363 resultados para Privacy.
Resumo:
Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.
Resumo:
The adoption of e-business by the Australian construction industry lags other service and product industries. It is assumed that slow adoption rate does not reflect the maturity of the technology but is due to adoption impediments peculiar to the nature of construction. This chapter examines impediments to the uptake of e-business nationally and internationally. A systematic and extensive literature search of impediments (also referred to as obstacles, impediments or hindrances) to adoption has been undertaken and the findings discussed in this chapter. This review included more that 200 documents and these have been published in a searchable database as part of a larger research initiative funded by the Cooperative Research Centre for Construction Innovation. The influence of levels of e-business maturity seen in other sectors such as retail, tourism and manufacturing was also captured and a number of major impediments were identified some including: privacy, trust, uncertainty of financial returns, lack of reliable measurement, fraud, lack of support and system maintenance. A total of 23 impediments were assessed in terms of impact to organisational type and size across reviewed documents. With this information it was possible to develop a reference framework for measuring maturity levels and readiness to uptake e-business in construction. Results have also shown that impediments to e-business adoption work differently according to organisational type and culture. Areas of training and people development need to be addressed. This would include a more sensitive approach to the nature of construction organisations, especially to those small and medium enterprises. Raising levels of awareness and creating trust for on-line collaboration are other aspects that need attention, which current studies confirm as lacking. An empirical study within construction, to validate these findings, forms the subsequent phase of this research.
Resumo:
This study explores teenager perceptions towards advertising in the online social networking environment. The future of online social networking sites is dependant upon the continued support of advertisers in this new medium, which is linked to the acceptance of advertising on these sites by their targeted audience. This exploratory study used the qualitative research methods of focus groups and in-depth personal interviews to gain insights from the teenager participants. The literature review in Chapter Two examined the previous research into advertising theories, consumer attitudes and issues such as advertising avoidance, advertising as a service and trust and privacy in the online social networking environment. The teenage consumer was also examined as were the influences of social identity theory. From this literature review eleven propositions were formed which provided a structure to the analysis of the research. Chapter Three outlined the multi-method research approach of using focus groups and in-depth interviews. The key findings were outlined in Chapter Four and Chapter Five provides discussion regarding these findings and the implications for theory and advertising practice. The main findings from this study suggest that teenagers have very high levels of advertising avoidance and are sceptical towards advertising on their online social networking sites. They have an inherent distrust of commercial messages in the online social networking environment; however they are extremely trusting with the information that they disclose online. They believe that if their site is classified as private, then the information disclosed on this site is not accessible to anyone. The study explores the reasons behind these views. This research has resulted in the identification of seven motivations behind online social networking use. A new model of advertising avoidance in the online social networking environment is also presented and discussed. This model makes a contribution towards filling the gap in available research on online social networking sites and advertising perception. The findings of this study have also resulted in the identification of the characteristics of online social networking sites as an advertising medium. The newness of online social networking sites coupled with the enthusiastic adoption of online social networking by the teenage demographic means that this exploratory study will be of interest to both academics and practitioners alike.
Resumo:
The adoption of e-business by the Australian construction industry lags other service and product industries. It is assumed that slow adoption rate does not reflect the maturity of the technology but is due to adoption barriers peculiar to the nature of construction. This paper examines impediments to the uptake of e-business nationally and internationally. A systematic and extensive literature search of barriers (also referred to as obstacles, impediments or hindrances) to adoption has been undertaken and the findings discussed in this paper. This review included more that 200 documents and these have been published in a searchable database as part of a larger research initiative funded by the Cooperative Research Centre for Construction Innovation. The influence of levels of e-business maturity seen in other sectors such as retail, tourism and manufacturing was also captured and a number of major barriers were identified some including: privacy, trust, uncertainty of financial returns, lack of reliable measurement, fraud, lack of support and system maintenance. A total of 23 barriers were assessed in terms of impact to organisational type and size across reviewed documents. With this information it was possible to develop a reference framework for measuring maturity levels and readiness to uptake e-business in construction. Results have also shown that barriers to e-business adoption work differently according to organisational type and culture. Areas of training and people development need to be addressed. This would include a more sensitive approach to the nature of construction organisations, especially to those small and medium enterprises. Raising levels of awareness and creating trust for on-line collaboration are other aspects that need attention, which current studies confirm as lacking. An empirical study within construction, to validate these findings, forms the subsequent phase of this research.
Resumo:
This paper provides a fresh analysis of the widely-used Common Scrambling Algorithm Stream Cipher (CSA-SC). Firstly, a new representation of CSA-SC with a state size of only 89 bits is given, a significant reduction from the 103 bit state of a previous CSA-SC representation. Analysis of this 89-bit representation demonstrates that the basis of a previous guess-and-determine attack is flawed. Correcting this flaw increases the complexity of that attack so that it is worse than exhaustive key search. Although that attack is not feasible, the reduced state size of our representation makes it obvious that CSA-SC is vulnerable to several generic attacks, for which feasible parameters are given.
Resumo:
There is currently a strong focus worldwide on the potential of large-scale Electronic Health Record (EHR) systems to cut costs and improve patient outcomes through increased efficiency. This is accomplished by aggregating medical data from isolated Electronic Medical Record databases maintained by different healthcare providers. Concerns about the privacy and reliability of Electronic Health Records are crucial to healthcare service consumers. Traditional security mechanisms are designed to satisfy confidentiality, integrity, and availability requirements, but they fail to provide a measurement tool for data reliability from a data entry perspective. In this paper, we introduce a Medical Data Reliability Assessment (MDRA) service model to assess the reliability of medical data by evaluating the trustworthiness of its sources, usually the healthcare provider which created the data and the medical practitioner who diagnosed the patient and authorised entry of this data into the patient’s medical record. The result is then expressed by manipulating health record metadata to alert medical practitioners relying on the information to possible reliability problems.
Resumo:
Electronic Health Record (EHR) systems are being introduced to overcome the limitations associated with paper-based and isolated Electronic Medical Record (EMR) systems. This is accomplished by aggregating medical data and consolidating them in one digital repository. Though an EHR system provides obvious functional benefits, there is a growing concern about the privacy and reliability (trustworthiness) of Electronic Health Records. Security requirements such as confidentiality, integrity, and availability can be satisfied by traditional hard security mechanisms. However, measuring data trustworthiness from the perspective of data entry is an issue that cannot be solved with traditional mechanisms, especially since degrees of trust change over time. In this paper, we introduce a Time-variant Medical Data Trustworthiness (TMDT) assessment model to evaluate the trustworthiness of medical data by evaluating the trustworthiness of its sources, namely the healthcare organisation where the data was created and the medical practitioner who diagnosed the patient and authorised entry of this data into the patient’s medical record, with respect to a certain period of time. The result can then be used by the EHR system to manipulate health record metadata to alert medical practitioners relying on the information to possible reliability problems.
Resumo:
The gathering of people in everyday life is intertwined with travelling to negotiated locations. As a result, mobile phones are often used to rearrange meetings when one or more participants are late or cannot make it on time. Our research is based on the hypothesis that the provision of location data can enhance the experience of people who are meeting each other in different locations. This paper presents work-in-progress on a novel approach to share one’s location data in real-time which is visualised on a web-based map in a privacy conscious way. Disposable Maps allows users to select contacts from their phone’s address book who then receive up-to-date location data. The utilisation of peer-to-peer notifications and the application of unique URLs for location storage and presentation enable location sharing whilst ensuring users’ location privacy. In contrast to other location sharing services like Google Latitude, Disposable Maps enables ad hoc location sharing to actively selected location receivers for a fixed period of time in a specific given situation. We present first insights from an initial application user test and show future work on the approach of disposable information allocation.
Resumo:
Current regulatory requirements on data privacy make it increasingly important for enterprises to be able to verify and audit their compliance with their privacy policies. Traditionally, a privacy policy is written in a natural language. Such policies inherit the potential ambiguity, inconsistency and mis-interpretation of natural text. Hence, formal languages are emerging to allow a precise specification of enforceable privacy policies that can be verified. The EP3P language is one such formal language. An EP3P privacy policy of an enterprise consists of many rules. Given the semantics of the language, there may exist some rules in the ruleset which can never be used, these rules are referred to as redundant rules. Redundancies adversely affect privacy policies in several ways. Firstly, redundant rules reduce the efficiency of operations on privacy policies. Secondly, they may misdirect the policy auditor when determining the outcome of a policy. Therefore, in order to address these deficiencies it is important to identify and resolve redundancies. This thesis introduces the concept of minimal privacy policy - a policy that is free of redundancy. The essential component for maintaining the minimality of privacy policies is to determine the effects of the rules on each other. Hence, redundancy detection and resolution frameworks are proposed. Pair-wise redundancy detection is the central concept in these frameworks and it suggests a pair-wise comparison of the rules in order to detect redundancies. In addition, the thesis introduces a policy management tool that assists policy auditors in performing several operations on an EP3P privacy policy while maintaining its minimality. Formal results comparing alternative notions of redundancy, and how this would affect the tool, are also presented.
Resumo:
The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRM is one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumer’s privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.
Resumo:
Monitoring unused or dark IP addresses offers opportunities to extract useful information about both on-going and new attack patterns. In recent years, different techniques have been used to analyze such traffic including sequential analysis where a change in traffic behavior, for example change in mean, is used as an indication of malicious activity. Change points themselves say little about detected change; further data processing is necessary for the extraction of useful information and to identify the exact cause of the detected change which is limited due to the size and nature of observed traffic. In this paper, we address the problem of analyzing a large volume of such traffic by correlating change points identified in different traffic parameters. The significance of the proposed technique is two-fold. Firstly, automatic extraction of information related to change points by correlating change points detected across multiple traffic parameters. Secondly, validation of the detected change point by the simultaneous presence of another change point in a different parameter. Using a real network trace collected from unused IP addresses, we demonstrate that the proposed technique enables us to not only validate the change point but also extract useful information about the causes of change points.
Resumo:
Advances in information and communications technologies during the last two decades have allowed organisations to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other international jurisdictions. Following the Australian Law Reform Commission’s review of privacy, data breach notification will soon be addressed in Australia. This article provides a review of US and Australian legal initiatives regarding the notification of data breaches. The authors highlight areas of concern based on the extant US literature that require specific consideration in Australia regarding the development of an Australian legal framework for the notification of data breaches.
Resumo:
President’s Message Hello fellow AITPM members, We’ve been offered a lot of press lately about the Federal Government’s plan for the multibillion dollar rollout of its high speed broadband network, which at the moment is being rated to a speed of 100Mb/s. This seems fantastic in comparison to the not atypical 250 to 500kb/s that I receive on my metropolitan cable broadband, which incidentally my service provider rates at theoretical speeds of up to 8 Mb/s. I have no doubt that such a scheme will generate significant advantages to business and consumers. However, I also have some reservations. Only a few of years ago I marvelled at my first 256Mb USB stick, which cost my employer about $90. Last month I purchased a 16Gb stick with a free computer carry bag for $80, which on the back of my envelope has given me about 72 times the value of my first USB stick not including the carry bag! I am pretty sure the technology industry will find a way to eventually push a lot more than 100Mb/s down the optic fibre network just as they have done with pushing several Mb/s ADSL2 down antique copper wire. This makes me wonder about the general problem of inbuilt obsolescence of all things high-tech due to rapid advances in the tech industry. As a transport professional I then think to myself that our industry has been moving forward at somewhat of a slower pace. We certainly have had major milestones having significant impacts, such as the move from horse and cart to the self propelled motor vehicle, sealing and formal geometric design of roads, development of motorways, signalisation of intersections, coordination of networks, to simulation modelling for real time adaptive control (perhaps major change has been at a frequency of 30 years or so?). But now with ITS truly penetrating the transport market, largely thanks to the in-car GPS navigator, smart phone, e-toll and e-ticket, I believe that to avoid our own obsolescence we’re going to need to “plan for ITS” rather than just what we seem to have been doing up until now, that is, to get it out there. And we’ll likely need to do it at a faster pace. It will involve understanding how to data mine enormous data sets, better understanding the human/machine interface, keeping pace with automotive technology more closely, resolving the ethical and privacy chestnuts, and in the main actually planning for ITS to make peoples’ lives easier rather than harder. And in amongst this we’ll need to keep pace with the types of technology advances similar to my USB stick example above. All the while we’ll be making a brand new set of friends in the disciplines that will morph into ITS along with us. Hopefully these will all be “good” problems for our profession to have. I should close in reminding everyone again that AITPM’s flagship event, the 2009 AITPM National Conference, Traffic Beyond Tomorrow, is being held in Adelaide from 5 to 7 August. www.aitpm.com has all of the details about how to register, sponsor a booth, session, etc. Best regards all, Jon Bunker
Resumo:
This report focuses on risk-assessment practices in the private rental market, with particular consideration of their impact on low-income renters. It is based on the fieldwork undertaken in the second stage of the research process that followed completion of the Positioning Paper. The key research question this study addressed was: What are the various factors included in ‘risk-assessments’ by real estate agents in allocating ‘affordable’ tenancies? How are these risks quantified and managed? What are the key outcomes of their decision-making? The study builds on previous research demonstrating that a relatively large proportion of low-cost private rental accommodation is occupied by moderate- to high-income households (Wulff and Yates 2001; Seelig 2001; Yates et al. 2004). This is occurring in an environment where the private rental sector is now the de facto main provider of rental housing for lower-income households across Australia (Seelig et al. 2005) and where a number of factors are implicated in patterns of ‘income–rent mismatching’. These include ongoing shifts in public housing assistance; issues concerning eligibility for rent assistance; ‘supply’ factors, such as loss of low-cost rental stock through upgrading and/or transfer to owner-occupied housing; patterns of supply and demand driven largely by middle- to high-income owner-investors and renters; and patterns of housing need among low-income households for whom affordable housing is not appropriate. In formulating a way of approaching the analysis of ‘risk-assessment’ in rental housing management, this study has applied three sociological perspectives on risk: Beck’s (1992) formulation of risk society as entailing processes of ‘individualisation’; a socio-cultural perspective which emphasises the situated nature of perceptions of risk; and a perspective which has drawn attention to different modes of institutional governance of subjects, as ‘carriers of specific indicators of risk’. The private rental market was viewed as a social institution, and the research strategy was informed by ‘institutional ethnography’ as a method of enquiry. The study was based on interviews with property managers, real estate industry representatives, tenant advocates and community housing providers. The primary focus of inquiry was on ‘the moment of allocation’. Six local areas across metropolitan and regional Queensland, New South Wales, and South Australia were selected as case study localities. In terms of the main findings, it is evident that access to private rental housing is not just a matter of ‘supply and demand’. It is also about assessment of risk among applicants. Risk – perceived or actual – is thus a critical factor in deciding who gets housed, and how. Risk and its assessment matter in the context of housing provision and in the development of policy responses. The outcomes from this study also highlight a number of salient points: 1.There are two principal forms of risk associated with property management: financial risk and risk of litigation. 2. Certain tenant characteristics and/or circumstances – ability to pay and ability to care for the rented property – are the main factors focused on in assessing risk among applicants for rental housing. Signals of either ‘(in)ability to pay’ and/or ‘(in)ability to care for the property’ are almost always interpreted as markers of high levels of risk. 3. The processing of tenancy applications entails a complex and variable mix of formal and informal strategies of risk-assessment and allocation where sorting (out), ranking, discriminating and handing over characterise the process. 4. In the eyes of property managers, ‘suitable’ tenants can be conceptualised as those who are resourceful, reputable, competent, strategic and presentable. 5. Property managers clearly articulated concern about risks entailed in a number of characteristics or situations. Being on a low income was the principal and overarching factor which agents considered. Others included: - unemployment - ‘big’ families; sole parent families - domestic violence - marital breakdown - shift from home ownership to private rental - Aboriginality and specific ethnicities - physical incapacity - aspects of ‘presentation’. The financial vulnerability of applicants in these groups can be invoked, alongside expressed concerns about compromised capacities to manage income and/or ‘care for’ the property, as legitimate grounds for rejection or a lower ranking. 6. At the level of face-to-face interaction between the property manager and applicants, more intuitive assessments of risk based upon past experience or ‘gut feelings’ come into play. These judgements are interwoven with more systematic procedures of tenant selection. The findings suggest that considerable ‘risk’ is associated with low-income status, either directly or insofar as it is associated with other forms of perceived risk, and that such risks are likely to impede access to the professionally managed private rental market. Detailed analysis suggests that opportunities for access to housing by low-income householders also arise where, for example: - the ‘local experience’ of an agency and/or property manager works in favour of particular applicants - applicants can demonstrate available social support and financial guarantors - an applicant’s preference or need for longer-term rental is seen to provide a level of financial security for the landlord - applicants are prepared to agree to specific, more stringent conditions for inspection of properties and review of contracts - the particular circumstances and motivations of landlords lead them to consider a wider range of applicants - In particular circumstances, property managers are prepared to give special consideration to applicants who appear worthy, albeit ‘risky’. The strategic actions of demonstrating and documenting on the part of vulnerable (low-income) tenant applicants can improve their chances of being perceived as resourceful, capable and ‘savvy’. Such actions are significant because they help to persuade property managers not only that the applicant may have sufficient resources (personal and material) but that they accept that the onus is on themselves to show they are reputable, and that they have valued ‘competencies’ and understand ‘how the system works’. The parameters of the market do shape the processes of risk-assessment and, ultimately, the strategic relation of power between property manager and the tenant applicant. Low vacancy rates and limited supply of lower-cost rental stock, in all areas, mean that there are many more tenant applicants than available properties, creating a highly competitive environment for applicants. The fundamental problem of supply is an aspect of the market that severely limits the chances of access to appropriate and affordable housing for low-income rental housing applicants. There is recognition of the impact of this problem of supply. The study indicates three main directions for future focus in policy and program development: providing appropriate supports to tenants to access and sustain private rental housing, addressing issues of discrimination and privacy arising in the processes of selecting suitable tenants, and addressing problems of supply.
