204 resultados para security policy model
Resumo:
This research investigates wireless intrusion detection techniques for detecting attacks on IEEE 802.11i Robust Secure Networks (RSNs). Despite using a variety of comprehensive preventative security measures, the RSNs remain vulnerable to a number of attacks. Failure of preventative measures to address all RSN vulnerabilities dictates the need for a comprehensive monitoring capability to detect all attacks on RSNs and also to proactively address potential security vulnerabilities by detecting security policy violations in the WLAN. This research proposes novel wireless intrusion detection techniques to address these monitoring requirements and also studies correlation of the generated alarms across wireless intrusion detection system (WIDS) sensors and the detection techniques themselves for greater reliability and robustness. The specific outcomes of this research are: A comprehensive review of the outstanding vulnerabilities and attacks in IEEE 802.11i RSNs. A comprehensive review of the wireless intrusion detection techniques currently available for detecting attacks on RSNs. Identification of the drawbacks and limitations of the currently available wireless intrusion detection techniques in detecting attacks on RSNs. Development of three novel wireless intrusion detection techniques for detecting RSN attacks and security policy violations in RSNs. Development of algorithms for each novel intrusion detection technique to correlate alarms across distributed sensors of a WIDS. Development of an algorithm for automatic attack scenario detection using cross detection technique correlation. Development of an algorithm to automatically assign priority to the detected attack scenario using cross detection technique correlation.
Resumo:
This article presents a survey of authorisation models and considers their ‘fitness-for-purpose’ in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a ‘virtual organisation’. The article argues that present authorisation models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorisation policies. The article outlines the motivation and requirement for a new flexible authorisation model that addresses the needs of information sharing. It proposes that a flexible and scalable authorisation model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-based Access Control concept is presented.
Resumo:
In the late 1990’s, intense and vigorous debate surrounded the impact of minority communities on Australia’s mainstream society. The rise of far-right populism took the stage with the introduction to the political landscape of Pauline Hanson and her One Nation party, whilst John Howard’s Liberal-National Coalition Government took the fore on debate over immigration issues corresponding with an influx of irregular arrivals. In 2001, following the September 11 terrorist attacks in the United States of America and subsequent attacks on western targets globally, many of these issues continued to be debated through the security posturing that followed. In recent years, much effort has been afforded to countering the threat of terrorism from home grown assailants. The Government has introduced stringent legislative responses whilst researchers have studied social movements and trends within Australian communities, particularly with respect to minorities. In 2008, the Scanlon Foundation, in association with Monash University and various government entities, released its findings into its survey approach to mapping social cohesion in Australia. It identified a number of spheres of exploration which it believed were essential to measuring cohesiveness of Australian communities generally including, economic, political and socio-cultural factors (Markus and Dharmalingam, 2008). This doctoral project report will explore the political sphere as identified in the Mapping Social Cohesion project and apply it to identified minority ethnic communities. The Scanlon Foundation project identified political participation as one of a number of true indicators of social cohesion. This project acknowledges that democracy in Australia is represented predominantly by two political entities representing a vast majority of constituents under a compulsory voting regime. This essay will identify the levels of political activism achieved by minority ethnic communities and access to democratic participation within the Australian political structure. It will define a ten year period from 1999 to 2009, identifying trends and issues within minority communities that have proactively and reactively promoted engagement in achieving a political voice, framed within a mainstream-dominated political system. It will research social movements and other influential factors over that period to enrich existing knowledge in relation to political participation rates across Australian communities.
Resumo:
Introduction: Evaluating the effectiveness of interventions designed to increase the physical activity in communities is often a difficult and complex task, requiring considerable expertise and investment, and often constrained by methodological limitations. These limitations, in turn, create additional challenges when these studies are used in systematic reviews as they hinder the confidence, precision and interpretation of results. The objective of this paper is to summarise the methodological challenges posed in conducting a systematic review of community-wide physical activity interventions to help inform those conducting future primary research and systematic reviews. Methods: We conducted a Cochrane systematic review of community-wide interventions to increase physical activity. We assessed the methodological quality of the included studies. We will investigate these in greater detail, particularly in relation to the potential impact on measures of effect, confidence in results, generalizability of results and general interpretation. Results: The systematic review was conducted and has been published in the Cochrane Library. A logic model was helpful in defining and interpreting the studies. Many studies of unsuitable study design were excluded; however several important methodological limitations of the primary studies evaluating community-wide physical activity interventions emerged. These included: - the failure to use validated tools to measure physical activity; - issues associated with pre and post test designs; - inadequate sampling of populations; - poor control groups; and - intervention and measurement protocols of inadequate duration. Although it is challenging to undertake rigorous evaluations of complex interventions, these issues result in significant uncertainty over the effectiveness of these interventions, and the possible factors required for a community-wide intervention to be successful. In particular, the combination of several of these limitations (e.g. un-validated tools, inadequate sampling, and short duration) is that studies may lack the sensitivity to detect any meaningful change. Multiple publications of findings for the same study also made interpretation difficult; however, interventions with parallel qualitative publications were helpful. Discussion: Evaluating community wide interventions to increase physical activity in a rigorous way is incredibly challenging. These findings reflect these challenges but have important ramifications for researchers conducting primary studies to determine the efficacy of such interventions, as well as for researchers conducting systematic reviews. This new review shows that the inadequacies of design and evaluation are continuing. It is hoped that the adoption of such suggestions may aid in the development of systematic reviews, but more importantly, in enabling translation of such findings into policy and practice.
Resumo:
Curriculum is always in a state of flux and so often the moves to ‘reform’ it are political rather than pedagogical. So often in these days of accountability we focus on the learner. I want to focus on the teacher in this presentation. As English educators we have to ‘fit’ whatever new policy model comes our way. The Australian curriculum seems to have tried to please every stakeholder in its process and as such has been formed without a single, unifying coherent theoretical basis. How do we challenge this paper tiger? We have to find the pedagogical models within the current framework and see what still works in practice. At the chalk-face there are still teaching, learning and assessment practices in English surviving from the last few decades of pedagogical change; and there is also room for accommodating new practices. Embracing and adapting the old and the new may be the key to staying creative and passionately engaged with our subject area.
Resumo:
In the age of air travel and globalized trade, pathogens that once took months or even years to spread beyond their regions of origin can now circumnavigate the globe in a matter of hours. Amid growing concerns about such epidemics as Ebola, SARS, MERS, and H1N1, disease diplomacy has emerged as a key foreign and security policy concern as countries work to collectively strengthen the global systems of disease surveillance and control. The revision of the International Health Regulations (IHR), eventually adopted by the World Health Organization’s member states in 2005, was the foremost manifestation of this novel diplomacy. The new regulations heralded a profound shift in international norms surrounding global health security, significantly expanding what is expected of states in the face of public health emergencies and requiring them to improve their capacity to detect and contain outbreaks. Drawing on Martha Finnemore and Kathryn Sikkink’s "norm life cycle" framework and based on extensive documentary analysis and key informant interviews, Disease Diplomacy traces the emergence of these new norms of global health security, the extent to which they have been internalized by states, and the political and technical constraints governments confront in attempting to comply with their new international obligations. The authors also examine in detail the background, drafting, adoption, and implementation of the IHR while arguing that the very existence of these regulations reveals an important new understanding: that infectious disease outbreaks and their management are critical to national and international security. The book will be of great interest to academic researchers, postgraduate students, and advanced undergraduates in the fields of global public health, international relations, and public policy, as well as health professionals, diplomats, and practitioners with a professional interest in global health security.
Resumo:
Key topics: Since the birth of the Open Source movement in the mid-80's, open source software has become more and more widespread. Amongst others, the Linux operating system, the Apache web server and the Firefox internet explorer have taken substantial market shares to their proprietary competitors. Open source software is governed by particular types of licenses. As proprietary licenses only allow the software's use in exchange for a fee, open source licenses grant users more rights like the free use, free copy, free modification and free distribution of the software, as well as free access to the source code. This new phenomenon has raised many managerial questions: organizational issues related to the system of governance that underlie such open source communities (Raymond, 1999a; Lerner and Tirole, 2002; Lee and Cole 2003; Mockus et al. 2000; Tuomi, 2000; Demil and Lecocq, 2006; O'Mahony and Ferraro, 2007;Fleming and Waguespack, 2007), collaborative innovation issues (Von Hippel, 2003; Von Krogh et al., 2003; Von Hippel and Von Krogh, 2003; Dahlander, 2005; Osterloh, 2007; David, 2008), issues related to the nature as well as the motivations of developers (Lerner and Tirole, 2002; Hertel, 2003; Dahlander and McKelvey, 2005; Jeppesen and Frederiksen, 2006), public policy and innovation issues (Jullien and Zimmermann, 2005; Lee, 2006), technological competitions issues related to standard battles between proprietary and open source software (Bonaccorsi and Rossi, 2003; Bonaccorsi et al. 2004, Economides and Katsamakas, 2005; Chen, 2007), intellectual property rights and licensing issues (Laat 2005; Lerner and Tirole, 2005; Gambardella, 2006; Determann et al., 2007). A major unresolved issue concerns open source business models and revenue capture, given that open source licenses imply no fee for users. On this topic, articles show that a commercial activity based on open source software is possible, as they describe different possible ways of doing business around open source (Raymond, 1999; Dahlander, 2004; Daffara, 2007; Bonaccorsi and Merito, 2007). These studies usually look at open source-based companies. Open source-based companies encompass a wide range of firms with different categories of activities: providers of packaged open source solutions, IT Services&Software Engineering firms and open source software publishers. However, business models implications are different for each of these categories: providers of packaged solutions and IT Services&Software Engineering firms' activities are based on software developed outside their boundaries, whereas commercial software publishers sponsor the development of the open source software. This paper focuses on open source software publishers' business models as this issue is even more crucial for this category of firms which take the risk of investing in the development of the software. Literature at last identifies and depicts only two generic types of business models for open source software publishers: the business models of ''bundling'' (Pal and Madanmohan, 2002; Dahlander 2004) and the dual licensing business models (Välimäki, 2003; Comino and Manenti, 2007). Nevertheless, these business models are not applicable in all circumstances. Methodology: The objectives of this paper are: (1) to explore in which contexts the two generic business models described in literature can be implemented successfully and (2) to depict an additional business model for open source software publishers which can be used in a different context. To do so, this paper draws upon an explorative case study of IdealX, a French open source security software publisher. This case study consists in a series of 3 interviews conducted between February 2005 and April 2006 with the co-founder and the business manager. It aims at depicting the process of IdealX's search for the appropriate business model between its creation in 2000 and 2006. This software publisher has tried both generic types of open source software publishers' business models before designing its own. Consequently, through IdealX's trials and errors, I investigate the conditions under which such generic business models can be effective. Moreover, this study describes the business model finally designed and adopted by IdealX: an additional open source software publisher's business model based on the principle of ''mutualisation'', which is applicable in a different context. Results and implications: Finally, this article contributes to ongoing empirical work within entrepreneurship and strategic management on open source software publishers' business models: it provides the characteristics of three generic business models (the business model of bundling, the dual licensing business model and the business model of mutualisation) as well as conditions under which they can be successfully implemented (regarding the type of product developed and the competencies of the firm). This paper also goes further into the traditional concept of business model used by scholars in the open source related literature. In this article, a business model is not only considered as a way of generating incomes (''revenue model'' (Amit and Zott, 2001)), but rather as the necessary conjunction of value creation and value capture, according to the recent literature about business models (Amit and Zott, 2001; Chresbrough and Rosenblum, 2002; Teece, 2007). Consequently, this paper analyses the business models from these two components' point of view.
Resumo:
Capital works procurement and its regulatory policy environment within a country can be complex entities. For example, by virtue of Australia’s governmental division between the Commonwealth, states and local jurisdictions and the associated procurement networks and responsibilities at each level, the tendering process is often convoluted. There are four inter-related key themes identified in the literature in relation to procurement disharmony, including decentralisation, risk & risk mitigation, free trade & competition, and tendering costs. This paper defines and discusses these key areas of conflict that adversely impact upon the business environments of industry through a literature review, policy analysis and consultation with capital works procurement stakeholders. The aim of this national study is to identify policy differences between jurisdictions in Australia, and ascertain whether those differences are a barrier to productivity and innovation. This research forms an element of a broader investigation with an aim of developing efficient, effective and nationally harmonised procurement systems. Keywords: capital works, procurement policy reform Acknowledgement: The research described in this paper carried out by the Australian Cooperative Research Centre for Construction Innovation.
Resumo:
Unified Enterprise application security is a new emerging approach for providing protection against application level attacks. Conventional application security approach that consists of embedding security into each critical application leads towards scattered security mechanism that is not only difficult to manage but also creates security loopholes. According to the CSIIFBI computer crime survey report, almost 80% of the security breaches come from authorized users. In this paper, we have worked on the concept of unified security model, which manages all security aspect from a single security window. The basic idea is to keep business functionality separate from security components of the application. Our main focus was on the designing of frame work for unified layer which supports single point of policy control, centralize logging mechanism, granular, context aware access control, and independent from any underlying authentication technology and authorization policy.
Resumo:
Authorised users (insiders) are behind the majority of security incidents with high financial impacts. Because authorisation is the process of controlling users’ access to resources, improving authorisation techniques may mitigate the insider threat. Current approaches to authorisation suffer from the assumption that users will (can) not depart from the expected behaviour implicit in the authorisation policy. In reality however, users can and do depart from the canonical behaviour. This paper argues that the conflict of interest between insiders and authorisation mechanisms is analogous to the subset of problems formally studied in the field of game theory. It proposes a game theoretic authorisation model that can ensure users’ potential misuse of a resource is explicitly considered while making an authorisation decision. The resulting authorisation model is dynamic in the sense that its access decisions vary according to the changes in explicit factors that influence the cost of misuse for both the authorisation mechanism and the insider.
Resumo:
This paper presents a modified approach to evaluate access control policy similarity and dissimilarity based on the proposal by Lin et al. (2007). Lin et al.'s policy similarity approach is intended as a filter stage which identifies similar XACML policies that can be analysed further using more computationally demanding techniques based on model checking or logical reasoning. This paper improves the approach of computing similarity of Lin et al. and also proposes a mechanism to calculate a dissimilarity score by identifying related policies that are likely to produce different access decisions. Departing from the original algorithm, the modifications take into account the policy obligation, rule or policy combining algorithm and the operators between attribute name and value. The algorithms are useful in activities involving parties from multiple security domains such as secured collaboration or secured task distribution. The algorithms allow various comparison options for evaluating policies while retaining control over the restriction level via a number of thresholds and weight factors.
Resumo:
Forest policy and forestry management in Tasmania have undergone a number of changes in the last thirty years, many explicitly aimed at improving industry sustainability, job security, and forest biodiversity conservation. Yet forestry remains a contentious issue in Tasmania, due to a number of interacting factors, most significant of which is the prevalence of a ‘command and control’ governance approach by policymakers and managers. New approaches such as multiple-stakeholder decision-making, adaptive management, and direct public participation in policymaking are needed. Such an approach has been attempted in Canada in the last decade, through the Canadian Model Forest Program, and may be suitable for Tasmania. This paper seeks to describe what the Canadian Model Forest approach is, how it may be implemented in Tasmania, and what role it may play in the shift to a new forestry paradigm. Until such a paradigm shift occurs contentions and confrontations are likely to continue.
Resumo:
This paper proposes a theoretical model for e-Government in Malaysia and addresses issues involved in its implementation. It presents three possible models including the Framework for Electronic Government (Grant & Chau, 2005), the Three Pillars Framework (Georgescu, 2007) and The Grid-Group Theory from cultural studies (Douglas, 1996) and integrates and adapts them to the specific needs of the Malaysian environment.
Resumo:
All organisations, irrespective of size and type, need effective information security management (ISM) practices to protect vital organisational in- formation assets. However, little is known about the information security management practices of nonprofit organisations. Australian nonprofit organisations (NPOs) employed 889,900 people, managed 4.6 million volunteers and contributed $40,959 million to the economy during 2006-2007 (Australian Bureau of Statistics, 2009). This thesis describes the perceptions of information security management in two Australian NPOs and examines the appropriateness of the ISO 27002 information security management standard in an NPO context. The overall approach to the research is interpretive. A collective case study has been performed, consisting of two instrumental case studies with the researcher being embedded within two NPOs for extended periods of time. Data gathering and analysis was informed by grounded theory and action research, and the Technology Acceptance Model was utilised as a lens to explore the findings and provide limited generalisability to other contexts. The major findings include a distinct lack of information security management best practice in both organisations. ISM Governance and risk management was lacking and ISM policy was either outdated or non- existent. While some user focused ISM practices were evident, reference to standards, such as ISO 27002, were absent. The main factor that negatively impacted on ISM practices was the lack of resources available for ISM in the NPOs studied. Two novel aspects of information security dis- covered in this research were the importance of accuracy and consistency of information. The contribution of this research is a preliminary understanding of ISM practices and perceptions in NPOs. Recommendations for a new approach to managing information security management in nonprofit organisations have been proposed.
