Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Psychological determinants of safety culture

- Safety psychology and workplace safety - Motivational and attitudinal components of safety - Psychological determinants of safety - Addressing risk-behaviour in safety - Case Study from Construction - Discussion and Questions

Repair of calvarial defects with customized tissue-engineered bone grafts - I. Evaluation of osteogenesis in a three-dimensional culture system

Bone generation by autogenous cell transplantation in combination with a biodegradable scaffold is one of the most promising techniques being developed in craniofacial surgery. The objective of this combined in vitro and in vivo study was to evaluate the morphology and osteogenic differentiation of bone marrow derived mesenchymal progenitor cells and calvarial osteoblasts in a two-dimensional (2-D) and three-dimensional (3-D) culture environment (Part I of this study) and their potential in combination with a biodegradable scaffold to reconstruct critical-size calvarial defects in an autologous animal model [Part II of this study; see Schantz, J.T., et al. Tissue Eng. 2003;9(Suppl. 1):S-127-S-139; this issue]. New Zealand White rabbits were used to isolate osteoblasts from calvarial bone chips and bone marrow stromal cells from iliac crest bone marrow aspirates. Multilineage differentiation potential was evaluated in a 2-D culture setting. After amplification, the cells were seeded within a fibrin matrix into a 3-D polycaprolactone (PCL) scaffold system. The constructs were cultured for up to 3 weeks in vitro and assayed for cell attachment and proliferation using phase-contrast light, confocal laser, and scanning electron microscopy and the MTS cell metabolic assay. Osteogenic differentiation was analyzed by determining the expression of alkaline phosphatase (ALP) and osteocalcin. The bone marrow-derived progenitor cells demonstrated the potential to be induced to the osteogenic, adipogenic, and chondrogenic pathways. In a 3-D environment, cell-seeded PCL scaffolds evaluated by confocal laser microscopy revealed continuous cell proliferation and homogeneous cell distribution within the PCL scaffolds. On osteogenic induction mesenchymal progenitor cells (12 U/L) produce significantly higher (p < 0.05) ALP activity than do osteoblasts (2 U/L); however, no significant differences were found in osteocalcin expression. In conclusion, this study showed that the combination of a mechanically stable synthetic framework (PCL scaffolds) and a biomimetic hydrogel (fibrin glue) provides a potential matrix for bone tissue-engineering applications. Comparison of osteogenic differentiation between the two mesenchymal cell sources revealed a similar pattern.

Safety culture research, lead indicators, and the development of safety effectiveness indicators in the construction sector

Construction sector application of Lead Indicators generally and Positive Performance Indicators (PPIs) particularly, are largely seen by the sector as not providing generalizable indicators of safety effectiveness. Similarly, safety culture is often cited as an essential factor in improving safety performance, yet there is no known reliable way of measuring safety culture. This paper proposes that the accurate measurement of safety effectiveness and safety culture is a requirement for assessing safe behaviours, safety knowledge, effective communication and safety performance. Currently there are no standard national or international safety effectiveness indicators (SEIs) that are accepted by the construction industry. The challenge is that quantitative survey instruments developed for measuring safety culture and/ or safety climate are inherently flawed methodologically and do not produce reliable and representative data concerning attitudes to safety. Measures that combine quantitative and qualitative components are needed to provide a clear utility for safety effectiveness indicators.