Could the Outsourcing of Incident Response Management provide a Blueprint for Managing Other Cloud Security Requirements?

Postprint

Environmental assessment for commercial buildings: Stakeholder requirements and tool characteristics

The Cooperative Research Centre for Construction Innovation (CRC CI) is a national research, development and implementation centre focused on the needs of the property, design, construction and facility management sectors. Established in 2001 and headquartered at Queensland University of Technology as an unincorporated joint venture under the Australian Government's Cooperative Research Program, the CRC CI is developing key technologies, tools and management systems to improve the effectiveness of the construction industry. The CRC CI is a seven year project funded by a Commonwealth grant and industry, research and other government support. More than 150 researchers and an alliance of 19 leading partner organisations are involved in and support the activities of the CRC CI

A comparative study – regulatory requirements on subdivisions for increasing passive cooling

This is the third in a series of reports planned for this project. The aim of this research is to conduct a comparative study of current legislation or guidelines at the federal, state and local government levels to confirm if any natural ventilation criteria are required at the subdivision development stage of planning. It also seeks to discover if there are any other incentives, statutory planning or development principles that encourage developers to orient subdivision lots to maximize natural ventilation for the dwellings. Findings from the research in this report are intended to contribute to the discussion on the development of an enhanced lot rating methodology for sustainable subdivisions as documented in other reports in this series.

A comparative study : regulatory requirements on subdivisions for increasing passive cooling

A major project in the Sustainable Built Assets core area is the Sustainable Sub-divisions – Ventilation Project that is the second stage of a planned series of research projects focusing on sustainable sub-divisions. The initial project, Sustainable Sub-divisions: Energy focused on energy efficiency and examined the link between dwelling energy efficiency and sub-divisional layout. In addition, the potential for on site electricity generation, especially in medium and high-density developments, was also examined. That project recommended that an existing lot-rating methodology be adapted for use in SEQ through the inclusion of sub divisional appropriate ventilation data. Acquiring that data is the object of this project. The Sustainable Sub-divisions; Ventilation Project will produce a series of reports. The first report (Report 2002-077-B-01) summarised the results from an industry workshop and interviews that were conducted to ascertain the current attitudes and methodologies used in contemporary sub-division design in South East Queensland. The second report (Report 2002-077-B-02) described how the project is being delivered as outlined in the Project Agreement. It included the selection of the case study dwellings and monitoring equipment and data management process. This third report (Report 2002-077-B-03) provides an analysis and review of the approaches recommended by leading experts, government bodies and professional organizations throughout Australia that aim to increase the potential for passive cooling and heating at the subdivision stage. This data will inform issues discussed on the development of the enhanced lot-rating methodology in other reports of this series. The final report, due in June 2007, will detail the analysis of data for winter 2006 and summer 2007, leading to the development and delivery of the enhanced lot-rating methodology.

Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Data and process requirements for product recall coordination

When an organisation becomes aware that one of its products may pose a safety risk to customers, it must take appropriate action as soon as possible or it can be held liable. The ability to automatically trace potentially dangerous goods through the supply chain would thus help organisations fulfill their legal obligations in a timely and effective manner. Furthermore, product recall legislation requires manufacturers to separately notify various government agencies, the health department and the public about recall incidents. This duplication of effort and paperwork can introduce errors and data inconsistencies. In this paper, we examine traceability and notification requirements in the product recall domain from two perspectives: the activities carried out during the manufacturing and recall processes and the data collected during the enactment of these processes. We then propose a workflow-based coordination framework to support these data and process requirements.

Ethical review in creative industries and other practice-based research

The processes used in Australian universities for reviewing the ethics of research projects are based on the traditions of research and practice from the medical and health sciences. The national guidelines for ethical conduct in research are heavily based on presumptions that the researcher–participant relationship is similar to a doctor–patient relationship. The National Health and Medical Research Council, Australian Research Council and Australian Vice-Chancellors’ Committee have made a laudable effort to fix this problem by releasing the National Statement on Ethical Conduct in Human Research in 2007, to replace the 1999 National Statement on Ethical Conduct in Research Involving Humans. The new statement better encompasses the needs of the humanities, social sciences and creative industries. However, this paper argues that the revised National Statement and ethical review processes within universities still do not fully encompass the definitions of ‘research’ and the requirements, traditions, codes of practice and standards of the humanities, social sciences and creative industries. The paper argues that scholars within these disciplines often lack the language to articulate their modes of practice and risk management strategies to university-level ethics committees. As a consequence, scholars from these disciplines may find their research is delayed or stymied. The paper focuses on creative industries researchers, and explores the issues that they face in managing the ethical review process, particularly when engaging in practice-based research. Although the focus is on the creative industries, the issues are relevant to most fields in the humanities and social sciences.

Data requirements and graph data structures for a multi-modal, multi-objective trip planner

Traffic congestion has a significant impact on the economy and environment. Encouraging the use of multimodal transport (public transport, bicycle, park’n’ride, etc.) has been identified by traffic operators as a good strategy to tackle congestion issues and its detrimental environmental impacts. A multi-modal and multi-objective trip planner provides users with various multi-modal options optimised on objectives that they prefer (cheapest, fastest, safest, etc) and has a potential to reduce congestion on both a temporal and spatial scale. The computation of multi-modal and multi-objective trips is a complicated mathematical problem, as it must integrate and utilize a diverse range of large data sets, including both road network information and public transport schedules, as well as optimising for a number of competing objectives, where fully optimising for one objective, such as travel time, can adversely affect other objectives, such as cost. The relationship between these objectives can also be quite subjective, as their priorities will vary from user to user. This paper will first outline the various data requirements and formats that are needed for the multi-modal multi-objective trip planner to operate, including static information about the physical infrastructure within Brisbane as well as real-time and historical data to predict traffic flow on the road network and the status of public transport. It will then present information on the graph data structures representing the road and public transport networks within Brisbane that are used in the trip planner to calculate optimal routes. This will allow for an investigation into the various shortest path algorithms that have been researched over the last few decades, and provide a foundation for the construction of the Multi-modal Multi-objective Trip Planner by the development of innovative new algorithms that can operate the large diverse data sets and competing objectives.

Normative requirements for business process compliance

Norms regulate the behaviour of their subjects and define what is legal and what is illegal. Norms typically describe the conditions under which they are applicable and the normative effects as a results of their applications. On the other hand, process models specify how a business operation or service is to be carried out to achieve a desired outcome. Norms can have significant impact on how business operations are conducted and they can apply to the whole or part of a business process. For example, they may impose conditions on the different aspects of a process (e.g., perform tasks in a specific sequence (control-flow), at a specific time or within a certain time frame (temporal aspect), by specific people (resources)). We propose a framework that provides the formal semantics of the normative requirements for determining whether a business process complies with a normative document (where a normative document can be understood in a very broad sense, ranging from internal policies to best practice policies, to statutory acts). We also present a classification of normal requirements based on the notion of different types of obligations and the effects of violating these obligations.

Double standards in special medical research : questioning the discrepancy between requirements for medical research involving incompetent adults and medical research involving children

Medical research represents a substantial departure from conventional medical care. Medical care is patient-orientated, with decisions based on the best interests and/or wishes of the person receiving the care. In contrast, medical research is future-directed. Primarily it aims to contribute new knowledge about illness or disease, or new knowledge about interventions, such as drugs, that impact upon some human condition. Current State and Territory laws and research ethics guidelines in Australia relating to the review of medical research appropriately acknowledge that the functions of medical care and medical research differ. Prior to a medical research project commencing, the study must be reviewed and approved by a Human Research Ethics Committee (HREC). For medical research involving incompetent adults, some jurisdictions require an additional, independent safeguard by way of tribunal or court approval of medical research protocols. This extra review process reflects the uncertainty of medical research involvement, and the difficulties surrogate decision-makers of incompetent adults face in making decisions about others, and deliberating about the risks and benefits of research involvement. Parents of children also face the same difficulties when making decisions about their child’s research involvement. However, unlike the position concerning incompetent adults, there are no similar safeguards under Australian law in relation to the approval of medical research involving children. This column questions why this discrepancy exists with a view to generating further dialogue on the topic.

Understanding requirements of novel healthcare information systems for management of advanced prostate cancer

Effective management of chronic diseases is a global health priority. A healthcare information system offers opportunities to address challenges of chronic disease management. However, the requirements of health information systems are often not well understood. The accuracy of requirements has a direct impact on the successful design and implementation of a health information system. Our research describes methods used to understand the requirements of health information systems for advanced prostate cancer management. The research conducted a survey to identify heterogeneous sources of clinical records. Our research showed that the General Practitioner was the common source of patient's clinical records (41%) followed by the Urologist (14%) and other clinicians (14%). Our research describes a method to identify diverse data sources and proposes a novel patient journey browser prototype that integrates disparate data sources.

Data requirements of hedonic models in determining the impact of infrastructure charges on new housing costs

The use of hedonic models to estimate the effects of various factors on house prices is well established. This paper examines a number of international hedonic house price models that seek to quantify the effect of infrastructure charges on new house prices. This work is an important factor in the housing affordability debate, with many governments in high growth areas having user-pays infrastructure charging policies operating in tandem with housing affordability objectives, with no empirical evidence on the impact of one on the other. This research finds there is little consistency between existing models and the data sets utilised. Specification appears dependent upon data availability rather than sound theoretical grounding. This may lead to a lack of external validity with model specification dependent upon data availability rather than sound theoretical grounding.

New sale and leasing requirements for owners of swimming pools and their application to strata schemes

This article considers the changes to the Swimming Pools Act 1992 (NSW)(Act) which established a State-wide online register of all private swimming pools in NSW requiring pool owners to register their pools by 19 November 2013. Amendments to the Act introduced changes to the conveyancing and residential tenancy regulations to require vendors and landlords to have a valid Compliance Certificate issued for their swimming pool before offering the property for sale or lease. This article provides a brief overview of the new sale and leasing requirements effective from 29 April 2014, focusing on its application to lot owners within strata and community title schemes and other owners of water front properties with pools on Crown Land Reserves.

Side Channel Analysis of Some Hash Based MACs: A Response to SHA-3 Requirements

The forthcoming NIST’s Advanced Hash Standard (AHS) competition to select SHA-3 hash function requires that each candidate hash function submission must have at least one construction to support FIPS 198 HMAC application. As part of its evaluation, NIST is aiming to select either a candidate hash function which is more resistant to known side channel attacks (SCA) when plugged into HMAC, or that has an alternative MAC mode which is more resistant to known SCA than the other submitted alternatives. In response to this, we perform differential power analysis (DPA) on the possible smart card implementations of some of the recently proposed MAC alternatives to NMAC (a fully analyzed variant of HMAC) and HMAC algorithms and NMAC/HMAC versions of some recently proposed hash and compression function modes. We show that the recently proposed BNMAC and KMDP MAC schemes are even weaker than NMAC/HMAC against the DPA attacks, whereas multi-lane NMAC, EMD MAC and the keyed wide-pipe hash have similar security to NMAC against the DPA attacks. Our DPA attacks do not work on the NMAC setting of MDC-2, Grindahl and MAME compression functions.