities from the airborne threat is presented. Planning for physical security to counter the airborne threat is becoming even more important because hostile acts by terrorists are increasing and airborne platforms that can be used to bypass physical barriers are readily available. The comprehensive system planning process includes threat and facility surveys, defense hardening, analysis of detection and early warning requirements, optimization of sensor mix and placement, and system implementation considerations

Portunes: analyzing multi-domain insider threats

NARCIS (Netherlands)

Dimkov, T.; Pieters, Wolter; Hartel, Pieter H.

2010-01-01

The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides,

The Millennial generation as an insider threat: high risk or overhyped?

OpenAIRE

Fisher, David J.

2015-01-01

Approved for public release; distribution is unlimited Cyber security experts agree that insider threats are and will continue to be a threat to every organization. These threats come from trusted co-workers who, for one reason or another, betray their organizations and steal data, disrupt information systems, or corrupt the data. Millennials are commonly thought of as entitled, high maintenance, and less trustworthy than the older generations; in other words, they have personality traits ...

Junos Security

CERN Document Server

Cameron, Rob; Giecco, Patricio; Eberhard, Timothy; Quinn, James

2010-01-01

Junos® Security is the complete and authorized introduction to the new Juniper Networks SRX hardware series. This book not only provides a practical, hands-on field guide to deploying, configuring, and operating SRX, it also serves as a reference to help you prepare for any of the Junos Security Certification examinations offered by Juniper Networks. Network administrators and security professionals will learn how to use SRX Junos services gateways to address an array of enterprise data network requirements -- including IP routing, intrusion detection, attack mitigation, unified threat manag

Making Technology Work for Campus Security

Science.gov (United States)

Floreno, Jeff; Keil, Brad

2010-01-01

The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…

A Case Study on E - Banking Security – When Security Becomes Too Sophisticated for the User to Access Their Information

OpenAIRE

Aaron M. French

2012-01-01

While eBanking security continues to increase in sophistication to protect against threats, the usability of the eBanking decreases resulting in poor security behaviors by the users. The current research evaluates se curity risks and measures taken for eBanking solutions. A case study is presented describing how increased complexity decreases vulnerabilities online but increases vulnerabilities from internal threats and eBanking users

Novel data visualizations of X-ray data for aviation security applications using the Open Threat Assessment Platform (OTAP)

Science.gov (United States)

Gittinger, Jaxon M.; Jimenez, Edward S.; Holswade, Erica A.; Nunna, Rahul S.

2017-02-01

This work will demonstrate the implementation of a traditional and non-traditional visualization of x-ray images for aviation security applications that will be feasible with open system architecture initiatives such as the Open Threat Assessment Platform (OTAP). Anomalies of interest to aviation security are fluid, where characteristic signals of anomalies of interest can evolve rapidly. OTAP is a limited scope open architecture baggage screening prototype that intends to allow 3rd-party vendors to develop and easily implement, integrate, and deploy detection algorithms and specialized hardware on a field deployable screening technology [13]. In this study, stereoscopic images were created using an unmodified, field-deployed system and rendered on the Oculus Rift, a commercial virtual reality video gaming headset. The example described in this work is not dependent on the Oculus Rift, and is possible using any comparable hardware configuration capable of rendering stereoscopic images. The depth information provided from viewing the images will aid in the detection of characteristic signals from anomalies of interest. If successful, OTAP has the potential to allow for aviation security to become more fluid in its adaptation to the evolution of anomalies of interest. This work demonstrates one example that is easily implemented using the OTAP platform, that could lead to the future generation of ATR algorithms and data visualization approaches.

Critical Perspective on ASEAN's Security Policy Under ASEAN Political and Security Community

Directory of Open Access Journals (Sweden)

Irawan Jati

2016-03-01

Full Text Available   Despite economic integration challenges, ASEAN faces greater security challenges. It is obvious to assert that a stable economic development requires a secure regional atmosphere. The most probable threats against ASEAN are ranging from hostile foreign entities infiltration, intra and inter states disputes, radical religious movements, human trafficking, drugs and narcotics smuggling, cybercrimes and environmental disasters. In 2009, ASEAN established the ASEAN Political and Security Community as the umbrella of ASEAN’s political and security initiatives. APSC slots in some significant fora; ASEAN Intergovernmental Commission on Human Rights (AICHR, ASEAN Foreign Ministers Meeting (AMM,  ASEAN Regional Forum (ARF, ASEAN Defense Minister’s Meeting (ADMM, ASEAN Law Ministers Meeting (ALAWMM, and ASEAN Ministerial Meeting on Transnational Crimes (AMMTC. The wide array of these forums signify ASEAN efforts to confront double features of security; the traditional and nontraditional or critical security. The traditional security considers state security as the primary object security. While the critical security tends to focus on non-state aspects such as individual human being as its referent object. Even though some argue that APSC has been able to preserve the stability in the region, it still lack of confidence in solving critical issues such as territorial disputes and irregular migrants problems.Therefore, this piece would examine the fundamental questions: How does ASEAN address beyond state security issues in its security policy through APSC? To search for the answer this paper would apply critical security studies approach. Critical security posits that threats are not always for the states but in many cases for the people. Based on the examination of ASEAN security policies, this paper argues that ASEAN’s security policy has touched the non-traditional security issues but showing slow progress on its development and application. 

Including threat actor capability and motivation in risk assessment for Smart GRIDs

NARCIS (Netherlands)

Rossebo, J.E.Y.; Fransen, F.; Luiijf, H.A.M.

2016-01-01

The SEGRID (Security for Smart Electricity GRIDs) collaboration project, funded by the EU under the FP7 program investigates risk assessment methodologies and their possible need for enhancement. In this paper we discuss the need to include threat actor analysis in threat, vulnerability and risk

Taking Steps to Protect Against the Insider Threat

Energy Technology Data Exchange (ETDEWEB)

Pope, Noah Gale [Los Alamos National Lab. (LANL), Los Alamos, NM (United States); Williams, Martha [Tetra Tech HEI; Powell, TN (United States); Lewis, Joel [Gregg Protection Services; Lynchburg, VA (United States); Pham, Thomas [United States Nuclear Regulatory Commission; CHattanooga, TN (United States)

2015-10-16

Research reactors are required (in accordance with the Safeguards Agreement between the State and the IAEA) to maintain a system of nuclear material accounting and control for reporting quantities of nuclear material received, shipped, and held on inventory. Enhancements to the existing accounting and control system can be made at little additional cost to the facility, and these enhancements can make nuclear material accounting and control useful for nuclear security. In particular, nuclear material accounting and control measures can be useful in protecting against an insider who is intent on unauthorized removal or misuse of nuclear material or misuse of equipment. An enhanced nuclear material accounting and control system that responds to nuclear security is described in NSS-25G, Use of Nuclear Material Accounting and Control for Nuclear Security Purposes at Facilities, which is scheduled for distribution by the IAEA Department of Nuclear Security later this year. Accounting and control measures that respond to the insider threat are also described in NSS-33, Establishing a System for Control of Nuclear Material for Nuclear Security Purposes at a Facility During Storage, Use and Movement, and in NSS-41, Preventive and Protective Measures against Insider Threats (originally issued as NSS-08), which are available in draft form. This paper describes enhancements to existing material control and accounting systems that are specific to research reactors, and shows how they are important to nuclear security and protecting against an insider.

Early Warnings of Cyber Threats in Online Discussions

OpenAIRE

Sapienza, Anna; Bessi, Alessandro; Damodaran, Saranya; Shakarian, Paulo; Lerman, Kristina; Ferrara, Emilio

2018-01-01

We introduce a system for automatically generating warnings of imminent or current cyber-threats. Our system leverages the communication of malicious actors on the darkweb, as well as activity of cyber security experts on social media platforms like Twitter. In a time period between September, 2016 and January, 2017, our method generated 661 alerts of which about 84% were relevant to current or imminent cyber-threats. In the paper, we first illustrate the rationale and workflow of our system,...

Big data, little security: Addressing security issues in your platform

Science.gov (United States)

Macklin, Thomas; Mathews, Joseph

2017-05-01

This paper describes some patterns for information security problems that consistently emerge among traditional enterprise networks and applications, both with respect to cyber threats and data sensitivity. We draw upon cases from qualitative studies and interviews of system developers, network operators, and certifiers of military applications. Specifically, the problems discussed involve sensitivity of data aggregates, training efficacy, and security decision support in the human machine interface. While proven techniques can address many enterprise security challenges, we provide additional recommendations on how to further improve overall security posture, and suggest additional research thrusts to address areas where known gaps remain.

Southwest Hispanic Community -- The Absence of Homeland Security Threats

Science.gov (United States)

2012-12-01

or insurgent threats unique to that community are revealed. A mixed method research methodology using components of “ ethnography ,” along with other... qualitative analysis methods, will be utilized. Ethnography includes both quantitative and qualitative methods to determine the sociocultural contexts...1 B. RESEARCH QUESTIONS .............................................................................4

Surveillance and threat detection prevention versus mitigation

CERN Document Server

Kirchner, Richard

2014-01-01

Surveillance and Threat Detection offers readers a complete understanding of the terrorist/criminal cycle, and how to interrupt that cycle to prevent an attack. Terrorists and criminals often rely on pre-attack and pre-operational planning and surveillance activities that can last a period of weeks, months, or even years. Identifying and disrupting this surveillance is key to prevention of attacks. The systematic capture of suspicious events and the correlation of those events can reveal terrorist or criminal surveillance, allowing security professionals to employ appropriate countermeasures and identify the steps needed to apprehend the perpetrators. The results will dramatically increase the probability of prevention while streamlining protection assets and costs. Readers of Surveillance and Threat Detection will draw from real-world case studies that apply to their real-world security responsibilities. Ultimately, readers will come away with an understanding of how surveillance detection at a high-value, f...

Mobile Phone Security and Forensics A Practical Approach

CERN Document Server

Androulidakis, Iosif I

2012-01-01

Mobile Phone Security and Forensics provides both theoretical and practical background of security and forensics for mobile phones. The author discusses confidentiality, integrity, and availability threats in mobile telephones to provide background for the rest of the book. Security and secrets of mobile phones are discussed including software and hardware interception, fraud and other malicious techniques used “against” users. The purpose of this book is to raise user awareness in regards to security and privacy threats present in the use of mobile phones while readers will also learn where forensics data reside in the mobile phone and the network and how to conduct a relevant analysis.

Web security a whitehat perspective

CERN Document Server

Wu, Hanqing

2015-01-01

MY VIEW OF THE SECURITY WORLDView of the IT Security WorldBrief History of Web SecurityBrief History of Chinese HackersDevelopment Process of Hacking TechniquesRise of Web SecurityBlack Hat, White HatBack to Nature: The Essence of Secret SecuritySuperstition: There Is No Silver BulletSecurity Is an Ongoing ProcessSecurity ElementsHow to Implement Safety AssessmentAsset ClassificationThreat AnalysisRisk AnalysisDesign of Security ProgramsArt of War of White HatPrinciples of Secure by DefaultBlacklist, WhitelistPrinciple of Least PrivilegePrinciple of Defense in DepthPrinciples of Data and Code

Principles of Security Vulnerability Analysis of stationary industrial installations

International Nuclear Information System (INIS)

Borysiewicz, M.

2006-01-01

Security and safety have been key priorities at facilities that manufacture, store, use, or handle hazardous chemicals, after the terrorist attacks on the United States of September 11, 2001. Security improvements may be needed, especially at sites that pose a more attractive target to terrorists due to their economic importance, perceived level of consequences, and other factors. The first step in the process of managing security risks is to identify and analyze the threats and the vulnerabilities facing a facility by conducting a Security Vulnerability Analysis (SVA). The SVA is a systematic process that evaluates the likelihood that a threat against a facility will be successful. It considers the potential severity of consequences to the facility itself, to the surrounding community and on the energy supply chain. The objective of conducting a SVA is to identify security hazards, threats, and vulnerabilities facing a facility, and to evaluate the countermeasures to provide for the protection of the public, workers, national interests, the environment, and the company. With this information security risks can be assessed and strategies can be formed to reduce vulnerabilities as required. SVA is a tool to assist management in making decisions on the need for countermeasures to address the threats and vulnerabilities. The paper provides an overview of fundamental steps of SVA for stationary industrial installations. (author)

A methodology for performing computer security reviews

International Nuclear Information System (INIS)

Hunteman, W.J.

1991-01-01

DOE Order 5637.1, ''Classified Computer Security,'' requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, we have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system. 1 tab

A methodology for performing computer security reviews

International Nuclear Information System (INIS)

Hunteman, W.J.

1991-01-01

This paper reports on DIE Order 5637.1, Classified Computer Security, which requires regular reviews of the computer security activities for an ADP system and for a site. Based on experiences gained in the Los Alamos computer security program through interactions with DOE facilities, the authors have developed a methodology to aid a site or security officer in performing a comprehensive computer security review. The methodology is designed to aid a reviewer in defining goals of the review (e.g., preparation for inspection), determining security requirements based on DOE policies, determining threats/vulnerabilities based on DOE and local threat guidance, and identifying critical system components to be reviewed. Application of the methodology will result in review procedures and checklists oriented to the review goals, the target system, and DOE policy requirements. The review methodology can be used to prepare for an audit or inspection and as a periodic self-check tool to determine the status of the computer security program for a site or specific ADP system

Chinese Perceptions of Traditional and Nontraditional Security Threats

Science.gov (United States)

2007-03-01

will not be challenged.) For example, during a speech in Singapore in June 2005, the U.S. Secretary of Defense Donald Rumsfeld expressed the belief ...right answer. The individual is paramount and is in control of events around him. Easterners, on the other hand, products of the teachings of Taoism ...seen as American scholars who refute the China threat theory. Their belief in power politics supports the perception that America’s goal is hegemony

Security in Logistics

Science.gov (United States)

Cempírek, Václav; Nachtigall, Petr; Široký, Jaromír

2016-12-01

This paper deals with security of logistic chains according to incorrect declaration of transported goods, fraudulent transport and forwarding companies and possible threats caused by political influences. The main goal of this paper is to highlight possible logistic costs increase due to these fraudulent threats. An analysis of technological processes will beis provided, and an increase of these transport times considering the possible threatswhich will beis evaluated economic costs-wise. In the conclusion, possible threat of companies'` efficiency in logistics due to the costs`, means of transport and increase in human resources` increase will beare pointed out.

Energy security issues at household level in India

International Nuclear Information System (INIS)

Jain, Garima

2010-01-01

Energy security at the household level implies ensuring assured and regular supply of clean energy fuels at an affordable price for various household activities. Threat to physical availability of clean energy fuels for cooking and lighting is determined through various indicators such as dependence on traditional fuels and limited access to clean fuels. Energy insecurity translates into various adverse social impacts. Financial threat to energy security is indicated by expenses incurred on energy fuels and affordability of clean fuels. Households spend a major portion of their income on acquiring energy fuels; however, due to high price of clean fuels, they continue to depend on traditional and inefficient fuels. There is an urgent need to address factors that pose a threat to energy security at the household level. In this regard, measures taken by the government agencies and other institutions are also reviewed. The paper also suggests the regulatory and policy interventions required to address the energy security issues at the household level.

Finding Security Patterns to Countermeasure Software Vulnerabilities

OpenAIRE

Borstad, Ole Gunnar

2008-01-01

Software security is an increasingly important part of software development as the risk from attackers is constantly evolving through increased exposure, threats and economic impact of security breaches. Emerging security literature describes expert knowledge such as secure development best practices. This knowledge is often not applied by software developers because they lack security awareness, security training and secure development methods and tools. Existing methods and tools require to...

Threats Management Throughout the Software Service Life-Cycle

Directory of Open Access Journals (Sweden)

Erlend Andreas Gjære

2014-04-01

Full Text Available Software services are inevitably exposed to a fluctuating threat picture. Unfortunately, not all threats can be handled only with preventive measures during design and development, but also require adaptive mitigations at runtime. In this paper we describe an approach where we model composite services and threats together, which allows us to create preventive measures at design-time. At runtime, our specification also allows the service runtime environment (SRE to receive alerts about active threats that we have not handled, and react to these automatically through adaptation of the composite service. A goal-oriented security requirements modelling tool is used to model business-level threats and analyse how they may impact goals. A process flow modelling tool, utilising Business Process Model and Notation (BPMN and standard error boundary events, allows us to define how threats should be responded to during service execution on a technical level. Throughout the software life-cycle, we maintain threats in a centralised threat repository. Re-use of these threats extends further into monitoring alerts being distributed through a cloud-based messaging service. To demonstrate our approach in practice, we have developed a proof-of-concept service for the Air Traffic Management (ATM domain. In addition to the design-time activities, we show how this composite service duly adapts itself when a service component is exposed to a threat at runtime.

Ethnicity: A threat to Nigeria's security and development | Nweke ...

African Journals Online (AJOL)

The negative implications of ethnicity to national security and development are enormous. This paper interrogates ethnicity as the major hindrance to Nigeria.s security and development. The paper unveils the role of the constitution of the Federal Republic of Nigeria in strengthening ethnicity and calls for a constitutional ...

BUILDING UP STATE STRATEGIC RESISTANCE AGAINST HYBRID THREATS

Directory of Open Access Journals (Sweden)

Miroslaw Banasik

2017-11-01

Full Text Available Hybrid warfare, conducted in Ukraine since 2014, has become a new geopolitical phenomenon which threatens the Euro-Atlantic security that appeared after the collapse of the bipolar world. The paper discusses how the Russian Federation takes advantage of hybrid warfare to achieve its political objectives and to further its own interests. The paper also contains an assessment of the threat of hybrid warfare in Poland and determines what undertakings are necessary to effectively counter threats coming from Russia.

Policing cyber hate, cyber threat and cyber terrorism

OpenAIRE

Chambers-Jones, C.

2013-01-01

In late August 2012 the Government Forum of Incident Response and Cyber security Teams (GFIRST) gathered in Atlanta to discuss cyber threats and how new realities are emerging and how new forms of regulation are needed. At the same time Policing cyber hate, cyber threat and cyber terrorism was published. This comprehensive book brings together a divergent problem and tackles each with a candid exploration. The book has ten chapters and covers aspects such as extortion via the internet, the ps...

A Move in the Security Measurement Stalemate: Elo-Style Ratings to Quantify Vulnerability

DEFF Research Database (Denmark)

Pieters, Wolter; van der Ven, Sanne H.G.; Probst, Christian W.

2012-01-01

One of the big problems of risk assessment in information security is the quantification of risk-related properties, such as vulnerability. Vulnerability expresses the likelihood that a threat agent acting against an asset will cause impact, for example, the likelihood that an attacker will be ab...... to its application to children solving math problems. It provides an innovative and sound way to quantify vulnerability in models of (information) security.......One of the big problems of risk assessment in information security is the quantification of risk-related properties, such as vulnerability. Vulnerability expresses the likelihood that a threat agent acting against an asset will cause impact, for example, the likelihood that an attacker will be able......-interprets security from the field of Item Response Theory. By observing the success of threat agents against assets, one can rate the strength of threats and controls, and predict the vulnerability of systems to particular threats. The application of Item Response Theory to the field of risk is new, but analogous...

Nuclear theft and sabotage. Priorities for reducing new threats

International Nuclear Information System (INIS)

Bunn, Matthew; Bunn, George

2001-01-01

The appalling attacks of 11 September 2001 in the United States make clear that the threat of large, well-organized global terrorist groups bent on causing mass destruction is not hypothetical but real. The attackers achieved horrifying destruction with box-cutters. The results could have been even more horrific if the attackers would have had access to, and used, weapons of mass destruction. Ensuring that technologies and materials for weapons of mass destruction - especially weapons-usable nuclear materials, whose acquisition is the most difficult part of making a nuclear bomb - do not fall into the hands of terrorist groups or hostile States must be a central element of the coming global effort to prevent catastrophic terrorism. At the same time, nuclear facilities and materials - along with a wide range of other especially hazardous facilities and materials must be protected from mass-consequence sabotage. Securing these materials and facilities must be a top priority on the international agenda - pursued at every opportunity, at every level of authority, until the job is done. At the same time, the threats against which we must defend have to be fundamentally reconsidered. On 11 September, the threat revealed itself to be bigger, smarter, better organized, and more deadly than the threats most of the world's security systems were designed to defend against. We must ensure that our defensive response is every bit as intelligent and capable as the September attackers. And we may have to rethink some of the approaches to nuclear energy that the world has been pursuing or contemplating. Every reasonable effort must be made to ensure that nuclear materials and facilities are effectively secured. In the past, many scenarios with enormously high consequences were dismissed as too unlikely to contribute much to overall risk - but now many of these probability estimates will have to be revised. A far-reaching new effort is needed to strengthen security for nuclear

Security and SCADA protocols

International Nuclear Information System (INIS)

Igure, V. M.; Williams, R. D.

2006-01-01

Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview of security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)

Human trafficking as a threat for the security of member states of EU

Directory of Open Access Journals (Sweden)

Mirela Kapo

2017-07-01

Full Text Available The topic “Trafficking of human beings” as subject to advanced studies has been chosen due to a growing interest linked with the phenomenon in question. The study introduces a legal criminal overview of the criminal activity consisted of the recruitment, transport, transfer or reception of persons by means of force or forms of fraud for exploitation purposes. Human trafficking represents a threat for the security of member states. The trend to penetrate to all spheres of the society has obliged the European states to draft a new directive reflecting the growing concern about the phenomenon in question, by respecting human rights in accordance with the legal framework under the United Nations, International Labor Organization (ILO, and Council of Europe etc. The new European priorities aim at victims’ identification, their protection and prevention of the phenomenon and more intense criminal prosecution of traffickers. With the view of fully developing this topic, the outline consists of four chapters preceded by a historical background of human trafficking. Special importance in this study, specifically in the second chapter, is attached to the assistance and protection of the victims of human trafficking. It is crucial that these victims exercise their rights effectively. Therefore, the European directives foresee assistance and support before, after and during the criminal proceeding. The third chapter refers to the relevant legal mechanisms in this field assuring the victims of trafficking legal defense, the right to information and their social, psychological and physical recovery. One of the “key” legal instruments is the Palermo Convention, which gives for the first time a detailed definition of the term of trafficking and smuggling and makes the differences between them. All legal instruments converge to one point: the consent of the human trafficking victim is not important when it is used any of the means of force, threat

Organized Crime and National Security: The Albanian Case

National Research Council Canada - National Science Library

Gjoni, Ilir

2004-01-01

.... This thesis proceeds from the premise that organized en me constitutes a threat to democracy, in particular a serious threat to new democracies and subsequently to the national security of the country...

Security and Network Operations [video

OpenAIRE

Myrick, Matthew

2012-01-01

Senior Security Engineer, Matthew Myrick discusses the current cyber threats that we are all facing, the five W's (who, what, when, where, and how) of cyber security, past and present cyber-attack trends, and ways you can help protect yourself and your enterprise from cyber-attack.

Engineering security agreements against external insider threat

NARCIS (Netherlands)

Nunes Leal Franqueira, V.; van Cleeff, A.; van Eck, Pascal; Wieringa, Roelf J.

2013-01-01

Companies are increasingly engaging in complex inter-organisational networks of business and trading part- ners, service and managed security providers to run their operations. Therefore, it is now common to outsource critical business processes and to completely move IT resources to the custody of

Nuclear material facilities - security systems and technology R and D trends

International Nuclear Information System (INIS)

Ellis, D.; Steele, B.

2002-01-01

Full text: In the US, physical security research and development (R and D) during the 1970s and 1980s created a body of technology and systems engineering that largely defined the industry for several decades. However, despite today's terrorists threats and risks, the overall funding of new and innovative physical security solutions is relatively very small. Such factors constraining physical security R and D include the expansion of overall security responsibilities, the emphasis on programmatic and business performance, in addition to evolving (mis)perceptions that 'the problem has been solved' or that 'anyone can do security'. Underlying these factors, the lack of robust standards and certifications has limited the development and application of physical security products, systems, and services. The research and development of new security technologies must be evaluated against very demanding constraints - including costs/benefits, emerging threats, and policies. Going forward, the goal will be to create a more comprehensive approach to physical security of nuclear material facilities that matches evolving threats and that will complement the transition to an integrated security/operations management environment. Such a management model evaluates the additional value of increasing security alternatives in addition to determining trade-offs between the programmatic mission and security issues. Correspondingly, more explicit and strategically useful measures must be developed to determine importance that, in turn, will influence security-related R and D efforts. The research and development of security technologies should be based upon identified needs and requirements resulting from a systematic analysis of the threat and other conditions. In particular, security technologies and systems must be evaluated in terms of current and long-term impacts. Such needs are (will be) diverse and will depend upon sustained research investments in a broad range of technologies

Seven layers of security to help protect biomedical research facilities.

Science.gov (United States)

Mortell, Norman

2010-04-01

In addition to risks such as theft and fire that can confront any type of business, the biomedical research community often faces additional concerns over animal rights extremists, infiltrations, data security and intellectual property rights. Given these concerns, it is not surprising that the industry gives a high priority to security. This article identifies security threats faced by biomedical research companies and shows how these threats are ranked in importance by industry stakeholders. The author then goes on to discuss seven key 'layers' of security, from the external environment to the research facility itself, and how these layers all contribute to the creation of a successfully secured facility.

Construction of Structure of Indicators of Efficiency of Counteraction to Threats of Information Safety in Interests of the Estimation of Security of Information Processes in Computer Systems

Directory of Open Access Journals (Sweden)

A. P. Kurilo

2010-06-01

Full Text Available The theorem of system of indicators for an estimation of the security of information processes in the computer systems is formulated and proved. A number of the signs is proved, allowing to consider set of the indicators of efficiency of counteraction to the threats of information safety of the computer systems as the system.

The corporate security professional

DEFF Research Database (Denmark)

Petersen, Karen Lund

2013-01-01

In our age of globalization and complex threat environments, every business is called upon to manage security. This tendency is reflected in the fact that a wide range of businesses increasingly think about security in broad terms and strive to translate national security concerns into corporate...... speech. This article argues that the profession of the security manager has become central for understanding how the relationship between national and corporate security is currently negotiated. The national security background of most private sector security managers makes the corporate security...... professional inside the company a powerful hybrid agent. By zooming in on the profession and the practice of national security inside companies, the article raises questions about where to draw the line between corporate security and national security along with the political consequences of the constitution...

Security basics for computer architects

CERN Document Server

Lee, Ruby B

2013-01-01

Design for security is an essential aspect of the design of future computers. However, security is not well understood by the computer architecture community. Many important security aspects have evolved over the last several decades in the cryptography, operating systems, and networking communities. This book attempts to introduce the computer architecture student, researcher, or practitioner to the basic concepts of security and threat-based design. Past work in different security communities can inform our thinking and provide a rich set of technologies for building architectural support fo

Chemical Security Analysis Center

Data.gov (United States)

Federal Laboratory Consortium — In 2006, by Presidential Directive, DHS established the Chemical Security Analysis Center (CSAC) to identify and assess chemical threats and vulnerabilities in the...

Three tenets for secure cyber-physical system design and assessment

Science.gov (United States)

Hughes, Jeff; Cybenko, George

2014-06-01

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

(In-)security of smartphone anti-virus and security apps

OpenAIRE

Huber, Stephan; Rasthofer, Siegfried

2016-01-01

Android is by far the most popular operating system for smartphones today. Many people entrust their Android-based phone with highly sensitive data such as business documents and credit card information, or perform critical tasks such as online banking on their devices. To protect their devices against threats from malware or attackers who aim to exploit security vulnerabilities, many users rely on anti-virus and security apps available from renowned vendors. In this paper, we show that those...

Counter-terrorism threat prediction architecture

Science.gov (United States)

Lehman, Lynn A.; Krause, Lee S.

2004-09-01

adaptation (learning). The increasingly complex demands facing analysts evaluating activity threatening to the security of the United States make the family of agent-based data collection (fusion) a promising area. This paper will discuss a system to support the collection and evaluation of potential threat activity as well as an approach fro presentation of the information.

Explosive and chemical threat detection by surface-enhanced Raman scattering: A review

DEFF Research Database (Denmark)

Hakonen, Aron; Andersson, Per Ola; Schmidt, Michael Stenbæk

2015-01-01

Acts of terror and warfare threats are challenging tasks for defense agencies around the world and of growing importance to security conscious policy makers and the general public. Explosives and chemical warfare agents are two of the major concerns in this context, as illustrated by the recent...... progressively better, smaller and cheaper, and can today be acquired for a retail price close to 10,000 US$. This contribution aims to give a comprehensive overview of SERS as a technique for detection of explosives and chemical threats. We discuss the prospects of SERS becoming a major tool for convenient in......-situ threat identification and we summarize existing SERS detection methods and substrates with particular focus on ultra-sensitive real-time detection. General concepts, detection capabilities and perspectives are discussed in order to guide potential users of the technique for homeland security and anti-warfare...

Rethinking energy security in Asia. A non-traditional view of human security

Energy Technology Data Exchange (ETDEWEB)

Caballero-Anthony, Mely [Nanyang Technological Univ., Singapore (SG). Centre for Non-Traditional Security (NTS) Studies; Chang, Youngho [Nanyang Technological Univ., Singapore (Singapore). Division of Economics; Putra, Nur Azha (eds.) [National Univ. of Singapore (Singapore). Energy Security Division

2012-07-01

Traditional notions of security are premised on the primacy of state security. In relation to energy security, traditional policy thinking has focused on ensuring supply without much emphasis on socioeconomic and environmental impacts. Non-traditional security (NTS) scholars argue that threats to human security have become increasingly prominent since the end of the Cold War, and that it is thus critical to adopt a holistic and multidisciplinary approach in addressing rising energy needs. This volume represents the perspectives of scholars from across Asia, looking at diverse aspects of energy security through a non-traditional security lens. The issues covered include environmental and socioeconomic impacts, the role of the market, the role of civil society, energy sustainability and policy trends in the ASEAN region.

Self-Reliability and Motivation in a Nuclear Security Culture Enhancement Program

Energy Technology Data Exchange (ETDEWEB)

Crawford,C.; de Boer,G.; De Castro, K; Landers, Ph.D., J; Rogers, E

2009-10-19

The threat of nuclear terrorism has become a global concern. Many countries continue to make efforts to strengthen nuclear security by enhancing systems of nuclear material protection, control, and accounting (MPC&A). Though MPC&A systems can significantly upgrade nuclear security, they do not eliminate the "human factor." This paper will describe some of the key elements of a comprehensive, sustainable nuclear security culture enhancement program and how implementation can mitigate the insider threat.

The bases of development of systems of control and protection information from internal threats

Directory of Open Access Journals (Sweden)

Валерий Евгеньевич Жужжалов

2013-12-01

Full Text Available The present article is devoted to the analysis of information security in the conditions of high-growth hi-tech means of information processing and information security development of systems from internal threats.

Secure Java For Web Application Development

CERN Document Server

Bhargav, Abhay

2010-01-01

As the Internet has evolved, so have the various vulnerabilities, which largely stem from the fact that developers are unaware of the importance of a robust application security program. This book aims to educate readers on application security and building secure web applications using the new Java Platform. The text details a secure web application development process from the risk assessment phase to the proof of concept phase. The authors detail such concepts as application risk assessment, secure SDLC, security compliance requirements, web application vulnerabilities and threats, security

School Security and Crisis Preparedness: Make It Your Business.

Science.gov (United States)

Trump, Kenneth S.

1999-01-01

The top five security risks in today's schools include aggressive behavior, weapons possession or use, drug trafficking, gangs, and "stranger danger." Home-made bomb threats are common. This article also discusses security system costs, risk-reduction frameworks, security assessments, crisis-preparedness guidelines, and security-related…

Security Bingo

CERN Multimedia

Computer Security Team

2011-01-01

Want to check your security awareness and win one of three marvellous books on computer security? Just print out this page, mark which of the 25 good practices below you already follow, and send the sheet back to us by 31 October 2011 at either Computer.Security@cern.ch or P.O. Box G19710.   Winners[1] must show that they fulfil at least five good practices in a continuous vertical, horizontal or diagonal row. For details on CERN Computer Security, please consult http://cern.ch/security. I personally…   …am concerned about computer security. …run my computer with an anti-virus software and up-to-date signature files. …lock my computer screen whenever I leave my office. …have chosen a reasonably complex password. …have restricted access to all my files and data. …am aware of the security risks and threats to CERN’s computing facilities. &hell...

Effectiveness Of Security Controls On Electronic Health Records

Directory of Open Access Journals (Sweden)

Everleen Wanyonyi

2017-12-01

Full Text Available Electronic Health Record EHR systems enhance efficiency and effectiveness in handling patients information in healthcare. This study focused on the EHR security by initially establishing the nature of threats affecting the system and reviewing the implemented security safeguards. The study was done at a referral hospital level 6 government facility in Kenya. Purposive sampling was used to select a sample of 196 out of 385 staff and a questionnaire designed for qualitative data collection. Data was analyzed using SPSS software. Correlations and binary logistic regression were obtained. Binary Logistic Regression BLR was used to establish the effect of the safeguards predictors on EHR security. It was established that physical security contributes more to the security of an information system than administrative controls and technical controls in that order. BLR helped in predicting effective safeguards to control EHR security threats in limited resourced public health facilities.

Vision-based threat detection in dynamic environments.

Energy Technology Data Exchange (ETDEWEB)

Carlson, Jeffrey J.

2007-08-01

This report addresses the development of automated video-screening technology to assist security forces in protecting our homeland against terrorist threats. A prevailing threat is the covert placement of bombs inside crowded public facilities. Although video-surveillance systems are increasingly common, current systems cannot detect the placement of bombs. It is also unlikely that security personnel could detect a bomb or its placement by observing video from surveillance cameras. The problems lie in the large number of cameras required to monitor large areas, the limited number of security personnel employed to protect these areas, and the intense diligence required to effectively screen live video from even a single camera. Different from existing video-detection systems designed to operate in nearly static environments, we are developing technology to detect changes in the background of dynamic environments: environments where motion and human activities are persistent over long periods. Our goal is to quickly detect background changes, even if the background is visible to the camera less than 5 percent of the time and possibly never free from foreground activity. Our approach employs statistical scene models based on mixture densities. We hypothesized that the background component of the mixture has a small variance compared to foreground components. Experiments demonstrate this hypothesis is true under a wide variety of operating conditions. A major focus involved the development of robust background estimation techniques that exploit this property. We desire estimation algorithms that can rapidly produce accurate background estimates and detection algorithms that can reliably detect background changes with minimal nuisance alarms. Another goal is to recognize unusual activities or foreground conditions that could signal an attack (e.g., large numbers of running people, people falling to the floor, etc.). Detection of background changes and/or unusual

Survey of current technologies of security management for distributed information systems; Bunsangata joho system no security iji kanri hoshiki no genjo

Energy Technology Data Exchange (ETDEWEB)

Matsui, S [Central Research Institute of Electric Power Industry, Tokyo (Japan)

1997-05-01

The latest situation of the security management for a distributed information system was examined and systematically summarized to indicate the management design in future. This paper describes the threat of the distributed information system to security, the risk for confidentiality, integrity, and availability due to the threat, and the measures to be taken. The basic technology of security management is classified into the `user certification to prevent an incorrect access` and the `encipherment to prevent data from being used incorrectly.` The technology for certification has been almost completed. It can be securely done using an expendable password or IC card system. In Internet, multiple enciphering technologies for constructing a virtual private network that can secure the almost the same security as for a private network can be used. In an electronic mail, the enciphering technology can also be used easily. The tool that manages the security of very many servers, clients, and networks is in the initial stage. 16 refs., 1 fig., 5 tabs.

The role of space in the security and defence policy of Turkey. A change in outlook: Security in space versus security from space

OpenAIRE

Ercan, C.; Kale, I.

2017-01-01

Space and security domains are strongly related with each other. Nowadays, space is an indispensable part of security and defence policy, and it is increasingly becoming a critical infrastructure for strategic Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) systems. However, space is vulnerable itself to the new space threats. This study reviews the current and near future space role in Turkey's security and defence policy and aims to address...

VoIP and PBX security and forensics a practical approach

CERN Document Server

Androulidakis, Iosif I

2016-01-01

This book begins with an introduction to PBXs (Private Branch Exchanges) and the scene, statistics and involved actors. It discusses confidentiality, integrity and availability threats in PBXs. The author examines the threats and the technical background as well as security and forensics involving PBXs. The purpose of this book is to raise user awareness in regards to security and privacy threats present in PBXs, helping both users and administrators safeguard their systems. The new edition includes a major update and extension to the VoIP sections in addition to updates to forensics.

Weapons of mass destruction - current security threat

International Nuclear Information System (INIS)

Durdiak, J.; Gafrik, A.; Pulis, P.; Susko, M.

2005-01-01

This publication brings a complex and comprehensive view of the weapons of mass destruction phenomenon in the context of present military and political situation. It emphasizes the threat posed by proliferation of these destructive devices and their carriers as well as the threat present in their possession by unpredictable totalitarian regimes or terrorist groups. The publication is structured into four basic parts: Introduction Into The Topic, Nuclear Weapons, Chemical Weapons and Biological Weapons. The Introduction reflects the latest developments on the field of military technologies, which lead to the development of new destructive devices with characteristics comparable to basic types of WMDs - nuclear, chemical and biological. Based on the definition of WMD as 'weapon systems with enormous impact causing mass destruction, population, equipment and material losses', the modern mass destruction devices are assorted here, such as ecological, radiological and beam weapons, aerosol and container intelligent ammunition, the outburst of dangerous chemical substances from infrastructure, non-conventional weapons and military devices. The Nuclear Weapons part depicts the most destructive device of mass destruction mankind ever invented in close detail. It maps the history of most significant discoveries in nuclear physics, development and construction of the first nuclear weapons, accumulation of nuclear warheads and their carriers in the Cold war era, attempts of nuclear disarmament and reducing the number of nuclear weapons in possession of superpowers and their proliferation in the world's crisis regions including North Korea and Iran. The chapters devoted to theoretical grounds and physical principles of nuclear and thermonuclear weapons' functioning, the main categories and types, as well as destructive effects and consequences of use contain an adequate mathematical apparatus. This chapter's conclusion brings the overview of nuclear armament of states that

A METHODOLOGICAL APPROACH TO THE STRATEGIC ANALYSIS OF FOOD SECURITY

Directory of Open Access Journals (Sweden)

Anastasiia Mostova

2017-12-01

Full Text Available The objective of present work is to substantiate the use of tools for strategic analysis in order to develop a strategy for the country’s food security under current conditions and to devise the author’s original technique to perform strategic analysis of food security using a SWOT-analysis. The methodology of the study. The article substantiates the need for strategic planning of food security. The author considers stages in strategic planning and explains the importance of the stage of strategic analysis of the country’s food security. It is proposed to apply a SWOT-analysis when running a strategic analysis of food security. The study is based on the system of indicators and characteristics of the country’s economy, agricultural sector, market trends, material-technical, financial, human resources, which are essential to obtain an objective assessment of the impact of trends and factors on food security, and in order to further develop the procedure for conducting a strategic analysis of the country’s food security. Results of the study. The procedure for strategic analysis of food security is developed based on the tool of a SWOT-analysis, which implies three stages: a strategic analysis of weaknesses and strengths, opportunities and threats; construction of the matrix of weaknesses and strengths, opportunities, and threats (SWOT-analysis matrix; formation of the food security strategy based on the SWOT-analysis matrix. A list of characteristics was compiled in order to conduct a strategic analysis of food security and to categorize them as strengths or weaknesses, threats, and opportunities. The characteristics are systemized into strategic groups: production, market; resources; consumption: this is necessary for the objective establishing of strategic directions, responsible performers, allocation of resources, and effective control, for the purpose of further development and implementation of the strategy. A strategic analysis

Cyber secure systems approach for NPP digital control systems

Energy Technology Data Exchange (ETDEWEB)

McCreary, T. J.; Hsu, A. [HF Controls Corporation, 16650 Westgrove Drive, Addison, TX 75001 (United States)

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from

Cyber secure systems approach for NPP digital control systems

International Nuclear Information System (INIS)

McCreary, T. J.; Hsu, A.

2006-01-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant and distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to

Clear and present danger: Interventive and retaliatory approaches to cyber threats

Directory of Open Access Journals (Sweden)

Danilo V. Bernardo

2015-07-01

Full Text Available Organizations, including governments, have been attempting to address cyber threats for years by deploying technologies (e.g., security perimeter defences. These technologies are overarching policies and regulations designed to encourage resilient cybersecurity strategies that safeguard not only data, but also properties and human lives. Implementing these technologies is one thing, but ensuring their effectiveness is another. Lack of effectiveness and inability to satisfy existing government requirements and approaches in dealing with cyber threats and attacks are likely to continue until better approaches are employed. These approaches may emanate from effective regulations, intelligence gathering and sharing, and good security practices to workable alliances and interactions with other communities. This work is proposing approaches based on the premise that cybersecurity strategies must adhere to and be guided by the effectiveness criteria: that is, intervention and retaliatory approaches should be employed and utilized on the basis of their empirically demonstrated effectiveness to combat cyber threats.

An integrated approach to risk assessment and mitigating the CBRN threat

International Nuclear Information System (INIS)

Bokan, S.

2009-01-01

CBRN mass casualty events threat mitigation remains today the highest international priority. Although significant progress has been made, the national security requirements for efforts to combat Weapons of Mass Destruction and Weapons of Mass Disruption will be of the highest national priority in the near future. An integration of a number of approaches is essential in the risk assessment and mitigating the CBRN treat. Preparedness measures and procedures, engineering, science and technology, policy, medical, and emergency response are essential to reduce the threat from the proliferation and use of weapons of mass destruction (WMD). Improved coordination between international, public and private security entities is also essential task to hopefully prevent the terrorist attacks. In this lecture, it will be presented very important scientific approach to risk assessment of potential use of nuclear, radiological, biological or chemical weapons in terrorist actions. An integrated approach for mitigating the CBRN threat, crisis management and preparedness measures for prevention and reduction of potential consequences, will be presented.(author)

Alignment of Organizational Security Policies -- Theory and Practice

NARCIS (Netherlands)

Dimkov, T.

2012-01-01

To address information security threats, an organization defines security policies that state how to deal with sensitive information. These policies are high-level policies that apply for the whole organization and span the three security domains: physical, digital and social. One example of a

Your employees: the front line in cyber security

OpenAIRE

Ashenden, D

2016-01-01

First published in The Chemical Engineer and reproduced by Crest - Centre for Research and Evidence on Security Threats, 26/01/2016 (https://crestresearch.ac.uk/comment/employees-front-line-cyber-security/)

Evolution of Biotechnology and Information Technology and Its Impact on Human Security

Directory of Open Access Journals (Sweden)

Elena S. Zinovieva

2015-01-01

Full Text Available Abstract: The development of post-industrial society initiates profound economic, technological and cultural change in the way of life of all mankind. The revolutionary breakthroughs in the field of new technologies such as biotechnology and information technology are reflected in all spheres of human activity, directly affecting the human security. The article analyzes the consequences of widespread usage biotechnology and information technology in the foreign policy practice on the basis of the human security theory. The detailed description of the main directions of the use of biometric technology in the foreign policy and consular practices is provided, the challenges and threats to information security associated with biometrics are analyzed, arising from widespread biotechnology are the main challenges and threats to as well as human security threats arising at the present stage of development and application of these technologies. Human security threats associated with the use of biotechnology are placed in the broader context of global trends in scientific and technological development. The recommendations are formulated in the field of foreign policy and international cooperation, which would neutralize new threats to international and personal safety arising at the present stage of development of biotechnology. The authors conclude that in order to ensure ethical regulation of new technologies that address issues of human security, it is necessary to organize multi-stakeholder partnerships at national and international level with the participation of states, representatives of civil society, business and the research community.

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

Energy Technology Data Exchange (ETDEWEB)

Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

2011-07-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Industrial Control System Cyber Security: Questions And Answers Relevant To Nuclear Facilities, Safeguards And Security

International Nuclear Information System (INIS)

Anderson, Robert S.; Schanfein, Mark; Bjornard, Trond; Moskowitz, Paul

2011-01-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

Contemporary security management

CERN Document Server

Fay, John

2010-01-01

Contemporary Security Management, 3rd Edition teaches security professionals how to operate an efficient security department and how to integrate smoothly with other groups inside and outside their own organizations. Fay demonstrates the specifics of security management: * how to organize, plan, develop and manage a security operation. * how to identify vulnerabilities. * how to determine the protective resources required to offset threats. * how to implement all necessary physical and IT security measures. Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructi...

PRIVATE SECURITY IN SPORT

Directory of Open Access Journals (Sweden)

Dragan Vukasović

2011-09-01

Full Text Available Given the importance of sport for international integration, affirmation, a sense of belonging and other values of general interest, in order to maintain and open new prospects of development, it is necessary to form the private security system along with state security system, with a view to creating conditions for development sports athletes to achieve better results both in domestic and international competitions. Private security is only one element of an integrated security system which, with its efficient organization with the use of adequate means and measures should provide answers to new challenges, risks and threats. Private security in line with the new understanding of the concept of security has an important role in providing athletes.

28 CFR 501.2 - National security cases.

Science.gov (United States)

2010-07-01

... 28 Judicial Administration 2 2010-07-01 2010-07-01 false National security cases. 501.2 Section... ADMINISTRATION SCOPE OF RULES § 501.2 National security cases. (a) Upon direction of the Attorney General, the... unauthorized disclosure of such information would pose a threat to the national security and that there is a...

Building an intelligence-led security program

CERN Document Server

Liska, Allan

2014-01-01

As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective. Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented inte

Wireless network security theories and applications

CERN Document Server

Chen, Lei; Zhang, Zihong

2013-01-01

Wireless Network Security Theories and Applications discusses the relevant security technologies, vulnerabilities, and potential threats, and introduces the corresponding security standards and protocols, as well as provides solutions to security concerns. Authors of each chapter in this book, mostly top researchers in relevant research fields in the U.S. and China, presented their research findings and results about the security of the following types of wireless networks: Wireless Cellular Networks, Wireless Local Area Networks (WLANs), Wireless Metropolitan Area Networks (WMANs), Bluetooth

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

Science.gov (United States)

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

International Nuclear Security

Energy Technology Data Exchange (ETDEWEB)

Doyle, James E. [Los Alamos National Laboratory

2012-08-14

This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; and (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.

A Study of Cyber Security Activities for Development of Safety-related Controller

Energy Technology Data Exchange (ETDEWEB)

Lee, Myeongkyun; Song, Seunghwan; Yoo, Kwanwoo; Yun, Donghwa [Korea Univ., Seoul (Korea, Republic of)

2014-05-15

Nuclear Power Plant Regulatory guide describes the regulatory requirements to implement cyber security activities to ensure that design and operate to respond to cyber threats that exploited to vulnerability of digital-based technologies associated with safety-related digital instrumentation and control systems at nuclear power plants. Cyber security activities coverage is instrumentation and control systems to perform safety functions and digital-based equipment to use development, test, analysis and asset for instrumentation and control systems. Regulatory guidance is required to the cyber security activities that should be performed in each development phase of safety-related controller. Development organization should establish and implement to cyber security plans for responding to cyber threats throughout each lifecycle phase and the result of the cyber security activities should be generated to the documents. In addition, the independent verification and validation organization should perform simulated penetration test for enhancing response capabilities to cyber security threats and development organization should establish and implement response hardening solutions for the cyber security vulnerabilities identified in the simulated penetration test.

A Study of Cyber Security Activities for Development of Safety-related Controller

International Nuclear Information System (INIS)

Lee, Myeongkyun; Song, Seunghwan; Yoo, Kwanwoo; Yun, Donghwa

2014-01-01

Nuclear Power Plant Regulatory guide describes the regulatory requirements to implement cyber security activities to ensure that design and operate to respond to cyber threats that exploited to vulnerability of digital-based technologies associated with safety-related digital instrumentation and control systems at nuclear power plants. Cyber security activities coverage is instrumentation and control systems to perform safety functions and digital-based equipment to use development, test, analysis and asset for instrumentation and control systems. Regulatory guidance is required to the cyber security activities that should be performed in each development phase of safety-related controller. Development organization should establish and implement to cyber security plans for responding to cyber threats throughout each lifecycle phase and the result of the cyber security activities should be generated to the documents. In addition, the independent verification and validation organization should perform simulated penetration test for enhancing response capabilities to cyber security threats and development organization should establish and implement response hardening solutions for the cyber security vulnerabilities identified in the simulated penetration test

Security Investment in Contagious Networks.

Science.gov (United States)

Hasheminasab, Seyed Alireza; Tork Ladani, Behrouz

2018-01-16