Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.

Abstract: An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range.

Abstract: A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.

Abstract: Apparatus and methods, readily adapted to interface with a standard data transmission network having an unsecure transmission channel, e.g., "Ethernet," for the provision of secure transmission of data over the network channel in a manner which is essentially transparent to the standard network devices and users, thereof, are provided. Various encryption keys are generated and utilized within the system to disguise or encrypt information transferrred between network nodes. The encryption keys are made known only to those network devices which are permitted to handle information encrypted with the encryption keys.

Abstract: Apparatus and methods, readily adapted to interface with a standard data transmission network having an unsecure transmission channel, e.g., "Ethernet," for the provision of secure transmission of data over the network channel in a manner which is essentially transparent to the standard network devices and users thereof, are provided. Various encryption keys are generated and utilized within the system to disguise or encrypt information transferred between network nodes. The encryption keys are made known only to those network devices which are permitted to handle information encrypted with the encryption keys.