The Experts below are selected from a list of 279 Experts worldwide ranked by ideXlab platform
Thomas P. Dover - One of the best experts on this subject based on the ideXlab platform.
-
Using NIST Special Publications (SP) 800-171r2 and 800-172 to assess and evaluate the security posture of Information Systems in the Healthcare sector which support Covered Entities and/or their Business Associates.
arXiv: Cryptography and Security, 2020Co-Authors: Thomas P. DoverAbstract:This paper describes how NIST Special Publications (SP) 800-171r2 (Protecting Controlled but Unclassified Information in Nonfederal Systems and Organizations) and 800-172 (Enhanced Security Requirements for Protecting Controlled Unclassified Information) can be used to evaluate the security posture of Information systems and supporting frameworks relative to HIPAA and HITECH. It will demonstrate that the provisions and baseline security requirements outlined in SP.800-171r2 and SP.800-172 for the protection of Controlled but Unclassified Information (CUI) can be applied to Electronic Protected Health Information (ePHI). An explanation of how both publications align with HIPAA and how this alignment suffices for evaluating IT environment security will be given along with the process and procedure for performing such evaluation. Finally, the benefits of using this approach to support formal risk assessment will be described.
-
Using NIST Special Publication (SP) 800-171r2/171B to assess and evaluate the Information Security posture of Technology Service Providers who support Covered Entities and/or their Business Associates in the Healthcare Sector.
arXiv: Cryptography and Security, 2019Co-Authors: Thomas P. DoverAbstract:This paper describes how NIST Special Publication (SP) 800.171r2 (Protecting Controlled but Unclassified Information in Nonfederal Systems and Organizations) and 800.171B (Protecting Controlled but Unclassified Information in Nonfederal Systems and Organizations, and Enhanced Security Requirements for Critical Programs and High Value Assets) can be used to evaluate the security posture of Information systems and supporting frameworks relative to HIPAA and HITECH . It will be demonstrated that the provisions and baseline security requirements outlined in 800.171r2 and 171B for the protection of Controlled but Unclassified Information (CUI) can be applied to Electronic Protected Health Information (ePHI). An explanation of how 800.171r2 and 171B align with HIPAA and how this alignment is sufficient for evaluating the security of an IT environment which supports the healthcare sector will be detailed. The process for performing a security analysis will be described and demonstrated. Finally, the benefits of using such an approach to support other forms of risk assessment will be described.
Genevieve J Knezo - One of the best experts on this subject based on the ideXlab platform.
-
sensitive but Unclassified Information and other controls policy and options for scientific and technical Information
2013Co-Authors: Genevieve J KnezoAbstract:Abstract : Since the September 11, 2001 terrorist attacks, controls increasingly have been placed on some Unclassified research and ST restrictive contract clauses; visa controls; controlled laboratories; and wider legal restrictions on access to some federal biological, transportation, critical infrastructure, geospatial, environmental impact, and nuclear Information. Federal agencies do not have uniform definitions of SBU or consistent policies to safeguard or release it. Following the 2001 terrorist attacks, the Bush Administration issued guidance that reversed the Clinton Administration's "presumption of disclosure" approach to releasing Information under Freedom of Information Act (FOIA) and cautioned agencies to consider withholding SBU Information if there was a "sound legal basis" to do so. Some agencies contend that SBU Information is exempt from disclosure under FOIA, even though such Information per se is not exempt under FOIA. During the 109th Congress, P.L. 109-90 and P.L. 109-295 focused on management, oversight, and appropriate use of the sensitive security Information (SSI) category. Legislative proposals focused on standardizing concepts of "sensitive" Information; modifying penalties for disclosure; and clarifying FOIA. During the 110th Congress, additional topics likely to be controversial include limiting the number of persons who can designate SBU; widening the use of risk-based approaches to control; centralizing review, handling, and appeals; and evaluating the impact of federal policies on nongovernmental professional groups' prepublication review and self-policing of sensitive research.
-
sensitive but Unclassified and other federal security controls on scientific and technical Information history and current controversy
2003Co-Authors: Genevieve J KnezoAbstract:This report (1) summarizes provisions of several laws and regulations, including the Patent Law, the Atomic Energy Act, International Traffic in Arms Control regulations, the USA PATRIOT Act (P.L. 107-56), the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (P.L. 107-188), and the Homeland Security Act (P.L. 107-296), that permit the federal government to restrict disclosure of scientific and technical Information that could harm national security; (2) describes the development of federal controls on “sensitive but Unclassified” (SBU) scientific and technical Information; (3) summarizes current controversies about White House policy on “Sensitive But Unclassified Information,” and “Sensitive Homeland Security Information” (SHSI) issued in March 2002; and (4) identifies controversial issues which might affect the development of Office of Management and Budget (OMB) and agency guidelines for sensitive Unclassified Information, which are expected to be released during 2003.
A.t. Tai - One of the best experts on this subject based on the ideXlab platform.
-
Developing a data driven prognostic system with limited system Information
Eighth IEEE International Symposium on High Assurance Systems Engineering 2004. Proceedings., 2004Co-Authors: L. Pullum, M. Darrah, S.t. Skias, K.s. Tso, A.t. TaiAbstract:The purpose of this research is to determine the feasibility of an automated, self-modifying prognostic system, along with a library of supporting algorithms that could be applied to the Airborne Laser (ABL) (http://www.airbornelaser.com/, 2003). The library will consist of data mining and prognostic algorithms supporting an architecture capable of refining and implementing the algorithms that monitor a critical system without a human-in-the-loop. When the data mined indicates systemic changes, the selfmodifying prognostic system refines the previously developed algorithm. The resulting library architecture will be portable to different platforms and extensible to accommodate advances in data-driven prediction and prognostics techniques. The ABL is part of a highly classified program within the DoD, and as such, detailed system Information and data was not available outside the program. This extended abstract describes the approach we are taking to develop a data-driven prognostic system for the ABL, given the limited distribution of ABL Information. Our approach can be outlined as follows: 1) Gather available Unclassified Information about the system; 2) Identify similar, but Unclassified, systems; 3) Draw parallels, as appropriate, between the two systems; and 4) Develop the solution architecture using the alternative system as a test case.
L. Pullum - One of the best experts on this subject based on the ideXlab platform.
-
Developing a data driven prognostic system with limited system Information
Eighth IEEE International Symposium on High Assurance Systems Engineering 2004. Proceedings., 2004Co-Authors: L. Pullum, M. Darrah, S.t. Skias, K.s. Tso, A.t. TaiAbstract:The purpose of this research is to determine the feasibility of an automated, self-modifying prognostic system, along with a library of supporting algorithms that could be applied to the Airborne Laser (ABL) (http://www.airbornelaser.com/, 2003). The library will consist of data mining and prognostic algorithms supporting an architecture capable of refining and implementing the algorithms that monitor a critical system without a human-in-the-loop. When the data mined indicates systemic changes, the selfmodifying prognostic system refines the previously developed algorithm. The resulting library architecture will be portable to different platforms and extensible to accommodate advances in data-driven prediction and prognostics techniques. The ABL is part of a highly classified program within the DoD, and as such, detailed system Information and data was not available outside the program. This extended abstract describes the approach we are taking to develop a data-driven prognostic system for the ABL, given the limited distribution of ABL Information. Our approach can be outlined as follows: 1) Gather available Unclassified Information about the system; 2) Identify similar, but Unclassified, systems; 3) Draw parallels, as appropriate, between the two systems; and 4) Develop the solution architecture using the alternative system as a test case.
-
HASE - Developing a data driven prognostic system with limited system Information
Eighth IEEE International Symposium on High Assurance Systems Engineering 2004. Proceedings., 2004Co-Authors: L. Pullum, M. Darrah, S.t. SkiasAbstract:The purpose of this research is to determine the feasibility of an automated, self-modifying prognostic system, along with a library of supporting algorithms that could be applied to the Airborne Laser (ABL) (http://www.airbornelaser.com/, 2003). The library will consist of data mining and prognostic algorithms supporting an architecture capable of refining and implementing the algorithms that monitor a critical system without a human-in-the-loop. When the data mined indicates systemic changes, the selfmodifying prognostic system refines the previously developed algorithm. The resulting library architecture will be portable to different platforms and extensible to accommodate advances in data-driven prediction and prognostics techniques. The ABL is part of a highly classified program within the DoD, and as such, detailed system Information and data was not available outside the program. This extended abstract describes the approach we are taking to develop a data-driven prognostic system for the ABL, given the limited distribution of ABL Information. Our approach can be outlined as follows: 1) Gather available Unclassified Information about the system; 2) Identify similar, but Unclassified, systems; 3) Draw parallels, as appropriate, between the two systems; and 4) Develop the solution architecture using the alternative system as a test case.
Qian Yang - One of the best experts on this subject based on the ideXlab platform.
-
Safeguarding Decentralized Wireless Networks Using Full-Duplex Jamming Receivers
IEEE Transactions on Wireless Communications, 2017Co-Authors: Tong-xing Zheng, Hui-ming Wang, Qian YangAbstract:In this paper, we study the benefits of full-duplex (FD) receiver jamming in enhancing the physical-layer security of a two-tier decentralized wireless network with each tier deployed with a large number of pairs of a single-antenna transmitter and a multi-antenna receiver. In the underlying tier, the transmitter sends Unclassified Information and the receiver works in the half-duplex (HD) mode receiving the desired signal. In the overlaid tier, the transmitter delivers confidential Information in the presence of randomly located eavesdroppers, and the receiver works in the FD mode radiating jamming signals to confuse eavesdroppers and receiving the desired signal simultaneously. We provide a comprehensive performance analysis and network design under a stochastic geometry framework. Specifically, we consider the scenarios where each FD receiver uses single- and multi-antenna jamming, and analyze the connection probability and the secrecy outage probability of a typical FD receiver by deriving accurate expressions and more tractable approximations for the two probabilities. We also determine the optimal deployment density of the FD-mode tier to maximize the network-wide secrecy throughput subject to constraints including the given dual probabilities and the network-wide throughput of the HD-mode tier. Numerical results are demonstrated to verify our theoretical findings, and show that the network-wide secrecy throughput is significantly improved by properly deploying the FD-mode tier.
-
GLOBECOM Workshops - Physical Layer Security in Distributed Wireless Networks Using Full-Duplex Receiver Jamming
2016 IEEE Globecom Workshops (GC Wkshps), 2016Co-Authors: Tong-xing Zheng, Qian Yang, Yi Zhang, Hui-ming Wang, Pengcheng MuAbstract:In this paper, we study the benefits of full-duplex (FD) receiver jamming in enhancing physical layer security for a two-tier heterogeneous distributed wireless network, with each tier deployed with multiple pairs of a single-antenna transmitter (Tx) and a multi-antenna receiver (Rx). In the first tier, each Tx sends Unclassified Information and each Rx works in the half-duplex (HD) mode just receiving the desired signal. In the second tier, each Tx deliveries confidential Information and each Rx works in the FD mode simultaneously receiving the desired signal and radiating a jamming signal to confuse randomly located multi-antenna eavesdroppers. We analyze the connection probability and the secrecy outage probability for a typical FD Rx, and then determine the optimal density of the FD tier that maximizes network-wide secrecy throughput while satisfying a minimum required network-wide throughput for the HD tier. Numerical results are demonstrated to verify our theoretical findings and show that network-wide secrecy throughput is significantly improved by properly deploying the FD tier.
-
Physical Layer Security in Distributed Wireless Networks Using Full-Duplex Receiver Jamming
2016 IEEE Globecom Workshops (GC Wkshps), 2016Co-Authors: Tong-xing Zheng, Qian Yang, Yi Zhang, Hui-ming Wang, Pengcheng MuAbstract:In this paper, we study the benefits of full-duplex (FD) receiver jamming in enhancing physical layer security for a two-tier heterogeneous distributed wireless network, with each tier deployed with multiple pairs of a single-antenna transmitter (Tx) and a multi-antenna receiver (Rx). In the first tier, each Tx sends Unclassified Information and each Rx works in the half-duplex (HD) mode just receiving the desired signal. In the second tier, each Tx deliveries confidential Information and each Rx works in the FD mode simultaneously receiving the desired signal and radiating a jamming signal to confuse randomly located multi-antenna eavesdroppers. We analyze the connection probability and the secrecy outage probability for a typical FD Rx, and then determine the optimal density of the FD tier that maximizes network-wide secrecy throughput while satisfying a minimum required network-wide throughput for the HD tier. Numerical results are demonstrated to verify our theoretical findings and show that network-wide secrecy throughput is significantly improved by properly deploying the FD tier.
