870 resultados para Public Security.
Resumo:
Control Objectives for Information and related Technology (COBIT) has grown to be one of the most significant IT Governance (ITG) frameworks available and also the best suited for audit, as it provides comprehensive guidance around IT processes and related business goals. However, given the constraints of both time and resources within which the Australian public sector is forced to operate, implementing an audit framework the size of COBIT in its entirety is often considered too large a task. As an alternative to full implementation it is not uncommon for the public sector to “cherry pick” controls from the framework in an effort to reduce its size. This paper reports on research undertaken to evaluate the potential to use an optimised sub-set of COBIT 5 for ITG audit in Australian public sector organisations. A survey methodology was employed to determine the control-objectives considered to be the most important to a selection of public sector organisations. Twelve control-objectives were identified as being most important to Queensland public sector organisations. As ten of these were also identified by previous studies, it appears possible to derive an optimised sub-set from COBIT 5 that would be both enduring and relevant across geographical and organisational contexts.
Resumo:
Despite the compelling case for moving towards cloud computing, the upstream oil & gas industry faces several technical challenges—most notably, a pronounced emphasis on data security, a reliance on extremely large data sets, and significant legacy investments in information technology (IT) infrastructure—that make a full migration to the public cloud difficult at present. Private and hybrid cloud solutions have consequently emerged within the industry to yield as much benefit from cloud-based technologies as possible while working within these constraints. This paper argues, however, that the move to private and hybrid clouds will very likely prove only to be a temporary stepping stone in the industry’s technological evolution. By presenting evidence from other market sectors that have faced similar challenges in their journey to the cloud, we propose that enabling technologies and conditions will probably fall into place in a way that makes the public cloud a far more attractive option for the upstream oil & gas industry in the years ahead. The paper concludes with a discussion about the implications of this projected shift towards the public cloud, and calls for more of the industry’s services to be offered through cloud-based “apps.”
Resumo:
Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.
Resumo:
This paper considers the role of CCTV (closed circuit television) in the surveillance, policing and control of public space in urban and rural locations, specifically in relation to the use of public space by young people. The use of CCTV technology in public spaces is now an established and largely uncontested feature of everyday life in a number of countries and the assertion that they are essentially there for the protection of law abiding and consuming citizens has broadly gone unchallenged. With little or no debate in the U.K. to critique the claims made by the burgeoning security industry that CCTV protects people in the form of a ‘Big Friend’, the state at both central and local levels has endorsed the installation of CCTV apparatus across the nation. Some areas assert in their promotional material that the centre of the shopping and leisure zone is fully surveilled by cameras in order to reassure visitors that their personal safety is a matter of civic concern, with even small towns and villages expending monies on sophisticated and expensive to maintain camera systems. It is within a context of monitoring, recording and control procedures that young people’s use of public space is constructed as a threat to social order, in need of surveillance and exclusion which forms a major and contemporary feature in shaping thinking about urban and rural working class young people in the U.K. As Loader (1996) notes, young people’s claims on public space rarely gain legitimacy if ‘colliding’ with those of local residents, and Davis (1990) describes the increasing ‘militarization and destruction of public space’, while Jacobs (1965) asserts that full participation in the ‘daily life of urban streets’ is essential to the development of young people and beneficial for all who live in an area. This paper challenges the uncritical acceptance of widespread use of CCTV and identifies its oppressive and malevolent potential in forming a ‘surveillance gaze’ over young people (adapting Foucault’s ‘clinical gaze’c. 1973) which can jeopardise mental health and well being in coping with the ‘metropolis’, after Simmel, (1964).
Resumo:
Many commentators have treated the internet as a site of democratic freedom and as a new kind of public sphere. While there are good reasons for optimism, like any social space digital space also has its dark side. Citizens and governments alike have expressed anxiety about cybercrime and cyber-security. In August 2011, the Australian government introduced legislation to give effect to Australia becoming a signatory to the European Convention on Cybercrime (2001). At the time of writing, that legislation is still before the Parliament. In this article, attention is given to how the legal and policy-making process enabling Australia to be compliant with the European Convention on Cybercrime came about. Among the motivations that informed both the development of the Convention in Europe and then the Australian exercise of legislating for compliance with it was a range of legitimate concerns about the impact that cybercrime can have on individuals and communities. This article makes the case that equal attention also needs to be given to ensuring that legislators and policy makers differentiate between legitimate security imperatives and any over-reach evident in the implementation of this legislation that affects rule of law principles, our capacity to engage in democratic practices, and our civic and human rights.
Resumo:
Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.
Resumo:
The Australian Business Assessment of Computer User Security (ABACUS) survey is a nationwide assessment of the prevalence and nature of computer security incidents experienced by Australian businesses. This report presents the findings of the survey which may be used by businesses in Australia to assess the effectiveness of their information technology security measures.
Resumo:
Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.
Resumo:
This paper presents a comprehensive formal security framework for key derivation functions (KDF). The major security goal for a KDF is to produce cryptographic keys from a private seed value where the derived cryptographic keys are indistinguishable from random binary strings. We form a framework of five security models for KDFs. This consists of four security models that we propose: Known Public Inputs Attack (KPM, KPS), Adaptive Chosen Context Information Attack (CCM) and Adaptive Chosen Public Inputs Attack(CPM); and another security model, previously defined by Krawczyk [6], which we refer to as Adaptive Chosen Context Information Attack(CCS). These security models are simulated using an indistinguisibility game. In addition we prove the relationships between these five security models and analyse KDFs using the framework (in the random oracle model).
Resumo:
Numerous statements and declarations have been made over recent decades in support of open access to research data. The growing recognition of the importance of open access to research data has been accompanied by calls on public research funding agencies and universities to facilitate better access to publicly funded research data so that it can be re-used and redistributed as public goods. International and inter-governmental bodies such as the ICSU/CODATA, the OECD and the European Union are strong supporters of open access to and re-use of publicly funded research data. This thesis focuses on the research data created by university researchers in Malaysian public universities whose research activities are funded by the Federal Government of Malaysia. Malaysia, like many countries, has not yet formulated a policy on open access to and re-use of publicly funded research data. Therefore, the aim of this thesis is to develop a policy to support the objective of enabling open access to and re-use of publicly funded research data in Malaysian public universities. Policy development is very important if the objective of enabling open access to and re-use of publicly funded research data is to be successfully achieved. In developing the policy, this thesis identifies a myriad of legal impediments arising from intellectual property rights, confidentiality, privacy and national security laws, novelty requirements in patent law and lack of a legal duty to ensure data quality. Legal impediments such as these have the effect of restricting, obstructing, hindering or slowing down the objective of enabling open access to and re-use of publicly funded research data. A key focus in the formulation of the policy was the need to resolve the various legal impediments that have been identified. This thesis analyses the existing policies and guidelines of Malaysian public universities to ascertain to what extent the legal impediments have been resolved. An international perspective is adopted by making a comparative analysis of the policies of public research funding agencies and universities in the United Kingdom, the United States and Australia to understand how they have dealt with the identified legal impediments. These countries have led the way in introducing policies which support open access to and re-use of publicly funded research data. As well as proposing a policy supporting open access to and re-use of publicly funded research data in Malaysian public universities, this thesis provides procedures for the implementation of the policy and guidelines for addressing the legal impediments to open access and re-use.
Resumo:
Throughout Australia (and in comparable urban contexts around the world) public spaces may be said to be under attack by developers and also attempts by civic authorities to regulate, restrict, rebrand and reframe them. A consequence of the increasingly security driven, privatised and surveilled nature of public space is the exclusion and displacement of those considered flawed and unwelcome in the ‘spectacular’ consumption spaces of many major urban centres. In the name of urban regeneration, processes of securitisation, ‘gentrification’ and creative cities discourses can refashion public space as sites of selective inclusion and exclusion. In this context of monitoring and control procedures, children and young people’s use of space in parks, neighbourhoods, shopping malls and streets is often viewed as a threat to the social order, requiring various forms of punitive and/or remedial action. This paper discusses developments in the surveillance, governance and control of public space used by children and young people in particular and the capacity for their displacement and marginality, diminishing their sense of place and belonging, and right to public space as an expression of their civil, political and social citizenship(s).
Resumo:
This paper examines art and artefact in the representation and recollection of deeply personal WWII women’s experiences as POW’s under the Japanese. This kind of treatment of internees in the Tjideng Women and Children’s internment camp (and others) in Batavia under the Japanese in WWII, stands in stark and brutal contrast to the idyllic life lived by many families up to that time in what was then known as the Dutch East Indies (Indonesia). The deprivation and brutality of the Japanese incarceration of these women and children evoked responses - not military, but certainly militant, if muted. Representations of those responses – as both art and artefact - may be found in the most unlikely places and unexpected forms - and are still being unearthed to this day. However close we might personally be to these artists and artisans, can we, as observers from a distance, ever truly comprehend through spoken or written words alone, the day-today realities of those extraordinary times?
Resumo:
Throughout much of the world, urban and rural public spaces may be said to be under attack by property developers, commercial interests and also attempts by civic authorities to regulate, restrict, reframe and rebrand these spaces. A consequence of the increasingly security driven, privatised, commercial and surveilled nature of public space is the exclusion and displacement of those considered ‘flawed’ and unwelcome in the ‘spectacular’ consumption spaces of many major urban centres. In the name of urban regeneration, processes of securitisation, ‘gentrification’ and creative cities initiatives can act to refashion public space as sites of selective inclusion and exclusion. The use of surveillance and other control technologies as deployed in and around the UK ‘Riots’ of 2011 may help to promote and encourage a passing sense of personal safety and confidence in using public space. Through systems of social sorting, the same surveillance assemblages can also further the physical, emotional and psychological exclusion of certain groups and individuals, deemed to be both ‘out of time and out of place’ in major zones of urban, conspicuous, consumption. In this harsh environment of monitoring and control procedures, children and young people’s use of public spaces and places in parks, neighbourhoods, shopping malls and streets is often viewed as a threat to social order, requiring various forms of punitive and/or remedial action. Much of this civic action actively excludes some children and young people from participation and as a consequence, their trust in local processes and communities is eroded. This paper discusses worldwide developments in the surveillance, governance and control of the public space environments used by children and young people in particular and the capacity for their displacement and marginality, diminishing their sense of belonging, wellbeing and rights to public space as an expression of their social, political and civil citizenship(s).
Resumo:
We introduce the notion of distributed password-based public-key cryptography, where a virtual high-entropy private key is implicitly defined as a concatenation of low-entropy passwords held in separate locations. The users can jointly perform private-key operations by exchanging messages over an arbitrary channel, based on their respective passwords, without ever sharing their passwords or reconstituting the key. Focusing on the case of ElGamal encryption as an example, we start by formally defining ideal functionalities for distributed public-key generation and virtual private-key computation in the UC model. We then construct efficient protocols that securely realize them in either the RO model (for efficiency) or the CRS model (for elegance). We conclude by showing that our distributed protocols generalize to a broad class of “discrete-log”-based public-key cryptosystems, which notably includes identity-based encryption. This opens the door to a powerful extension of IBE with a virtual PKG made of a group of people, each one memorizing a small portion of the master key.
Resumo:
For the past several decades, cryptographers have consistently provided us with stronger and more capable primitives and protocols that have found many applications in security systems in everyday life. One of the central tenets of cryptographic design is that, whereas a system’s architecture ought to be public and open to scrutiny, the keys on which it depends — long, utterly random, unique strings of bits — will be perfectly preserved by their owner, and yet nominally inaccessible to foes.
