A risk simulation framework for information infrastructure protection

Information communication and technology (ICT) systems are almost ubiquitous in the modern world. It is hard to identify any industry, or for that matter any part of society, that is not in some way dependent on these systems and their continued secure operation. Therefore the security of information infrastructures, both on an organisational and societal level, is of critical importance. Information security risk assessment is an essential part of ensuring that these systems are appropriately protected and positioned to deal with a rapidly changing threat environment. The complexity of these systems and their inter-dependencies however, introduces a similar complexity to the information security risk assessment task. This complexity suggests that information security risk assessment cannot, optimally, be undertaken manually. Information security risk assessment for individual components of the information infrastructure can be aided by the use of a software tool, a type of simulation, which concentrates on modelling failure rather than normal operational simulation. Avoiding the modelling of the operational system will once again reduce the level of complexity of the assessment task. The use of such a tool provides the opportunity to reuse information in many different ways by developing a repository of relevant information to aid in both risk assessment and management and governance and compliance activities. Widespread use of such a tool allows the opportunity for the risk models developed for individual information infrastructure components to be connected in order to develop a model of information security exposures across the entire information infrastructure. In this thesis conceptual and practical aspects of risk and its underlying epistemology are analysed to produce a model suitable for application to information security risk assessment. Based on this work prototype software has been developed to explore these concepts for information security risk assessment. Initial work has been carried out to investigate the use of this software for information security compliance and governance activities. Finally, an initial concept for extending the use of this approach across an information infrastructure is presented.

Experiencing religious information literacy : informed learning in church communities

This paper reports an exploration of religious information literacy in terms of how people use information to learn in the context of church communities. The research approach of phenomenography was used to explore Uniting Church in Australia members' experience of using information to learn as participants in their church communities. Five ways of experiencing religious information literacy were identified, using information to learn about: growing faith, developing relationships, managing the church, serving church communities and reaching out beyond church communities. It is anticipated that such findings will be of interest to information professionals, including information literacy specialists, as well as leaders and members of church communities.

Approaches to learning information literacy : a phenomenographic study

This paper reports on an empirical study that explores the ways students approach learning to find and use information. Based on interviews with 15 education students in an Australian university, this study uses phenomenography as its methodological and theoretical basis. The study reveals that students use three main strategies for learning information literacy: 1) learning by doing; 2) learning by trial and error; and 3) learning by interacting with other people. Understanding the different ways that students approach learning information literacy will assist librarians and faculty to design and provide more effective information literacy education.

Project alliancing and information technology in building construction : the National Museum of Australia

The construction industry demands priority from all governments because it impacts economically and socially on all citizens. A number of recent studies have identified inefficiencies in the Australian construction industry by modelling the building process. A culture of reform supported by industry and government is now emerging in the industry – one in which alternate forms of project delivery are being trialed. The Australian Building and Construction Industry Action Agenda brought together industry and government to identify actions necessary to lift Australia’s innovative and knowledge creating capacity at the sector level. A central activity under this Action Agenda was dissemination of information relating to industry best practice initiatives in innovation, project delivery and the use of information technology. Government and industry identified project alliance contracting and more advanced information technology as means to increase efficiency in construction as part of a new innovative procurement environment.

Emerging themes in dietetic competency

Determining entry level competency of new graduates, as they transition from university to practice is not always black and white. Holistic competency emerges as acculturation and experience develops in the workplace. This project, funded by the Dietitians Association Australia (DAA), aimed to develop tools to guide the assessment process. Range variable statements and evidence guides were developed to inform the assessment of DAA Entry Level Competency Standards (ELCS) at university and to define the core fields of study required in Australian university curricula for university accreditation and international benchmarking purposes. Range variables contextualise competency by defining the boundaries for competency and the associated performance criteria. Evidence guides provide the range of contexts and critical aspects of competency which would usually be assessed together. Core fields of study defi ne the underpinning knowledge and skills required in the curriculum to achieve competency. Draft range variable statements and evidence guides were developed against each of the units and elements of the ELCS. Two rounds of consultation occurred with the fourteen Australian universities undertaking dietetic education and the project management committee, via teleconference and email. Core fi elds of study were informed by these consultations, as well as interviews of new graduates about core activities undertaken in their workplace. The final versions of these documents were presented to the project management committee, the Australian Dietetic Council and the DAA Board to be integrated into the DAA Accreditation Manual and website information.

Towards semantic search and inference in electronic medical records : an approach using concept-based information retrieval

Background This paper presents a novel approach to searching electronic medical records that is based on concept matching rather than keyword matching. Aim The concept-based approach is intended to overcome specific challenges we identified in searching medical records. Method Queries and documents were transformed from their term-based originals into medical concepts as defined by the SNOMED-CT ontology. Results Evaluation on a real-world collection of medical records showed our concept-based approach outperformed a keyword baseline by 25% in Mean Average Precision. Conclusion The concept-based approach provides a framework for further development of inference based search systems for dealing with medical data.

Severity of driver injury and vehicle damage in traffic crashes at intersections: A Bayesian hierarchical analysis

Most crash severity studies ignored severity correlations between driver-vehicle units involved in the same crashes. Models without accounting for these within-crash correlations will result in biased estimates in the factor effects. This study developed a Bayesian hierarchical binomial logistic model to identify the significant factors affecting the severity level of driver injury and vehicle damage in traffic crashes at signalized intersections. Crash data in Singapore were employed to calibrate the model. Model fitness assessment and comparison using Intra-class Correlation Coefficient (ICC) and Deviance Information Criterion (DIC) ensured the suitability of introducing the crash-level random effects. Crashes occurring in peak time, in good street lighting condition, involving pedestrian injuries are associated with a lower severity, while those in night time, at T/Y type intersections, on right-most lane, and installed with red light camera have larger odds of being severe. Moreover, heavy vehicles have a better resistance on severe crash, while crashes involving two-wheel vehicles, young or aged drivers, and the involvement of offending party are more likely to result in severe injuries.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

Enterprise systems curricula for Asia-Pacific region : a vision for 2020

Enterprise Systems (ES) have emerged as possibly the most important and challenging development in the corporate use of information technology in the last decade. Organizations have invested heavily in these large, integrated application software suites expecting improvments in; business processes, management of expenditure, customer service, and more generally, competitiveness, improved access to better information/knowledge (i.e., business intelligence and analytics). Forrester survey data consistently shows that investment in ES and enterprise applications in general remains the top IT spending priority, with the ES market estimated at $38 billion and predicted to grow at a steady rate of 6.9%, reaching $50 billion by 2012 (Wang & Hamerman, 2008). Yet, organizations have failed to realize all the anticipated benefits. One of the key reasons is the inability of employees to properly utilize the capabilities of the enterprise systems to complete the work and extract information critical to decision making. In response, universities (tertiary institutes) have developed academic programs aimed at addressing the skill gaps. In parallel with the proliferation of ES, there has been growing recognition of the importance of Teaching Enterprise Systems at tertiary education institutes. Many academic papers have discused the important role of Enterprise System curricula at tertiary education institutes (Ask, 2008; Hawking, 2004; Stewart, 2001), where the teaching philosophises, teaching approaches and challenges in Enterprise Systems education were discussed. Following the global trends, tertiary institutes in the Pacific-Asian region commenced introducing Enterprise System curricula in late 1990s with a range of subjects (a subject represents a single unit, rather than a collection of units; which we refer to as a course) in faculties / schools / departments of Information Technology, Business and in some cases in Engineering. Many tertiary educations commenced their initial subject offers around four salient concepts of Enterprise Systems: (1) Enterprise Systems implementations, (2) Introductions to core modules of Enterprise Systems, (3) Application customization using a programming language (e.g. ABAP) and (4) Systems Administration. While universities have come a long way in developing curricula in the enterprise system area, many obstacles remain: high cost of technology, qualified faculty to teach, lack of teaching materials, etc.

Development of a data mining-based analysis framework for multi-attribute construction project information

Data mining techniques extract repeated and useful patterns from a large data set that in turn are utilized to predict the outcome of future events. The main purpose of the research presented in this paper is to investigate data mining strategies and develop an efficient framework for multi-attribute project information analysis to predict the performance of construction projects. The research team first reviewed existing data mining algorithms, applied them to systematically analyze a large project data set collected by the survey, and finally proposed a data-mining-based decision support framework for project performance prediction. To evaluate the potential of the framework, a case study was conducted using data collected from 139 capital projects and analyzed the relationship between use of information technology and project cost performance. The study results showed that the proposed framework has potential to promote fast, easy to use, interpretable, and accurate project data analysis.

Efficient safety information retrieval on construction sites: a preliminary methodology

IT-supported field data management benefits on-site construction management by improving accessibility to the information and promoting efficient communication between project team members. However, most of on-site safety inspections still heavily rely on subjective judgment and manual reporting processes and thus observers’ experiences often determine the quality of risk identification and control. This study aims to develop a methodology to efficiently retrieve safety-related information so that the safety inspectors can easily access to the relevant site safety information for safer decision making. The proposed methodology consists of three stages: (1) development of a comprehensive safety database which contains information of risk factors, accident types, impact of accidents and safety regulations; (2) identification of relationships among different risk factors based on statistical analysis methods; and (3) user-specified information retrieval using data mining techniques for safety management. This paper presents an overall methodology and preliminary results of the first stage research conducted with 101 accident investigation reports.