479 resultados para security governance


Relevância:

20.00% 20.00%

Publicador:

Resumo:

The focus of knowledge management (KM) in the construction industry is moving towards capability building for value creation. The study reported by this paper is motivated by recent assertions about the genesis and evolution of knowledge management capability (KMC) in the strategic management field. It attempts to shed light on the governance of learning mechanisms that develop KMC within the context of construction firms. A questionnaire survey was administered to a sample of construction contractors operating in the very dynamic Hong Kong market to elicit opinions on the learning mechanisms and business outcomes of targeted firms. On the basis of a total of 149 usable responses, structural equation modeling (SEM) analysis identified relationships among knowledge-governance mechanisms, knowledge processes, and business performance, thereby supporting the existence of strategic learning loops. The study findings provide evidence from the construction context for capability assertions that knowledge-governance mechanisms and processes form learning mechanisms that carry out strategic learning to create value, effect performance outcomes, and ultimately drive the evolution of KMC. The findings imply that it is feasible for managing construction firms to govern learning mechanisms through managing the capability-based holistic KM system, thereby reconfiguring KMC to match needs in the dynamic market environment over time.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

This paper reports the findings of an in-depth literature review, which was designed as the first phase of a study that ultimately aims to rank the importance of key governance mechanisms on collaborative construction projects, in terms of impact on value-for-money. The absence of such information in the global knowledge base has prompted the current study. Seminal research completed recently concluded that deductive evidence with regard to the performance outcomes of collaborative procurement mechanisms is currently limited (Eriksson and Westerberg 2011). The authors aim to address this gap in current understanding. The literature review identifies key features of both formal and informal mechanisms which have been applied within collaborative contracting contexts. The literature review lays a solid foundation for designing a deductive research strategy to be implemented in the second phase of the study, which will employ a large-scale quantitative survey to shed light on the governance structures of collaborative contracts, and the ways in which they impact on realisation of VfM during project delivery in the Australian infrastructure industry. The current paper aims to identify the main categories of formal and informal governance mechanisms currently being employed globally. This will provide structure for the development of the survey in the second phase of the study.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Threats against computer networks evolve very fast and require more and more complex measures. We argue that teams respectively groups with a common purpose for intrusion detection and prevention improve the measures against rapid propagating attacks similar to the concept of teams solving complex tasks known from field of work sociology. Collaboration in this sense is not easy task especially for heterarchical environments. We propose CIMD (collaborative intrusion and malware detection) as a security overlay framework to enable cooperative intrusion detection approaches. Objectives and associated interests are used to create detection groups for exchange of security-related data. In this work, we contribute a tree-oriented data model for device representation in the scope of security. We introduce an algorithm for the formation of detection groups, show realization strategies for the system and conduct vulnerability analysis. We evaluate the benefit of CIMD by simulation and probabilistic analysis.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

We present a virtual test bed for network security evaluation in mid-scale telecommunication networks. Migration from simulation scenarios towards the test bed is supported and enables researchers to evaluate experiments in a more realistic environment. We provide a comprehensive interface to manage, run and evaluate experiments. On basis of a concrete example we show how the proposed test bed can be utilized.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

The evolution of classic power grids to smart grids creates chances for most participants in the energy sector. Customers can save money by reducing energy consumption, energy providers can better predict energy demand and environment benefits since lower energy consumption implies lower energy production including a decrease of emissions from plants. But information and communication systems supporting smart grids can also be subject to classical or new network attacks. Attacks can result in serious damage such as harming privacy of customers, creating economical loss and even disturb the power supply/demand balance of large regions and countries. In this paper, we give an overview about the German smart measuring architecture, protocols and security. Afterwards, we present a simulation framework which enables researchers to analyze security aspects of smart measuring scenarios.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

An engaging narrative is maintained throughout this edited collection of articles that address the issue of militarism in international relations. The book seamlessly integrates historical and contemporary perspectives on militarism with theory and relevant international case studies, resulting in a very informative read. The work is comprised of three parts. Part 1 deals with the theorisation of militarism and includes chapters by Anna Stavrianakis and Jan Selby, Martin Shaw, Simon Dalby, and Nicola Short. It covers a range of topics relating to historical and contemporary theories of militarism, geopolitical threat construction, political economy, and the US military’s ‘cultural turn’.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

We present and analyze several gaze-based graphical password schemes based on recall and cued-recall of grid points; eye-trackers are used to record user's gazes, which can prevent shoulder-surfing and may be suitable for users with disabilities. Our 22-subject study observes that success rate and entry time for the grid-based schemes we consider are comparable to other gaze-based graphical password schemes. We propose the first password security metrics suitable for analysis of graphical grid passwords and provide an in-depth security analysis of user-generated passwords from our study, observing that, on several metrics, user-generated graphical grid passwords are substantially weaker than uniformly random passwords, despite our attempts at designing schemes to improve quality of user-generated passwords.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

IT Governance (ITG) continues to be a top priority for organizations, public and non-public. While the level of awareness towards ITG is evident, it is hardly manifested in practice. The purpose of this study is to elicit factors that act as barriers to the adoption of formal ITG practice. This qualitative study consists of 9 semi-structured interviews with the key person in charge of ITG adoption and practice within their respective organizations. The interviews were analyzed using thematic content analysis, guided by themes previously obtained from the literature and from an earlier pilot study. Findings obtained supported previous findings and also reveal new factors noticeably absent from the ITG literature. The findings will provide useful input towards the development of a causal model on barriers to formal ITG practice

Relevância:

20.00% 20.00%

Publicador:

Resumo:

The security of industrial control systems in critical infrastructure is a concern for the Australian government and other nations. There is a need to provide local Australian training and education for both control system engineers and information technology professionals. This paper proposes a postgraduate curriculum of four courses to provide knowledge and skills to protect critical infrastructure industrial control systems. Our curriculum is unique in that it provides security awareness but also the advanced skills required for security specialists in this area. We are aware that in the Australian context there is a cultural gap between the thinking of control system engineers who are responsible for maintaining and designing critical infrastructure and information technology professionals who are responsible for protecting these systems from cyber attacks. Our curriculum aims to bridge this gap by providing theoretical and practical exercises that will raise the awareness and preparedness of both groups of professionals.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

Corporate governance (CG) denotes the rules of business decision-making and directs the internal mechanism of companies to follow the output of the rules. It includes the customs, policies, laws and institutions as a set of processes that affects the way in which a corporation is directed, administered or controlled.

Relevância:

20.00% 20.00%

Publicador:

Resumo:

This study investigates the gap between the climate change-related corporate governance information being disclosed by companies, and the information sought by stakeholders. To accomplish this objective we utilised previous research on stakeholder demand for information, and we conducted in-depth interviews with six corporate representatives from major Australian emission-intensive companies. Having gained and documented a rich insight into the potential factors responsible for the current gap in disclosure we find that the existence of an expectations gap; the perceived cost of providing commercially sensitive information; the limited accountability being accepted by the corporate managers; and, a lack of stakeholder pressure together contribute to the lack of disclosure. In highlighting the gap in disclosure, this study suggests strategies to reduce the gap in climate change-related corporate governance disclosures.