863 resultados para Information security policy
Resumo:
Purpose – This paper aims to make a comparison, different from existing literature solely focusing on voluntary earnings forecasts and ex post earnings surprise, between the effects of mandatory earnings surprise warnings and voluntary information disclosure issued by management teams on financial analysts in terms of the number of followings and the accuracy of earnings forecasts. Design/methodology/approach – This paper uses panel data analysis with fixed effects on data collected from Chinese public firms between 2006 and 2010. It uses an exogenous regulation enforcement to minimise the endogeneity problem. Findings – This paper finds that financial analysts are less likely to follow firms which mandatorily issue earnings surprise warnings ex ante than those voluntarily issue earnings forecasts. Moreover, ex post, they issue less accurate and more dispersed forecasts on former firms. The results support Brown et al.’s (2009) finding in the USA and suggest that the earnings surprise warnings affect information asymmetries. Practical implications – This paper justifies the mandatory earnings surprise warnings policy issued by Chinese Securities Regulatory Commission in 2006. Originality/value – Mandatory earnings surprise is a unique practical regulation for publicly listed firms in China. This paper, for the first time, provides empirical evaluation on the effectiveness of a mandatory information disclosure policy in China. Consistent with existing literature on information disclosure by public firms in other countries, this paper finds that, in China, voluntary information disclosure captures more private information than mandatory information disclosure on corporate earnings ability.
Resumo:
Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system-and the model-into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright (C) 2010 John Wiley & Sons, Ltd.
Resumo:
This article investigates the causes in the reduction of labor force participation of the old. We argue that the changes in social security policy, in technology and in demography may account for most of the changes in retirement over the second part of the last century in the U.S. economy. We develop a dynamic general equilibrium model with endogenous retirement that embeds social security legislation. The model is able to match very closely the increase in the retirement rate of males aged 65 and older. It also quanti es the isolated impact on retirement and on the solvency of the social security system of the di¤erent factors. The model suggests that technological and demographic changes had a strong in uence on retirement, so that it would have increased signi cantly even if the social security rules had not changed. However, as the latter became much more generous in the past, changes in social security policy can account not only for a sizeable part of the expansion of retirement, but also for the most of the observed increase in the social security expenses as a share of GDP.
Resumo:
This article investigates the causes in the reduction of labor force participation of the old. We argue that the changes in social security policy, in technology and in demography may account for most of the changes in retirement over the second part of the last century in the U.S. economy. We develop a dynamic general equilibrium model with endogenous retirement that embeds social security legislation. The model is able to match very closely the increase in the retirement rate of males aged 65 and older. It also quanti es the isolated impact on retirement and on the solvency of the social security system of the di¤erent factors. The model suggests that technological and demographic changes had a strong in uence on retirement, so that it would have increased signi cantly even if the social security rules had not changed. However, as the latter became much more generous in the past, changes in social security policy can account not only for a sizeable part of the expansion of retirement, but also for the most of the observed increase in the social security expenses as a share of GDP.
Resumo:
This article studies the determinants of the labor force participation of the elderly and investigates the factors that may account for the increase in retirement in the second half of the last century. We develop a life-cycle general equilibrium model with endogenous retirement that embeds Social Security legislation and Medicare. Individuals are ex ante heterogeneous with respect to their preferences for leisure and face uncertainty about labor productivity, health status and out-of-pocket medical expenses. The model is calibrated to the U.S. economy in 2000 and is able to reproduce very closely the retirement behavior of the American population. It reproduces the peaks in the distribution of Social Security applications at ages 62 and 65 and the observed facts that low earners and unhealthy individuals retire earlier. It also matches very closely the increase in retirement from 1950 to 2000. Changes in Social Security policy - which became much more generous - and the introduction of Medicare account for most of the expansion of retirement. In contrast, the isolated impact of the increase in longevity was a delaying of retirement.
Resumo:
Pós-graduação em Ciência da Computação - IBILCE
Resumo:
The technologies are rapidly developing, but some of them present in the computers, as for instance their processing capacity, are reaching their physical limits. It is up to quantum computation offer solutions to these limitations and issues that may arise. In the field of information security, encryption is of paramount importance, being then the development of quantum methods instead of the classics, given the computational power offered by quantum computing. In the quantum world, the physical states are interrelated, thus occurring phenomenon called entanglement. This study presents both a theoretical essay on the merits of quantum mechanics, computing, information, cryptography and quantum entropy, and some simulations, implementing in C language the effects of entropy of entanglement of photons in a data transmission, using Von Neumann entropy and Tsallis entropy.
Resumo:
The climate change narrative has changed from one of mitigation to one of adaptation. Governments around the world have created climate change frameworks which address how the country can better cope with the expected and unexpected changes due to global climate change. In an effort to do so, federal governments of Canada and the United States, as well as some provinces and states within these countries, have created detailed documents which outline what steps must be taken to adapt to these changes. However, not much is mentioned about how these steps will be translated in to policy, and how that policy will eventually be implemented. To examine the ability of governments to acknowledge and incorporate the plethora of scientific information to policy, consideration must be made for policy capacity. This report focuses on three sectors: water supply and demand; drought and flood planning; and forest and grassland ecosystems, and the word ‘capacity’ as related to nine different forms of policy capacity acknowledged in these frameworks. Qualitative content analysis using NVivo was carried out on fifty four frameworks and the results obtained show that there is a greater consideration for managerial capacity compared to analytical or political capacity. The data also indicated that although there were more Canadian frameworks which referred to policy capacity, the frameworks from the United States actually considered policy capacity to a greater degree.
Resumo:
File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux.
Resumo:
Since the emergence of the Internet and Social Media, privacy concerns and need for regulation in this area have been a frequent subject on the agenda of numerous stakeholders and policy-makers worldwide. Contributing to this debate, this paper builds on the responses of 553 Internet users to uncover users’ current privacy concerns and their attitudes towards legal assurances in this context. Our findings suggest that users have a complex attitude towards these issues. While they express strong concerns about privacy when asked directly, they often have difficulties formulating the exact nature of these concerns. In the Facebook context, Facebook itself is often mentioned as the primary source of threat, closely followed by marketing organizations. Users feel ill-protected by existing legal framework, especially when using Social Networking Sites. Reasons include common beliefs that the law is unable to address complexities of the Internet; local character of laws; possibilities to disregard the law, particularly since enforcement is difficult. Overall, positive changes in legal framework are desirable, with many respondents willing to pay more in taxes to ensure progress in this area.
Resumo:
As the clock is ticking for a positive outcome at the Ninth WTO Ministerial Conference to be held in Bali in December 2013, agricultural negotiators are scrambling to find solutions to issues such as tariff-rate quota (TRQ) administration and export competition in order to improve trade flows. The main issue seems to be whether WTO rules applying to public stockpiles in developing countries need to be changed or temporarily suspended as a means to enhance national food security. This paper is based on a note submitted to the ICTSD-IPC Expert Group “Meeting on Agriculture and Food Security – Policy Options for MC9 and beyond” (Geneva, June 2013). It lists the policy instruments impacting on global, national and (urban and rural) household food security – “The Food Security Tool Box” – and asks which immediate decisions the WTO Ministers might take in this field despite the political difficulties such as continued agro-dumping practices or the “land grab” issue. Three such “deliverables” are outlined: (i) regional and “virtual” food security schemes could be allowed to provide reserves to other countries without violating the obligation to “form an integral part of a food security programme identified in national legislation” (Agreement on Agriculture, Annex II, para 3); (ii) TRQ under-fills could be improved by mandatory enquiries into low fill rate situations; and (iii) World Food Program (WFP) and other non-commercial food purchases could be exempted from export restrictions and prohibitions. High ambitions for Bali seem to be misplaced. A more realistic yet real progress could restore the dwindling credibility of the WTO as a forum for trade negotiations.
Resumo:
Decision strategies aim at enabling reasonable decisions in cases of uncertain policy decision problems which do not meet the conditions for applying standard decision theory. This paper focuses on decision strategies that account for uncertainties by deciding whether a proposed list of policy options should be accepted or revised (scope strategies) and whether to decide now or later (timing strategies). They can be used in participatory approaches to structure the decision process. As a basis, we propose to classify the broad range of uncertainties affecting policy decision problems along two dimensions, source of uncertainty (incomplete information, inherent indeterminacy and unreliable information) and location of uncertainty (information about policy options, outcomes and values). Decision strategies encompass multiple and vague criteria to be deliberated in application. As an example, we discuss which decision strategies may account for the uncertainties related to nutritive technologies that aim at reducing methane (CH4) emissions from ruminants as a means of mitigating climate change, limiting our discussion to published scientific information. These considerations not only speak in favour of revising rather than accepting the discussed list of options, but also in favour of active postponement or semi-closure of decision-making rather than closure or passive postponement.
Resumo:
Este proyecto está desarrollado sobre la seguridad de redes, y más concretamente en la seguridad perimetral. Para mostrar esto se hará una definición teórico-práctica de un sistema de seguridad perimetral. Para ello se ha desglosado el contenido en dos partes fundamentales, la primera incide en la base teórica relativa a la seguridad perimetral y los elementos más importantes que intervienen en ella, y la segunda parte, que es la implantación de un sistema de seguridad perimetral habitual en un entorno empresarial. En la primera parte se exponen los elementos más importantes de la seguridad perimetral, incidiendo en elementos como pueden ser cortafuegos, IDS/IPS, antivirus, proxies, radius, gestores de ancho de banda, etc. Sobre cada uno de ellos se explica su funcionamiento y posible configuración. La segunda parte y más extensa a la vez que práctica, comprende todo el diseño, implantación y gestión de un sistema de seguridad perimetral típico, es decir, el que sería de aplicación para la mayoría de las empresas actuales. En esta segunda parte se encontrarán primeramente las necesidades del cliente y situación actual en lo que a seguridad se refiere, con los cuales se diseñará la arquitectura de red. Para comenzar será necesario definir formalmente unos requisitos previos, para satisfacer estos requisitos se diseñará el mapa de red con los elementos específicos seleccionados. La elección de estos elementos se hará en base a un estudio de mercado para escoger las mejores soluciones de cada fabricante y que más se adecúen a los requisitos del cliente. Una vez ejecutada la implementación, se diseñará un plan de pruebas, realizando las pruebas de casos de uso de los diferentes elementos de seguridad para asegurar su correcto funcionamiento. El siguiente paso, una vez verificado que todos los elementos funcionan de forma correcta, será diseñar un plan de gestión de la plataforma, en el que se detallan las rutinas a seguir en cada elemento para conseguir que su funcionamiento sea óptimo y eficiente. A continuación se diseña una metodología de gestión, en las que se indican los procedimientos de actuación frente a determinadas incidencias de seguridad, como pueden ser fallos en elementos de red, detección de vulnerabilidades, detección de ataques, cambios en políticas de seguridad, etc. Finalmente se detallarán las conclusiones que se obtienen de la realización del presente proyecto. ABSTRACT. This project is based on network security, specifically on security perimeter. To show this, a theoretical and practical definition of a perimeter security system will be done. This content has been broken down into two main parts. The first part is about the theoretical basis on perimeter security and the most important elements that it involves, and the second part is the implementation of a common perimeter security system in a business environment. The first part presents the most important elements of perimeter security, focusing on elements such as firewalls, IDS / IPS, antivirus, proxies, radius, bandwidth managers, etc... The operation and possible configuration of each one will be explained. The second part is larger and more practical. It includes all the design, implementation and management of a typical perimeter security system which could be applied in most businesses nowadays. The current status as far as security is concerned, and the customer needs will be found in this second part. With this information the network architecture will be designed. In the first place, it would be necessary to define formally a prerequisite. To satisfy these requirements the network map will be designed with the specific elements selected. The selection of these elements will be based on a market research to choose the best solutions for each manufacturer and are most suited to customer requirements. After running the implementation, a test plan will be designed by testing each one of the different uses of all the security elements to ensure the correct operation. In the next phase, once the proper work of all the elements has been verified, a management plan platform will be designed. It will contain the details of the routines to follow in each item to make them work optimally and efficiently. Then, a management methodology will be designed, which provides the procedures for action against certain security issues, such as network elements failures, exploit detection, attack detection, security policy changes, etc.. Finally, the conclusions obtained from the implementation of this project will be detailed.
Resumo:
Conventional dual-rail precharge logic suffers from difficult implementations of dual-rail structure for obtaining strict compensation between the counterpart rails. As a light-weight and high-speed dual-rail style, balanced cell-based dual-rail logic (BCDL) uses synchronised compound gates with global precharge signal to provide high resistance against differential power or electromagnetic analyses. BCDL can be realised from generic field programmable gate array (FPGA) design flows with constraints. However, routings still exist as concerns because of the deficient flexibility on routing control, which unfavourably results in bias between complementary nets in security-sensitive parts. In this article, based on a routing repair technique, novel verifications towards routing effect are presented. An 8 bit simplified advanced encryption processing (AES)-co-processor is executed that is constructed on block random access memory (RAM)-based BCDL in Xilinx Virtex-5 FPGAs. Since imbalanced routing are major defects in BCDL, the authors can rule out other influences and fairly quantify the security variants. A series of asymptotic correlation electromagnetic (EM) analyses are launched towards a group of circuits with consecutive routing schemes to be able to verify routing impact on side channel analyses. After repairing the non-identical routings, Mutual information analyses are executed to further validate the concrete security increase obtained from identical routing pairs in BCDL.
