Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

The constitutional power to make war: domestic legal issues raised by Australia's action in Iraq

The legal power to declare war has traditionally been a part of a prerogative to be exercised solely on advice that passed from the King to the Governor-General no later than 1942. In 2003, the Governor- General was not involved in the decision by the Prime Minister and Cabinet to commit Australian troops to the invasion of Iraq. The authors explore the alternative legal means by which Australia can go to war - means the government in fact used in 2003 - and the constitutional basis of those means. While the prerogative power can be regulated and/or devolved by legislation, and just possibly by practice, there does not seem to be a sound legal basis to assert that the power has been devolved to any other person. It appears that in 2003 the Defence Minister used his legal powers under the Defence Act 1903 (Cth) (as amended in 1975) to give instructions to the service head(s). A powerful argument could be made that the relevant sections of the Defence Act were not intended to be used for the decision to go to war, and that such instructions are for peacetime or in bello decisions. If so, the power to make war remains within the prerogative to be exercised on advice. Interviews with the then Governor-General indicate that Prime Minister Howard had planned to take the matter to the Federal Executive Council 'for noting', but did not do so after the Governor-General sought the views of the then Attorney-General about relevant issues of international law. The exchange raises many issues, but those of interest concern the kinds of questions the Governor-General could and should ask about proposed international action and whether they in any way mirror the assurances that are uncontroversially required for domestic action. In 2003, the Governor-General's scrutiny was the only independent scrutiny available because the legality of the decision to go to war was not a matter that could be determined in the High Court, and the federal government had taken action in March 2002 that effectively prevented the matter coming before the International Court of Justice

The mandatory notification of data breaches : issues arising for Australian and EU legal developments

Public and private sector organisations are now able to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other jurisdictions. This article reviews US, Australian and EU legal developments regarding the mandatory notification of data breaches. The authors highlight areas of concern based on the extant US experience that require further consideration in Australia and in the EU.

Marketing VM services to achieve competitive advantage in the Malaysian Construction Sector

Value Management (VM) has been proven to provide a structured framework, together with supporting tools and techniques that facilitate effective decision-making in many types of projects, thus achieving ‘best value’ for clients. It is identified at International level as a natural career progression for the construction service provider and as an opportunity in developing leading-edge skills. The services offered by contractors and consultants in the construction sector have been expanding. In an increasingly competitive and global marketplace, firms are seeking ways to differentiate their services to ever more knowledgeable and demanding clients. The traditional demarcations have given way, and the old definition of what contractors, designers, engineers and quantity surveyors can, and cannot do in terms of their market offering has changed. Project management, design and cost and safety consultancy services, are being delivered by a diverse range of suppliers. Value management services have been developing in various sectors in industry; from manufacturing to the military and now construction. Given the growing evidence that VM has been successful in delivering value-for-money to the client, VM would appear to be gaining some momentum as an essential management tool in the Malaysian construction sector. The recently issued VM Circular 3/2009 by the Economic Planning Unit Malaysia (EPU) possibly marks a new beginning in public sector client acceptance on the strength of VM in construction. This paper therefore attempts to study the prospects of marketing the benefits of VM by construction service providers, and how it may provide an edge in an increasingly competitive Malaysian construction industry.

Analyzing requirements and approaches for sourcing software based services

Increasingly, software is no longer developed as a single system, but rather as a smart combination of so-called software services. Each of these provides an independent, specific and relatively small piece of functionality, which is typically accessible through the Internet from internal or external service providers. To the best of our knowledge, there are no standards or models that describe the sourcing process of these software based services (SBS). We identify the sourcing requirements for SBS and associate the key characteristics of SBS (with the sourcing requirements introduced). Furthermore, we investigate the sourcing of SBS with the related works in the field of classical procurement, business process outsourcing, and information systems sourcing. Based on the analysis, we conclude that the direct adoption of these approaches for SBS is not feasible and new approaches are required for sourcing SBS.

Analyzing requirements and approaches for sourcing software based services

Increasingly, software is no longer developed as a single system, but rather as a smart combination of so-called software services. Each of these provides an independent, specific and relatively small piece of functionality, which is typically accessible through the Internet from internal or external service providers. There are no standards or models that describe the sourcing process of these software based services (SBS). The authors identify the sourcing requirements for SBS and associate the key characteristics of SBS (with the sourcing requirements introduced). Furthermore, this paper investigates the sourcing of SBS with the related works in the field of classical procurement, business process outsourcing, and information systems sourcing. Based on the analysis, the authors conclude that the direct adoption of these approaches for SBS is not feasible and new approaches are required for sourcing SBS.

Elements of public asset management framework for local governments in developing countries

There is a widespread recognition to the need of better manage municipal property in most cities in the world. Structural problems across regional, state, and territorial governments that have legal powers to own and maintain real property are similar, regardless of the level of development of each country. Start from a very basic level of property inventory records. The need for better manage to the local government owned property is the result of widespread decentralisation initiatives that often have devolved huge property portfolios from central to local governments almost “overnight”. At the same time municipal or regional governments were and continue to be unprepared to deal with multiple issues related to the role of property owners and managers. The lack of discussion of public asset management especially the elements that should be incorporated in the framework creates an important challenge to study the discipline of public asset management further. The aim of this paper is to study the practices of public asset management in developed countries, especially the elements of public asset management framework, and its transferability to developing countries. A case study was selected and conducted to achieve this aim. They involved interviews and a focus group. The study found that in public asset management framework, proper asset identification, public asset needs analysis, asset life cycle and performance measurements are an important element that should be incorporated in the framework. Those elements are transferable and applicable to developing countries’ local governments. Finally, findings from this study provide useful input for the local government policy makers, scholars and asset management practitioners to establish a public asset management framework toward more efficient and effective local governments in managing their assets as well as increasing public services quality.

Finding a way through the ethical and legal maze : withdrawing medical treatment and euthanasia

This article examines Finnis' and Keown's claim that the intention/foresight distinction should be used as the basis for the lawfulness of withholding and withdrawing medical treatment, rather than the act/omission distinction which is currently used. I argue that whilst the intention/foresight distinction is sound and can apply to palliative pain relief hastening death, it cannot be applied to withholding and withdrawing medical treatment. Instead, the act/omission distinction remains the better basis for the lawfulness of withholding and withdrawal, and law reform is consequently unnecessary.