Reinforcing the security of corporate information resources:a critical review of the role of the acceptable use policy

Increasingly users are seen as the weak link in the chain, when it comes to the security of corporate information. Should the users of computer systems act in any inappropriate or insecure manner, then they may put their employers in danger of financial losses, information degradation or litigation, and themselves in danger of dismissal or prosecution. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of inappropriate behaviours, and in so doing, protecting corporate information, is through the formulation and application of a formal ‘acceptable use policy (AUP). Whilst the AUP has attracted some academic interest, it has tended to be prescriptive and overly focussed on the role of the Internet, and there is relatively little empirical material that explicitly addresses the purpose, positioning or content of real acceptable use policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and composition of a sample of authentic policies – taken from the higher education sector – rather than simply making general prescriptions about what they ought to contain. There are two important conclusions to be drawn from this study: (1) the primary role of the AUP appears to be as a mechanism for dealing with unacceptable behaviour, rather than proactively promoting desirable and effective security behaviours, and (2) the wide variation found in the coverage and positioning of the reviewed policies is unlikely to be fostering a coherent approach to security management, across the higher education sector.

The information security policy unpacked:a critical study of the content of university policies

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.

Beyond securitisation : Western Mediterranean international relations from a security perspective 1989-2002

Following the end of the Cold War and the ensuing changes to the international landscape, thinking about security has tended to become more discursive and interpretative in nature. What counts as security has increasingly derived from security discourses (that is, 'securitisation') and uncertainty about the multi-faceted future facing various countries and regions. Within this post-Cold War discourse, the Western Mediterranean has emerged as a region fraught with latent and manifest threats in the economic, political, societal and military sectors. Improved access to EU markets for Maghrebi exports; the security of energy supplies to the EU from Algeria and Libya; lack of democracy and the advance of political Islam; the flow of northward migration and worries about law and order in France, Italy and Spain; the growth in military expenditure and weapons proliferation in the Maghreb; all have been central to the securitisation agenda. However, this agenda has often lacked credibility especially when inter-linkages have purportedly been established between economic underdevelopment and political instability, between the advance of political Islam and the threat to energy supplies, or between immigration and the threat to national identity. Such inter-sectoral linkages distract from the credibility of those 'securitisation instances' which correspond to reality; the former linkages have often been exploited by extremist politicians in south-west European countries as well as by regimes in the Maghreb to advance their respective interests. Thus, securitisation may defeat its main purpose; it may generate responses out of keeping with the aims proclaimed at the outset, aims centred on the countering of real threats and the ensuring of greater stability.

Watermark-only security attack on DM-QIM watermarking:vulnerability to guided key guessing

This paper addresses the security of a specific class of common watermarking methods based on Dither modulation-quantisation index modulation (DM-QIM) and focusing on watermark-only attacks (WOA). The vulnerabilities of and probable attacks on lattice structure based watermark embedding methods have been presented in the literature. DM-QIM is one of the best known lattice structure based watermarking techniques. In this paper, the authors discuss a watermark-only attack scenario (the attacker has access to a single watermarked content only). In the literature it is an assumption that DM-QIM methods are secure to WOA. However, the authors show that the DM-QIM based embedding method is vulnerable against a guided key guessing attack by exploiting subtle statistical regularities in the feature space embeddings for time series and images. Using a distribution-free algorithm, this paper presents an analysis of the attack and numerical results for multiple examples of image and time series data.

Watermark-only security attack on DM-QIM watermarking:vulnerability to guided key guessing

This paper addresses the security of a specific class of common watermarking methods based on Dither modulation-quantisation index modulation (DM-QIM) and focusing on watermark-only attacks (WOA). The vulnerabilities of and probable attacks on lattice structure based watermark embedding methods have been presented in the literature. DM-QIM is one of the best known lattice structure based watermarking techniques. In this paper, the authors discuss a watermark-only attack scenario (the attacker has access to a single watermarked content only). In the literature it is an assumption that DM-QIM methods are secure to WOA. However, the authors show that the DM-QIM based embedding method is vulnerable against a guided key guessing attack by exploiting subtle statistical regularities in the feature space embeddings for time series and images. Using a distribution-free algorithm, this paper presents an analysis of the attack and numerical results for multiple examples of image and time series data.

Thermochemical characterisation of various biomass feedstock and bio-oil generated by fast pyrolysis

The projected decline in fossil fuel availability, environmental concerns, and security of supply attract increased interest in renewable energy derived from biomass. Fast pyrolysis is a possible thermochemical conversion route for the production of bio-oil, with promising advantages. The purpose of the experiments reported in this thesis was to extend our understanding of the fast pyrolysis process for straw, perennial grasses and hardwoods, and the implications of selective pyrolysis, crop harvest and storage on the thermal decomposition products. To this end, characterisation and laboratory-scale fast pyrolysis were conducted on the available feedstocks, and their products were compared. The variation in light and medium volatile decomposition products was investigated at different pyrolysis temperatures and heating rates, and a comparison of fast and slow pyrolysis products was conducted. Feedstocks from different harvests, storage durations and locations were characterised and compared in terms of their fuel and chemical properties. A range of analytical (e.g. Py-GC-MS and TGA) and processing equipment (0.3 kg/h and 1.0 kg/h fast pyrolysis reactors and 0.15 kg slow pyrolysis reactor) was used. Findings show that the high bio-oil and char heating value, and low water content of willow short rotation coppice (SRC) make this crop attractive for fast pyrolysis processing compared to the other investigated feedstocks in this project. From the analytical sequential investigation of willow SRC, it was found that the volatile product distribution can be tailored to achieve a better final product, by a variation of the heating rate and temperature. Time of harvest was most influential on the fuel properties of miscanthus; overall the late harvest produced the best fuel properties (high HHV, low moisture content, high volatile content, low ash content), and storage of the feedstock reduced the moisture and acid content.

The uncertainty of identity toolset:analysing digital traces for user profiling

People manage a spectrum of identities in cyber domains. Profiling individuals and assigning them to distinct groups or classes have potential applications in targeted services, online fraud detection, extensive social sorting, and cyber-security. This paper presents the Uncertainty of Identity Toolset, a framework for the identification and profiling of users from their social media accounts and e-mail addresses. More specifically, in this paper we discuss the design and implementation of two tools of the framework. The Twitter Geographic Profiler tool builds a map of the ethno-cultural communities of a person's friends on Twitter social media service. The E-mail Address Profiler tool identifies the probable identities of individuals from their e-mail addresses and maps their geographical distribution across the UK. To this end, this paper presents a framework for profiling the digital traces of individuals.

Heritage and innovative learning approaches:an alternative approach to engineering education

Over recent years, the role of engineering in promoting a sustainable society has received much public attention [1] with particular emphasis given to the need to promote the future prosperity and security of society through the recruitment and education of more engineers [2,3]. From an employment perspective, the Leitch Review [4] suggested that ‘generic’ transferable employability skills development should constitute a more substantial part of university education. This paper argues that the global drivers impacting engineering education [5] correlate strongly to those underpinning the Leitch review, therefore the question of how to promote transferable employability skills within the wider engineering curriculum is increasingly relevant. By exploring the use of heritage in the engineering curriculum as a way to promote learning and engage students, a less familiar approach to study is discussed. This approach moves away from stereotypical notions of the use of information technology as representing the pinnacle of innovation in education. Taking the student experience as its starting point, the paper draws upon the findings of an exploratory study critically analysing the pedagogical value of using heritage in engineering education. It discusses a teaching approach in which engineering students are taken out of their ‘comfort zone’ - away from the classroom, laboratory and computer, to a heritage site some 100 miles away from the university. The primary learning objective underpinning this approach is to develop students’ transferable skills by encouraging them to consider how to apply theoretical concepts to a previously unexplored situation. By reflecting upon students’ perceptions of the value of this approach, and by identifying how heritage may be utilised as an innovative learning and teaching approach in engineering education, this paper makes a notable contribution to current pedagogical debates in the discipline.

Ensuring efficiency and robustness in MANET

This paper introduces a joint load balancing and hotspot mitigation protocol for mobile ad-hoc network (MANET) termed by us as 'load_energy balance + hotspot mitigation protocol (LEB+HM)'. We argue that although ad-hoc wireless networks have limited network resources - bandwidth and power, prone to frequent link/node failures and have high security risk; existing ad hoc routing protocols do not put emphasis on maintaining robust link/node, efficient use of network resources and on maintaining the security of the network. Typical route selection metrics used by existing ad hoc routing protocols are shortest hop, shortest delay, and loop avoidance. These routing philosophy have the tendency to cause traffic concentration on certain regions or nodes, leading to heavy contention, congestion and resource exhaustion which in turn may result in increased end-to-end delay, packet loss and faster battery power depletion, degrading the overall performance of the network. Also in most existing on-demand ad hoc routing protocols intermediate nodes are allowed to send route reply RREP to source in response to a route request RREQ. In such situation a malicious node can send a false optimal route to the source so that data packets sent will be directed to or through it, and tamper with them as wish. It is therefore desirable to adopt routing schemes which can dynamically disperse traffic load, able to detect and remove any possible bottlenecks and provide some form of security to the network. In this paper we propose a combine adaptive load_energy balancing and hotspot mitigation scheme that aims at evenly distributing network traffic load and energy, mitigate against any possible occurrence of hotspot and provide some form of security to the network. This combine approach is expected to yield high reliability, availability and robustness, that best suits any dynamic and scalable ad hoc network environment. Dynamic source routing (DSR) was use as our underlying protocol for the implementation of our algorithm. Simulation comparison of our protocol to that of original DSR shows that our protocol has reduced node/link failure, even distribution of battery energy, and better network service efficiency.

Statistical distribution, host for encrypted information

The statistical distribution, when determined from an incomplete set of constraints, is shown to be suitable as host for encrypted information. We design an encoding/decoding scheme to embed such a distribution with hidden information. The encryption security is based on the extreme instability of the encoding procedure. The essential feature of the proposed system lies in the fact that the key for retrieving the code is generated by random perturbations of very small value. The security of the proposed encryption relies on the security to interchange the secret key. Hence, it appears as a good complement to the quantum key distribution protocol. © 2005 Elsevier B.V. All rights reserved.

Secret key exchange in ultra-long lasers by radio-frequency spectrum coding

We propose a new approach to the generation of an alphabet for secret key exchange relying on small variations in the cavity length of an ultra-long fiber laser. This new concept is supported by experimental results showing how the radio-frequency spectrum of the laser can be exploited as a carrier to exchange information. The test bench for our proof of principle is a 50 km-long fiber laser linking two users, Alice and Bob, where each user can randomly add an extra 1 km-long segment of fiber. The choice of laser length is driven by two independent random binary values, which makes such length become itself a random variable. The security of key exchange is ensured whenever the two independent random choices lead to the same laser length and, hence, to the same free spectral range.

Introduction – transnational organised crime and terrorism:different peas, same pod

The nexus between terrorism and organised crime consists in a strategic alliance between two non-state actors, able to exploit illegal markets, threaten the security of individuals, and influence policy-making on a global level. Recent Europol reports have pointed towards the importance of studying the links between organised crime and terrorist groups, and have underlined that the nature and extent of these connections have seldom been addressed from an academic perspective. Considering the degree of dangerousness that both organised crime and terrorism currently represent in the world, the collusion between these two phenomena is of urgent contemporary interest. Basing itself on geographical case-studies, this edited volume aims at contributing to the existing literature in three ways: by enriching the empirical knowledge on the nature of the crime-terror nexus and its evolution; by exploring the impact of the nexus within different economic, political and societal contexts; and by expanding on its theoretical conceptualization.

Criminals and terrorists in partnership:unholy alliance

The nexus between terrorism and organised crime consists in a strategic alliance between two non-state actors, able to exploit illegal markets, threaten the security of individuals, and influence policy-making on a global level. Recent Europol reports have pointed towards the importance of studying the links between organised crime and terrorist groups, and have underlined that the nature and extent of these connections have seldom been addressed from an academic perspective. Considering the degree of dangerousness that both organised crime and terrorism currently represent in the world, the collusion between these two phenomena is of urgent contemporary interest. Basing itself on geographical case-studies, this edited volume aims at contributing to the existing literature in three ways: by enriching the empirical knowledge on the nature of the crime-terror nexus and its evolution; by exploring the impact of the nexus within different economic, political and societal contexts; and by expanding on its theoretical conceptualization.

Plant closures, precariousness and policy responses:revisiting MG Rover 10 years on

With automotive plants being closed in Australia and western Europe, this article reflects on the employment status of ex-MG Rover (MGR) workers following the closure of the Longbridge plant in 2005. In particular, it draws on Standing's typology of labour market insecurity and uses a mixed-methods approach including an analysis of a longitudinal survey of some 200 ex-MGR workers, and in-depth interviews with ex-workers and policy-makers. While the policy response to the closure saw significant successes in terms of the great majority of workers successfully adjusting into re-employment, and with positive findings in terms of re-training and education, the paper finds significant challenges in terms of security of employment, income, job quality and representation at work years after closure. In particular, the paper posits that the general lack of attention to employment security at the macrolevel effectively undermined elements of a positive policy response over the longer run. This in turn suggests longer-term policy measures are required to address aspects of precariousness at work.