471 resultados para private security military company
Resumo:
The Open and Trusted Health Information Systems (OTHIS) Research Group has formed in response to the health sector’s privacy and security requirements for contemporary Health Information Systems (HIS). Due to recent research developments in trusted computing concepts, it is now both timely and desirable to move electronic HIS towards privacy-aware and security-aware applications. We introduce the OTHIS architecture in this paper. This scheme proposes a feasible and sustainable solution to meeting real-world application security demands using commercial off-the-shelf systems and commodity hardware and software products.
Resumo:
The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRM is one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumer’s privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.
Resumo:
SITDRM 1 is a privacy protection system that protects private data through the enforcement of MPEG REL licenses provided by consumers. Direct issuing of licenses by consumers has several usability problems that will be mentioned in this paper. Further, we will describe how SITDRM incorporates P3P language to provide a consumer-centered privacy protection system.
Developing a best practice framework for implementing public private partnerships (PPP) in Hong Kong
Resumo:
Public Private Partnership (PPP) is a well established methodology for procuring public works projects. By incorporating the private sector’s expertise, efficiency, innovation, business sense, risk sharing, financing etc. into public works projects, the quality of public services and facilities can be uplifted. Like many jurisdictions, Hong Kong is also keen to take aboard this methodology which is so familiar but yet so distant. Although they have been one of the first jurisdictions to utilise the private sector in public works projects, their comfortable financial reserves has meant that there has been no urge to push the movement until recently. PPP has become increasingly popular amongst governments. The Hong Kong Special Administrative Region (HKSAR) government is no exception. Some of the more active works departments have commissioned studies to investigate the best ways to deliver these projects, others have even trialed the method themselves. The efficiency Unit of the HKSAR government has also become an active arm in conducting research in this area. Although so, the information that is currently available is still very broad. Building from their works there is a need to develop a best practice framework for implementing PPP projects in Hong Kong by incorporating international experiences. To develop a best practice framework will require thorough investigation into the benefits, difficulties and critical success factor of PPP. PPP should also be compared with other procurement methods. In order to do so it is important to clearly understand the local situation by an analysis of projects conducted to date. Lessons learnt can further be derived from other countries and incorporated to those derived locally. Finally the best conditions in terms of project nature, complexity, types, and scales for adopting PPP should be derived. The aim and objectives of this study were achieved via a comprehensive literature review, in-depth case analyses, interview survey with experts from both Hong Kong and overseas, and finally a large scale data collection was conducted via a questionnaire survey with PPP practitioners. These findings were further triangulated before they were used as the basis to form the best practice framework presented in this thesis. The framework was then further validated by PPP experts to ensure it is comprehensive, objective, reliable and practical. This study has presented a methodology that can be adopted for future studies. It has also updated our knowledge on the development trends of PPP as well as opened up the experiences of other jurisdictions. The findings have shown that the local industry is familiar with “what” should be done in PPP projects but they are unsure of “how” these goals can be achieved. This framework has allowed this further knowledge to be delivered to PPP practitioners. As a result, the development of this framework can help to resolve the current economic crisis by encouraging more developments and business opportunities for the private sector. In addition, the correct projects can be delivered by PPP, the advantages of PPP can be maximised, and the general public can benefit from the private sector’s participation.
Resumo:
PPPs are held to be a powerful way of mobilising private finance and resources to deliver public infrastructure. Theoretically, research into procurement has begun to acknowledge difficulties with the classification and assessment of different types of procurement, particularly those which do not sufficiently acknowledge variety within specific types of procurement methods. This paper advances a theoretical framework based on an evolutionary economic conceptualisation of a routine, which can accommodate the variety evident in procurement projects, in particular PPPs. The paper tests how the various elements of a PPP, as advanced in the theoretical framework, affect performance across 10 case studies. It concludes, that a limited number of elements of a PPP affect their performance, and provides strong evidence for the theoretical model advanced in this paper.
Resumo:
An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.
Resumo:
Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.
Resumo:
Sets out a system of corporate governance regulation, aimed at combining legal and social methods of governing director behaviour and at creating a framework flexible enough to accommodate different business and ethical cultures. Outlines the theoretical basis of corporate governance and the broad responsibilities of directors, and discusses the extent to which they can and should be regulated. Discusses the constitution of a regulatory framework encompassing law, soft law and best practice, and ethics.
Resumo:
Public private partnerships (PPP) have been widely used as a method for public infrastructure project delivery not only locally and internationally, however the adoption of PPPs in social infrastructure procurement has still been very limited. The objective of this paper is to investigate the potential of implementation of current PPP framework in social affordable housing projects in South East Queensland. Data were collected from 22 interviewees with rich experiences in the industry. The findings of this study show that affordable housing investment have been considered by the industry practitioners as a risky business in comparison to other private rental housing investment. The main determents of the adoption of PPPs in social infrastructure project are the tenant-related factors, such as the inability of paying rent and the inability of caring the property. The study also suggests the importance of seeking strategic partnership with community-based organisation that has experiences in managing similar tenants’ profiles. Current PPP guideline is also viewed as inappropriate for the affordable housing projects, but the principle of VFM framework and risk allocation in PPPs still be applied to the affordable housing projects. This study helps to understand the viability of PPP in social housing procurement projects, and point out the importance of developing guideline for multi-stakeholder partnership and the expansion of the current VFM and PPPs guidelines.
Resumo:
Schools have seldom been examined by scholars in studies of organizational sites. Yet schools and the educational context in which they operate, offer potentially important insights into how organizations use rhetoric in their communications to persuade audiences and leverage advantage in the marketplace. This study, which utilises rhetorical analysis to examine the persuasive, yet ambiguous strategies used in 65 school prospectuses in Australia, revealed six strategies consistently used by schools to leverage competitive advantage and persuade internal and external audiences: identification, juxtapositioning, bolstering or self-promotion, partial reporting, selfexpansion and reframing or reversal. As well as illustrating how schools operate in the context of marketisation and privatization discourses in 21st century education, the organizational theory and methods utilised for the research demonstrates how rhetorical strategies draw on, as well as reproduce, socio-political and cultural discourses around economic and social privilege.
Resumo:
Network-based Intrusion Detection Systems (NIDSs) analyse network traffic to detect instances of malicious activity. Typically, this is only possible when the network traffic is accessible for analysis. With the growing use of Virtual Private Networks (VPNs) that encrypt network traffic, the NIDS can no longer access this crucial audit data. In this paper, we present an implementation and evaluation of our approach proposed in Goh et al. (2009). It is based on Shamir's secret-sharing scheme and allows a NIDS to function normally in a VPN without any modifications and without compromising the confidentiality afforded by the VPN.
Resumo:
For over a decade, IT expenditure in China and Malaysia has shown a significant increase, as organisations in these countries are increasingly dependent on information systems (IS) for achieving strategic advantages and business benefits. However, there have been numerous reports of dissatisfaction with IS, and in some cases the effectiveness of the information systems have yet to be reviewed. Two exploratory case studies reported in this paper are the first phase of an overall research in validating the IS-Impact model introduced by Gable, Sedera and Chan in two countries: China and Malaysia. This validation research aims to produce a standard measuring model across different contexts. The purpose of this paper is to present preliminary findings from two exploratory case studies, attempt to test the feasibility of the research design and to investigate applicability of the IS-Impact model in Chinese and Malaysian organisations. Twenty-nine respondents from a Chinese private company and seventeen respondents from a state government in Malaysia were involved in these studies. Findings indicated that most of existing IS-Impact measures are applicable in the study contexts, however, there are some new measures informed by the respondents. Feedback from the case studies also suggested necessary modifications to the Mandarin instrument.
Resumo:
Privacy enhancing protocols (PEPs) are a family of protocols that allow secure exchange and management of sensitive user information. They are important in preserving users’ privacy in today’s open environment. Proof of the correctness of PEPs is necessary before they can be deployed. However, the traditional provable security approach, though well established for verifying cryptographic primitives, is not applicable to PEPs. We apply the formal method of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various security properties of PIEMCP using state space analysis techniques. This investigation provides us with preliminary insights for modeling and verification of PEPs in general, demonstrating the benefit of applying the CPN-based formal approach to proving the correctness of PEPs.
Resumo:
A method of improving the security of biometric templates which satisfies desirable properties such as (a) irreversibility of the template, (b) revocability and assignment of a new template to the same biometric input, (c) matching in the secure transformed domain is presented. It makes use of an iterative procedure based on the bispectrum that serves as an irreversible transformation for biometric features because signal phase is discarded each iteration. Unlike the usual hash function, this transformation preserves closeness in the transformed domain for similar biometric inputs. A number of such templates can be generated from the same input. These properties are illustrated using synthetic data and applied to images from the FRGC 3D database with Gabor features. Verification can be successfully performed using these secure templates with an EER of 5.85%
