Enabling sustainable property practices by ensuring security of tenure

Sustainable property practices will be essential for Australia’s future. The various levels of government offer incentives aimed at encouraging residents to participate in sustainable practices. Many of these programmes however are only accessible by owner occupiers, or landlords and tenants with long term tenancies. Improving security of tenure for tenants, to enable longer term tenancies, would positively impact upon property practices. This article explains what security of tenure is and identifies how a lack of security of tenure adversely impacts property practices. By comparison with Genevan property practices, it concludes by making suggestions as to how security of tenure can be reinforced.

Introduction to special issue on what criminology can say about the war on terror

On 20 September 2001, the former US President, George W. Bush, declared what is now widely, and arguably infamously, known as a ‘war on terror’. In response to the fatal 9/11 attacks in New York and Washington, DC, President Bush identified the US military response as having far-reaching and long-lasting consequences. It was, he argued, ‘our war on terror’ that began ‘with al Qaeda, but … it will not end until every terrorist group of global reach has been found, stopped and defeated’ (CNN 2001). This was to be a war that would, in the words of former British Prime Minister, Tony Blair, seek to eliminate a threat that was ‘aimed at the whole democratic world’ (Blair 2001). Blair claimed that this threat is of such magnitude that unprecedented measures would need to be taken to uphold freedom and security. Blair would later admit that it was a war that ‘divided the country’ and was based on evidence ‘about Saddam having actual biological and chemical weapons, as opposed to the capability to develop them, has turned out to be wrong’ (Blair 2004). The failures of intelligence ushered in new political rhetoric in the form of ‘trust me’ because ‘instinct is no science’ (Blair 2004). The war on terror has been one of the most significant international events in the past three decades, alongside the collapse of the former Soviet Union, the end of apartheid in South Africa, the unification of Europe and the marketization of the People's Republic of China. Yet, unlike the other events, it will not be remembered for advancing democracy or sovereignty, but for the conviction politics of particular politicians who chose to dispense with international law and custom in pursuit of personal instincts that proved fatal. Since the invasions of Afghanistan in October 2001 and …

Motivation : staying in the achievement zone with personal integrity

This paper was presented at orientation, to a select group of Business Faculty First Year students accepted into the "Corporate Partners in Excellence Programme" (CPIE). It discusses some of the strategies for continuing as high performing students in University studies whilst at the same time maturing into successful, ethical professionals with a social and environmental conscience.

Quality metrics for assessing security-critical computer programs

Existing secure software development principles tend to focus on coding vulnerabilities, such as buffer or integer overflows, that apply to individual program statements, or issues associated with the run-time environment, such as component isolation. Here we instead consider software security from the perspective of potential information flow through a program’s object-oriented module structure. In particular, we define a set of quantifiable "security metrics" which allow programmers to quickly and easily assess the overall security of a given source code program or object-oriented design. Although measuring quality attributes of object-oriented programs for properties such as maintainability and performance has been well-covered in the literature, metrics which measure the quality of information security have received little attention. Moreover, existing securityrelevant metrics assess a system either at a very high level, i.e., the whole system, or at a fine level of granularity, i.e., with respect to individual statements. These approaches make it hard and expensive to recognise a secure system from an early stage of development. Instead, our security metrics are based on well-established compositional properties of object-oriented programs (i.e., data encapsulation, cohesion, coupling, composition, extensibility, inheritance and design size), combined with data flow analysis principles that trace potential information flow between high- and low-security system variables. We first define a set of metrics to assess the security quality of a given object-oriented system based on its design artifacts, allowing defects to be detected at an early stage of development. We then extend these metrics to produce a second set applicable to object-oriented program source code. The resulting metrics make it easy to compare the relative security of functionallyequivalent system designs or source code programs so that, for instance, the security of two different revisions of the same system can be compared directly. This capability is further used to study the impact of specific refactoring rules on system security more generally, at both the design and code levels. By measuring the relative security of various programs refactored using different rules, we thus provide guidelines for the safe application of refactoring steps to security-critical programs. Finally, to make it easy and efficient to measure a system design or program’s security, we have also developed a stand-alone software tool which automatically analyses and measures the security of UML designs and Java program code. The tool’s capabilities are demonstrated by applying it to a number of security-critical system designs and Java programs. Notably, the validity of the metrics is demonstrated empirically through measurements that confirm our expectation that program security typically improves as bugs are fixed, but worsens as new functionality is added.

Enterprise information security policy assessment : an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach.

The proposal on the effective query mechanism for the encrypted database

In the recent past, there are some social issues when personal sensitive data in medical database were exposed. The personal sensitive data should be protected and access must be accounted for. Protecting the sensitive information is possible by encrypting such information. The challenge is querying the encrypted information when making the decision. Encrypted query is practically somewhat tedious task. So we present the more effective method using bucket index and bloom filter technology. We find that our proposed method shows low memory and fast efficiency comparatively. Simulation approaches on data encryption techniques to improve health care decision making processes are presented in this paper as a case scenario.

‘Personal Response’ and English Teaching

A case study relating to secondary education, examining the teacher student relationship as it operates within the English classroom is the topic of this paper. It describes how a certain conception of 'personal response' to literature provided a means for the teacher/counsellor to form the ethical capacities of children. 'Personal response' is usually associated with the moment in which the child is freed to be most natural. But for all the emphasis upon the irreducibly individual nature of the 'genuinely felt response', this pedagogic exercise finds its place within a series of strategies designed both to cherish and correct the child, to nurture and to scrutinise, to guide and to reconstruct.

A longitudinal study of change in preservice teachers’ personal epistemologies

There is strong evidence to show that beliefs about knowing and knowledge held by individuals (personal epistemologies) influence preservice teachers’ learning strategies and learning outcomes (Muis, 2004). However, we know very little about how preservice teachers’ personal epistemologies change as they progress through their teacher education programs. This study investigated changes in personal epistemology and beliefs about learning for a group of preservice teachers as they progressed through the four years of a Bachelor of Education degree. Preservice teachers completed the Epistemological Beliefs Survey (EBS, Kardash & Wood, 2000) when they commenced their course (Time 1) when they were in the 3rd year of their course (Time 2) and then again in the final year of their degree (Time 3). Findings indicated that there were significant changes in preservice teachers’ personal epistemologies between course entry and the final year of their course across all but one of the dimensions measured. Results are discussed in terms of the implications for teaching and teacher education.

Data breach notification law in the EU and Australia : where to now?

Mandatory data breach notification laws have been a significant legislative reform in response to unauthorized disclosures of personal information by public and private sector organizations. These laws originated in the state-based legislatures of the United States during the last decade and have subsequently garnered worldwide legislative interest. We contend that there are conceptual and practical concerns regarding mandatory data breach notification laws which limit the scope of their applicability, particularly in relation to existing information privacy law regimes. We outline these concerns here, in the light of recent European Union and Australian legal developments in this area.

Improving trust and securing data accessibility for e-health decision making by using data encryption techniques

In the medical and healthcare arena, patients‟ data is not just their own personal history but also a valuable large dataset for finding solutions for diseases. While electronic medical records are becoming popular and are used in healthcare work places like hospitals, as well as insurance companies, and by major stakeholders such as physicians and their patients, the accessibility of such information should be dealt with in a way that preserves privacy and security. Thus, finding the best way to keep the data secure has become an important issue in the area of database security. Sensitive medical data should be encrypted in databases. There are many encryption/ decryption techniques and algorithms with regard to preserving privacy and security. Currently their performance is an important factor while the medical data is being managed in databases. Another important factor is that the stakeholders should decide more cost-effective ways to reduce the total cost of ownership. As an alternative, DAS (Data as Service) is a popular outsourcing model to satisfy the cost-effectiveness but it takes a consideration that the encryption/ decryption modules needs to be handled by trustworthy stakeholders. This research project is focusing on the query response times in a DAS model (AES-DAS) and analyses the comparison between the outsourcing model and the in-house model which incorporates Microsoft built-in encryption scheme in a SQL Server. This research project includes building a prototype of medical database schemas. There are 2 types of simulations to carry out the project. The first stage includes 6 databases in order to carry out simulations to measure the performance between plain-text, Microsoft built-in encryption and AES-DAS (Data as Service). Particularly, the AES-DAS incorporates implementations of symmetric key encryption such as AES (Advanced Encryption Standard) and a Bucket indexing processor using Bloom filter. The results are categorised such as character type, numeric type, range queries, range queries using Bucket Index and aggregate queries. The second stage takes the scalability test from 5K to 2560K records. The main result of these simulations is that particularly as an outsourcing model, AES-DAS using the Bucket index shows around 3.32 times faster than a normal AES-DAS under the 70 partitions and 10K record-sized databases. Retrieving Numeric typed data takes shorter time than Character typed data in AES-DAS. The aggregation query response time in AES-DAS is not as consistent as that in MS built-in encryption scheme. The scalability test shows that the DBMS reaches in a certain threshold; the query response time becomes rapidly slower. However, there is more to investigate in order to bring about other outcomes and to construct a secured EMR (Electronic Medical Record) more efficiently from these simulations.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

District Court of Queensland Act 1968 s 68 : jurisdiction in pre-proceedings applications under Personal Injuries Proceedings Act 2002

In Woolworths Ltd v Graham [2007] QDC 301 Searles DCJ struck out a pre-proceedings application under the Personal Injuries Proceedings Act 2002 (Qld)on the basis that the material before the Court was not sufficient to attract the jurisdiction of the District Court.The decision serves more broadly as a reminder that the District Court is an inferior court of defined and limited jurisdiction and that any proceedings brought in it must be demonstrably within the jurisdiction conferred on that court by legislation.