Prevention of information harvesting in a cloud services environment

We consider a cloud data storage involving three entities, the cloud customer, the cloud business centre which provides services, and the cloud data storage centre. Data stored in the data storage centre comes from a variety of customers and some of these customers may compete with each other in the market place or may own data which comprises confidential information about their own clients. Cloud staff have access to data in the data storage centre which could be used to steal identities or to compromise cloud customers. In this paper, we provide an efficient method of data storage which prevents staff from accessing data which can be abused as described above. We also suggest a method of securing access to data which requires more than one staff member to access it at any given time. This ensures that, in case of a dispute, a staff member always has a witness to the fact that she accessed data.

Confidentiality and disclosure : assessment and intervention issues

This portfolio addresses the moral, ethical and legal issues that impact upon decisions to maintain or disclose confidential communications. The tensions and moral dilemmas that are created when a conflict between these aspects arises are considered. Risk assessment procedures that inform decisions to maintain or disclose confidential information are discussed, as are issues related to the practical implementation of planned interventions. The topic is addressed by firstly reviewing professional codes of conduct and legal requirements to maintain confidentiality. The limits of confidentiality and privileged communication are then reviewed together with legal requirements of “duty to warn” or “duty of care”. These requirements are then related to risk assessment procedures and relevant interventions. Four case studies that illustrate the practical application of assessment techniques in the decision process and planned interventions are presented. They cover such diverse topics as disclosure and suicidal intent, threat of harm to a third party, risk of transmission of the AIDS virus and “duty to warn” and maintenance of a minor’s confidential communications. The ways in which these issues were addressed and the outcome is presented. NOTE: All names and details that have the potential to identify the people whose cases are presented here have been changed to protect their anonymity.

Police Misconduct as a Breach of Public trust: the Offence of Misconduct in Public Office

Until relatively recently, the common law offence of misconduct in public office has been regarded as anachronistic. The offence was perceived to have been supplanted by specific statutory offences that could more appropriately deal with criminal conduct by public officials. However, there has been a revival of the offence with successful prosecutions occurring in Australia, England and Hong Kong. Many of these contemporary cases have involved police officers. Examination of these cases reveals that the circumstances in which misconduct in public office has been identified have been diverse, including the unauthorised disclosure of confidential information, the use of false search warrants and the sexual exploitation of vulnerable persons. In many instances, police officers were charged with other criminal offences in addition to charges relating to misconduct in public office. The matters prosecuted as misconduct in public office typically involved matters that were serious and/or could not be adequately prosecuted as other criminal offences or as breaches of police regulations governing conduct. Consequently, despite the proliferation of statutory criminal offences in the 20th century it appears that there continues to be a place for the offence of misconduct in public office. It criminalises misconduct by police officers that may not be adequately dealt with by other offences and recognises the public trust dimension of wrongdoing by these officials. However, a continuing and fundamental challenge is to determine the appropriate definition and scope of the offence.

An approach for profiling phishing activities

Phishing attacks continue unabated to plague Internet users and trick them into providing personal and confidential information to phishers. In this paper, an approach for email-born phishing detection based on profiling and clustering techniques is proposed. We formulate the profiling problem as a clustering problem using various features present in the phishing emails as feature vectors and generate profiles based on clustering predictions. These predictions are further utilized to generate complete profiles of the emails. We carried out extensive experimental analysis of the proposed approach in order to evaluate its effectiveness to various factors such as sensitivity to the type of data, number of data sizes and cluster sizes. We compared the performance of the proposed approach against the Modified Global Kmeans (MGKmeans) approach. The results show that the proposed approach is efficient as compared to the baseline approach. © 2014 Elsevier Ltd. All rights reserved.

Securing small business - the role of information technology policy

As small and medium enterprises develop their capacity to trade  electronically, they and their trading partners stand to gain considerable benefit from the resulting transaction efficiencies and business  relationships. However, this raises the question of how well small business manages its IT security and the threats that security lapses may pose to the wider trading network. It is in the interest of all members of an electronic trading network, as well as governments, to assist smaller companies to secure their business data. This paper considers the relationship between IT security management and IT policy implementation among small  businesses involved in business-to-business eCommerce. It reports the results of a survey of 240 Australian small and medium businesses  operating in a cross-industry environment. The survey found a low level of strategic integration of eCommerce along with inadequate IT security among the respondents, despite the fact that 81% were doing business online and 97% identified their business data as confidential. Businesses which implemented satisfactory levels of security technologies were more likely than others to have an information technology policy within the organisation. The paper proposes a model that outlines the development of security governance and policy implementation for small and medium businesses.