Enhancing security and continuity management at international airports

Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.

The exemplification of governance principles within state asset management laws and policies : the case of Indonesia

Efficient state asset management is crucial for governments as they facilitate the fulfillment of their public functions, which include the provision of essential services and other public administration support. In recent times economies internationally and particularly in South east Asia, have displayed increased recognition of the importance of efficiencies across state asset management law, policies and practice. This has been exemplified by a surge in notable instances of reform in state asset management. A prominent theme in this phenomenon is the consideration of governance principles within the re-conceptualization of state asset management law and related policy, with many countries recognizing variability in the quality of asset governance and opportunities for profit as being critical factors. This issue is very current in Indonesia where a major reform process in this area has been confirmed by the establishment of a new Directorate of State Asset Management. The incumbent Director-General of State Asset Management has confirmed a re-emphasis on adherence to governance principles within applicable state asset management law and policy reform. This paper reviews aspects of the challenge of reviewing and reforming Indonesian practice within state asset management law and policy specifically related to public housing, public buildings, parklands, and vacant land. A critical issue in beginning this review is how Indonesia currently conceptualizes the notion of asset governance and how this meaning is embodied in recent changes in law and policy and importantly in options for future change. This paper discusses the potential complexities uniquely Indonesian characteristics such as decentralisation and regional autonomy regime, political history, and bureaucratic culture

Corporate governance in China

So far as Asia is concerned, corporate governance is an import. The concept itself was virtually unknown in China ¬a decade ago. Yet corporate governance has now been enthusiastically embraced in China, to the point that the year 2005 was declared the Year of Corporate Governance and extensive amendments have been made to several laws and regulations with an emphasis on corporate governance. This essay will consider the effectiveness of China’s corporate governance law on paper and in practice with the OECD’s Principles of Corporate Governance acting as a general guide.

Contexts, hybrids and network governance : a comparison of three case-studies in infrastructure governance

While hybrid governance arrangements have been a major element of organisational architecture for some time, the contemporary operating environment has brought to the fore new conditions and expectations for the governance of entities that span conventional public sector departments, private firms and community organisations or groups. These conditions have resulted in a broader array of mixed governance configurations including Public Private Partnerships, alliances, and formal and informal collaborations. In some such arrangements, market based or ‘complete’ contractual relationships have been introduced to replace or supplement existing traditional ‘hierarchical’ and/or newer relational ‘network-oriented’ institutional associations. While there has been a greater reliance on collaborative or relational contracts as an underpinning institutional model, other modes of hierarchy and market may remain in operation. The success of these emergent hybrid forms has been mixed. There are examples of hybrids that have been well adopted, achieving the desired goals of efficiency, effectiveness and financial accountability; while others have experienced implementation problems which have undermined their results. This paper postulates that the cultural and institutional context within which hybrids operate may contribute to the implementation processes employed and the level of success attained. The paper explores hybrid arrangements through three cases of the use of inter-organisational arrangements in three different national contexts. Distilling the various elements of hybrids and the impact of institutional context will provide important insights for those charged with the responsibility for the formation and key infrastructure and public value development.

Fitting airport privatisation to purpose : aligning governance, time and management focus

Where airports were once the sole responsibility of their governments, liberalisation of economies has seen administrative interests in airport spaces divested increasingly towards market led authority. Extant literature suggests that actions in decision spaces can be described under broad idealised forms of governance. However in looking at a sample of 18 different airports it is apparent that these classic models are insufficient to appreciate the contextual complexity of each case. Issues of institutional arrangements, privatisation, and management focus are reviewed against existing governance modes to produce a model for informing privatisation decisions, based on the contextual needs of the individual airport and region. Expanding governance modes to include emergent airport arrangements both contribute to the existing literature, and provides a framework to assist policy makers and those charged with the operation of airports to design effective governance models. In progressing this framework, contributions are made to government decision makers for the development of new, or review of existing strategies for privatisation, while the private sector can identify the intent and expectations of privatisation initiatives to make better informed decisions.

The Canadian ‘Model Forest’ approach : a way forward for Tasmania?

Forest policy and forestry management in Tasmania have undergone a number of changes in the last thirty years, many explicitly aimed at improving industry sustainability, job security, and forest biodiversity conservation. Yet forestry remains a contentious issue in Tasmania, due to a number of interacting factors, most significant of which is the prevalence of a ‘command and control’ governance approach by policymakers and managers. New approaches such as multiple-stakeholder decision-making, adaptive management, and direct public participation in policymaking are needed. Such an approach has been attempted in Canada in the last decade, through the Canadian Model Forest Program, and may be suitable for Tasmania. This paper seeks to describe what the Canadian Model Forest approach is, how it may be implemented in Tasmania, and what role it may play in the shift to a new forestry paradigm. Until such a paradigm shift occurs contentions and confrontations are likely to continue.

A hierarchical security assessment model for object-oriented programs

We present a hierarchical model for assessing an object-oriented program's security. Security is quantified using structural properties of the program code to identify the ways in which `classified' data values may be transferred between objects. The model begins with a set of low-level security metrics based on traditional design characteristics of object-oriented classes, such as data encapsulation, cohesion and coupling. These metrics are then used to characterise higher-level properties concerning the overall readability and writability of classified data throughout the program. In turn, these metrics are then mapped to well-known security design principles such as `assigning the least privilege' and `reducing the size of the attack surface'. Finally, the entire program's security is summarised as a single security index value. These metrics allow different versions of the same program, or different programs intended to perform the same task, to be compared for their relative security at a number of different abstraction levels. The model is validated via an experiment involving five open source Java programs, using a static analysis tool we have developed to automatically extract the security metrics from compiled Java bytecode.

Information security management : a case study of an information security culture

This thesis argues that in order to establish a sound information security culture it is necessary to look at organisation's information security systems in a socio- technical context. The motivation for this research stems from the continuing concern of ineffective information security in organisations, leading to potentially significant monetary losses. It is important to address both technical and non- technical aspects when dealing with information security management. Culture has been identified as an underlying determinant of individuals' behaviour and this extends to information security culture, particularly in developing countries. This research investigates information security culture in the Saudi Arabia context. The theoretical foundation for the study is based on organisational and national culture theories. A conceptual framework for this study was constructed based on Peterson and Smith's (1997) model of national culture. This framework guides the study of national, organisational and technological values and their relationships to the development of information security culture. Further, the study seeks to better understand how these values might affect the development and deployment of an organisation's information security culture. Drawing on evidence from three exploratory case studies, an emergent conceptual framework was developed from the traditional human behaviour and the social environment perspectives used in social work, This framework contributes to in- formation security management by identifying behaviours related to four modes of information security practice. These modes provide a sound basis that can be used to evaluate individual organisational members' behaviour and the adequacy of ex- isting security measures. The results confirm the plausibility of the four modes of practice. Furthermore, a final framework was developed by integrating the four modes framework into the research framework. The outcomes of the three case stud- ies demonstrate that some of the national, organisational and technological values have clear impacts on the development and deployment of organisations' informa- tion security culture. This research, by providing an understanding the in uence of national, organi- sational and technological values on individuals' information security behaviour, contributes to building a theory of information security culture development within an organisational context. The research reports on the development of an inte- grated information security culture model that highlights recommendations for developing an information security culture. The research framework, introduced by this research, is put forward as a robust starting point for further related work in this area.

Security analysis and enhancement of one-way hash based low-cost authentication protocol (OHLCAP)

Choi et al. recently proposed an efficient RFID authentication protocol for a ubiquitous computing environment, OHLCAP(One-Way Hash based Low-Cost Authentication Protocol). However, this paper reveals that the protocol has several security weaknesses : 1) traceability based on the leakage of counter information, 2) vulnerability to an impersonation attack by maliciously updating a random number, and 3) traceability based on a physically-attacked tag. Finally, a security enhanced group-based authentication protocol is presented.

From Deep North to international governance exemplar : Fitzgerald's impact on the international anti-corruption movement

In pre-Fitzgerald Queensland, the existence of corruption was widely known but its extent and modes of operation were not fully evident. The Fitzgerald Report identified the need for reform of the structure, procedures and efficiency in public administration in Queensland. What was most striking in the Queensland reform process was that a new model for combatting corruption had been developed. Rather than rely upon a single law and a single institution, existing institutions were strengthened and new institutions were introduced to create a set of mutually supporting and mutually checking institutions, agencies and laws that jointly sought to improve governmental standards and combat corruption. Some of the reforms were either unique to Queensland or very rare. One of the strengths of this approach was that it avoided creating a single over-arching institution to fight corruption. There are many powerful opponents of reform. Influential institutions and individuals resist any interference with their privileges. In order to cause a mass exodus from an entrenched corruption system, a seminal event or defining process is needed to alter expectations and incentives that are sufficient to encourage significant numbers of individuals to desert the corruption system and assist the integrity system in exposing and destroying it. The Fitzgerald Inquiry was such an event. This article also briefly addresses methods for destroying national corruption systems where they emerge and exist.

Stakeholder engagement by governance networks

Public awareness of large infrastructure projects, many of which are delivered through networked arrangements is high for several reasons. These projects often involve significant public investment; they may involve multiple and conflicting stakeholders and can potentially have significant environmental impacts (Lim and Yang, 2008). To produce positive outcomes from infrastructure delivery it is imperative that stakeholder “buy in” be obtained particularly about decisions relating to the scale and location of infrastructure. Given the likelihood that stakeholders will have different levels of interest and investment in project outcomes, failure to manage this dynamic could potentially jeopardise project delivery by delaying or halting the construction of essential infrastructure. Consequently, stakeholder engagement has come to constitute a critical activity in infrastructure development delivered through networks. This paper draws on stakeholder theory and governance network theory and provides insights into how three multi-level networks within the Roads Alliance in Queensland engage with stakeholders in the delivery of road infrastructure. New knowledge about stakeholders has been obtained by testing a model of Stakeholder Salience and Engagement which combines and extends the stakeholder identification and salience theory and the ladder of stakeholder management and engagement. By applying this model, the broad research question: “How do governance networks engage with stakeholders?” has been addressed. A multiple embedded case study design was selected as the overall approach to explore, describe, explain and evaluate how stakeholder engagement occurred in three governance networks delivering road infrastructure in Queensland. The outcomes of this research contribute to and extend stakeholder theory by showing how stakeholder salience impacts on decisions about the types of engagement processes implemented. Governance network theory is extended by showing how governance networks interact with stakeholders. From a practical perspective this research provides governance networks with an indication of how to more effectively undertake engagement with different types of stakeholders.

Water rights and water governance : a cautionary tale and the case for interdisciplinary governance

Although Australia is the world’s driest continent without the complication of international borders and a generally good governance reputation, its record of water governance is very poor. This chapter considers some of the potentially general lessons that might be derived for water governance. These include: the difficulties of delineatingwater rights; the apparent preference for creating property rights in unsustainable uses of water while failing to deliver basic water rights; the inter twining of carbon and water crises; the dangers of privatising networks that form natural monopolies; the dangers of disciplinary hubris where interdisciplinary understanding is critical. It concludes by starting to address some of the water governance issues raised by globalisation.

Project governance in Malaysia hillside developments

Hillsides in urban areas around the world are being developed at an accelerating rate, to accommodate population growth and rapid urbanization. Developments at hillside are attractive places to live because of the views, fresh air, exclusivity and the sense of being close to nature. Despite its attractiveness, hillside developments are prone to natural hazards such as landslides that can have environmental, social and economic consequences. To minimise these risks, it is necessary to consider the concerns of all stakeholders during the project review stage. This paper proposes that project governance concept can be used for this purpose by defining the rights, responsibilities and interests of the key stakeholders. It can also provide a framework within which decisions are made in order to minimise risks associated with natural hazards.