Assessing Challenges Facing Implementation of Information Security Critical Success Factors: A Case of National Examination Council, Tanzania

Aim of this study was to assess challenges facing implementation of information security critical success factors. The study employed quantitative research approach and survey research design where case study design was used. A sample of 79 respondents derived from the population sample of 372 were used by using Slovin’s formula sampling technique, 86% of respondents questionnaire filled effectively were used. Descriptive data analysis was used to analyze variables based on research questions while, statistical tables and figures were used in data presentation. Results of this study indicate that, there are challenges in implementation of information security critical success factors such as security training program, security policy, risk assessment, regular system update, system auditing and committed of top management. The study found reasons for challenges of implementation from respondent views as availability of limited resources, weak financial support from top management, lack of understanding of needed technology from information technology professionals; poor security awareness program for top management who may think that information security is the issue of information technology department only and not the whole organization. It is therefore concluded that organization should identify their specific information security critical success factors to enhance useful of organization limited resource, without investing in generalization and give solutions based on risk priority, in order to make organization secure also utilization of information security critical success factors holds significant importance in ensuring security of an organization's data. It is crucial to address and eliminate any challenges that are within the scope of affordability or manageability

Safeguarding health data with enhanced accountability and patient awareness

Several factors are driving the transition from paper-based health records to electronic health record systems. In the United States, the adoption rate of electronic health record systems significantly increased after "Meaningful Use" incentive program was started in 2009. While increased use of electronic health record systems could improve the efficiency and quality of healthcare services, it can also lead to a number of security and privacy issues, such as identity theft and healthcare fraud. Such incidents could have negative impact on trustworthiness of electronic health record technology itself and thereby could limit its benefits. In this dissertation, we tackle three challenges that we believe are important to improve the security and privacy in electronic health record systems. Our approach is based on an analysis of real-world incidents, namely theft and misuse of patient identity, unauthorized usage and update of electronic health records, and threats from insiders in healthcare organizations. Our contributions include design and development of a user-centric monitoring agent system that works on behalf of a patient (i.e., an end user) and securely monitors usage of the patient's identity credentials as well as access to her electronic health records. Such a monitoring agent can enhance patient's awareness and control and improve accountability for health records even in a distributed, multi-domain environment, which is typical in an e-healthcare setting. This will reduce the risk and loss caused by misuse of stolen data. In addition to the solution from a patient's perspective, we also propose a secure system architecture that can be used in healthcare organizations to enable robust auditing and management over client devices. This helps us further enhance patients' confidence in secure use of their health data.PhDCommittee Chair: Mustaque Ahamad; Committee Member: Douglas M. Blough; Committee Member: Ling Liu; Committee Member: Mark Braunstein; Committee Member: Wenke Le

Effects of Emotional Intelligence Training on Incarcerated Adult Males Involved in Pre-Release Programming

This dissertation summarizes a study conducted to explore the effectiveness of emotional intelligence (EI) training for adult male inmates. Acts of crime and violence cause psychological repercussions to crime victims and financial burdens on our society. Historically, those involved in the criminal justice system have strived to gather knowledge about criminal behavior in order to guide interventions. Furthermore, research on potential interventions has been encouraged in order to support evidence-based rehabilitative efforts that may ultimately impact recidivism. Emotional intelligence is a relatively new construct that may be related to social functioning. The purpose of this study was to investigate the effect of completing EI training on emotional intelligence scores for adult male inmates participating in a pre-release vocational training program in two medium security Mid-Atlantic state correctional facilities. This research examined Total EQ Scale scores and five Composite Scale scores (Intrapersonal, Interpersonal, Stress Management, Adaptability, and General Mood) as measured by a pretest and posttest on the Bar-On EQ-i. The treatment group received a standardized EI training program, The Emotionally Secure Community Adaptation Program (ESCAPe) in conjunction with a pre-release vocational training program and those in the control group received the pre-release vocational training program only. Subjects included 65 adult male inmates, ages 21-53, divided into a treatment group (N=31) and control group (N=34). A 2x2 mixed model analysis of variance (ANOVA) was used to test the hypotheses in this research. Although means increased from pretest to posttest, significant differences were found only for the main effect of Group on the Intrapersonal Scale and the main effect of Time on the Total EQ, Intrapersonal, Adaptability, and General Mood Scales. No interaction effects were found to be significant. Results may be impacted by the type of sample, choice of testing instrument, and design of the EI training program. Recommendations for future research and program implementation are included

Assignment of exclusive spectrum licenses in Japan : use of an auction for the licensee selection process

Thesis (S.M.)--Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program, 2006.Includes bibliographical references (p. 154-159).The demand for spectrum resources has increased in the past decade due to the flourishing wireless industry worldwide. This change requires Japan's Ministry of Internal Affairs and Communications (MIC) to establish a transparent, fair and efficient spectrum allocation process that will enable it to select an optimal set of licensees to realize efficient spectrum use. This thesis proposes an auction system that assigns exclusive spectrum licenses to firms competing in the Japanese wireless industry. MIC currently uses a comparative examination system, which unfortunately lacks certain features the Ministry is required to address. An auction system is an alternative, already employed by many countries to allocate spectrum resources optimally, to secure a transparent and fair decision-making process, and to raise revenue for national coffers. The Diet's approval of legislation authorizing MIC to use auctions is one obstacle because it requires much time and effort to persuade political parties, incumbents, and newcomers of the value of the auction system over the current system. Another challenge to the effectiveness of the auction system is its design, which must be built-to-order based on the goals of each government and specific market conditions.(cont.) This research covers four areas: (1) The development and transition of the Japanese mobile industry; (2) Analysis of stakeholders' attitudes toward the introduction of the auction system; (3) A proposed strategy for developing an auction design based on an analysis of English, Germany and Clock Auction Design; (4) The design of an auction system for Japan's specific cases.by Hironori Matsunaga.S.M

Security Analysis of Parlay/OSA Framework

This paper analyzes the security of the Trust and Security Management (TSM) protocol, an authentication protocol which is part of the Parlay/OSA Application Program Interfaces (APIs). Architectures based on Parlay/OSA APIs allow third party service providers to develop new services that can access, in a controlled and secure way, to those network capabilities offered by the network operator. Role of the TSM protocol, run by network gateways, is to authenticate the client applications trying to access and use the network capabilities features offered. For this reason potential security flaws in its authentication strategy can bring to unauthorized use of network with evident damages to the operator and to the quality of the services. This paper shows how a rigorous formal analysis of TSM underlines serious weaknesses in the model describing its authentication procedure. This usually means that also the original system (i.e., the TSM protocol itself) hides the same flaws. The paper relates about the design activity of the formal model, the tool-aided verification performed and the security flaws discovered. This will allow us to discuss about how the security of the TSM protocol can be generally improve

Analysis and Improvements in Trojan Designing

While there are numerous Trojans out there in the internet, all of them are easily detected by antiviruses or blocked by firewalls. Apart from that, they are also easily detected and removed by any user with a good knowledge in Operating System and Security. This project’s objective is, therefore, to identify and remove the design flaws, add some improvements and features to make it undetectable. Antiviruses identify a threat mostly based on two factors. Either signature matching or heuristic analysis based of certain suspicious behaviors and patterns. This project here doesn’t consider the Blacklisting feature of an Anti-Virus. Now to avoid detection based on the other two factors, the main objective is to make the Trojan look like a normal legal program. To achieve this, the best way is to use the legal and secure facilities provided by Windows itself. This way, the Trojan will install and work similar to any other software; however, everything will be done stealthily. Apart from the traditional objective of giving backdoor access to victim’s computer, this Trojan here includes another objective of Bypassing firewalls and protecting itself for functioning properly as well. There is a tradeoff too and that needs to be mentioned before we proceed further. This tradeoff is between size and detection. The technique that is applied here to make this Trojan perfect will certainly increase its size. While traditional Trojans are less than 50KB in size, the proposed Trojan will be more than 400KB. Still, it isn’t a great problem as long as it is able to stay hidden

Identifying Native Applications with High Assurance

The work described in this paper investigates the problem of identifying and deterring stealthy malicious processes on a host. We point out the lack of strong application iden- tication in main stream operating systems. We solve the application identication problem by proposing a novel iden- tication model in which user-level applications are required to present identication proofs at run time to be authenti- cated by the kernel using an embedded secret key. The se- cret key of an application is registered with a trusted kernel using a key registrar and is used to uniquely authenticate and authorize the application. We present a protocol for secure authentication of applications. Additionally, we de- velop a system call monitoring architecture that uses our model to verify the identity of applications when making critical system calls. Our system call monitoring can be integrated with existing policy specication frameworks to enforce application-level access rights. We implement and evaluate a prototype of our monitoring architecture in Linux as device drivers with nearly no modication of the ker- nel. The results from our extensive performance evaluation shows that our prototype incurs low overhead, indicating the feasibility of our model

Numerical Propulsion System Simulation

The NASA Glenn Research Center, in partnership with the aerospace industry, other government agencies, and academia, is leading the effort to develop an advanced multidisciplinary analysis environment for aerospace propulsion systems called the Numerical Propulsion System Simulation (NPSS). NPSS is a framework for performing analysis of complex systems. The initial development of NPSS focused on the analysis and design of airbreathing aircraft engines, but the resulting NPSS framework may be applied to any system, for example: aerospace, rockets, hypersonics, power and propulsion, fuel cells, ground based power, and even human system modeling. NPSS provides increased flexibility for the user, which reduces the total development time and cost. It is currently being extended to support the NASA Aeronautics Research Mission Directorate Fundamental Aeronautics Program and the Advanced Virtual Engine Test Cell (AVETeC). NPSS focuses on the integration of multiple disciplines such as aerodynamics, structure, and heat transfer with numerical zooming on component codes. Zooming is the coupling of analyses at various levels of detail. NPSS development includes capabilities to facilitate collaborative engineering. The NPSS will provide improved tools to develop custom components and to use capability for zooming to higher fidelity codes, coupling to multidiscipline codes, transmitting secure data, and distributing simulations across different platforms. These powerful capabilities extend NPSS from a zero-dimensional simulation tool to a multi-fidelity, multidiscipline system-level simulation tool for the full development life cycle