The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

A security architecture for cloud storage combining proofs of retrievability and fairness

We investigate existing cloud storage schemes and identify limitations in each one based on the security services that they provide. We then propose a new cloud storage architecture that extends CloudProof of Popa et al. to provide availability assurance. This is accomplished by incorporating a proof of storage protocol. As a result, we obtain the first secure storage cloud computing scheme that furnishes all three properties of availability, fairness and freshness.

Effects of simulated cataracts on speech intelligibility

Limited research is available on how well visual cues integrate with auditory cues to improve speech intelligibility in persons with visual impairments, such as cataracts. We investigated whether simulated cataracts interfered with participants’ ability to use visual cues to help disambiguate a spoken message in the presence of spoken background noise. We tested 21 young adults with normal visual acuity and hearing sensitivity. Speech intelligibility was tested under three conditions: auditory only with no visual input, auditory-visual with normal viewing, and auditory-visual with simulated cataracts. Central Institute for the Deaf (CID) Everyday Speech Sentences were spoken by a live talker, mimicking a pre-recorded audio track, in the presence of pre-recorded four-person background babble at a signal-to-noise ratio (SNR) of -13 dB. The talker was masked to the experimental conditions to control for experimenter bias. Relative to the normal vision condition, speech intelligibility was significantly poorer, [t (20) = 4.17, p < .01, Cohen’s d =1.0], in the simulated cataract condition. These results suggest that cataracts can interfere with speech perception, which may occur through a reduction in visual cues, less effective integration or a combination of the two effects. These novel findings contribute to our understanding of the association between two common sensory problems in adults: reduced contrast sensitivity associated with cataracts and reduced face-to-face communication in noise.

A comparison of security of tenure in Queensland and in Western Europe

Queensland residential tenancies are usually granted for up to 12 months with no guarantee of renewal. On expiration of the term, the landlord, without need to provide an explanation, can require the tenant to leave. Europeans find this unusual. As Hammar observes, to ‘never be sure whether ... you will be allowed to stay for another year ... is ok for a student, or for someone working ... but not for households’. This article informs Queensland policy makers and industry about European practices and concludes by proposing legislative amendments to realise the tenant’s security of tenure.

A simulated annealing algorithm for energy efficient virtual machine placement

Improving energy efficiency has become increasingly important in data centers in recent years to reduce the rapidly growing tremendous amounts of electricity consumption. The power dissipation of the physical servers is the root cause of power usage of other systems, such as cooling systems. Many efforts have been made to make data centers more energy efficient. One of them is to minimize the total power consumption of these servers in a data center through virtual machine consolidation, which is implemented by virtual machine placement. The placement problem is often modeled as a bin packing problem. Due to the NP-hard nature of the problem, heuristic solutions such as First Fit and Best Fit algorithms have been often used and have generally good results. However, their performance leaves room for further improvement. In this paper we propose a Simulated Annealing based algorithm, which aims at further improvement from any feasible placement. This is the first published attempt of using SA to solve the VM placement problem to optimize the power consumption. Experimental results show that this SA algorithm can generate better results, saving up to 25 percentage more energy than First Fit Decreasing in an acceptable time frame.

A human-simulated immune evolutionary computation approach

Premature convergence to local optimal solutions is one of the main difficulties when using evolutionary algorithms in real-world optimization problems. To prevent premature convergence and degeneration phenomenon, this paper proposes a new optimization computation approach, human-simulated immune evolutionary algorithm (HSIEA). Considering that the premature convergence problem is due to the lack of diversity in the population, the HSIEA employs the clonal selection principle of artificial immune system theory to preserve the diversity of solutions for the search process. Mathematical descriptions and procedures of the HSIEA are given, and four new evolutionary operators are formulated which are clone, variation, recombination, and selection. Two benchmark optimization functions are investigated to demonstrate the effectiveness of the proposed HSIEA.

Security constrained economic dispatch considering wind energy conversion systems

The available wind power is stochastic and requires appropriate tools in the OPF model for economic and reliable power system operation. This paper exhibit the OPF formulation with factors involved in the intermittency of wind power. Weibull distribution is adopted to find the stochastic wind speed and power distribution. The reserve requirement is evaluated based on the wind distribution and risk of under/over estimation of the wind power. In addition, the Wind Energy Conversion System (WECS) is represented by Doubly Fed Induction Generator (DFIG) based wind farms. The reactive power capability for DFIG based wind farm is also analyzed. The study is performed on IEEE-30 bus system with wind farm located at different buses and with different wind profiles. Also the reactive power capacity to be installed in the wind farm to maintain a satisfactory voltage profile under the various wind flow scenario is demonstrated.

The WTO, the national security exception and climate change

Article XX has been a valuable instrument to justify exceptions from the anti-discrimination provisions of the GATT 1994. In general, this Article is considered by experts to be the most likely defence for any climate change mitigation measure in breach GATT 1994 obligations. That assumption is not in dispute here; rather, this article considers the requirements of the Article XX exceptions, but also explores the conditions of the National Security exception contained in Article XXI. Although it is possible that this exception could be used for climate change mitigation measures, this paper argues that it is unlikely that the National Security exception could be legitimately applied in these circumstances without member agreement to the contrary.

What are the implications of peri-urban agriculture on food security in Australian cities?

Background: Periurban agriculture refers to agricultural practice occurring in areas with mixed rural and urban features. It is responsible 25% of the total gross value of economic production in Australia, despite only comprising 3% of the land used for agriculture. As populations grows and cities expand, they are constantly absorbing surrounding fringe areas, thus creating a new fringe, further from the city causing the periurban region to constantly shift outwards. Periurban regions are fundamental in the provision of fresh food to city populations and residential (and industrial) expansion taking over agricultural land has been noted as a major worldwide concern. Another major concern around the increase in urbanisation and resultant decrease in periurban agriculture is its potential effect on food security. Food security is the availability or access to nutritionally-adequate, culturally-relevant and safe foods in culturally-appropriate ways. Thus food insecurity occurs when access to or availability of these foods is compromised. There is an important level of connectedness between food security and food production and a decrease in periurban agriculture may have adverse effects on food security. A decrease in local, seasonal produce may result in a decrease in the availability of products and an increase in cost, as food must travel greater distances, incurring extra costs present at the consumer level. Currently, few Australian studies exist examining the change in periurban agriculture over time. Such information may prove useful for future health policy and interventions as well as infrastructure planning. The aim of this study is to investigate changes in periurban agriculture among capital cities of Australia. Methods: We compared data pertaining to selected commodities from the Australian Bureau of Statistics 2000-01 and 2005 -2006 Agricultural Census. This survey is distributed online or via mail on a five-yearly basis to approximately 175,000 Agricultural business to ascertain information on a range of factors, such as types of crops, livestock and land preparation practices. For the purpose of this study we compared the land being used for total crops, and cereal , oil seed, legume, fruit and vegetable crops separately. Data was analysed using repeated measures anova in spss. Results: Overall, total area available for crops in urbanised areas of Australia increased slightly by 1.8%. However, Sydney, Melbourne, Adelaide and Perth experienced decreases in the area available for fruit crops by 11%, 5%,and 4% respectively. Furthermore, Brisbane and Perth experienced decreases in land available for vegetable crops by 28% and 14% respectively. Finally, Sydney, Adelaide and Perth experienced decreases in land available for cereal crops by 10 – 79%. Conclusions: These findings suggest that population increases and consequent urban sprawl may be resulting in a decrease in peri-urban agriculture, specifically for several core food groups including fruit, breads and grain based foods. In doing so, access to or availability of these foods may be limited, and the cost of these foods is likely to increase, which may compromise food insecurity for certain sub-groups of the population.

An automated tool for assessing security-critical designs and programs

This paper describes in detail our Security-Critical Program Analyser (SCPA). SCPA is used to assess the security of a given program based on its design or source code with regard to data flow-based metrics. Furthermore, it allows software developers to generate a UML-like class diagram of their program and annotate its confidential classes, methods and attributes. SCPA is also capable of producing Java source code for the generated design of a given program. This source code can then be compiled and the resulting Java bytecode program can be used by the tool to assess the program's overall security based on our security metrics.

Security assessment of code refactoring rules

Refactoring is a common approach to producing better quality software. Its impact on many software quality properties, including reusability, maintainability and performance, has been studied and measured extensively. However, its impact on the information security of programs has received relatively little attention. In this work, we assess the impact of a number of the most common code-level refactoring rules on data security, using security metrics that are capable of measuring security from the viewpoint of potential information flow. The metrics are calculated for a given Java program using a static analysis tool we have developed to automatically analyse compiled Java bytecode. We ran our Java code analyser on various programs which were refactored according to each rule. New values of the metrics for the refactored programs then confirmed that the code changes had a measurable effect on information security.

Application-level simulation for network security

NeSSi (network security simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for detection algorithm plug-ins allow it to be used for security research and evaluation purposes. NeSSi has been successfully used for testing intrusion detection algorithms, conducting network security analysis and developing overlay security frameworks. NeSSi is built upon the agent framework JIAC, resulting in a distributed and extensible architecture. In this paper, we provide an overview of the NeSSi architecture as well as its distinguishing features and briefly demonstrate its application to current security research projects.