152 resultados para secure audit
Resumo:
Previous research has indicated that road crashes are the most common form of work related fatalities (Haworth et al., 2000). Historically, industry has often taken a “silver bullet” approach developing and implementing a single countermeasure to address all their work related road safety issues, despite legislative requirements to discharge obligations through minimising risk and enhancing safety. This paper describes the results and implications from a series of work related road safety audits that were undertaken across five organisations to determine deficiencies in each organisation‟s safe driving management and practice. Researchers conducted a series of structured interviews, reviewed documentation relating to work related driving, and analysed vehicle related crash and incident records to determine each organisation‟s current situation in the management of work related road safety and driver behaviour. A number of consistent themes and issues across each organisation were identified relating to managing driver behaviour, organisational policies, incident recording and reporting, communication and education, and formalisation of key work related road safety strategies. Although organisations are required to undertake risk reduction strategies for all work related driving, the results of the research suggest that many organisations fail to systematically manage driver behaviour and mitigate work related road safety risk. Future improvements in work related road safety will require organisations to firstly acknowledge the high risk associated with drivers driving for work and secondly adopt comprehensive risk mitigation strategies in a similar manner to managing other workplace hazards.
Resumo:
A self-escrowed public key infrastructure (SE-PKI) combines the usual functionality of a public-key infrastructure with the ability to recover private keys given some trap-door information. We present an additively homomorphic variant of an existing SE-PKI for ElGamal encryption. We also propose a new efficient SE-PKI based on the ElGamal and Okamoto-Uchiyama cryptosystems that is more efficient than the previous SE-PKI. This is the first SE-PKI that does not suffer from a key doubling problem of previous SE-PKI proposals. Additionally, we present the first self-escrowed encryption schemes secure against chosen-ciphertext attack in the standard model. These schemes are also quite efficient and are based on the Cramer-Shoup cryptosystem, and the Kurosawa-Desmedt hybrid variant in different groups.
Resumo:
Medical industries have brought Information Technology (IT) in their systems for both patients and medical staffs due to the numerous benefits of IT we experience at presently. Moreover, the Mobile healthcare (M-health) system has been developed as the first step of Ubiquitous Health Environment (UHE). With the mobility and multi-functions, M-health system will be able to provide more efficient and various services for both doctors and patients. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well implemented. In this paper, user authentication and authorization procedures will applied as a featured component at each level of M-health systems inthe hospital environment. Accordingly, M-health system in the hospital will meet the optimal requirements as a countermeasure to its vulnerabilities.
Resumo:
U-Healthcare means that it provides healthcare services "at anytime and anywhere" using wired, wireless and ubiquitous sensor network technologies. As a main field of U-healthcare, Telehealth has been developed as an enhancement of Telemedicine. This system includes two-way interactive web-video communications, sensor technology, and health informatics. With these components, it will assist patients to receive their first initial diagnosis. Futhermore, Telehealth will help doctors diagnose patient's diseases at early stages and recommend treatments to patients. However, this system has a few limitations such as privacy issues, interruption of real-time service and a wrong ordering from remote diagnosis. To deal with those flaws, security procedures such as authorised access should be applied to as an indispensible component in medical environment. As a consequence, Telehealth system with these protection procedures in clinical services will cope with anticipated vulnerabilities of U-Healthcare services and security issues involved.
Resumo:
This study aimed to gauge the presence of markers of chronic disease, as a basis for food and nutrition policy in correctional facilities. One hundred and twenty offenders, recruited from a Queensland Correctional Centre, provided informed consent and completed both dietary interviews and physical measurements. Mean age of the sample was 35.5 ± 12 years (range = 19–77 yrs); mean age of the total population (n = 945) was 32.8 ± 10 years (range = 19–80 yrs). Seventy-nine participants also provided fasting blood samples. The mean body mass index (BMI) was 27 ± 3.5 kg/m2; 72% having a BMI > 25 kg/m2. Thirty-three percent were classified overweight or obese using waist circumference (mean = 92 ± 10 cm). Mean blood pressure measurement was systolic = 130 ± 14 mmHg and diastolic = 73 ± 10 mmHg. Twenty-four percent were classified as hypertensive of whom three were on antihypertensive medication. Eighteen percent had elevated triglycerides, and 40% unfavourable total cholesterol to HDL ratios. Homeostatic Model Assessment (HOMA scores) were calculated from glucose and insulin. Four participants were insulin resistant, two of whom had known diabetes. Metabolic syndrome, based on waist circumference (adjusted for ethnicity), blood lipids, blood pressure and plasma glucose indicated that 25% (n = 20) were classified with metabolic syndrome. Eighty-four percent (n = 120) reported some physical activity each day, with 51 percent participating ≥two times daily. Fifty-four percent reported smoking with an additional 20% having smoked in the past. Findings suggest that waist circumference rather than weight and BMI only should be used in this group to determine weight status. The data suggest that markers of chronic disease are present and that food and nutrition policy must reflect this. Further analysis is being completed to determine relevant policy initiatives.
Resumo:
Secrecy of decryption keys is an important pre-requisite for security of any encryption scheme and compromised private keys must be immediately replaced. \emph{Forward Security (FS)}, introduced to Public Key Encryption (PKE) by Canetti, Halevi, and Katz (Eurocrypt 2003), reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event. The FS property was also shown to be achievable in (Hierarchical) Identity-Based Encryption (HIBE) by Yao, Fazio, Dodis, and Lysyanskaya (ACM CCS 2004). Yet, for emerging encryption techniques, offering flexible access control to encrypted data, by means of functional relationships between ciphertexts and decryption keys, FS protection was not known to exist.\smallskip In this paper we introduce FS to the powerful setting of \emph{Hierarchical Predicate Encryption (HPE)}, proposed by Okamoto and Takashima (Asiacrypt 2009). Anticipated applications of FS-HPE schemes can be found in searchable encryption and in fully private communication. Considering the dependencies amongst the concepts, our FS-HPE scheme implies forward-secure flavors of Predicate Encryption and (Hierarchical) Attribute-Based Encryption.\smallskip Our FS-HPE scheme guarantees forward security for plaintexts and for attributes that are hidden in HPE ciphertexts. It further allows delegation of decrypting abilities at any point in time, independent of FS time evolution. It realizes zero-inner-product predicates and is proven adaptively secure under standard assumptions. As the ``cross-product" approach taken in FS-HIBE is not directly applicable to the HPE setting, our construction resorts to techniques that are specific to existing HPE schemes and extends them with what can be seen as a reminiscent of binary tree encryption from FS-PKE.
Resumo:
Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the Australian public sector. Based on literature research and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.
Resumo:
Nonprofits constitute a large part of collective behaviour in society. Presently there is little formal research addressing the role of audits in nonprofit organisations. Before models can be developed for the production of nonprofit auditing information, it is necessary to examine the present conduct of nonprofit audits. The Australian Accounting Research Foundation - Legislation Review Board has released a position paper on the Association Incorporation Acts in Australia - the most frequently used legal form for nonprofit organisations. The Board is addressing the issue of financial statement reporting including audit. This is coinciding with the investigations resulting from the collapse of the National Safety Council (Victorian Division), (NSC). The NSC, a nonprofit organisation formed as a company limited by guarantee, is in liquidation and the auditors are being sued for damages resulting from their alleged failure to perform their duties adequately.
Resumo:
In recent years, Water Sensitive Urban Design (WSUD) has been strongly promoted in South East Queensland to mitigate quantity and quality issues in relation to stormwater. Gold Coast City Council has implemented WSUD devices widely for stormwater management for a number of years and is planning to continue this practice into the future. According to the planning policy of Gold Coast City Council, the adoption of WSUD practices is now mandatory for any new development within the city. As a result, Council is expected to be in possession of tens of millions of dollars of these assets in the future and will be responsible for their maintenance and long-term management. Any shortcoming in the implementation of best practice can potentially result in substantial liability for the Council in the future. However, there has been limited evaluation of WSUD systems in relation to their performance, long-term maintenance, and current knowledge gaps. It was considered that periodical audits of WSUD applications on the Gold Coast is vital to ensure that Council’s WSUD policies are continually improved to new learning and best practice is implemented and risk to Council is mitigated. After a series of stakeholder interviews within Council to understand current practical issues (weaknesses and strengths) in relation to the implementation of WSUD on the Gold Coast, a field audit comprising of condition assessment of eleven WSUD systems within four suburbs was undertaken to identify weaknesses and strengths in WSUD implementation on the Gold Coast. The outcomes of this study are presented in this paper.
Resumo:
Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.
Resumo:
We blend research from human-computer interface (HCI) design with computational based crypto- graphic provable security. We explore the notion of practice-oriented provable security (POPS), moving the focus to a higher level of abstraction (POPS+) for use in providing provable security for security ceremonies involving humans. In doing so we high- light some challenges and paradigm shifts required to achieve meaningful provable security for a protocol which includes a human. We move the focus of security ceremonies from being protocols in their context of use, to the protocols being cryptographic building blocks in a higher level protocol (the security cere- mony), which POPS can be applied to. In order to illustrate the need for our approach, we analyse both a protocol proven secure in theory, and a similar proto- col implemented by a �nancial institution, from both HCI and cryptographic perspectives.
Resumo:
We consider the problem of how to maximize secure connectivity of multi-hop wireless ad hoc networks after deployment. Two approaches, based on graph augmentation problems with nonlinear edge costs, are formulated. The first one is based on establishing a secret key using only the links that are already secured by secret keys. This problem is in NP-hard and does not accept polynomial time approximation scheme PTAS since minimum cutsets to be augmented do not admit constant costs. The second one is based of increasing the power level between a pair of nodes that has a secret key to enable them physically connect. This problem can be formulated as the optimal key establishment problem with interference constraints with bi-objectives: (i) maximizing the concurrent key establishment flow, (ii) minimizing the cost. We show that both problems are NP-hard and MAX-SNP (i.e., it is NP-hard to approximate them within a factor of 1 + e for e > 0 ) with a reduction to MAX3SAT problem. Thus, we design and implement a fully distributed algorithm for authenticated key establishment in wireless sensor networks where each sensor knows only its one- hop neighborhood. Our witness based approaches find witnesses in multi-hop neighborhood to authenticate the key establishment between two sensor nodes which do not share a key and which are not connected through a secure path.
Resumo:
We consider the problem of maximizing the secure connectivity in wireless ad hoc networks, and analyze complexity of the post-deployment key establishment process constrained by physical layer properties such as connectivity, energy consumption and interference. Two approaches, based on graph augmentation problems with nonlinear edge costs, are formulated. The first one is based on establishing a secret key using only the links that are already secured by shared keys. This problem is in NP-hard and does not accept polynomial time approximation scheme PTAS since minimum cutsets to be augmented do not admit constant costs. The second one extends the first problem by increasing the power level between a pair of nodes that has a secret key to enable them physically connect. This problem can be formulated as the optimal key establishment problem with interference constraints with bi-objectives: (i) maximizing the concurrent key establishment flow, (ii) minimizing the cost. We prove that both problems are NP-hard and MAX-SNP with a reduction to MAX3SAT problem.
Resumo:
This paper extends research on the corporate governance practices of transitional economies by examining whether the ability of the audit committee to constrain earnings management in Chinese firms is associated with the listing environment and the presence of government officials on the audit committee. Despite considerable regulatory reforms by the Chinese Securities Regulatory Commission, there remain incentives for Chinese firms to manage earnings. However, government initiatives to encourage domestic firms to cross-list on the Hong Kong Stock Exchange are accompanied by improved governance. We find that the expertise and independence of the audit committee for cross-listed (CL) Chinese firms are associated with lower abnormal accruals, our measure of earnings management. Both domestic only listed firms and CL Chinese firms appoint government officials as independent members on the audit committee. However, due to the political connection between government officials and the controlling shareholder (the State), these appointments can severely mitigate audit committee independence. Subsequently, we find a significant and positive association between audit committee independence and experience and earnings management when there are government officials on the audit committee.
Resumo:
Stream ciphers are symmetric key cryptosystems that are used commonly to provide confidentiality for a wide range of applications; such as mobile phone, pay TV and Internet data transmissions. This research examines the features and properties of the initialisation processes of existing stream ciphers to identify flaws and weaknesses, then presents recommendations to improve the security of future cipher designs. This research investigates well-known stream ciphers: A5/1, Sfinks and the Common Scrambling Algorithm Stream Cipher (CSA-SC). This research focused on the security of the initialisation process. The recommendations given are based on both the results in the literature and the work in this thesis.
