Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Distributing sensitive information in the MPEG-21 multimedia framework

The MPEG-21 Multimedia Framework provides for controlled distribution of multimedia works through its Intellectual Property Management and Protection ("IPMP") Components and Rights Expression Language ("MPEG REL"). The IPMP Components provide a framework by which the components of an MPEG-21 digital item can be protected from undesired access, while MPEG REL provides a mechanism for describing the conditions under which a component of a digital item may be used and distributed. This chapter describes how the IPMP Components and MPEG REL were used to implement a series of digital rights management applications at the Cooperative Research Centre for Smart Internet Technology in Australia. While the IPMP Components and MPEG REL were initially designed to facilitate the protection of copyright, the applications also show how the technology can be adapted to the protection of private personal information and sensitive corporate information.

Quality of child abuse information for measurement and surveillance : linking hospital and child welfare data

National estimates of the prevalence of child abuse-related injuries are obtained from a variety of sectors including welfare, justice, and health resulting in inconsistent estimates across sectors. The International Classification of Diseases (ICD) is used as the international standard for categorising health data and aggregating data for statistical purposes, though there has been limited validation of the quality, completeness or concordance of these data with other sectors. This research study examined the quality of documentation and coding of child abuse recorded in hospital records in Queensland and the concordance of these data with child welfare records. A retrospective medical record review was used to examine the clinical documentation of over 1000 hospitalised injured children from 20 hospitals in Queensland. A data linkage methodology was used to link these records with records in the child welfare database. Cases were sampled from three sub-groups according to the presence of target ICD codes: Definite abuse, Possible abuse, unintentional injury. Less than 2% of cases coded as being unintentional were recoded after review as being possible abuse, and only 5% of cases coded as possible abuse cases were reclassified as unintentional, though there was greater variation in the classification of cases as definite abuse compared to possible abuse. Concordance of health data with child welfare data varied across patient subgroups. This study will inform the development of strategies to improve the quality, consistency and concordance of information between health and welfare agencies to ensure adequate system responses to children at risk of abuse.

Quality of child abuse information in emergency department injury surveillance data : linking hospital and child welfare data

Emergency departments (EDs) are often the first point of contact with an abused child. Despite legal mandate, the reporting of definite or suspected abusive injury to child safety authorities by ED clinicians varies due to a number of factors including training, access to child safety professionals, departmental culture and a fear of ‘getting it wrong’. This study examined the quality of documentation and coding of child abuse captured by ED based injury surveillance data and ED medical records in the state of Queensland and the concordance of these data with child welfare records. A retrospective medical record review was used to examine the clinical documentation of almost 1000 injured children included in the Queensland Injury Surveillance Unit database (QISU) from 10 hospitals in urban and rural centres. Independent experts re-coded the records based on their review of the notes. A data linkage methodology was then used to link these records with records in the state government’s child welfare database. Cases were sampled from three sub-groups according to the surveillance intent codes: Maltreatment by parent, Undetermined and Unintentional injury. Only 0.1% of cases coded as unintentional injury were recoded to maltreatment by parent, while 1.2% of cases coded as maltreatment by parent were reclassified as unintentional and 5% of cases where the intent was undetermined by the triage nurse were recoded as maltreatment by parent. Quality of documentation varied across type of hospital (tertiary referral centre, children’s, urban, regional and remote). Concordance of health data with child welfare data varied across patient subgroups. Outcomes from this research will guide initiatives to improve the quality of intentional child injury surveillance systems.

Research and application of Building Information Modelling (BIM) in the Architecture, Engineering and Construction (AEC) industry : a review and direction for future research

With an increasing level of collaboration amongst researchers, software developers and industry practitioners in the past three decades, building information modelling (BIM) is now recognized as an emerging technological and procedural shift within the architect, engineering and construction (AEC) industry. BIM is not only considered as a way to make a profound impact on the professions of AEC, but is also regarded as an approach to assist the industry to develop new ways of thinking and practice. Despite the widespread development and recognition of BIM, a succinct and systematic review of the existing BIM research and achievement is scarce. It is also necessary to take stock on existing applications and have a fresh look at where BIM should be heading and how it can benefit from the advances being made. This paper first presents a review of BIM research and achievement in AEC industry. A number of suggestions are then made for future research in BIM. This paper maintains that the value of BIM during design and construction phases is well documented over the last decade, and new research needs to expand the level of development and analysis from design/build stage to postconstruction and facility asset management. New research in BIM could also move beyond the traditional building type to managing the broader range of facilities and built assets and providing preventative maintenance schedules for sustainable and intelligent buildings

Continuous biometric authentication : can it be more practical?

Continuous biometric authentication schemes (CBAS) are built around the biometrics supplied by user behavioural characteristics and continuously check the identity of the user throughout the session. The current literature for CBAS primarily focuses on the accuracy of the system in order to reduce false alarms. However, these attempts do not consider various issues that might affect practicality in real world applications and continuous authentication scenarios. One of the main issues is that the presented CBAS are based on several samples of training data either of both intruder and valid users or only the valid users' profile. This means that historical profiles for either the legitimate users or possible attackers should be available or collected before prediction time. However, in some cases it is impractical to gain the biometric data of the user in advance (before detection time). Another issue is the variability of the behaviour of the user between the registered profile obtained during enrollment, and the profile from the testing phase. The aim of this paper is to identify the limitations in current CBAS in order to make them more practical for real world applications. Also, the paper discusses a new application for CBAS not requiring any training data either from intruders or from valid users.

Limited information estimation and evaluation of DSGE models

We advance the proposition that dynamic stochastic general equilibrium (DSGE) models should not only be estimated and evaluated with full information methods. These require that the complete system of equations be specified properly. Some limited information analysis, which focuses upon specific equations, is therefore likely to be a useful complement to full system analysis. Two major problems occur when implementing limited information methods. These are the presence of forward-looking expectations in the system as well as unobservable non-stationary variables. We present methods for dealing with both of these difficulties, and illustrate the interaction between full and limited information methods using a well-known model.

Contextualizing the tensions and weaknesses of information privacy and data breach notification laws

Data breach notification laws have detailed numerous failures relating to the protection of personal information that have blighted both corporate and governmental institutions. There are obvious parallels between data breach notification and information privacy law as they both involve the protection of personal information. However, a closer examination of both laws reveals conceptual differences that give rise to vertical tensions between each law and shared horizontal weaknesses within both laws. Tensions emanate from conflicting approaches to the implementation of information privacy law that results in different regimes and the implementation of different types of protections. Shared weaknesses arise from an overt focus on specified types of personal information which results in ‘one size fits all’ legal remedies. The author contends that a greater contextual approach which promotes the importance of social context is required and highlights the effect that contextualization could have on both laws.

Information and communication technologies : catalysts for sustainable development

The concept of sustainable urban development has been pushed to the forefront of policy-making and politics as the world wakes up to the impacts of climate change and the effects of modern urban lifestyles. Today, sustainable development has become a very prominent element in the day-to-day debate on urban policy and the expression of that policy in urban planning and development decisions. As a result of this, during the last few years, sustainable development automation applications such as sustainable urban development decision support systems have become popular tools as they offer new opportunities for local governments to realise their sustainable development agendas. This chapter explores a range of issues associated with the application of information and communication technologies and decision support systems in the process of underpinning sustainable urban development. The chapter considers how information and communication technologies can be applied to enhance urban planning, raise environmental awareness, share decisions and improve public participation. It introduces and explores three web-based geographical information systems projects as best practice. These systems are developed as support tools to include public opinion in the urban planning and development processes, and to provide planners with comprehensive tools for the analysis of sustainable urban development variants in order to prepare the best plans for constructing sustainable urban communities and futures.

Analysis of the effect of negation on information retrieval of medical data

Most information retrieval (IR) models treat the presence of a term within a document as an indication that the document is somehow "about" that term, they do not take into account when a term might be explicitly negated. Medical data, by its nature, contains a high frequency of negated terms - e.g. "review of systems showed no chest pain or shortness of breath". This papers presents a study of the effects of negation on information retrieval. We present a number of experiments to determine whether negation has a significant negative affect on IR performance and whether language models that take negation into account might improve performance. We use a collection of real medical records as our test corpus. Our findings are that negation has some affect on system performance, but this will likely be confined to domains such as medical data where negation is prevalent.

Geographical information systems : an effective planning and decision-making platform for community health coalitions in Australia

The development of locally-based healthcare initiatives, such as community health coalitions that focus on capacity building programs and multi-faceted responses to long-term health problems, have become an increasingly important part of the public health landscape. As a result of their complexity and the level of investment, it has become necessary to develop innovative ways to help manage these new healthcare approaches. Geographical Information Systems (GIS) have been suggested as one of the innovative approaches that will allow community health coalitions to better manage and plan their activities. The focus of this paper is to provide a commentary on the use of GIS as a tool for community coalitions and discuss some of the potential benefits and issues surrounding the development of these tools.

The Guardian Reportage of the UK MP Expenses Scandal: a Case Study of Computational Journalism

The Guardian reportage of the United Kingdom Member of Parliament (MP) expenses scandal of 2009 used crowdsourcing and computational journalism techniques. Computational journalism can be broadly defined as the application of computer science techniques to the activities of journalism. Its foundation lies in computer assisted reporting techniques and its importance is increasing due to the: (a) increasing availability of large scale government datasets for scrutiny; (b) declining cost, increasing power and ease of use of data mining and filtering software; and Web 2.0; and (c) explosion of online public engagement and opinion.. This paper provides a case study of the Guardian MP expenses scandal reportage and reveals some key challenges and opportunities for digital journalism. It finds journalists may increasingly take an active role in understanding, interpreting, verifying and reporting clues or conclusions that arise from the interrogations of datasets (computational journalism). Secondly a distinction should be made between information reportage and computational journalism in the digital realm, just as a distinction might be made between citizen reporting and citizen journalism. Thirdly, an opportunity exists for online news providers to take a ‘curatorial’ role, selecting and making easily available the best data sources for readers to use (information reportage). These activities have always been fundamental to journalism, however the way in which they are undertaken may change. Findings from this paper may suggest opportunities and challenges for the implementation of computational journalism techniques in practice by digital Australian media providers, and further areas of research.

Informed learning: a pedagogical construct attending simultaneously to information use and learning.

The idea of informed learning, applicable in academic, workplace and community settings, has been derived largely from a program of phenomenographic research in the field of information literacy, which has illuminated the experience of using information to learn. Informed learning is about simultaneous attention to information use and learning, where both information and learning are considered to be relational; and is built upon a series of key concepts such as second–order perspective, simultaneity, awareness, and relationality. Informed learning also relies heavily on reflection as a strategy for bringing about learning. As a pedagogical construct, informed learning supports inclusive curriculum design and implementation. This paper reports aspects of the informed learning research agenda which are currently being pursued at the Queensland University of Technology (QUT). The first part elaborates the idea of informed learning, examines the key concepts underpinning this pedagogical construct, and explains its emergence from the research base of the QUT Information Studies research team. The second presents a case, which demonstrates the ongoing development of informed learning theory and practice, through the development of inclusive informed learning for a culturally diverse higher education context.

Transnational business masculinities : media representations of gender and management in global mining corporations

This paper examines Australian media representations of the male managers of two global mining corporations, Rio Tinto and BHP Billiton. These organizations are transnational (or multinational) corporations with assets and/or operations across national boundaries (Dunning and Lundan, 2008), and indeed their respective Chief Executive Officers, Tom Albanese and Marius Kloppers are two of the most economically (and arguably politically) powerful in the world overseeing 37 000 and 39 000 employees internationally. With a 2008 profit of US$15.962 billion and assets of US$ 75.889 Billion BHP Billiton is the world's largest mining company. In terms of its profits and assets Rio Tinto ranks fourth in the world, but with operations in six countries (mainly Canada and Australia) and a 2008 profit of US$10.3 billion it is also emblematic of the transnational in that its ‘budget is larger than that of all but a few nations’ (Giddens, 2003, p. 62).