National Library of Energy BETA

Sample records for information systems security

  1. Recommended Security Controls for Federal Information Systems...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Federal Information Systems and Organizations Note: CNTL NO. Table D2: Security Control Base Lines (Derived From Appendix F) Minimum Requirements: FedRamp Security Controls...

  2. PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM...

  3. USING PERFORMANCE MEASUREMENTS TO EVALUATE AND STRENGTHEN INFORMATION SYSTEM SECURITY

    E-Print Network [OSTI]

    USING PERFORMANCE MEASUREMENTS TO EVALUATE AND STRENGTHEN INFORMATION SYSTEM SECURITY Shirley about the security of information systems for the decision makers of organizations. When organizations to strengthen the overall security of their information and their information systems. Organizations

  4. Information Systems 32 (2007) 11661183 Security Attack Testing (SAT)--testing the security of

    E-Print Network [OSTI]

    2007-01-01

    Information Systems 32 (2007) 1166­1183 Security Attack Testing (SAT)--testing the security have been devoted into integrating security issues into information systems development practices reserved. Keywords: Information systems development methodology; Integrating security and software

  5. Information Systems and Computing/Office of Information Security www.upenn.edu/computing/security security@isc.upenn.edu

    E-Print Network [OSTI]

    Fang-Yen, Christopher

    ". And Penn actually offers a couple of "home grown" cloud services for secure file sharing and transferInformation Systems and Computing/Office of Information Security www.upenn.edu/computing/security security@isc.upenn.edu "phishing"...? Information Systems and Computing/Office of Information Security

  6. Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems

    E-Print Network [OSTI]

    Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems for information systems. Traditionally, security is considered after the definition of the system. However the health sector to military. As the use of Information Systems arises, the demand to secure those systems

  7. PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE...

    Broader source: Energy.gov (indexed) [DOE]

    SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE PIA - INL SECURITY INFORMATION MANAGEMENT SYSTEM BUSINESS ENCLAVE More Documents & Publications PIA - INL Education Programs...

  8. Security Certification & Accreditation of Federal Information Systems A Tutorial

    E-Print Network [OSTI]

    Madisetti, Vijay K.

    Security Certification & Accreditation of Federal Information Systems A Tutorial An Introduction Madisetti, 06/29/2009 Security Certification & Assurance of Federal Information Systems Tutorial Tutorial Outline Objectives & Introduction: C&A Information Security Certification & Accreditation Foundations (as

  9. Classified Automated Information System Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1994-07-15

    To establish uniform requirements, policies, responsibilities, and procedures for the development and implementation of a Department of Energy (DOE) Classified Computer Security Program to ensure the security of classified information in automated data processing (ADP) systems. Cancels DOE O 5637.1. Canceled by DOE O 471.2.

  10. Security Controls for Unclassified Information Systems Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-05

    The Manual establishes minimum implementation standards for cyber security technical, management, and operational controls that will be followed in all information systems operated by DOE and the information systems. Admin Chg 1 dated 9-1-09. Canceled by DOE O 205.1B.

  11. Security Controls for Unclassified Information Systems Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-05

    The Manual establishes minimum implementation standards for cyber security technical, management, and operational controls that will be followed in all information systems operated by DOE and the information systems. Does not cancel other directives. Canceled by DOE O 205.1B

  12. Security Controls for Unclassified Information Systems Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-05

    The Manual establishes minimum implementation standards for cyber security technical, management, and operational controls that will be followed in all information systems operated by DOE and the information systems. Admin Chg 1 dated 9-1-09; Admin Chg 2 dated 12-22-09. Canceled by DOE O 205.1B.

  13. Classified Information Systems Security Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1999-08-03

    This Manual provides requirements and implementation instructions for the graded protection of the confidentiality, integrity, and availability of information processed on all automated information systems used to collect, create, process, transmit, store, and disseminate classified information by, or on behalf of, the Department of Energy (DOE). DOE N 205.4 cancels Chapter III section 8, Incident Reporting, and DOE N 205.3 cancels Chapter VI, paragraph 4j(2), 4j(6); and Chapter VII, paragraph 12a(2)(a). Cancels: DOE M 5639.6A-1. Canceled by DOE M 205.1-4.

  14. ISMS for Microsoft's Cloud Infrastructure 1 Information Security Management System

    E-Print Network [OSTI]

    Chaudhuri, Surajit

    ISMS for Microsoft's Cloud Infrastructure 1 Information Security Management System for Microsoft's Cloud Infrastructure Online Services Security and Compliance Executive summary This paper describes the Microsoft Cloud Infrastructure and Operations (MCIO) Information Security Management System (ISMS) program

  15. Electronic DOE Information Security System (eDISS) PIA, Office...

    Energy Savers [EERE]

    Electronic DOE Information Security System (eDISS) PIA, Office of Health Safety and Security Electronic DOE Information Security System (eDISS) PIA, Office of Health Safety and...

  16. Cloud Computing Security in Business Information Systems

    E-Print Network [OSTI]

    Ristov, Sasko; Kostoska, Magdalena

    2012-01-01

    Cloud computing providers' and customers' services are not only exposed to existing security risks, but, due to multi-tenancy, outsourcing the application and data, and virtualization, they are exposed to the emergent, as well. Therefore, both the cloud providers and customers must establish information security system and trustworthiness each other, as well as end users. In this paper we analyze main international and industrial standards targeting information security and their conformity with cloud computing security challenges. We evaluate that almost all main cloud service providers (CSPs) are ISO 27001:2005 certified, at minimum. As a result, we propose an extension to the ISO 27001:2005 standard with new control objective about virtualization, to retain generic, regardless of company's type, size and nature, that is, to be applicable for cloud systems, as well, where virtualization is its baseline. We also define a quantitative metric and evaluate the importance factor of ISO 27001:2005 control objecti...

  17. The Center for Information Systems Security Studies and

    E-Print Network [OSTI]

    The Center for Information Systems Security Studies and Research (CISR) has created the ISSE) and the Department of Homeland Security (DHS) have designated NPS as a Center of Academic Excellence in Information developments where cyber security is a concern. Information Systems Security Engineering (ISSE) Certificate

  18. Information Security and Computer Systems: An Integrated Approach

    E-Print Network [OSTI]

    Holliday, Mark A.

    Information Security and Computer Systems: An Integrated Approach Mark A. Holliday Dept in information security that build upon concepts the students will already have seen in their computer systems this integrated approach to information security and computer systems. Categories and Subject Descriptors D.4

  19. When security meets software engineering: A case of modelling secure information systems

    E-Print Network [OSTI]

    When security meets software engineering: A case of modelling secure information systems Engineering: towards the Modeling of Secure Information Systems" paper presented at the 15th International. This is mainly because private information is stored in computer systems and without security, organisations (and

  20. Grid Information Security Functional Requirement - Fulfilling Information Security of a Smart Grid System

    E-Print Network [OSTI]

    Ling, Amy Poh Ai; 10.5121/ijgca.2011.2201

    2011-01-01

    This paper describes the background of smart information infrastructure and the needs for smart grid information security. It introduces the conceptual analysis to the methodology with the application of hermeneutic circle and information security functional requirement identification. Information security for the grid market cover matters includes automation and communications industry that affects the operation of electric power systems and the functioning of the utilities that manage them and its awareness of this information infrastructure has become critical to the reliability of the power system. Community benefits from of cost savings, flexibility and deployment along with the establishment of wireless communications. However, concern revolves around the security protections for easily accessible devices such as the smart meter and the related communications hardware. On the other hand, the changing points between traditional versus smart grid networking trend and the information security importance on...

  1. SELECTING INFORMATION TECHNOLOGY SECURITY

    E-Print Network [OSTI]

    April 2004 SELECTING INFORMATION TECHNOLOGY SECURITY PRODUCTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Information technology security prod ucts are essential to better secure infor mation technology (IT) systems

  2. information security

    E-Print Network [OSTI]

    Faculty listing for "information security" ... 1167; Phone: +1 765 49-46022; Email: wagstaff@purdue.edu; Research Interests: number theory, information security.

  3. Guideline for Identifying an Information System as a National Security System

    E-Print Network [OSTI]

    Guideline for Identifying an Information System as a National Security System NIST Special Publication 800-59 Guideline for Identifying an Information System as a National Security System William C;Guideline for Identifying an Information System as a National Security System Reports on Computer Systems

  4. Selection of Model in Developing Information Security Criteria for Smart Grid Security System

    E-Print Network [OSTI]

    Ling, Amy Poh Ai

    2011-01-01

    At present, the "Smart Grid" has emerged as one of the best advanced energy supply chains. This paper looks into the security system of smart grid via the smart planet system. The scope focused on information security criteria that impact on consumer trust and satisfaction. The importance of information security criteria is perceived as the main aspect to impact on customer trust throughout the entire smart grid system. On one hand, this paper also focuses on the selection of the model for developing information security criteria on a smart grid.

  5. The Benefits of Student Research in Information Systems Security Education

    E-Print Network [OSTI]

    for Information Systems Security Studies and Research Code CSIc Naval Postgraduate School Monterey, CA 93943 for the younger students. For example, in fourth grade I painted some cardboard boxes to look like houses

  6. Certification and Accreditation Process for Information Systems Including National Security Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19

    The Notice ensures the effectiveness of security controls on DOE Federal information systems including national security systems. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, and protect DOE information and information systems from unauthorized access, use, disclosure, modification, or destruction. No cancellations. DOE N 205.15, dated 3-18-05, extends this directive until 3-18-06.

  7. Manual of Security Requirements for the Classified Automated Information System Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1994-07-15

    This Manual provides specific instructions and delineates the requirements to ensure the graded security of classified information entrusted to the Department of Energy (DOE) that is processed, stored, transferred, or accessed on Automated Information Systems (AISs) and AIS networks. Canceled by DOE M 471.2-2.

  8. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-20

    The protection and control of classified information is critical to our nation’s security. This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Cancels DOE M 470.4-4A Chg except for Section D.

  9. 1 8th of january 2014 CNRS Information System Security Charter

    E-Print Network [OSTI]

    Jeanjean, Louis

    1 8th of january 2014 CNRS Information System Security Charter This charter, annexed or availability. Any breach of rules governing information systems security is indeed likely to have significant or the scientific and technical potential). The User makes a contribution to information system security. As such

  10. List of Major Information Systems,National Nuclear Security Administra...

    Broader source: Energy.gov (indexed) [DOE]

    emerging information networking technology to production processes in support of the U.S. nuclear weapons stockpile. National Nuclear Security Administration ADaPT Network...

  11. INFORMATION SECURITY University Policy No: IM7800

    E-Print Network [OSTI]

    Victoria, University of

    Page 1 INFORMATION SECURITY POLICY University Policy No: IM7800 Classification: Information to an Information Security Incident Procedures for Addressing Security Vulnerabilities of University Information Resources and Information Systems University Information Security Classification Procedures Procedures

  12. REVISED CATALOG OF SECURITY CONTROLS FOR FEDERAL INFORMATION SYSTEMS AND ORGANIZATIONS: FOR USE IN BOTH

    E-Print Network [OSTI]

    REVISED CATALOG OF SECURITY CONTROLS FOR FEDERAL INFORMATION SYSTEMS AND ORGANIZATIONS: FOR USE and expanded its catalog of security controls to help organizations protect their information and information, the revised catalog brings together, for the first time, comprehensive information about security controls

  13. Information Security Advisory Information Security, Computing and Information Services

    E-Print Network [OSTI]

    Qiu, Weigang

    Information Security Advisory Information Security, Computing and Information Services security's IT Security Procedures require that non-public University information, including social security numbers and professional information in a secure and appropriate manner. #12;

  14. A Virtual Environment for Interactive Visualization of Power System Economic and Security Information

    E-Print Network [OSTI]

    visualization of power system economic and security information. Keywords: Power System Economics, SecurityA Virtual Environment for Interactive Visualization of Power System Economic and Security Information Thomas J. Overbye Raymond P. Klump Jamie D. Weber Senior Member Member Student Member University

  15. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-20

    The protection and control of classified information is critical to our nation’s security. This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. Cancels DOE M 470.4-4A Chg except for Section D. Admin Chg 1, dated 11-23-2012, cancels DOE O 471.6. Canceled by Admin Chg 2 dated 5-15-15.

  16. Faculty Information Security Guide

    E-Print Network [OSTI]

    Faculty Information Security Guide Dartmouth Your information is vitally important to your teaching protect your information. THE DARTMOUTH INFORMATION SECURITY COMMITTEE The Dartmouth Information Security Committee (DISC) meets monthly to assess vulnerabilities of information security, and to develop and revise

  17. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-06-29

    Establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Section E, Technical Surveillance Countermeasures Program, is Official Use Only. Please contact the DOE Office of Health, Safety and Security at 301-903-0292 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A

  18. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2005-08-26

    This Manual establishes security requirements for the protection and control of information and matter required to be classified or controlled by statutes, regulations, or Department of Energy directives. Attachment E, Technical Surveillance Countermeasures Program, is for Official Use Only. Contact the Office of Security and Safety Performance Assurance at 301-903-3653 if your official duties require you to have access to this part of the directive. Cancels: DOE M 471.2-1B, DOE M 471.2-1C, DOE M 471.2-4, and DOE O 471.2A.

  19. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1992-10-19

    To establish the Department of Energy (DOE) Information Security Program and set forth policies, procedures and responsibilities for the protection and control of classified and sensitive information. The Information Security Program is a system of elements which serve to deter collection activities, This directive does not cancel another directive. Canceled by DOE O 471.2 of 9-28-1995.

  20. Information Security

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2011-06-29

    This Order establishes requirements and responsibilities for Department of Energy (DOE) Departmental Elements, including the National Nuclear Security Administration (NNSA), to protect and control classified information as required by statutes, regulation, Executive Orders, government-wide policy directives and guidelines, and DOE policy and directives. (The original DOE O 471.6 canceled DOE M 470.4-4A, except for Section D). Admin Chg 2, dated 5-15-15, supersedes Admin Chg 1. Certified 5-21-2015.

  1. Proceedings of the 13th Colloquium for Information Systems Security Education

    E-Print Network [OSTI]

    O'Leary, Michael

    Proceedings of the 13th Colloquium for Information Systems Security Education Seattle, WA June 1: it is bad code. This perspective on computer security education informs the design of our new approach, computer security education is often relegated to a secondary role in undergraduate curricula. Exposure

  2. Using Trust-Based Information Aggregation for Predicting Security Level of Systems

    E-Print Network [OSTI]

    Ray, Indrakshi

    Using Trust-Based Information Aggregation for Predicting Security Level of Systems Siv Hilde Houmb1 level of a security solution using information sources who are trusted to varying degrees. We show how}@cs.colostate.edu Abstract. Sometimes developers must design innovative security solutions that have a rapid development

  3. Using Trust-Based Information Aggregation for Predicting Security Level of Systems

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Using Trust-Based Information Aggregation for Predicting Security Level of Systems Siv Hilde Houmb1 level of a security solution using information sources who are trusted to varying degrees. We show how.colostate.edu Abstract. Sometimes developers must design innovative security solutions that have a rapid development

  4. Toward a Security Domain Model for Static Analysis and Verification of Information Systems

    E-Print Network [OSTI]

    Toward a Security Domain Model for Static Analysis and Verification of Information Systems Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin Computer Science Department Naval Postgraduate School

  5. A. Name: Information Systems Security Incident Response Policy B. Number: 20070103-secincidentresp

    E-Print Network [OSTI]

    George, Edward I.

    Page 1 I. Title A. Name: Information Systems Security Incident Response Policy B. Number: 20070103 and Responsibility Information Systems and Computing is responsible for the operation of Penn's data networks (Penn-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer

  6. Information Security: Coordination of Federal Cyber Security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Information Security: Coordination of Federal Cyber Security Research and Development Information Security: Coordination of Federal Cyber Security Research and Development GAO...

  7. Information System Security Critical Elements Please note that prior to including this language in the performance plans of employees covered by

    E-Print Network [OSTI]

    Information System Security Critical Elements Please note that prior to including this language fulfilled. Stand-Alone Critical Elements Senior Agency Information Security Officer/Chief Information Security Officer/ Information Technology Security Officer Critical Element and Objective · Senior Agency

  8. Information Technology Security Assessment Framework

    E-Print Network [OSTI]

    Federal Information Technology Security Assessment Framework November 28, 2000 Prepared (NIST) Computer Security Division #12;Overview Information and the systems that process it are among and maintain a program to adequately secure its information and system assets. Agency programs must: 1) assure

  9. Information Security: Coordination of Federal Cyber Security...

    Office of Environmental Management (EM)

    Security: Coordination of Federal Cyber Security Research and Development Information Security: Coordination of Federal Cyber Security Research and Development GAO recommends that...

  10. MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY

    E-Print Network [OSTI]

    MANAGING THE CONFIGURATION OF INFORMATION SYSTEMS WITH A FOCUS ON SECURITY Shirley Radack, Editor U.S. Department of Commerce Organizations have to make frequent changes to their information systems result in adjustments being made to the configuration of information systems; these activities could have

  11. Proceedings of the 13th Colloquium for Information Systems Security Education

    E-Print Network [OSTI]

    O'Leary, Michael

    Proceedings of the 13th Colloquium for Information Systems Security Education Seattle, WA June 1 Zenebe: Department of Management Information Systems,Bowie State University,14000 Jericho Park Road - 3, 2009 ISBN 1-933510-96-7/$15.00 2009 CISSE Abstract ­ The Maryland Alliance for Information

  12. An Information Systems Security Risk Assessment Model Under Dempster- Schafer Theory of Belief Functions

    E-Print Network [OSTI]

    Sun, Lili; Srivastava, Rajendra P.; Mock, Theodore J.

    2006-01-01

    This study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions...

  13. Information Security Advisory Information Security, Computing and Information Services

    E-Print Network [OSTI]

    Qiu, Weigang

    Information Security Advisory Information Security, Computing and Information Services security.cuny.edu Published: November 2014 Holiday Season Phishing Scams and Malware Campaigns CUNY/CIS Information Security.cuny.edu under "CUNY Issued Security Advisories" Visit the Federal Trade Commission's Consumer Information page

  14. Information Security for Libraries (1) INFORMATION SECURITY FOR LIBRARIES

    E-Print Network [OSTI]

    Newby, Gregory B.

    Information Security for Libraries (1) INFORMATION SECURITY FOR LIBRARIES Gregory B. Newby School an active role in information security. INTRODUCTION By most accounts, the proliferation of the Internet of information security, making concrete recommendations for safeguarding information and information access

  15. Information Security Group IY5512 Computer Security

    E-Print Network [OSTI]

    Mitchell, Chris

    Information Security Group IY5512 Computer Security Part 7b: Windows securityPart 7b: Windows security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security Group) of Windows machines. 2 Information Security Group Objectives II · Focus on Active Directory, authentication

  16. Secure Core Contact Information

    E-Print Network [OSTI]

    Secure Core Contact Information C. E. Irvine irvine@nps.edu 831-656-2461 Department of Computer for the secure management of local and/or remote information in multiple contexts. The SecureCore project Science Graduate School of Operations and Information Sciences www.cisr.nps.edu Project Description

  17. Information Security Guide

    E-Print Network [OSTI]

    Information Security Guide For Government Executives Pauline Bowen Elizabeth Chew Joan Hash #12; Table of Contents Introduction 1 Why do I need to invest in information security? 2 Where do I need to focus my attention in accomplishing critical information security goals? 4 What are the key activities

  18. Security classification of information

    SciTech Connect (OSTI)

    Quist, A.S.

    1993-04-01

    This document is the second of a planned four-volume work that comprehensively discusses the security classification of information. The main focus of Volume 2 is on the principles for classification of information. Included herein are descriptions of the two major types of information that governments classify for national security reasons (subjective and objective information), guidance to use when determining whether information under consideration for classification is controlled by the government (a necessary requirement for classification to be effective), information disclosure risks and benefits (the benefits and costs of classification), standards to use when balancing information disclosure risks and benefits, guidance for assigning classification levels (Top Secret, Secret, or Confidential) to classified information, guidance for determining how long information should be classified (classification duration), classification of associations of information, classification of compilations of information, and principles for declassifying and downgrading information. Rules or principles of certain areas of our legal system (e.g., trade secret law) are sometimes mentioned to .provide added support to some of those classification principles.

  19. Cyber Security Requirements for Wireless Devices and Information Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-11

    The Notice establishes DOE policy requirements and responsibilities for using wireless networks and devices within DOE and implements the requirements of DOE 0 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, including requirements for cyber resource protection, risk management, program evaluation, and cyber security plan development and maintenance. No cancellation. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06.

  20. University of Aberdeen Information Security Policy

    E-Print Network [OSTI]

    Levi, Ran

    University of Aberdeen Information Security Policy December 2007 #12;1 INTRODUCTION 1.1 WHAT IS INFORMATION SECURITY AND WHY DO WE NEED TO THINK ABOUT IT? 1.1.1 Information Security is the practice of Information Security includes: Systems being unavailable Bad publicity and embarrassment Fraud

  1. Office of Information Security

    Broader source: Energy.gov [DOE]

    The Office of Information Security is responsible for implementation of the Classified Matter Protection and Control Program (CMPC), the Operations Security Program (OPSEC) and the Facility Clearance Program and the Survey Program for Headquarters

  2. SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY

    E-Print Network [OSTI]

    SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National and to protect their systems and information from security threats and risks. There have been many past efforts

  3. Terms of Reference Information Security Group

    E-Print Network [OSTI]

    Haase, Markus

    Terms of Reference Information Security Group Version 3.1 8 March 2011 © University of Leeds 2011 Security Group Information Security Management 3.1 (8/3/11) Page 2 of 4 Document Control Owner: Kevin Darley, IT Security Co-ordinator, Information Systems Services, University of Leeds Source Location: V

  4. HR System Access Request Form Security Administration, Human Resources (HR) For additional instructions and information, log onto http://hr.vanderbilt.edu/security/

    E-Print Network [OSTI]

    Simaan, Nabil

    instructions and information, log onto http://hr.vanderbilt.edu/security/ Home Department VUnet IDHR EmployeeHR System Access Request Form Security Administration, Human Resources (HR) For additional ID Name Email AddressWork Phone Home Dept Name Effective Date of Access Operator Information I

  5. CPSC 601.xx: Information Systems Security Analysis Statement of Ethical Considerations

    E-Print Network [OSTI]

    Locasto, Michael E.

    permission and informed consent of the system's owner. Ethical Hacking Principles Hacking is, unfortunately misuse of the special skills they possess. Similarly, hacking is a special technological skill that can the term "hacking" to refer to the skill to question security and trust assumptions expressed in software

  6. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1997-03-27

    Establishes an Information Security Program for the protection and control of classified and sensitive information. Extended until 5-11-06 by DOE N 251.63, dated 5-11-05. DOE O 471.2A, Information Security Program, dated 3/27/1997, extended by DOE N 251.57, dated 4/28/2004. Cancels: DOE O 471.2

  7. INFORMATION SECURITY POLICY.doc INFORMATION SECURITY POLICY

    E-Print Network [OSTI]

    Subramanian, Sriram

    - 1 ­ INFORMATION SECURITY POLICY.doc INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable ­ INFORMATION SECURITY POLICY.doc Introduction Why Information Security? The access, availability

  8. Electronic DOE Information Security System (eDISS) PIA, Office...

    Broader source: Energy.gov (indexed) [DOE]

    Safety Management Workshop Registration, PIA, Idaho National Laboratory Occupational Medicine - Assistant PIA, Idaho National Laboratory Occupational Injury & Illness System...

  9. Security Requirements for Remote Access to DOE and Applicable Contractor Information Technology Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2004-02-19

    The Notice establishes DOE policy requirements and responsibilities for remote connections to DOE and contractor information technology systems. The Notice will also ensure compliance with the requirements of DOE O 205.1, Department of Energy Cyber Security Management Program, dated 3-21-03, to protect DOE information and information technology systems commensurate with the risk and magnitude of harm that could result from their unauthorized access, use, disclosure, modification or destruction. DOE N 205.15, dated 3/18/05, extends this directive until 3/18/06. No cancellations.

  10. The theory of diversity and redundancy in information system security : LDRD final report.

    SciTech Connect (OSTI)

    Mayo, Jackson R. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Torgerson, Mark Dolan; Walker, Andrea Mae; Armstrong, Robert C. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Allan, Benjamin A. (Sandia National Laboratories, Livermore, CA) [Sandia National Laboratories, Livermore, CA; Pierson, Lyndon George

    2010-10-01

    The goal of this research was to explore first principles associated with mixing of diverse implementations in a redundant fashion to increase the security and/or reliability of information systems. Inspired by basic results in computer science on the undecidable behavior of programs and by previous work on fault tolerance in hardware and software, we have investigated the problem and solution space for addressing potentially unknown and unknowable vulnerabilities via ensembles of implementations. We have obtained theoretical results on the degree of security and reliability benefits from particular diverse system designs, and mapped promising approaches for generating and measuring diversity. We have also empirically studied some vulnerabilities in common implementations of the Linux operating system and demonstrated the potential for diversity to mitigate these vulnerabilities. Our results provide foundational insights for further research on diversity and redundancy approaches for information systems.

  11. Zicom Electronic Security Systems Ltd | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on QA:QA J-E-1 SECTION J APPENDIX E LIST OFAMERICA'SHeavyAgencyTendo NewYanbu, Saudi Arabia:InformationZicom

  12. National Security System Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2007-03-08

    The manual provides baseline requirements and controls for the graded protection of the confidentiality, integrity, and availability of classified information and information systems used or operated by the Department of Energy (DOE), contractors, and any other organization on behalf of DOE, including the National Nuclear Security Administration. Cancels DOE M 471.2-2. Canceled by DOE O 205.1B.

  13. The use of information technology security assessment criteria to protect specialized computer systems

    SciTech Connect (OSTI)

    Lykov, V.A.; Shein, A.V.; Piskarev, A.S.; Devaney, D.M.; Melton, R.B.; Hunteman, W.J.; Prommel, J.M.; Rothfuss, J.S.

    1997-10-01

    The purpose of this paper is to discuss the information security assessment criteria used in Russia and compare it with that used in the United States. The computer system security assessment criteria utilized by the State Technical Commission of Russia and similar criteria utilized by the US Department of Defense (TCSEC) are intended for the development and implementation of proven methods for achieving a required level of information security. These criteria are utilized, first and foremost, when conducting certification assessments of general purpose systems. The Russian Federation is creating specialized systems for nuclear material control and accountancy (MC and A) within the framework of the international laboratory-to-laboratory collaboration. Depending on the conditions in which the MC and A system is intended to operate, some of the criteria and the attendant certification requirements may exceed those established or may overlap the requirements established for attestation of such systems. In this regard it is possible to modify the certification and attestation requirements depending on the conditions in which a system will operate in order to achieve the ultimate goal--implementation of the systems in the industry.

  14. AT&TSecurity Consulting Information Assurance Federal Information Security

    E-Print Network [OSTI]

    Fisher, Kathleen

    AT&TSecurity Consulting Information Assurance ­ Federal Information Security Management Act (FISMA requirements under the Federal Information Security Management Act of 2002, of general support systems the security controls for the information system. The AT&T Consulting methodology is based on National

  15. Information Security 26:198:643:01

    E-Print Network [OSTI]

    Lin, Xiaodong

    Information Security 26:198:643:01 Spring 2012 Rutgers University M 2:30-5:20pm, 1WP-534 Panagiotis and interconnecting networks, raising demands for security measures to protect the information and relevant systems, students will learn the theoretical advancements in information security, state-of-the- art techniques

  16. Start your information security planning here!

    E-Print Network [OSTI]

    Magee, Joseph W.

    Start your information security planning here! Save the Date July 15, 2008 8:30 am ­ 12:30 pm-technology crimes. For additional information, visit http://csrc.nist.gov/secure iz/b or contact: securebiz developed a workshop to help the small business owner increase information system security. Learn how

  17. ITS Identity & Information Security Information Security Program Date 10-02-2013 Page 1

    E-Print Network [OSTI]

    Su, Xiao

    ITS Identity & Information Security Information Security Program Date 10-02-2013 Page 1 Information................................................................................................................................................................................3 Information Security Policy...............................................................................................................................................4 Information Security Policy Management

  18. CMAD IV 11/14/96 Information Security

    E-Print Network [OSTI]

    California at Davis, University of

    CMAD IV 11/14/96 Information Security and the Electric Power Industry Ab Kader Ron Skelton Electric;CMAD IV 11/14/96 EPRI Security Initiatives · Information Security Workshop ­ Utility Security Survey (MIS Training) · Information Security Applications ­ Power System Security (LANL) ­ Residential

  19. Information Security Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1995-09-28

    Establishes an Information Security Program for the protection and control of classified and sensitive information. Cancels DOE 5630.8A, DOE 5639.1, DOE 5639.5, DOE 5639.6A, DOE 5639.7, DOE M 5632.1C-1, Chapter III, Para. 1, 2, and 4-9

  20. T-582: RSA systems has resulted in certain information being extracted from RSA systems that relates to RSA SecurID

    Broader source: Energy.gov [DOE]

    RSA investigation has revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is related to RSA's SecurID two-factor authentication products.

  1. Enterprise Information Security Management Framework [EISMF

    E-Print Network [OSTI]

    Sharma, Dhirendra, S.M. Massachusetts Institute of Technology

    2011-01-01

    There are several technological solutions available in the market to help organizations with information security breach detection and prevention such as intrusion detection and prevention systems, antivirus software, ...

  2. On The Security of Mobile Cockpit Information Systems Devin Lundberg, Brown Farinholt, Edward Sullivan, Ryan Mast,

    E-Print Network [OSTI]

    Snoeren, Alex

    expanded to include live data such as weather and traffic information that is used to make flight decisions, information kiosks, home automation controls, and so on--our expectations of security and reliability information services supported by the receiver, the display may also include a graphical weather overlay (FIS

  3. To appear in ACM Transactions on Information and System Security, ACM, 2004. An extended abstract of this paper appeared in Ninth ACM Conference on Computer and Communications

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    To appear in ACM Transactions on Information and System Security, ACM, 2004. An extended abstract of this paper appeared in Ninth ACM Conference on Computer and Communications Security, ACM, 2002. Breaking

  4. Security system signal supervision

    SciTech Connect (OSTI)

    Chritton, M.R. (BE, Inc., Barnwell, SC (United States)); Matter, J.C. (Sandia National Labs., Albuquerque, NM (United States))

    1991-09-01

    This purpose of this NUREG is to present technical information that should be useful to NRC licensees for understanding and applying line supervision techniques to security communication links. A review of security communication links is followed by detailed discussions of link physical protection and DC/AC static supervision and dynamic supervision techniques. Material is also presented on security for atmospheric transmission and video line supervision. A glossary of security communication line supervision terms is appended. 16 figs.

  5. RISK MANAGEMENT FRAMEWORK: HELPING ORGANIZATIONS IMPLEMENT EFFECTIVE INFORMATION SECURITY PROGRAMS

    E-Print Network [OSTI]

    RISK MANAGEMENT FRAMEWORK: HELPING ORGANIZATIONS IMPLEMENT EFFECTIVE INFORMATION SECURITY PROGRAMS of Standards and Technology The management of risks to information technology (IT) systems is a fundamental component of every organization's information security program. An effective risk management process enables

  6. IY5512: Part 1 Information Security Group

    E-Print Network [OSTI]

    Mitchell, Chris

    IY5512: Part 1 1 Information Security Group IY5512 Computer Security Part 1: Introduction to computer security Chris Mitchell me@chrismitchell.net http://www.chrismitchell.net 1 Information Security) ... 2 Information Security Group Agenda · Overview · Security goals · Security approaches ­ prevention

  7. GAANN -Computer Systems Security GAANN Computer Systems Security

    E-Print Network [OSTI]

    Alpay, S. Pamir

    GAANN - Computer Systems Security GAANN ­ Computer Systems Security · What is computer systems security? ­ The protection of all aspects of a computer system from unauthorized use · Why is it important is critical October 7, 2009 GAANN ­ Computer Systems Security 1 #12;GAANN - Computer Systems Security

  8. Information Security Governance: When Compliance Becomes more Important than Security

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Information Security Governance: When Compliance Becomes more Important than Security Terence Tan1 information security must adapt to changing conditions by extending security governance to middle management for implementing information security are more interested in complying with organizational standards and policies

  9. Faculty Information Security Guide

    E-Print Network [OSTI]

    Myers, Lawrence C.

    society. www.ists.dartmouth.edu THE DARTMOUTH CYBER SECURITY INITIATIVE The Dartmouth Cyber Security, TECHNOLOGY, AND SOCIETY THE DARTMOUTH CYBER SECURITY INITIATIVE #12;The number of laptop thefts at Dartmouth, and Society; and the Dartmouth Cyber Security Initiative offer the following solutions: · Whole

  10. Proceedings of Student/Faculty Research Day, CSIS, Pace University, May 6th, 2005 Information Systems Security: a Model for HIPAA Security Compliance

    E-Print Network [OSTI]

    Tappert, Charles

    Systems Security: a Model for HIPAA Security Compliance Kathleen M. Bravo Abstract The healthcare industry are struggling with preparedness. HIPAA security differs from current security measures that organizations have in place in that organizations cannot pick and choose which measures to implement but, instead, must adhere

  11. Security Design and Information Aggregation in Markets

    E-Print Network [OSTI]

    Chen, Yiling

    Security Design and Information Aggregation in Markets Yiling Chen Anthony M. Kwasnica Abstract that information aggregation ability of markets is affected by the security design. Behavior of individual Keywords: Security design; Information aggregation; Information market; Price convergence. 1 Introduction

  12. Towards Secure Information Sharing Models for Community Cyber Security

    E-Print Network [OSTI]

    Sandhu, Ravi

    Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University of Texas at San Antonio #12;Secure Information ­ Security mechanisms such as authentication, cryptography, trusted hardware, etc. #12;Community Cyber

  13. ITL BULLETIN FOR MARCH 2011 MANAGING INFORMATION SECURITY RISK: ORGANIZATION, MISSION

    E-Print Network [OSTI]

    ITL BULLETIN FOR MARCH 2011 MANAGING INFORMATION SECURITY RISK: ORGANIZATION, MISSION AND INFORMATION SYSTEM VIEW Shirley Radack, Editor Computer Security Division Information Technology Laboratory. Managing information security risk is an essential element of the organization's overall risk management

  14. INFORMATION TECHNOLOGY SECURITY SERVICES: HOW TO

    E-Print Network [OSTI]

    Radack, Editor Computer Security Division Information Technology Laboratory National Institute-35, Guide to Information Technology Security Ser vices, Recommendations of the National InstituteJune 2004 INFORMATION TECHNOLOGY SECURITY SERVICES: HOW TO SELECT, IMPLEMENT, AND MANAGE Shirley

  15. IY5512: Part 2 Information Security Group

    E-Print Network [OSTI]

    Mitchell, Chris

    ; ­ introduction to security evaluation criteria. Information Security Group Agenda · Design principles · DesignIY5512: Part 2 1 Information Security Group IY5512 Computer Security Part 2: Design & evaluation · This part of the course covers: ­ fundamental security design principles; ­ a security design methodology

  16. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01

    Analysis of Information Security Games, Proceedings of theon the Economics of Information Security WEIS’, Hanover, NH,on the Economics of Information Security’. Anderson, R. and

  17. The Complexity of Synchronous Notions of Information Flow Security

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    The Complexity of Synchronous Notions of Information Flow Security Franck Cassez1, , Ron van der flow security is concerned with the ability for agents in a system to deduce information about an information flow security policy has proved to be a subtle matter. A substantial literature has developed

  18. A Survey of Interdependent Information Security Games ARON LASZKA1

    E-Print Network [OSTI]

    Bencsáth, Boldizsár

    A A Survey of Interdependent Information Security Games ARON LASZKA1 , MARK FELEGYHAZI1 , LEVENTE by the security-related decisions of others. This interdependence between information system operators and users Information security has traditionally been considered a strategic cat-and-mouse game between the defending

  19. OFFICE OF INFORMATION TECHNOLOGY COMPUTER SECURITY POLICY

    E-Print Network [OSTI]

    Hemmers, Oliver

    OFFICE OF INFORMATION TECHNOLOGY COMPUTER SECURITY POLICY RESPONsmLE ADMINISTRATOR: RESPONsm Manual, Chapter 14: Data and Information Security, Section 4, Information Security Plans ­ Physical%20-%20DATA%20AND%20INFORMATION%20SECURITY.pdf. CONTACTS Refer to the Office of Information Technology

  20. Implementing Information Security and Its Technology: A Line Management Perspective

    E-Print Network [OSTI]

    Barletta, William A.

    2005-01-01

    of an integrated information security and privacy program.An institution's information security program forms thefrom the chief information security officer, chief security

  1. ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy,

    E-Print Network [OSTI]

    Gering, Jon C.

    ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy, Information Access, and University policy and procedures regarding use, privacy and confidentiality of information. University data University (University) functions that are: a) stored on University information systems, b) maintained

  2. NISTIR 7359 Information Security Guide For

    E-Print Network [OSTI]

    is directed to develop cyber security standards, guidelines, and associated methods and techniques. ITLNISTIR 7359 Information Security Guide For Government Executives Pauline Bowen Elizabeth Chew Joan Hash #12;NISTIR 7359 Information Security Guide For Government Executives Pauline Bowen Elizabeth Chew

  3. Finance, IT Operations & Information Security Dear Colleagues,

    E-Print Network [OSTI]

    1 Finance, IT Operations & Information Security Dear Colleagues, It is hard not to be mindful financial institutions or e-commerce organizations. On December 6, SEAS' Information Security Office held some basic security awareness information. More information on how to remain secure during the busy

  4. Security systems engineering overview

    SciTech Connect (OSTI)

    Steele, B.J.

    1996-12-31

    Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, and counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.).

  5. Information Security Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-16

    This Manual establishes security requirements for the protection and control of matter required to be classified or controlled by statutes, regulations, or U.S. Department of Energy directives. Cancels DOE M 470.4-4 Chg 1. DOE M 470.4-4A Chg 1 issued 10-12-10.

  6. Information Security Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2010-10-12

    The Manual establishes security requirements for the protection and control of matter required to be classified or controlled by statutes, regulations, or U.S. Department of Energy (DOE) directives. Original dated dated 1-16-09. Canceled by DOE O 471.6--except for Section D.

  7. Towards Secure Information Sharing Models for Community Cyber Security

    E-Print Network [OSTI]

    Sandhu, Ravi

    Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu Dept. of Computer Science Institute for Cyber Security University of Texas at San Antonio Email: ravi.sandhu@utsa.edu Ram Krishnan Dept. of Electrical and Computer Engineering Institute for Cyber Security University

  8. Smart Grid Information Security (IS) Functional Requirement

    E-Print Network [OSTI]

    Ling, Amy Poh Ai

    2011-01-01

    It is important to implement safe smart grid environment to enhance people's lives and livelihoods. This paper provides information on smart grid IS functional requirement by illustrating some discussion points to the sixteen identified requirements. This paper introduces the smart grid potential hazards that can be referred as a triggering factor to improve the system and security of the entire grid. The background of smart information infrastructure and the needs for smart grid IS is described with the adoption of hermeneutic circle as methodology. Grid information technology and security-s session discusses that grid provides the chance of a simple and transparent access to different information sources. In addition, the transformation between traditional versus smart grid networking trend and the IS importance on the communication field reflects the criticality of grid IS functional requirement identification is introduces. The smart grid IS functional requirements described in this paper are general and ...

  9. Review your system access with your company's Information Security Officer. Access that is not

    E-Print Network [OSTI]

    Jornsten, Rebecka

    . The FBI may be able to help you determine if these contacts pose any risk to you or your company. Change unusual circumstances or noteworthy incidents to your security officer and to the FBI. Notifying the FBI and country threat assessments are available from the FBI upon request. Good security habits will help protect

  10. Information Security Office Risk Management

    E-Print Network [OSTI]

    Alpay, S. Pamir

    Information Security Office Risk Management Exception Template #12;Risk Management Exception or Approved) 6/01/2013 CISO Jason Pufahl, CISO Approved 6/01/2013 RMAC Risk Management Advisory Council Reviewed #12;Risk Management Exception Template 2 | P a g e Please check one of the following: Requester

  11. Information Security Policy Manual Latest Revision: May 16, 2012

    E-Print Network [OSTI]

    Alpay, S. Pamir

    1 Information Security Policy Manual Latest Revision: May 16, 2012 #12;2 Table of Contents Information Security Policy Manual...............................................................................................................................................17 Information Security Glossary

  12. Information Aggregation, Currency Swaps, and the Design of Derivative Securities

    E-Print Network [OSTI]

    Chowdhry, Bhagwan; Grinblatt, Mark

    1997-01-01

    their disparate information and (ii) each security should befor these securities and the information it generates.all information relevant for pricing securities to all

  13. Information Security Specialist | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Information Security Specialist Information Security Specialist Submitted by admin on Sun, 2015-09-13 00:15 Job Summary Organization Name Department Of Energy Agency SubElement...

  14. Control Systems Cyber Security Standards Support Activities

    SciTech Connect (OSTI)

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  15. Cyberspace security system

    DOE Patents [OSTI]

    Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

    2014-06-24

    A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

  16. Privacy and Security Protecting Personal Information

    E-Print Network [OSTI]

    Pedersen, Tom

    Privacy and Security Protecting Personal Information Kim Hart and Bill Trott #12;Privacy Video http and security and apply the principles to your work situation; · Overview of Freedom of Information records with confidential and highly confidential information; · Faculty and staff may have privacy/security

  17. Information Technology Security for Small Business

    E-Print Network [OSTI]

    Magee, Joseph W.

    Information Technology Security for Small Business (video script) Descriptive Text for the Visually symbolic of information technology security and cyber crime. Narration: "No matter how well you protect, "Information Technology Security for Small Business" and "It's not just good business. It's essential business

  18. Finance, IT Operations & Information Security Dear Colleagues,

    E-Print Network [OSTI]

    1 Finance, IT Operations & Information Security Dear Colleagues, As we write the summer issue, with the hire of Indir Advagic, SEAS is launching an Office of Information Security. Besides assessing the general state of information security at SEAS, one of Indir's first tasks will be to revive the cross

  19. Secured Information Flow for Asynchronous Sequential Processes

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    Secured Information Flow for Asynchronous Sequential Processes Isabelle Attali, Denis Caromel for unauthorized information flows. As a final result, all authorized communication paths are secure: no disclosure a new issue in data confidentiality: authorization of secured information flow transiting (by the mean

  20. 06 DEC 2013 1 Information Security Guideline

    E-Print Network [OSTI]

    Queitsch, Christine

    06 DEC 2013 1 Information Security Guideline Definitions can be found in Administrative Policy Statement 2.4, Information Security and Privacy Roles, Responsibilities, and Definitions. 1 Purpose Administrative Policy Statement (APS) 2.6, Information Security Controls and Operational Practices, states

  1. University of Connecticut Information Technology Security

    E-Print Network [OSTI]

    Alpay, S. Pamir

    University of Connecticut Information Technology Security Incident Response Plan #12;- i - Revision requirements for the protection of that information on the University. The University has had security of the University. The Information Technology Security Office has created this Incident Response Plan to assist

  2. Formalizing Information Security Knowledge Stefan Fenz

    E-Print Network [OSTI]

    Formalizing Information Security Knowledge Stefan Fenz Vienna University of Technology Vienna ontology which provides an on- tological structure for information security domain knowl- edge. Besides of the considered organization is incorporated. An evaluation conducted by an information security expert team has

  3. OFFICE of the CHIEF INFORMATION SECURITY OFFICER

    E-Print Network [OSTI]

    Matrajt, Graciela

    OFFICE of the CHIEF INFORMATION SECURITY OFFICER 2013 Information Security and Privacy Annual conversation,The Office of the Chief Information Security Officer (CISO) invites readers to email ciso@uw.edu by May 1st, 2014 with privacy-themed cap- tions for the cartoon on the right.Winning captions

  4. Integrated Security System | Department of Energy

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security System A security platform providing multi-layer intrusion detection and security management for a networked energy control systems architecture Integrated...

  5. Determining Home Range and Preferred Habitat of Feral Horses on the Nevada National Security Site Using Geographic Information Systems

    SciTech Connect (OSTI)

    Burns, Ashley V.

    2014-05-30

    Feral horses (Equus caballus) are free-roaming descendants of domesticated horses and legally protected by the Wild and Free-Roaming Horses and Burros Act of 1971, which mandates how feral horses and burros should be managed and protected on federal lands. Using a geographic information system to determine the home range and suitable habitat of feral horses on the federally managed Nevada National Security Site can enable wildlife biologists in making best management practice recommendations. Home range was estimated at 88.1 square kilometers. Site suitability was calculated for elevation, forage, slope, water presence and horse observations. These variables were combined in successive iterations into one polygon. Suitability rankings established that 85 square kilometers are most suitable habitat, with 2,052 square kilometers of good habitat 1,252 square kilometers of fair habitat and 122 square kilometers of least suitable habitat.

  6. The Department of Energy's National Security Information Fundamental...

    Energy Savers [EERE]

    The Department of Energy's National Security Information Fundamental Classification Guidance Review The Department of Energy's National Security Information Fundamental...

  7. Overview of Key Roles and Responsibilities in Information Security Liaison Model Responsibilities Chief Information Security-Privacy

    E-Print Network [OSTI]

    Cantlon, Jessica F.

    Overview of Key Roles and Responsibilities in Information Security Liaison Model Responsibilities Chief Information Security-Privacy Officers Divisional Information Security-Privacy Liaison Departmental Information Security-Privacy Liaison Planning Plan and conduct annual risk assessment Develop a prioritized

  8. Third Annual Cyber Security and Information

    E-Print Network [OSTI]

    Krings, Axel W.

    Third Annual Cyber Security and Information Infrastructure Research Workshop May 14-15, 2007 TOWARDS COMPREHENSIVE STRATEGIES THAT MEET THE CYBER SECURITY CHALLENGES OF THE 21ST CENTURY Frederick Sheldon, Axel Krings, Seong-Moo Yoo, and Ali Mili (Editors) #12;CSIIRW07: Cyber Security and Information

  9. On Building Secure SCADA Systems using Security Eduardo B. Fernandez

    E-Print Network [OSTI]

    Wu, Jie

    On Building Secure SCADA Systems using Security Patterns Eduardo B. Fernandez Dept. of Comp. Sci, also known as the supervisory, control, and data acquisition (SCADA) system. On the other hand systems. This paper aims to propose methods to build a secure SCADA system using security patterns

  10. OFFICE of the CHIEF INFORMATION SECURITY OFFICER

    E-Print Network [OSTI]

    Matrajt, Graciela

    security and privacy. Services are designed to help UW units understand risks by analyzing and forecasting Chief Information Security Officer In reflecting back on all our hard work during 2012, I would like of Contents Asset-Based Risk Management

  11. GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor

    E-Print Network [OSTI]

    to improve their overall security. The Information Technology Laboratory of the National Institute-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National InstituteGUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security

  12. Hydra: A Platform for Survivable and Secure Data Storage Systems

    E-Print Network [OSTI]

    Xu, Lihao

    Hydra: A Platform for Survivable and Secure Data Storage Systems Lihao Xu Dept. of Computer Science are devel- oping for highly survivable and secure data storage systems that distribute information over on user data. We also explore Hydra's applications in survivable and secure data storage systems

  13. Site Information | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    Information | National Nuclear Security Administration Facebook Twitter Youtube Flickr RSS People Mission Managing the Stockpile Preventing Proliferation Powering the Nuclear Navy...

  14. V-192: Symantec Security Information Manager Input Validation...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    2: Symantec Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks V-192: Symantec Security Information...

  15. V-192: Symantec Security Information Manager Input Validation...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Security Information Manager Input Validation Flaws Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks V-192: Symantec Security Information...

  16. Professional, Applied & Continuing Education INFORMATION ASSURANCE & SECURITY CERTIFICATE

    E-Print Network [OSTI]

    Martin, Jeff

    Professional, Applied & Continuing Education INFORMATION ASSURANCE & SECURITY CERTIFICATE Demand for technical security and information assurance professionals has risen dramatically in recent years OPPORTUNITIES: TUITION: Required Courses (78 Hours): · Information Assurance and Security Level 1: Information

  17. ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy,

    E-Print Network [OSTI]

    Gering, Jon C.

    ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy, Information Access technology security incident. A standard Universitywide approach to information security is important the Information Technology Services Office has completed its investigation and authorizes such activity. 3

  18. The Handbook of Information Security 25. Routers and Switches The Handbook of Information Security

    E-Print Network [OSTI]

    Dommel, Hans-Peter

    The Handbook of Information Security 25. Routers and Switches 1 The Handbook of Information Security John Wiley & Sons Chapter 25. Routers and Switches Mar 31, 2005 - FINAL VERSION - #12;The Handbook of Information Security 25. Routers and Switches 2 OUTLINE INTRODUCTION Principles of Routing and Switching

  19. Approved Module Information for CS4520, 2014/5 Module Title/Name: Information Security Module Code: CS4520

    E-Print Network [OSTI]

    Neirotti, Juan Pablo

    students to take an active role in the design, planning, evaluation and management of secure information -- Ability to analyse security risks and deliver a fit-for-purpose information security management system security * Professional/Subject-Specific Skills -- Ability identify risks in software programs, computer

  20. Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets

    E-Print Network [OSTI]

    Thaw, David Bernard

    2011-01-01

    assets. Current information security law in the Unitedimplications for information security professionalism inbeing abundant in the information security community: Yes,

  1. Aviation security: A system's perspective

    SciTech Connect (OSTI)

    Martin, J.P.

    1988-01-01

    For many years the aviation industry and airports operated with security methods and equipment common to most other large industrial complexes. At that time, the security systems primarily provided asset and property protection. However, soon after the first aircraft hijacking the focus of security shifted to emphasize the security requirements necessary for protecting the traveling public and the one feature of the aviation industry that makes it unique---the airplane. The airplane and its operation offered attractive opportunities for the homesick refugee, the mentally unstable person and the terrorist wanting to make a political statement. The airport and its aircraft were the prime targets requiring enhanced security against this escalated threat. In response, the FAA, airport operators and air carriers began to develop plans for increasing security and assigning responsibilities for implementation.

  2. Securing the information infrastructure for EV charging

    E-Print Network [OSTI]

    Poll, Erik

    Securing the information infrastructure for EV charging Fabian van den Broek1 , Erik Poll1 , and B for the information exchanges in the infrastructure for EV charging being tri- alled in the Netherlands, which. Key words: EV charging, congestion management, end-to-end security, smart grids 1 Introduction

  3. A Game Theoretical Approach to Communication Security

    E-Print Network [OSTI]

    Gueye, Assane

    2011-01-01

    Information and communication systemssecurityTrust: An Element of Information Security,” in Security andInternational Journal of Information Security, vol. 4, pp.

  4. Developing Secure Power Systems Professional Competence: Alignment...

    Energy Savers [EERE]

    Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs - Phase 2 (JulyAugust 2013) Developing Secure Power Systems...

  5. Control Systems Security Standards: Accomplishments And Impacts...

    Broader source: Energy.gov (indexed) [DOE]

    that need to be made toward meeting the priority strategies defined in the DOEDHS Roadmap to Secure Control Systems in the Energy Sector. Control Systems Security Standards:...

  6. Control Systems Security Publications Library | Department of...

    Broader source: Energy.gov (indexed) [DOE]

    Metrics for Process Control Systems - September 2007 Security Framework for Control System Data Classification and Protection - July 2007 Secure ICCP Integration...

  7. Radiological Security Partnership Information | National Nuclear Security

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of NaturalDukeWakefield Municipal GasAdministration Medal01 Sandia4) August 20123/%2A en NNSA sitesInformation/%2ARLUOB

  8. Information Security | National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home Room NewsInformation CurrentHenry Bellamy,ImpactScientificInfluence of TopologicalISTI

  9. Order Code RL33494 Security Classified and Controlled Information

    E-Print Network [OSTI]

    Laughlin, Robert B.

    Order Code RL33494 Security Classified and Controlled Information: History, Status, and Emerging Government and Finance Division #12;Security Classified and Controlled Information: History, Status in the creation, management, and declassification of national security information followed over the succeeding

  10. University of Warwick Information Security Policy 1. Introduction

    E-Print Network [OSTI]

    Davies, Christopher

    University of Warwick Information Security Policy 1. Introduction The University recognises's strategic objectives. Information security is important to the protection of the University's reputation implications for individuals and is subject to legal obligations. The consequences of information security

  11. T-592: Cisco Security Advisory: Cisco Secure Access Control System...

    Broader source: Energy.gov (indexed) [DOE]

    A vulnerability was reported in Cisco Secure Access Control System. A remote user can change the passwords of arbitrary users. PLATFORM: Cisco Secure ACS versions 5.1 patch 3, 4,...

  12. National Information Assurance Education and Training Program (NIETP) National Security Agency ~ 9800 Savage Road ~ Ft. Meade, MD 20755-6744 ~ ATTN: I083, Suite 6744

    E-Print Network [OSTI]

    Duchowski, Andrew T.

    National Information Assurance Education and Training Program (NIETP) National Security Agency University courseware meets all of the elements of the Committee on National Security Systems (CNSS) National Training Standards for: Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011 System

  13. Cyber Security and Resilient Systems

    SciTech Connect (OSTI)

    Robert S. Anderson

    2009-07-01

    The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments to date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.

  14. The Flask Security Architecture: System Support for Diverse Security Policies Ray Spencer Secure Computing Corporation

    E-Print Network [OSTI]

    Andersen, Dave

    Computing Corporation Stephen Smalley, Peter Loscocco National Security Agency Mike Hibler, David AndersenThe Flask Security Architecture: System Support for Diverse Security Policies Ray Spencer Secure be flexible in their support for security policies, providing sufficient mechanisms for supporting the wide

  15. ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy,

    E-Print Network [OSTI]

    Gering, Jon C.

    ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security, Privacy, Information Access & Management STATUS: Approved POLICY TITLE: Information Technology Security Policy POLICY PURPOSE: The purpose of this Information Technology Security Policy is to ensure and describe the steps necessary to secure information

  16. Information Security - DOE Directives, Delegations, and Requirements

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    o471.6AdminChg2-Certified.pdf -- PDF Document, 665 KB Writer: Carl Piechowski Subjects: Administration Information Technology Security ID: DOE O 471.6 Admin Chg 2 Type:...

  17. University of Connecticut Information Technology Security

    E-Print Network [OSTI]

    Alpay, S. Pamir

    University of Connecticut Information Technology Security Incident Response Plan #12;- i - Revision management issue for all organizations, including the University of Connecticut. Furthermore, as more or framework within which University of Connecticut incident handlers can work to ensure a complete

  18. The Secure Hash Payment System 

    E-Print Network [OSTI]

    Thompson, Timothy J

    2001-01-01

    to be developed. Today, consumers are required to provide their complete credit card information to a merchant to complete a transaction, which requires trust in the merchant and the merchant's security. While this approach is widely available and used, it does...

  19. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01

    myths and facts behind cyber security risks for industrialJ. and Hieb, J. [2007], ‘Cyber security risk assessment forOn Cyber Security for Networked Control Systems by Saurabh

  20. System and method for secure group transactions

    DOE Patents [OSTI]

    Goldsmith, Steven Y. (Rochester, MN)

    2006-04-25

    A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

  1. Port security and information technology

    E-Print Network [OSTI]

    Petrakakos, Nikolaos Harilaos

    2005-01-01

    The terrorist attacks of September 11th 2001 on New York and Washington DC shed light on the many security shortcomings that sea ports and the entire import and export process face. A primary source of these problems is ...

  2. OFFICE OF INFORMATION TECHNOLOGY COMPUTER SECURITY POLICY

    E-Print Network [OSTI]

    Walker, Lawrence R.

    OFFICE OF INFORMATION TECHNOLOGY COMPUTER SECURITY POLICY RESPONsmLE ADMINISTRATOR: RESPONsmLE OFFICE(S): ORIGINALLY ISSUED: ApPROVALS: VICE PROVOST FOR INFORMATION TECHNOLOGY OFFICE OF THE VICE PROVOST FOR INFORMATION TECHNOLOGY ApPROVED BY: ~ Date ~ts-tl2- Date li/rO/I?... I I Date REVISION DATE

  3. Data Sciences Technology for Homeland Security Information Management

    E-Print Network [OSTI]

    Data Sciences Technology for Homeland Security Information Management and Knowledge Discovery for Homeland Security Information Management and Knowledge Discovery Authors Tamara Kolda, Sandia National, a Lockheed Martin Company, for the United States Department of Energy's National Nuclear Security

  4. Washington and Lee University Guidance on Information Security

    E-Print Network [OSTI]

    Marsh, David

    Washington and Lee University Guidance on Information Security This guidance addresses common issues that have come up during information security discussions with offices and departments across, Information Security Program Committee Chair (sdittman@wlu.edu) or Dean Tallman, Information Security Officer

  5. Information Security and Quantum Mechanics: Security of Quantum Protocols

    E-Print Network [OSTI]

    P. Oscar Boykin

    2002-10-28

    The problem of security of quantum key protocols is examined. In addition to the distribution of classical keys, the problem of encrypting quantum data and the structure of the operators which perform quantum encryption is studied. It is found that unitary bases are central to both encryption of quantum information, as well as the generation of states used in generalized quantum key distribution (which are called mutually unbiased bases). A one-to-one correspondence between certain unitary bases and mutually unbiased bases is found. Finally, a new protocol for making anonymous classical broadcasts is given along with a security proof. An experimental procedure to implement this protocol is also given. In order to prove these new results, some new bounds for accessible information of quantum sources are obtained.

  6. Ontological Mapping of Information Security Best-Practice Guidelines

    E-Print Network [OSTI]

    Ontological Mapping of Information Security Best-Practice Guidelines Stefan Fenz, Thomas Pruckner security knowl- edge. While information security ontologies already exist, no methods have been proposed. Therefore, this paper presents a method for mapping the information security knowledge of the French EBIOS

  7. Information theoretic security by the laws of classical physics

    E-Print Network [OSTI]

    Mingesz, R; Gingl, Z; Granqvist, C G; Wen, H; Peper, F; Eubank, T; Schmera, G

    2013-01-01

    It has been shown recently that the use of two pairs of resistors with enhanced Johnson-noise and a Kirchhoff-loop-i.e., a Kirchhoff-Law-Johnson-Noise (KLJN) protocol-for secure key distribution leads to information theoretic security levels superior to those of a quantum key distribution, including a natural immunity against a man-in-the-middle attack. This issue is becoming particularly timely because of the recent full cracks of practical quantum communicators, as shown in numerous peer-reviewed publications. This presentation first briefly surveys the KLJN system and then discusses related, essential questions such as: what are perfect and imperfect security characteristics of key distribution, and how can these two types of securities be unconditional (or information theoretical)? Finally the presentation contains a live demonstration.

  8. Banner Job Installation Security Form Office of Information Technology

    E-Print Network [OSTI]

    Karsai, Istvan

    Banner Job Installation Security Form Office of Information Technology 424 Roy S. Nicks Hall, Box: ______________________________ Job Description: ______________________________ Section 3. Security Information Banner Module 70728 Johnson City, Tennessee 37614 (423) 439-4648 · oithelp@etsu.edu Section 1. Requestor Information

  9. Policy 3505 Information Technology Security 1 OLD DOMINION UNIVERSITY

    E-Print Network [OSTI]

    Policy 3505 ­ Information Technology Security 1 OLD DOMINION UNIVERSITY University Policy Policy #3505 INFORMATION TECHNOLOGY SECURITY POLICY Responsible Oversight Executive: Vice President of this policy is to state the codes of practice with which the University aligns its information technology

  10. Physical and Information Security Policy Category: Campus Life

    E-Print Network [OSTI]

    Physical and Information Security Policy Category: Campus Life Facilities Information Management 1. The Security Office (Bentley Campus) will provide information to assist staff and students in protecting Manager. 2.7 Information security University information must be protected in a manner that is appropriate

  11. Teaching Aggressive Information Security Labs

    E-Print Network [OSTI]

    information platforms used by organizations to conduct business and share information and data. 3. I and unlawful ways. 4. I will not "hack" the NPGS domain. _______________________ Print your name and are relevant to the discussion... 8 #12;So Why Do They Hack? · Script Kiddies: ­ According to Sarah Gordon

  12. Secure Information and Resource Sharing in Cloud Institute for Cyber Security

    E-Print Network [OSTI]

    Sandhu, Ravi

    Secure Information and Resource Sharing in Cloud Yun Zhang Institute for Cyber Security Univ Institute for Cyber Security Univ of Texas at San Antonio San Antonio, TX 78249 Ravi.Sandhu@utsa.edu ABSTRACT The significant threats from information security breaches in cyber world is one of the most

  13. ESRCThe economics of information security ESRC Seminar Series

    E-Print Network [OSTI]

    Pym, David J.

    by the Economic and Social Research Council (ESRC), the Cyber Security Knowledge Transfer Network (KTNThe economics of information security Cyber Security KTN The Cyber Security Knowledge Transfer Network (KTN) under the Directorship of Nigel A Jones provides a single focal point for UK Cyber Security

  14. TOWARD HIGHLY SECURE AND AUTONOMIC COMPUTING SYSTEMS: A HIERARCHICAL APPROACH

    SciTech Connect (OSTI)

    Lee, Hsien-Hsin S

    2010-05-11

    The overall objective of this research project is to develop novel architectural techniques as well as system software to achieve a highly secure and intrusion-tolerant computing system. Such system will be autonomous, self-adapting, introspective, with self-healing capability under the circumstances of improper operations, abnormal workloads, and malicious attacks. The scope of this research includes: (1) System-wide, unified introspection techniques for autonomic systems, (2) Secure information-flow microarchitecture, (3) Memory-centric security architecture, (4) Authentication control and its implication to security, (5) Digital right management, (5) Microarchitectural denial-of-service attacks on shared resources. During the period of the project, we developed several architectural techniques and system software for achieving a robust, secure, and reliable computing system toward our goal.

  15. A KNOWLEDGE BASE FOR JUSTIFIED INFORMATION SECURITY DECISION-MAKING

    E-Print Network [OSTI]

    Newcastle upon Tyne, University of

    A KNOWLEDGE BASE FOR JUSTIFIED INFORMATION SECURITY DECISION-MAKING Daria Stepanova, Simon E.K. dasha stepanova@list.ru, s.e.parkin@ncl.ac.uk, aad.vanmoorsel@ncl.ac.uk Keywords: Information security Information Security Officer (CISO) within an organisation to ensure that such information is adequately

  16. Quantum non-locality and information security Muhammad Nadeem

    E-Print Network [OSTI]

    1 Quantum non-locality and information security Muhammad Nadeem Department of Basic Sciences-locality, as discussed here, is sufficient to achieve unconditional information security without requiring advanced, integrity, authenticity and availability of information to legitimate users. These information security

  17. Page 1 of 2 Policy Name: Information Technology (IT) Security

    E-Print Network [OSTI]

    Carleton University

    Page 1 of 2 Policy Name: Information Technology (IT) Security Originating/Responsible Department Information Officer (CIO) Policy: Information Technology (IT) Security Purpose: The purpose of this Policy is to outline Carleton University's approach to campus- wide IT security for networks, enterprise information

  18. Building an Information Technology Security Awareness

    E-Print Network [OSTI]

    by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests of technical, physical, administrative, and management standards and guidelines for the cost-effective security Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899

  19. Some Thoughts on Teaching Secure Programming

    E-Print Network [OSTI]

    Bishop, Matt

    2013-01-01

    Teaching Context in Information Security,” ACM Journal onWorld Conference on Information Security Education pp. 23–Colloquium on Information Systems Security Education (CISSE)

  20. Roadmap to Secure Control Systems in the Energy Sector - January...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Roadmap to Secure Control Systems in the Energy Sector - January 2006 Roadmap to Secure Control Systems in the Energy Sector - January 2006 This document, the Roadmap to Secure...

  1. IBM Internet Security Systems Threat Insight Monthly

    E-Print Network [OSTI]

    of cryptography as it relates to the computer security industry. We will look at some of the underlying technologyIBM Internet Security Systems X-Force ® Threat Insight Monthly www.iss.netwww.iss.net September . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Contents www.iss.netwww.iss.net IBM Internet Security Systems X-Force ® Threat Insight Monthly

  2. Breaking parameter modulated chaotic secure communication system

    E-Print Network [OSTI]

    G. Alvarez; F. Montoya; M. Romera; G. Pastor

    2003-11-20

    This paper describes the security weakness of a recently proposed secure communication method based on parameter modulation of a chaotic system and adaptive observer-based synchronization scheme. We show that the security is compromised even without precise knowledge of the chaotic system used.

  3. Pantex Occupational Health System (OHS), National Nuclear Security...

    Energy Savers [EERE]

    Pantex Occupational Health System (OHS), National Nuclear Security Administration Pantex Site Office Pantex Occupational Health System (OHS), National Nuclear Security...

  4. The Promotion of Access to and Protection of National Security Information in South Africa

    E-Print Network [OSTI]

    Klaaren, Jonathan E.

    2003-01-01

    broadly, a military information security policy has beenfor secrecy and therefore information security measures in asection describes the information security implementation

  5. The National Security Policy Process: The National Security Council and Interagency System

    E-Print Network [OSTI]

    Huang, Wei

    The National Security Policy Process: The National Security Council and Interagency System By Alan Update: August 15, 2011 #12;THIS PAGE INTENTIONALLY BLANK 2 #12;Table of Contents The National Security Policy Process: The National Security Council and Interagency System

  6. A UNIFIED FRAMEWORK OF INFORMATION ASSURANCE FOR THE DESIGN AND ANALYSIS OF SECURITY ALGORITHMS

    E-Print Network [OSTI]

    Baras, John S.

    A UNIFIED FRAMEWORK OF INFORMATION ASSURANCE FOR THE DESIGN AND ANALYSIS OF SECURITY ALGORITHMS several information security goals, such as authentication, integrity and secrecy, have often been and the Institute for Systems Research, University of Maryland, College Park, MD, 20742 ABSTRACT Most information

  7. Constructivist Approach To Information Security Awareness In The Middle East

    E-Print Network [OSTI]

    Wang, Yongge

    Constructivist Approach To Information Security Awareness In The Middle East Mohammed Boujettif the application of an approach to en- hance information security awareness amongst employees within middle- eastern companies, in effort to improve information security. We aim at surveying the current attitudes

  8. SUCCESS FACTORS IN INFORMATION SECURITY IMPLEMENTATION IN ORGANIZATIONS

    E-Print Network [OSTI]

    Williamson, John

    SUCCESS FACTORS IN INFORMATION SECURITY IMPLEMENTATION IN ORGANIZATIONS Maryam Al-Awadi University This paper will explore and identify success factors related to the implementation of information security was to identify those factors required to ensure successful implementation of information security, particularly

  9. A Comprehensive and Comparative Metric for Information Security

    E-Print Network [OSTI]

    Breu, Ruth

    A Comprehensive and Comparative Metric for Information Security Steffen Weiß1 , Oliver Weissmann2 security GmbH, Germany Abstract Measurement of information security is important for organizations , Falko Dressler1* 1 Dept. of Computer Science 7, University of Erlangen, Germany 2 atsec information

  10. Center for Cyber-Security, Information Privacy, and Trust

    E-Print Network [OSTI]

    Lee, Dongwon

    Center for Cyber-Security, Information Privacy, and Trust http://cybersecurity.ist.psu.edu Dr. Peng Liu, Director pliu@ist.psu.edu Center for Cyber-Security, Information Privacy, and Trust 16802-6822 The Center for Cyber-Security, Information Privacy, and Trust, aka Lions Center

  11. Physical Security Systems | National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home Room NewsInformationJesseworkSURVEYI/OPerformance andAreaPhotoinducedCenter ObjectivePhysical

  12. Providing Security With Insecure Systems Andrew Odlyzko

    E-Print Network [OSTI]

    Odlyzko, Andrew M.

    not caused by cyber­in­security. Even taking the crash into account, the world economy has been doing veryProviding Security With Insecure Systems Andrew Odlyzko School of Mathematics, University: Security, Economics, Human Factors Extended Abstract A Martian who arrived on Earth today would surely con

  13. Study of Security Attributes of Smart Grid Systems- Current Cyber Security Issues

    SciTech Connect (OSTI)

    Wayne F. Boyer; Scott A. McBride

    2009-04-01

    This document provides information for a report to congress on Smart Grid security as required by Section 1309 of Title XIII of the Energy Independence and Security Act of 2007. The security of any future Smart Grid is dependent on successfully addressing the cyber security issues associated with the nation’s current power grid. Smart Grid will utilize numerous legacy systems and technologies that are currently installed. Therefore, known vulnerabilities in these legacy systems must be remediated and associated risks mitigated in order to increase the security and success of the Smart Grid. The implementation of Smart Grid will include the deployment of many new technologies and multiple communication infrastructures. This report describes the main technologies that support Smart Grid and summarizes the status of implementation into the existing U.S. electrical infrastructure.

  14. Motivation to study security of control systems. Our Results/Contribution. Summary. Security constrained control under

    E-Print Network [OSTI]

    Hu, Fei

    Motivation to study security of control systems. Our Results/Contribution. Summary. Security Secure control systems UC Berkeley #12;Motivation to study security of control systems. Our Results/Contribution. Summary. Outline. Motivation to study security of control systems. Distributed control systems

  15. Appendix III to OMB Circular No. A-130 -Security of Federal Automated Information Resources

    E-Print Network [OSTI]

    Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Resources A automated information security programs; assigns Federal agency responsibilities for the security of automated information; and links agency automated information security programs and agency management

  16. Secure Information Sharing and Dissemination in the Context of Public Security

    E-Print Network [OSTI]

    Secure Information Sharing and Dissemination in the Context of Public Security Professor Nabil R. Adam Director, The Center for Information Management Integration & Connectivity (CIMIC) Executive://cimic.rutgers.edu/~adam/ Abstract In the context of homeland security, one of the key challenges in such environment is achieving

  17. Cyber Security | National Security | ORNL

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    System-of-systems analysis Visualization tools for complex information Next-generation smart grid technologies Quantum computing, security, and data fusion For more information,...

  18. NIST Computer Security Division csrc.nist.gov Supplemental Guidance on

    E-Print Network [OSTI]

    -03, Enhancing the Security of Federal Information and Information Systems, stated that, "Our nation's security monitoring, or security authorization. Keywords Federal Information Security Management Act, Information Information For additional information on NIST's Computer Security Division programs, projects

  19. Find It. Delete It. Protect It. Information Technology Security Strategy

    E-Print Network [OSTI]

    Sheridan, Jennifer

    Find It. Delete It. Protect It. Information Technology Security Strategy Executive Summary The general proposed strategy is to optimize risk management for information security incrementally and over that security will be a process rather than project. Achievement of the goal, optimized risk management

  20. The Promotion of Access to and Protection of National Security Information in South Africa

    E-Print Network [OSTI]

    Klaaren, Jonathan E.

    2003-01-01

    to and Protection of National Security Information in Southmost relevant to national security information have similarbeen extended. 2 The national security ground of refusal to

  1. Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

    DOE Patents [OSTI]

    Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

    2015-07-28

    Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

  2. Copyright 2011 Northrop Grumman Corporation Northrop Grumman Information Systems (NGIS)

    E-Print Network [OSTI]

    from unattended sensors · Space vulnerabilities and survivability · Cyber security/informationCopyright © 2011 Northrop Grumman Corporation Northrop Grumman Information Systems (NGIS Northrop Grumman Corporation Page 2 1. Overview Information Sponsor ­Northrop Grumman Information Systems

  3. Can We Improve Energy Efficiency of Secure Disk Systems without Modifying Security Mechanisms?

    E-Print Network [OSTI]

    Qin, Xiao

    Can We Improve Energy Efficiency of Secure Disk Systems without Modifying Security Mechanisms--Improving energy efficiency of security-aware storage systems is challenging, because security and energy security and energy efficiency is to profile encryption algorithms to decide if storage systems would

  4. Secure videoconferencing equipment switching system and method

    DOE Patents [OSTI]

    Hansen, Michael E. (Livermore, CA)

    2009-01-13

    A switching system and method are provided to facilitate use of videoconference facilities over a plurality of security levels. The system includes a switch coupled to a plurality of codecs and communication networks. Audio/Visual peripheral components are connected to the switch. The switch couples control and data signals between the Audio/Visual peripheral components and one but nor both of the plurality of codecs. The switch additionally couples communication networks of the appropriate security level to each of the codecs. In this manner, a videoconferencing facility is provided for use on both secure and non-secure networks.

  5. Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

    SciTech Connect (OSTI)

    Rolston

    2005-03-01

    At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

  6. ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security

    E-Print Network [OSTI]

    Gering, Jon C.

    ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security STATUS: Approved POLICY of the requesting department to send pricing requests to Information Technology Services, have funds available the requesting department should coordinate with Information Technology Services to ensure dependencies

  7. Silver Lining: Enforcing Secure Information Flow at the Cloud Edge Safwan Mahmud Khan, Kevin W. Hamlen and Murat Kantarcioglu

    E-Print Network [OSTI]

    Hamlen, Kevin W.

    Silver Lining: Enforcing Secure Information Flow at the Cloud Edge Safwan Mahmud Khan, Kevin W to the cloud kernel software, OS/hypervisor, VM, or cloud file system, SilverLine automatically in-lines secure information flow security for Hadoop clouds with easy maintainability (through modularity) and low overhead

  8. U-200: Red Hat Directory Server Information Disclosure Security...

    Broader source: Energy.gov (indexed) [DOE]

    A security issue and a vulnerability have been reported in Red Hat Directory Server, which can be exploited by malicious users to disclose sensitive information. PLATFORM: Red Hat...

  9. NISTIR 7621 Small Business Information Security

    E-Print Network [OSTI]

    . .......................................8 3.3 Security concerns about popup windows and other hacker tricks

  10. Recommended Practice for Securing Control System Modems

    SciTech Connect (OSTI)

    James R. Davidson; Jason L. Wright

    2008-01-01

    This paper addresses an often overlooked “backdoor” into critical infrastructure control systems created by modem connections. A modem’s connection to the public telephone system is similar to a corporate network connection to the Internet. By tracing typical attack paths into the system, this paper provides the reader with an analysis of the problem and then guides the reader through methods to evaluate existing modem security. Following the analysis, a series of methods for securing modems is provided. These methods are correlated to well-known networking security methods.

  11. National SCADA Test Bed - Enhancing control systems security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    National SCADA Test Bed - Enhancing control systems security in the energy sector (September 2009) National SCADA Test Bed - Enhancing control systems security in the energy sector...

  12. Roadmap to Secure Control Systems in the Energy: Executive Summary...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Roadmap to Secure Control Systems in the Energy: Executive Summary - 2006 Roadmap to Secure Control Systems in the Energy: Executive Summary - 2006 This document, the Roadmap to...

  13. Security Framework for Control System Data Classification and...

    Broader source: Energy.gov (indexed) [DOE]

    Security (OPSEC) to Support a Cyber Security Culture in Control Systems Environments Wireless System Considerations When Implementing NERC Critical Infrastructure Protection...

  14. Secure videoconferencing equipment switching system and method

    DOE Patents [OSTI]

    Dirks, David H; Gomes, Diane; Stewart, Corbin J; Fischer, Robert A

    2013-04-30

    Examples of systems described herein include videoconferencing systems having audio/visual components coupled to a codec. The codec may be configured by a control system. Communication networks having different security levels may be alternately coupled to the codec following appropriate configuration by the control system. The control system may also be coupled to the communication networks.

  15. Situated Usability Testing for Security Systems

    SciTech Connect (OSTI)

    Greitzer, Frank L.

    2011-03-02

    While usability testing is well established, assessing the usability of security software, tools, or methods deserves more careful consideration. It has been argued that dealing with security has become too difficult for individuals or organizations to manage effectively or to use conveniently. As difficult as it is for system administrators and developers to deal with, security is even more challenging for casual users. Indeed, it is much too easy for casual/home users to configure the security of their systems in non-optimal ways that leave their systems inadvertently insecure. This is exacerbated by the fact that casual users are focused on matters other than security, and likely would prefer not even to think about security. This brief report argues that when security and/or privacy are part of the equation, traditional methods for usability testing should be re-considered. The purpose of this brief report is to argue for and outline a method associated with a new approach to usability testing for examining usable security issues.

  16. Secure Communication using Compound Signal from Generalized Synchronizable Chaotic Systems

    E-Print Network [OSTI]

    K. Murali; M. Lakshmanan

    1997-09-20

    By considering generalized synchronizable chaotic systems, the drive-auxiliary system variables are combined suitably using encryption key functions to obtain a compound chaotic signal. An appropriate feedback loop is constructed in the response-auxiliary system to achieve synchronization among the variables of the drive-auxiliary and response-auxiliary systems. We apply this approach to transmit analog and digital information signals in which the quality of the recovered signal is higher and the encoding is more secure.

  17. Physical Security System Sensitivity to DBT Perturbations 

    E-Print Network [OSTI]

    Conchewski, Curtis

    2012-10-19

    This thesis examines how perturbing selected adversary capabilities in a design basis threat (DBT) may affect the assessment of a facility's security system performance. We found that using a strictly defined DBT to design ...

  18. Security approaches for Radio Frequency Identification systems

    E-Print Network [OSTI]

    Foley, Joseph Timothy, 1976-

    2007-01-01

    In this thesis, I explore the challenges related to the security of the Electronic Product Code (EPC) class of Radio Frequency Identification (RFID) tags and associated data. RFID systems can be used to improve supply chain ...

  19. CS2SAT: THE CONTROL SYSTEMS CYBER SECURITY SELF-ASSESSMENT TOOL

    SciTech Connect (OSTI)

    Kathleen A. Lee

    2008-01-01

    The Department of Homeland Security National Cyber Security Division has developed the Control System Cyber Security Self-Assessment Tool (CS2SAT) that provides users with a systematic and repeatable approach for assessing the cyber-security posture of their industrial control system networks. The CS2SAT was developed by cyber security experts from Department of Energy National Laboratories and with assistance from the National Institute of Standards and Technology. The CS2SAT is a desktop software tool that guides users through a step-by-step process to collect facility-specific control system information and then makes appropriate recommendations for improving the system’s cyber-security posture. The CS2SAT provides recommendations from a database of industry available cyber-security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate-specific security vulnerabilities.

  20. Secure and Efficient Routable Control Systems

    SciTech Connect (OSTI)

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  1. Bounds on Information and the Security of Quantum Cryptography

    E-Print Network [OSTI]

    E. Biahm; T. Mor

    1997-01-08

    Strong attacks against quantum key distribution use quantum memories and quantum gates to attack directly the final key. In this paper we extend a novel security result recently obtained, to demonstrate proofs of security against a wide class of such attacks. To reach this goal we calculate information-dependent reduced density matrices, we study the geometry of quantum mixed states, and we find bounds on the information leaked to an eavesdropper. Our result suggests that quantum cryptography is ultimately secure.

  2. Quantum Public-Key Encryption with Information Theoretic Security

    E-Print Network [OSTI]

    Jiangyou Pan; Li Yang

    2012-02-20

    We propose a definition for the information theoretic security of a quantum public-key encryption scheme, and present bit-oriented and two-bit-oriented encryption schemes satisfying our security definition via the introduction of a new public-key algorithm structure. We extend the scheme to a multi-bitoriented one, and conjecture that it is also information theoretically secure, depending directly on the structure of our new algorithm.

  3. Securing Wireless Systems via Lower Layer Enforcements Zang Li, Wenyuan Xu, Rob Miller, Wade Trappe

    E-Print Network [OSTI]

    Xu, Wenyuan

    Securing Wireless Systems via Lower Layer Enforcements Zang Li, Wenyuan Xu, Rob Miller, Wade Trappe Wireless Information Network Laboratory (WINLAB) Rutgers, The State University of New Jersey 73 Brett Rd security mechanisms are essential to the overall problem of securing wireless net- works, these techniques

  4. Delegating Network Security with More Information

    E-Print Network [OSTI]

    Naous, Jad

    Network security is gravitating towards more centralized control. Strong centralization places a heavy burden on the administrator who has to manage complex security policies and be able to adapt to users' requests. To be ...

  5. March 23, 2008 Databases: Information Systems 1 Information Systems

    E-Print Network [OSTI]

    Adam, Salah

    March 23, 2008 Databases: Information Systems 1 Information Systems #12;March 23, 2008 Databases: Information Systems 2 Objectives What is an Information System (IS) + Classification of Information Systems + Evolution of Information Systems + Information System Management + Performance Requirements of ISs + #12

  6. ITL Bulletins are published by the Information Technology Laboratory

    E-Print Network [OSTI]

    Intrusion Detection Systems, July 2003 IT Security Metrics, August 2003 Information Technology Security Security Considerations in the Information System Development Life Cycle, December 2003 Computer Security Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems

  7. Primer Control System Cyber Security Framework and Technical Metrics

    SciTech Connect (OSTI)

    Wayne F. Boyer; Miles A. McQueen

    2008-05-01

    The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

  8. Secure Information Exchange Gateway for Electric Grid Operations

    SciTech Connect (OSTI)

    Robertson, F. Russell; Carroll, J. Ritchie; Sanders, William; Yardley, Timothy; Heine, Erich; Hadley, Mark; McKinnon, David; Motteler, Barbara; Giri, Jay; Walker, William; McCartha, Esrick

    2014-09-30

    The major objectives of the SIEGate project were to improve the security posture and minimize the cyber-attack surface of electric utility control centers and to reduce the cost of maintaining control-room-to-control-room information exchange. Major project goals included the design, development, testing, and commercialization of a single security-hardened appliance that could meet industry needs for resisting cyber-attacks while protecting the confidentiality and integrity of a growing volume of real-time information needed to ensure the reliability of the bulk electric system and interoperating with existing data formats and networking technologies. The SIEGate project has achieved its goals and objectives. The SIEGate Design Document, issued in March 2012, presented SIEGate use cases, provided SIEGate requirements, established SIEGate design principles, and prescribed design functionality of SIEGate as well as the components that make up SIEGate. SIEGate Release Version 1.0 was posted in January 2014. Release Version 1.0.83, which was posted on March 28, 2014, fixed many issues discovered by early adopters and added several new features. Release Candidate 1.1, which added additional improvements and bug fixes, was posted in June 2014. SIEGate executables have been downloaded more than 300 times. SIEGate has been tested at PJM, Entergy, TVA, and Southern. Security testing and analysis of SIEGate has been conducted at PNNL and PJM. Alstom has provided a summary of recommended steps for commercialization of the SIEGate Appliance and identified two deployment models with immediate commercial application.

  9. Analytical foundations of physical security system assessment 

    E-Print Network [OSTI]

    Graves, Gregory Howard

    2006-10-30

    . 1. Physical Security Design Process Conventional decision problems under conditions of uncertainty require a specified probability measure on the sigma-algebra generated by a set of atomic events or outcomes. In this research, we consider the problem... security system, our model represents the consequences of threat actions in terms of a random variable representing reward. We characterize atomic events using random variables representing magnitude of loss to the assets and specific types of threat...

  10. Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

    SciTech Connect (OSTI)

    Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo; Mili, Ali; Trien, Joseph P

    2006-01-01

    The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglected or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .

  11. DOE and Industry Showcase New Control Systems Security Technologies...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    and security management to enable energy asset owners to design a secure, networked control systems architecture. The project is led by Siemens Corporate Research in partnership...

  12. Dartmouth Information Security Control Objectives (Jan 2013, version 5.1 ) Introduction

    E-Print Network [OSTI]

    Myers, Lawrence C.

    Dartmouth Information Security Control Objectives (Jan 2013, version 5.1 ) Introduction This document contains the information security control requirements for Dartmouth College. The Dartmouth Information Security Commitee (DISC) developed these controls based on industry best practice, using Dartmouth

  13. J. Douglas Streit, Information Security Officer Office of Computing and Communications Services

    E-Print Network [OSTI]

    J. Douglas Streit, Information Security Officer Office of Computing and Communications Services Last updated February 6, 2012 Old Dominion University Information Technology Security Program #12;J. Douglas Streit, Information Security Officer Office of Computing and Communications Services Last updated

  14. Washington and Lee University Guidelines for Responding to Information Security Breaches

    E-Print Network [OSTI]

    Marsh, David

    Washington and Lee University Guidelines for Responding to Information Security Breaches Notifications 1. As further detailed in the university's Guidelines for Reporting Information Security Breaches regarding an actual or suspected data breach should contact: i. the university's Information Security

  15. Information Technology Security Training Requirements Appendix E --Training Cross Reference E-1

    E-Print Network [OSTI]

    Information Technology Security Training Requirements APPENDIX E Appendix E -- Training Cross Reference E-1 #12;Information Technology Security Training Requirements Appendix E -- Training Cross Reference E-2 #12;Information Technology Security Training Requirements APPENDIX E -- JOB FUNCTION

  16. Security system helps utility stay competitive

    SciTech Connect (OSTI)

    NONE

    1995-04-01

    Atlantic Electric is saving more than $750,000 annually in security costs by using an innovative closed-circuit television (CCTV) system to guard its remote sites electronically. Today, a single guard in the central security control room at Atlantic Electric`s headquarters electronically surveys and controls some 20 remote sites such as combustion turbine sites, material storage, administrative facilities and operating centers. Protecting these sites are CCTV cameras mounted around each yard, floodlighting, and a motion detection and signal transmission system called Adpro SiteWatch by vsion Systems Inc. The SiteWatch system automatically displays to the central guard any intrusion at a site, and captures and replays the intrusion events similar to an instant replay in a televised sporting event. Over the five year transition, Atlantic Electric saved nearly $2 million in security costs.

  17. Design tools for complex dynamic security systems.

    SciTech Connect (OSTI)

    Byrne, Raymond Harry; Rigdon, James Brian; Rohrer, Brandon Robinson; Laguna, Glenn A.; Robinett, Rush D. III; Groom, Kenneth Neal; Wilson, David Gerald; Bickerstaff, Robert J.; Harrington, John J.

    2007-01-01

    The development of tools for complex dynamic security systems is not a straight forward engineering task but, rather, a scientific task where discovery of new scientific principles and math is necessary. For years, scientists have observed complex behavior but have had difficulty understanding it. Prominent examples include: insect colony organization, the stock market, molecular interactions, fractals, and emergent behavior. Engineering such systems will be an even greater challenge. This report explores four tools for engineered complex dynamic security systems: Partially Observable Markov Decision Process, Percolation Theory, Graph Theory, and Exergy/Entropy Theory. Additionally, enabling hardware technology for next generation security systems are described: a 100 node wireless sensor network, unmanned ground vehicle and unmanned aerial vehicle.

  18. Hobsons Information Security Introduction and Purpose

    E-Print Network [OSTI]

    Aickelin, Uwe

    . Among the foreseeable risks are external hacks, unauthorised access, thefts, inadvertent destruction of access by employees, students or business associates. The Data Security Coordinator, along with other

  19. Information Security - DOE Directives, Delegations, and Requirements

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    of Health, Safety and Security Status: Archive Approved Date: Jun 20, 2011 CRD: Yes DNFSB: No Related History Exemptions Standards Related to: Request to Make Administrative...

  20. Information Security - DOE Directives, Delegations, and Requirements

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    of Health, Safety and Security Status: Archive Approved Date: Jun 20, 2011 CRD: Yes DNFSB: No Related History Exemptions Standards Related to: Delegation of Authority - Acting...

  1. Program Information | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    Our Jobs Our Jobs Working at NNSA Blog Home About Us Our Operations Acquisition and Project Management Major Contract Solicitation National Security Campus Management and...

  2. Secure Data Transfer Guidance for Industrial Control and SCADA Systems

    SciTech Connect (OSTI)

    Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

    2011-09-01

    This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

  3. Information Security: Coordination of Federal Cyber Security Research and

    Broader source: Energy.gov (indexed) [DOE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of Natural GasAdjustmentsShirleyEnergy A plug-inPPLforLDRD Report11,SecurityHomeRemarksEnergyConfigurationsEGS

  4. Privacy and Security Protecting Personal Information

    E-Print Network [OSTI]

    Victoria, University of

    key privacy and security concepts specific to academic units; · Integrate the knowledge through/security questions; · External Review recommended wider education and training at the university #12;Why Are You Here principles · Proactive · Better practices #12;University's commitment Protection of Privacy Policy

  5. Embedding Security Policies into a Distributed Computing Environment

    E-Print Network [OSTI]

    Kühnhauser, Winfried

    : security policy, multipolicy system, information domain, policy domain, custodian, policy sep- arationD information systems must support information processing under multiple security policies of any complexity information support information processing among users with di erent security attributes employing resources

  6. ISM6328 -Boca Raton Campus-Fall 2011-MB1 ISM 6328: INFORMATION SECURITY MANAGEMENT

    E-Print Network [OSTI]

    Richman, Fred

    ISM6328 - Boca Raton Campus- Fall 2011-MB1 ISM 6328: INFORMATION SECURITY MANAGEMENT FALL 2011 security. Emphasis is on the management of information security efforts as well as progression in adopting, regularity and policy aspects of Information Security Management. We will examine security management

  7. Improving Energy Efficiency and Security for Disk Systems

    E-Print Network [OSTI]

    Qin, Xiao

    Improving Energy Efficiency and Security for Disk Systems Shu Yin1 , Mohammed I. Alghamdi2 been focused on data security and energy efficiency, most of the existing approaches have concentrated optimization with security services to enhance the security of energy-efficient large- scale storage systems

  8. Department of Systems & Information

    E-Print Network [OSTI]

    Zhigilei, Leonid V.

    , communication systems, control systems, economic systems, energy and environmental systems, human factors systems, safety-critical systems, wireless communications, game theory and artificial intelligenceDeveloping Leaders of Innovation Department of Systems & Information Engineering #12;In the U

  9. Ninth Annual Cyber and Information Security Research Conference...

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    Ninth Annual Cyber and Information Security Research Conference Apr 08 2014 04-08-2014 08:30 AM - 04-10-2014 04:00 PM Multiple speakers, multiple disciplines, multiple affiliations...

  10. Cyber-Physical Systems Security for Smart Grid

    E-Print Network [OSTI]

    Cyber-Physical Systems Security for Smart Grid Future Grid Initiative White Paper Power Systems-Physical Systems Security for Smart Grid Prepared for the Project "The Future Grid to Enable Sustainable Energy

  11. Information Security Policy http://www.bu.edu/policies/pdf/Info_Security_Policy_02-17-10.pdf

    E-Print Network [OSTI]

    Xia, Yu "Brandon"

    1 Information Security Policy http://www.bu.edu/policies/pdf/Info_Security_Policy_02-17-10.pdf it must collect, store and use Sensitive Information relating to its students, employees and individuals Information properly and securely. Reason for Policy / Implication Statement Boston University is committed

  12. Carnegie Mellon University 1 The Major in Information Systems

    E-Print Network [OSTI]

    Spirtes, Peter

    , and software development principles, languages, methods. Since Information Systems generally operate within Systems Management, Human Computer Interaction, Information Security Policy and Management, Engineering trends indicate that this is likely to continue. IS majors often take jobs in consulting companies, major

  13. Secure sequential transmission of quantum information

    E-Print Network [OSTI]

    Kabgyun Jeong; Jaewan Kim

    2015-01-19

    We propose a quantum communication protocol that can be used to transmit any quantum state, one party to another via several intermediate nodes, securely on quantum communication network. The scheme makes use of the sequentially chained and approximate version of private quantum channels satisfying certain commutation relation of $n$-qubit Pauli operations. In this paper, we study the sequential structure, security analysis, and efficiency of the quantum sequential transmission (QST) protocol in depth.

  14. DATE: NVLAP LAB CODE: INFORMATION TECHNOLOGY SECURITY TESTING

    E-Print Network [OSTI]

    DATE: NVLAP LAB CODE: INFORMATION TECHNOLOGY SECURITY TESTING TEST PROCEDURE SELECTION LIST/2014 Testing based on criteria in 45 CFR Part 170, Health Information Technology: Standards, Implementation to the Permanent Certification Program for Health Information Technology; Final Rule (September 4, 2012). Complete

  15. Comparison of Routable Control System Security Approaches

    SciTech Connect (OSTI)

    Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

    2011-06-01

    This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

  16. Chapter 5. System security and ancillary Introduction

    E-Print Network [OSTI]

    Ernst, Damien

    Chapter 5. System security and ancillary services 1 #12;Introduction Markets for electrical energy of the other. 4 #12;Describing the needs for ancillary services Needs classified according to three different. Interactions for example between balancing and network issues. Ancillary services needed for addressing every

  17. PROTECTING SENSITIVE INFORMATION TRANSMITTED

    E-Print Network [OSTI]

    INFORMATION TRANSMITTED IN PUBLIC NETWORKS Shirley Radack, EditorShirley Radack, Editor Computer Security DivisionComputer Security Division Information Technology LaboratoryInformation Technology Laboratory to the overall security of an organization's information and information systems. The Information Technology

  18. COSC 472 Network Security Annie Lu 1 COSC 472 Network Security

    E-Print Network [OSTI]

    Lu, Enyue "Annie"

    Network Security Annie Lu Background · Information Security requirements have changed in recent times to protect data during transmission #12;COSC 472 Network Security Annie Lu 6 Security · Information Security Security Annie Lu Computer Security · the protection afforded to an automated information system in order

  19. Policies of the University of North Texas System Administration Chapter 08 Information

    E-Print Network [OSTI]

    Policies of the University of North Texas System Administration Chapter 08 Information Technology08.100 Information Security Policy Policy Statement. The System Administration is committed to protecting. All users of information and information resources of System Administration, including students

  20. Control Systems Cyber Security: Defense-in-Depth Strategies

    SciTech Connect (OSTI)

    Mark Fabro

    2007-10-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  1. Control Systems Cyber Security:Defense in Depth Strategies

    SciTech Connect (OSTI)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  2. Roadmap to Secure Control Systems in the Energy Sector 2006 ...

    Energy Savers [EERE]

    Roadmap to Secure Control Systems in the Energy Sector 2006 - Presentation to the 2008 ieRoadmap Workshop Roadmap to Secure Control Systems in the Energy Sector 2006 - Presentation...

  3. Fair and Efficient Secure Multiparty Computation with Reputation Systems

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    Fair and Efficient Secure Multiparty Computation with Reputation Systems Gilad Asharov, Yehuda majority are not obtained. Keywords: secure multiparty computation, reputation systems, new models 1 Lindell, and Hila Zarosim Dept. of Computer Science, Bar-Ilan University, Israel {asharog

  4. Cryptanalyzing a discrete-time chaos synchronization secure communication system

    E-Print Network [OSTI]

    Gonzalo Alvarez; Fausto Montoya; Miguel Romera; Gerardo Pastor

    2003-11-21

    This paper describes the security weakness of a recently proposed secure communication method based on discrete-time chaos synchronization. We show that the security is compromised even without precise knowledge of the chaotic system used. We also make many suggestions to improve its security in future versions.

  5. Common Cyber Security Vulnerabilities Observed in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Systems (September 2011) Vulnerability Analysis of Energy Delivery Control Systems - 2011 Lessons Learned from Cyber Security Assessments of SCADA and Energy Management Systems...

  6. Stay protected when connected Visit security.duke.edu for more information.

    E-Print Network [OSTI]

    McShea, Daniel W.

    Stay protected when connected Visit security.duke.edu for more information. Follow these guidelines Visit security.duke.edu for more information. Follow these tips for securing mobile devices: iOS 6/software/. Windows Mac Another free option: Microsoft Security Essentials: http://windows.microsoft.com/en- US/windows/products/security

  7. SESSION: CYBER-PHYSICAL SYSTEM SECURITY IN A SMART GRID ENVIROMENT 1 Cyber-Security of SCADA Systems

    E-Print Network [OSTI]

    Johansson, Karl Henrik

    SESSION: CYBER-PHYSICAL SYSTEM SECURITY IN A SMART GRID ENVIROMENT 1 Cyber-Security of SCADA Estimators in SCADA systems is scrutinized. Index Terms--Cyber-Security, SCADA Systems, AGC, State Estimators in our society [1]. Large power systems are nowadays very complex and tightly coupled with the SCADA

  8. Security needs in embedded systems Tata Elxsi Ltd. India

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    1 Security needs in embedded systems Anoop MS Tata Elxsi Ltd. India anoopms will be useless #12;Security needs in embedded systems 2 or unintelligible for anyone who is having unauthorized in an embedded system to achieve data security is explained in the following sections. 2.1. Data Encryption

  9. T-592: Cisco Security Advisory: Cisco Secure Access Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    The vendor has issued a fix: 1. Cisco Secure ACS version 5.1: File 5-1-0-44-6.tar.gpg - ACS 5.1.0.44 cumulative patch 6 2. Cisco Secure ACS version 5.2: File...

  10. Mutual information, bit error rate and security in Wójcik's scheme

    E-Print Network [OSTI]

    Zhanjun Zhang

    2004-02-21

    In this paper the correct calculations of the mutual information of the whole transmission, the quantum bit error rate (QBER) are presented. Mistakes of the general conclusions relative to the mutual information, the quantum bit error rate (QBER) and the security in W\\'{o}jcik's paper [Phys. Rev. Lett. {\\bf 90}, 157901(2003)] have been pointed out.

  11. August 2003 IT SECURITY METRICS

    E-Print Network [OSTI]

    August 2003 IT SECURITY METRICS Elizabeth B. Lennon, Editor Information Technology Laboratory approach to measuring information security. Evaluating security at the sys tem level, IT security metrics and techniques contained in NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems

  12. Course Information SER 234 Operating Systems and Networking

    E-Print Network [OSTI]

    · · · · · · · · · · · Course Information SER 234 Operating Systems and Networking Catalog Description Fundamentals of operating systems, process management, scheduling, and file management. Network technology, topologies, protocols, application control; network and operating system security. Credit Hours

  13. Control Systems Security Test Center - FY 2004 Program Summary

    SciTech Connect (OSTI)

    Robert E. Polk; Alen M. Snyder

    2005-04-01

    In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nation’s critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

  14. First Analysis Securities Corporation | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on QA:QAsource History View New PagesSustainable Urban Transport Jump to: navigation, searchSecurities Corporation Jump

  15. Ultra Safe And Secure Blasting System

    SciTech Connect (OSTI)

    Hart, M M

    2009-07-27

    The Ultra is a blasting system that is designed for special applications where the risk and consequences of unauthorized demolition or blasting are so great that the use of an extraordinarily safe and secure blasting system is justified. Such a blasting system would be connected and logically welded together through digital code-linking as part of the blasting system set-up and initialization process. The Ultra's security is so robust that it will defeat the people who designed and built the components in any attempt at unauthorized detonation. Anyone attempting to gain unauthorized control of the system by substituting components or tapping into communications lines will be thwarted in their inability to provide encrypted authentication. Authentication occurs through the use of codes that are generated by the system during initialization code-linking and the codes remain unknown to anyone, including the authorized operator. Once code-linked, a closed system has been created. The system requires all components connected as they were during initialization as well as a unique code entered by the operator for function and blasting.

  16. Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009)

    E-Print Network [OSTI]

    Proceedings of the Third International Symposium on Human Aspects of Information Security the scope of remediation, is a pervasive feature of Information Technology Security Management (ITSM of Information Security & Assurance (HAISA 2009) 120 which is security incident response. We extend those results

  17. Security Forms and Information | Department of Energy

    Energy Savers [EERE]

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on QA:QA J-E-1 SECTION J APPENDIX E LIST OF APPLICABLE DIRECTIVES Pursuant to the contract clauseProgramSecurity Forms and

  18. Triggering Control Methods for Cyber-Physical Systems : : Security & Smart Grid Applications

    E-Print Network [OSTI]

    Foroush, Hamed Shisheh

    2014-01-01

    applications, e.g. , security and smart grid, and on theCyber-Physical Systems: Security & Smart Grid Applications APhysical Systems: Security & Smart Grid Applications by

  19. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01

    Analysis of electric grid security under terrorist threat’,and a guideline to smart grid security in NIST-IR 7628. Al-the current security posture of the power grid, (2) develop

  20. National SCADA Test Bed - Enhancing control systems security...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    of the systems still in use today were designed to operate in closed, proprietary networks. National SCADA Test Bed - Enhancing control systems security in the energy sector...

  1. The Information Security Tenure Track Faculty in Computer ScienceThe Information Security Institute at The Johns Hopkins University (JHUISI) is planning for substantial multi-year growth in the area of

    E-Print Network [OSTI]

    Plotkin, Joshua B.

    The Information Security Tenure Track Faculty in Computer ScienceThe Information Security Institute of Information Security and Cryptography. Our administration is committed at the highest level to substantially: Applicants in Information Security would also be associated with: · The Information Security Institute

  2. Teaching in computer security and privacy The Computer Laboratory's undergraduate and masters programmes

    E-Print Network [OSTI]

    Crowcroft, Jon

    computing security · Economics of cybercrime · Economics of information security · Formal methods · Hardware security · Location and positioning systems · Malware analysis · Medical information security · MobileTeaching in computer security and privacy The Computer Laboratory's undergraduate and masters

  3. A Method for Estimating the Financial Impact of Cyber Information Security Breaches Utilizing the Common Vulnerability Scoring System and Annual Loss Expectancy

    E-Print Network [OSTI]

    Lindsey, Michael B.

    2010-05-14

    calculate the likelihood of a successful cyber security attack and the resulting financial impacts. The method incorporates annual loss expectancy and cost-benefit, which are tools familiar to most mid-level managers responsible for budget creation....

  4. S3A: Secure System Simplex Architecture for Enhanced Security of Cyber-Physical Systems

    E-Print Network [OSTI]

    Mohan, Sibin; Betti, Emiliano; Yun, Heechul; Sha, Lui; Caccamo, Marco

    2012-01-01

    Until recently, cyber-physical systems, especially those with safety-critical properties that manage critical infrastructure (e.g. power generation plants, water treatment facilities, etc.) were considered to be invulnerable against software security breaches. The recently discovered 'W32.Stuxnet' worm has drastically changed this perception by demonstrating that such systems are susceptible to external attacks. Here we present an architecture that enhances the security of safety-critical cyber-physical systems despite the presence of such malware. Our architecture uses the property that control systems have deterministic execution behavior, to detect an intrusion within 0.6 {\\mu}s while still guaranteeing the safety of the plant. We also show that even if an attack is successful, the overall state of the physical system will still remain safe. Even if the operating system's administrative privileges have been compromised, our architecture will still be able to protect the physical system from coming to harm.

  5. The Security Plan: Effectively Teaching How To Write One

    E-Print Network [OSTI]

    government requires all federal systems to have a customized security plan. In addition, the National for National Security Systems (CNSS), formerly known as the National Security Telecommunications, Issuance No. 4011, National Training Standard for Information Systems Security (INFOSEC) Professionals

  6. Information SecurityInformation Security--Applications andApplications and

    E-Print Network [OSTI]

    Ahmed, Farid

    Well, what are the manifestations of insecurities?insecurities? Virus/WormsVirus/Worms Denial of serviceIt''s all about the softwares all about the software ""Behind every computer security problem andBehind every computer security problem and malicious attack lies a common enemymalicious attack lies a common

  7. International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 A Secured Service Level Negotiation

    E-Print Network [OSTI]

    Paris-Sud XI, Université de

    9 International Journal of Communication Networks and Information Security (IJCNIS) Vol. 1, No. 2, August 2009 A Secured Service Level Negotiation In Ubiquitous Environments Mohamed Aymen Chalouf1 make the concerned communications vulnerable to security attacks because of the open medium on which

  8. Short collusion-secure ngerprint codes against three pirates Research Center for Information Security (RCIS), National Institute of Advanced Industrial

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST), 1Short collusion-secure #12;ngerprint codes against three pirates Koji Nuida Research Center a new construction of probabilistic collusion-secure #12;ngerprint codes against up to three pirates

  9. Short collusion-secure fingerprint codes against three pirates Research Center for Information Security (RCIS), National Institute of Advanced Industrial

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST), 1Short collusion-secure fingerprint codes against three pirates Koji Nuida Research Center a new construction of probabilistic collusion-secure fingerprint codes against up to three pirates

  10. Roadmap: Computer Science Information Security -Bachelor of Science

    E-Print Network [OSTI]

    Sheridan, Scott

    Roadmap: Computer Science ­ Information Security -Bachelor of Science [AS-BS-CS-INSE] College of Arts and Sciences Department of Computer Science Catalog Year: 2012­2013 Page 1 of 2 | Last Updated: 3 Major GPA Important Notes Semester One: [16 Credit Hours] CS 13001 Computer Science I: Programming

  11. Information Uncertainty to Compare Qualitative Reasoning Security Risk Assessment Results

    SciTech Connect (OSTI)

    Chavez, Gregory M [Los Alamos National Laboratory; Key, Brian P [Los Alamos National Laboratory; Zerkle, David K [Los Alamos National Laboratory; Shevitz, Daniel W [Los Alamos National Laboratory

    2009-01-01

    The security risk associated with malevolent acts such as those of terrorism are often void of the historical data required for a traditional PRA. Most information available to conduct security risk assessments for these malevolent acts is obtained from subject matter experts as subjective judgements. Qualitative reasoning approaches such as approximate reasoning and evidential reasoning are useful for modeling the predicted risk from information provided by subject matter experts. Absent from these approaches is a consistent means to compare the security risk assessment results. Associated with each predicted risk reasoning result is a quantifiable amount of information uncertainty which can be measured and used to compare the results. This paper explores using entropy measures to quantify the information uncertainty associated with conflict and non-specificity in the predicted reasoning results. The measured quantities of conflict and non-specificity can ultimately be used to compare qualitative reasoning results which are important in triage studies and ultimately resource allocation. Straight forward extensions of previous entropy measures are presented here to quantify the non-specificity and conflict associated with security risk assessment results obtained from qualitative reasoning models.

  12. A Petri Net Model for Secure and Fault-Tolerant Cloud-Based Information Storage

    E-Print Network [OSTI]

    Xu, Haiping

    333 A Petri Net Model for Secure and Fault-Tolerant Cloud-Based Information Storage Daniel F. Fitch, however, with data security, reliability, and availability in the cloud. In this paper, we address these concerns by proposing a novel security mechanism for secure and fault-tolerant cloud-based information

  13. Allan Friedman & L. Jean Camp, "Making Security Manifest," Second Workshop on the Economics of Information Security (College Park, MA) May 2003.

    E-Print Network [OSTI]

    Camp, L. Jean

    With the increased concern over national security there has been increased debate over reliability and securityAllan Friedman & L. Jean Camp, "Making Security Manifest," Second Workshop on the Economics of Information Security (College Park, MA) May 2003. Making Security Manifest Security and Autonomy for End Users

  14. Informational Materials | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home Room NewsInformation CurrentHenry Bellamy,ImpactScientificInfluence ofMedia on LightingInformational

  15. The Need for Effective Information Security Awareness

    E-Print Network [OSTI]

    Aloul, Fadi

    hacking methods that can be used to steal money and information from the general public. Furthermore to conduct business in the Middle East and allowed many existing sectors, such as education, health, airline incidents in the Middle East. Local media occasionally report incidents of online fraud, attempts to hack

  16. 'Known Secure Sensor Measurements' for Critical Infrastructure Systems: Detecting Falsification of System State

    SciTech Connect (OSTI)

    Miles McQueen; Annarita Giani

    2011-09-01

    This paper describes a first investigation on a low cost and low false alarm, reliable mechanism for detecting manipulation of critical physical processes and falsification of system state. We call this novel mechanism Known Secure Sensor Measurements (KSSM). The method moves beyond analysis of network traffic and host based state information, in fact it uses physical measurements of the process being controlled to detect falsification of state. KSSM is intended to be incorporated into the design of new, resilient, cost effective critical infrastructure control systems. It can also be included in incremental upgrades of already in- stalled systems for enhanced resilience. KSSM is based on known secure physical measurements for assessing the likelihood of an attack and will demonstrate a practical approach to creating, transmitting, and using the known secure measurements for detection.

  17. Information extraction system

    DOE Patents [OSTI]

    Lemmond, Tracy D; Hanley, William G; Guensche, Joseph Wendell; Perry, Nathan C; Nitao, John J; Kidwell, Paul Brandon; Boakye, Kofi Agyeman; Glaser, Ron E; Prenger, Ryan James

    2014-05-13

    An information extraction system and methods of operating the system are provided. In particular, an information extraction system for performing meta-extraction of named entities of people, organizations, and locations as well as relationships and events from text documents are described herein.

  18. Security of Foreign Intelligence Information and Sensitive Compartmented Information Facilities

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1993-07-23

    The order establishes responsibilities and authorities for protecting Foreign Intelligence Information (FII) and Sensitive Compartmented Information Facilities (SCIFs) within DOE. Supersedes DOE 5639.8.

  19. Proposed platform for improving grid security by trust management system

    E-Print Network [OSTI]

    Siadat, Safieh; Mohsenzadeh, Mehran

    2009-01-01

    With increasing the applications of grid system, the risk in security field is enhancing too. Recently Trust management system has been recognized as a noticeable approach in enhancing of security in grid systems. In this article due to improve the grid security a new trust management system with two levels is proposed. The benefits of this platform are adding new domain in grid system, selecting one service provider which has closest adaption with user requests and using from domains security attribute as an important factor in computing the trust value.

  20. A Hierarchical Security Architecture for Cyber-Physical Systems

    SciTech Connect (OSTI)

    Quanyan Zhu; Tamer Basar

    2011-08-01

    Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

  1. Help for the Developers of Control System Cyber Security Standards

    SciTech Connect (OSTI)

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  2. Quantifying and managing the risk of information security breaches participants in a supply chain

    E-Print Network [OSTI]

    Bellefeuille, Cynthia Lynn

    2005-01-01

    Technical integration between companies can result in an increased risk of information security breaches. This thesis proposes a methodology for quantifying information security risk to a supply chain participant. Given a ...

  3. INFORMATION SECURITY University Policy No: IM7800

    E-Print Network [OSTI]

    Victoria, University of

    to: loss of data or records confidentiality, disruption of data or system integrity, or disruption students of the university; · any person holding a university appointment whether or not that person

  4. Author: Duncan Woodhouse, Assistant Registrar for Information Security, Risk Management and Business Continuity Date Version Author Comments

    E-Print Network [OSTI]

    Davies, Christopher

    Author: Duncan Woodhouse, Assistant Registrar for Information Security, Risk Management Information Security Policy 2004 09/2008 D01 Duncan Woodhouse Adaption and consolidation of best practices Registrar for Information Security, Risk Management and Business Continuity 2 University of Warwick

  5. Stateful UML Design with Security Constraints for Information Assurance The design of software applications using UML embodies

    E-Print Network [OSTI]

    Demurjian, Steven A.

    Stateful UML Design with Security Constraints for Information Assurance Abstract The design design state containing security constraints and insures that information assurance with respect. Keywords: RBAC, MAC, UML, access control, information assurance, secure software design. 1. Introduction

  6. Program Information | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of NaturalDukeWakefield Municipal GasAdministration Medal01 Sandia4) August 20123/%2A en NNSA sitesInformation | National

  7. Contact Information | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of NaturalDukeWakefield Municipal Gas &SCE-SessionsSouthReporteeo | National NuclearaCSGFNuclearCongressmen tourInformation

  8. Site Information | National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home RoomPreservation ofAlbuquerque|Sensitive Species3 Outlook forSimulations YieldRichardInformation

  9. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    SciTech Connect (OSTI)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  10. DOE and Industry Showcase New Control Systems Security Technologies...

    Energy Savers [EERE]

    based on open-source specifications that enables secured interoperability among energy control systems devices. This interoperable capability was also demonstrated in a...

  11. A Summary of Control System Security Standards Activities in...

    Office of Environmental Management (EM)

    security topic. This work focuses on control systems standards applicable to the energy (oil, gas, and electric, but not nuclear) sector. Summary of CS Standards Activities in the...

  12. Plutonium finishing plant safeguards and security systems replacement study

    SciTech Connect (OSTI)

    Klear, P.F.; Humphrys, K.L.

    1994-12-01

    This document provides the preferred alternatives for the replacement of the Safeguards and Security systems located at the Hanford Plutonium Finishing Plant.

  13. Cyber-Physical Systems Security for Smart Grid

    E-Print Network [OSTI]

    Cyber-Physical Systems Security for Smart Grid Future Grid Initiative White Paper Power Systems-Physical Systems Security for Smart Grid Prepared for the Project "The Future Grid to Enable Sustainable Energy Acknowledgements This white paper was developed as one of nine white papers in the project "The Future Grid

  14. Techniques for Securing Substation Automation Systems David Guidry1

    E-Print Network [OSTI]

    Burmester, Mike

    that such systems are properly secured. Most critical infrastructures such as the electricity grid can be modeled be modeled as cyber-physical systems whose cyber components control the underlying physical components so propose techniques for resilient substation automation of power utility systems with security based

  15. A Framework for the Management of Information Security Jussipekka Leiwo, Chandana Gamage and Yuliang Zheng

    E-Print Network [OSTI]

    Zheng, Yuliang

    A Framework for the Management of Information Security Jussipekka Leiwo, Chandana Gamage,chandag,yuliangg@fcit.monash.edu.au Abstract Information security is based on access control models and cryptographic techniques of comprehensive information security within organizations. There is a need to study upper level issues

  16. Information Security and Privacy Laws and Regulations, and UW Subject Matter Experts

    E-Print Network [OSTI]

    Queitsch, Christine

    Information Security and Privacy Laws and Regulations, and UW Subject Matter Experts Page 1 of 16 Document Name: Information Security and Privacy Laws Version #: vF Created By: Ann Nagel, Associate Chief Information Security Officer Date Created: June 2, 2009 Updated By: Melissa Albin-Wurzer, Education

  17. Information Sharing and Security in Dynamic Coalitions Charles E. Phillips, Jr.

    E-Print Network [OSTI]

    Lee, Ruby B.

    Information Sharing and Security in Dynamic Coalitions Charles E. Phillips, Jr. Computer Science in one crisis and adversaries in another, raising difficult security issues with respect to information on the information sharing and security risks when coalitions are formed in response to a crisis. This paper defines

  18. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Seminar Series

    E-Print Network [OSTI]

    NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Seminar Series FISMA AND TECHNOLOGY 5 FISMA Strategic Vision We are building a solid foundation of information security across one of the largest information technology infrastructures in the world based on comprehensive security standards

  19. Federal Information Security Management Act: Fiscal Year 2013 Evaluation (IG-14-004, November 20, 2013)

    E-Print Network [OSTI]

    Waliser, Duane E.

    Federal Information Security Management Act: Fiscal Year 2013 Evaluation (IG-14-004, November 20 year (FY) 2013 reporting requirements for the Federal Information Security Management Act (FISMA is steadily working to improve its overall information technology (IT) security posture. Nevertheless

  20. Master of Science in Information SecurityFlexible, Applied, Master's Degrees.

    E-Print Network [OSTI]

    Snider, Barry B.

    GPS ONLINE Master of Science in Information SecurityFlexible, Applied, Master's Degrees. Join our professionals in both the private and public sectors. The Master of Science in Information Security provides its risks to the security of proprietary information in an organization. Understand the technical

  1. Information Technology Security Training Requirements Appendix A --Learning Continuum A-1

    E-Print Network [OSTI]

    Information Technology Security Training Requirements APPENDIX A Appendix A -- Learning Continuum A-1 #12;Information Technology Security Training Requirements Appendix A -- Learning Continuum A-2 #12;Information Technology Security Training Requirements APPENDIX A -- LEARNING CONTINUUM T R A I N I N G E D U

  2. Dynamic Information Flow Analysis for JavaScript in a Web Browser

    E-Print Network [OSTI]

    Austin, Thomas Howard

    2013-01-01

    languages for information security. PhD thesis, CornellInternational Journal of Information Security, 2009. [36]Workshop on Information and System Security, 2008. [35

  3. Security

    Broader source: Energy.gov [DOE]

    Security refers to the security of the stream of principal and interest repayments and what happens in the event that a secured loan defaults.

  4. 2014 HEADQUARTERS FACILITIES MASTER SECURITY PLAN- CHAPTER 13, CONTROLLED UNCLASSIFIED INFORMATION

    Broader source: Energy.gov [DOE]

    2014 HEADQUARTERS FACILITIES MASTER SECURITY PLAN - CHAPTER 13, CONTROLLED UNCLASSIFIED INFORMATION Describes DOE Headquarters procedures for protecting Controlled Unclassified Information (CUI).

  5. Engineering Design Information System (EDIS)

    SciTech Connect (OSTI)

    Smith, P.S.; Short, R.D.; Schwarz, R.K.

    1990-11-01

    This manual is a guide to the use of the Engineering Design Information System (EDIS) Phase I. The system runs on the Martin Marietta Energy Systems, Inc., IBM 3081 unclassified computer. This is the first phase in the implementation of EDIS, which is an index, storage, and retrieval system for engineering documents produced at various plants and laboratories operated by Energy Systems for the Department of Energy. This manual presents on overview of EDIS, describing the system's purpose; the functions it performs; hardware, software, and security requirements; and help and error functions. This manual describes how to access EDIS and how to operate system functions using Database 2 (DB2), Time Sharing Option (TSO), Interactive System Productivity Facility (ISPF), and Soft Master viewing features employed by this system. Appendix A contains a description of the Soft Master viewing capabilities provided through the EDIS View function. Appendix B provides examples of the system error screens and help screens for valid codes used for screen entry. Appendix C contains a dictionary of data elements and descriptions.

  6. Security Policies for Downgrading Stephen Chong

    E-Print Network [OSTI]

    Myers, Andrew C.

    @cs.cornell.edu ABSTRACT A long-standing problem in information security is how to specify and enforce expressive security that incorporates them, allowing secure downgrading of information through an explicit declassification operation of Com- puting and Information Systems]: Security and Protection General Terms: Security, Languages

  7. 2014-2015 Verification of Social Security Number & Date of Birth A. STUDENT INFORMATION SPIRE ID#: ____________________

    E-Print Network [OSTI]

    Mountziaris, T. J.

    2014-2015 Verification of Social Security Number & Date of Birth A. STUDENT INFORMATION SPIRE ID YYYY My correct Social Security Number is: ________ - _____ - _________ B. SIGNATURE- For corrections to date of birth. · Signed Social Security card or passport- For corrections to social security

  8. Secure control systems with application to cyber-physical systems

    SciTech Connect (OSTI)

    Dong, Jin; Djouadi, Seddik M; Nutaro, James J; Kuruganti, Phani Teja

    2014-01-01

    Control systems are computer-based systems with networked units consisting of sensors, actuators, control processing units, and communication devices. The role of control system is to interact, monitor, and control physical processes. Reactive power control is a fundamental issue in ensuring the security of the power network. It is claimed that Synchronous Condensers (SC) have been used at both distribution and transmission voltage levels to improve stability and to maintain voltages within desired limits under changing load conditions and contingency situations. Performance of PI controller corresponding to various tripping faults are analyzed for SC systems. Most of the eort in protecting these systems has been in protection against random failures or reliability. However, besides failures these systems are subject to various signal attacks for which new analysis are discussed here. When a breach does occur, it is necessary to react in a time commensurate with the physical dynamics of the system as it responds to the attack. Failure to act swiftly enough may result in undesirable, and possibly irreversible, physical eects. Therefore, it is meaningful to evaluate the security of a cyber-physical system, especially to protect it from cyber-attack. Illustrative numerical examples are provided together with an application to the SC systems.

  9. Presentation to the Control Systems Security Outreach Coordination Meeting

    E-Print Network [OSTI]

    23% Oil/Gas 18% Nuclear 17% Chemical 6% Water 6% Manufacturing 2% Transportation/Shipping 2% Natural Gas 1% 0 20 40 60 80 100 120 Low Med High Control Systems Cyber Security Experience Levels #12Presentation to the Control Systems Security Outreach Coordination Meeting Presentation

  10. On Cyber Security for Networked Control Systems Saurabh Amin

    E-Print Network [OSTI]

    random failures and secu- rity attacks. Cyber-security of Supervisory Control and Data Acquisition (SCADA, cyber-security assessment for SCADA systems is performed based on well-defined attacker and defender objectives. The mathematical model of SCADA systems considered in this work has two control levels

  11. Cyber-Security of Networked Control Systems Karl Henrik Johansson

    E-Print Network [OSTI]

    Johansson, Karl Henrik

    7/3/12 1 Cyber-Security of Networked Control Systems Karl Henrik Johansson #12;7/3/12 2 Recent Cyber-ARacks on Control Systems Cyber-Security of Networked to cyber-threats with many poten@al points of aRacks · How

  12. Security and Survivability in Unbounded Networked Systems Axel Krings*

    E-Print Network [OSTI]

    Krings, Axel W.

    security and survivability concerns are often equated with applying certain maintenance operations, e.g., frequent operating system updating, subscription to filtering software like virus checkers and spam filters and intrusion tolerance, and economic or statistical modeling of secure/survivable systems. We are very pleased

  13. Information systems definition architecture

    SciTech Connect (OSTI)

    Calapristi, A.J.

    1996-06-20

    The Tank Waste Remediation System (TWRS) Information Systems Definition architecture evaluated information Management (IM) processes in several key organizations. The intent of the study is to identify improvements in TWRS IM processes that will enable better support to the TWRS mission, and accommodate changes in TWRS business environment. The ultimate goals of the study are to reduce IM costs, Manage the configuration of TWRS IM elements, and improve IM-related process performance.

  14. Published in IET Information Security Received on 10th December 2009

    E-Print Network [OSTI]

    Ansari, Nirwan

    Published in IET Information Security Received on 10th December 2009 Revised on 19th March 2010 doi: 10.1049/iet-ifs.2009.0261 Special Issue on Multi-Agent & Distributed Information Security ISSN 1751-8709 Survey of security services on group communications P. Sakarindr N. Ansari Advanced Networking Laboratory

  15. Dr. Jekyll or Mr. Hyde: Information Security in the Ecosystem of Healthcare

    E-Print Network [OSTI]

    Smith, Sean W.

    Dr. Jekyll or Mr. Hyde: Information Security in the Ecosystem of Healthcare Joseph A. Cooleyand USA {jac,sws}@cs.dartmouth.edu Abstract "Jekyll and Hyde" embodies how information security af- fects today's healthcare ecosystem. When security works, it promotes patient health and a smooth operating

  16. Security Standards for the Global Information Grid Gary Buda, Booz Allen & Hamilton, Linthicum, MD 21090

    E-Print Network [OSTI]

    Lee, Ruby B.

    1 Security Standards for the Global Information Grid Gary Buda, Booz Allen & Hamilton, Linthicum security of the Global Information Grid (GIG). The context for "hardening" this infrastructure also describes the Department of Defense (DoD) activities aimed toward defining security requirements

  17. UMBC Policy # X-1.00.02 Page 1 of 3 UMBC INFORMATION TECHNOLOGY SECURITY POLICY

    E-Print Network [OSTI]

    Suri, Manil

    UMBC Policy # X-1.00.02 Page 1 of 3 UMBC INFORMATION TECHNOLOGY SECURITY POLICY UMBC Policy # X-1.00.02 I. POLICY STATEMENT UMBC's Information Technology (IT) Security Policy is the basis to its IT resources. II. PURPOSE FOR POLICY The purpose of this policy is to establish an IT security

  18. Secure Retrieval of FFTF Testing, Design, and Operating Information

    SciTech Connect (OSTI)

    Butner, R. Scott; Wootan, David W.; Omberg, Ronald P.; Makenas, Bruce J.; Nielsen, Deborah

    2009-10-01

    One of the goals of the Advanced Fuel Cycle Initiative (AFCI) is to preserve the knowledge that has been gained in the United States on Liquid Metal Reactors (LMR). In addition, preserving LMR information and knowledge is part of a larger international collaborative activity conducted under the auspices of the International Atomic Energy Agency (IAEA). A similar program is being conducted for EBR-II at the Idaho Nuclear Laboratory (INL) and international programs are also in progress. Knowledge preservation at the FFTF is focused on the areas of design, construction, startup, and operation of the reactor. As the primary function of the FFTF was testing, the focus is also on preserving information obtained from irradiation testing of fuels and materials. This information will be invaluable when, at a later date, international decisions are made to pursue new LMRs. In the interim, this information may be of potential use for international exchanges with other LMR programs around the world. At least as important in the United States, which is emphasizing large-scale computer simulation and modeling, this information provides the basis for creating benchmarks for validating and testing these large scale computer programs. Although the preservation activity with respect to FFTF information as discussed below is still underway, the team of authors above is currently retrieving and providing experimental and design information to the LMR modeling and simulation efforts for use in validating their computer models. On the Hanford Site, the FFTF reactor plant is one of the facilities intended for decontamination and decommissioning consistent with the cleanup mission on this site. The reactor facility has been deactivated and is being maintained in a cold and dark minimal surveillance and maintenance mode until final decommissioning is pursued. In order to ensure protection of information at risk, the program to date has focused on sequestering and secure retrieval. Accomplishments include secure retrieval of: more than 400 boxes of FFTF information, several hundred microfilm reels including Clinch River Breeder Reactor (CRBR) information, and 40 boxes of information on the Fuels and Materials Examination Facility (FMEF). All information preserved to date is now being stored and categorized consistent with the IAEA international standardized taxonomy. Earlier information largely related to irradiation testing is likewise being categorized. The fuel test results information exists in several different formats depending upon the final stage of the test evaluation. In some cases there is information from both non-destructive and destructive examination while in other cases only non-destructive results are available. Non-destructive information would include disassembly records, dimensional profilometry, gamma spectrometry, and neutron radiography. Information from destructive examinations would include fission gas analysis, metallography, and photomicrographs. Archiving of FFTF data, including both the reactor plant and the fuel test information, is being performed in coordination with other data archiving efforts underway under the aegis of the AFCI program. In addition to the FFTF efforts, archiving of data from the EBR-II reactor is being carried out by INL. All material at risk associated with FFTF documentation has been secured in a timely manner consistent with the stated plan. This documentation is now being categorized consistent with internationally agreed upon IAEA standards. Documents are being converted to electronic format for transfer to a large searchable electronic database being developed by INL. In addition, selected FFTF information is being used to generate test cases for large-scale simulation modeling efforts and for providing Design Data Need (DDN) packages as requested by the AFCI program.

  19. Secure Program Execution Via Dynamic Information Flow Tracking

    E-Print Network [OSTI]

    Suh, G. Edward

    2003-07-21

    We present a simple architectural mechanism called dynamicinformation flow tracking that can significantly improve thesecurity of computing systems with negligible performanceoverhead. Dynamic information flow tracking ...

  20. ACCESS TO INFORMATION RESOURCES AND DATA Authority: Vice Chancellor Information Technology Systems

    E-Print Network [OSTI]

    Adhar, Gur Saran

    standard guidelines for information systems security and integrity, including COBIT standards. They address Technology Systems History: Updated February 15, 2010; Reformatted June 6, 2005; supersedes policy ITS 2 Links: 07.100 and 07.300 Responsible Information Technology Systems Division Office: I. Purpose

  1. Swansea University, Information Services & Systems

    E-Print Network [OSTI]

    Martin, Ralph R.

    Swansea University, Information Services & Systems Information and Digital Literacy Strategy and interpreting information in their subject areas. Our students need the skills to manage an information University need information and digital literacy skills so that they can maximise their opportunities

  2. Smart Information Systems Presents...

    E-Print Network [OSTI]

    Michalek, Jeremy J.

    Smart Information Systems Presents... AWARE TM Developed for Interea Inc by Team Five: · Jeremy the UK. Central to all regions is a collection of databases and query management systems called the Smart log in at the store to access a user profile which they set on the website using their home PC

  3. Model-based Security Risk Analysis for Networked Embedded Systems

    E-Print Network [OSTI]

    . The Security-Enhanced Embedded system Development (SEED) process has proposed a set of tools that a bridge are illustrated in a smart metering infrastructure scenario. 1 Introduction Meeting the security needs. The forthcoming vehicular networks and smart grid infrastructures are examples of such a technological development

  4. Measurable Control System Security through Ideal Driven Technical Metrics

    SciTech Connect (OSTI)

    Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

    2008-01-01

    The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based on the two case studies and evaluation of the seven assessments, the security ideals demonstrated their value in guiding security thinking. Further, the final set of core technical metrics has been demonstrated to be both usable in the control system environment and provide significant coverage of standard security issues.

  5. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect (OSTI)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  6. Training Management Information System

    SciTech Connect (OSTI)

    Rackley, M.P.

    1989-01-01

    The Training Management Information System (TMIS) is an integrated information system for all training related activities. TMIS is at the leading edge of training information systems used in the nuclear industry. The database contains all the necessary records to confirm the department's adherence to accreditation criteria and houses all test questions, student records and information needed to evaluate the training process. The key to the TMIS system is that the impact of any change (i.e., procedure change, new equipment, safety incident in the commercial nuclear industry, etc.) can be tracked throughout the training process. This ensures the best training can be performed that meets the needs of the employees. TMIS is comprised of six functional areas: Job and Task Analysis, Training Materials Design and Development, Exam Management, Student Records/Scheduling, Evaluation, and Commitment Tracking. The system consists of a VAX 6320 Cluster with IBM and MacIntosh computers tied into an ethernet with the VAX. Other peripherals are also tied into the system: Exam Generation Stations to include mark sense readers for test grading, Production PC's for Desk-Top Publishing of Training Material, and PC Image Workstations. 5 figs.

  7. Approved Module Information for CS3190, 2014/5 Module Title/Name: Information Security Module Code: CS3190

    E-Print Network [OSTI]

    Neirotti, Juan Pablo

    -- Operation and limitations of common information safeguards -- Current leading technologies and standards information from unstructured sources at a level sufficient to keep up to date and communicate with computing of information security. Legal, ethical and human aspects of security. Module Delivery Methods of Delivery

  8. Policy Name: Information Security Policy Originating/Responsible Departments: Computing and Communication Services (CCS)

    E-Print Network [OSTI]

    Carleton University

    Policy Name: Information Security Policy Originating/Responsible Departments: Computing: Chief Information Officer (CIO) Corporate Archivist and Assistant Privacy Officer Introduction Records in all formats contain information that is vital to ongoing operations - for insuring accountability

  9. Security Requirements for Classified Automatic Data Processing Systems

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    1985-07-10

    To establish and describe the computer security program for classified automatic data processing (ADP) systems at the Department of Energy (DOE) Headquarters. This directive does not cancel another directive. Canceled by DOE N 251.9.

  10. Homeland Security Challenges Facing Small Water Systems in Texas 

    E-Print Network [OSTI]

    Dozier, Monty; Theodori, Gene L.; Jensen, Ricard

    2007-05-31

    threats that they face. EPA provides assistance to small systems through education work- shops and seminars, reports and guidelines, and tutorials on CD. In 2005 EPA published the Water Security Action Plan, which outlines research needs to help water...

  11. Printed copies of the WSU Spokane Annual Security/Fire Safety Report can be obtained at the Office of Security and Public Safety. Information prepared by the Office of Security and Public

    E-Print Network [OSTI]

    Collins, Gary S.

    of Security and Public Safety. Information prepared by the Office of Security and Public Safety at WSU Spokane and Security Department Information 3 Reporting, Access and Programs 3-5 Policies and Procedures 6Printed copies of the WSU Spokane Annual Security/Fire Safety Report can be obtained at the Office

  12. Triggering Control Methods for Cyber-Physical Systems : : Security & Smart Grid Applications

    E-Print Network [OSTI]

    Foroush, Hamed Shisheh

    2014-01-01

    myths and facts behind cyber security risks for industrialMethods for Cyber-Physical Systems: Security & Smart GridMethods for Cyber-Physical Systems: Security & Smart Grid

  13. 6/17/13 (v1.2) Information Security Exit Process

    E-Print Network [OSTI]

    Kay, Mark A.

    6/17/13 (v1.2) Information Security Exit Process All Stanford related PHI, and other Restricted and Prohibited information (see http://dataclass.stanford.edu for details) must be securely may be held liable in the future. Once the applicable Stanford information has been removed

  14. Federal Information Security Management Act: Fiscal Year 2014 Evaluation (IG-15-004, November 13, 2014)

    E-Print Network [OSTI]

    Waliser, Duane E.

    Federal Information Security Management Act: Fiscal Year 2014 Evaluation (IG-15-004, November 13) identified for this year's Federal Information Security Management Act (FISMA) review; however, the Agency Administrator, provides the Office of Inspector General's (OIG) independent assessment of NASA's information

  15. Information encoder/decoder using chaotic systems

    DOE Patents [OSTI]

    Miller, S.L.; Miller, W.M.; McWhorter, P.J.

    1997-10-21

    The present invention discloses a chaotic system-based information encoder and decoder that operates according to a relationship defining a chaotic system. Encoder input signals modify the dynamics of the chaotic system comprising the encoder. The modifications result in chaotic, encoder output signals that contain the encoder input signals encoded within them. The encoder output signals are then capable of secure transmissions using conventional transmission techniques. A decoder receives the encoder output signals (i.e., decoder input signals) and inverts the dynamics of the encoding system to directly reconstruct the original encoder input signals. 32 figs.

  16. Security engineering for embedded systems the SecFutur vision

    E-Print Network [OSTI]

    Security engineering for embedded systems ­ the SecFutur vision [Vision Paper] Sigrid Gürgens in the development of embedded systems. However, strongly interconnected em- bedded systems play vital roles in many for embedded systems is a discipline that currently attracts more interest. This paper presents the vision

  17. Making Collusion-Secure Codes (More) Robust against Bit Erasure Research Center for Information Security (RCIS), National Institute of Advanced Industrial Science and

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AISTMaking Collusion-Secure Codes (More) Robust against Bit Erasure Koji Nuida Research Center.nuida@aist.go.jp Abstract A collusion-secure code is called robust if it is secure against erasure of a limited number

  18. SMB Information Security Seminar (2013) Exercise 4 Actions taken to maintain awareness of

    E-Print Network [OSTI]

    Magee, Joseph W.

    2013-01-01

    SMB Information Security Seminar (2013) Exercise 4 Actions taken to maintain awareness of threats note of the data security issues covered in these publications. Ask yourself "Is my business vulnerable network with your peers, talk about cyber security issues. Give and get advice, hints, tips, etc. 4. Make

  19. RT-Based Administrative Models for Community Cyber Security Information Sharing

    E-Print Network [OSTI]

    Sandhu, Ravi

    RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman Bijon Institute for Cyber Security World-Leading Research with Real Ravi Sandhu, Khalid Zaman Bijon Institute for Cyber Security University of Texas at San Antonio Oct. 15, 2011 International

  20. RT-Based Administrative Models for Community Cyber Security Information Sharing

    E-Print Network [OSTI]

    Sandhu, Ravi

    RT-Based Administrative Models for Community Cyber Security Information Sharing Ravi Sandhu, Khalid Zaman Bijon, Xin Jin, and Ram Krishnan Institute for Cyber Security & Department of Computer Science Institute for Cyber Security & Department of Electrical and Computer Engineering University of Texas at San

  1. ENERGY-AWARE SECURE MULTICAST COMMUNICATION IN AD-HOC NETWORKS USING GEOGRAPHIC LOCATION INFORMATION

    E-Print Network [OSTI]

    Lazos, Loukas

    ENERGY-AWARE SECURE MULTICAST COMMUNICATION IN AD-HOC NETWORKS USING GEOGRAPHIC LOCATION INFORMATION Loukas Lazos, Radha Poovendran Network Security and Cryptography Laboratory University by NSF grant ANI-0093187 and ARO grant DAAD-190210242 ABSTRACT The problem of securing multicast

  2. DATE: NVLAP LAB CODE: INFORMATION TECHNOLOGY SECURITY TESTING

    E-Print Network [OSTI]

    ­ Software 1 Testing (Security Levels 1 to 3) 17CMS2 = Cryptographic Modules ­ Software 2 Testing (Security of this document. 17/CMS1 Cryptographic Modules ­ Software 1 Testing (Security Levels 1 to 3) 17CMS1/01 All testCMS2 Cryptographic Modules ­ Software 2 Testing (Security Levels 4

  3. Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)

    E-Print Network [OSTI]

    1 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca) Rodrigo to security incidents: are security tools everything you need? Laboratory for Education and Research in Secure;2 Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca)3 A client sending

  4. A Review of the Security of Insulin Pump Infusion Systems

    SciTech Connect (OSTI)

    Klonoff, David C. [Mills-Peninsula Health Services; Paul, Nathanael R [ORNL; Kohno, Tadayoshi [University of Washington, Seattle

    2011-01-01

    Insulin therapy has enabled diabetic patients to maintain blood glucose control to lead healthier lives. Today, rather than manually injecting insulin using syringes, a patient can use a device, such as an insulin pump, to programmatically deliver insulin. This allows for more granular insulin delivery while attaining blood glucose control. The insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this paper we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components including the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but we also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues both for now and in the future.

  5. Management Information Systems (MIS) This sheet has sample occupations, work settings, employers, and career development activities associated with this major. Some of these

    E-Print Network [OSTI]

    Ronquist, Fredrik

    Management Information Systems (MIS) This sheet has sample occupations, work settings, employers Security Specialist Computer Software Engineer Computer Support Specialist Computer and Information Systems/Officer Information Systems Analyst Information Technology Specialist Internet Recruiter Knowledge Manager Logistics

  6. Transmission Pricing of Distributed Multilateral Energy Transactions to Ensure System Security and Guide Economic Dispatch

    E-Print Network [OSTI]

    Ilic, Marija; Hsieh, Eric; Remanan, Prasad

    2004-06-16

    Transmission Pricing of Distributed Multilateral Energy Transactions to Ensure System Security and Guide Economic Dispatch...

  7. Social Security Administration Information Phone:(706)5422900Fax:(706)5830123Web:international.uga.edu Email:issis@uga.edu

    E-Print Network [OSTI]

    Arnold, Jonathan

    Social Security Administration Information Phone:(706)5422900Fax:(706)5830123Web number. For additional information you may visit the Social Security Administration's (SSA) website Security Administration (SSA) Social Security Administration Federal Building 1650 Prince Avenue, Athens

  8. UNIVERSITY OF NEBRASKA-LINCOLN Annual Campus Security

    E-Print Network [OSTI]

    Farritor, Shane

    )......................................................................38 Geographical Information System and security information of the University of Nebraska-Lincoln for the 2011 calendar year. This information......................................................................................................................6 Information on Reporting

  9. MASTER OF SCIENCE Information Systems

    E-Print Network [OSTI]

    Yang, Eui-Hyeok

    MASTER OF SCIENCE Information Systems LEADING INFORMATION INNOVATION www.stevens.edu/howe/IS #12. Organizations are upgrading their information systems (IS) and switching to newer, faster and more mobile and management insight. The Master of Science in Information Systems at Stevens prepares students and current

  10. Power System Probabilistic and Security Analysis on Commodity High Performance Computing Systems

    E-Print Network [OSTI]

    Franchetti, Franz

    Power System Probabilistic and Security Analysis on Commodity High Performance Computing Systems approaches for com- prehensive system analysis. The large-varying grid condi- tion on the aging and stressed power system infrastructures also requires merging of offline security analyses into on- line operation

  11. Investigating alternative concepts of operations for a maritime security system of systems

    E-Print Network [OSTI]

    Mekdeci, Brian Anthony

    For complex systems of systems, such as those required to perform maritime security, system architects have numerous choices they may select from, both in the components and in the way the system operates. Component choices, ...

  12. Collaboration Topics - System Software | National Nuclear Security...

    National Nuclear Security Administration (NNSA)

    focuses on research and development of parallel file system interfaces and tools, system resource management capabilities, operating system evaluation, and software...

  13. Scalable Security for Petascale Parallel File Systems

    E-Print Network [OSTI]

    Leung, Andrew W.; Miller, Ethan L; Jones, Stephanie

    2007-01-01

    high performance storage systems. In Proc. 2nd Workshop onobject disks. In Proc. Mass Storage Systems and TechnologiesProc. Conf. on Mass Storage Systems and Technologies, 2005.

  14. OGC Compatible Geographical Information Systems

    E-Print Network [OSTI]

    OGC Compatible Geographical Information Systems Web Services Indiana University Computer Science and for online services, that has been widely adopted in the Geographical Information System (GIS) community interoperability problems between different WMS systems. #12;2 1 Introduction Geographical Information Systems (GIS

  15. Security Awareness Programs During orientation in September, students are informed of services offered by the University

    E-Print Network [OSTI]

    Escher, Christine

    Security Awareness Programs During orientation in September, students are informed of services. Video and slide presentations outline ways to maintain personal safety and residence hall security. Students are told about crime on campus and in surrounding neighborhoods. Similar information is presented

  16. University of Connecticut / Jason Pufahl, CISSP, CISM 1 INFORMATION SECURITY STRATEGIC

    E-Print Network [OSTI]

    Alpay, S. Pamir

    University of Connecticut / Jason Pufahl, CISSP, CISM 1 1 INFORMATION SECURITY STRATEGIC PLAN, CISSP, CISM 2 2 MISSION STATEMENT The mission of the Information Security Office (ISO) is to design ­ IMPLEMENTATION CYCLE #12;University of Connecticut / Jason Pufahl, CISSP, CISM 3 3 GOVERNANCE In recognition

  17. CONTINUOUS MONITORING OF INFORMATION SECURITY: AN ESSENTIAL COMPONENT OF RISK MANAGEMENT

    E-Print Network [OSTI]

    CONTINUOUS MONITORING OF INFORMATION SECURITY: AN ESSENTIAL COMPONENT OF RISK MANAGEMENT Shirley and environments. The risks associated with these changing situations can be managed through an integrated programs based on the management of risk. Information Security Continuous Monitoring and the Risk

  18. ITL BULLETIN FOR NOVEMBER 2010 THE EXCHANGE OF HEALTH INFORMATION: DESIGNING A SECURITY

    E-Print Network [OSTI]

    ARCHITECTURE TO PROVIDE INFORMATION SECURITY AND PRIVACY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology U.S. Department of Commerce Improved, more effective healthcare is a high priority in the United States today. While the U

  19. Closing the Gap on Securing Energy Sector Control Systems [Guest editors' introduction

    E-Print Network [OSTI]

    Peisert, Sean; Margulies, Jonathan

    2014-01-01

    of course Stuxnet—the state of energy security might not bein the fi eld of energy security today is the application ofENERGY CONTROL SYSTEMS SECURITY GUEST EDITORS’ INTRODUCTION

  20. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01

    Attacks Against Water SCADA Systems . . . . . . . . . .2 d (bottom) [simulated results]. . Gignac SCADA supervisoryGignac canal network and SCADA system . . . . . . . . .

  1. Using Multiple Unmanned Systems for a Site Security Task

    SciTech Connect (OSTI)

    Matthew O. Anderson; Curtis W. Nielsen; Mark D. McKay; Derek C. Wadsworth; Ryan C. Hruska; John A. Koudelka

    2009-04-01

    Unmanned systems are often used to augment the ability of humans to perform challenging tasks. While the value of individual unmanned vehicles have been proven for a variety of tasks, it is less understood how multiple unmanned systems should be used together to accomplish larger missions such as site security. The purpose of this paper is to discuss efforts by researchers at the Idaho National Laboratory (INL) to explore the utility and practicality of operating multiple unmanned systems for a site security mission. This paper reviews the technology developed for a multi-agent mission and summarizes the lessons-learned from a technology demonstration.

  2. GLOSSARY OF INFORMATION SECURITY THREATS Computer any electronic device used for storing, processing and transmitting data according

    E-Print Network [OSTI]

    Sun, Yi

    a computer virus. Can appear to be a legitimate program or system resource. WormGLOSSARY OF INFORMATION SECURITY THREATS Computer · any electronic device used or damage your computer. Pharming ·(aka Vishing) a hacker's attack aiming to redirect

  3. Pressurized security barrier and alarm system

    DOE Patents [OSTI]

    Carver, Don W. (Knoxville, TN)

    1995-01-01

    A security barrier for placement across a passageway is made up of interconnected pressurized tubing made up in a grid pattern with openings too small to allow passage. The tubing is connected to a pressure switch, located away from the barrier site, which activates an alarm upon occurrence of a pressure drop. A reinforcing bar is located inside and along the length of the tubing so as to cause the tubing to rupture and set off the alarm upon an intruder's making an attempt to crimp and seal off a portion of the tubing by application of a hydraulic tool. Radial and rectangular grid patterns are disclosed.

  4. Pressurized security barrier and alarm system

    DOE Patents [OSTI]

    Carver, D.W.

    1995-04-11

    A security barrier for placement across a passageway is made up of interconnected pressurized tubing made up in a grid pattern with openings too small to allow passage. The tubing is connected to a pressure switch, located away from the barrier site, which activates an alarm upon occurrence of a pressure drop. A reinforcing bar is located inside and along the length of the tubing so as to cause the tubing to rupture and set off the alarm upon an intruder`s making an attempt to crimp and seal off a portion of the tubing by application of a hydraulic tool. Radial and rectangular grid patterns are disclosed. 7 figures.

  5. Marine asset security and tracking (MAST) system

    DOE Patents [OSTI]

    Hanson, Gregory Richard (Clinton, TN); Smith, Stephen Fulton (Loudon, TN); Moore, Michael Roy (Corryton, TN); Dobson, Eric Lesley (Charleston, SC); Blair, Jeffrey Scott (Charleston, SC); Duncan, Christopher Allen (Marietta, GA); Lenarduzzi, Roberto (Knoxville, TN)

    2008-07-01

    Methods and apparatus are described for marine asset security and tracking (MAST). A method includes transmitting identification data, location data and environmental state sensor data from a radio frequency tag. An apparatus includes a radio frequency tag that transmits identification data, location data and environmental state sensor data. Another method includes transmitting identification data and location data from a radio frequency tag using hybrid spread-spectrum modulation. Another apparatus includes a radio frequency tag that transmits both identification data and location data using hybrid spread-spectrum modulation.

  6. Senior Systems Engineer | National Nuclear Security Administration

    National Nuclear Security Administration (NNSA)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity of NaturalDukeWakefield Municipal GasAdministration Medal ofNational Nuclear SecuritySecurityriver

  7. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  8. Improving Security in the ATLAS PanDA System

    E-Print Network [OSTI]

    Caballero, J; The ATLAS collaboration; Nilsson, P; Stewart, G; Potekhin, M; Wenaus, T

    2011-01-01

    The security challenges faced by users of the grid are considerably different to those faced in previous environments. The adoption of pilot jobs systems by LHC experiments has mitigated many of the problems associated with the inhomogeneities found on the grid and has greatly improved job reliability; however, pilot jobs systems themselves must then address many security issues, including the execution of multiple users' code under a common `grid' identity. In this paper we describe the improvements and evolution of the security model in the ATLAS PanDA (Production and Distributed Analysis) system. We describe the security in the PanDA server which is in place to ensure that only authorized members of the VO are allowed to submit work into the system and that jobs are properly audited and monitored. We discuss the security in place between the pilot code itself and the PanDA server, ensuring that only properly authenticated workload is delivered to the pilot for execution. When the code to be executed is fro...

  9. PRIVACY IMPACT ASSESSMENT: SPRO Physical Security Major Application

    Energy Savers [EERE]

    Assistant Project Manager, Technical Assurance Deanna Harvey, Program Analyst Allen Rome, Cyber Security Program Manger Chris Shipp, Information System Security Manager (504)...

  10. Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST)

    E-Print Network [OSTI]

    1 Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS, Acting Chief, Computer Security Division, Information Technology Laboratory (ITL), NIST 9 Data Using Encryption Matthew Scholl, Computer Security Division, Information Technology Laboratory

  11. Modeling Computational Security in Long-Lived Systems, Version 2 Ran Canetti1,2

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    Modeling Computational Security in Long-Lived Systems, Version 2 Ran Canetti1,2 , Ling Cheung2 Introduction Computational security in long-lived systems: Security properties of cryptographic protocols computational power. This type of security degrades progressively over the lifetime of a protocol. However, some

  12. Modeling Computational Security in Long-Lived Systems Ran Canetti1,2

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    Modeling Computational Security in Long-Lived Systems Ran Canetti1,2 , Ling Cheung2 , Dilsun Kaynar Introduction Computational security in long-lived systems: Security properties of cryptographic protocols protocols, security relies on the assumption that adversarial entities have lim- ited computational power

  13. A Secure Cloud Backup System with Assured Deletion and Version Control

    E-Print Network [OSTI]

    Lui, John C.S.

    A Secure Cloud Backup System with Assured Deletion and Version Control Arthur Rahumed, Henry C. H at a low cost. However, cloud clients must enforce security guarantees of their outsourced data backups. We present FadeVersion, a secure cloud backup system that serves as a security layer on top of today's cloud

  14. Transmission System Expansion Plans in View Point of Deterministic, Probabilistic and Security Reliability Criteria

    E-Print Network [OSTI]

    Transmission System Expansion Plans in View Point of Deterministic, Probabilistic and Security reliability criterion, probabilistic reliability criterion and security criterion based on N- contingency control system as well as reasonable strength of grid originally. Because investment for power system

  15. Implementing Information Security and Its Technology: A LineManagement...

    Office of Scientific and Technical Information (OSTI)

    Security and PrivacyManagement framework that ranges from legal obligations, to policy, toprocedure, to cutting edge technology to counter the rapidly evolvingcyber threat...

  16. 29.01.03.M1.28 Information Resources Security Surveillance Page 1 of 4 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    29.01.03.M1.28 Information Resources ­ Security Surveillance Page 1 of 4 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.28 Information Resources ­ Security Surveillance Approved April 13, 2010 Revised by the University Police Department #12;29.01.03.M1.28 Information Resources ­ Security Surveillance Page 2 of 4

  17. Annual Report, "Federal Information Security Management Act: Fiscal Year 2011 Evaluation" (IG-12-002, October 17, 2011)

    E-Print Network [OSTI]

    Christian, Eric

    Annual Report, "Federal Information Security Management Act: Fiscal Year 2011 Evaluation" (IG-12's information technology (IT) security posture. For FY 2011, we adopted a risk-based approach in which we required areas of review for FY 2011 Federal Information Security Management Act (FISMA) reporting: · Risk

  18. 29.01.03. M1.18 Information Resources Security Monitoring Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    29.01.03. M1.18 Information Resources ­ Security Monitoring Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.18 Information Resources ­ Security Monitoring Approved July 18, 2005 Revised April 27, etc. Reason for SAP The purpose of the security monitoring policy is to ensure that information

  19. Critical issues in process control system security : DHS spares project.

    SciTech Connect (OSTI)

    Hernandez, Jacquelynne; McIntyre, Annie; Henrie, Morgan

    2010-10-01

    The goals of this event are: (1) Discuss the next-generation issues and emerging risks in cyber security for control systems; (2) Review and discuss common control system architectures; (3) Discuss the role of policy, standards, and supply chain issues; (4) Interact to determine the most pertinent risks and most critical areas of the architecture; and (5) Merge feedback from Control System Managers, Engineers, IT, and Auditors.

  20. SMB Information Security Seminar (2013) Exercise 2 Estimated costs from bad things happening to your

    E-Print Network [OSTI]

    Magee, Joseph W.

    2013-01-01

    SMB Information Security Seminar (2013) Exercise 2 ­ Estimated costs from bad things happening to your important information. First, think about the information used in/by your organization. Second, enter into the table below your top two highest priority information types. Third, enter estimated costs

  1. Tools and Methods for Hardening Communication Security of Energy Delivery Systems

    SciTech Connect (OSTI)

    Gadgil, Shrirang; Lin, Yow-Jian; Ghosh, Abhrajit; Samtani, Sunil; Kang, Jaewon; Siegell, Bruce; Kaul, Vikram; Unger, John; De Bruet, Andre; Martinez, Catherine; Vermeulen, Gerald; Rasche, Galen; Sternfeld, Scott; Berthier, Robin; Bobba, Rakesh; Campbell, Roy; Sanders, Williams; Lin, Yow-Jian

    2014-06-30

    This document summarizes the research and development work the TT Government Solutions (TTGS), d.b.a. Applied Communication Sciences (ACS), team performed for the Department of Energy Cybersecurity for Energy Delivery Systems (CEDS) program. It addresses the challenges in protecting critical grid control and data communication, including the identification of vulnerabilities and deficiencies of communication protocols commonly used in energy delivery systems (e.g., ICCP, DNP3, C37.118, C12.22), as well as the development of effective means to detect and prevent the exploitation of such vulnerabilities and deficiencies. The team consists of • TT Government Solutions (TTGS), a leading provider of communications solutions that has extensive experience in commercializing communications solutions. TTGS also has deep cyber security research and development expertise supporting a variety of customers. • University of Illinois at Urbana-Champaign (UIUC), a leader in the cyber security research for the power grid. UIUC brings unique experience in designing secure communication protocols to this project. • Electric Power Research Institute (EPRI), an independent nonprofit that conducts research and development relating to the generation, delivery and use of electricity for the benefit of the public. EPRI brings to this effort its extensive technical expertise and its utility connections, with members representing more than 90 percent of the electricity generated and delivered in the United States. • DTE Energy, the 10th largest electric utility in the US, which helps ensure that this project focuses on the needs of utilities and is rightly positioned to address the needs of the market place. We designed, developed, and demonstrated a modular and extensible ADEC-G (Agent-based, Distributed, Extensible Cybersecurity for the Grid) system for monitoring/detecting abnormal energy delivery systems (EDS) protocol usage and ensuring security coverage. Our approach consists of i. An online system with stateful model based checkers (SMBCs) that helps utilities monitor EDS protocol communication contexts and flag abnormal session behaviors; ii. An offline framework that security tool developers, operators, and auditors can use to verify security properties (leverages formal methods). The modular design of the ADEC-G online system enables its easy extension to cover added protocol features, to introduce new monitoring capabilities, and to apply to additional communication protocols. Its monitoring capabilities and user interface features also facilitate visibilities into ongoing communication patterns and quick grasps of suspicious communication activities. The offline framework provides a platform not only for rigorous validation of security coverage, but also for systematic refinement of checker design leveraging the counter traces generated by the model checking tool. The ADEC-G online monitoring/detection system and the offline validation framework are both operational and have been demonstrated in various settings. The ADEC-G online system has also been integrated into TTGS SecureSmart Managed Security Services offering and been employed to perform security assessment in a section of a utility’s operational network as well as in other Smart Grid security pilot project offerings. TTGS is also in discussions with several system integrators for incorporating the integrated SecureSmart Managed Security Services offering as the cyber security solution for the nce of Operations Technology (OT) and Information Technology (IT).

  2. Developmental Integrative BiologyCyber Security UNT is recognized by the National Security Agency and the Department of

    E-Print Network [OSTI]

    Tarau, Paul

    security. Information and computer security, trust and information assurance, systems architecture to identify and address a range of changing information sources and security vulnerabilities. UNT brings experts to address next generation challenges. The UNT-based Center for Information and Computer Security

  3. A Review of the Security of Insulin Pump Infusion Systems Nathanael Paul, Ph.D. Tadayoshi Kohno, Ph.D. David C. Klonoff, M.D., FACP

    E-Print Network [OSTI]

    Kohno, Tadayoshi

    A Review of the Security of Insulin Pump Infusion Systems Nathanael Paul, Ph.D. Tadayoshi Kohno, Ph is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we safety and information security. From 2005 to 2009, there were 56,000 adverse events in infusion pump

  4. On Cyber Security for Networked Control Systems

    E-Print Network [OSTI]

    Amin, Saurabh

    2011-01-01

    buildings and smart structures portend immense datavehicles and buildings equipped with smart meters). Thebuilding’s occupants). The operating systems of upcoming infrastructures such as smart

  5. CyberPhysical System Security for the Electric Power Grid

    E-Print Network [OSTI]

    Manimaran, Govindarasu

    INVITED P A P E R Cyber­Physical System Security for the Electric Power Grid Control in power for the power grid as the functional composition of the following: 1) the physical Manuscript received June 29 | The development of a trustworthy smart grid requires a deeper understanding of potential impacts resulting from

  6. Data Integrity Limitations in Highly Secure Systems Cynthia E. Irvine

    E-Print Network [OSTI]

    Irvine, Cynthia E.

    or destruction." [14] A person who has integrity is identified as being one who acts based on a setData Integrity Limitations in Highly Secure Systems Cynthia E. Irvine Department of Computer that is higher in integrity than the integrity level of the COTS components. 1 Introduction Data integrity

  7. Model-based Security Analysis of the German Health Card Architecture

    E-Print Network [OSTI]

    Jurjens, Jan

    information systems, security, German Health Card. 1 #12;1 Introduction The use of health-care information information security that are particularly significant for health-care systems, due both to the inherent these risks and enable secure health-care information systems, the security analysis has to be embedded

  8. Fact Sheet Preliminary Notice of Violation: Classified Information...

    Energy Savers [EERE]

    classified information, permitted introduction of classified information into unapproved information systems and conducted an inadequate security incident inquiry. Additional...

  9. Economic Incentives of Providing Network Security Services Journal of Information Technology Management 1

    E-Print Network [OSTI]

    Chen, Li-Chiou

    Economic Incentives of Providing Network Security Services Journal of Information Technology Management 1 THE ECONOMIC INCENTIVES OF PROVIDING NETWORK SECURITY SERVICES ON THE INTERNET INFRASTRUCTURE Li in the economic incentives inherent in providing the defenses as well as uncertainty in current defenses. We

  10. Cyberspace Security Econometrics System (CSES) - U.S. Copyright TXu 1-901-039

    SciTech Connect (OSTI)

    Abercrombie, Robert K; Schlicher, Bob G; Sheldon, Frederick T; Lantz, Margaret W; Hauser, Katie R

    2014-01-01

    Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. The Cyberspace Security Econometrics System (CSES) provides a measure (i.e., a quantitative indication) of reliability, performance, and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. For a given stakeholder, CSES accounts for the variance that may exist among the stakes one attaches to meeting each requirement. The basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings contained in this copyright.

  11. Guide for Security-Focused Configuration Management of

    E-Print Network [OSTI]

    U R I T Y Computer Security Division Information Technology Laboratory National Institute and privacy of other than national security-related information in federal information systems. The Special information systems, but such standards and guidelines shall not apply to national security systems without

  12. MODELING SECURITY IN CYBER-PHYSICAL SYSTEMS

    E-Print Network [OSTI]

    Burmester, Mike

    network at the Davis-Besse nuclear power plant in Oak Harbor, Ohio, was infected [39]. There have been) sys- tems that monitor power, gas/oil transportation, water and waste-water distribution. Such systems

  13. A Secure Modular Mobile Agent System

    E-Print Network [OSTI]

    Julien, Christine

    and Christine Julien The Center for Excellence in Distributed Global Environments The Department of Electrical the system will not be malicious and that any agents which are mali- cious can be identified and contained

  14. NNSA Policy System | National Nuclear Security Administration

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home Room NewsInformationJessework usesof Energy MovingAdministration Dec 1,About Us / OurPolicy

  15. Security analysis of communication system based on the synchronization of different order chaotic systems

    E-Print Network [OSTI]

    G. Alvarez; L. Hernandez; J. Munoz; F. Montoya; Shujun Li

    2005-06-27

    This work analyzes the security weakness of a recently proposed communication method based on chaotic modulation and masking using synchronization of two chaotic systems with different orders. It is shown that its application to secure communication is unsafe, because it can be broken in two different ways, by high-pass filtering and by reduced order system synchronization, without knowing neither the system parameter values nor the system key.

  16. Security problems with a SC-CNN-based Chaotic Masking Secure Communication System

    E-Print Network [OSTI]

    A. B. Orue; G. Alvarez; F. Montoya; C. Sanchez-Avila

    2007-06-20

    This paper studies the security of a chaotic cryptosystem based on the Chua circuit and implemented with State Controlled Cellular Neural Networks. It is shown that the plaintext can be retrieved by ciphertext band-pass filtering after an imperfect decoding with wrong receiver parameters. It is also shown that the key space of the system can be notably reduced easing a brute force attack. The system parameters were determined with high precision through the analysis of the decoding error produced by the mismatch between receiver and transmitter parameters.

  17. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    SciTech Connect (OSTI)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  18. Restricting information flow in security APIs via typing 

    E-Print Network [OSTI]

    Keighren, Gavin

    2014-06-27

    Security APIs are designed to enable the storage and processing of confidential data without that data becoming known to individuals who are not permitted to obtain it, and are central to the operation of Automated Teller ...

  19. 29.01.03.M1.16 Information Resources-Portable Devices: Information Security Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    29.01.03.M1.16 Information Resources- Portable Devices: Information Security Page 1 of 3 STANDARD ADMINISTRATIVE PROCEDURE 29.01.03.M1.16 Information Resources ­ Portable Devices: Information Security Approved on the responsibilities of information resource owners to adequately protect data residing on portable devices

  20. Project Records Information System (PRIS)

    SciTech Connect (OSTI)

    Smith, P.S.; Schwarz, R.K.

    1990-11-01

    The Project Records Information System (PRIS) is an interactive system developed for the Information Services Division (ISD) of Martin Marietta Energy Systems, Inc., to perform indexing, maintenance, and retrieval of information about Engineering project record documents for which they are responsible. This PRIS User's Manual provides instruction on the use of this system. This manual presents an overview of PRIS, describing the system's purpose; the data that it handles; functions it performs; hardware, software, and access; and help and error functions. This manual describes the interactive menu-driven operation of PRIS. Appendixes A, B, C, and D contain the data dictionary, help screens, report descriptions, and a primary menu structure diagram, respectively.

  1. SYSTEMS BIOLOGY Accurate information transmission

    E-Print Network [OSTI]

    Tsimring, Lev S.

    SYSTEMS BIOLOGY Accurate information transmission through dynamic biochemical signaling networks) and variability in cellular states (extrinsic noise) degrade information transmitted through signaling networks-induced information loss. In the extracellular signal­regulated kinase (ERK), calcium (Ca2+ ), and nuclear factor

  2. Developing Secure Power Systems Professional Competence: Alignment and Gaps in Workforce Development Programs for Phase 2 of the Secure Power Systems Professional project

    SciTech Connect (OSTI)

    O'Neil, Lori Ross; Assante, Michael; Tobey, D. H.; Conway, T. J.; Vanderhorst, Jr, T. J.; Januszewski, III, J.; leo, R.; Perman, K.

    2013-08-26

    This is the final report of Phase 2 of the Secure Power Systems Professional project, a 3 phase project. DOE will post to their website upon release.

  3. Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

    SciTech Connect (OSTI)

    Ondrej Linda; Todd Vollmer; Milos Manic

    2012-08-01

    The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.

  4. Cybersecurity Management in the States: The Emerging Role of Chief Information Security Officers

    E-Print Network [OSTI]

    Goodyear, Marilu; Goerdel, Holly T.; Portillo, Shannon; Williams, Linda M.

    2010-01-01

    -Government and Cyber Security: The Role of Cyber Security Exercises. Proceedings of the 39th Hawaii International Conference on System Sciences. Kauai, Hawaii. January 4–7, 2006. IBM Center for The Business of Government8 CYBERSECURITY MANAGEMENT IN THE STATES...

  5. Integrated risk information system (IRIS)

    SciTech Connect (OSTI)

    Tuxen, L.

    1990-12-31

    The Integrated Risk Information System (IRIS) is an electronic information system developed by the US Environmental Protection Agency (EPA) containing information related to health risk assessment. IRIS is the Agency`s primary vehicle for communication of chronic health hazard information that represents Agency consensus following comprehensive review by intra-Agency work groups. The original purpose for developing IRIS was to provide guidance to EPA personnel in making risk management decisions. This original purpose for developing IRIS was to guidance to EPA personnel in making risk management decisions. This role has expanded and evolved with wider access and use of the system. IRIS contains chemical-specific information in summary format for approximately 500 chemicals. IRIS is available to the general public on the National Library of Medicine`s Toxicology Data Network (TOXNET) and on diskettes through the National Technical Information Service (NTIS).

  6. ITS POLICIES AND GUIDELINES CATEGORY: Information Technology, Security,

    E-Print Network [OSTI]

    Gering, Jon C.

    connection. 3. Dual (split) tunneling is not permitted; only one network connection is allowed. 4. All VPN gateways or concentrators on the Truman network will be installed and managed by ITS. 5. All computers, etc. - IPSec ­ A secure network protocol used for VPN sessions. - VPN Gateway/Concentrator - A device

  7. An Efficient Approach to Support Querying Secure Outsourced XML Information

    E-Print Network [OSTI]

    Ng, Wilfred Siu Hung

    and Technology {yini, wilfred, lauhl, csjames}@cs.ust.hk Abstract. Data security is well-recognized a vital issue encrypted XML. XQEnc is based on two important techniques of vectorization and skele- ton compression. Essentially, vectorization, which is a generalization of columns of a relational table, makes use the basic

  8. Towards improving software security by using simulation to inform requirements and conceptual design

    DOE Public Access Gateway for Energy & Science Beta (PAGES Beta)

    Nutaro, James J.; Allgood, Glenn O.; Kuruganti, Teja

    2015-06-17

    We illustrate the use of modeling and simulation early in the system life-cycle to improve security and reduce costs. The models that we develop for this illustration are inspired by problems in reliability analysis and supervisory control, for which similar models are used to quantify failure probabilities and rates. In the context of security, we propose that models of this general type can be used to understand trades between risk and cost while writing system requirements and during conceptual design, and thereby significantly reduce the need for expensive security corrections after a system enters operation

  9. Multiagent Network Security System using FIPA-OS Taraka D. Peddireddy; University of South Carolina; Columbia; South Carolina

    E-Print Network [OSTI]

    Vidal, Jose M.

    Carolina; Columbia; South Carolina Jose M. Vidal, Assistant Professor, University of South Carolina, Columbia, South Carolina Keywords: Multiagent Network Security, Distributed Systems Security, Distributed1 Multiagent Network Security System using FIPA-OS Taraka D. Peddireddy; University of South

  10. YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems (Extended Version)

    E-Print Network [OSTI]

    YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems (Extended Version links between devices in legacy Supervisory Con- trol And Data Acquisition (SCADA) systems, on which security, and yet incurs minimal end-to-end communication latency. Keywords: SCADA network security, bump

  11. Designed-in Security for Cyber-Physical Systems

    E-Print Network [OSTI]

    Peisert, Sean; Margulies, Jonathan; Nicol, David M; Khurana, Himanshu; Sawall, Chris

    2014-01-01

    ROUNDTABLE Designed-in Security for Cyber-Physical Systemsin security”: one from academia, one from a cyber-physicalcyber inci- dent while sustaining critical func- tions. ” Without designed-in security

  12. Time Scaling of Chaotic Systems: Application to Secure Communications

    E-Print Network [OSTI]

    Donatello Materassi; Michele Basso

    2007-10-25

    The paper deals with time-scaling transformations of dynamical systems. Such scaling functions operate a change of coordinates on the time axis of the system trajectories preserving its phase portrait. Exploiting this property, a chaos encryption technique to transmit a binary signal through an analog channel is proposed. The scheme is based on a suitable time-scaling function which plays the role of a private key. The encoded transmitted signal is proved to resist known decryption attacks offering a secure and reliable communication.

  13. IEEE TRANSACTIONS ON POWER SYSTEMS, VOL. 29, NO. 5, SEPTEMBER 2014 2489 System of Systems Based Security-Constrained Unit

    E-Print Network [OSTI]

    Fu, Yong

    Security-Constrained Unit Commitment Incorporating Active Distribution Grids Amin Kargarian, Student Member--Active distribution grid, decentralized optimiza- tion, security-constrained unit commitment, system of systems of generating units. Number of studied period. Generation cost curve of unit . Commitment state of unit at time

  14. Topic 7 : Smart Grid Privacy and Security 1Networking and Distributed Systems

    E-Print Network [OSTI]

    Mohsenian-Rad, Hamed

    Topic 7 : Smart Grid Privacy and Security 1Networking and Distributed Systems Department Tech UniversityCommunications and Control in Smart Grid 2 · Smart Meter Privacy · Concerns · Possible Solutions · Smart Grid Security · Load Altering Attacks · False Data Injection Attacks · Impact

  15. Multiversion Locking Protocol with Freezing for Secure Real-Time Database Systems

    E-Print Network [OSTI]

    Stankovic, John A.

    Multiversion Locking Protocol with Freezing for Secure Real-Time Database Systems Chanjung Park constraints and security requirements, a new method, called the freezing method, is proposed. In order to show

  16. Design principles and patterns for computer systems that are simultaneously secure and usable

    E-Print Network [OSTI]

    Garfinkel, Simson

    2005-01-01

    It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising ...

  17. Securing against fraud in mobile communications : system design and development in 3G mobile networks

    E-Print Network [OSTI]

    Mochizuki, Yujiro, 1973-

    2006-01-01

    Network security ensures the consistency, integrity, and reliability of telecommunications systems. Authorized network access prevents fraudulent communications and maintains the availability of the systems. However, limited ...

  18. Information Systems Engineering

    Broader source: Energy.gov [DOE]

    The OCIO is dedicated to supporting the development and maintenance of DOE Department wide and site-specific software and IT systems engineering initiatives.  This webpage contains resources,...

  19. Mitigations for Security Vulnerabilities Found in Control System...

    Office of Energy Efficiency and Renewable Energy (EERE) Indexed Site

    Cyber Assessment Methods for SCADA Security Introduction SCADA Security for Managers and Operators Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks...

  20. Scalable, Secure Energy Information Management for Demand-Response Analysis Yogesh Simmhan1,2

    E-Print Network [OSTI]

    Hwang, Kai

    Scalable, Secure Energy Information Management for Demand-Response Analysis Yogesh Simmhan1 and optimize energy usage to meet sustainability goals. Managing the energy information lifecycle ­ from, feedback, and query/response interactions, which are transmitted across a widely distributed infrastructure

  1. Securing Tags to Control Information Flows within the Internet of Things

    E-Print Network [OSTI]

    Cambridge, University of

    Securing Tags to Control Information Flows within the Internet of Things Jatinder Singh, Thomas F.lastname@cl.cam.ac.uk Abstract--To realise the full potential of the Internet of Things (IoT), IoT architectures are moving. INTRODUCTION Information sharing underpins the broad vision of the "Internet of Things" (IoT). Io

  2. 29.01.03.M1.28 Information Resources Security Surveillance Page 1 of 4 STANDARD ADMINISTRATIVE PROCEDURE

    E-Print Network [OSTI]

    by the Associate Vice President for Information Technology & Chief Information Officer to review AVST installations for Information Technology & Chief Information Officer, Networking and Information Security, University P ol i ce is to provide recommendations to the Associate Vice President for Information Technology & Chief Information

  3. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    SciTech Connect (OSTI)

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was selected from the list of standards identified in the identification effort. The requirements in these seven standards were then compared against the requirements given in the Framework. This comparison identified gaps (requirements not covered) in both the individual industry standards and in the Framework. In addition to the sector-specific standards reviewed, the team compared the requirements in the cross-sector Instrumentation, Systems, and Automation Society (ISA) Technical Reports (TR) 99 -1 and -2 to the Framework requirements. The Framework defines a set of security classes separated into families as functional requirements for control system security. Each standard reviewed was compared to this template of requirements to determine if the standard requirements closely or partially matched these Framework requirements. An analysis of each class of requirements pertaining to each standard reviewed can be found in the comparison results section of this report. Refer to Appendix A, ''Synopsis of Comparison Results'', for a complete graphical representation of the study's findings at a glance. Some of the requirements listed in the Framework are covered by many of the standards, while other requirements are addressed by only a few of the standards. In some cases, the scope of the requirements listed in the standard for a particular industry greatly exceeds the requirements given in the Framework. These additional families of requirements, identified by the various standards bodies, could potentially be added to the Framework. These findings are, in part, due to the maturity both of the security standards themselves and of the different industries current focus on security. In addition, there are differences in how communication and control is used in different industries and the consequences of disruptions via security breaches to each particular industry that could affect how security requirements are prioritized. The differences in the requirements listed in the Framework and in the various industry standards are due, in part, to differences in the level and purpose of the standards. While the requir

  4. 29.01.03.M1 Security of Electronic Information Resources Page 1 of 3 UNIVERSITY RULE

    E-Print Network [OSTI]

    29.01.03.M1 Security of Electronic Information Resources Page 1 of 3 UNIVERSITY RULE 29.01.03.M1 Security of Electronic Information Resources Approved May 27, 2002 Revised May 28, 2009 Revised October 15&M) electronic information resources are vital academic and administrative assets which require appropriate

  5. 3. Security and privacy David Keil Information Technology and Society 5/13 David M. Keil, Framingham State University

    E-Print Network [OSTI]

    Keil, David M.

    3. Security and privacy David Keil Information Technology and Society 5/13 David M. Keil, Framingham State University CSCI 135 Information Technology and Society 3. Security and privacy 1. Crime, law protections David Keil Information Technology and Society 5/13 1 Readings: Baase, Chapters 2 and 5 David Keil

  6. Information system revives materials management

    SciTech Connect (OSTI)

    Hansen, T.

    1995-12-01

    Through a change in philosophy and the development of a new, more efficient information management system, Arizona Public Service Co. (APSW) has, in less than two years, reduced material and service costs by 10 percent. The utility plans to cut these costs form 1993 figures by 25 percent before 2000. The utility is breaking new ground with ongoing implementation of new business processes and the new Materials Logistics Information System (MLIS), which has been co-developed with Texas Instruments Software Division (TISD).

  7. Caisson: A Hardware Description Language for Secure Information Flow

    E-Print Network [OSTI]

    Sherwood, Tim

    : Unclassified Secret Top Secret. An important information flow policy based on such lattices is non to higher elements in the lattice (e.g., Secret information can flow to Top Secret, but not vice on information flow. Policies may target confidentiality, so that secret Permission to make digital or hard

  8. | Technical Report NPS-CS-05-004 The Center for Information Systems

    E-Print Network [OSTI]

    | Technical Report NPS-CS-05-004 The Center for Information Systems Security Studies and Research, Cynthia E. Irvine January 2005 #12;#12;| Technical Report h t t p : / / c i s r . n p s . n a v y . m i l about wireless technology including the different wireless standards and security measures required

  9. Intelligent Building Energy Information and Control Systems for Low-Energy

    E-Print Network [OSTI]

    for about 70 percent of electricity use. To address energy security issues and environmental concerns&R International, 2011). To address energy security and environmental concerns there is an urgent needLBNL-5894E Intelligent Building Energy Information and Control Systems for Low-Energy Operations

  10. Challenges of Cyber Security Education at the Graduate Level

    E-Print Network [OSTI]

    Sandhu, Ravi

    1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director World-Leading Research with Real-World Impact! Institute for Cyber Security #12;Cyber technologies and systems have evolved Cyber security goals have evolved Computer security Information security

  11. MyUNLV Student Information System Update Your Biographic Information

    E-Print Network [OSTI]

    Walker, Lawrence R.

    MyUNLV Student Information System Update Your Biographic Information My of biographical information in your MyUNLV Student Center including certain addresses, phone. Step 1. Locate the Personal Information section of your Student Center

  12. Communications of the Association for Information Systems | Number 1Volume 28 Article 22

    E-Print Network [OSTI]

    -1-2011 Information Security Risk Management: In Which Security Solutions Is It Worth Investing? Stefan Fenz Vienna, Thomas (2011) "Information Security Risk Management: In Which Security Solutions Is It Worth Investing://aisel.aisnet.org/cais/vol28/iss1/22 #12;Volume 28 Article 22 Information Security Risk Management: In Which Security Solutions

  13. INFORMATION INVASION IN ENTERPRISE SYSTEMS Modelling, simulating and analysing system-level information propagation

    E-Print Network [OSTI]

    Henderson, Peter

    INFORMATION INVASION IN ENTERPRISE SYSTEMS Modelling, simulating and analysing system@ecs.soton.ac.uk Keywords: Enterprise information systems, Systems-level modelling, System simulation. A significant problem facing these organisations is how their information systems will cope with inconsistency

  14. Harnessing the Cloud for Securely Outsourcing Large-scale Systems of Linear Equations

    E-Print Network [OSTI]

    Wang, Jia

    1 Harnessing the Cloud for Securely Outsourcing Large-scale Systems of Linear Equations Cong Wang and cloud are not necessarily in the same trusted domain brings many security concerns and chal- lenges the quality of the computed results. Thus, we argue that the cloud is intrinsically not secure from

  15. Investigating Database Security in a Networked Environment

    E-Print Network [OSTI]

    Wagner, Paul J.

    Investigating Database Security in a Networked Environment Matthew Giuliani Computer Science wagnerpj@uwec.edu Abstract Database and network security have traditionally been separate fields within flowing between client and database systems. Although vender specific information is available for many

  16. The Technical Specification for the Security Content

    E-Print Network [OSTI]

    Security Agency (NSA); Jeff Ito, Matt Kerr, Shane Shaffer, and Greg Witte of G2, Inc.; Andy Bove of Secure Thompson of Booz Allen Hamilton; Alan Peltzman of the Defense Information Systems Agency (DISA); and Jon

  17. Blue Coat Systems, Inc. Secure Web Gateway Virtual Appliance-V100

    E-Print Network [OSTI]

    Blue Coat Systems, Inc. Secure Web Gateway Virtual Appliance-V100 Software Version: 6.5.2.8 FIPS@corsec.com http://www.bluecoat.com http://www.corsec.com #12;Secure Web Gateway Virtual Appliance-V100 Security Policy, Version 0.5 July 25, 2014 Blue Coat Secure Web Gateway Virtual Appliance-V100 Page 2 of 33 © 2014

  18. Assessing Reliability in Energy Supply Systems

    E-Print Network [OSTI]

    McCarthy, Ryan; Ogden, Joan M.; Sperling, Dan

    2008-01-01

    Physical security Information security Interdepend- enciesagainst threats. Information security: The degree to whichPhysical security Information security Interdependencies

  19. Assessing reliability in energy supply systems

    E-Print Network [OSTI]

    McCarthy, Ryan W.; Ogden, Joan M.; Sperling, Daniel

    2007-01-01

    Physical security Information security Interdepend- enciesagainst threats. Information security: The degree to whichPhysical security Information security Interdependencies

  20. Learning is Change in Knowledge: Knowledge-based Security for Dynamic Policies

    E-Print Network [OSTI]

    Chong, Stephen

    information, the security policy to enforce on information frequently changes: new users join the system, old a language-based model for specifying, reasoning about, and enforcing information security in systems confidential information may provide a different attacker with no new information. A program that is secure

  1. Evolution of toxicology information systems

    SciTech Connect (OSTI)

    Wassom, J.S.; Lu, P.Y.

    1990-12-31

    Society today is faced with new health risk situations that have been brought about by recent scientific and technical advances. Federal and state governments are required to assess the many potential health risks to exposed populations from the products (chemicals) and by-products (pollutants) of these advances. Because a sound analysis of any potential health risk should be based on the use of relevant information, it behooves those individuals responsible for making the risk assessments to know where to obtain needed information. This paper reviews the origins of toxicology information systems and explores the specialized information center concept that was proposed in 1963 as a means of providing ready access to scientific and technical information. As a means of illustrating this concept, the operation of one specialized information center (the Environmental Mutagen Information Center at Oak Ridge National Laboratory) will be discussed. Insights into how toxicological information resources came into being, their design and makeup, will be of value to those seeking to acquire information for risk assessment purposes. 7 refs., 1 fig., 4 tabs.

  2. Secure communication of static information by electronic means

    DOE Patents [OSTI]

    Gritton, Dale G. (Pleasanton, CA)

    1994-01-01

    A method and apparatus (10) for the secure transmission of static data (16) from a tag (11) to a remote reader (12). Each time the static data (16) is to be transmitted to the reader (12), the 10 bits of static data (16) are combined with 54 bits of binary data (21), which constantly change from one transmission to the next, into a 64-bit number (22). This number is then encrypted and transmitted to the remote reader (12) where it is decrypted (26) to produce the same 64 bit number that was encrypted in the tag (11). With a continual change in the value of the 64 bit number (22) in the tag, the encrypted numbers transmitted to the reader (12) will appear to be dynamic in character rather than being static.

  3. Department of Energy Cyber Security Management

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2006-12-04

    The purpose of the DOE Cyber Security Management Program is to protect all DOE cyber information and information systems in order to implement the requirements of applicable laws required to maintain national security and ensure DOE business operations proceed without security events such as interruption or compromise. Cancels DOE O 205.1. Canceled by DOE O 205.1B.

  4. Department of Energy Cyber Security Management Program

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2003-03-21

    The purpose of the Department of Energy (DOE) Cyber Security Management Program (hereafter called the Program) is to protect all DOE cyber information and information systems in order to implement the requirements of applicable laws required to maintain national security and ensure DOE business operations proceed without security events such as interruption or compromise. Cancels DOE N 205.1

  5. Quantum public-key algorithms to encrypt and authenticate quantum messages with information-theoretic security

    E-Print Network [OSTI]

    Min Liang; Li Yang

    2012-05-10

    Public-key cryptosystems for quantum messages are considered from two aspects: public-key encryption and public-key authentication. Firstly, we propose a general construction of quantum public-key encryption scheme, and then construct an information-theoretic secure instance. Then, we propose a quantum public-key authentication scheme, which can protect the integrity of quantum messages. This scheme can both encrypt and authenticate quantum messages. It is information-theoretic secure with regard to encryption, and the success probability of tampering decreases exponentially with the security parameter with regard to authentication. Compared with classical public-key cryptosystems, one private-key in our schemes corresponds to an exponential number of public-keys, and every quantum public-key used by the sender is an unknown quantum state to the sender.

  6. Quantum public-key algorithms to encrypt and authenticate quantum messages with information-theoretic security

    E-Print Network [OSTI]

    Liang, Min

    2012-01-01

    Public-key cryptosystems for quantum messages are considered from two aspects: public-key encryption and public-key authentication. Firstly, we propose a general construction of quantum public-key encryption scheme, and then construct an information-theoretic secure instance. Then, we propose a quantum public-key authentication scheme, which can protect the integrity of quantum messages. This scheme can both encrypt and authenticate quantum messages. It is information-theoretic secure with regard to encryption, and the success probability of tampering decreases exponentially with the security parameter with regard to authentication. Compared with classical public-key cryptosystems, one private-key in our schemes corresponds to an exponential number of public-keys, and every quantum public-key used by the sender is an unknown quantum state to the sender.

  7. Information Access Router for Integrated Information Access System Koji Murakami

    E-Print Network [OSTI]

    Information Access Router for Integrated Information Access System Koji Murakami Department System (IIAS) that accepts diverse kinds of questions and provides the requested information in the most will report on the implementation of one important com- ponent of the system, the Information Ac- cess Router

  8. Information Systems 23(3-4), June 1998. Information Modeling

    E-Print Network [OSTI]

    Mylopoulos, John

    - 1 - Information Systems 23(3-4), June 1998. Information Modeling in the Time of the Revolution1 resource, its modeling is serving as a core technology for information systems engineering. We present), and Requirements Analysis (Software Engineering and Information Systems). We then offer a characterization

  9. Information Theoretic Bounds on Authentication Systems in Query Reihaneh Safavi-Naini Peter Wild

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    Information Theoretic Bounds on Authentication Systems in Query Model Reihaneh Safavi-Naini Peter Wild School of IT and CS Information Security Group University of Wollongong Royal Holloway University Authentication codes provide message integrity guarantees in an information theoretic sense within a symmetric

  10. Information Theoretic Bounds on Authentication Systems in Query Reihaneh SafaviNaini Peter Wild

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    Information Theoretic Bounds on Authentication Systems in Query Model Reihaneh Safavi­Naini Peter Wild School of IT and CS Information Security Group University of Wollongong Royal Holloway University Authentication codes provide message integrity guarantees in an information theoretic sense within a symmetric

  11. 11World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing

    E-Print Network [OSTI]

    Sandhu, Ravi

    11World-Leading Research with Real-World Impact! Group-Centric Secure Information Sharing client © Ravi Sandhu World-Leading Research with Real-World Impact! Goal: Share but protect Policy-Centric Collaboration © Ravi Sandhu World-Leading Research with Real-World Impact! Collaboration Group Individual

  12. A Secure Framework for Monitoring Operating Systems Using SPEs in Cell/B.E. Kenichi Kourai

    E-Print Network [OSTI]

    Kourai, Kenichi

    A Secure Framework for Monitoring Operating Systems Using SPEs in Cell/B.E. Kenichi Kourai Kyushu@ksl.ci.kyutech.ac.jp Abstract--Recently, even operating systems are often com- promised by the attackers. Since a compromised operating system affects all the applications including security software on top of it, the integrity

  13. Verification of Initial-State Opacity in Security Applications of Discrete Event Systems6

    E-Print Network [OSTI]

    Hadjicostis, Christoforos

    Verification of Initial-State Opacity in Security Applications of Discrete Event Systems6 that are modeled as non-deterministic finite automata with partial observation on their transitions. A system and power distribution systems), var- ious notions of security and privacy have received considerable

  14. A Secure Fine-Grained Access Control Mechanism for Networked Storage Systems

    E-Print Network [OSTI]

    Kubiatowicz, John D.

    A Secure Fine-Grained Access Control Mechanism for Networked Storage Systems Hsiao-Ying Lin, John@cs.nctu.edu.tw Abstract--Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confi- dentiality. However, using encryption

  15. Dartmouth College November 2010 http://www.ists.dartmouth.edu/projects/healthit_security/tish/

    E-Print Network [OSTI]

    Smith, "Dr. Jekyll or Mr. Hyde: Information Security in the Ecosystem://www.ists.dartmouth.edu/projects/healthit_security/tish/ Trustworthy Information Systems for Healthcare (TISH) Overview Technology infrastructure and controlling costs. Yet developing, deploying and using information technology

  16. Emergency Public Information | Y-12 National Security Complex

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home Room NewsInformation Current HABFES ScienceInformation Company NamenewEmail ListsLaboratoryEmergency

  17. Finance, IT Operations& InformationSecurity Dear Colleagues,

    E-Print Network [OSTI]

    Chen, Yiling

    section of this newsletter. In this issue, we also want to inform the community about the various audits through which SEAS goes on a regular basis and what to expect if your lab is selected for an audit important guidelines on the distinction between gifts and grants, receiving awards from the European Union

  18. Transcript: NUIT Information Security News Podcast, May 24, 2012

    E-Print Network [OSTI]

    Ottino, Julio M.

    . Anyway what we're talking about with Facebook is a story that I read that came out actually just before by Northwestern University Information Technology. We'll start today's news with the Facebook. And Facebook has people thought, and now there's already a lawsuit--welcome to the to the world Facebook, boy what a bad

  19. COMPUTER INFORMATION SYSTEMS Suggested Schedule

    E-Print Network [OSTI]

    Thaxton, Christopher S.

    Sophomore Year ­ 3rd Semester Senior Year ­ 7th Semester *ACC 2100 (must make a "C-" or better) *ECO 2030COMPUTER INFORMATION SYSTEMS 2011-2012 BSBA Suggested Schedule Freshman Year ­ 1st Semester Junior Year ­ 5th Semester *ENG 1000 (must make a "C" or better) UCO 1200 (First Year Seminar) Gen. Ed

  20. Information Systems Projects Company Description

    E-Print Network [OSTI]

    Dahl, David B.

    from database. Company Description: We have been in business since January, 1970. Family ownedInformation Systems Projects Company Description: We are a successful small business that provides/fixes to our MS Access program. This will allow us to use the program more smoothly, etc. Company Description

  1. Required IT Security Practices and Guidelines

    E-Print Network [OSTI]

    Required IT Security Practices and Guidelines Responsible Administrative Unit: Computing, Communications & Information Technologies Policy Contact: Chief Information Officer Issued: March, 2014 Revised", or "the Institution") information and technology (IT) systems, networks, and data are critical

  2. Modeling Computational Security in LongLived Systems # ## Ran Canetti 1,2 , Ling Cheung 2 , Dilsun Kaynar 3 ,

    E-Print Network [OSTI]

    International Association for Cryptologic Research (IACR)

    Modeling Computational Security in Long­Lived Systems # ## Ran Canetti 1,2 , Ling Cheung 2 , Dilsun Introduction Computational security in long­lived systems: Security properties of cryptographic protocols computational power. This type of security degrades progressively over the lifetime of a protocol. However, some

  3. Cyber Security Incident Management Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. No cancellations.

  4. Cyber Security Incident Management Manual

    Broader source: Directives, Delegations, and Requirements [Office of Management (MA)]

    2009-01-08

    The manual establishes minimum requirements for a structured cyber security incident detection and management process for detecting, identifying, categorizing, containing, reporting, and mitigating cyber security incidents involving DOE information and information systems operated by DOE or by contractors on behalf of the Department. No cancellations. Admin Chg 1 dated 9-1-09.

  5. The Western Pacific Fishery Information Network: A Fisheries Information System

    E-Print Network [OSTI]

    The Western Pacific Fishery Information Network: A Fisheries Information System Introduction. This pa per describes the development and status of this fishery information system. DAVID C. HAMM fishery chang ing with them to obtain and utilize the proper data and information needed to monitor and manage

  6. Database Security: A Historical Perspective

    E-Print Network [OSTI]

    Lesov, Paul

    2010-01-01

    The importance of security in database research has greatly increased over the years as most of critical functionality of the business and military enterprises became digitized. Database is an integral part of any information system and they often hold sensitive data. The security of the data depends on physical security, OS security and DBMS security. Database security can be compromised by obtaining sensitive data, changing data or degrading availability of the database. Over the last 30 years the information technology environment have gone through many changes of evolution and the database research community have tried to stay a step ahead of the upcoming threats to the database security. The database research community has thoughts about these issues long before they were address by the implementations. This paper will examine the different topics pertaining to database security and see the adaption of the research to the changing environment. Some short term database research trends will be ascertained ...

  7. Credit Leona Securities Asia CLSA UK | Open Energy Information

    Open Energy Info (EERE)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Home Page on Google Bookmark EERE: Alternative Fuels Data Center Home Page on QA:QA J-E-1 SECTION J APPENDIX ECoopButtePower VenturesInformation EU-UNDP ClimatePublic Schools WindLeona

  8. Freedom of Information Act - Costs | National Nuclear Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home Room NewsInformation Current HABFES OctoberEvanServicesAmesFour Los AlamosFranklinFred

  9. Freedom of Information Act Related Sites | National Nuclear Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home Room NewsInformation Current HABFES OctoberEvanServicesAmesFour Los

  10. NNSA Awards Information Technology Contract | National Nuclear Security

    Broader source: All U.S. Department of Energy (DOE) Office Webpages (Extended Search)

    AFDC Printable Version Share this resource Send a link to EERE: Alternative Fuels Data Center Home Page to someone by E-mail Share EERE: Alternative Fuels Data Center Home Page on Facebook Tweet about EERE: Alternative Fuels Data Center Home Page on Twitter Bookmark EERE: Alternative Fuels Data Center Homesum_a_epg0_fpd_mmcf_m.xls" ,"Available from WebQuantity ofkandz-cm11 Outreach Home Room NewsInformationJessework usesof Energy Moving Basic NERSCKey StaffNEWTAdministration

  11. The double-padlock problem: is secure classical information transmission possible without key exchange?

    E-Print Network [OSTI]

    Chappell, James M

    2012-01-01

    The idealized Kish-Sethuraman (KS) cipher is known to offer perfect information theoretical security with classical physical means. However, realization of the protocol is hitherto an open problem, as the required mathematical operators have not been identified in the previous literature. A mechanical analogy of this protocol can be seen as sending a message in a box using two padlocks; one locked by the Sender and the other locked by the Receiver, so that theoretically the message remains secure at all times. We seek a mathematical representation of this process, considering that it would be very unusual if there was a physical process with no mathematical description and indeed we find a solution within a three and four dimensional Clifford algebra. The significance of finding a mathematical description that describes the protocol, is that it is a possible step toward a classical physical realization having benefits in increased security with reduced complexity.

  12. The double-padlock problem: is secure classical information transmission possible without key exchange?

    E-Print Network [OSTI]

    James M. Chappell; Derek Abbott

    2012-12-31

    The idealized Kish-Sethuraman (KS) cipher is theoretically known to offer perfect security through a classical information channel. However, realization of the protocol is hitherto an open problem, as the required mathematical operators have not been identified in the previous literature. A mechanical analogy of this protocol can be seen as sending a message in a box using two padlocks; one locked by the Sender and the other locked by the Receiver, so that theoretically the message remains secure at all times. We seek a mathematical representation of this process, considering that it would be very unusual if there was a physical process with no mathematical description and indeed we find a solution within a four dimensional Clifford algebra. The significance of finding a mathematical description that describes the protocol, is that it is a possible step toward a physical realization having benefits in increased security with reduced complexity.

  13. Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems

    E-Print Network [OSTI]

    Wang, Yongge

    Secure Communication and Authentication Against Off-line Dictionary Attacks in Smart Grid Systems This paper studies the security requirements for remote authentication and communication in smart grid to smart grid systems. For example, in order to unlock the credentials stored in tamper

  14. Breaking a secure communication scheme based on the phase synchronization of chaotic systems

    E-Print Network [OSTI]

    G. Alvarez; F. Montoya; G. Pastor; M. Romera

    2003-11-20

    A security analysis of a recently proposed secure communication scheme based on the phase synchronization of chaotic systems is presented. It is shown that the system parameters directly determine the ciphertext waveform, hence it can be readily broken by parameter estimation of the ciphertext signal.

  15. March 23, 1999 Copyright 1999 Baptist Health Systems of SF 1 Security Requirements in

    E-Print Network [OSTI]

    March 23, 1999 Copyright © 1999 Baptist Health Systems of SF 1 Security Requirements in Healthcare;March 23, 1999 Copyright © 1999 Baptist Health Systems of SF 2 Introduction · OMG -- forum for software are standardized · This presentation objective ­ What US healthcare wants from security vendors #12;March 23, 1999

  16. THE UNIVERSITY OF TEXAS AT AUSTIN ELECTRONIC SECURITY SYSTEM DESIGN, CONSTRUCTION AND COMMISSIONING GUIDE

    E-Print Network [OSTI]

    Pillow, Jonathan

    the work. 1.2 PURPOSE A. Establish design criteria, define activities, identify stakeholders and assignTHE UNIVERSITY OF TEXAS AT AUSTIN ELECTRONIC SECURITY SYSTEM DESIGN, CONSTRUCTION AND COMMISSIONING Installation & Repair shop. 1.3 OVERVIEW A. The electronic safety and security systems for UT Austin

  17. This report is a part of the College's efforts to provide you with information on security procedures, services, and resources available on

    E-Print Network [OSTI]

    's efforts to provide you with information on security procedures, services, and resources available on our ............................................................................................................................... 6 CLERY GEOGRAPHY

  18. Placing Innovation: A Geographic Information Systems

    E-Print Network [OSTI]

    Placing Innovation: A Geographic Information Systems (GIS) Approach to Identifying Emergent-4710 #12;Placing Innovation: A Geographic Information Systems (GIS) Approach to Identifying Emergent program include: · Business Reporting System, a unique online survey of ATP project participants

  19. An Environmental Information System for Planners 

    E-Print Network [OSTI]

    Duffy, Timothy Richard

    2011-01-01

    This research proposes an on-line Environmental Information System for Planners (EISP). The Environmental Information System for Planners has been developed in collaboration with five local authorities as a web-based system designed to support...

  20. Gerry McCartney Vice President for Information

    E-Print Network [OSTI]

    Hedrick, Chief Information Security Officer, Interim IT Security and Policy Identity & Access Management Information Security Policy & Compliance Information Security Services Brent Drake Chief Data Officer, OfficeGerry McCartney Vice President for Information Technology and System Chief Information Officer