Information Security and Privacy : Proceedings of the 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004.

Preface The 9th Australasian Conference on Information Security and Privacy (ACISP 2004) was held in Sydney, 13–15 July, 2004. The conference was sponsored by the Centre for Advanced Computing – Algorithms and Cryptography (ACAC), Information and Networked Security Systems Research (INSS), Macquarie University and the Australian Computer Society. The aims of the conference are to bring together researchers and practitioners working in areas of information security and privacy from universities, industry and government sectors. The conference program covered a range of aspects including cryptography, cryptanalysis, systems and network security. The program committee accepted 41 papers from 195 submissions. The reviewing process took six weeks and each paper was carefully evaluated by at least three members of the program committee. We appreciate the hard work of the members of the program committee and external referees who gave many hours of their valuable time. Of the accepted papers, there were nine from Korea, six from Australia, five each from Japan and the USA, three each from China and Singapore, two each from Canada and Switzerland, and one each from Belgium, France, Germany, Taiwan, The Netherlands and the UK. All the authors, whether or not their papers were accepted, made valued contributions to the conference. In addition to the contributed papers, Dr Arjen Lenstra gave an invited talk, entitled Likely and Unlikely Progress in Factoring. This year the program committee introduced the Best Student Paper Award. The winner of the prize for the Best Student Paper was Yan-Cheng Chang from Harvard University for his paper Single Database Private Information Retrieval with Logarithmic Communication. We would like to thank all the people involved in organizing this conference. In particular we would like to thank members of the organizing committee for their time and efforts, Andrina Brennan, Vijayakrishnan Pasupathinathan, Hartono Kurnio, Cecily Lenton, and members from ACAC and INSS.

Governance of enterprise Information and Technology: A new core competency for boards of directors

With the level of digital disruption that is affecting businesses around the globe, you might expect high levels of Governance of Enterprise Information and Technology (GEIT) capability within boards. Boards and their senior executives know technology is important. More than 90% of boards and senior executives currently identify technology as essential to their current businesses, and to their organization’s future. But as few as 16% have sufficient GEIT capability. Global Centre for Digital Business Transformation’s recent research contains strong indicators of the need for change. Despite board awareness of both the likelihood and impact of digital disruption, things digital are still not viewed as a board-level matter in 45% of companies. And, it’s not just the board. The lack of board attention to technology can be mirrored at senior executive level as well. When asked about their organization’s attitude towards digital disruption, 43% of executives said their business either did not recognise it as a priority or was not responding appropriately. A further 32% were taking a “follower” approach, a potentially risky move as we will explain. Given all the evidence that boards know information and technology (I&T***) is vital, that they understand the inevitably, impact and speed of digital change and disruption, why are so many boards dragging their heels? Ignoring I&T disruption and refusing to build capability at board level is nothing short of negligence. Too many boards risk flying blind without GEIT capability [2]. To help build decision quality and I&T governance capability, this research: • Confirms a pressing need to build individual competency and cumulative, across-board capability in governing I&T • Identifies six factors that have rapidly increased the need, risk and urgency • Finds that boards may risk not meeting their duty of care responsibilities when it comes to I&T oversight • Highlights barriers to building capability details three GEIT competencies that boards and executives can use for evaluation, selection, recruitment and professional development.

The Art of Adaptation : A study on the Europeanization of Finland's foreign and security policy

This study examines how Finnish foreign and security policy has been influenced by the European Union and its Common Foreign and Security Policy. It points to a growing interplay and misfit between the external expectations originating from the European level and the domestic expectations and traditional ways-of-doing-things. It is concluded that the deepening European integration in the sphere of foreign, security and defence policy has played a significant role in a number of transformations in the Finnish policies since 1995. New, more European, meanings have been attached to the key concepts of Finnish foreign and security policy. Neutrality and traditional peacekeeping have been replaced by a minimalist reading of military non-alignment and participation in crisis management operations and EU battle groups. Traditional small state identity has been recast more and more as small member stateness . At the same time Finland has entered an era of post-consensus in national foreign and security policy. A key theoretical argument in the background of the study is that collective understandings attached to European policies, when not resonating well with domestic understandings, cause adaptation pressures on domestic-level processes and may lead to changes in the way interests and identities are constructed. This means that Europeanization is principally seen as identity reconstruction. Consequently, the theoretical framework of the study builds on the Europeanization research literature and constructivist IR theory on state identity. Foreign and security policy is defined as the practice in which state identity is reproduced, and the key foreign and security policy concepts are seen as the vehicles of identity production. It is concluded that for Finland, participation in the EU s foreign, security and defence policies represents not only a tool for responding to the changes in the international security environment but also a new means of self-identification. Concerning the Finnish attempts of projecting national interests on the European security policy agenda, it is concluded that they mainly relate to the compatibility of the potential development of EU s defence dimension with the Finnish military non-alignment. Although neutrality was cast aside in the official security policy when Finland joined the EU, the analysis shows that its impact has continued in the domestic political debate and in the mind-set of the decision-makers. The primary research material includes official Finnish foreign and security policy documentation and the related parliamentary debates from 1994 to 2007. This study serves also as a comprehensive empirical overview on Finland s reactions and contributions to the EU Common Foreign and Security Policy.

Information Security as Exemplified by Clandestine Collaboration and Influence Exerted by the Polish Internal Security Agency Officers on Journalists - De Lege Lata and De Lege Ferenda Regulations

The text addresses the issue of information security as exemplified by clandestine collaboration and the influence exerted by the Internal Security Agency officers upon journalists. The texts analyzes the de lege lata regulations as well as the de lege ferenda ones. As for the former, the penal provisions of the Act, that is Articles 153b–153d (Chapter 10a) are applicable, whereas as for the latter, the applicable regulations are the 2013 Bill Articles numbered 197-199 (Chapter 10). In both the 2002 Act on the Internal Security Agency and Foreign Intelligence Agency as well as in the 2013 draft Bill of the Internal Security Agency, the legislator penalizes the employment by the officers of the information acquired while fulfilling or in connection with official duties for the purpose of affecting the operation of public authority bodies, entrepreneurs or broadcasters, editors-in-chief, journalists and persons conducting publishing activity. Also, the text analyzes regulations concerned with the penalization of clandestine collaboration engaged in by ABW officers with a broadcaster, editor-in-chief, a journalist and a person conducting publishing activity.

Real-Time and Data-Driven Operation Optimization and Knowledge Discovery for an Enterprise Information System

An enterprise information system (EIS) is an integrated data-applications platform characterized by diverse, heterogeneous, and distributed data sources. For many enterprises, a number of business processes still depend heavily on static rule-based methods and extensive human expertise. Enterprises are faced with the need for optimizing operation scheduling, improving resource utilization, discovering useful knowledge, and making data-driven decisions.

This thesis research is focused on real-time optimization and knowledge discovery that addresses workflow optimization, resource allocation, as well as data-driven predictions of process-execution times, order fulfillment, and enterprise service-level performance. In contrast to prior work on data analytics techniques for enterprise performance optimization, the emphasis here is on realizing scalable and real-time enterprise intelligence based on a combination of heterogeneous system simulation, combinatorial optimization, machine-learning algorithms, and statistical methods.

On-demand digital-print service is a representative enterprise requiring a powerful EIS.We use real-life data from Reischling Press, Inc. (RPI), a digit-print-service provider (PSP), to evaluate our optimization algorithms.

In order to handle the increase in volume and diversity of demands, we first present a high-performance, scalable, and real-time production scheduling algorithm for production automation based on an incremental genetic algorithm (IGA). The objective of this algorithm is to optimize the order dispatching sequence and balance resource utilization. Compared to prior work, this solution is scalable for a high volume of orders and it provides fast scheduling solutions for orders that require complex fulfillment procedures. Experimental results highlight its potential benefit in reducing production inefficiencies and enhancing the productivity of an enterprise.

We next discuss analysis and prediction of different attributes involved in hierarchical components of an enterprise. We start from a study of the fundamental processes related to real-time prediction. Our process-execution time and process status prediction models integrate statistical methods with machine-learning algorithms. In addition to improved prediction accuracy compared to stand-alone machine-learning algorithms, it also performs a probabilistic estimation of the predicted status. An order generally consists of multiple series and parallel processes. We next introduce an order-fulfillment prediction model that combines advantages of multiple classification models by incorporating flexible decision-integration mechanisms. Experimental results show that adopting due dates recommended by the model can significantly reduce enterprise late-delivery ratio. Finally, we investigate service-level attributes that reflect the overall performance of an enterprise. We analyze and decompose time-series data into different components according to their hierarchical periodic nature, perform correlation analysis,

and develop univariate prediction models for each component as well as multivariate models for correlated components. Predictions for the original time series are aggregated from the predictions of its components. In addition to a significant increase in mid-term prediction accuracy, this distributed modeling strategy also improves short-term time-series prediction accuracy.

In summary, this thesis research has led to a set of characterization, optimization, and prediction tools for an EIS to derive insightful knowledge from data and use them as guidance for production management. It is expected to provide solutions for enterprises to increase reconfigurability, accomplish more automated procedures, and obtain data-driven recommendations or effective decisions.

What Attitude Changes Are Needed to Cause SMEs to Take a Strategic Approach to Information Security?

Spending on security in an SME usually has to compete with demands for hardware, infrastructure, and strategic applications. In this paper, the authors seek to explore the reasons why smaller SMEs in particular have consistently failed to see securing information as strategic year-on-year spending, and just regard as part of an overall tight IT budget. The authors scrutinise the typical SMEs reasoning for choosing to see non-spending on security as an acceptable strategic risk. They look particularly at possible reasons why SMEs tend not to take much notice of "scare stories" in the media based on research showing they are increasingly at risk, whilst larger businesses are taking greater precautions and become more difficult to penetrate. The results and their analysis provide useful pointers towards broader business environment changes that would cause SMEs to be more risk-averse and ethical in their approach to securing their own and their clients’ information.

Gender and human security : the challenge facing Canada's human security policy /

During the 1980's and for much of the 1990's, many countries in the Asia Pacific were renowned for their economic development and prosperity. The Asian tigers were a source of great interest for many economists and international investors. The 1997 Asian financial crisis, however, dramatically altered the growth and the performance of these economies. The crisis sent several ofAsia's best performing economies on a downward spiral from which many have yet to fully recover. The crisis exposed the financial and the political weaknesses ofmany countries in the region. Moreover, the crisis severely affected the wellbeing and the security ofmany ofthe region's citizens. This text will examine the economic crisis in greater detail and explore current debates in the study of international relations theory. More specifically, this paper will examine recent challenges posed to traditional international relations theory and address alternative approaches to this field of study. This paper will examine Critical theory and its role in shifting the referent object of security from the state to the individual. In this context, this paper will also assess Critical theory's role in enabling such issues as gender and human security to find a place on the agendas of international relations scholars and foreign policy makers. The central focus ofthis study will be the financial crisis and its impact on human security in the Southeast Asia. Furthermore, this paper will assess the recovery efforts ofthe domestic governments, international organizations and various Canadian sponsored initiatives in the context ofhuman security.