Sample records for information systems security

  1. Information Security Management System for Microsoft's Cloud Infrastructure

    E-Print Network [OSTI]

    Chaudhuri, Surajit

    Information Security Management System for Microsoft's Cloud Infrastructure Online Services ......................................................................................................................................................................................1 Information Security Management System.......................................................................................................................7 Information Security Management Forum

  2. PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS...

  3. Information Systems 32 (2007) 11661183 Security Attack Testing (SAT)--testing the security of

    E-Print Network [OSTI]

    2007-01-01T23:59:59.000Z

    Information Systems 32 (2007) 1166­1183 Security Attack Testing (SAT)--testing the security have been devoted into integrating security issues into information systems development practices reserved. Keywords: Information systems development methodology; Integrating security and software

  4. Electronic DOE Information Security System (eDISS) PIA, Office...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    DOE Information Security System (eDISS) PIA, Office of Health Safety and Security Electronic DOE Information Security System (eDISS) PIA, Office of Health Safety and Security...

  5. Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems

    E-Print Network [OSTI]

    Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems for information systems. Traditionally, security is considered after the definition of the system. However the health sector to military. As the use of Information Systems arises, the demand to secure those systems

  6. List of Major Information Systems,National Nuclear Security Administra...

    Energy Savers [EERE]

    List of Major Information Systems,National Nuclear Security Administration ADaPT Networked: List of Major Information Systems,National Nuclear Security Administration ADaPT...

  7. USING PERFORMANCE MEASUREMENTS TO EVALUATE AND STRENGTHEN INFORMATION SYSTEM SECURITY

    E-Print Network [OSTI]

    USING PERFORMANCE MEASUREMENTS TO EVALUATE AND STRENGTHEN INFORMATION SYSTEM SECURITY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute about the security of information systems for the decision makers of organizations. When organizations

  8. Security Certification & Accreditation of Federal Information Systems A Tutorial

    E-Print Network [OSTI]

    Madisetti, Vijay K.

    Security Certification & Accreditation of Federal Information Systems A Tutorial An Introduction Madisetti, 06/29/2009 Security Certification & Assurance of Federal Information Systems Tutorial Tutorial Outline Objectives & Introduction: C&A Information Security Certification & Accreditation Foundations (as

  9. Classified Automated Information System Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1994-07-15T23:59:59.000Z

    To establish uniform requirements, policies, responsibilities, and procedures for the development and implementation of a Department of Energy (DOE) Classified Computer Security Program to ensure the security of classified information in automated data processing (ADP) systems. Cancels DOE O 5637.1. Canceled by DOE O 471.2.

  10. Security Controls for Unclassified Information Systems Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-05T23:59:59.000Z

    The Manual establishes minimum implementation standards for cyber security technical, management, and operational controls that will be followed in all information systems operated by DOE and the information systems. Admin Chg 1 dated 9-1-09. Canceled by DOE O 205.1B.

  11. Security Controls for Unclassified Information Systems Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-05T23:59:59.000Z

    The Manual establishes minimum implementation standards for cyber security technical, management, and operational controls that will be followed in all information systems operated by DOE and the information systems. Admin Chg 1 dated 9-1-09; Admin Chg 2 dated 12-22-09. Canceled by DOE O 205.1B.

  12. Security Controls for Unclassified Information Systems Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-05T23:59:59.000Z

    The Manual establishes minimum implementation standards for cyber security technical, management, and operational controls that will be followed in all information systems operated by DOE and the information systems. Does not cancel other directives. Canceled by DOE O 205.1B

  13. Classified Information Systems Security Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-08-03T23:59:59.000Z

    This Manual provides requirements and implementation instructions for the graded protection of the confidentiality, integrity, and availability of information processed on all automated information systems used to collect, create, process, transmit, store, and disseminate classified information by, or on behalf of, the Department of Energy (DOE). DOE N 205.4 cancels Chapter III section 8, Incident Reporting, and DOE N 205.3 cancels Chapter VI, paragraph 4j(2), 4j(6); and Chapter VII, paragraph 12a(2)(a). Cancels: DOE M 5639.6A-1. Canceled by DOE M 205.1-4.

  14. The Center for Information Systems Security Studies and

    E-Print Network [OSTI]

    The Center for Information Systems Security Studies and Research (CISR) has created the ISSE) and the Department of Homeland Security (DHS) have designated NPS as a Center of Academic Excellence in Information developments where cyber security is a concern. Information Systems Security Engineering (ISSE) Certificate

  15. When security meets software engineering: A case of modelling secure information systems

    E-Print Network [OSTI]

    When security meets software engineering: A case of modelling secure information systems Engineering: towards the Modeling of Secure Information Systems" paper presented at the 15th International. This is mainly because private information is stored in computer systems and without security, organisations (and

  16. Information Security and Computer Systems: An Integrated Approach

    E-Print Network [OSTI]

    Holliday, Mark A.

    Information Security and Computer Systems: An Integrated Approach Mark A. Holliday Dept curriculum we are developing an Information Security option. Our approach highlights the many topics in information security that build upon concepts the students will already have seen in their computer systems

  17. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    E-Print Network [OSTI]

    Ling, Amy Poh Ai; 10.5121/ijgca.2011.2201

    2011-01-01T23:59:59.000Z

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on...

  18. SELECTING INFORMATION TECHNOLOGY SECURITY

    E-Print Network [OSTI]

    April 2004 SELECTING INFORMATION TECHNOLOGY SECURITY PRODUCTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Information technology security prod ucts are essential to better secure infor mation technology (IT) systems

  19. THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS

    E-Print Network [OSTI]

    THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS Joshua Pauli College of Business.xu@ndsu.nodak.edu Keywords: Software architecture, Security, Threat model, Use case, Misuse case, UML Abstract: To deal with software security issues in the early stages of system development, this paper presents a threat- driven

  20. information security

    E-Print Network [OSTI]

    Faculty listing for "information security" ... 1167; Phone: +1 765 49-46022; Email: wagstaff@purdue.edu; Research Interests: number theory, information security.

  1. Selection of Model in Developing Information Security Criteria for Smart Grid Security System

    E-Print Network [OSTI]

    Ling, Amy Poh Ai

    2011-01-01T23:59:59.000Z

    At present, the "Smart Grid" has emerged as one of the best advanced energy supply chains. This paper looks into the security system of smart grid via the smart planet system. The scope focused on information security criteria that impact on consumer trust and satisfaction. The importance of information security criteria is perceived as the main aspect to impact on customer trust throughout the entire smart grid system. On one hand, this paper also focuses on the selection of the model for developing information security criteria on a smart grid.

  2. USING SECURITY ATTACK SCENARIOS TO ANALYSE SECURITY DURING INFORMATION SYSTEMS DESIGN

    E-Print Network [OSTI]

    is a development methodology tailored to describe both the organisational environment of a system and the system of a soft goal is "the system should be scalable". A task represents a way of doing something. ThusUSING SECURITY ATTACK SCENARIOS TO ANALYSE SECURITY DURING INFORMATION SYSTEMS DESIGN Haralambos

  3. Certification and Accreditation Process for Information Systems Including National Security Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19T23:59:59.000Z

    The Notice ensures the effectiveness of security controls on DOE Federal information systems including national security systems. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. No cancellations. DOE N 205.15, dated 3-18-05, extends this directive until 3-18-06.

  4. Manual of Security Requirements for the Classified Automated Information System Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1994-07-15T23:59:59.000Z

    This Manual provides specific instructions and delineates the requirements to ensure the graded security of classified information entrusted to the Department of Energy (DOE) that is processed, stored, transferred, or accessed on Automated Information Systems (AISs) and AIS networks. Canceled by DOE M 471.2-2.

  5. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-20T23:59:59.000Z

    The protection and control of classified information is critical to our nation’s security. This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Cancels DOE M 470.4-4A Chg except for Section D.

  6. INFORMATION SECURITY University Policy No: IM7800

    E-Print Network [OSTI]

    Herwig, Falk

    Page 1 INFORMATION SECURITY POLICY University Policy No: IM7800 Classification: Information to an Information Security Incident Procedures for Addressing Security Vulnerabilities of University Information Resources and Information Systems University Information Security Classification Procedures Procedures

  7. MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY

    E-Print Network [OSTI]

    MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology an impact on the security of the systems and operations. In developing information systems, organizations

  8. Information Security Advisory Information Security, Computing and Information Services

    E-Print Network [OSTI]

    Qiu, Weigang

    Information Security Advisory Information Security, Computing and Information Services security's IT Security Procedures require that non-public University information, including social security numbers and professional information in a secure and appropriate manner. #12;

  9. Faculty Information Security Guide

    E-Print Network [OSTI]

    Myers, Lawrence C.

    Faculty Information Security Guide Dartmouth Your information is vitally important to your teaching protect your information. THE DARTMOUTH INFORMATION SECURITY COMMITTEE The Dartmouth Information Security Committee (DISC) meets monthly to assess vulnerabilities of information security, and to develop and revise

  10. REVISED CATALOG OF SECURITY CONTROLS FOR FEDERAL INFORMATION SYSTEMS AND ORGANIZATIONS: FOR USE IN BOTH

    E-Print Network [OSTI]

    REVISED CATALOG OF SECURITY CONTROLS FOR FEDERAL INFORMATION SYSTEMS AND ORGANIZATIONS: FOR USE and expanded its catalog of security controls to help organizations protect their information and information, the revised catalog brings together, for the first time, comprehensive information about security controls

  11. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-29T23:59:59.000Z

    This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Admin Chg 2, dated 5-15-15, cancels Admin Chg 1.

  12. A Virtual Environment for Interactive Visualization of Power System Economic and Security Information

    E-Print Network [OSTI]

    visualization of power system economic and security information. Keywords: Power System Economics, SecurityA Virtual Environment for Interactive Visualization of Power System Economic and Security Information Thomas J. Overbye Raymond P. Klump Jamie D. Weber Senior Member Member Student Member University

  13. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-06-29T23:59:59.000Z

    Establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Section E, Technical Surveillance Countermeasures Program, is Official Use Only. Please contact the DOE Office of Health, Safety and Security at 301-903-0292 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A

  14. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-08-26T23:59:59.000Z

    This Manual establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Attachment E, Technical Surveillance Countermeasures Program, is for Official Use Only. Contact the Office of Security and Safety Performance Assurance at 301-903-3653 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A.

  15. NIST Seeks Input for Planned 2011 Update of Security Control Catalog For Federal Information Systems and Organizations

    E-Print Network [OSTI]

    ; · Supply chain security; · Industrial/process control systems; and · Privacy. NIST SP 80053, Revision 3 Publication 80053, Recommended Security Controls for Federal Information Systems and Organizations webbased access to the security controls for federal information systems and organizations

  16. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1992-10-19T23:59:59.000Z

    To establish the Department of Energy (DOE) Information Security Program and set forth policies, procedures and responsibilities for the protection and control of classified and sensitive information. The Information Security Program is a system of elements which serve to deter collection activities, This directive does not cancel another directive. Canceled by DOE O 471.2 of 9-28-1995.

  17. Proceedings of the 13th Colloquium for Information Systems Security Education

    E-Print Network [OSTI]

    O'Leary, Michael

    Proceedings of the 13th Colloquium for Information Systems Security Education Seattle, WA June 1 York Road Towson, MD 21252 USA The Maryland Alliance for Information Security Assurance (MAISA universities. We work collaboratively to provide opportunities in Information Security Assurance curriculum

  18. Review your system access with your company's Information Security Officer. Access that is not

    E-Print Network [OSTI]

    Shepp, Larry

    Review your system access with your company's Information Security Officer. Access and downloading of information from laptop computers. Beware that your conversations may not be private or secure to be someone you trust in order to obtain personal or sensitive information. Additional travel security tips

  19. A. Name: Information Systems Security Incident Response Policy B. Number: 20070103-secincidentresp

    E-Print Network [OSTI]

    Bushman, Frederic

    Page 1 I. Title A. Name: Information Systems Security Incident Response Policy B. Number: 20070103-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy OfficerNet) as well as the establishment of information security policies, guidelines, and standards. The Office

  20. Information System Security Manager (ISSM) | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently Asked Questions for DOEthe RankingReformManager (ISSM) Information System Security

  1. Proceedings of the 13th Colloquium for Information Systems Security Education

    E-Print Network [OSTI]

    O'Leary, Michael

    Proceedings of the 13th Colloquium for Information Systems Security Education Seattle, WA June 1: it is bad code. This perspective on computer security education informs the design of our new approach, computer security education is often relegated to a secondary role in undergraduate curricula. Exposure

  2. Using Trust-Based Information Aggregation for Predicting Security Level of Systems

    E-Print Network [OSTI]

    Ray, Indrakshi

    Using Trust-Based Information Aggregation for Predicting Security Level of Systems Siv Hilde Houmb1 level of a security solution using information sources who are trusted to varying degrees. We show how}@cs.colostate.edu Abstract. Sometimes developers must design innovative security solutions that have a rapid development

  3. Using Trust-Based Information Aggregation for Predicting Security Level of Systems

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Using Trust-Based Information Aggregation for Predicting Security Level of Systems Siv Hilde Houmb1 level of a security solution using information sources who are trusted to varying degrees. We show how.colostate.edu Abstract. Sometimes developers must design innovative security solutions that have a rapid development

  4. Information Technology Specialist (System Analysis/Information Security)

    Broader source: Energy.gov [DOE]

    A successful candidate in this position will provide the technical direction, planning, programming, implementation and operations of the Information Technology (IT) program for the Carlsbad Field...

  5. Information Security Group IY5512 Computer Security

    E-Print Network [OSTI]

    Mitchell, Chris

    for process that controls interactions between users and resources. · Access control system implements Information Security Group Agenda · Access control basics · ACLs and capabilities · Information flow policies· Information flow policies · Bell-LaPadula Model · Role-Based Access Control · Resources 3 Information Security

  6. Information Technology Security Assessment Framework

    E-Print Network [OSTI]

    Federal Information Technology Security Assessment Framework November 28, 2000 Prepared (NIST) Computer Security Division #12;Overview Information and the systems that process it are among and maintain a program to adequately secure its information and system assets. Agency programs must: 1) assure

  7. Information Security: Coordination of Federal Cyber Security...

    Office of Environmental Management (EM)

    Security: Coordination of Federal Cyber Security Research and Development Information Security: Coordination of Federal Cyber Security Research and Development GAO recommends that...

  8. Research With Students My principal research activities lie in information systems security with particular emphasis on access control

    E-Print Network [OSTI]

    of security, and secure transaction processing. My recent research has expanded beyond information systemsResearch With Students My principal research activities lie in information systems security and mining, semantic web and multimedia delivery. 1 Major Results · Security solutions for workflow systems

  9. INFORMATION TECHNOLOGY SECURITY SERVICES: HOW TO

    E-Print Network [OSTI]

    June 2004 INFORMATION TECHNOLOGY SECURITY SERVICES: HOW TO SELECT, IMPLEMENT, AND MANAGE Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute the security of their information tech nology (IT) systems. Whether they get this assistance from internal

  10. Information Security Advisory Information Security, Computing and Information Services

    E-Print Network [OSTI]

    Qiu, Weigang

    Information Security Advisory Information Security, Computing and Information Services security.cuny.edu Published: November 2014 Holiday Season Phishing Scams and Malware Campaigns CUNY/CIS Information Security.cuny.edu under "CUNY Issued Security Advisories" Visit the Federal Trade Commission's Consumer Information page

  11. Information Security for Libraries (1) INFORMATION SECURITY FOR LIBRARIES

    E-Print Network [OSTI]

    Newby, Gregory B.

    Information Security for Libraries (1) INFORMATION SECURITY FOR LIBRARIES Gregory B. Newby School an active role in information security. INTRODUCTION By most accounts, the proliferation of the Internet of information security, making concrete recommendations for safeguarding information and information access

  12. Information Security Group IY5512 Computer Security

    E-Print Network [OSTI]

    Mitchell, Chris

    Information Security Group IY5512 Computer Security Part 7b: Windows securityPart 7b: Windows security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security Group) of Windows machines. 2 Information Security Group Objectives II · Focus on Active Directory, authentication

  13. Secure Core Contact Information

    E-Print Network [OSTI]

    Secure Core Contact Information C. E. Irvine irvine@nps.edu 831-656-2461 Department of Computer for the secure management of local and/or remote information in multiple contexts. The SecureCore project Science Graduate School of Operations and Information Sciences www.cisr.nps.edu Project Description

  14. Information Security Guide

    E-Print Network [OSTI]

    Information Security Guide For Government Executives Pauline Bowen Elizabeth Chew Joan Hash #12; Table of Contents Introduction 1 Why do I need to invest in information security? 2 Where do I need to focus my attention in accomplishing critical information security goals? 4 What are the key activities

  15. Security classification of information

    SciTech Connect (OSTI)

    Quist, A.S.

    1993-04-01T23:59:59.000Z

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  16. University of Aberdeen Information Security Policy

    E-Print Network [OSTI]

    Levi, Ran

    University of Aberdeen Information Security Policy December 2007 #12;1 INTRODUCTION 1.1 WHAT IS INFORMATION SECURITY AND WHY DO WE NEED TO THINK ABOUT IT? 1.1.1 Information Security is the practice of Information Security includes: Systems being unavailable Bad publicity and embarrassment Fraud

  17. Management of Control System Information SecurityI: Control System Patch Management

    SciTech Connect (OSTI)

    Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

    2011-09-01T23:59:59.000Z

    The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

  18. Office of Information Security

    Broader source: Energy.gov [DOE]

    The Office of Information Security is responsible for implementation of the Classified Matter Protection and Control Program (CMPC), the Operations Security Program (OPSEC) and the Facility Clearance Program and the Survey Program for Headquarters

  19. Cyber Security Requirements for Wireless Devices and Information Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-11T23:59:59.000Z

    The Notice establishes DOE policy requirements and responsibilities for using wireless networks and devices within DOE and implements the requirements of DOE 0 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, including requirements for cyber resource protection, risk management, program evaluation, and cyber security plan development and maintenance. No cancellation. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  20. SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY

    E-Print Network [OSTI]

    SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National and to protect their systems and information from security threats and risks. There have been many past efforts

  1. Terms of Reference Information Security Group

    E-Print Network [OSTI]

    Haase, Markus

    Terms of Reference Information Security Group Version 3.1 8 March 2011 © University of Leeds 2011 Security Group Information Security Management 3.1 (8/3/11) Page 2 of 4 Document Control Owner: Kevin Darley, IT Security Co-ordinator, Information Systems Services, University of Leeds Source Location: V

  2. Information System Security Officer (ISSO) | Department of Energy

    Office of Environmental Management (EM)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742 33Frequently Asked Questions for DOEthe RankingReformManager (ISSM) Information System

  3. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1997-03-27T23:59:59.000Z

    Establishes an Information Security Program for the protection and control of classified and sensitive information. Extended until 5-11-06 by DOE N 251.63, dated 5-11-05. DOE O 471.2A, Information Security Program, dated 3/27/1997, extended by DOE N 251.57, dated 4/28/2004. Cancels: DOE O 471.2

  4. TEC Information Security

    Broader source: Energy.gov (indexed) [DOE]

    External Coordination Working Group Information Security E. Ralph Smith, Manager Institutional Programs April 22, 2004 Albuquerque, NM WIPP * Open communications * Notifications *...

  5. INFORMATION SECURITY POLICY.doc INFORMATION SECURITY POLICY

    E-Print Network [OSTI]

    Subramanian, Sriram

    - 1 ­ INFORMATION SECURITY POLICY.doc INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable ­ INFORMATION SECURITY POLICY.doc Introduction Why Information Security? The access, availability

  6. HR System Access Request Form Security Administration, Human Resources (HR) For additional instructions and information, log onto http://hr.vanderbilt.edu/security/

    E-Print Network [OSTI]

    Simaan, Nabil

    instructions and information, log onto http://hr.vanderbilt.edu/security/ Home Department VUnet IDHR EmployeeHR System Access Request Form Security Administration, Human Resources (HR) For additional ID Name Email AddressWork Phone Home Dept Name Effective Date of Access Operator Information I

  7. AT&TSecurity Consulting Information Assurance Federal Information Security

    E-Print Network [OSTI]

    Fisher, Kathleen

    AT&TSecurity Consulting Information Assurance ­ Federal Information Security Management Act (FISMA requirements under the Federal Information Security Management Act of 2002, of general support systems the security controls for the information system. The AT&T Consulting methodology is based on National

  8. Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19T23:59:59.000Z

    The Notice establishes DOE policy requirements and responsibilities for remote connections to DOE and contractor information technology systems. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, to protect DOE information and information technology systems commensurate with the risk and magnitude of harm that could result from their unauthorized access, use, disclosure, modification or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06. No cancellations.

  9. The theory of diversity and redundancy in information system security : LDRD final report.

    SciTech Connect (OSTI)

    Mayo, Jackson R. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Torgerson, Mark Dolan; Walker, Andrea Mae; Armstrong, Robert C. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Allan, Benjamin A. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Pierson, Lyndon George

    2010-10-01T23:59:59.000Z

    The goal of this research was to explore first principles associated with mixing of diverse implementations in a redundant fashion to increase the security and/or reliability of information systems. Inspired by basic results in computer science on the undecidable behavior of programs and by previous work on fault tolerance in hardware and software, we have investigated the problem and solution space for addressing potentially unknown and unknowable vulnerabilities via ensembles of implementations. We have obtained theoretical results on the degree of security and reliability benefits from particular diverse system designs, and mapped promising approaches for generating and measuring diversity. We have also empirically studied some vulnerabilities in common implementations of the Linux operating system and demonstrated the potential for diversity to mitigate these vulnerabilities. Our results provide foundational insights for further research on diversity and redundancy approaches for information systems.

  10. Start your information security planning here!

    E-Print Network [OSTI]

    Magee, Joseph W.

    Start your information security planning here! Save the Date July 15, 2008 8:30 am ­ 12:30 pm-technology crimes. For additional information, visit http://csrc.nist.gov/secure iz/b or contact: securebiz developed a workshop to help the small business owner increase information system security. Learn how

  11. Information Security 26:198:643:01

    E-Print Network [OSTI]

    Lin, Xiaodong

    Information Security 26:198:643:01 Spring 2012 Rutgers University M 2:30-5:20pm, 1WP-534 Panagiotis and interconnecting networks, raising demands for security measures to protect the information and relevant systems, students will learn the theoretical advancements in information security, state-of-the- art techniques

  12. ITS Identity & Information Security Information Security Program Date 10-02-2013 Page 1

    E-Print Network [OSTI]

    Su, Xiao

    ITS Identity & Information Security Information Security Program Date 10-02-2013 Page 1 Information................................................................................................................................................................................3 Information Security Policy...............................................................................................................................................4 Information Security Policy Management

  13. Information SecurityInformation Security--Applications andApplications and

    E-Print Network [OSTI]

    Ahmed, Farid

    Information SecurityInformation Security-- Applications andApplications and Techniques about? InformationInformation SecuritySecurity Information SecurityInformation Security What?What? Why of Information SecuritySecurity Network SecurityNetwork Security PGP, SSL,PGP, SSL, IPsecIPsec Data Security

  14. National Security System Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-03-08T23:59:59.000Z

    The manual provides baseline requirements and controls for the graded protection of the confidentiality, integrity, and availability of classified information and information systems used or operated by the Department of Energy (DOE), contractors, and any other organization on behalf of DOE, including the National Nuclear Security Administration. Cancels DOE M 471.2-2. Canceled by DOE O 205.1B.

  15. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1995-09-28T23:59:59.000Z

    Establishes an Information Security Program for the protection and control of classified and sensitive information. Cancels DOE 5630.8A, DOE 5639.1, DOE 5639.5, DOE 5639.6A, DOE 5639.7, DOE M 5632.1C-1, Chapter III, Para. 1, 2, and 4-9

  16. Enterprise Information Security Management Framework [EISMF

    E-Print Network [OSTI]

    Sharma, Dhirendra, S.M. Massachusetts Institute of Technology

    2011-01-01T23:59:59.000Z

    There are several technological solutions available in the market to help organizations with information security breach detection and prevention such as intrusion detection and prevention systems, antivirus software, ...

  17. Tighter security for electronic information

    SciTech Connect (OSTI)

    Moore, T.

    1996-11-01T23:59:59.000Z

    Responding to interest expressed by many member utilities, EPRI is launching strategic core research in information security to help companies better protect power system operations, business-sensitive and private customer data, and networks from unauthorized access or use. Although the threat of computer security breaches has been relatively low and isolated in the past and break-ins have been few, the increasing use of networks for various business activities suggests that such risks will rise. EPRI expects to work through an existing strategic alliance with the Department of Energy to tap the expertise of the national laboratories in beefing up utilities` information security systems and practices. This paper describes these potential threats and strategies to combat them.

  18. T-582: RSA systems has resulted in certain information being extracted from RSA systems that relates to RSA SecurID

    Broader source: Energy.gov [DOE]

    RSA investigation has revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is related to RSA's SecurID two-factor authentication products.

  19. IY5512: Part 1 Information Security Group

    E-Print Network [OSTI]

    Mitchell, Chris

    IY5512: Part 1 1 Information Security Group IY5512 Computer Security Part 1: Introduction to computer security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security) ... 2 Information Security Group Agenda · Overview · Security goals · Security approaches ­ prevention

  20. Information Security Governance: When Compliance Becomes more Important than Security

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Information Security Governance: When Compliance Becomes more Important than Security Terence Tan1 information security must adapt to changing conditions by extending security governance to middle management for implementing information security are more interested in complying with organizational standards and policies

  1. Security system signal supervision

    SciTech Connect (OSTI)

    Chritton, M.R. (BE, Inc., Barnwell, SC (United States)); Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States))

    1991-09-01T23:59:59.000Z

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs.

  2. September 2004 INFORMATION SECURITY

    E-Print Network [OSTI]

    of Standards and Technology Many System Development Life Cycle (SDLC) models exist that can be used by an organization to effectively develop an information system. A tra ditional SDLC is a linear sequential model. This model assumes that the system will be delivered near the end of its life cycle. Another SDLC model uses

  3. 06 DEC 2013 1 Information Security Guideline

    E-Print Network [OSTI]

    Queitsch, Christine

    (CISO) and Privacy Assurance and Systems Security Council (PASS Council) provide organizations with the information security and privacy risk management approach overseen by the CISO and PASS Council on behalf of the University. This document is a living document and will be reviewed and revised as necessary. Check the CISO

  4. T-592: Cisco Security Advisory: Cisco Secure Access Control System...

    Energy Savers [EERE]

    92: Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability T-592: Cisco Security Advisory: Cisco Secure Access Control System...

  5. University of Connecticut Information Technology Security

    E-Print Network [OSTI]

    Alpay, S. Pamir

    University of Connecticut Information Technology Security Incident Response Plan #12;- i - Revision technology needs of the University. The Information Technology Security Office has created this Incident, affiliates, or students. Audience This document is primarily for University departmental information security

  6. NISTIR 7359 Information Security Guide For

    E-Print Network [OSTI]

    NISTIR 7359 Information Security Guide For Government Executives Pauline Bowen Elizabeth Chew Joan Hash #12;NISTIR 7359 Information Security Guide For Government Executives Pauline Bowen Elizabeth Chew Joan Hash Computer Security Division Information Technology Laboratory National Institute of Standards

  7. ITL BULLETIN FOR MARCH 2011 MANAGING INFORMATION SECURITY RISK: ORGANIZATION, MISSION

    E-Print Network [OSTI]

    ITL BULLETIN FOR MARCH 2011 MANAGING INFORMATION SECURITY RISK: ORGANIZATION, MISSION AND INFORMATION SYSTEM VIEW Shirley Radack, Editor Computer Security Division Information Technology Laboratory. Managing information security risk is an essential element of the organization's overall risk management

  8. The Complexity of Synchronous Notions of Information Flow Security

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    The Complexity of Synchronous Notions of Information Flow Security Franck Cassez1, , Ron van der flow security is concerned with the ability for agents in a system to deduce information about an information flow security policy has proved to be a subtle matter. A substantial literature has developed

  9. A Survey of Interdependent Information Security Games ARON LASZKA1

    E-Print Network [OSTI]

    Bencsáth, Boldizsár

    A A Survey of Interdependent Information Security Games ARON LASZKA1 , MARK FELEGYHAZI1 , LEVENTE by the security-related decisions of others. This interdependence between information system operators and users Information security has traditionally been considered a strategic cat-and-mouse game between the defending

  10. OFFICE OF INFORMATION TECHNOLOGY COMPUTER SECURITY POLICY

    E-Print Network [OSTI]

    Hemmers, Oliver

    OFFICE OF INFORMATION TECHNOLOGY COMPUTER SECURITY POLICY RESPONsmLE ADMINISTRATOR: RESPONsm Manual, Chapter 14: Data and Information Security, Section 4, Information Security Plans ­ Physical%20-%20DATA%20AND%20INFORMATION%20SECURITY.pdf. CONTACTS Refer to the Office of Information Technology

  11. Implementing Information Security and Its Technology: A Line Management Perspective

    E-Print Network [OSTI]

    Barletta, William A.

    2005-01-01T23:59:59.000Z

    of an integrated information security and privacy program.An institution's information security program forms thefrom the chief information security officer, chief security

  12. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    Analysis of Information Security Games, Proceedings of theon the Economics of Information Security WEIS’, Hanover, NH,on the Economics of Information Security’. Anderson, R. and

  13. Information Security Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-10-12T23:59:59.000Z

    The Manual establishes security requirements for the protection and control of matter required to be classified or controlled by statutes, regulations, or U.S. Department of Energy (DOE) directives. Original dated dated 1-16-09. Canceled by DOE O 471.6--except for Section D.

  14. Information Security Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-16T23:59:59.000Z

    This Manual establishes security requirements for the protection and control of matter required to be classified or controlled by statutes, regulations, or U.S. Department of Energy directives. Cancels DOE M 470.4-4 Chg 1. DOE M 470.4-4A Chg 1 issued 10-12-10.

  15. IY5512: Part 2 Information Security Group

    E-Print Network [OSTI]

    Mitchell, Chris

    Information Security Group The principles · The eight principles are: 1. Economy of mechanism 2. FailIY5512: Part 2 1 Information Security Group IY5512 Computer Security Part 2: Design & evaluation Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security Group Objectives

  16. Smart Grid Information Security (IS) Functional Requirement

    E-Print Network [OSTI]

    Ling, Amy Poh Ai

    2011-01-01T23:59:59.000Z

    It is important to implement safe smart grid environment to enhance people's lives and livelihoods. This paper provides information on smart grid IS functional requirement by illustrating some discussion points to the sixteen identified requirements. This paper introduces the smart grid potential hazards that can be referred as a triggering factor to improve the system and security of the entire grid. The background of smart information infrastructure and the needs for smart grid IS is described with the adoption of hermeneutic circle as methodology. Grid information technology and security-s session discusses that grid provides the chance of a simple and transparent access to different information sources. In addition, the transformation between traditional versus smart grid networking trend and the IS importance on the communication field reflects the criticality of grid IS functional requirement identification is introduces. The smart grid IS functional requirements described in this paper are general and ...

  17. Approved Module Information for CS3190, 2014/5 Module Title/Name: Information Security Module Code: CS3190

    E-Print Network [OSTI]

    Neirotti, Juan Pablo

    Approved Module Information for CS3190, 2014/5 Module Title/Name: Information Security Module Code for and the underlying principles of information security. By introducing students to key information security concepts to the administration, design, development, evaluation and management of secure information systems. Module Learning

  18. Security Equipment and Systems Certification Program (SESCP)

    SciTech Connect (OSTI)

    Steele, B.J. [Sandia National Labs., Albuquerque, NM (United States); Papier, I.I. [Underwriters Labs., Inc., Northbrook, IL (United States)

    1996-06-20T23:59:59.000Z

    Sandia National Laboratories (SNL) and Underwriters Laboratories, Inc., (UL) have jointly established the Security Equipment and Systems Certification Program (SESCP). The goal of this program is to enhance industrial and national security by providing a nationally recognized method for making informed selection and use decisions when buying security equipment and systems. The SESCP will provide a coordinated structure for private and governmental security standardization review. Members will participate in meetings to identify security problems, develop ad-hoc subcommittees (as needed) to address these identified problems, and to maintain a communications network that encourages a meaningful exchange of ideas. This program will enhance national security by providing improved security equipment and security systems based on consistent, reliable standards and certification programs.

  19. Information Aggregation, Currency Swaps, and the Design of Derivative Securities

    E-Print Network [OSTI]

    Chowdhry, Bhagwan; Grinblatt, Mark

    1997-01-01T23:59:59.000Z

    their disparate information and (ii) each security should befor these securities and the information it generates.all information relevant for pricing securities to all

  20. Information Security Policy Manual Latest Revision: May 16, 2012

    E-Print Network [OSTI]

    Alpay, S. Pamir

    1 Information Security Policy Manual Latest Revision: May 16, 2012 #12;2 Table of Contents Information Security Policy Manual...............................................................................................................................................17 Information Security Glossary

  1. advanced traveler information systems: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Skills Critically reflect on management Neirotti, Juan Pablo 213 Information Systems Security Information Systems Security Computer Technologies and Information Sciences Websites...

  2. University of Connecticut Information Technology Security

    E-Print Network [OSTI]

    Alpay, S. Pamir

    University of Connecticut Information Technology Security Incident Response Plan #12;- i - Revision requirements for the protection of that information on the University. The University has had security of the University. The Information Technology Security Office has created this Incident Response Plan to assist

  3. Finance, IT Operations & Information Security Dear Colleagues,

    E-Print Network [OSTI]

    1 Finance, IT Operations & Information Security Dear Colleagues, As we write the summer issue, with the hire of Indir Advagic, SEAS is launching an Office of Information Security. Besides assessing the general state of information security at SEAS, one of Indir's first tasks will be to revive the cross

  4. Privacy and Security Protecting Personal Information

    E-Print Network [OSTI]

    Pedersen, Tom

    Privacy and Security Protecting Personal Information Kim Hart and Bill Trott #12;Privacy Video http and security and apply the principles to your work situation; · Overview of Freedom of Information records with confidential and highly confidential information; · Faculty and staff may have privacy/security

  5. Information Technology Security for Small Business

    E-Print Network [OSTI]

    Magee, Joseph W.

    Information Technology Security for Small Business (video script) Descriptive Text for the Visually symbolic of information technology security and cyber crime. Narration: "No matter how well you protect, "Information Technology Security for Small Business" and "It's not just good business. It's essential business

  6. Secured Information Flow for Asynchronous Sequential Processes

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Secured Information Flow for Asynchronous Sequential Processes Isabelle Attali, Denis Caromel for unauthorized information flows. As a final result, all authorized communication paths are secure: no disclosure a new issue in data confidentiality: authorization of secured information flow transiting (by the mean

  7. Formalizing Information Security Knowledge Stefan Fenz

    E-Print Network [OSTI]

    Formalizing Information Security Knowledge Stefan Fenz Vienna University of Technology Vienna ontology which provides an on- tological structure for information security domain knowl- edge. Besides of the considered organization is incorporated. An evaluation conducted by an information security expert team has

  8. GAANN -Computer Systems Security GAANN Computer Systems Security

    E-Print Network [OSTI]

    Alpay, S. Pamir

    GAANN - Computer Systems Security GAANN ­ Computer Systems Security · What is computer systems security? ­ The protection of all aspects of a computer system from unauthorized use · Why is it important? ­ Computing devices have a large impact on our daily life ­ Guaranteeing that the devices perform as desired

  9. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    her students on security of process control systems. I amcyber-security tools for process control systems. In theon the security mechanisms of process control systems, few

  10. The Department of Energy's National Security Information Fundamental...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    The Department of Energy's National Security Information Fundamental Classification Guidance Review The Department of Energy's National Security Information Fundamental...

  11. Overview of Key Roles and Responsibilities in Information Security Liaison Model Responsibilities Chief Information Security-Privacy

    E-Print Network [OSTI]

    Cantlon, Jessica F.

    Overview of Key Roles and Responsibilities in Information Security Liaison Model Responsibilities Chief Information Security-Privacy Officers Divisional Information Security-Privacy Liaison Departmental Information Security-Privacy Liaison Planning Plan and conduct annual risk assessment Develop a prioritized

  12. Third Annual Cyber Security and Information

    E-Print Network [OSTI]

    Krings, Axel W.

    Third Annual Cyber Security and Information Infrastructure Research Workshop May 14-15, 2007 TOWARDS COMPREHENSIVE STRATEGIES THAT MEET THE CYBER SECURITY CHALLENGES OF THE 21ST CENTURY Frederick Sheldon, Axel Krings, Seong-Moo Yoo, and Ali Mili (Editors) #12;CSIIRW07: Cyber Security and Information

  13. Control Systems Cyber Security Standards Support Activities

    SciTech Connect (OSTI)

    Robert Evans

    2009-01-01T23:59:59.000Z

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  14. Determining Home Range and Preferred Habitat of Feral Horses on the Nevada National Security Site Using Geographic Information Systems

    SciTech Connect (OSTI)

    Burns, Ashley V. [NSTec

    2014-05-30T23:59:59.000Z

    Feral horses (Equus caballus) are free-roaming descendants of domesticated horses and legally protected by the Wild and Free-Roaming Horses and Burros Act of 1971, which mandates how feral horses and burros should be managed and protected on federal lands. Using a geographic information system to determine the home range and suitable habitat of feral horses on the federally managed Nevada National Security Site can enable wildlife biologists in making best management practice recommendations. Home range was estimated at 88.1 square kilometers. Site suitability was calculated for elevation, forage, slope, water presence and horse observations. These variables were combined in successive iterations into one polygon. Suitability rankings established that 85 square kilometers are most suitable habitat, with 2,052 square kilometers of good habitat 1,252 square kilometers of fair habitat and 122 square kilometers of least suitable habitat.

  15. Cyberspace security system

    DOE Patents [OSTI]

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24T23:59:59.000Z

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  16. System security Dr Len Hamey

    E-Print Network [OSTI]

    Hamey, Len

    , firewalls, detecting intrusions) Security process cycle policy implementation administration audit risk access with firewall Use generic service banners Use intrusion detection system that can detect;2 Security Services Confidentiality service. Authentication service. Integrity service. Access Control

  17. Revised: August 2013 INFORMATION SYSTEMS

    E-Print Network [OSTI]

    Howitt, Ivan

    ] as the common security framework baseline to be used by the campuses of the University of North Carolina system implementation standards are the NC IT Security Manual, the Control Objectives for Information and related responsibilities 08.02.02 Information security awareness, education, and training 08.02.03 Disciplinary process 08

  18. Program Information | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    Information | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy...

  19. Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets

    E-Print Network [OSTI]

    Thaw, David Bernard

    2011-01-01T23:59:59.000Z

    assets. Current information security law in the Unitedimplications for information security professionalism inbeing abundant in the information security community: Yes,

  20. Professional, Applied & Continuing Education INFORMATION ASSURANCE & SECURITY CERTIFICATE

    E-Print Network [OSTI]

    Martin, Jeff

    Professional, Applied & Continuing Education INFORMATION ASSURANCE & SECURITY CERTIFICATE Demand for technical security and information assurance professionals has risen dramatically in recent years OPPORTUNITIES: TUITION: Required Courses (78 Hours): · Information Assurance and Security Level 1: Information

  1. ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy,

    E-Print Network [OSTI]

    Gering, Jon C.

    ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy, Information Access & Management STATUS: Approved GUIDELINE TITLE: Information Security Incident Response GUIDELINE PURPOSE: The purpose of information security incident response is to: mitigate the effects caused by such an incident

  2. MSc and Postgraduate Diploma in Information Security

    E-Print Network [OSTI]

    Royal Holloway, University of London

    of information security need internationally-recognised qualifications which How will the course help my career and understanding of What do employers say? Worldwide Access | Opportunity | International Standards qualifications. #12;`Attending my first Information Security supplier event after graduating made me reali

  3. A Game Theoretical Approach to Communication Security

    E-Print Network [OSTI]

    Gueye, Assane

    2011-01-01T23:59:59.000Z

    Information and communication systemssecurityTrust: An Element of Information Security,” in Security andInternational Journal of Information Security, vol. 4, pp.

  4. An Information Systems Security Risk Assessment Model Under Dempster- Schafer Theory of Belief Functions

    E-Print Network [OSTI]

    Sun, Lili; Srivastava, Rajendra P.; Mock, Theodore J.

    2006-01-01T23:59:59.000Z

    ], artificial intelligence and expert systems [18, 61], data mining [33, 60], financial portfolio management [45], image processing in radiology [10], remote sensing in agriculture [11] and in the ocean [29], and forecasting demand for mobile satellites [28...

  5. University of Warwick Information Security Policy 1. Introduction

    E-Print Network [OSTI]

    Davies, Christopher

    University of Warwick Information Security Policy 1. Introduction The University recognises's strategic objectives. Information security is important to the protection of the University's reputation implications for individuals and is subject to legal obligations. The consequences of information security

  6. Order Code RL33494 Security Classified and Controlled Information

    E-Print Network [OSTI]

    Laughlin, Robert B.

    Order Code RL33494 Security Classified and Controlled Information: History, Status, and Emerging Government and Finance Division #12;Security Classified and Controlled Information: History, Status in the creation, management, and declassification of national security information followed over the succeeding

  7. RISK MANAGEMENT FRAMEWORK: HELPING ORGANIZATIONS IMPLEMENT EFFECTIVE INFORMATION SECURITY PROGRAMS

    E-Print Network [OSTI]

    RISK MANAGEMENT FRAMEWORK: HELPING ORGANIZATIONS IMPLEMENT EFFECTIVE INFORMATION SECURITY PROGRAMS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute component of every organization's information security program. An effective risk management process enables

  8. A Security Framework for Agent-based Systems Jamal Bentahar

    E-Print Network [OSTI]

    Bentahar, Jamal

    1 A Security Framework for Agent-based Systems Jamal Bentahar Concordia Institute for Information to security fail to adequately address the e-computing challenges posed by open systems. They are mostly based, Canada Accepted: August 2007 Abstract Purpose ­ This paper aims to address some security issues in open

  9. Modern Quantum Technologies of Information Security

    E-Print Network [OSTI]

    Korchenko, Oleksandr; Gnatyuk, Sergiy

    2010-01-01T23:59:59.000Z

    In the paper systematization and classification of modern quantum technologies of the information security against cyber-terrorist attack are carried out. The characteristic of the basic directions of quantum cryptography from the viewpoint of used quantum technologies is given. The qualitative analysis of advantages and disadvantages of concrete quantum protocols is made. The current status of a problem of practical quantum cryptography using in telecommunication networks is considered. In particular, the short review of existing commercial systems of quantum key distribution is given.

  10. Threats to financial system security

    SciTech Connect (OSTI)

    McGovern, D.E.

    1997-06-01T23:59:59.000Z

    The financial system in the United States is slowly migrating from the bricks and mortar of banks on the city square to branch banks, ATM`s, and now direct linkage through computers to the home. Much work has been devoted to the security problems inherent in protecting property and people. The impact of attacks on the information aspects of the financial system has, however, received less attention. Awareness is raised through publicized events such as the junk bond fraud perpetrated by Milken or gross mismanagement in the failure of the Barings Bank through unsupervised trading activities by Leeson in Singapore. These events, although seemingly large (financial losses may be on the order of several billion dollars), are but small contributors to the estimated $114 billion loss to all types of financial fraud in 1993. Most of the losses can be traced to the contribution of many small attacks perpetrated against a variety of vulnerable components and systems. This paper explores the magnitude of these financial system losses and identifies new areas for security to be applied to high consequence events.

  11. A Method for Estimating the Financial Impact of Cyber Information Security Breaches Utilizing the Common Vulnerability Scoring System and Annual Loss Expectancy

    E-Print Network [OSTI]

    Lindsey, Michael B.

    2010-05-14T23:59:59.000Z

    Information security is relatively new field that is experiencing rapid growth in terms of malicious attack frequency and the amount of capital that firms must spend on attack defense. This rise in security expenditures has prompted corporate...

  12. U-200: Red Hat Directory Server Information Disclosure Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    0: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability U-200: Red Hat Directory Server Information Disclosure Security Issue and Vulnerability June 27,...

  13. ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy,

    E-Print Network [OSTI]

    Gering, Jon C.

    ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy, Information Access & Management STATUS: Approved POLICY TITLE: Information Technology Security Policy POLICY PURPOSE: The purpose of this Information Technology Security Policy is to ensure and describe the steps necessary to secure information

  14. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    cyber-security analysis of the SCADA system of the Gignac water distributioncyber security of SCADA systems managing other infrastructures (e.g. , oil and natural gas distribution

  15. Developing Secure Power Systems Professional Competence: Alignment...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs - Phase 2 (JulyAugust 2013) Developing Secure Power Systems...

  16. Port security and information technology

    E-Print Network [OSTI]

    Petrakakos, Nikolaos Harilaos

    2005-01-01T23:59:59.000Z

    The terrorist attacks of September 11th 2001 on New York and Washington DC shed light on the many security shortcomings that sea ports and the entire import and export process face. A primary source of these problems is ...

  17. Dartmouth Information Security Control Objectives (Jan 2013, version 5.1 ) Introduction

    E-Print Network [OSTI]

    Myers, Lawrence C.

    Information Security Officer (CISO). Click here for the electronic version on Dartmouth's Information Security

  18. The Secure Hash Payment System

    E-Print Network [OSTI]

    Thompson, Timothy J

    2001-01-01T23:59:59.000Z

    OF FIGURES FIGURE Page 1 SET overview 32 2 SET messages 34 3 SET and SSL overview 36 4 Overview of SHPS 48 5 An example E C M L document 56 6 An example E C C document 57 7 An example CurrencyUpdate document 65 8 An example PurchaseRequest document... information. Netscape's Secure Socket Layer (SSL) provides the secure link between the consumer and merchant. While this approach has been successful due to the availability of SSL in most web browsers, the approach does not provide the level of security...

  19. The U.S. Department of Energy, National Nuclear Security Agency's Use of Geographic Information Systems for Nuclear Emergency Response Support

    SciTech Connect (OSTI)

    A. L. Guber

    2001-06-01T23:59:59.000Z

    The U.S, Department of Energy (DOE), National Nuclear Security Agency's (NNSA) Remote Sensing Laboratory (RSL) provides Geographic Information System (GIS) support during nuclear emergency response activities. As directed by the NNSA, the RSL GIS staff maintains databases and equipment for rapid field deployment during an emergency response. When on location, GIS operators provide information products to on-site emergency managers as well as to emergency managers at the DOE Headquarters (HQ) Emergency Operations Center (EOC) in Washington, D.C. Data products are derived from multiple information sources in the field including radiological prediction models, field measurements taken on the ground and from the air, and pertinent information researched on the Internet. The GIS functions as a central data hub where it supplies the information to response elements in the field, as well as to headquarters officials at HQ during emergency response activities.

  20. Washington and Lee University Guidance on Information Security

    E-Print Network [OSTI]

    Marsh, David

    Washington and Lee University Guidance on Information Security This guidance addresses common issues that have come up during information security discussions with offices and departments across, Information Security Program Committee Chair (sdittman@wlu.edu) or Dean Tallman, Information Security Officer

  1. Algorithms and architecture for multiusers, multi-terminal, multi-layer information theoretic security

    E-Print Network [OSTI]

    Khisti, Ashish, 1979-

    2009-01-01T23:59:59.000Z

    As modern infrastructure systems become increasingly more complex, we are faced with many new challenges in the area of information security. In this thesis we examine some approaches to security based on ideas from ...

  2. Ontological Mapping of Information Security Best-Practice Guidelines

    E-Print Network [OSTI]

    Ontological Mapping of Information Security Best-Practice Guidelines Stefan Fenz, Thomas Pruckner security knowl- edge. While information security ontologies already exist, no methods have been proposed. Therefore, this paper presents a method for mapping the information security knowledge of the French EBIOS

  3. Cyber Security and Resilient Systems

    SciTech Connect (OSTI)

    Robert S. Anderson

    2009-07-01T23:59:59.000Z

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.

  4. Information Security and Quantum Mechanics: Security of Quantum Protocols

    E-Print Network [OSTI]

    P. Oscar Boykin

    2002-10-28T23:59:59.000Z

    The problem of security of quantum key protocols is examined. In addition to the distribution of classical keys, the problem of encrypting quantum data and the structure of the operators which perform quantum encryption is studied. It is found that unitary bases are central to both encryption of quantum information, as well as the generation of states used in generalized quantum key distribution (which are called mutually unbiased bases). A one-to-one correspondence between certain unitary bases and mutually unbiased bases is found. Finally, a new protocol for making anonymous classical broadcasts is given along with a security proof. An experimental procedure to implement this protocol is also given. In order to prove these new results, some new bounds for accessible information of quantum sources are obtained.

  5. Principles of Secure Information Flow Analysis Geoffrey Smith

    E-Print Network [OSTI]

    Smith, Geoffrey

    Principles of Secure Information Flow Analysis Geoffrey Smith School of Computing and Information to explain the #12;2 Geoffrey Smith principles underlying secure information flow analysis and to discuss

  6. A KNOWLEDGE BASE FOR JUSTIFIED INFORMATION SECURITY DECISION-MAKING

    E-Print Network [OSTI]

    Newcastle upon Tyne, University of

    Information Security Officer (CISO) within an organisation to ensure that such information is adequately protected. External standards exist to advise CISOs on how to secure infor- mation insecure employee behaviour. CISOs require more information than they are currently provided

  7. Banner Job Installation Security Form Office of Information Technology

    E-Print Network [OSTI]

    Karsai, Istvan

    Banner Job Installation Security Form Office of Information Technology 424 Roy S. Nicks Hall, Box: ______________________________ Job Description: ______________________________ Section 3. Security Information Banner Module 70728 Johnson City, Tennessee 37614 (423) 439-4648 · oithelp@etsu.edu Section 1. Requestor Information

  8. Physical and Information Security Policy Category: Campus Life

    E-Print Network [OSTI]

    Physical and Information Security Policy Category: Campus Life Facilities Information Management 1. The Security Office (Bentley Campus) will provide information to assist staff and students in protecting Manager. 2.7 Information security University information must be protected in a manner that is appropriate

  9. Information theoretic security by the laws of classical physics

    E-Print Network [OSTI]

    Mingesz, R; Gingl, Z; Granqvist, C G; Wen, H; Peper, F; Eubank, T; Schmera, G

    2013-01-01T23:59:59.000Z

    It has been shown recently that the use of two pairs of resistors with enhanced Johnson-noise and a Kirchhoff-loop-i.e., a Kirchhoff-Law-Johnson-Noise (KLJN) protocol-for secure key distribution leads to information theoretic security levels superior to those of a quantum key distribution, including a natural immunity against a man-in-the-middle attack. This issue is becoming particularly timely because of the recent full cracks of practical quantum communicators, as shown in numerous peer-reviewed publications. This presentation first briefly surveys the KLJN system and then discusses related, essential questions such as: what are perfect and imperfect security characteristics of key distribution, and how can these two types of securities be unconditional (or information theoretical)? Finally the presentation contains a live demonstration.

  10. Secure Control Systems for the Energy Sector

    SciTech Connect (OSTI)

    Smith, Rhett; Campbell, Jack; Hadley, Mark

    2012-03-31T23:59:59.000Z

    Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use this technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.

  11. Extracting Security Control Requirements University of Tulsa

    E-Print Network [OSTI]

    Gamble, R. F.

    , Requirements, Security Policy Modeling. 1. INTRODUCTION Networks and information systems have grown. Security has become a larger issue with the democratization of technology and information. Security accepted security controls for "Federal Information Systems and Organizations" [8]. NIST defines security

  12. Securing Control Systems Modems

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels DataDepartment of Energy Your Density Isn'tOriginEducationVideo »UsageSecretary of Energy Advisory Board FollowSectionSecuring

  13. Information Security Analysis Using Game Theory and Simulation

    SciTech Connect (OSTI)

    Schlicher, Bob G [ORNL] [ORNL; Abercrombie, Robert K [ORNL] [ORNL

    2012-01-01T23:59:59.000Z

    Information security analysis can be performed using game theory implemented in dynamic simulations of Agent Based Models (ABMs). Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. Our approach addresses imperfect information and scalability that allows us to also address previous limitations of current stochastic game models. Such models only consider perfect information assuming that the defender is always able to detect attacks; assuming that the state transition probabilities are fixed before the game assuming that the players actions are always synchronous; and that most models are not scalable with the size and complexity of systems under consideration. Our use of ABMs yields results of selected experiments that demonstrate our proposed approach and provides a quantitative measure for realistic information systems and their related security scenarios.

  14. Quantum non-locality and information security Muhammad Nadeem

    E-Print Network [OSTI]

    1 Quantum non-locality and information security Muhammad Nadeem Department of Basic Sciences-locality, as discussed here, is sufficient to achieve unconditional information security without requiring advanced, integrity, authenticity and availability of information to legitimate users. These information security

  15. Page 1 of 2 Policy Name: Information Technology (IT) Security

    E-Print Network [OSTI]

    Carleton University

    Page 1 of 2 Policy Name: Information Technology (IT) Security Originating/Responsible Department Information Officer (CIO) Policy: Information Technology (IT) Security Purpose: The purpose of this Policy is to outline Carleton University's approach to campus- wide IT security for networks, enterprise information

  16. Finance, IT Operations & Information Security Dear Colleagues,

    E-Print Network [OSTI]

    1 Finance, IT Operations & Information Security Dear Colleagues, It is hard not to be mindful with the guidance of their senior administrators. The re-organization in some of the finance offices continues the intranet site. #12;2 Harry Dumay, PhD MBA Chief Financial Officer/ Associate Dean for Finance

  17. PRIVACY AND SECURITY OF PERSONAL INFORMATION

    E-Print Network [OSTI]

    Sadeh, Norman M.

    Chapter 1 PRIVACY AND SECURITY OF PERSONAL INFORMATION Economic Incentives and Technological for many, the economic #12;2 incentives have not generated widespread adoption, and government in University acquisti@andrew.cmu.edu Abstract I discuss the evolution of the economic analysis of privacy

  18. Some Thoughts on Teaching Secure Programming

    E-Print Network [OSTI]

    Bishop, Matt

    2013-01-01T23:59:59.000Z

    Teaching Context in Information Security,” ACM Journal onWorld Conference on Information Security Education pp. 23–Colloquium on Information Systems Security Education (CISSE)

  19. The Promotion of Access to and Protection of National Security Information in South Africa

    E-Print Network [OSTI]

    Klaaren, Jonathan E.

    2003-01-01T23:59:59.000Z

    broadly, a military information security policy has beenfor secrecy and therefore information security measures in asection describes the information security implementation

  20. Running head: A Systematic Approach to Secure System Design 1 Towards a More Systematic Approach to Secure Systems

    E-Print Network [OSTI]

    Aickelin, Uwe

    advice given to software system designers. A set of thirty nine cyber-security experts took part ratings of their components. We show that when aggregated, a coherent consensus view of security emerges of this is that the cybersecurity of information systems has become an increasing concern. Assessing the level of risk posed

  1. Office of the CISO, December 2010 Information Security Risk Advisory

    E-Print Network [OSTI]

    Queitsch, Christine

    Office of the CISO, December 2010 Information Security Risk Advisory Web Browsing Software attacks. The Office of the Chief Information Security Officer (CISO) encourages you to be aware of the following when

  2. A UNIFIED FRAMEWORK OF INFORMATION ASSURANCE FOR THE DESIGN AND ANALYSIS OF SECURITY ALGORITHMS

    E-Print Network [OSTI]

    Baras, John S.

    A UNIFIED FRAMEWORK OF INFORMATION ASSURANCE FOR THE DESIGN AND ANALYSIS OF SECURITY ALGORITHMS several information security goals, such as authentication, integrity and secrecy, have often been and the Institute for Systems Research, University of Maryland, College Park, MD, 20742 ABSTRACT Most information

  3. A Comprehensive and Comparative Metric for Information Security

    E-Print Network [OSTI]

    Breu, Ruth

    A Comprehensive and Comparative Metric for Information Security Steffen Weiß1 , Oliver Weissmann2 security GmbH, Germany Abstract Measurement of information security is important for organizations , Falko Dressler1* 1 Dept. of Computer Science 7, University of Erlangen, Germany 2 atsec information

  4. DATE: NVLAP LAB CODE: INFORMATION TECHNOLOGY SECURITY TESTING

    E-Print Network [OSTI]

    DATE: NVLAP LAB CODE: INFORMATION TECHNOLOGY SECURITY TESTING TEST METHOD SELECTION LIST;DATE: NVLAP LAB CODE: INFORMATION TECHNOLOGY SECURITY TESTING TEST METHOD SELECTION LIST for reasons outside the scope of this document. #12;DATE: NVLAP LAB CODE: INFORMATION TECHNOLOGY SECURITY

  5. Constructivist Approach To Information Security Awareness In The Middle East

    E-Print Network [OSTI]

    Wang, Yongge

    Constructivist Approach To Information Security Awareness In The Middle East Mohammed Boujettif the application of an approach to en- hance information security awareness amongst employees within middle- eastern companies, in effort to improve information security. We aim at surveying the current attitudes

  6. SUCCESS FACTORS IN INFORMATION SECURITY IMPLEMENTATION IN ORGANIZATIONS

    E-Print Network [OSTI]

    Williamson, John

    SUCCESS FACTORS IN INFORMATION SECURITY IMPLEMENTATION IN ORGANIZATIONS Maryam Al-Awadi University This paper will explore and identify success factors related to the implementation of information security was to identify those factors required to ensure successful implementation of information security, particularly

  7. TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

    SciTech Connect (OSTI)

    Lee, Hsien-Hsin S

    2010-05-11T23:59:59.000Z

    The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

  8. Appendix III to OMB Circular No. A-130 -Security of Federal Automated Information Resources

    E-Print Network [OSTI]

    Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources A automated information security programs; assigns Federal agency responsibilities for the security of automated information; and links agency automated information security programs and agency management

  9. Systems Security at Chemical and Biochemical Engineering

    E-Print Network [OSTI]

    and Biochemical Engineering. The Systems Administrator for Chemical and Biochemical Engineering regularly reviews network security.However, maintaining systems security is a group effort and a never-ending task. Here Administrator regarding security bugs that may affect your personal computer. If a patch is available, download

  10. IBM Internet Security Systems Threat Insight Monthly

    E-Print Network [OSTI]

    IBM Internet Security Systems X-Force ® Threat Insight Monthly www.iss.netwww.iss.net May 2007 #12 The Emerging Threat Landscape . . . . . . . . . . . . . . . . . . . . . . . . 2 Mobile Security Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Contents www.iss.netwww.iss.net IBM Internet Security Systems X-Force ® Threat Insight Monthly May

  11. IBM Internet Security Systems Threat Insight Monthly

    E-Print Network [OSTI]

    of cryptography as it relates to the computer security industry. We will look at some of the underlying technologyIBM Internet Security Systems X-Force ® Threat Insight Monthly www.iss.netwww.iss.net September . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Contents www.iss.netwww.iss.net IBM Internet Security Systems X-Force ® Threat Insight Monthly

  12. NIST Computer Security Division csrc.nist.gov Supplemental Guidance on

    E-Print Network [OSTI]

    -03, Enhancing the Security of Federal Information and Information Systems, stated that, "Our nation's security monitoring, or security authorization. Keywords Federal Information Security Management Act, Information Information For additional information on NIST's Computer Security Division programs, projects

  13. Secure Information Sharing and Dissemination in the Context of Public Security

    E-Print Network [OSTI]

    Secure Information Sharing and Dissemination in the Context of Public Security Professor Nabil R. Adam Director, The Center for Information Management Integration & Connectivity (CIMIC) Executive://cimic.rutgers.edu/~adam/ Abstract In the context of homeland security, one of the key challenges in such environment is achieving

  14. Find It. Delete It. Protect It. Information Technology Security Strategy

    E-Print Network [OSTI]

    Sheridan, Jennifer

    Find It. Delete It. Protect It. Information Technology Security Strategy Executive Summary The general proposed strategy is to optimize risk management for information security incrementally and over that security will be a process rather than project. Achievement of the goal, optimized risk management

  15. MULTIAREA SYSTEM RELIABILITY: THE ECONOMIC EVALUATION OF SYSTEM SECURITY CRITERIA

    E-Print Network [OSTI]

    Gross, George

    MULTIAREA SYSTEM RELIABILITY: THE ECONOMIC EVALUATION OF SYSTEM SECURITY CRITERIA BY TEOMAN GULER B assessment studies and the quantification of the economics of secure power system operations security and the economics of secure operations in the competitive market environment. The advent

  16. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    SciTech Connect (OSTI)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01T23:59:59.000Z

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  17. Next generation information systems

    SciTech Connect (OSTI)

    Limback, Nathan P [Los Alamos National Laboratory; Medina, Melanie A [Los Alamos National Laboratory; Silva, Michelle E [Los Alamos National Laboratory

    2010-01-01T23:59:59.000Z

    The Information Systems Analysis and Development (ISAD) Team of the Safeguards Systems Group at Los Alamos National Laboratory (LANL) has been developing web based information and knowledge management systems for sixteen years. Our vision is to rapidly and cost effectively provide knowledge management solutions in the form of interactive information systems that help customers organize, archive, post and retrieve nonproliferation and safeguards knowledge and information vital to their success. The team has developed several comprehensive information systems that assist users in the betterment and growth of their organizations and programs. Through our information systems, users are able to streamline operations, increase productivity, and share and access information from diverse geographic locations. The ISAD team is also producing interactive visual models. Interactive visual models provide many benefits to customers beyond the scope of traditional full-scale modeling. We have the ability to simulate a vision that a customer may propose, without the time constraints of traditional engineering modeling tools. Our interactive visual models can be used to access specialized training areas, controlled areas, and highly radioactive areas, as well as review site-specific training for complex facilities, and asset management. Like the information systems that the ISAD team develops, these models can be shared and accessed from any location with access to the internet. The purpose of this paper is to elaborate on the capabilities of information systems and interactive visual models as well as consider the possibility of combining the two capabilities to provide the next generation of infonnation systems. The collection, processing, and integration of data in new ways can contribute to the security of the nation by providing indicators and information for timely action to decrease the traditional and new nuclear threats. Modeling and simulation tied to comprehensive databases are progressions of the tools that can be used in new ways and further developed to enhance the mission of nonproliferation and threat reduction.

  18. ITL BULLETIN FOR NOVEMBER 2010 THE EXCHANGE OF HEALTH INFORMATION: DESIGNING A SECURITY

    E-Print Network [OSTI]

    ITL BULLETIN FOR NOVEMBER 2010 THE EXCHANGE OF HEALTH INFORMATION: DESIGNING A SECURITY ARCHITECTURE TO PROVIDE INFORMATION SECURITY AND PRIVACY Shirley Radack, Editor Computer Security Division protected. Better management of electronic health information will depend upon its secure exchange between

  19. Abstract--The security of modern large interconnected power systems suffers from the absence of a unique security coordinator

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    1 Abstract-- The security of modern large interconnected power systems suffers from the absence interconnected power systems. In the absence of a full information exchange, the operators' alternative solution contingencies screening , control areas data exchange, multi-area electric power system security assessment. I

  20. Center for Control System Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625govInstrumentstdmadapInactiveVisiting the TWPSuccess StoriesFebruaryMetalControl System Security Critical

  1. SCADA System Security ECE 478 Network Security

    E-Print Network [OSTI]

    water treatment systems; electric power transmission, distribution, and generation; petroleum storage variety of industries including Electric power generation, transmission, and distribution, Environmental. A Human-machine interface allows the operator to view the state of the plant equipment. Dumb terminals

  2. Copyright 2011 Northrop Grumman Corporation Northrop Grumman Information Systems (NGIS)

    E-Print Network [OSTI]

    from unattended sensors · Space vulnerabilities and survivability · Cyber security/informationCopyright © 2011 Northrop Grumman Corporation Northrop Grumman Information Systems (NGIS Northrop Grumman Corporation Page 2 1. Overview Information Sponsor ­Northrop Grumman Information Systems

  3. INFORMATION SECURITY GROUP Course Specification 2013-14

    E-Print Network [OSTI]

    Mitchell, Chris

    with security mechanisms in modern computer systems and will consider: the core concepts: security policies understanding of the role of security mechanisms for modern computer systems, including both hardware in hardware and operating systems; memory management, memory protection and logical protection; access control

  4. 29.01.03.M1.26 Information Resources Security Risks Assessment Reviews Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    29.01.03.M1.26 Information Resources ­ Security Risks Assessment Reviews Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.26 Information Resources ­ Information Security Risk Assessment Reviews system and the value and accuracy of their information security risk assessments. Reason Information

  5. Control Systems Security Publications Library | Department of...

    Energy Savers [EERE]

    Publications Library Control Systems Security Publications Library Publications Library Repository of documents, listed by topic. (Some of the documents in this section require...

  6. Collaboration Topics - System Software | National Nuclear Security...

    National Nuclear Security Administration (NNSA)

    System Software | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear...

  7. Nevada National Security Site Cleanup Information Is Just a Click...

    Office of Environmental Management (EM)

    National Security Site Cleanup Information Is Just a Click Away with Computer Map, Database - New Interactive Map Makes NNSS Data More Accessible to the Public Nevada National...

  8. Can We Improve Energy Efficiency of Secure Disk Systems without Modifying Security Mechanisms?

    E-Print Network [OSTI]

    Qin, Xiao

    Can We Improve Energy Efficiency of Secure Disk Systems without Modifying Security Mechanisms--Improving energy efficiency of security-aware storage systems is challenging, because security and energy security and energy efficiency is to profile encryption algorithms to decide if storage systems would

  9. ORO Office Safeguards and Security Clearance Tracking System...

    Energy Savers [EERE]

    Office Safeguards and Security Clearance Tracking System and Visitor Control System PIA, Oak Ridge Operations Office ORO Office Safeguards and Security Clearance Tracking System...

  10. IBM Internet Security Systems Threat Insight Monthly

    E-Print Network [OSTI]

    IBM Internet Security Systems X-Force ® Threat Insight Monthly www.iss.netwww.iss.net February 2007 Contents www.iss.netwww.iss.net IBM Internet Security Systems X-Force ® Threat Insight Monthly February 2007 #12;X-Force® Threat Insight Monthly > February 2007 www.iss.netwww.iss.net About this report

  11. IBM Internet Security Systems Threat Insight Monthly

    E-Print Network [OSTI]

    IBM Internet Security Systems X-Force ® Threat Insight Monthly www.iss.netwww.iss.net June 2007 #12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Contents www.iss.netwww.iss.net IBM Internet Security Systems X-Force ® Threat Insight Monthly June 2007 #12;X-Force® Threat Insight Monthly > June 2007 www.iss.netwww.iss.net About this report

  12. ITL Bulletins are published by the Information Technology Laboratory

    E-Print Network [OSTI]

    Intrusion Detection Systems, July 2003 IT Security Metrics, August 2003 Information Technology Security Security Considerations in the Information System Development Life Cycle, December 2003 Computer Security Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems

  13. Bounds on Information and the Security of Quantum Cryptography

    E-Print Network [OSTI]

    E. Biahm; T. Mor

    1997-01-08T23:59:59.000Z

    Strong attacks against quantum key distribution use quantum memories and quantum gates to attack directly the final key. In this paper we extend a novel security result recently obtained, to demonstrate proofs of security against a wide class of such attacks. To reach this goal we calculate information-dependent reduced density matrices, we study the geometry of quantum mixed states, and we find bounds on the information leaked to an eavesdropper. Our result suggests that quantum cryptography is ultimately secure.

  14. Quantum Public-Key Encryption with Information Theoretic Security

    E-Print Network [OSTI]

    Jiangyou Pan; Li Yang

    2012-02-20T23:59:59.000Z

    We propose a definition for the information theoretic security of a quantum public-key encryption scheme, and present bit-oriented and two-bit-oriented encryption schemes satisfying our security definition via the introduction of a new public-key algorithm structure. We extend the scheme to a multi-bitoriented one, and conjecture that it is also information theoretically secure, depending directly on the structure of our new algorithm.

  15. Information Security Policy http://www.bu.edu/policies/pdf/Info_Security_Policy_02-17-10.pdf

    E-Print Network [OSTI]

    Xia, Yu "Brandon"

    1 Information Security Policy http://www.bu.edu/policies/pdf/Info_Security_Policy_02-17-10.pdf Information properly and securely. Reason for Policy / Implication Statement Boston University is committed to collecting, handling, storing and using Sensitive Information properly and securely. This Policy establishes

  16. Secure videoconferencing equipment switching system and method

    DOE Patents [OSTI]

    Hansen, Michael E. (Livermore, CA)

    2009-01-13T23:59:59.000Z

    A switching system and method are provided to facilitate use of videoconference facilities over a plurality of security levels. The system includes a switch coupled to a plurality of codecs and communication networks. Audio/Visual peripheral components are connected to the switch. The switch couples control and data signals between the Audio/Visual peripheral components and one but nor both of the plurality of codecs. The switch additionally couples communication networks of the appropriate security level to each of the codecs. In this manner, a videoconferencing facility is provided for use on both secure and non-secure networks.

  17. Delegating Network Security with More Information

    E-Print Network [OSTI]

    Naous, Jad

    Network security is gravitating towards more centralized control. Strong centralization places a heavy burden on the administrator who has to manage complex security policies and be able to adapt to users' requests. To be ...

  18. Secure Multiparty Computation Based Privacy Preserving Smart Metering System

    E-Print Network [OSTI]

    Franchetti, Franz

    Secure Multiparty Computation Based Privacy Preserving Smart Metering System Cory Thoma Information Ave. Pittsburgh, PA 15213 Email: {tcui,franzf}@ece.cmu.edu Abstract--Smart metering systems provide privacy preserving protocol for smart meter based load management. Using SMC and a proper designed

  19. Analytical foundations of physical security system assessment 

    E-Print Network [OSTI]

    Graves, Gregory Howard

    2006-10-30T23:59:59.000Z

    Physical security systems are intended to prevent or mitigate potentially catastrophic loss of property or life. Decisions regarding the selection of one system or configuration of resources over another may be viewed as ...

  20. Multimedia Systems as Immune System to Improve Automotive Security?

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Multimedia Systems as Immune System to Improve Automotive Security? Jana Dittmann1 , Tobias Hoppe1 and environment. Especially in the field of automotive security, producers are seek- ing cost efficient- using resources. Initially, working in automotive security, it was easy to see that a wide variety

  1. Secure Information Exchange Gateway for Electric Grid Operations

    SciTech Connect (OSTI)

    Robertson, F.; Carroll, J.; Sanders, William; Yardley, Timothy; Heine, Erich; Hadley, Mark; McKinnon, David; Motteler, Barbara; Giri, Jay; Walker, William; McCartha, Esrick

    2014-09-30T23:59:59.000Z

    The major objectives of the SIEGate project were to improve the security posture and minimize the cyber-attack surface of electric utility control centers and to reduce the cost of maintaining control-room-to-control-room information exchange. Major project goals included the design, development, testing, and commercialization of a single security-hardened appliance that could meet industry needs for resisting cyber-attacks while protecting the confidentiality and integrity of a growing volume of real-time information needed to ensure the reliability of the bulk electric system and interoperating with existing data formats and networking technologies. The SIEGate project has achieved its goals and objectives. The SIEGate Design Document, issued in March 2012, presented SIEGate use cases, provided SIEGate requirements, established SIEGate design principles, and prescribed design functionality of SIEGate as well as the components that make up SIEGate. SIEGate Release Version 1.0 was posted in January 2014. Release Version 1.0.83, which was posted on March 28, 2014, fixed many issues discovered by early adopters and added several new features. Release Candidate 1.1, which added additional improvements and bug fixes, was posted in June 2014. SIEGate executables have been downloaded more than 300 times. SIEGate has been tested at PJM, Entergy, TVA, and Southern. Security testing and analysis of SIEGate has been conducted at PNNL and PJM. Alstom has provided a summary of recommended steps for commercialization of the SIEGate Appliance and identified two deployment models with immediate commercial application.

  2. CONTINUOUS MONITORING OF INFORMATION SECURITY: AN ESSENTIAL COMPONENT OF RISK MANAGEMENT

    E-Print Network [OSTI]

    CONTINUOUS MONITORING OF INFORMATION SECURITY: AN ESSENTIAL COMPONENT OF RISK MANAGEMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute) security, and the assurance of the confidentiality, integrity, and availability of information

  3. Information Technology Security Training Requirements Appendix E --Training Cross Reference E-1

    E-Print Network [OSTI]

    Information Technology Security Training Requirements APPENDIX E Appendix E -- Training Cross Reference E-1 #12;Information Technology Security Training Requirements Appendix E -- Training Cross Reference E-2 #12;Information Technology Security Training Requirements APPENDIX E -- JOB FUNCTION

  4. Washington and Lee University Guidelines for Responding to Information Security Breaches

    E-Print Network [OSTI]

    Marsh, David

    Washington and Lee University Guidelines for Responding to Information Security Breaches Notifications 1. As further detailed in the university's Guidelines for Reporting Information Security Breaches regarding an actual or suspected data breach should contact: i. the university's Information Security

  5. J. Douglas Streit, Information Security Officer Office of Computing and Communications Services

    E-Print Network [OSTI]

    J. Douglas Streit, Information Security Officer Office of Computing and Communications Services Last updated February 6, 2012 Old Dominion University Information Technology Security Program #12;J. Douglas Streit, Information Security Officer Office of Computing and Communications Services Last updated

  6. Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

    SciTech Connect (OSTI)

    Sheldon, Frederick T [ORNL; Krings, Axel [ORNL; Yoo, Seong-Moo [ORNL; Mili, Ali [ORNL; Trien, Joseph P [ORNL

    2006-01-01T23:59:59.000Z

    The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglected or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .

  7. A Summary of Control System Security Standards Activities in...

    Energy Savers [EERE]

    A Summary of Control System Security Standards Activities in the Energy Sector (October 2005) A Summary of Control System Security Standards Activities in the Energy Sector...

  8. Control Systems Security News Archive | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    News Archive Control Systems Security News Archive Control Systems Security News Archive September 2010 - Secretary Chu Announces Latest Efforts to Address Cybersecurity August...

  9. National SCADA Test Bed - Enhancing control systems security...

    Energy Savers [EERE]

    SCADA Test Bed - Enhancing control systems security in the energy sector (September 2009) National SCADA Test Bed - Enhancing control systems security in the energy sector...

  10. Activities to Secure Control Systems in the Energy Sector | Department...

    Office of Environmental Management (EM)

    Activities to Secure Control Systems in the Energy Sector Activities to Secure Control Systems in the Energy Sector Presentation-given at the Federal Utility Partnership Working...

  11. Common Cyber Security Vulnerabilities Observed in Control System...

    Energy Savers [EERE]

    Common Cyber Security Vulnerabilities Observed in Control System Assessments by the INL NSTB Program Common Cyber Security Vulnerabilities Observed in Control System Assessments by...

  12. Security Analysis and Project Management Systems | ornl.gov

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Security Analysis and Project Management Systems SHARE Security Analysis and Project Management Systems ORNL brings together the subject matter experts with programmers to design,...

  13. CS2SAT: THE CONTROL SYSTEMS CYBER SECURITY SELF-ASSESSMENT TOOL

    SciTech Connect (OSTI)

    Kathleen A. Lee

    2008-01-01T23:59:59.000Z

    The Department of Homeland Security National Cyber Security Division has developed the Control System Cyber Security Self-Assessment Tool (CS2SAT) that provides users with a systematic and repeatable approach for assessing the cyber-security posture of their industrial control system networks. The CS2SAT was developed by cyber security experts from Department of Energy National Laboratories and with assistance from the National Institute of Standards and Technology. The CS2SAT is a desktop software tool that guides users through a step-by-step process to collect facility-specific control system information and then makes appropriate recommendations for improving the system’s cyber-security posture. The CS2SAT provides recommendations from a database of industry available cyber-security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate-specific security vulnerabilities.

  14. Recommended Practice for Securing Control System Modems

    SciTech Connect (OSTI)

    James R. Davidson; Jason L. Wright

    2008-01-01T23:59:59.000Z

    This paper addresses an often overlooked “backdoor” into critical infrastructure control systems created by modem connections. A modem’s connection to the public telephone system is similar to a corporate network connection to the Internet. By tracing typical attack paths into the system, this paper provides the reader with an analysis of the problem and then guides the reader through methods to evaluate existing modem security. Following the analysis, a series of methods for securing modems is provided. These methods are correlated to well-known networking security methods.

  15. Lecture 13: Control System Cyber Security

    E-Print Network [OSTI]

    CERN. Geneva

    2013-01-01T23:59:59.000Z

    Today, the industralized world lives in symbiosis with control systems: it depends on power distribution, oil production, public transport, automatic production lines. While the convenience is at hand, still too many control systems are designed without any security in mind, lack basic security protections, and are not even robust enough to withstand basic attacks. The Stuxnet worm attacking Siemens PLCs in 2010 was another close call. Attackers currently enjoy hacking control systems, and aim to switch lights off. This presentation shall recap the current situation and outline why the presenter is still waiting for a change in paradigm. Stefan Lüders, PhD, graduated from the Swiss Federal Institute of Technology in Zurich and joined CERN in 2002. Being initially developer of a common safety system used in all four experiments at the Large Hadron Collider, he gathered expertise in cyber-security issues of control systems. Consequently in 2004, he took over responsibilities in securing CERN's accelerator and...

  16. Office of the CISO, February 2011 Information Security and Privacy Risk Advisory

    E-Print Network [OSTI]

    Queitsch, Christine

    Office of the CISO, February 2011 Information Security and Privacy Risk Advisory Phishing Phishing's trust in traditional landline communication. The Office of the Chief Information Security Officer (CISO

  17. Secure videoconferencing equipment switching system and method

    DOE Patents [OSTI]

    Dirks, David H; Gomes, Diane; Stewart, Corbin J; Fischer, Robert A

    2013-04-30T23:59:59.000Z

    Examples of systems described herein include videoconferencing systems having audio/visual components coupled to a codec. The codec may be configured by a control system. Communication networks having different security levels may be alternately coupled to the codec following appropriate configuration by the control system. The control system may also be coupled to the communication networks.

  18. March 23, 2008 Databases: Information Systems 1 Information Systems

    E-Print Network [OSTI]

    Adam, Salah

    March 23, 2008 Databases: Information Systems 1 Information Systems #12;March 23, 2008 Databases: Information Systems 2 Objectives What is an Information System (IS) + Classification of Information Systems + Evolution of Information Systems + Information System Management + Performance Requirements of ISs + #12

  19. T-582: RSA systems has resulted in certain information being...

    Broader source: Energy.gov (indexed) [DOE]

    2: RSA systems has resulted in certain information being extracted from RSA systems that relates to RSA SecurID T-582: RSA systems has resulted in certain information being...

  20. Information Analysis Methodology for Border Security Deployment Prioritization and Post Deployment Evaluation

    SciTech Connect (OSTI)

    Booker, Paul M.; Maple, Scott A.

    2010-06-08T23:59:59.000Z

    Due to international commerce, cross-border conflicts, and corruption, a holistic, information driven, approach to border security is required to best understand how resources should be applied to affect sustainable improvements in border security. The ability to transport goods and people by land, sea, and air across international borders with relative ease for legitimate commercial purposes creates a challenging environment to detect illicit smuggling activities that destabilize national level border security. Smuggling activities operated for profit or smuggling operations driven by cross border conflicts where militant or terrorist organizations facilitate the transport of materials and or extremists to advance a cause add complexity to smuggling interdiction efforts. Border security efforts are further hampered when corruption thwarts interdiction efforts or reduces the effectiveness of technology deployed to enhance border security. These issues necessitate the implementation of a holistic approach to border security that leverages all available data. Large amounts of information found in hundreds of thousands of documents can be compiled to assess national or regional borders to identify variables that influence border security. Location data associated with border topics of interest may be extracted and plotted to better characterize the current border security environment for a given country or region. This baseline assessment enables further analysis, but also documents the initial state of border security that can be used to evaluate progress after border security improvements are made. Then, border security threats are prioritized via a systems analysis approach. Mitigation factors to address risks can be developed and evaluated against inhibiting factor such as corruption. This holistic approach to border security helps address the dynamic smuggling interdiction environment where illicit activities divert to a new location that provides less resistance to smuggling activities after training or technology is deployed at a given location. This paper will present an approach to holistic border security information analysis.

  1. Security approaches for Radio Frequency Identification systems

    E-Print Network [OSTI]

    Foley, Joseph Timothy, 1976-

    2007-01-01T23:59:59.000Z

    In this thesis, I explore the challenges related to the security of the Electronic Product Code (EPC) class of Radio Frequency Identification (RFID) tags and associated data. RFID systems can be used to improve supply chain ...

  2. Secure and Efficient Routable Control Systems

    SciTech Connect (OSTI)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01T23:59:59.000Z

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  3. INFORMATION SYSTEMS

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    SYSTEMS Providing an efficient, seamless virtual work environment To accelerate progress toward mission goals, our business and operations processes will be aggressively...

  4. Embedding Security Policies into a Distributed Computing Environment

    E-Print Network [OSTI]

    Kühnhauser, Winfried

    : security policy, multipolicy system, information domain, policy domain, custodian, policy sep- arationD information systems must support information processing under multiple security policies of any complexity information support information processing among users with di erent security attributes employing resources

  5. ISM6328 -Boca Raton Campus-Fall 2011-MB1 ISM 6328: INFORMATION SECURITY MANAGEMENT

    E-Print Network [OSTI]

    Richman, Fred

    ISM6328 - Boca Raton Campus- Fall 2011-MB1 ISM 6328: INFORMATION SECURITY MANAGEMENT FALL 2011 security. Emphasis is on the management of information security efforts as well as progression in adopting, regularity and policy aspects of Information Security Management. We will examine security management

  6. Primer Control System Cyber Security Framework and Technical Metrics

    SciTech Connect (OSTI)

    Wayne F. Boyer; Miles A. McQueen

    2008-05-01T23:59:59.000Z

    The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

  7. Ninth Annual Cyber and Information Security Research Conference...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Ninth Annual Cyber and Information Security Research Conference Apr 08 2014 04-08-2014 08:30 AM - 04-10-2014 04:00 PM Multiple speakers, multiple disciplines, multiple affiliations...

  8. Information Security Framework for Small and Medium Sized Businesses

    E-Print Network [OSTI]

    Michnick, Steven M.

    2009-06-17T23:59:59.000Z

    Information security issues are a challenge to everyone who uses computers. The rise of the personal computer as a common business tool and the Internet as a common means of business communication and commerce have also created an environment...

  9. Policy 3505 Information Technology Security 1 OLD DOMINION UNIVERSITY

    E-Print Network [OSTI]

    Code of Practice for Information Security Management (ISO/IEC 27002:2005) The international standard Electrotechnical Commission (IEC) A global organization that develops and publishes standards, the private sector, consumer groups, professional associations, and others. International Organization

  10. Managing power system security and optimization

    SciTech Connect (OSTI)

    O'Grady, M.J. (Potomac Electric Power Co., Washington, DC (United States)); Briggs, W.T.; Stadlin, W.O.

    1994-10-01T23:59:59.000Z

    Power system control objectives of energy management systems (EMSs) are well defined and understood: reliability, security, and optimization. However, the approaches to achieving these objectives have often resulted in disjointed solutions and poor acceptance by system operators. This article describes how the new PEPCO EMS provides unique system-wide (generation, transmission, distribution) security and optimization strategies via a coordinated suite of real-time closed-loop control functions. System operators played a key role in defining the application features and user interfaces, ensuring correct operating practices.

  11. Implementing Information Security and Its Technology: A LineManagement Perspective

    SciTech Connect (OSTI)

    Barletta, William A.

    2005-08-22T23:59:59.000Z

    Assuring the security and privacy of institutionalinformation assets is a complex task for the line manager responsible forinternational and multi-national transactions. In the face of an unsureand often conflicting international legal framework, the line managermust employ all available tools in an Integrated Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat to information assets and the physical systems thatinformation systems control.

  12. Secure sequential transmission of quantum information

    E-Print Network [OSTI]

    Kabgyun Jeong; Jaewan Kim

    2015-01-19T23:59:59.000Z

    We propose a quantum communication protocol that can be used to transmit any quantum state, one party to another via several intermediate nodes, securely on quantum communication network. The scheme makes use of the sequentially chained and approximate version of private quantum channels satisfying certain commutation relation of $n$-qubit Pauli operations. In this paper, we study the sequential structure, security analysis, and efficiency of the quantum sequential transmission (QST) protocol in depth.

  13. Security needs in embedded systems Tata Elxsi Ltd. India

    E-Print Network [OSTI]

    also briefs on the security enforced in a device by the use of proprietary security technology and also will be useless #12;Security needs in embedded systems 2 or unintelligible for anyone who is having unauthorized

  14. Auction Market System in Electronic Security Trading Platform

    E-Print Network [OSTI]

    Tesfatsion, Leigh

    Auction Market System in Electronic Security Trading Platform Li Xihao Bielefeld Graduate School security trading platform Xetra oper- ated by Frankfurt Stock Exchange, we consider the Xetra auction. Keywords: agent-based modelling, computational market experiment, electronic security trading platform

  15. Secure Data Transfer Guidance for Industrial Control and SCADA Systems

    SciTech Connect (OSTI)

    Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

    2011-09-01T23:59:59.000Z

    This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

  16. Design tools for complex dynamic security systems.

    SciTech Connect (OSTI)

    Byrne, Raymond Harry; Rigdon, James Brian; Rohrer, Brandon Robinson; Laguna, Glenn A.; Robinett, Rush D. III (.; ); Groom, Kenneth Neal; Wilson, David Gerald; Bickerstaff, Robert J.; Harrington, John J.

    2007-01-01T23:59:59.000Z

    The development of tools for complex dynamic security systems is not a straight forward engineering task but, rather, a scientific task where discovery of new scientific principles and math is necessary. For years, scientists have observed complex behavior but have had difficulty understanding it. Prominent examples include: insect colony organization, the stock market, molecular interactions, fractals, and emergent behavior. Engineering such systems will be an even greater challenge. This report explores four tools for engineered complex dynamic security systems: Partially Observable Markov Decision Process, Percolation Theory, Graph Theory, and Exergy/Entropy Theory. Additionally, enabling hardware technology for next generation security systems are described: a 100 node wireless sensor network, unmanned ground vehicle and unmanned aerial vehicle.

  17. Stay protected when connected Visit security.duke.edu for more information.

    E-Print Network [OSTI]

    McShea, Daniel W.

    Stay protected when connected Visit security.duke.edu for more information. Follow these guidelines Visit security.duke.edu for more information. Follow these tips for securing mobile devices: iOS 6/software/. Windows Mac Another free option: Microsoft Security Essentials: http://windows.microsoft.com/en- US/windows/products/security

  18. Security Forms and Information | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page onYouTube YouTube Note: Since the.pdfBreakingMay 2015ParentsMiddle|Security Enforcement Documents Security EnforcementNew

  19. System vulnerability as a concept to assess power system dynamic security

    SciTech Connect (OSTI)

    Fouad, A.A.; Qin Zhou; Vittal, V. (Iowa State Univ., Ames, IA (United States))

    1994-05-01T23:59:59.000Z

    The concept of system vulnerability is introduced as a new framework for power system dynamic security assessment. This new concept combines information on the level of security and its trend with changing system condition. In this paper the transient energy function (TEF) method is used as a tool of analysis. The energy margin [Delta]V is used as an indicator of the level of security, and its sensitivity ([partial derivative][Delta]V/[partial derivative]p) to a changing system parameter p as an indicator of its trend. The thresholds for acceptable levels of the security indicator ([Delta]V) and its trend ([partial derivative][Delta]V/[partial derivative]p) are related to the stability limits of a critical system parameter. A method is proposed to determine these thresholds using heuristic techniques derived from operating practices and policies for a change in plant generation. Results from the IEEE 50 generator test system are presented to illustrate the procedure.

  20. An integrated mobile system for port security

    SciTech Connect (OSTI)

    Cester, D. [Dipartimento di Fisica, Universita di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Fabris, D. [INFN Sezione di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Lunardon, M.; Moretto, S. [Dipartimento di Fisica, Universita di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Nebbia, G. [INFN Sezione di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Pesente, S.; Stevanato, L.; Viesti, G. [Dipartimento di Fisica, Universita di Padova, Via F. Marzolo 8, Padova I-35131 (Italy); Neri, F.; Petrucci, S.; Selmi, S.; Tintori, C. [CAEN S.p.A., Via Vetraia 11, I-55049, Viareggio LU (Italy)

    2011-07-01T23:59:59.000Z

    An integrated mobile system for port security is presented. The system is designed to perform active investigations, by using the tagged neutron inspection technique, of suspect dangerous materials as well as passive measurements of neutrons and gamma rays to search and identify radioactive and special nuclear materials. (authors)

  1. Information Security: Coordination of Federal Cyber Security Research and

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page onYouTube YouTube Note: Since the.pdfBreaking of BlytheDepartment of EnergyTreatmentInformationPlanDevelopment |

  2. Improving Energy Efficiency and Security for Disk Systems

    E-Print Network [OSTI]

    Qin, Xiao

    Improving Energy Efficiency and Security for Disk Systems Shu Yin1 , Mohammed I. Alghamdi2 been focused on data security and energy efficiency, most of the existing approaches have concentrated optimization with security services to enhance the security of energy-efficient large- scale storage systems

  3. Int. J. Information and Computer Security, Vol. 4, No. 4, 2011 365 Copyright 2011 Inderscience Enterprises Ltd.

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    one of the business process security leitmotifs. It defines a mechanism that bridges the gap between workflow and access control systems. Delegation completion and authorisation enforcement are specified in workflow management systems', Int. J. Information and Computer Security, Vol. 4, No. 4, pp.365

  4. Mutual information, bit error rate and security in Wójcik's scheme

    E-Print Network [OSTI]

    Zhanjun Zhang

    2004-02-21T23:59:59.000Z

    In this paper the correct calculations of the mutual information of the whole transmission, the quantum bit error rate (QBER) are presented. Mistakes of the general conclusions relative to the mutual information, the quantum bit error rate (QBER) and the security in W\\'{o}jcik's paper [Phys. Rev. Lett. {\\bf 90}, 157901(2003)] have been pointed out.

  5. August 2003 IT SECURITY METRICS

    E-Print Network [OSTI]

    August 2003 IT SECURITY METRICS Elizabeth B. Lennon, Editor Information Technology Laboratory approach to measuring information security. Evaluating security at the sys tem level, IT security metrics and techniques contained in NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems

  6. Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009)

    E-Print Network [OSTI]

    Proceedings of the Third International Symposium on Human Aspects of Information Security the scope of remediation, is a pervasive feature of Information Technology Security Management (ITSM of Information Security & Assurance (HAISA 2009) 120 which is security incident response. We extend those results

  7. Adaptive security systems -- Combining expert systems with adaptive technologies

    SciTech Connect (OSTI)

    Argo, P.; Loveland, R.; Anderson, K. [and others

    1997-09-01T23:59:59.000Z

    The Adaptive Multisensor Integrated Security System (AMISS) uses a variety of computational intelligence techniques to reason from raw sensor data through an array of processing layers to arrive at an assessment for alarm/alert conditions based on human behavior within a secure facility. In this paper, the authors give an overview of the system and briefly describe some of the major components of the system. This system is currently under development and testing in a realistic facility setting.

  8. Information flow for secure distributed applications

    E-Print Network [OSTI]

    Cheng, Winnie Wing-Yee

    2009-01-01T23:59:59.000Z

    Private and confidential information is increasingly stored online and increasingly being exposed due to human errors as well as malicious attacks. Information leaks threaten confidentiality, lead to lawsuits, damage ...

  9. Information Flow for Secure Distributed Applications

    E-Print Network [OSTI]

    Cheng, Winnie Wing-Yee

    2009-08-27T23:59:59.000Z

    Private and confidential information is increasingly stored online and increasingly being exposed due to human errors as well as malicious attacks. Information leaks threaten confidentiality, lead to lawsuits, damage ...

  10. Comparison of Routable Control System Security Approaches

    SciTech Connect (OSTI)

    Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

    2011-06-01T23:59:59.000Z

    This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

  11. Membership Information | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA groupTubahq.na.govSecurityMaintaining the StockpileNational NuclearMembership

  12. Farmland Security Zone | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are beingZealand JumpConceptual Model,DOEHazelPennsylvania: EnergyExolisFairway,Farmers MutualFarmland Security

  13. Approved Module Information for CS4520, 2014/5 Module Title/Name: Information Security Module Code: CS4520

    E-Print Network [OSTI]

    Neirotti, Juan Pablo

    Approved Module Information for CS4520, 2014/5 Module Title/Name: Information Security Module Code and understanding of the need for and the underlying principles of information security. The module will enable MSc students to take an active role in the design, planning, evaluation and management of secure information

  14. The Information Security Tenure Track Faculty in Computer ScienceThe Information Security Institute at The Johns Hopkins University (JHUISI) is planning for substantial multi-year growth in the area of

    E-Print Network [OSTI]

    Plotkin, Joshua B.

    The Information Security Tenure Track Faculty in Computer ScienceThe Information Security Institute of Information Security and Cryptography. Our administration is committed at the highest level to substantially: Applicants in Information Security would also be associated with: · The Information Security Institute

  15. Teaching in computer security and privacy The Computer Laboratory's undergraduate and masters programmes

    E-Print Network [OSTI]

    Crowcroft, Jon

    computing security · Economics of cybercrime · Economics of information security · Formal methods · Hardware security · Location and positioning systems · Malware analysis · Medical information security · MobileTeaching in computer security and privacy The Computer Laboratory's undergraduate and masters

  16. Control Systems Cyber Security: Defense-in-Depth Strategies

    SciTech Connect (OSTI)

    Mark Fabro

    2007-10-01T23:59:59.000Z

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  17. Control Systems Cyber Security:Defense in Depth Strategies

    SciTech Connect (OSTI)

    David Kuipers; Mark Fabro

    2006-05-01T23:59:59.000Z

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  18. International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 A Secured Service Level Negotiation

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    9 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 A Secured Service Level Negotiation In Ubiquitous Environments Mohamed Aymen Chalouf1 make the concerned communications vulnerable to security attacks because of the open medium on which

  19. A Uniform Type Structure for Secure Information KOHEI HONDA

    E-Print Network [OSTI]

    Gay, Simon

    A Uniform Type Structure for Secure Information Flow KOHEI HONDA Queen Mary, University of London . . . . . . . . . . . . . . . . . 13 Author's address: K. Honda, Department of Computer Science, Queen Mary, University of London, Mile, Vol. TBD, No. TDB, Month Year, Pages 1--83. #12; 2 · Kohei Honda and Nobuko Yoshida 2.5 Linear

  20. A Uniform Type Structure for Secure Information KOHEI HONDA

    E-Print Network [OSTI]

    Honda, Kohei

    A Uniform Type Structure for Secure Information Flow KOHEI HONDA Queen Mary, University of London . . . . . . . . . . . . . . . . . 13 Author's address: K. Honda, Department of Computer Science, Queen Mary, University of London, Mile. TBD, No. TDB, Month Year, Pages 1­83. #12;2 · Kohei Honda and Nobuko Yoshida 2.5 Linear/Affine Typing

  1. Roadmap: Computer Science Information Security -Bachelor of Science

    E-Print Network [OSTI]

    Sheridan, Scott

    Roadmap: Computer Science ­ Information Security -Bachelor of Science [AS-BS-CS-INSE] College of Arts and Sciences Department of Computer Science Catalog Year: 2012­2013 Page 1 of 2 | Last Updated: 3 Major GPA Important Notes Semester One: [16 Credit Hours] CS 13001 Computer Science I: Programming

  2. Finance, IT Operations& InformationSecurity Dear Colleagues,

    E-Print Network [OSTI]

    Finance, IT Operations& InformationSecurity Dear Colleagues, Compliance and customer service. Strategic planning and attention to day-to-day operations. Some of our activities during the past quarter awareness, and responding to incidents. Thank you to everyone who has completed a survey or provided

  3. Control Systems Security Test Center - FY 2004 Program Summary

    SciTech Connect (OSTI)

    Robert E. Polk; Alen M. Snyder

    2005-04-01T23:59:59.000Z

    In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nation’s critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

  4. Security of Foreign Intelligence Information and Sensitive Compartmented Information Facilities

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1993-07-23T23:59:59.000Z

    The order establishes responsibilities and authorities for protecting Foreign Intelligence Information (FII) and Sensitive Compartmented Information Facilities (SCIFs) within DOE. Cancels DOE 5639.8.

  5. Nuclear power plant security systems - The need for upgrades

    SciTech Connect (OSTI)

    Murskyj, M.P.; Furlow, C.H.

    1989-01-01T23:59:59.000Z

    Most perimeter security systems for nuclear power plants were designed and installed in the late 1970s or early 1980s. This paper explores the need to regularly evaluate and possibly upgrade a security system in the area of perimeter intrusion detection and surveillance. this paper discusses US Nuclear Regulatory Commission audits and regulatory effectiveness reviews (RERs), which have raised issues regarding the performance of perimeter security systems. The audits and RERs identified various degrees of vulnerability in certain aspects of existing perimeter security systems. In addition to reviewing the regulatory concerns, this paper discusses other reasons to evaluate and/or upgrade a perimeter security system.

  6. Quantifying and managing the risk of information security breaches participants in a supply chain

    E-Print Network [OSTI]

    Bellefeuille, Cynthia Lynn

    2005-01-01T23:59:59.000Z

    Technical integration between companies can result in an increased risk of information security breaches. This thesis proposes a methodology for quantifying information security risk to a supply chain participant. Given a ...

  7. Automated Information System (AIS) Alarm System

    SciTech Connect (OSTI)

    Hunteman, W.

    1997-05-01T23:59:59.000Z

    The Automated Information Alarm System is a joint effort between Los Alamos National Laboratory, Lawrence Livermore National Laboratory, and Sandia National Laboratory to demonstrate and implement, on a small-to-medium sized local area network, an automated system that detects and automatically responds to attacks that use readily available tools and methodologies. The Alarm System will sense or detect, assess, and respond to suspicious activities that may be detrimental to information on the network or to continued operation of the network. The responses will allow stopping, isolating, or ejecting the suspicious activities. The number of sensors, the sensitivity of the sensors, the assessment criteria, and the desired responses may be set by the using organization to meet their local security policies.

  8. Stateful UML Design with Security Constraints for Information Assurance The design of software applications using UML embodies

    E-Print Network [OSTI]

    Demurjian, Steven A.

    Stateful UML Design with Security Constraints for Information Assurance Abstract The design design state containing security constraints and insures that information assurance with respect. Keywords: RBAC, MAC, UML, access control, information assurance, secure software design. 1. Introduction

  9. Author: Duncan Woodhouse, Assistant Registrar for Information Security, Risk Management and Business Continuity Date Version Author Comments

    E-Print Network [OSTI]

    Davies, Christopher

    Author: Duncan Woodhouse, Assistant Registrar for Information Security, Risk Management Information Security Policy 2004 09/2008 D01 Duncan Woodhouse Adaption and consolidation of best practices Registrar for Information Security, Risk Management and Business Continuity 2 University of Warwick

  10. Ultra Safe And Secure Blasting System

    SciTech Connect (OSTI)

    Hart, M M

    2009-07-27T23:59:59.000Z

    The Ultra is a blasting system that is designed for special applications where the risk and consequences of unauthorized demolition or blasting are so great that the use of an extraordinarily safe and secure blasting system is justified. Such a blasting system would be connected and logically welded together through digital code-linking as part of the blasting system set-up and initialization process. The Ultra's security is so robust that it will defeat the people who designed and built the components in any attempt at unauthorized detonation. Anyone attempting to gain unauthorized control of the system by substituting components or tapping into communications lines will be thwarted in their inability to provide encrypted authentication. Authentication occurs through the use of codes that are generated by the system during initialization code-linking and the codes remain unknown to anyone, including the authorized operator. Once code-linked, a closed system has been created. The system requires all components connected as they were during initialization as well as a unique code entered by the operator for function and blasting.

  11. Secure quantum private information retrieval using phase-encoded queries

    E-Print Network [OSTI]

    Olejnik, L

    2011-01-01T23:59:59.000Z

    We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries {[}Phys. Rev. Lett. 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that...

  12. The Data and Application Security and Privacy (DASPY) Challenge

    E-Print Network [OSTI]

    Sandhu, Ravi

    Computer security Information security = Computer security + Communications security Information Computer security Information security = Computer security + Communications security Information Cyber security (defensive) goals have evolved Computer security Information security = Computer

  13. Dynamic Information Flow Analysis for JavaScript in a Web Browser

    E-Print Network [OSTI]

    Austin, Thomas Howard

    2013-01-01T23:59:59.000Z

    languages for information security. PhD thesis, CornellInternational Journal of Information Security, 2009. [36]Workshop on Information and System Security, 2008. [35

  14. Information Technology Security Training Requirements Appendix A --Learning Continuum A-1

    E-Print Network [OSTI]

    Information Technology Security Training Requirements APPENDIX A Appendix A -- Learning Continuum A-1 #12;Information Technology Security Training Requirements Appendix A -- Learning Continuum A-2 #12;Information Technology Security Training Requirements APPENDIX A -- LEARNING CONTINUUM T R A I N I N G E D U

  15. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Seminar Series

    E-Print Network [OSTI]

    NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Seminar Series FISMA AND TECHNOLOGY 5 FISMA Strategic Vision We are building a solid foundation of information security across one of the largest information technology infrastructures in the world based on comprehensive security standards

  16. Information Security and Privacy Laws and Regulations, and UW Subject Matter Experts

    E-Print Network [OSTI]

    Queitsch, Christine

    Information Security and Privacy Laws and Regulations, and UW Subject Matter Experts Page 1 of 16 Document Name: Information Security and Privacy Laws Version #: vF Created By: Ann Nagel, Associate Chief Information Security Officer Date Created: June 2, 2009 Updated By: Melissa Albin-Wurzer, Education

  17. A Framework for the Management of Information Security Jussipekka Leiwo, Chandana Gamage and Yuliang Zheng

    E-Print Network [OSTI]

    Zheng, Yuliang

    A Framework for the Management of Information Security Jussipekka Leiwo, Chandana Gamage,chandag,yuliangg@fcit.monash.edu.au Abstract Information security is based on access control models and cryptographic techniques of comprehensive information security within organizations. There is a need to study upper level issues

  18. University of Connecticut / Jason Pufahl, CISSP, CISM 1 INFORMATION SECURITY STRATEGIC

    E-Print Network [OSTI]

    Alpay, S. Pamir

    University of Connecticut / Jason Pufahl, CISSP, CISM 1 1 INFORMATION SECURITY STRATEGIC PLAN UNIVERSITY OF CONNECTICUT INFORMATION SECURITY OFFICE 4/20/10 #12;University of Connecticut / Jason Pufahl, CISSP, CISM 2 2 MISSION STATEMENT The mission of the Information Security Office (ISO) is to design

  19. Information Sharing and Security in Dynamic Coalitions Charles E. Phillips, Jr.

    E-Print Network [OSTI]

    Lee, Ruby B.

    Information Sharing and Security in Dynamic Coalitions Charles E. Phillips, Jr. Computer Science in one crisis and adversaries in another, raising difficult security issues with respect to information on the information sharing and security risks when coalitions are formed in response to a crisis. This paper defines

  20. Federal Information Security Management Act: Fiscal Year 2013 Evaluation (IG-14-004, November 20, 2013)

    E-Print Network [OSTI]

    Waliser, Duane E.

    Federal Information Security Management Act: Fiscal Year 2013 Evaluation (IG-14-004, November 20 year (FY) 2013 reporting requirements for the Federal Information Security Management Act (FISMA is steadily working to improve its overall information technology (IT) security posture. Nevertheless

  1. Site Information | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA Approved: 5-13-14 FEDERALAmerica HighSTARTOperationsInformation | National

  2. Vendor Information | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level:Energy: Grid Integration Redefining What'sis Taking Over OurThe Iron SpinPrincetonUsing Maps1 - USAFof EnergyVendor Information Vendor

  3. Motivation to study security of control systems. Our Results/Contribution. Summary. Security constrained control under

    E-Print Network [OSTI]

    Hu, Fei

    . Research challenges. Investigate realistic models of attacks to control systems from the "systemsMotivation to study security of control systems. Our Results/Contribution. Summary. Security constrained control under denial-of-service attacks. Saurabh Amin1 Alvaro Cárdenas2 Alexandre Bayen1 Shankar

  4. University of London International Academy MSc/PG Dip in Information Security

    E-Print Network [OSTI]

    Royal Holloway, University of London

    a computing system secure. This process starts with defining the proper security requirements, which system level. In order to understand these security controls we need to describe some background material systems will be examined as well as security related issues of computer architecture. Specific well

  5. Information extraction system

    DOE Patents [OSTI]

    Lemmond, Tracy D; Hanley, William G; Guensche, Joseph Wendell; Perry, Nathan C; Nitao, John J; Kidwell, Paul Brandon; Boakye, Kofi Agyeman; Glaser, Ron E; Prenger, Ryan James

    2014-05-13T23:59:59.000Z

    An information extraction system and methods of operating the system are provided. In particular, an information extraction system for performing meta-extraction of named entities of people, organizations, and locations as well as relationships and events from text documents are described herein.

  6. 2014-2015 Verification of Social Security Number & Date of Birth A. STUDENT INFORMATION SPIRE ID#: ____________________

    E-Print Network [OSTI]

    Mountziaris, T. J.

    2014-2015 Verification of Social Security Number & Date of Birth A. STUDENT INFORMATION SPIRE ID YYYY My correct Social Security Number is: ________ - _____ - _________ B. SIGNATURE- For corrections to date of birth. · Signed Social Security card or passport- For corrections to social security

  7. Emergency Information | National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645U.S. DOEThe Bonneville Power AdministrationField Campaign:INEAWater UseCElizabeth O'Malley DeputyEly8,8CBL isSystems

  8. S3A: Secure System Simplex Architecture for Enhanced Security of Cyber-Physical Systems

    E-Print Network [OSTI]

    Mohan, Sibin; Betti, Emiliano; Yun, Heechul; Sha, Lui; Caccamo, Marco

    2012-01-01T23:59:59.000Z

    Until recently, cyber-physical systems, especially those with safety-critical properties that manage critical infrastructure (e.g. power generation plants, water treatment facilities, etc.) were considered to be invulnerable against software security breaches. The recently discovered 'W32.Stuxnet' worm has drastically changed this perception by demonstrating that such systems are susceptible to external attacks. Here we present an architecture that enhances the security of safety-critical cyber-physical systems despite the presence of such malware. Our architecture uses the property that control systems have deterministic execution behavior, to detect an intrusion within 0.6 {\\mu}s while still guaranteeing the safety of the plant. We also show that even if an attack is successful, the overall state of the physical system will still remain safe. Even if the operating system's administrative privileges have been compromised, our architecture will still be able to protect the physical system from coming to harm.

  9. Security Policies for Downgrading Stephen Chong

    E-Print Network [OSTI]

    Myers, Andrew C.

    @cs.cornell.edu ABSTRACT A long-standing problem in information security is how to specify and enforce expressive security that incorporates them, allowing secure downgrading of information through an explicit declassification operation of Com- puting and Information Systems]: Security and Protection General Terms: Security, Languages

  10. An Adaptive Policy for Improved Timeliness in Secure Database Systems

    E-Print Network [OSTI]

    Son, Sang H.

    An Adaptive Policy for Improved Timeliness in Secure Database Systems Sang H. Son * , Rasikan David. Multilevel security requirements introduce a new dimension to transaction processing in real­time database Timeliness, concurrency control, two­phase locking, non­interference, security, miss percentage 1

  11. Security-Constrained Adequacy Evaluation of Bulk Power System Reliability

    E-Print Network [OSTI]

    Security-Constrained Adequacy Evaluation of Bulk Power System Reliability Fang Yang, Student Member. Stefopoulos, Student Member, IEEE Abstract -- A framework of security-constrained adequacy evaluation (SCAE electric load while satisfying security constraints. It encompasses three main steps: (a) critical

  12. CyberPhysical System Security for the Electric Power Grid

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    INVITED P A P E R Cyber­Physical System Security for the Electric Power Grid Control in power of cyber infrastructure security in conjunction with power application security to pre- vent, mitigate on its cyber infrastructure and its ability to tolerate potential failures. A further exploration

  13. 'Known Secure Sensor Measurements' for Critical Infrastructure Systems: Detecting Falsification of System State

    SciTech Connect (OSTI)

    Miles McQueen; Annarita Giani

    2011-09-01T23:59:59.000Z

    This paper describes a first investigation on a low cost and low false alarm, reliable mechanism for detecting manipulation of critical physical processes and falsification of system state. We call this novel mechanism Known Secure Sensor Measurements (KSSM). The method moves beyond analysis of network traffic and host based state information, in fact it uses physical measurements of the process being controlled to detect falsification of state. KSSM is intended to be incorporated into the design of new, resilient, cost effective critical infrastructure control systems. It can also be included in incremental upgrades of already in- stalled systems for enhanced resilience. KSSM is based on known secure physical measurements for assessing the likelihood of an attack and will demonstrate a practical approach to creating, transmitting, and using the known secure measurements for detection.

  14. Safeguards and Security Systems | ornl.gov

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level:Energy: Grid Integration Redefining What's PossibleRadiation Protection245C Unlimited ReleaseWelcome ton nSafeguards and Security Systems

  15. Integrated Security System | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page onYouTube YouTube Note: Since the.pdfBreaking of BlytheDepartmentEnergy Integrated EnergyIntegrated Security System

  16. Cyber-Physical Systems Security for Smart Grid

    E-Print Network [OSTI]

    Cyber-Physical Systems Security for Smart Grid Future Grid Initiative White Paper Power Systems-Physical Systems Security for Smart Grid Prepared for the Project "The Future Grid to Enable Sustainable Energy as one of nine white papers in the project "The Future Grid to Enable Sustainable Energy Systems

  17. ITL BULLETIN FOR AUGUST 2010 ASSESSING THE EFFECTIVENESS OF SECURITY CONTROLS IN FEDERAL

    E-Print Network [OSTI]

    discusses the process for assessing the security controls in organizational information systems that are implemented in federal information systems. The selection and assessment of appropriate security controls Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans

  18. A Hierarchical Security Architecture for Cyber-Physical Systems

    SciTech Connect (OSTI)

    Quanyan Zhu; Tamer Basar

    2011-08-01T23:59:59.000Z

    Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

  19. Process Control Systems in the Chemical Industry: Safety vs. Security

    SciTech Connect (OSTI)

    Jeffrey Hahn; Thomas Anderson

    2005-04-01T23:59:59.000Z

    Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nation’s critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

  20. Help for the Developers of Control System Cyber Security Standards

    SciTech Connect (OSTI)

    Robert P. Evans

    2008-05-01T23:59:59.000Z

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  1. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    SciTech Connect (OSTI)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01T23:59:59.000Z

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  2. Published in IET Information Security Received on 10th December 2009

    E-Print Network [OSTI]

    Ansari, Nirwan

    Published in IET Information Security Received on 10th December 2009 Revised on 19th March 2010 doi: 10.1049/iet-ifs.2009.0261 Special Issue on Multi-Agent & Distributed Information Security ISSN 1751-8709 Survey of security services on group communications P. Sakarindr N. Ansari Advanced Networking Laboratory

  3. The Economic Consequences of Sharing Security Information Esther Gal-Or1

    E-Print Network [OSTI]

    Camp, L. Jean

    Information technology (IT) security has emerged as an important issue in the last decade. To promote the disclosure and sharing of cyber-security information amongst firms, the US federal government has encouraged-commerce con- tinues to grow, so does cyber crime. According to Jupiter Media Metrix, cyber-security issues

  4. UMBC Policy # X-1.00.02 Page 1 of 3 UMBC INFORMATION TECHNOLOGY SECURITY POLICY

    E-Print Network [OSTI]

    Adali, Tulay

    UMBC Policy # X-1.00.02 Page 1 of 3 UMBC INFORMATION TECHNOLOGY SECURITY POLICY UMBC Policy # X-1.00.02 I. POLICY STATEMENT UMBC's Information Technology (IT) Security Policy is the basis to its IT resources. II. PURPOSE FOR POLICY The purpose of this policy is to establish an IT security

  5. Environmental geographic information system.

    SciTech Connect (OSTI)

    Peek, Dennis; Helfrich, Donald Alan; Gorman, Susan

    2010-08-01T23:59:59.000Z

    This document describes how the Environmental Geographic Information System (EGIS) was used, along with externally received data, to create maps for the Site-Wide Environmental Impact Statement (SWEIS) Source Document project. Data quality among the various classes of geographic information system (GIS) data is addressed. A complete listing of map layers used is provided.

  6. Chair of Information Systems IV (ERIS) Institute for Enterprise Systems (InES)

    E-Print Network [OSTI]

    Mannheim, Universität

    workarounds to fulfill daily tasks. Security concept for Enterprise Systems processing business critical data:Master Team Project: Adaptive Usage Control in Enterprise Systems Chair of Information Systems IV (Enterprise Definition and Motivation The Security Evolution Towards a Central Usage Control Policy Hub The Project

  7. Plutonium finishing plant safeguards and security systems replacement study

    SciTech Connect (OSTI)

    Klear, P.F.; Humphrys, K.L.

    1994-12-01T23:59:59.000Z

    This document provides the preferred alternatives for the replacement of the Safeguards and Security systems located at the Hanford Plutonium Finishing Plant.

  8. Voluntary Disclosure and Information Asymmetry: Evidence from the 2005 Securities Offering Reform

    E-Print Network [OSTI]

    SHROFF, NEMIT

    In 2005, the Securities and Exchange Commission enacted the Securities Offering Reform (Reform), which relaxes “gun-jumping” restrictions, thereby allowing firms to more freely disclose information before equity offerings. ...

  9. Proceedings of the 7 th World Conference on Information Security Education 910 June 2011, Lucerne, Switzerland

    E-Print Network [OSTI]

    Bishop, Matt

    Proceedings of the 7 th World Conference on Information Security Education 9­10 June 2011, Lucerne, Lucerne, Switzerland ISBN: 1­933510­94­3 © IFIP TC11.8 97 moment. Thus, the notion of security varies

  10. Proceedings of the 7th World Conference on Information Security Education

    E-Print Network [OSTI]

    Bishop, Matt

    Proceedings of the 7th World Conference on Information Security Education 9-10 June 2011, Lucerne, Lucerne, Switzerland ISBN: 1-933510-94-3 © IFIP TC11.8 97 moment. Thus, the notion of security varies

  11. Secure quantum private information retrieval using phase-encoded queries

    SciTech Connect (OSTI)

    Olejnik, Lukasz [CERN, 1211 Geneva 23, Switzerland and Poznan Supercomputing and Networking Center, Noskowskiego 12/14, PL-61-704 Poznan (Poland)

    2011-08-15T23:59:59.000Z

    We propose a quantum solution to the classical private information retrieval (PIR) problem, which allows one to query a database in a private manner. The protocol offers privacy thresholds and allows the user to obtain information from a database in a way that offers the potential adversary, in this model the database owner, no possibility of deterministically establishing the query contents. This protocol may also be viewed as a solution to the symmetrically private information retrieval problem in that it can offer database security (inability for a querying user to steal its contents). Compared to classical solutions, the protocol offers substantial improvement in terms of communication complexity. In comparison with the recent quantum private queries [Phys. Rev. Lett. 100, 230502 (2008)] protocol, it is more efficient in terms of communication complexity and the number of rounds, while offering a clear privacy parameter. We discuss the security of the protocol and analyze its strengths and conclude that using this technique makes it challenging to obtain the unconditional (in the information-theoretic sense) privacy degree; nevertheless, in addition to being simple, the protocol still offers a privacy level. The oracle used in the protocol is inspired both by the classical computational PIR solutions as well as the Deutsch-Jozsa oracle.

  12. IBM Internet Security Systems Threat Insight Monthly

    E-Print Network [OSTI]

    the Report 01 Keylogging, by the numbers 02 Securing the Secure Shell ­ Advanced user authentication and key Page 1 #12;Keylogging, by the numbers Introduction During the course of malware analysis, especially

  13. Systems thinking for safety and security

    E-Print Network [OSTI]

    Young, William Edward

    The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety ...

  14. Cyber-Physical Systems Security for Smart Grid

    E-Print Network [OSTI]

    Cyber-Physical Systems Security for Smart Grid Future Grid Initiative White Paper Power Systems-Physical Systems Security for Smart Grid Prepared for the Project "The Future Grid to Enable Sustainable Energy Acknowledgements This white paper was developed as one of nine white papers in the project "The Future Grid

  15. Security for Extensible Systems Robert Grimm Brian N. Bershad

    E-Print Network [OSTI]

    Grimm, Robert

    as it relates to system security and postulate an initial model for access control. This model extends the dis control model does not address all aspects of system security, we believe that it can serve as a solid identify the structure of ex­ tensible systems as it relates to access control and describe the current

  16. Security for Extensible Systems Robert Grimm Brian N. Bershad

    E-Print Network [OSTI]

    Grimm, Robert

    as it relates to system security and postulate an initial model for access control. This model extends the dis control model does not address all aspects of system security, we believe that it can serve as a solid identify the structure of ex- tensible systems as it relates to access control and describe the current

  17. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    J. [2004], Low-latency cryptographic protection for SCADAlatency high-integrity security retrofit for lecacy SCADA

  18. Putting Security in Context: Visual Correlation of Network Activity with Real-World Information

    SciTech Connect (OSTI)

    Pike, William A.; Scherrer, Chad; Zabriskie, Sean J.

    2008-06-04T23:59:59.000Z

    To effectively identify and respond to cyber threats, computer security analysts must understand the scale, motivation, methods, source, and target of an attack. Central to developing this situational awareness is the analyst’s world knowledge that puts these attributes in context. What known exploits or new vulnerabilities might an anomalous traffic pattern suggest? What organizational, social, or geopolitical events help forecast or explain attacks and anomalies? Few visualization tools support creating, maintaining, and applying this knowledge of the threat landscape. Through a series of formative workshops with practicing security analysts, we have developed a visualization approach inspired by the human process of contextualization; this system, called NUANCE, creates evolving behavioral models of network actors at organizational and regional levels, continuously monitors external textual information sources for themes that indicate security threats, and automatically determines if behavior indicative of those threats is present on a network.

  19. U.S. Patent Pending, Information Security Analysis Using Game Theory and Simulation, U.S. Patent Application No.: 14/097,840

    SciTech Connect (OSTI)

    Abercrombie, Robert K [ORNL] [ORNL; Schlicher, Bob G [ORNL] [ORNL

    2013-01-01T23:59:59.000Z

    Vulnerability in security of an information system is quantitatively predicted. The information system may receive malicious actions against its security and may receive corrective actions for restoring the security. A game oriented agent based model is constructed in a simulator application. The game ABM model represents security activity in the information system. The game ABM model has two opposing participants including an attacker and a defender, probabilistic game rules and allowable game states. A specified number of simulations are run and a probabilistic number of the plurality of allowable game states are reached in each simulation run. The probability of reaching a specified game state is unknown prior to running each simulation. Data generated during the game states is collected to determine a probability of one or more aspects of security in the information system.

  20. Secure Program Execution Via Dynamic Information Flow Tracking

    E-Print Network [OSTI]

    Suh, G. Edward

    2003-07-21T23:59:59.000Z

    We present a simple architectural mechanism called dynamicinformation flow tracking that can significantly improve thesecurity of computing systems with negligible performanceoverhead. Dynamic information flow tracking ...

  1. Emergency Public Information | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625govInstrumentstdmadapInactiveVisitingContractElectron-State HybridizationSecurity / Emergency Public Information

  2. Ideal Based Cyber Security Technical Metrics for Control Systems

    SciTech Connect (OSTI)

    W. F. Boyer; M. A. McQueen

    2007-10-01T23:59:59.000Z

    Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

  3. Information systems definition architecture

    SciTech Connect (OSTI)

    Calapristi, A.J.

    1996-06-20T23:59:59.000Z

    The Tank Waste Remediation System (TWRS) Information Systems Definition architecture evaluated information Management (IM) processes in several key organizations. The intent of the study is to identify improvements in TWRS IM processes that will enable better support to the TWRS mission, and accommodate changes in TWRS business environment. The ultimate goals of the study are to reduce IM costs, Manage the configuration of TWRS IM elements, and improve IM-related process performance.

  4. On Cyber Security for Networked Control Systems Saurabh Amin

    E-Print Network [OSTI]

    random failures and secu- rity attacks. Cyber-security of Supervisory Control and Data Acquisition (SCADA, cyber-security assessment for SCADA systems is performed based on well-defined attacker and defender objectives. The mathematical model of SCADA systems considered in this work has two control levels

  5. Security Threat Mitigation Trends in Low-cost RFID Systems

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Security Threat Mitigation Trends in Low-cost RFID Systems Joaquin Garcia-Alfaro1,2 , Michel of security threat mitigation mecha- nisms in RFID systems, specially in low-cost RFID tags, are gaining great. Cryptography is a key tool to address these threats. Nevertheless, strong hardware constraints

  6. Internet Security Systems, an IBM Company Threat Insight Monthly

    E-Print Network [OSTI]

    Internet Security Systems, an IBM Company X-Force ® Threat Insight Monthly www . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Contents www.iss.netwww.iss.net Internet Security Systems, an IBM Company X-Force Threat Insight Monthly April 2007 #12;X-Force® Threat Insight Monthly > April 2007 www.iss.netwww.iss.net About

  7. Printed copies of the WSU Spokane Annual Security/Fire Safety Report can be obtained at the Office of Security and Public Safety. Information prepared by the Office of Security and Public

    E-Print Network [OSTI]

    Collins, Gary S.

    of Security and Public Safety. Information prepared by the Office of Security and Public Safety at WSU Spokane and Security Department Information 3 Reporting, Access and Programs 3-5 Policies and Procedures 6Printed copies of the WSU Spokane Annual Security/Fire Safety Report can be obtained at the Office

  8. Federal Information Security Management Act: Fiscal Year 2014 Evaluation (IG-15-004, November 13, 2014)

    E-Print Network [OSTI]

    Waliser, Duane E.

    Federal Information Security Management Act: Fiscal Year 2014 Evaluation (IG-15-004, November 13) identified for this year's Federal Information Security Management Act (FISMA) review; however, the Agency Administrator, provides the Office of Inspector General's (OIG) independent assessment of NASA's information

  9. 6/17/13 (v1.2) Information Security Exit Process

    E-Print Network [OSTI]

    Kay, Mark A.

    6/17/13 (v1.2) Information Security Exit Process All Stanford related PHI, and other Restricted and Prohibited information (see http://dataclass.stanford.edu for details) must be securely may be held liable in the future. Once the applicable Stanford information has been removed

  10. Power System Probabilistic and Security Analysis on Commodity High Performance Computing Systems

    E-Print Network [OSTI]

    Franchetti, Franz

    power system infrastructures also requires merging of offline security analyses into on- line operationPower System Probabilistic and Security Analysis on Commodity High Performance Computing Systems tools for power system probabilistic and security analysis: 1) a high performance Monte Carlo simulation

  11. MODELING SECURITY IN CYBER-PHYSICAL SYSTEMS

    E-Print Network [OSTI]

    Burmester, Mike

    network at the Davis-Besse nuclear power plant in Oak Harbor, Ohio, was infected [39]. There have been the behavior of the adversary is controlled by a threat model that captures both the cyber aspects (with-physical systems, threat models, protocols for treaty verification. 1. Introduction The rapid growth of information

  12. RT-Based Administrative Models for Community Cyber Security Information Sharing

    E-Print Network [OSTI]

    Sandhu, Ravi

    RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman Bijon, Xin Jin, and Ram Krishnan Institute for Cyber Security & Department of Computer Science Institute for Cyber Security & Department of Electrical and Computer Engineering University of Texas at San

  13. Security in the Telecommunications Information Networking Architecture --the CrySTINA Approach \\Lambda

    E-Print Network [OSTI]

    Bencsáth, Boldizsár

    Security in the Telecommunications Information Networking Architecture -- the CrySTINA Approach results of the CrySTINA project. We analyze and structure the security problem domain in the TINA­C architecture and present our approach to pro­ vide the necessary security functionality in the form of self

  14. ENERGY-AWARE SECURE MULTICAST COMMUNICATION IN AD-HOC NETWORKS USING GEOGRAPHIC LOCATION INFORMATION

    E-Print Network [OSTI]

    Lazos, Loukas

    ENERGY-AWARE SECURE MULTICAST COMMUNICATION IN AD-HOC NETWORKS USING GEOGRAPHIC LOCATION INFORMATION Loukas Lazos, Radha Poovendran Network Security and Cryptography Laboratory University by NSF grant ANI-0093187 and ARO grant DAAD-190210242 ABSTRACT The problem of securing multicast

  15. SMB Information Security Seminar (2013) Exercise 4 Actions taken to maintain awareness of

    E-Print Network [OSTI]

    Magee, Joseph W.

    2013-01-01T23:59:59.000Z

    SMB Information Security Seminar (2013) Exercise 4 Actions taken to maintain awareness of threats note of the data security issues covered in these publications. Ask yourself "Is my business vulnerable network with your peers, talk about cyber security issues. Give and get advice, hints, tips, etc. 4. Make

  16. Secure control systems with application to cyber-physical systems

    SciTech Connect (OSTI)

    Dong, Jin [ORNL] [ORNL; Djouadi, Seddik M [ORNL] [ORNL; Nutaro, James J [ORNL] [ORNL; Kuruganti, Phani Teja [ORNL] [ORNL

    2014-01-01T23:59:59.000Z

    Control systems are computer-based systems with networked units consisting of sensors, actuators, control processing units, and communication devices. The role of control system is to interact, monitor, and control physical processes. Reactive power control is a fundamental issue in ensuring the security of the power network. It is claimed that Synchronous Condensers (SC) have been used at both distribution and transmission voltage levels to improve stability and to maintain voltages within desired limits under changing load conditions and contingency situations. Performance of PI controller corresponding to various tripping faults are analyzed for SC systems. Most of the eort in protecting these systems has been in protection against random failures or reliability. However, besides failures these systems are subject to various signal attacks for which new analysis are discussed here. When a breach does occur, it is necessary to react in a time commensurate with the physical dynamics of the system as it responds to the attack. Failure to act swiftly enough may result in undesirable, and possibly irreversible, physical eects. Therefore, it is meaningful to evaluate the security of a cyber-physical system, especially to protect it from cyber-attack. Illustrative numerical examples are provided together with an application to the SC systems.

  17. COT 4930/5930 Security for infrastructure systems Critical infrastructure are the systems that support our everyday life and the Dept. of

    E-Print Network [OSTI]

    Richman, Fred

    which our normal life is not possible. This information is embodied in a process control system (PCS Infrastructure. Features and requirements. Standards. Requirements. Process control systems, information systemsCOT 4930/5930 Security for infrastructure systems Critical infrastructure are the systems

  18. GLOBAL SECURITY SYSTEMGLOBAL SECURITY SYSTEM FOR CONTAINERIZED COMMERCEFOR CONTAINERIZED COMMERCE

    E-Print Network [OSTI]

    Austin, Mark

    and mapped. ­ tools such as LTSA will be used to model the system and verify whether the specifications

  19. Privacy and Security Research Group workshop on network and distributed system security: Proceedings

    SciTech Connect (OSTI)

    Not Available

    1993-05-01T23:59:59.000Z

    This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

  20. 29.01.03.M1.16 Information Resources-Portable Devices: Information Security Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    29.01.03.M1.16 Information Resources- Portable Devices: Information Security Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.16 Information Resources ­ Portable Devices: Information Security Approved of its established security realm (e.g., authentication mechanism, firewall, or encryption). Information

  1. Training Management Information System

    SciTech Connect (OSTI)

    Rackley, M.P.

    1989-01-01T23:59:59.000Z

    The Training Management Information System (TMIS) is an integrated information system for all training related activities. TMIS is at the leading edge of training information systems used in the nuclear industry. The database contains all the necessary records to confirm the department's adherence to accreditation criteria and houses all test questions, student records and information needed to evaluate the training process. The key to the TMIS system is that the impact of any change (i.e., procedure change, new equipment, safety incident in the commercial nuclear industry, etc.) can be tracked throughout the training process. This ensures the best training can be performed that meets the needs of the employees. TMIS is comprised of six functional areas: Job and Task Analysis, Training Materials Design and Development, Exam Management, Student Records/Scheduling, Evaluation, and Commitment Tracking. The system consists of a VAX 6320 Cluster with IBM and MacIntosh computers tied into an ethernet with the VAX. Other peripherals are also tied into the system: Exam Generation Stations to include mark sense readers for test grading, Production PC's for Desk-Top Publishing of Training Material, and PC Image Workstations. 5 figs.

  2. On Building Secure SCADA Systems using Security Eduardo B. Fernandez

    E-Print Network [OSTI]

    Wu, Jie

    power generation plants and oil refineries often involve components that are geographically distributed. To continuously monitor and control the different sections of the plant in order to ensure its appropriate the concepts of SCADA systems, analyze the threats and vulnerabilities of these systems, and illustrate

  3. INTELLIGENT ILLICIT OBJECT DETECTION SYSTEM FOR ENHANCED AVIATION SECURITY

    E-Print Network [OSTI]

    Blumenstein, Michael

    INTELLIGENT ILLICIT OBJECT DETECTION SYSTEM FOR ENHANCED AVIATION SECURITY Vallipuram for detecting illicit objects in hand luggage. 1. INTRODUCTION Increased security in the aftermath of the 9 sophisticated such that it is extremely difficult to detect possible threats of terrorism without severely

  4. An Information Security Education Initiative for Engineering and Computer Science

    E-Print Network [OSTI]

    or cordless telephones. Elements of the U.S. civilian infrastructure such as the banking system, the electric Department of Electrical and Computer Engineering Syracuse University Syracuse, NY 13224 Cynthia Irvine- being of the nation's information infrastructure 14]. The information infrastructure includes

  5. Information encoder/decoder using chaotic systems

    DOE Patents [OSTI]

    Miller, S.L.; Miller, W.M.; McWhorter, P.J.

    1997-10-21T23:59:59.000Z

    The present invention discloses a chaotic system-based information encoder and decoder that operates according to a relationship defining a chaotic system. Encoder input signals modify the dynamics of the chaotic system comprising the encoder. The modifications result in chaotic, encoder output signals that contain the encoder input signals encoded within them. The encoder output signals are then capable of secure transmissions using conventional transmission techniques. A decoder receives the encoder output signals (i.e., decoder input signals) and inverts the dynamics of the encoding system to directly reconstruct the original encoder input signals. 32 figs.

  6. Information encoder/decoder using chaotic systems

    DOE Patents [OSTI]

    Miller, Samuel Lee (Albuquerque, NM); Miller, William Michael (Tijeras, NM); McWhorter, Paul Jackson (Albuquerque, NM)

    1997-01-01T23:59:59.000Z

    The present invention discloses a chaotic system-based information encoder and decoder that operates according to a relationship defining a chaotic system. Encoder input signals modify the dynamics of the chaotic system comprising the encoder. The modifications result in chaotic, encoder output signals that contain the encoder input signals encoded within them. The encoder output signals are then capable of secure transmissions using conventional transmission techniques. A decoder receives the encoder output signals (i.e., decoder input signals) and inverts the dynamics of the encoding system to directly reconstruct the original encoder input signals.

  7. Process Control System Cyber Security Standards - An Overview

    SciTech Connect (OSTI)

    Robert P. Evans

    2006-05-01T23:59:59.000Z

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  8. Applying New Network Security Technologies to SCADA Systems.

    SciTech Connect (OSTI)

    Hurd, Steven A.; Stamp, Jason E. [Sandia National Laboratories, Albuquerque, NM] [Sandia National Laboratories, Albuquerque, NM; Duggan, David P. [Sandia National Laboratories, Albuquerque, NM] [Sandia National Laboratories, Albuquerque, NM; Chavez, Adrian R. [Sandia National Laboratories, Albuquerque, NM] [Sandia National Laboratories, Albuquerque, NM

    2006-11-01T23:59:59.000Z

    Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure %22traditional%22 IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators. 4This page intentionally left blank.

  9. Measurable Control System Security through Ideal Driven Technical Metrics

    SciTech Connect (OSTI)

    Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

    2008-01-01T23:59:59.000Z

    The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based on the two case studies and evaluation of the seven assessments, the security ideals demonstrated their value in guiding security thinking. Further, the final set of core technical metrics has been demonstrated to be both usable in the control system environment and provide significant coverage of standard security issues.

  10. International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 Toward a Gigabit Wireless Communications System

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    consumption as well as issues such as amplifier linearity, and oscillator phase noise. Moreover, to determine.Rakotondrainibe@insa-rennes.fr Abstract: This paper presents the design and the realization of a hybrid wireless Gigabit Ethernet indoor of a residential environment. The system uses low complexity baseband processing modules. A byte synchronization

  11. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect (OSTI)

    Daniel Noyes

    2012-03-01T23:59:59.000Z

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  12. Efficient Private Information Retrieval Using Secure Xiangyao Yu, Christopher W. Fletcher

    E-Print Network [OSTI]

    Gummadi, Ramakrishna

    attention from the cryptography and security communities. Two main approaches to solve PIR have appearedEfficient Private Information Retrieval Using Secure Hardware Xiangyao Yu, Christopher W. Fletcher, marten, devadas}@mit.edu ABSTRACT Existing crypto-based Private Information Retrieval (PIR) schemes

  13. Security Awareness Programs During orientation in September, students are informed of services offered by the University

    E-Print Network [OSTI]

    Escher, Christine

    Security Awareness Programs During orientation in September, students are informed of services. Video and slide presentations outline ways to maintain personal safety and residence hall security. Students are told about crime on campus and in surrounding neighborhoods. Similar information is presented

  14. Toward a generic model of security in organizational context: exploring insider threats to information infrastructure.

    SciTech Connect (OSTI)

    Martinez-Moyano, I. J.; Samsa, M. E.; Burke, J. F.; Akcam, B. K.; Decision and Information Sciences; Rockefeller Coll. at the State Univ. of New York at Albany

    2008-01-01T23:59:59.000Z

    This paper presents a generic model for information security implementation in organizations. The model presented here is part of an ongoing research stream related to critical infrastructure protection and insider threat and attack analysis. This paper discusses the information security implementation case.

  15. 29.01.03.M1 Security of Electronic Information Resources Page 1 of 3 UNIVERSITY RULE

    E-Print Network [OSTI]

    29.01.03.M1 Security of Electronic Information Resources Page 1 of 3 UNIVERSITY RULE 29.01.03.M1 Security of Electronic Information Resources Approved May 27, 2002 Revised May 28, 2009 Revised October 15, report and transmit information. Information Security Awareness Assessment and Compliance (ISAAC

  16. MINIMUM SECURITY REQUIREMENTS FOR FEDERAL

    E-Print Network [OSTI]

    March 2006 MINIMUM SECURITY REQUIREMENTS FOR FEDERAL INFORMATION AND INFORMATION SYSTEMS: FEDERAL INFORMATION PROCESSING STANDARD (FIPS) 200 APPROVED BY THE SECRETARY OF COMMERCE MINIMUM SECURITY REQUIREMENTS BY THE SECRETARY OF COMMERCE Shirley Radack, EditorShirley Radack, Editor Computer Security Division

  17. Comprehensive test ban treaty international monitoring system security threats and proposed security attributes

    SciTech Connect (OSTI)

    Draelos, T.J.; Craft, R.L.

    1996-03-01T23:59:59.000Z

    To monitor compliance with a Comprehensive Test Ban Treaty (CTBT), a sensing network, referred to as the International Monitoring System (IMS), is being deployed. Success of the IMS depends on both its ability to preform its function and the international community`s confidence in the system. To ensure these goals, steps must be taken to secure the system against attacks that would undermine it; however, it is not clear that consensus exists with respect to the security requirements that should be levied on the IMS design. In addition, CTBT has not clearly articulated what threats it wishes to address. This paper proposes four system-level threats that should drive IMS design considerations, identifies potential threat agents, and collects into one place the security requirements that have been suggested by various elements of the IMS community. For each such requirement, issues associated with the requirement are identified and rationale for the requirement is discussed.

  18. Roadmap to Secure Control Systems in the Energy Sector 2006 ...

    Energy Savers [EERE]

    2006 - Presentation to the 2008 ieRoadmap Workshop Roadmap to Secure Control Systems in the Energy Sector 2006 - Presentation to the 2008 ieRoadmap Workshop Presentation by Hank...

  19. Security Requirements for Classified Automatic Data Processing Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1985-07-10T23:59:59.000Z

    To establish and describe the computer security program for classified automatic data processing (ADP) systems at the Department of Energy (DOE) Headquarters. This directive does not cancel another directive. Canceled by DOE N 251.9.

  20. Homeland Security Challenges Facing Small Water Systems in Texas

    E-Print Network [OSTI]

    Dozier, Monty; Theodori, Gene L.; Jensen, Ricard

    2007-05-31T23:59:59.000Z

    across Texas A&M are now developing graduate classes on such areas as government programs related to homeland security, haz- ard mitigation, cybersecurity, public health and critical infrastructure protection related to water and wastewater systems...

  1. Run-Time Security Traceability for Evolving Systems1

    E-Print Network [OSTI]

    Jurjens, Jan

    , integrity, authentication and others) and security assumptions on the system environment, can be specified applications (e.g., at BMW [5] and O2 (Germany) [6]). However, it is not enough that the specification

  2. T-592: Cisco Security Advisory: Cisco Secure Access Control System

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directed offOCHCO Overview OCHCOSystems Analysis Success Stories Systems Analysis Success StoriesUnauthorized

  3. Social Security Administration Information Phone: (706) 542-2900 Fax: (706) 583-0123 Web: international.uga.edu Email: issis@uga.edu

    E-Print Network [OSTI]

    Hall, Daniel

    Social Security Administration Information Phone: (706) 542-2900 Fax: (706) 583-0123 Web and return, you will keep the same number. For additional information you may visit the Social Security with your new Social Security information. #12;

  4. Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST)

    E-Print Network [OSTI]

    1 Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS, Acting Chief, Computer Security Division, Information Technology Laboratory (ITL), NIST 9 Data Using Encryption Matthew Scholl, Computer Security Division, Information Technology Laboratory

  5. MASTER OF SCIENCE Information Systems

    E-Print Network [OSTI]

    Yang, Eui-Hyeok

    MASTER OF SCIENCE Information Systems LEADING INFORMATION INNOVATION www.stevens.edu/howe/IS #12 and management insight. The Master of Science in Information Systems at Stevens prepares students and current professionals to meet this industry need. The Master of Science in Information Systems (MSIS) program

  6. A Review of the Security of Insulin Pump Infusion Systems

    SciTech Connect (OSTI)

    Klonoff, David C. [Mills-Peninsula Health Services; Paul, Nathanael R [ORNL; Kohno, Tadayoshi [University of Washington, Seattle

    2011-01-01T23:59:59.000Z

    Insulin therapy has enabled diabetic patients to maintain blood glucose control to lead healthier lives. Today, rather than manually injecting insulin using syringes, a patient can use a device, such as an insulin pump, to programmatically deliver insulin. This allows for more granular insulin delivery while attaining blood glucose control. The insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this paper we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components including the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but we also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues both for now and in the future.

  7. Transmission Pricing of Distributed Multilateral Energy Transactions to Ensure System Security and Guide Economic Dispatch

    E-Print Network [OSTI]

    Ilic, Marija; Hsieh, Eric; Remanan, Prasad

    2004-06-16T23:59:59.000Z

    Transmission Pricing of Distributed Multilateral Energy Transactions to Ensure System Security and Guide Economic Dispatch...

  8. A secure email login system using virtual password

    E-Print Network [OSTI]

    Doshi, Nishant

    2010-01-01T23:59:59.000Z

    In today's world password compromise by some adversaries is common for different purpose. In ICC 2008 Lei et al. proposed a new user authentication system based on the virtual password system. In virtual password system they have used linear randomized function to be secure against identity theft attacks, phishing attacks, keylogging attack and shoulder surfing system. In ICC 2010 Li's given a security attack on the Lei's work. This paper gives modification on Lei's work to prevent the Li's attack with reducing the server overhead. This paper also discussed the problems with current password recovery system and gives the better approach.

  9. advancing nuclear security: Topics by E-print Network

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    private information within the system Paris-Sud XI, Universit de 183 Annual Security Report October 2013 Materials Science Websites Summary: of Security Field Operations,...

  10. 29.01.03.M1.28 Information Resources Security Surveillance Page 1 of 4 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    29.01.03.M1.28 Information Resources ­ Security Surveillance Page 1 of 4 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.28 Information Resources ­ Security Surveillance Approved April 13, 2010 Revised by the University Police Department #12;29.01.03.M1.28 Information Resources ­ Security Surveillance Page 2 of 4

  11. 29.01.03. M1.18 Information Resources Security Monitoring Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    29.01.03. M1.18 Information Resources ­ Security Monitoring Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.18 Information Resources ­ Security Monitoring Approved July 18, 2005 Revised April 27, etc. Reason for SAP The purpose of the security monitoring policy is to ensure that information

  12. 29.01.03. M1.19 Information Resources Security Awareness Training Page 1 of 2 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    29.01.03. M1.19 Information Resources ­ Security Awareness Training Page 1 of 2 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.19 Information Resources ­ Security Awareness and Training Approved July 18 Administrative Procedure Statement Understanding the importance of information security and individual

  13. Annual Report, "Federal Information Security Management Act: Fiscal Year 2011 Evaluation" (IG-12-002, October 17, 2011)

    E-Print Network [OSTI]

    Christian, Eric

    Annual Report, "Federal Information Security Management Act: Fiscal Year 2011 Evaluation" (IG-12's information technology (IT) security posture. For FY 2011, we adopted a risk-based approach in which we required areas of review for FY 2011 Federal Information Security Management Act (FISMA) reporting: · Risk

  14. Closing the Gap on Securing Energy Sector Control Systems [Guest editors' introduction

    E-Print Network [OSTI]

    Peisert, Sean; Margulies, Jonathan

    2014-01-01T23:59:59.000Z

    of course Stuxnet—the state of energy security might not bein the fi eld of energy security today is the application ofENERGY CONTROL SYSTEMS SECURITY GUEST EDITORS’ INTRODUCTION

  15. Towards Quantifying the (In)Security of Networked Systems Xiaohu Li T. Paul Parker Shouhuai Xu

    E-Print Network [OSTI]

    Xu, Shouhuai

    Towards Quantifying the (In)Security of Networked Systems Xiaohu Li T. Paul Parker Shouhuai Xu Traditional security analyses are often geared towards cryptographic primitives or protocols. Although approach. 1 Introduction Traditional security analyses are typically geared to- wards cryptographic

  16. Secure MISO Cognitive Radio System with Perfect and Imperfect CSI

    E-Print Network [OSTI]

    Wong, Vincent

    Secure MISO Cognitive Radio System with Perfect and Imperfect CSI Taesoo Kwon, Vincent W.S. Wong eavesdrop on the primary link. This paper explores multiple-input single-output (MISO) CR systems where a multiple- input single-output (MISO) beamforming algorithm for the secondary system. However, it only

  17. SMB Information Security Seminar (2013) Exercise 2 Estimated costs from bad things happening to your

    E-Print Network [OSTI]

    Magee, Joseph W.

    2013-01-01T23:59:59.000Z

    SMB Information Security Seminar (2013) Exercise 2 ­ Estimated costs from bad things happening to your important information. First, think about the information used in/by your organization. Second, enter into the table below your top two highest priority information types. Third, enter estimated costs

  18. Developmental Integrative BiologyCyber Security UNT is recognized by the National Security Agency and the Department of

    E-Print Network [OSTI]

    Tarau, Paul

    security. Information and computer security, trust and information assurance, systems architecture to identify and address a range of changing information sources and security vulnerabilities. UNT brings experts to address next generation challenges. The UNT-based Center for Information and Computer Security

  19. Aerial Measuring System | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    Consequence Management Aerial Measuring System Aerial Measuring System AMS Logo NNSA's Aerial Measuring System (AMS) provides specialized airborne radiation detection...

  20. Economic Incentives of Providing Network Security Services Journal of Information Technology Management 1

    E-Print Network [OSTI]

    Sadeh, Norman M.

    Economic Incentives of Providing Network Security Services Journal of Information Technology Management 1 THE ECONOMIC INCENTIVES OF PROVIDING NETWORK SECURITY SERVICES ON THE INTERNET INFRASTRUCTURE Li in the economic incentives inherent in providing the defenses as well as uncertainty in current defenses. We

  1. Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard

    E-Print Network [OSTI]

    Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard Stefan Fenz an ontology-based framework to improve the preparation of ISO/IEC 27001 audits, and to strengthen the security elaborate on how ISO/IEC 27001 artifacts can be inte- grated into this ontology. A basic introduction

  2. Investigating alternative concepts of operations for a maritime security system of systems

    E-Print Network [OSTI]

    Mekdeci, Brian Anthony

    For complex systems of systems, such as those required to perform maritime security, system architects have numerous choices they may select from, both in the components and in the way the system operates. Component choices, ...

  3. Model-based Security Analysis of the German Health Card Architecture

    E-Print Network [OSTI]

    Jurjens, Jan

    information systems, security, German Health Card. 1 #12;1 Introduction The use of health-care information information security that are particularly significant for health-care systems, due both to the inherent these risks and enable secure health-care information systems, the security analysis has to be embedded

  4. Using Multiple Unmanned Systems for a Site Security Task

    SciTech Connect (OSTI)

    Matthew O. Anderson; Curtis W. Nielsen; Mark D. McKay; Derek C. Wadsworth; Ryan C. Hruska; John A. Koudelka

    2009-04-01T23:59:59.000Z

    Unmanned systems are often used to augment the ability of humans to perform challenging tasks. While the value of individual unmanned vehicles have been proven for a variety of tasks, it is less understood how multiple unmanned systems should be used together to accomplish larger missions such as site security. The purpose of this paper is to discuss efforts by researchers at the Idaho National Laboratory (INL) to explore the utility and practicality of operating multiple unmanned systems for a site security mission. This paper reviews the technology developed for a multi-agent mission and summarizes the lessons-learned from a technology demonstration.

  5. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01T23:59:59.000Z

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  6. RECOMMENDED SECURITY CONTROLS FOR FEDERAL

    E-Print Network [OSTI]

    May 2005 RECOMMENDED SECURITY CONTROLS FOR FEDERAL INFORMATION SYSTEMS: GUIDANCE FOR SELECTING COST-EFFECTIVE CONTROLS USING A RISK-BASED PROCESS Shirley Radack, Editor, Computer Security Division, Information Technology Laboratory National Institute of Standards and Technology Security controls are the management

  7. Truffles --Secure File Sharing With Minimal System Administrator Intervention

    E-Print Network [OSTI]

    California at Los Angeles, University of

    Truffles -- Secure File Sharing With Minimal System Administrator Intervention Peter Reiher Thomas sharing between arbitrary users at arbitrary sites connected by a network. Truffles is an interesting the potential of greatly increasing the workload of system administrators, if the services are not designed

  8. A Multidisciplinary Electronic Commerce Project Studio for Secure Systems

    E-Print Network [OSTI]

    Reeves, Douglas S.

    of electronic commerce systems while applying software engineering principles. A research engine will be usedA Multidisciplinary Electronic Commerce Project Studio for Secure Systems Annie I. Ant--n* Department of Computer Science College of Engineering North Carolina State University Engineering Graduate

  9. Marine asset security and tracking (MAST) system

    DOE Patents [OSTI]

    Hanson, Gregory Richard (Clinton, TN); Smith, Stephen Fulton (Loudon, TN); Moore, Michael Roy (Corryton, TN); Dobson, Eric Lesley (Charleston, SC); Blair, Jeffrey Scott (Charleston, SC); Duncan, Christopher Allen (Marietta, GA); Lenarduzzi, Roberto (Knoxville, TN)

    2008-07-01T23:59:59.000Z

    Methods and apparatus are described for marine asset security and tracking (MAST). A method includes transmitting identification data, location data and environmental state sensor data from a radio frequency tag. An apparatus includes a radio frequency tag that transmits identification data, location data and environmental state sensor data. Another method includes transmitting identification data and location data from a radio frequency tag using hybrid spread-spectrum modulation. Another apparatus includes a radio frequency tag that transmits both identification data and location data using hybrid spread-spectrum modulation.

  10. Pressurized security barrier and alarm system

    DOE Patents [OSTI]

    Carver, D.W.

    1995-04-11T23:59:59.000Z

    A security barrier for placement across a passageway is made up of interconnected pressurized tubing made up in a grid pattern with openings too small to allow passage. The tubing is connected to a pressure switch, located away from the barrier site, which activates an alarm upon occurrence of a pressure drop. A reinforcing bar is located inside and along the length of the tubing so as to cause the tubing to rupture and set off the alarm upon an intruder`s making an attempt to crimp and seal off a portion of the tubing by application of a hydraulic tool. Radial and rectangular grid patterns are disclosed. 7 figures.

  11. Pressurized security barrier and alarm system

    DOE Patents [OSTI]

    Carver, Don W. (Knoxville, TN)

    1995-01-01T23:59:59.000Z

    A security barrier for placement across a passageway is made up of interconnected pressurized tubing made up in a grid pattern with openings too small to allow passage. The tubing is connected to a pressure switch, located away from the barrier site, which activates an alarm upon occurrence of a pressure drop. A reinforcing bar is located inside and along the length of the tubing so as to cause the tubing to rupture and set off the alarm upon an intruder's making an attempt to crimp and seal off a portion of the tubing by application of a hydraulic tool. Radial and rectangular grid patterns are disclosed.

  12. NNSA Policy System | National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645U.S. DOE Office of Science (SC)Integrated Codes |IsLoveReferenceAgendaSecurityAbout Us / Our Operations /

  13. Cybersecurity Management in the States: The Emerging Role of Chief Information Security Officers

    E-Print Network [OSTI]

    Goodyear, Marilu; Goerdel, Holly T.; Portillo, Shannon; Williams, Linda M.

    2010-01-01T23:59:59.000Z

    , and in their personal lives. Both corporations and government have responded by creating a new role in their organizations to lead the safeguarding efforts—chief information security officers (CISOs). The role of these officers is still under development. Do...

  14. Model-driven Security Policy Deployment: Property Oriented Approach

    E-Print Network [OSTI]

    Garcia-Alfaro, Joaquin

    and managing the access control rules of an information system are some of the major concerns of security systems. We formally prove the process of de- ploying a security policy related to an information system the deployment of access control security policies. We show how the use of a formal ex- pression of the security

  15. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    optimal control and stabilization for linear systems with bounded controloptimal switching control for abstract linear systems onoptimal control for discrete-time, linear dynamical systems in which control

  16. Use of a hybrid technology in a critical security system.

    SciTech Connect (OSTI)

    Trujillo, David J.

    2010-10-01T23:59:59.000Z

    Assigning an acceptable level of power reliability in a security system environment requires a methodical approach to design when considering the alternatives tied to the reliability and life of the system. The downtime for a piece of equipment, be it for failure, routine maintenance, replacement, or refurbishment or connection of new equipment is a major factor in determining the reliability of the overall system. In addition to these factors is the condition where the system is static or dynamic in its growth. Most highly reliable security power source systems are supplied by utility power with uninterruptable power source (UPS) and generator backup. The combination of UPS and generator backup with a reliable utility typically provides full compliance to security requirements. In the energy market and from government agencies, there is growing pressure to utilize alternative sources of energy other than fossil fuel to increase the number of local generating systems to reduce dependence on remote generating stations and cut down on carbon effects to the environment. There are also conditions where a security system may be limited on functionality due to lack of utility power in remote locations. One alternative energy source is a renewable energy hybrid system including a photovoltaic or solar system with battery bank and backup generator set. This is a viable source of energy in the residential and commercial markets where energy management schemes can be incorporated and systems are monitored and maintained regularly. But, the reliability of this source could be considered diminished when considering the security system environment where stringent uptime requirements are required.

  17. Use of a hybrid technology in a critical security system.

    SciTech Connect (OSTI)

    Scharmer, Carol; Trujillo, David J.

    2010-08-01T23:59:59.000Z

    Assigning an acceptable level of power reliability in a security system environment requires a methodical approach to design when considering the alternatives tied to the reliability and life of the system. The downtime for a piece of equipment, be it for failure, routine maintenance, replacement, or refurbishment or connection of new equipment is a major factor in determining the reliability of the overall system. In addition to these factors is the condition where the system is static or dynamic in its growth. Most highly reliable security power source systems are supplied by utility power with uninterruptable power source (UPS) and generator backup. The combination of UPS and generator backup with a reliable utility typically provides full compliance to security requirements. In the energy market and from government agencies, there is growing pressure to utilize alternative sources of energy other than fossil fuel to increase the number of local generating systems to reduce dependence on remote generating stations and cut down on carbon effects to the environment. There are also conditions where a security system may be limited on functionality due to lack of utility power in remote locations. One alternative energy source is a renewable energy hybrid system including a photovoltaic or solar system with battery bank and backup generator set. This is a viable source of energy in the residential and commercial markets where energy management schemes can be incorporated and systems are monitored and maintained regularly. But, the reliability of this source could be considered diminished when considering the security system environment where stringent uptime requirements are required.

  18. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    Attacks Against Water SCADA Systems . . . . . . . . . .2 d (bottom) [simulated results]. . Gignac SCADA supervisoryGignac canal network and SCADA system . . . . . . . . .

  19. March 23, 1999 Copyright 1999 Baptist Health Systems of SF 1 Security Requirements in

    E-Print Network [OSTI]

    Management Process Termination Procedures Traning Assigned Security Responcibility Media Controls Physical Baptist Health Systems of SF 9 Technical Security Mechanizms (communication security) Integrity ControlsMarch 23, 1999 Copyright © 1999 Baptist Health Systems of SF 1 Security Requirements in Healthcare

  20. Restricting information flow in security APIs via typing 

    E-Print Network [OSTI]

    Keighren, Gavin

    2014-06-27T23:59:59.000Z

    Security APIs are designed to enable the storage and processing of confidential data without that data becoming known to individuals who are not permitted to obtain it, and are central to the operation of Automated Teller ...

  1. GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor

    E-Print Network [OSTI]

    , was written by Karen Scarfone and Murugiah Souppaya of NIST, and by Amanda Cody and Angela Orebaugh of Booz Allen Hamilton. The new guide replaces NIST SP 800-42, Guideline on Network Security Testing. NIST SP

  2. Process Control System Cyber Security Standards - An Overview

    SciTech Connect (OSTI)

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01T23:59:59.000Z

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  3. NIST Computer Security Division csrc.nist.gov Summary of NIST SP 800-53 Revision 4,

    E-Print Network [OSTI]

    and Privacy Controls for Federal Information Systems and Organizations Kelley Dempsey Computer Security-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, which .............................................................. 3 Figure 3: Security Control Selection Process

  4. Tools and Methods for Hardening Communication Security of Energy Delivery Systems

    SciTech Connect (OSTI)

    Gadgil, Shrirang; Lin, Yow-Jian; Ghosh, Abhrajit; Samtani, Sunil; Kang, Jaewon; Siegell, Bruce; Kaul, Vikram; Unger, John; De Bruet, Andre; Martinez, Catherine; Vermeulen, Gerald; Rasche, Galen; Sternfeld, Scott; Berthier, Robin; Bobba, Rakesh; Campbell, Roy; Sanders, Williams; Lin, Yow-Jian

    2014-06-30T23:59:59.000Z

    This document summarizes the research and development work the TT Government Solutions (TTGS), d.b.a. Applied Communication Sciences (ACS), team performed for the Department of Energy Cybersecurity for Energy Delivery Systems (CEDS) program. It addresses the challenges in protecting critical grid control and data communication, including the identification of vulnerabilities and deficiencies of communication protocols commonly used in energy delivery systems (e.g., ICCP, DNP3, C37.118, C12.22), as well as the development of effective means to detect and prevent the exploitation of such vulnerabilities and deficiencies. The team consists of • TT Government Solutions (TTGS), a leading provider of communications solutions that has extensive experience in commercializing communications solutions. TTGS also has deep cyber security research and development expertise supporting a variety of customers. • University of Illinois at Urbana-Champaign (UIUC), a leader in the cyber security research for the power grid. UIUC brings unique experience in designing secure communication protocols to this project. • Electric Power Research Institute (EPRI), an independent nonprofit that conducts research and development relating to the generation, delivery and use of electricity for the benefit of the public. EPRI brings to this effort its extensive technical expertise and its utility connections, with members representing more than 90 percent of the electricity generated and delivered in the United States. • DTE Energy, the 10th largest electric utility in the US, which helps ensure that this project focuses on the needs of utilities and is rightly positioned to address the needs of the market place. We designed, developed, and demonstrated a modular and extensible ADEC-G (Agent-based, Distributed, Extensible Cybersecurity for the Grid) system for monitoring/detecting abnormal energy delivery systems (EDS) protocol usage and ensuring security coverage. Our approach consists of i. An online system with stateful model based checkers (SMBCs) that helps utilities monitor EDS protocol communication contexts and flag abnormal session behaviors; ii. An offline framework that security tool developers, operators, and auditors can use to verify security properties (leverages formal methods). The modular design of the ADEC-G online system enables its easy extension to cover added protocol features, to introduce new monitoring capabilities, and to apply to additional communication protocols. Its monitoring capabilities and user interface features also facilitate visibilities into ongoing communication patterns and quick grasps of suspicious communication activities. The offline framework provides a platform not only for rigorous validation of security coverage, but also for systematic refinement of checker design leveraging the counter traces generated by the model checking tool. The ADEC-G online monitoring/detection system and the offline validation framework are both operational and have been demonstrated in various settings. The ADEC-G online system has also been integrated into TTGS SecureSmart Managed Security Services offering and been employed to perform security assessment in a section of a utility’s operational network as well as in other Smart Grid security pilot project offerings. TTGS is also in discussions with several system integrators for incorporating the integrated SecureSmart Managed Security Services offering as the cyber security solution for the nce of Operations Technology (OT) and Information Technology (IT).

  5. Secure Data Center (Fact Sheet)

    SciTech Connect (OSTI)

    Not Available

    2012-08-01T23:59:59.000Z

    This fact sheet describes the purpose, lab specifications, applications scenarios, and information on how to partner with NREL's Secure Data Center at the Energy Systems Integration Facility.

  6. A Knowledge Base for Justified Information Security Decision-Making D. Stepanova, S. E. Parkin, A. van Moorsel.

    E-Print Network [OSTI]

    Newcastle upon Tyne, University of

    Information Security Officer (CISO) within an organisation to ensure that such information is adequately protected. External standards exist to advise CISOs on how to secure information, but these are essentially insecure employee behaviour. CISOs require more information than they are currently provided

  7. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    critical infrastructure systems, such as electric powerinfrastructures, for e.g. , the next generation electric power

  8. Critical issues in process control system security : DHS spares project.

    SciTech Connect (OSTI)

    Hernandez, Jacquelynne; McIntyre, Annie; Henrie, Morgan

    2010-10-01T23:59:59.000Z

    The goals of this event are: (1) Discuss the next-generation issues and emerging risks in cyber security for control systems; (2) Review and discuss common control system architectures; (3) Discuss the role of policy, standards, and supply chain issues; (4) Interact to determine the most pertinent risks and most critical areas of the architecture; and (5) Merge feedback from Control System Managers, Engineers, IT, and Auditors.

  9. Cyberspace Security Econometrics System (CSES) - U.S. Copyright TXu 1-901-039

    SciTech Connect (OSTI)

    Abercrombie, Robert K [ORNL] [ORNL; Schlicher, Bob G [ORNL] [ORNL; Sheldon, Frederick T [ORNL] [ORNL; Lantz, Margaret W [ORNL] [ORNL; Hauser, Katie R [ORNL] [ORNL

    2014-01-01T23:59:59.000Z

    Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. The Cyberspace Security Econometrics System (CSES) provides a measure (i.e., a quantitative indication) of reliability, performance, and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. For a given stakeholder, CSES accounts for the variance that may exist among the stakes one attaches to meeting each requirement. The basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings contained in this copyright.

  10. Security Architecture of Smart Metering Systems Natasa Zivic1

    E-Print Network [OSTI]

    Boyer, Edmond

    Security Architecture of Smart Metering Systems Natasa Zivic1 and Christoph Ruland1 1 University.Zivic, Christoph.Ruland}@uni-siegen.de Abstract. The main goals of smart metering are the reduction of costs dynamically the power generation and distribution to the requested energy by smart grids. Metering devices

  11. Securing Internet Coordinate Embedding Systems Mohamed Ali Kaafar

    E-Print Network [OSTI]

    Turletti, Thierry

    Securing Internet Coordinate Embedding Systems Mohamed Ali Kaafar INRIA Sophia Antipolis, FR mkaafar@sophia.inria.fr Laurent Mathy Lancaster University, UK laurent@comp.lancs.ac.uk Chadi Barakat INRIA Sophia Antipolis, FR barakat@sophia.inria.fr Kave Salamatian LIP6, FR and EPFL, CH kave

  12. Security proof for quantum key distribution using qudit systems

    SciTech Connect (OSTI)

    Sheridan, Lana [Centre for Quantum Technologies, National University of Singapore (Singapore); Scarani, Valerio [Centre for Quantum Technologies, National University of Singapore (Singapore); Department of Physics, National University of Singapore (Singapore)

    2010-09-15T23:59:59.000Z

    We provide security bounds against coherent attacks for two families of quantum key distribution protocols that use d-dimensional quantum systems. In the asymptotic regime, both the secret key rate for fixed noise and the robustness to noise increase with d. The finite key corrections are found to be almost insensitive to d < or approx. 20.

  13. Mobile RFID Security Issues -ICU 1 SCIS 2006: The 2006 Symposium on Cryptography and Information Security

    E-Print Network [OSTI]

    Kim, Kwangjo

    #12;Mobile RFID Security Issues - ICU 2 RFID Technology (1/2) Radio Frequency Identification (RFID Issues - ICU 5 Mobile RFID Technology (1/2) RFID readers would become ubiquitous Get easy and quick Mobile RFID Technology (2/2) A mobile phone or any portable device Also behaves as RFID reader

  14. CMAD IV 11/14/96 Information Security

    E-Print Network [OSTI]

    California at Davis, University of

    utilities, power pools, vendors etc.. #12;CMAD IV 11/14/96 #12; #12; GridCo LineCo PoolCo Energy Merchant INFO INFO INFO $ $ $ PWR PWR PWR #12;CMAD IV 11/14/96 "Future" Is At Hand · Federal Energy Regulatory protection and audit practices inadequate. · Internal priorities limiting attention to security concerns

  15. Delegating Network Security with More Information Stanford University

    E-Print Network [OSTI]

    's networks. Delegation makes administrators less of a bottle- neck when policy needs to be modified and allows network administration to follow organizational lines. To enable del- egation, we propose ident authority, the network administrator, that administrator has usually had to configure myriad security

  16. INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu

    E-Print Network [OSTI]

    Shyy, Wei

    what might be lurking there ready to attack. According to the SANS (SysAdmin, Audit, Network, Security the Internet with an administrator's account, your computer is at an even higher risk since most malicious code is designed to infiltrate your computer by using the total access of the administrator's account against you

  17. Data Sciences Technology for Homeland Security Information Management

    E-Print Network [OSTI]

    Kolda, Tamara G.

    . Samatova, D. Speck, R. Srikant, J. Thomas, M. Wertheimer, P. C. Wong SANDIA REPORT SAND2004-6648 Unlimited Report of the DHS Workshop on Data Sciences September 22-23, 2004 Jointly released by Sandia National, a Lockheed Martin Company, for the United States Department of Energy's National Nuclear Security

  18. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01T23:59:59.000Z

    buildings and smart structures portend immense datavehicles and buildings equipped with smart meters). Thebuilding’s occupants). The operating systems of upcoming infrastructures such as smart

  19. Security alarm communication and display systems development

    SciTech Connect (OSTI)

    Waddoups, I.G.

    1990-01-01T23:59:59.000Z

    Sandia National Laboratories has developed a variety of alarm communication and display systems for a broad spectrum of users. This paper will briefly describe the latest systems developed for the Department of Energy (DOE), the Department of Defense (DoD), and the Department of State (DOS) applications. Applications covered will vary from relatively small facilities to large complex sites. Ongoing system developments will also be discussed. The concluding section will summarize the practical, implementable state-of-the-art features available in new systems. 6 figs.

  20. T3: Secure, Scalable, Distributed Data Movement and Remote System Control for Enterprise Level Cyber Security

    SciTech Connect (OSTI)

    Thomas, Gregory S.; Nickless, William K.; Thiede, David R.; Gorton, Ian; Pitre, Bill J.; Christy, Jason E.; Faultersack, Elizabeth M.; Mauth, Jeffery A.

    2009-07-20T23:59:59.000Z

    Enterprise level cyber security requires the deployment, operation, and monitoring of many sensors across geographically dispersed sites. Communicating with the sensors to gather data and control behavior is a challenging task when the number of sensors is rapidly growing. This paper describes the system requirements, design, and implementation of T3, the third generation of our transport software that performs this task. T3 relies on open source software and open Internet standards. Data is encoded in MIME format messages and transported via NNTP, which provides scalability. OpenSSL and public key cryptography are used to secure the data. Robustness and ease of development are increased by defining an internal cryptographic API, implemented by modules in C, Perl, and Python. We are currently using T3 in a production environment. It is freely available to download and use for other projects.

  1. Analytical foundations of physical security system assessment

    E-Print Network [OSTI]

    Graves, Gregory Howard

    2006-10-30T23:59:59.000Z

    - tion scenarios or systems. Peck [23] [24] and Peck and Lacombe [25] have explored unattended ground sensors with regard to their employment as part of an intrusion detection system in a force protection role for base camps. They examine environ- mental...

  2. Security problems with a SC-CNN-based Chaotic Masking Secure Communication System

    E-Print Network [OSTI]

    A. B. Orue; G. Alvarez; F. Montoya; C. Sanchez-Avila

    2007-06-20T23:59:59.000Z

    This paper studies the security of a chaotic cryptosystem based on the Chua circuit and implemented with State Controlled Cellular Neural Networks. It is shown that the plaintext can be retrieved by ciphertext band-pass filtering after an imperfect decoding with wrong receiver parameters. It is also shown that the key space of the system can be notably reduced easing a brute force attack. The system parameters were determined with high precision through the analysis of the decoding error produced by the mismatch between receiver and transmitter parameters.

  3. On the Computational Practicality of Private Information Retrieval Network Security and Applied Cryptography Lab

    E-Print Network [OSTI]

    Carbunar, Bogdan

    On the Computational Practicality of Private Information Retrieval Radu Sion Network Security of single-server computational pri- vate information retrieval (PIR) for the purpose of preserv- ing client access patterns leakage. We show that deployment of non-trivial single server PIR protocols on real

  4. Federal Information Security Management Act: Fiscal Year 2012 Evaluation (IG-13-001, October 10, 2012)

    E-Print Network [OSTI]

    Federal Information Security Management Act: Fiscal Year 2012 Evaluation (IG-13-001, October 10 Administrator, provides the Office of Inspector General's (OIG) independent assessment of NASA's information that NASA has established a program to address the challenges in each of the areas that the Office

  5. Security analysis of communication system based on the synchronization of different order chaotic systems

    E-Print Network [OSTI]

    G. Alvarez; L. Hernandez; J. Munoz; F. Montoya; Shujun Li

    2005-06-27T23:59:59.000Z

    This work analyzes the security weakness of a recently proposed communication method based on chaotic modulation and masking using synchronization of two chaotic systems with different orders. It is shown that its application to secure communication is unsafe, because it can be broken in two different ways, by high-pass filtering and by reduced order system synchronization, without knowing neither the system parameter values nor the system key.

  6. Password secured systems and negative authentication

    E-Print Network [OSTI]

    Madero, Alvaro

    2013-01-01T23:59:59.000Z

    Today's industry, government, and critical infrastructure are dependent on software systems. In their absence, our modern world would come to a stop. Given our dependence, the mounting cyber threat is of critical concern. ...

  7. Asbestos : operating system security for mobile devices

    E-Print Network [OSTI]

    Stevenson, Martijn

    2006-01-01T23:59:59.000Z

    This thesis presents the design and implementation of a port of the Asbestos operating system to the ARM processor. The port to the ARM allows Asbestos to run on mobile devices such as cell phones and personal digital ...

  8. Information technology equipment cooling system

    SciTech Connect (OSTI)

    Schultz, Mark D.

    2014-06-10T23:59:59.000Z

    According to one embodiment, a system for removing heat from a rack of information technology equipment may include a sidecar indoor air to liquid heat exchanger that cools warm air generated by the rack of information technology equipment. The system may also include a liquid to liquid heat exchanger and an outdoor heat exchanger. The system may further include configurable pathways to connect and control fluid flow through the sidecar heat exchanger, the liquid to liquid heat exchanger, the rack of information technology equipment, and the outdoor heat exchanger based upon ambient temperature and/or ambient humidity to remove heat from the rack of information technology equipment.

  9. System-level Design Space Exploration for Security Processor Prototyping in Analytical Approaches

    E-Print Network [OSTI]

    Lee, Jenq-Kuen

    of architectures in designing the security processor-based systems typically involves time- consuming simulation strategy for synoptically exploring of the candidate ar- chitectures of security processor-based systems performance evaluations in order to provide design decisions for security processors and systems. In the case

  10. Energy trading and information systems

    SciTech Connect (OSTI)

    NONE

    1995-12-31T23:59:59.000Z

    This document contains reports which were presented at the meeting on Energy Trading and Information Systems. Topics were concerned with the importance and use of information systems to the natural gas industry. Individual papers have been processed separately for the United States Department of Energy databases.

  11. Towards a Standard for Highly Secure SCADA Systems

    SciTech Connect (OSTI)

    Carlson, R.

    1998-09-25T23:59:59.000Z

    The critical energy inkstructures include gas, OL and electric power. These Mrastructures are complex and interdependent nmvorks that are vital to the national secwiy and social well being of our nation. Many electric power systems depend upon gas and oil, while fossil energy delive~ systems depend upon elecnic power. The control mechanisms for these Mrastructures are often referred to as SCADA (Supmivry CkmdandDaU Ac@itz&z) systems. SCADA systems provide remote monitoring and centralized control for a distributed tmnsportation infmsmucture in order to facilitate delivery of a commodi~. AIthough many of the SCADA concepts developed in this paper can be applied to automotive mmsponation systems, we will use transportation to refer to the movement of electrici~, gas, and oil. \\ Recently, there have been seveml reports suggesting that the widespread and increasing use of SCADA for control of energy systems provides an increasing opportuni~ for an advers~ to cause serious darnage to the energy inbstmcturei~. This damage could arise through cyber infiltration of the SCADA networks, by physically tampering with the control networks, or through a combination of both means. SCADA system threats decompose into cyber and physical threats. One solution to the SCADA security problem is to design a standard for a highly secure KA.DA system that is both cyber, and physdly secure. Not all-physical threats are possible to guard again% but of those threats that are, high security SCADA provides confidence that the system will continue to operate in their presence. One of the most important problems in SCADA securi~ is the relationship between the cyber and physical vulnerabilities. Cyber intrusion increases physical Vulnerabilities, while in the dual problem physical tampering increases cyber vulnerabilit.ies. There is potential for feedback and the precise dynamics need to be understood. As a first step towards a stan~ the goal of this paper is to facilitate a discussion of the requirements analysis for a highly secure SCADA system. The fi-arnework for the discussion consists of the identification of SCADA security investment areas coupled with the tradeoffs that will force compromises in the solution. For example, computational and bandwidth requirements of a security standard could force the replacement of entire SCADA systems. The requirements for a real-time response in a cascading electric power failure could pose limitations on authentication and encryption mechanisms. The shortest path to the development of a high securi~ SC.ADA standard will be achieved by leveraging existing standards efforts and ensuring that security is being properly addressed in those standards. The Utility Communications Architecture 2.o (UC@, for real-time utili~ decision control, represents one such standard. The development of a SCADA secwiy specification is a complex task that will benefit from a systems engineering approach.

  12. Integrated risk information system (IRIS)

    SciTech Connect (OSTI)

    Tuxen, L. [Environmental Protection Agency, Washington, DC (United States)

    1990-12-31T23:59:59.000Z

    The Integrated Risk Information System (IRIS) is an electronic information system developed by the US Environmental Protection Agency (EPA) containing information related to health risk assessment. IRIS is the Agency`s primary vehicle for communication of chronic health hazard information that represents Agency consensus following comprehensive review by intra-Agency work groups. The original purpose for developing IRIS was to provide guidance to EPA personnel in making risk management decisions. This original purpose for developing IRIS was to guidance to EPA personnel in making risk management decisions. This role has expanded and evolved with wider access and use of the system. IRIS contains chemical-specific information in summary format for approximately 500 chemicals. IRIS is available to the general public on the National Library of Medicine`s Toxicology Data Network (TOXNET) and on diskettes through the National Technical Information Service (NTIS).

  13. Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs for Phase 2 of the Secure Power Systems Professional project

    SciTech Connect (OSTI)

    O'Neil, Lori Ross; Assante, Michael; Tobey, D. H.; Conway, T. J.; Vanderhorst, Jr, T. J.; Januszewski, III, J.; leo, R.; Perman, K.

    2013-08-26T23:59:59.000Z

    This is the final report of Phase 2 of the Secure Power Systems Professional project, a 3 phase project. DOE will post to their website upon release.

  14. Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

    SciTech Connect (OSTI)

    Ondrej Linda; Todd Vollmer; Milos Manic

    2012-08-01T23:59:59.000Z

    The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.

  15. Senior Systems Engineer | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA Approved: 5-13-14 FEDERALAmerica HighSTARTOperations /Senate RejectsSystems

  16. emergency management systems | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA Approved: 5-13-14Russian NuclearNational5/%2A en Office|3 Issue 25systems |

  17. Communications of the Association for Information Systems | Number 1Volume 28 Article 22

    E-Print Network [OSTI]

    -1-2011 Information Security Risk Management: In Which Security Solutions Is It Worth Investing? Stefan Fenz Vienna, Thomas (2011) "Information Security Risk Management: In Which Security Solutions Is It Worth Investing://aisel.aisnet.org/cais/vol28/iss1/22 #12;Volume 28 Article 22 Information Security Risk Management: In Which Security Solutions

  18. NMMSS Information, Reports & Forms | National Nuclear Security

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA groupTubahq.na.govSecurityMaintaining theSan Jose-San|NGSI Safeguards|

  19. TEPS/BPA Information | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative1 First Use of Energy for All Purposes (Fuel and Nonfuel), 2002; Level: National5Sales for4,645 3,625 1,006 492 742EnergyOn AprilA Approved: 5-13-14 FEDERALAmericaAdministration |SecurityNuclearTHE

  20. Evergreen Securities formerly Ethanol Investments | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are beingZealand JumpConceptual Model,DOEHazelPennsylvania: Energy Resources(RECP)Coolers Jump to:New York,Securities

  1. EcoSecurities Brasil Ltd | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are beingZealand JumpConceptual Model,DOEHazel Crest, Illinois: EnergyEastport, Maine:EauEcoFactor IncEcoSecurities

  2. Intelligent Building Energy Information and Control Systems for Low-Energy

    E-Print Network [OSTI]

    for about 70 percent of electricity use. To address energy security issues and environmental concerns&R International, 2011). To address energy security and environmental concerns there is an urgent needLBNL-5894E Intelligent Building Energy Information and Control Systems for Low-Energy Operations

  3. Three Tenets for Secure Cyber-Physical System Design and Jeff Hughesa

    E-Print Network [OSTI]

    Cybenko, George

    at designing systems that are "provably" secure according to some idealized formal model of security. In factThree Tenets for Secure Cyber-Physical System Design and Assessment Jeff Hughesa George Cybenkob a design and assessment. Called The Three Tenets, this originally empirical approach has been used

  4. YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems (Extended Version)

    E-Print Network [OSTI]

    YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems (Extended Version security, and yet incurs minimal end-to-end communication latency. Keywords: SCADA network security, bump links between devices in legacy Supervisory Con- trol And Data Acquisition (SCADA) systems, on which

  5. Development of a Window Based Security System for Electronic Data Interchange

    E-Print Network [OSTI]

    Philip, Achimugu; Joshua, Abah

    2011-01-01T23:59:59.000Z

    The Electronic Data Interchange (EDI) is the exchange of standardized documents between computer systems for business use. The objective of this study is to make Electronic Data Interchange secure to use and to eliminate human intervention in the transfer of data between business partners so that productivity and efficiency can be improved and also promote its usage between two or more trading organizations. This paper provides an overview of EDI by describing the traditional problems of exchanging information in business environments and how the EDI solves those problems and gives benefits to the company that makes use of EDI. This paper also introduces the common EDI Standards and explains how it works, how it is used over the internet and the security measures implemented. The system was executed on both local area network and wide area network after a critical study of the existing EDI methods and also implemented using VB.Net programming language. Finally, an interactive program was developed that handle...

  6. Design principles and patterns for computer systems that are simultaneously secure and usable

    E-Print Network [OSTI]

    Garfinkel, Simson

    2005-01-01T23:59:59.000Z

    It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising ...

  7. Roadmap to Secure Control Systems in the Energy Sector- January 2006

    Broader source: Energy.gov [DOE]

    This document, the Roadmap to Secure Control Systems in the Energy Sector, outlines a coherent plan for improving cyber security in the energy sector. It is the result of an unprecedented...

  8. EMCAS, an evaluation methodology for safeguards and security systems

    SciTech Connect (OSTI)

    Eggers, R.F.; Giese, E.W.; Bichl, F.J.

    1987-07-01T23:59:59.000Z

    EMCAS is an evaluation methodology for safeguards and security systems. It provides a score card of projected or actual system performance for several areas of system operation. In one area, the performance of material control and accounting and security systems, which jointly defend against the insider threat to divert or steal special nuclear material (SNM) using stealth and deceit, is evaluated. Time-dependent and time-independent risk equations are used for both diversion and theft risk calculations. In the case of loss detection by material accounting, a detailed timeliness model is provided to determine the combined effects of loss detection sensitivity and timeliness on the overall effectiveness of the material accounting detection procedure. Calculated risks take into account the capabilities of process area containment/surveillance, material accounting mass balance tests, and physical protection barriers and procedures. In addition, EMCAS evaluates the Material Control and Accounting (MCandA) System in the following areas: (1) system capability to detect errors in the official book inventory of SNM, using mass balance accounting methods, (2) system capability to prevent errors from entering the nuclear material data base during periods of operation between mass balance tests, (3) time to conduct inventories and resolve alarms, and (4) time lost from production to carry out material control and accounting loss detection activities.

  9. EMCAS: An evaluation methodology for safeguards and security systems

    SciTech Connect (OSTI)

    Eggers, R.F.; Giese, E.W.; Bichl, F.J.

    1987-01-01T23:59:59.000Z

    EMCAS is an evaluation methodology for safeguards and security systems. It provides a score card of projected or actual system performance for several areas of system operation. In one area, the performance of material control and accounting and security systems, which jointly defend against the insider threat to divert or steal special nuclear material (SNM) using stealth and deceit, is evaluated. Time-dependent and time-independent risk equations are used for both diversion and theft risk calculations. In the case of loss detection by material accounting, a detailed timeliness model is provided to determine the combined effects of loss detection sensitivity and timeliness on the overall effectiveness of the material accounting detection procedure. Calculated risks take into account the capabilities of process area containment/surveillance, material accounting mass balance tests, and physical protection barriers and procedures. In addition, EMCAS evaluates the Material Control and Accounting (MC and A) System in the following areas: (1) system capability to detect errors in the official book inventory of SNM, using mass balance accounting methods, (2) system capability to prevent errors from entering the nuclear material data base during periods of operation between mass balance tests, (3) time to conduct inventories and resolve alarms, and (4) time lost from production to carry out material control and accounting loss detection activities. 3 figs., 5 tabs.

  10. Assessing Reliability in Energy Supply Systems

    E-Print Network [OSTI]

    McCarthy, Ryan; Ogden, Joan M.; Sperling, Dan

    2008-01-01T23:59:59.000Z

    Physical security Information security Interdepend- enciesagainst threats. Information security: The degree to whichPhysical security Information security Interdependencies

  11. Assessing reliability in energy supply systems

    E-Print Network [OSTI]

    McCarthy, Ryan W.; Ogden, Joan M.; Sperling, Daniel

    2007-01-01T23:59:59.000Z

    Physical security Information security Interdepend- enciesagainst threats. Information security: The degree to whichPhysical security Information security Interdependencies

  12. Securing against fraud in mobile communications : system design and development in 3G mobile networks

    E-Print Network [OSTI]

    Mochizuki, Yujiro, 1973-

    2006-01-01T23:59:59.000Z

    Network security ensures the consistency, integrity, and reliability of telecommunications systems. Authorized network access prevents fraudulent communications and maintains the availability of the systems. However, limited ...

  13. Center for Information & Systems Engineering

    E-Print Network [OSTI]

    Goldberg, Bennett

    imaging, video surveillance, modern energy systems and bioinformatics. With a proven track record of scholarship, funding and industry collaboration, CISE faculty bring vast research experience to addressing, information theory, control theory, queuing theory, simulation, and applied probability and statistics. Master

  14. Private Information Retrieval, Optimal for Users and Secure Coprocessors

    E-Print Network [OSTI]

    Freytag, Johann-Christoph

    @dbis.informatik.hu­berlin.de Abstract. A private information retrieval (PIR) protocol allows a user to retrieve one of N records from a database while hiding the identity of the record from the database server. A PIR protocol is optimal Private Information Retrieval (PIR) protocols. Formally, a PIR protocol allows a user to retrieve one of N

  15. Learning is Change in Knowledge: Knowledge-based Security for Dynamic Policies

    E-Print Network [OSTI]

    Chong, Stephen

    information, the security policy to enforce on information frequently changes: new users join the system, old a language-based model for specifying, reasoning about, and enforcing information security in systems confidential information may provide a different attacker with no new information. A program that is secure

  16. Quantum public-key algorithms to encrypt and authenticate quantum messages with information-theoretic security

    E-Print Network [OSTI]

    Liang, Min

    2012-01-01T23:59:59.000Z

    Public-key cryptosystems for quantum messages are considered from two aspects: public-key encryption and public-key authentication. Firstly, we propose a general construction of quantum public-key encryption scheme, and then construct an information-theoretic secure instance. Then, we propose a quantum public-key authentication scheme, which can protect the integrity of quantum messages. This scheme can both encrypt and authenticate quantum messages. It is information-theoretic secure with regard to encryption, and the success probability of tampering decreases exponentially with the security parameter with regard to authentication. Compared with classical public-key cryptosystems, one private-key in our schemes corresponds to an exponential number of public-keys, and every quantum public-key used by the sender is an unknown quantum state to the sender.

  17. Quantum public-key algorithms to encrypt and authenticate quantum messages with information-theoretic security

    E-Print Network [OSTI]

    Min Liang; Li Yang

    2012-05-10T23:59:59.000Z

    Public-key cryptosystems for quantum messages are considered from two aspects: public-key encryption and public-key authentication. Firstly, we propose a general construction of quantum public-key encryption scheme, and then construct an information-theoretic secure instance. Then, we propose a quantum public-key authentication scheme, which can protect the integrity of quantum messages. This scheme can both encrypt and authenticate quantum messages. It is information-theoretic secure with regard to encryption, and the success probability of tampering decreases exponentially with the security parameter with regard to authentication. Compared with classical public-key cryptosystems, one private-key in our schemes corresponds to an exponential number of public-keys, and every quantum public-key used by the sender is an unknown quantum state to the sender.

  18. Security policy concepts for microprocessor-based systems

    SciTech Connect (OSTI)

    Axline, R.M. Jr.; Ormesher, R.C.

    1989-03-01T23:59:59.000Z

    This report presents security policies for microprocessor-based systems and gives an example of how to enforce these policies, using an independent, hardware-based monitor, in a hypothetical single-processor system. The purpose of these policies is to detect erroneous behavior of the microprocessor system and to guarantee that accesses (read, write, or execute), by executable procedures,to the various system resources (other procedure, data areas, and peripheral ports) are in accordance with rules that are defined precisely and completely. We present the main result of our research as a ''Second-Order Security Policy'', which describes a segmentation of system resources into a number of ''Blocks'' and defines access rights of each ''Process Block'' to all Blocks in the system. The hardware-monitor example is a conceptual design of an independent monitor that we believe can be built to enforce the second-order policy in real time. This approach will be effective in preventing erroneous accesses to data structures and peripherals and in detecting errors in the transfer of program control from Block to Block. 9 refs., 11 figs., 3 tabs.

  19. Security and Elections

    E-Print Network [OSTI]

    Bishop, Matt; Peisert, Sean

    2012-01-01T23:59:59.000Z

    World Conf. Information Security Education, 2007, pp. 17–24;Security andElections IEEE Security & Privacy, 10(5):64–67, Sept. -

  20. Department of Energy Cyber Security Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2006-12-04T23:59:59.000Z

    The purpose of the DOE Cyber Security Management Program is to protect all DOE cyber information and information systems in order to implement the requirements of applicable laws required to maintain national security and ensure DOE business operations proceed without security events such as interruption or compromise. Cancels DOE O 205.1. Canceled by DOE O 205.1B.

  1. Department of Energy Cyber Security Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-03-21T23:59:59.000Z

    The purpose of the Department of Energy (DOE) Cyber Security Management Program (hereafter called the Program) is to protect all DOE cyber information and information systems in order to implement the requirements of applicable laws required to maintain national security and ensure DOE business operations proceed without security events such as interruption or compromise. Cancels DOE N 205.1

  2. Information Security Advisory Committee Report on Committee Activities in 2012-2013 Academic Year

    E-Print Network [OSTI]

    O'Toole, Alice J.

    it is the responsibility of the President and the Chief Information Security Officer (CISO) to ensure that the mandate a list of questions that were posed to the campus CISO on February 22, 2013. Responses to these questions were requested within two weeks. The CISO's responses were received on March 4, 2013. Based on its

  3. University of London International Academy MSc/PG Dip in Information Security

    E-Print Network [OSTI]

    Royal Holloway, University of London

    from the criminal angle and presenting a study of computer crime and the computer criminal. We criminals. Pre-requisites None Essential Reading Cybercrime: The transformation of crime in the Information should be able to: follow trends in computer crime relate computer security methodologies to criminal

  4. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    SciTech Connect (OSTI)

    Robert P. Evans

    2005-09-01T23:59:59.000Z

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was selected from the list of standards identified in the identification effort. The requirements in these seven standards were then compared against the requirements given in the Framework. This comparison identified gaps (requirements not covered) in both the individual industry standards and in the Framework. In addition to the sector-specific standards reviewed, the team compared the requirements in the cross-sector Instrumentation, Systems, and Automation Society (ISA) Technical Reports (TR) 99 -1 and -2 to the Framework requirements. The Framework defines a set of security classes separated into families as functional requirements for control system security. Each standard reviewed was compared to this template of requirements to determine if the standard requirements closely or partially matched these Framework requirements. An analysis of each class of requirements pertaining to each standard reviewed can be found in the comparison results section of this report. Refer to Appendix A, ''Synopsis of Comparison Results'', for a complete graphical representation of the study's findings at a glance. Some of the requirements listed in the Framework are covered by many of the standards, while other requirements are addressed by only a few of the standards. In some cases, the scope of the requirements listed in the standard for a particular industry greatly exceeds the requirements given in the Framework. These additional families of requirements, identified by the various standards bodies, could potentially be added to the Framework. These findings are, in part, due to the maturity both of the security standards themselves and of the different industries current focus on security. In addition, there are differences in how communication and control is used in different industries and the consequences of disruptions via security breaches to each particular industry that could affect how security requirements are prioritized. The differences in the requirements listed in the Framework and in the various industry standards are due, in part, to differences in the level and purpose of the standards. While the requir

  5. Re-Dispatching Generation to Increase Power System Security Margin and Support Low Voltage Bus

    E-Print Network [OSTI]

    dynamic stability, power system reliability, power system scheduling, power system security, power transmission control, power transmission reliability I . INTRODUCTION Power system stability problems cause many stability problems. Between the power system generation pattern and the load pattern

  6. Security tasks are highly interdependent.

    E-Print Network [OSTI]

    Motivation Security tasks are highly interdependent. To improve security tools, we need to understand how security practitioners collaborate in their organizations. Security practitioners in context Exchange of Information Develop security tools that: · Integrate information from different communication

  7. Security-Widefield, Colorado: Energy Resources | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov YouKizildere IRaghuraji Agro Industries Pvt Ltd JumpInformationScotts Corners, New York:YouInformation 4

  8. A Model for Delimited Information Release Andrei Sabelfeld 1

    E-Print Network [OSTI]

    Sabelfeld, Andrei

    Abstract. Much work on security-typed languages lacks a satisfactory account of intentional information, many intuitively secure programs do allow some release, or declassification, of secret information (e security, confidentiality, information flow, nonin- terference, security-type systems, security policies

  9. Evolution of toxicology information systems

    SciTech Connect (OSTI)

    Wassom, J.S.; Lu, P.Y. [Oak Ridge National Laboratory, TN (United States)

    1990-12-31T23:59:59.000Z

    Society today is faced with new health risk situations that have been brought about by recent scientific and technical advances. Federal and state governments are required to assess the many potential health risks to exposed populations from the products (chemicals) and by-products (pollutants) of these advances. Because a sound analysis of any potential health risk should be based on the use of relevant information, it behooves those individuals responsible for making the risk assessments to know where to obtain needed information. This paper reviews the origins of toxicology information systems and explores the specialized information center concept that was proposed in 1963 as a means of providing ready access to scientific and technical information. As a means of illustrating this concept, the operation of one specialized information center (the Environmental Mutagen Information Center at Oak Ridge National Laboratory) will be discussed. Insights into how toxicological information resources came into being, their design and makeup, will be of value to those seeking to acquire information for risk assessment purposes. 7 refs., 1 fig., 4 tabs.

  10. Gerry McCartney Vice President for Information

    E-Print Network [OSTI]

    Hedrick, Chief Information Security Officer, Interim IT Security and Policy Identity & Access Management Information Security Policy & Compliance Information Security Services Brent Drake Chief Data Officer, OfficeGerry McCartney Vice President for Information Technology and System Chief Information Officer

  11. The double-padlock problem: is secure classical information transmission possible without key exchange?

    E-Print Network [OSTI]

    James M. Chappell; Derek Abbott

    2012-12-31T23:59:59.000Z

    The idealized Kish-Sethuraman (KS) cipher is theoretically known to offer perfect security through a classical information channel. However, realization of the protocol is hitherto an open problem, as the required mathematical operators have not been identified in the previous literature. A mechanical analogy of this protocol can be seen as sending a message in a box using two padlocks; one locked by the Sender and the other locked by the Receiver, so that theoretically the message remains secure at all times. We seek a mathematical representation of this process, considering that it would be very unusual if there was a physical process with no mathematical description and indeed we find a solution within a four dimensional Clifford algebra. The significance of finding a mathematical description that describes the protocol, is that it is a possible step toward a physical realization having benefits in increased security with reduced complexity.

  12. The double-padlock problem: is secure classical information transmission possible without key exchange?

    E-Print Network [OSTI]

    Chappell, James M

    2012-01-01T23:59:59.000Z

    The idealized Kish-Sethuraman (KS) cipher is known to offer perfect information theoretical security with classical physical means. However, realization of the protocol is hitherto an open problem, as the required mathematical operators have not been identified in the previous literature. A mechanical analogy of this protocol can be seen as sending a message in a box using two padlocks; one locked by the Sender and the other locked by the Receiver, so that theoretically the message remains secure at all times. We seek a mathematical representation of this process, considering that it would be very unusual if there was a physical process with no mathematical description and indeed we find a solution within a three and four dimensional Clifford algebra. The significance of finding a mathematical description that describes the protocol, is that it is a possible step toward a classical physical realization having benefits in increased security with reduced complexity.

  13. Database Security: A Historical Perspective

    E-Print Network [OSTI]

    Lesov, Paul

    2010-01-01T23:59:59.000Z

    The importance of security in database research has greatly increased over the years as most of critical functionality of the business and military enterprises became digitized. Database is an integral part of any information system and they often hold sensitive data. The security of the data depends on physical security, OS security and DBMS security. Database security can be compromised by obtaining sensitive data, changing data or degrading availability of the database. Over the last 30 years the information technology environment have gone through many changes of evolution and the database research community have tried to stay a step ahead of the upcoming threats to the database security. The database research community has thoughts about these issues long before they were address by the implementations. This paper will examine the different topics pertaining to database security and see the adaption of the research to the changing environment. Some short term database research trends will be ascertained ...

  14. Cyber Security Incident Management Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08T23:59:59.000Z

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. No cancellations.

  15. Cyber Security Incident Management Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08T23:59:59.000Z

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. No cancellations. Admin Chg 1 dated 9-1-09.

  16. TVMDL Procedures TVMDL Procedure 29.01.03.V1.01 Information Security and Computer Use Page 1 of 27

    E-Print Network [OSTI]

    TVMDL Procedures TVMDL Procedure 29.01.03.V1.01 Information Security and Computer Use Page 1 of 27 29.01.03.V1.01 INFORMATION SECURITY, COMPUTER USE AND SOFTWARE INSTALLATION/USE Approved: May 10.01.04 PROCEDURE STATEMENT This procedure establishes information resources security and management guidelines

  17. Modeling and simulation for cyber-physical system security research, development and applications.

    SciTech Connect (OSTI)

    Pollock, Guylaine M.; Atkins, William Dee; Schwartz, Moses Daniel; Chavez, Adrian R.; Urrea, Jorge Mario; Pattengale, Nicholas; McDonald, Michael James; Cassidy, Regis H.; Halbgewachs, Ronald D.; Richardson, Bryan T.; Mulder, John C.

    2010-02-01T23:59:59.000Z

    This paper describes a new hybrid modeling and simulation architecture developed at Sandia for understanding and developing protections against and mitigations for cyber threats upon control systems. It first outlines the challenges to PCS security that can be addressed using these technologies. The paper then describes Virtual Control System Environments (VCSE) that use this approach and briefly discusses security research that Sandia has performed using VCSE. It closes with recommendations to the control systems security community for applying this valuable technology.

  18. EcoSecurities India Ltd | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page onYou are now leaving Energy.gov You are now leaving Energy.gov You are being directedAnnual SiteofEvaluating A Potential MicrohydroDistrictInformationEauEcoMotors Jump

  19. Technical Report Laboratory of Cryptography and System Security (CrySyS)

    E-Print Network [OSTI]

    Bencsáth, Boldizsár

    Technical Report by Laboratory of Cryptography and System Security (CrySyS) http ................................................................................................35 10. Comparison of cmi4432.sys and jminet7.sys

  20. An Equal Opportunity Employer / Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA Los Alamos National Security, LLC Request for Information on how industry may partner with the

    E-Print Network [OSTI]

    .S. Department of Energy's NNSA Los Alamos National Security, LLC Request for Information on how industry may Employer / Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA scaling

  1. Information Systems Host: Sanjeev Dewan

    E-Print Network [OSTI]

    Loudon, Catherine

    Ghose is an Associate Professor of Information, Operations, and Management Sciences and the Robert L by its shared technology infrastructure. He has worked on product reviews, reputation and rating systems, sponsored search advertising, mobile commerce, mobile apps, mobile ads, crowd funding, and online markets

  2. Quality Assurance forQuality Assurance for Security-Critical SystemsSecurity-Critical Systems

    E-Print Network [OSTI]

    Jurjens, Jan

    Munich Extensive collaboration with industry (BMW,Extensive collaboration with industry (BMW, Hypo (rather than breaking) them.breaking) them. Assumptions on system context, physical environment.Assumptions on system context, physical environment. Attacker may use unintended/unnoticed functionalityAttacker may

  3. Using Operational Security (OPSEC) to Support a Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Using Operational Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments Using Operational Security (OPSEC) to Support a Cyber Security Culture in...

  4. FIPS PUB 188 Federal Information

    E-Print Network [OSTI]

    OF COMMERCE / National Institute of Standards and Technology Standard Security Label for Information Transfer Computer Systems Laboratory Abstract Information Transfer security labels convey information used with semantics provided by the authority establishing the security policy for the protection of the information

  5. Decision Support for Systems Security Investment Yolanta Beresnevichiene, David Pym, Simon Shiu

    E-Print Network [OSTI]

    Pym, David J.

    to the security of their confidential information. An organization's CISO must determine an appropriate policy of CISO, for example, has grown from being a technical job with responsibility for IT security operations with a characterization of the problem, as presented by the decision-maker (e.g., the client organization's CISO

  6. Correct mutual information, quantum bit error rate and secure transmission efficiency in Wojcik's eavesdropping scheme on ping-pong protocol

    E-Print Network [OSTI]

    Zhanjun Zhang

    2004-02-16T23:59:59.000Z

    The wrong mutual information, quantum bit error rate and secure transmission efficiency in Wojcik's eavesdropping scheme [PRL90(03)157901]on ping-pong protocol have been pointed out and corrected.

  7. Supervisory Control Strategies for Enhancing System Security and Privacy Christoforos N. Hadjicostis

    E-Print Network [OSTI]

    Hadjicostis, Christoforos

    cyber-infrastructures (ranging from defense and banking to health care and power distribution sys- temsSupervisory Control Strategies for Enhancing System Security and Privacy Christoforos N. Hadjicostis Abstract-- Enhancing the security and reliability of auto- mated systems that control vital

  8. Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems

    E-Print Network [OSTI]

    Wang, Yongge

    Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems This paper studies the security requirements for remote authentication and communication in smart grid to smart grid systems. For example, in order to unlock the credentials stored in tamper

  9. Quantum information science and complex quantum systems

    E-Print Network [OSTI]

    Michael A. Nielsen

    2002-10-01T23:59:59.000Z

    What makes quantum information science a science? This paper explores the idea that quantum information science may offer a powerful approach to the study of complex quantum systems.

  10. This report is a part of the College's efforts to provide you with information on security procedures, services, and resources available on

    E-Print Network [OSTI]

    's efforts to provide you with information on security procedures, services, and resources available on our and General Counsel. This report will provide you with information on safety and security in complianceAnnual Security and Fire Safety Report BARNARD COLLEGE 2013 This report is a part of the College

  11. Scandinavian Journal of Information Systems, 2000, 12 211 INFORMATION ABOUT

    E-Print Network [OSTI]

    Bertelsen, Olav W.

    ©Scandinavian Journal of Information Systems, 2000, 12 211 INFORMATION ABOUT THE JOURNAL HOW TO SUBSCRIBE The Scandinavian Journal of Information Systems is published once a year from Volume 10. As from 1998 the journal is administrated by the IRIS Association. All subscribing as individuals will receive

  12. Security of quantum bit string commitment depends on the information measure

    E-Print Network [OSTI]

    Harry Buhrman; Matthias Christandl; Patrick Hayden; Hoi-Kwong Lo; Stephanie Wehner

    2006-11-09T23:59:59.000Z

    Unconditionally secure non-relativistic bit commitment is known to be impossible in both the classical and the quantum world. However, when committing to a string of n bits at once, how far can we stretch the quantum limits? In this letter, we introduce a framework of quantum schemes where Alice commits a string of n bits to Bob, in such a way that she can only cheat on a bits and Bob can learn at most b bits of information before the reveal phase. Our results are two-fold: we show by an explicit construction that in the traditional approach, where the reveal and guess probabilities form the security criteria, no good schemes can exist: a+b is at least n. If, however, we use a more liberal criterion of security, the accessible information, we construct schemes where a=4 log n+O(1) and b=4, which is impossible classically. Our findings significantly extend known no-go results for quantum bit commitment.

  13. Multi-objective Optimization for Pricing System Security in Electricity Markets

    E-Print Network [OSTI]

    Cañizares, Claudio A.

    marginal prices throughout the system. Keywords--Electricity markets, locational marginal prices, maximum1 Multi-objective Optimization for Pricing System Security in Electricity Markets Federico Milano while yielding better market conditions through increased transaction levels and improved locational

  14. Evaluation of power system security and development of transmission pricing method

    E-Print Network [OSTI]

    Kim, Hyungchul

    2004-11-15T23:59:59.000Z

    classifier is also proposed. This method can be useful for system operators to make security decisions during on-line power system operation. This dissertation also suggests an approach for allocating transmission transaction costs based on reliability...

  15. PRIVACY IMPACT ASSESSMENT: SPRO Physical Security Major Application

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Deanna Harvey, Program Analyst Allen Rome, Cyber Security Program Manger Chris Shipp, Information System Security Manager (504) 734-4339 Rick.Shutt@spr.doe.gov (504) 734-4316...

  16. NIST Special Publication 800-47 Security Guide for

    E-Print Network [OSTI]

    for use of the Interconnection Security Agreement (ISA) guidance document and sample ISA, which ...................................................3-2 3.5 Step 5: Document Interconnection AgreementNIST Special Publication 800-47 Security Guide for Interconnecting Information Technology Systems

  17. Information efficiency in hyperspectral imaging systems

    E-Print Network [OSTI]

    Reichenbach, Stephen E.

    Information efficiency in hyperspectral imaging systems Stephen E. Reichenbach University develop a method for assessing the in- formation density and efficiency of hyperspectral imaging systems width can efficiently gather information about a scene by allocating bandwidth among the bands according

  18. August 2005 ADVISING USERS ON INFORMATION TECHNOLOGY

    E-Print Network [OSTI]

    of secure access control to facilities and to information systems. NIST recently developed supplementary the need for better quality and security of the processes for identifying individuals, Homeland Security quality and security of the processes for identifying individuals, Homeland Security Presidential

  19. December 2003 SECURITY CONSIDERATIONS

    E-Print Network [OSTI]

    Perkins, Richard A.

    security early in the information system development life cycle (SDLC), you may be able to avoid higher, with tailoring, to any SDLC model or acquisition method the organization is using. The appendices to the guide.nist.gov/publications/nistpubs/ index.html. The System Development Life Cycle (SDLC) The system development life cycle starts

  20. Geographic Information System At International Geothermal Area...

    Open Energy Info (EERE)

    search GEOTHERMAL ENERGYGeothermal Home Exploration Activity: Geographic Information System At International Geothermal Area, Indonesia (Nash, Et Al., 2002) Exploration...