Global ETD Search

101	Análise do uso de novas tecnologias na troca e armazenamento de informações de saúde e o segredo profissional / Analysis of the use of new technologies in the exchange and storage of health information and in relation to the professional secrecy Carlos Henrique Jacob 26 February 2010 (has links) O caráter privativo das informações de saúde, reconhecido e valorizado desde a antigüidade clássica, hoje é considerado como um dos fatores indispensáveis à manutenção da sociedade, das garantias constitucionais de liberdade e também, em última instância, à própria democracia. Essa importância é demonstrada pela existência do segredo profissional, que, para as profissões da área da saúde (como medicina, odontologia, psicologia, nutrição etc.) de um modo positivo, coloca aos profissionais a necessidade de se guardar segredo a respeito de todas as informações sobre as quais adquire-se conhecimento no exercício de suas profissões. No Brasil, a questão da manutenção do segredo profissional das profissões de saúde adquire um caráter dramático quando se leva em consideração a implementação da Troca de Informações em Saúde Suplementar por parte da Agência Nacional de Saúde Suplementar, autarquia especial que regula o setor de saúde suplementar. Pretendendo facilitar a troca de informações entre prestadores de serviços e operadoras, e também permitir e homogeneizar a obtenção de informação para o estabelecimento de políticas públicas, a Troca de Informações em Saúde Suplementar já é realizada desde 2008, envolvendo todas as informações de saúde de mais de 52 milhões de beneficiários. A utilização de tecnologias de troca de informação e a criação de bancos de dados, associados a um histórico de vazamento de dados sensíveis, criam dúvidas sobre a manutenção do segredo profissional e o caráter privado das informações de saúde. Neste trabalho, foi analisada a legislação estruturante da Troca de Informações em Saúde Suplementar no que diz respeito aos requisitos de segurança para a troca e armazenamento de informação sensível com o intuito de verificar se essa legislação supre, de modo eficaz, a exigência de proteção à manutenção do caráter privativo das informações de saúde que existe nos Códigos de Ética Profissionais e no Código Civil Brasileiro. Apesar das exigências para a segurança das informações ser, hoje, adequada à manutenção do segredo profissional enquanto essas informações são trocadas ou encontram-se armazenadas nas operadoras de planos de saúde, a norma se fia nos requisitos estabelecidos por um órgão privado cujas prioridades, naturalmente, podem, no futuro, não estar vinculadas exclusivamente ao maior bem social. Ademais, não se observa na legislação uma atenção ou recomendações dedicadas ao profissional em consultório isolado e que armazena os dados de seus pacientes em computadores pessoais previamente ao envio via internet. Além disso, em consultas realizadas à ANS em agosto e setembro de 2009 a respeito dos dados transmitidos pelas operadoras à Agência para o cumprimento do disposto nos artigos 20 e 32 da lei 9656/98, não se obteve resposta a respeito de quais dados são repassados pelas operadoras à ANS, nem sobre quais os padrões de segurança a que estes dados estão submetidos, nem, tampouco, sobre quais os indivíduos que têm acesso a estes dados, indicando falta da necessária transparência que é essencial a uma autarquia regulatória de um setor de interesse social. Estes fatos indicam claramente que a manutenção do segredo profissional está em risco nas atuais condições. / Health information is valued and recognized as sensible and private since ancient times. It is also considered one of the most important factors in maintaining and supporting the fabric of society, the constitutional guarantee of liberty and also, democracy itself. Health professionals have the duty to keep all their patients information private. In Brazil, this acquires a dramatic character when one considers the recently implemented Information Exchange in Suplementary Health (TISS) by the Agência Nacional de Saúde Suplementar, governments regulating bureau for the suplementary health sector. Intending to facilitate the information exchange between service providers and health operators, and also to standardize the process of obtaining and providing information for policy makers, the Information Exchange has been in use since 2008 and involves identifiable health information of more than 52 million users. Technologies to allow health information exchange and the creation of data banks associated with sensible information data leaks raise doubts over the ability to keep health information safe from prying eyes. In this study, the structural legislation of the Information Exchange in Suplementary Health was analysed regarding the safety requirements proposed for the health information exchange and storage, to verify if it addresses the demand that exists in professional codes of ethics and also in Brazils Código Civil to protect the privacy of health information. Although - by todays standards - the requirements for information security are deemed adequate for the safekeeping and in addressing the need for privacy and security while the information is exchanged or stored by the health plans operators, theres no dedicated attention to recomendations for the professionals on their small practice offices, who hold their patients information on their personal computers. Also, the law establishes that a private agency is responsible for dictating the requirements that keep the information safe, a measure that is not entirely risk-safe as the interests of the private sector may shift with the market, leaving the social needs/interests behind. Besides these facts, when consulting the Agência Nacional de Saúde Suplementar in august and september 2009 regarding what kind of data is transmitted by the Health Plans operators and what kind of security measures are undertaken to protect this data, no answer was obtained, indicating a lack of transparency that is apalling in a regulatory bureau that serves the society. These facts clearly indicate that the maintenance of professional secrecy and patient privacy is threatened in current conditions. Keywords: computer systems security management, professional secrecy, information accountability, Agência Nacional de Saúde Suplementar (Brazil) Responsabilidade pela informação Segredo profissional Computer systems security management Information accountability Professional secrecy
102	Estudo de variantes da particle swarm optimization aplicadas ao planejamento da expansão de sistemas de transmissão / Study of particle swarm optimization variations applied to transmission system expansion planning Barreto Alferez, Wilmer Edilberto, 1976- 10 November 2013 (has links) Orientadores: Carlos Alberto de Castro Júnior, Santiago Patricio Torres Contreras / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-23T20:25:48Z (GMT). No. of bitstreams: 1 BarretoAlferez_WilmerEdilberto_M.pdf: 1213079 bytes, checksum: be23433dda22950612c8e4039b4ebba4 (MD5) Previous issue date: 2013 / Resumo: O planejamento da expansão da transmissão (PET) consiste em determinar todas as alterações necessárias na infraestrutura do sistema de transmissão, ou seja, ampliações e reforços, a fim de permitir o equilíbrio entre a demanda prevista e o suprimento de energia elétrica, procurando o investimento mínimo ao longo do horizonte de planejamento. O PET é um problema de grande extensão, inteiro misto, não linear, e não convexo. Portanto, mais técnicas de otimização devem ser investigadas para resolvê-lo de forma eficiente. Neste trabalho de pesquisa, o foco do estudo foi a metaheurística de otimização por enxame de partículas (PSO) aplicada ao problema PET estático. Os desempenhos das variantes Global (GPSO) e Local (LPSO) são comparados com quatro novas variantes do PSO baseado no comportamento quântico de otimização por enxame de partículas (QPSO). QPSO considera um comportamento quântico dos movimentos de partículas, de acordo com a mecânica quântica, que, em teoria, levaria a uma melhor convergência global do que o tradicional PSO. Esta pesquisa utiliza o modelo DC das redes de potência, considerando restrições de segurança usando o critério . Os conhecidos sistemas Garver, IEEE de 24 barras, e equivalente sul brasileiro de 46 barras são usados para apresentar os resultados deste trabalho de pesquisa / Abstract: The Transmission Expansion Planning (TEP) consists of determining all the changes needed in the transmission system infrastructure, i.e. additions and reinforcements, in order to allow the balance between the projected demand and the power supply, at minimum investment along the planning horizon. The TEP is a large scale, mixed-integer, non-linear and non-convex problem. Therefore more optimization techniques must be investigated to solve it in an efficient way. In this research work, the focus was on the study of the optimization metaheuristics by particle swarm (PSO) applied to the static version of the TEP problem. The performances of the Global (GPSO) and Local (LPSO) variants are compared against four new PSO variants based on the Quantum-behaved Particle Swarm Optimization (QPSO). QPSO considers a quantum behavior of particles' movements, according to quantum mechanics, which in theory would lead to a better global convergence than traditional PSO. This research uses the DC model for the network and takes into account security constraints using the well-known criterion. The well-known Garver, IEEE 24-bus, and the 46-bus Southern Brazilian equivalent networks will be used to present the results of this research work / Mestrado / Energia Eletrica / Mestre em Engenharia Elétrica Energia elétrica - Transmissão Otimização Power systems - Planning Electric power - Transmission Power systems - Security Otimization
103	In pursuit of a perfect system : Balancing usability and security in computer system development Matras, Omolara January 2015 (has links) Our society is dependent on information and the different technologies and artifacts that gives us access to it. However, the technologies we have come to depend on in different aspects of our lives are imperfect and during the past decade, these imperfections have been the target of identity thieves, cyber criminals and malicious persons within and outside the organization. These malicious persons often target networks of organizations such as hospitals, banks and other financial organizations. Access to these networks are often gained by sidestepping security mechanisms of computer-systems connected to the organization’s network. Often, the goal of computer-systems security mechanisms is to prevent or detect threats; or recover from an eventual attack. However, despite huge investments in IT-security infrastructure and Information security, over 95% of banks, hospitals and government agencies have at least 10 malicious infections bypass existing security mechanisms and enter their network without being detected. This has resulted in the loss of valuable information and substantial sums of money from banks and other organizations across the globe. From early research in this area, it has been discovered that the reason why security mechanisms fail is because it is often used incorrectly or not used at all. Specifically, most users find the security mechanisms on their computers too complicated and they would rather not use it. Therefore, previous research have focused on making computer-systems security usable or simplifying security technology so that they are “less complicated” for all types users, instead of designing computers that are both usable and secure. The problem with this traditional approach is that security is treated as an “add-on” to a finished computer-system design. This study is an attempt to change the traditional approach by adjusting two phases of a computer-system design model to incorporate the collection of usability as well as security requirements. Guided by the exploratory case study research design, I gained new insights into a situation that has shocked security specialists and organizational actors alike. This study resulted in the creation of a methodology for designing usable and secure computer-systems. Although this method is in its rudimentary stage, it was tested using an online questionnaire. Data from the literature study was sorted using a synthesis matrix; and analyzed using qualitative content analysis. Some prominent design and security models and methodologies discussed in this report include User-Centered System Design (UCSD), Appropriate and Effective Guidance for Information Security (AEGIS) and Octave Allegro. / Vårt samhälle är beroende av information och olika tekniker och artefakter som ger oss tillgång till den. Men tekniken vi förlitar oss på i olika aspekter av våra liv är ofullkomliga och under det senaste decenniet, har dessa brister varit föremål för identitetstjuvar, cyberbrottslingar och illvilliga personer inom och utanför organisationen. Dessa illvilliga personer riktar ofta sig till nätverk av organisationer såsom sjukhus, banker och andra finansiella organisationer. Tillgång till dessa nätverk uppnås genom att kringgå säkerhetsmekanismer av datorsystem anslutna till organisationens nätverk. Målet med datorsystemsäkerhet är att förhindra eller upptäcka hot; eller återhämta sig från eventuella attacker. Trots stora investeringar i IT-säkerhet infrastruktur och informationssäkerhet, över 95 % av banker, sjukhus och myndigheter har minst 10 skadliga infektioner kringgå befintliga säkerhetsmekanismer och träda in i sitt nätverk utan att upptäckas. Detta har lett till förlust av värdefulla informationer och stora summor av pengar från banker och andra organisationer över hela världen. Från tidigare forskning inom detta område, har det visat sig att anledningen till att säkerhetsmekanismer misslyckas beror ofta på att den används på ett felaktigt sätt eller används inte alls. I synnerhet menar de flesta användare att säkerhetsmekanismer på sina datorer är alltför komplicerat. Därför har tidigare forskning fokuserat på att göra datorsystemsäkerhet användbar så att den är "mindre komplicerat" för alla typer av användare, i stället för att designa datorer som både är användbara och säkra. Problemet med detta traditionella synsätt är att säkerheten behandlas som ett "tillägg" till en färdig datorsystemdesign. Denna studie är ett försök att ändra det traditionella synsättet genom att justera två faser av en datorsystemdesign modell för att integrera insamlingen av användbarhets- samt säkerhetskrav. Styrd av den explorativ fallstudie forskningsdesignen, fick jag nya insikter i en situation som har gäckat säkerhetsspecialister och organisatoriska aktörer. Denna studie resulterade i skapande av en designmetodik för användbara och säkra datorsystem. Även om denna metod är ännu i sin rudimentära fas, testades den med hjälp av en webbenkät. Data från litteraturstudien sorterades med hjälp av en syntesmatris; och analyserades med kvalitativ innehållsanalys. Några framstående design- och säkerhetsmodeller samt metoder som diskuterades i denna uppsats inkludera Användarcentrerad System Design (UCSD), Ändamålsenligt och Effektivt Vägledning för Informationssäkerhet (AEGIS) och Octave Allegro. Computer-systems security usability information security User-Centered System Design (UCSD) balance synthesis matrix security breach design methodology Carbanak Attack AEGIS Octave Allegro. Information Systems
104	A mobile toolkit and customised location server for the creation of cross-referencing location-based services Ndakunda, Shange-Ishiwa Tangeni January 2013 (has links) Although there are several Software Development kits and Application Programming Interfaces for client-side location-based services development, they mostly involve the creation of self-referencing location-based services. Self-referencing location-based services include services such as geocoding, reverse geocoding, route management and navigation which focus on satisfying the location-based requirements of a single mobile device. There is a lack of open-source Software Development Kits for the development of client-side location-based services that are cross-referencing. Cross-referencing location-based services are designed for the sharing of location information amongst different entities on a given network. This project was undertaken to assemble, through incremental prototyping, a client-side Java Micro Edition location-based services Software Development Kit and a Mobicents location server to aid mobile network operators and developers alike in the quick creation of the transport and privacy protection of cross-referencing location-based applications on Session Initiation Protocol bearer networks. The privacy of the location information is protected using geolocation policies. Developers do not need to have an understanding of Session Initiation Protocol event signaling specifications or of the XML Configuration Access Protocol to use the tools that we put together. The developed tools are later consolidated using two sample applications, the friend-finder and child-tracker services. Developer guidelines are also provided, to aid in using the provided tools. Digital communications Java (Computer program language) User interfaces (Computer systems)
105	An enterprise information security model for a micro finance company: a case study Owen, Morné January 2009 (has links) The world has entered the information age. How the information is used within an organization will determine success or failure of the organisation. This study aims to provide a model, that once implemented, will provide the required protection for the information assets. The model is based on ISO 27002, an international security standard. The primary objective is to build a model that will provide a holistic security system specifically for a South African Micro Finance Company (MFC). The secondary objectives focuses on successful implementation of such a model, the uniqueness of the MFC that should be taken into account, and the maintenance of the model once implemented to ensure ongoing relevance. A questionnaire conducted at the MFC provided insight into the perceived understanding of information security. The questionnaire results were used to ensure the model solution addressed current information security shortcomings within the MFC. This study found that the information security controls in ISO 27002 should be applicable to any industry. The uniqueness for the MFC is not in the security controls, but rather in the regulations and laws applicable to it.
106	A standards-based security model for health information systems Thomson, Steven Michael January 2008 (has links) In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.
107	Posouzení informačního systému firmy a návrh změn / Information System Efectiveness Assessment and Proposal for ICT Modification Smolík, Luboš January 2016 (has links) This thesis focuses on the draft amendments for further business development in the company. Draft amendments based on findings from the analysis of the current state of IS and related processes in the company. The proposed amendments will take place requirements on the company information system and the strategic goals of the company.
108	E‐Shape Analysis Sroufe, Paul 12 1900 (has links) The motivation of this work is to understand E-shape analysis and how it can be applied to various classification tasks. It has a powerful feature to not only look at what information is contained, but rather how that information looks. This new technique gives E-shape analysis the ability to be language independent and to some extent size independent. In this thesis, I present a new mechanism to characterize an email without using content or context called E-shape analysis for email. I explore the applications of the email shape by carrying out a case study; botnet detection and two possible applications: spam filtering and social-context based finger printing. The second part of this thesis takes what I apply E-shape analysis to activity recognition of humans. Using the Android platform and a T-Mobile G1 phone I collect data from the triaxial accelerometer and use it to classify the motion behavior of a subject. Email shape daily activities accelerometer botnet spam Spam filtering (Electronic mail) Human activity recognition.
109	Securing resource constrained platforms with low-cost solutions. Arslan Khan (17592498) 11 December 2023 (has links) <p dir="ltr">This thesis focuses on securing different attack surfaces of embedded systems while meeting the stringent requirements imposed by these systems. Due to the specialized architecture of embedded systems, the security measures should be customized to match the unique requirements of each specific domain. To this end, this thesis identified novel security architectures using techniques such as anomaly detection, program analysis, compartmentalization, etc. This thesis synergizes work at the intersection of programming languages, compilers, computer architecture, operating systems, and embedded systems. </p> System and network security Operating systems embeded system systems security programming language correction compartmentalization concept Operating systems (Computers) firmware security inspection techno...
110	Improving Cryptocurrency Blockchain Security and Availability Adaptive Security and Partitioning Hood, Kendric A. 27 July 2020 (has links) No description available. Computer Science partitionable partition Distributed systems security blockchain Cryptocurrency Protocols Throughput Bitcoin Scalability transaction processing decentralized ledger secure permissionless distributed ledger sharding Byzantine Fault Tolerant

Search results