479 resultados para security governance
Resumo:
Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.
Resumo:
Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.
Resumo:
Polarising the issue of governance is the increasingly acknowledged role of airports in regional economic development, both as significant sources of direct employment and as attractants of commerce through enhanced mobility (Vickerman, Spiekermann & Wegener 1999; Hakfoort, Poot & Rietveld 2001). Most airports were once considered spatially removed from their cities, but as cities have expanded their airports no longer sit distinct of the urban environment. This newfound spatial proximity means that decisions for land use and development on either city or airport land are likely to have impacts that affect one another in either or both the short- or long-term (Stevens, Baker and Freestone 2007). These impacts increase the demand for decision making to find ways of integrating strategies for future development to ensure that airport developments do not impede the sustainable growth of its city, and likewise that city developments do not impede the sustainable growth of its airport (Gillen 2006). However questions of how, under what conditions, and to what extent decision making integration might be suitable for “airport regions” are yet to be explored let alone answered.
Resumo:
Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.
Resumo:
Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.
Resumo:
Across Australia, construction and redevelopment of public infrastructure, continues to be a key factor in economic development. Within this context, road transport has been identified as key building block of Queensland‟s future prosperity. However, since the late twentieth century, there has been a shift away from delivery of large infrastructure, including road networks, exclusively by the state. Subsequently, a range of alternative models, have emerged in infrastructure project delivery. Among these, governance networks have become a widespread mechanism for planning and delivering infrastructure. However, despite substantial public investments in road infrastructure that are made through governance networks, little is known about how these networks engage with stakeholders who are potentially affected by road infrastructure projects. Although governance networks undertake management functions, it is unclear what drives stakeholder engagement within this networked environment and how stakeholder relationship management is operationalised. This paper proposes that network management functions undertaken by governance networks incorporate stakeholder engagement and that network managers play a key role in creating and sustaining connections between governance networks and their stakeholders Drawing on stakeholder theory and governance network theory, this paper contributes to the literature by showing that stakeholder engagement is embedded within network management and identifying the critical role of network managers in establishing and maintaining stakeholder engagement.
Resumo:
As the problems involving infrastructure delivery have become more complex and contentious, there has been an acknowledgement that these problems cannot be resolved by any one body working alone. This understanding has driven multi-sectoral collaboration and has led to an expansion of the set of actors, including stakeholders, who are now involved in delivery of infrastructure projects and services. However, more needs to be understood about how to include stakeholders in these processes and ways of developing the requisite combination of stakeholders to achieve effective outcomes. This thesis draws on stakeholder theory and governance network theory to obtain insights into how three multi-level networks within the Roads Alliance in Queensland engage with stakeholders in the delivery of complex and sensitive infrastructure services and projects. New knowledge about stakeholders will be obtained by testing a model of Stakeholder Salience and Engagement which combines and extends the stakeholder identification and salience theory, ladder of stakeholder management and engagement and the model of stakeholder engagement and moral treatment of stakeholders. By applying this model, the broad research question: “Who or what decides how stakeholders are engaged by governance networks delivering public outcomes?” will be addressed. The case studies will test a theoretical model of stakeholder salience and engagement which links strategic decisions about stakeholder salience with the quality and quantity of engagement strategies for engaging different types of stakeholders. A multiple embedded case study design has been selected as the overall approach to explore, describe, explain and evaluate how stakeholder engagement occurs in three governance networks delivering road infrastructure in Queensland. The research design also incorporates a four stage approach to data collection: observations, stakeholder analysis, telephone survey questionnaire and semi-structured interviews. The outcomes of this research will contribute to and extend stakeholder theory by showing how stakeholder salience impacts on decisions about the types of engagement processes implemented. Governance network theory will be extended by showing how governance networks interact with stakeholders through the concepts of stakeholder salience and engagement. From a practical perspective this research will provide governance networks with an indication of how to optimise engagement with different types of stakeholders. 2
Resumo:
Tarrant argues that a solid risk management strategy is critical to building effective, transformational and adaptive organisations. Organisations are a fundamental part of our society and economic system whether they are private, public or not-for-profits. There are very few aspects of our society and economy that don’t rely wholly or in part on the performance of organisations. Disasters and crises are complex and very challenging environments for organisations. How can effective transformational and adaptive capacity become institutionalised and a core part of good governance of organisations? Effective risk management is a critical element in meeting organisational objectives in a turbulent and uncertain environment.
Resumo:
SOMMARIO: 1. La “governance” nelle aziende familiari: rilevanza, aspetti distintivi e criticità. 2. Il ruolo della compagine proprietaria nella definizione dei meccanismi di governo. 3. Composizione e funzioni del consiglio d’amministrazione. 4. I patti di famiglia come strumento di disciplina dei rapporti impresa-famiglia. 5. Considerazioni conclusive: prospettive di analisi e scenari futuri negli studi sulla governance delle imprese familiari.
Resumo:
This research focuses on exploring the links between sport, Indigenous self determination and deeper engagement within mainstream Australia especially with regard to the issue of promoting healthy lifestyles and the role of governance, through sport governance. Against all social, economic and health criteria Indigenous Australians are disadvantaged – despite government attention and financial input. It is well understood that education is a basis to better health, employment and lifestyle (Furneaux and Brown, 2008). However, many of the issues confronting Indigenous people have not responded to conventional government approaches based on program development and policy initiatives from single organisations (Ryan et al 2006). As a consequence, new approaches that both tap into the specific interests of Indigenous people and better engage them in the process of governance are required. The case material of the research focuses on the Australian Football League (AFL) Kickstart program.
Resumo:
Seven endemic governance problems are shown to be currently present in governments around the globe and at any level of government as well (for example municipal, federal). These problems have their roots traced back through more than two thousand years of political, specifically ‘democratic’, history. The evidence shows that accountability, transparency, corruption, representation, campaigning methods, constitutionalism and long-term goals were problematic for the ancient Athenians as well as modern international democratisation efforts encompassing every major global region. Why then, given the extended time period humans have had to deal with these problems, are they still present? At least part of the answer to this question is that philosophers, academics and NGOs as well as MNOs have only approached these endemic problems in a piecemeal manner with a skewed perspective on democracy. Their works have also been subject to the ebbs and flows of human history which essentially started and stopped periods of thinking. In order to approach the investigation of endemic problems in relation to democracy (as the overall quest of this thesis was to generate prescriptive results for the improvement of democratic government), it was necessary to delineate what exactly is being written about when using the term ‘democracy’. It is common knowledge that democracy has no one specific definition or practice, even though scholars and philosophers have been attempting to create a definition for generations. What is currently evident, is that scholars are not approaching democracy in an overly simplified manner (that is, it is government for the people, by the people) but, rather, are seeking the commonalities that democracies share, in other words, those items which are common to all things democratic. Following that specific line of investigation, the major practiced and theoretical versions of democracy were thematically analysed. After that, their themes were collapsed into larger categories, at which point the larger categories were comparatively analysed with the practiced and theoretical versions of democracy. Four democratic ‘particles’ (selecting officials, law, equality and communication) were seen to be present in all practiced and theoretical democratic styles. The democratic particles fused with a unique investigative perspective and in-depth political study created a solid conceptualisation of democracy. As such, it is argued that democracy is an ever-present element of any state government, ‘democratic’ or not, and the particles are the bodies which comprise the democratic element. Frequency- and proximity-based analyses showed that democratic particles are related to endemic problems in international democratisation discourse. The linkages between democratic particles and endemic problems were also evident during the thematic analysis as well historical review. This ultimately led to the viewpoint that if endemic problems are mitigated the act may improve democratic particles which might strengthen the element of democracy in the governing apparatus of any state. Such may actively minimise or wholly displace inefficient forms of government, leading to a government specifically tailored to the population it orders. Once the theoretical and empirical goals were attained, this thesis provided some prescriptive measures which government, civil society, academics, professionals and/or active citizens can use to mitigate endemic problems (in any country and at any level of government) so as to improve the human condition via better democratic government.
Resumo:
Even though security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human machine interface. This paper reports on a diary study conducted in order to investigate what people identify as security decisions that they make while using the web. The study aimed to uncover how security is perceived in the individual's context of use. From this data, themes were drawn, with a focus on addressing security goals such as confidentiality and authentication. This study is the first study investigating users' web usage focusing on their self-documented perceptions of security and the security choices they made in their own environment.
Resumo:
Project Procurement is a ‘great’ environment for ethical issues with its low-price state of mind and competition. It has many opportunities that could contribute to illegal activities or unethical behavior especially in the construction industry. In 2006 alone, 17.3% of 417 Malaysian government contract projects were considered sick due to the poor performance by the contractors. Therefore it is important to govern the project procurement, especially the plan procurement stage to ensure the accountability and transparency of the decision made in awarding the right contract to the best contractor. This is where project governance framework (PGF) is really needed in project procurement planning. Project governance is a subset of corporate governance focusing on the areas of corporate governance related to project activities, including: portfolio direction, project sponsorship, project and program management and efficiency and disclosure and reporting. This paper highlights the importance of implementing project governance framework (PGF) to ensure that the decision makers are answerable and accountable to the stakeholders, and the decision making is transparent to avoid any ethical issues arises. A comprehensive preliminary literature is carried out to discover the importance of executing PGF in project procurement in Malaysian public sector. By understanding the important of PGF, it is hoped that this will bring a signal to other developing countries to implement the similar method in ensuring the transparency of the decision making in project procurement planning in their countries.
Resumo:
Confucius was and still is one of the most eminent Chinese philosophers. Such is the importance of Confucius’s teachings; it had influenced all aspects of social life in Chinese societies. In the post-Enron, post-Worldcom, and post-Global Financial Crisis era there are raising doubts in the mantra of the so-called conventional wisdom about law and economic order. Whilst many recent publications offered solutions to those problems like advocating for more laws, rules or reforms in regulatory institutions to enhance the regulation of corporate governance. What Confucius advocated was a non-legal, social mode of regulation based on moral ideals that should be embedded into the minds of every person. Whilst this is an ancient concept from primitive societies, its relevance and merits could be seen in modern Chinese societies like Hong Kong. In essence, Confucian principles of governance build on relational and paternalistic order based on moral ideals.
