Disease Diplomacy

In the age of air travel and globalized trade, pathogens that once took months or even years to spread beyond their regions of origin can now circumnavigate the globe in a matter of hours. Amid growing concerns about such epidemics as Ebola, SARS, MERS, and H1N1, disease diplomacy has emerged as a key foreign and security policy concern as countries work to collectively strengthen the global systems of disease surveillance and control. The revision of the International Health Regulations (IHR), eventually adopted by the World Health Organization’s member states in 2005, was the foremost manifestation of this novel diplomacy. The new regulations heralded a profound shift in international norms surrounding global health security, significantly expanding what is expected of states in the face of public health emergencies and requiring them to improve their capacity to detect and contain outbreaks. Drawing on Martha Finnemore and Kathryn Sikkink’s "norm life cycle" framework and based on extensive documentary analysis and key informant interviews, Disease Diplomacy traces the emergence of these new norms of global health security, the extent to which they have been internalized by states, and the political and technical constraints governments confront in attempting to comply with their new international obligations. The authors also examine in detail the background, drafting, adoption, and implementation of the IHR while arguing that the very existence of these regulations reveals an important new understanding: that infectious disease outbreaks and their management are critical to national and international security. The book will be of great interest to academic researchers, postgraduate students, and advanced undergraduates in the fields of global public health, international relations, and public policy, as well as health professionals, diplomats, and practitioners with a professional interest in global health security.

Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Enterprise information security policy assessment : an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

Responsibility to protect and women, peace and security : aligning the protection agendas

In Responsibility to Protect and Women, Peace and Security: Aligning the Protection Agendas, editors Davies, Nwokora, Stamnes and Teitt address the intersections of the Responsibility to Protect (R2P) principle and the Women, Peace, and Security (WPS) agenda. Widespread or systematic sexual or gender-based violence is a war crime, a crime against humanity and an act of genocide, all of which are clearly addressed in the R2P principle. The protection of those at risk of widespread sexual violence is therefore not only relative to the Women, Peace and Security (WPS) agenda, but a fundamental sovereign obligation for all states as part of their commitment to R2P. Contributions from policy-makers and academics consider both the merits and the utility of aligning the protection agendas of R2P and WPS. Ultimately, a number of actionable recommendations are made concerning a unification of the agendas to best support the global empowerment of women and prevention of mass atrocities.

Governing civil society: How literacy, education and security were brought together

This study questions how the categories of security, education and literacy were brought together as related elements of a whole-of-government strategy in the production of civil society. Drawing on an analysis of key political texts, the study argues that the categories of education and literacy have been used in diverse ways in the production of national, social, economic and geopolitical security interests. As dialogue about security has intensified, rationalisations about the national interest have engaged notions of security leading to the legitimation of a diverse set of policy instruments, strategically used to contain the rise of complex social forces and protect homogenous cultural values.

IT pricing: Copyright law, consumer rights, and competition policy. A submission to the House of Representatives Standing Committee on Infrastructure and Communications Inquiry into IT Pricing

For a hundred years, since Federation, Australian consumers have suffered the indignity and the tragedy of price discrimination. From the time of imperial publishing networks, Australia has been suffered from cultural colonialism. In respect of pricing of copyright works, Australian consumers have been gouged; ripped-off; and exploited. Digital technologies have not necessarily brought an end to such price discrimination. Australian consumers have been locked out by technological protection measures; subject to surveillance, privacy intrusions and security breaches; locked into walled gardens by digital rights management systems; and geo-blocked.

Competition for aid and trade policy

This paper considers the optimal allocation of a given amount of foreign aid between two recipient countries. It is shown that, given consumer preferences, a country following a more restrictive trade policy would receive a smaller share of the aid if the donor country maximises its own welfare in allocating aid. If, on the other hand, the donor country allocates aid in order to maximize the sum of the welfare of the two recipient countries, the result is just the opposite. Finally, we analyze the situation where the recipient countries compete with each other for the given amount of aid. It is shown that this competition tends to lower the level of optimal tariffs in the recipient countries.

Privacy and security in open and trusted health information systems

The Open and Trusted Health Information Systems (OTHIS) Research Group has formed in response to the health sector’s privacy and security requirements for contemporary Health Information Systems (HIS). Due to recent research developments in trusted computing concepts, it is now both timely and desirable to move electronic HIS towards privacy-aware and security-aware applications. We introduce the OTHIS architecture in this paper. This scheme proposes a feasible and sustainable solution to meeting real-world application security demands using commercial off-the-shelf systems and commodity hardware and software products.

Art, popular culture and cultural policy: variations on a theme of John Carey

The article presents a criticism of the accounts of John Carey in his book entitled "The Intellectuals and the Masses." The author focuses on Carey's argument that the art is not an eternal category but an invention of the late eighteenth century and it no longer has any intellectual legitimacy other than that of provoking feelings which are no more and no less valuable than those provoked by any other form of entertainment or physical activity

Realistic yet humanitarian? The comprehensive plan of action and refugee policy in Southeast Asia

The 1989 Comprehensive Plan of Action (CPA) has recently been described as a successful example of how to manage large protracted refugee flows. However, this article revisits the circumstances surrounding the CPA used to resolve the prolonged Indo-Chinese refugee crisis to highlight that part of its development was linked to the fact that Southeast Asian states refused to engage with proposed solutions, which did not include repatriation for the majority of the Indo-Chinese asylum seekers who were deemed to be ‘non-genuine’1 ( UNGA, 1989a) refugees. This resulted in the CPA often forcibly repatriating ‘non-genuine’ refugees, particularly near the end of its program. This article reviews the CPA in order to assess whether its practices and results should be repeated.

Small Business and entrepreneurship policy

There are two key approaches to entrepreneurship, each of which has different implications for small business policy (Danson 2002). The first conceives of entrepreneurship as an economic process and can be traced to the work of Joseph Schumpeter who developed the concept of creative destruction to describe the entrepreneurial process that led to the simultaneous elimination of old industries and activities and the creation of new activities through the commercial application of new ideas. While entrepreneurship as a process of creative destruction might include start up activity amongst small firms, it does not exclusively involve small firms as large firms may contribute to the entrepreneurial process through the generation of new knowledge and by assisting in financing the development of new ideas amongst small firms. Although innovation occurs in large as well as small firms, the literature on small enterprise innovation draws heavily on Schumpeter’s depiction of the central role of the entrepreneur in the process of creative destruction, whereby the economic system is transformed from within and new cycles in economic life emerge in which new industries and markets replace old industries and markets. Schumpeter argued that entrepreneurs drove the process of innovation and that innovation was a stimulus to economic development and involved the development of new products, processes, methods of production or new forms of commercial or financial organisation (Schumpeter 1911). At a time when technological development and structuraleconomic change are occurring at a rapid pace, small firm innovation is seen to be critically important because empirical evidence, although not undisputed, indicates that SMEs make an important contribution to radical innovations in new industries (Nooteboom 1994). The second view of entrepreneurship focuses on the individual entrepreneur more than the entrepreneurial process. The entrepreneur is depicted as an owner of small businesses, and is regarded as having particular personal characteristics such as self-reliance, individual initiative and self-motivation. Entrepreneurs are also considered to have a behavioural orientation towards the exploitation of new ideas and opportunities. They are the risk takers who are able to see an opportunity and pursue it commercially despite the uncertainty of rewards. The capacity to plan, manage and lead is also seen to be identifying characteristics of entrepreneurs. Different small business policy approaches arise from these different perspectives on entrepreneurship. Small business policy approaches that emphasise the process by which new ideas are generated and applied commercially arise from the first and broader view of entrepreneurship. Policies designed to generate a population of risk taking and self-motivated individuals with highly developed management and commercial skills are more in keeping with the second approach, which is focused on the individual entrepreneur rather than the entrepreneurial process.