785 resultados para Governance of security
Resumo:
Notwithstanding the obvious potential advantages of information and communications technology (ICT) in the enhanced provision of healthcare services, there are some concerns associated with integration of and access to electronic health records. A security violation in health records, such as an unauthorised disclosure or unauthorised alteration of an individual's health information, can significantly undermine both healthcare providers' and consumers' confidence and trust in e-health systems. A crisis in confidence in any national level e-health system could seriously degrade the realisation of the system's potential benefits. In response to the privacy and security requirements for the protection of health information, this research project investigated national and international e-health development activities to identify the necessary requirements for the creation of a trusted health information system architecture consistent with legislative and regulatory requirements and relevant health informatics standards. The research examined the appropriateness and sustainability of the current approaches for the protection of health information. It then proposed an architecture to facilitate the viable and sustainable enforcement of privacy and security in health information systems under the project title "Open and Trusted Health Information Systems (OTHIS)". OTHIS addresses necessary security controls to protect sensitive health information when such data is at rest, during processing and in transit with three separate and achievable security function-based concepts and modules: a) Health Informatics Application Security (HIAS); b) Health Informatics Access Control (HIAC); and c) Health Informatics Network Security (HINS). The outcome of this research is a roadmap for a viable and sustainable architecture for providing robust protection and security of health information including elucidations of three achievable security control subsystem requirements within the proposed architecture. The successful completion of two proof-of-concept prototypes demonstrated the comprehensibility, feasibility and practicality of the HIAC and HIAS models for the development and assessment of trusted health systems. Meanwhile, the OTHIS architecture has provided guidance for technical and security design appropriate to the development and implementation of trusted health information systems whilst simultaneously offering guidance for ongoing research projects. The socio-economic implications of this research can be summarised in the fact that this research embraces the need for low cost security strategies against economic realities by using open-source technologies for overall test implementation. This allows the proposed architecture to be publicly accessible, providing a platform for interoperability to meet real-world application security demands. On the whole, the OTHIS architecture sets a high level of security standard for the establishment and maintenance of both current and future health information systems. This thereby increases healthcare providers‘ and consumers‘ trust in the adoption of electronic health records to realise the associated benefits.
Resumo:
The recent exponential rise in the number of behaviour disorders has been the focus of a wide range of commentaries, ranging from the pedagogic and the administrative, to the sociological, and even the legal. This book will be the first to apply, in a systematic and thorough manner, the ideas of the foundational discipline of philosophy. A number of philosophical tools are applied here, tools arising through the medium of the traditional philosophical debates, such as those concerning governance, truth, logic, ethics, free-will, law and language. Each forms a separate chapter, but together they constitute a comprehensive, rigorous and original insight into what is now an important set of concerns for all those interested in the governance of children. The intention is threefold: first, to demonstrate the utility, accessibility and effectiveness of philosophical ideas within this important academic area. Philosophy does not have to be regarded an arcane and esoteric discipline, with only limited contemporary application, far from it. Second, the book offers a new set of approaches and ideas for both researchers and practitioners within education, a field is in danger of continually using the same ideas, to endlessly repeat the same conclusions. Third, the book offers a viable alternative to the dominant psychological model which increasingly employs pathology as its central rationale for conduct. The book would not only be of interest to mainstream educators, and to those students and academics interested in philosophy, and more specifically, the application of philosophical ideas to educational issues, it would also be an appropriate text for courses on education and difference, and due to the breadth of the philosophical issues addressed, courses on applied philosophy.
Resumo:
Video surveillance systems using Closed Circuit Television (CCTV) cameras, is one of the fastest growing areas in the field of security technologies. However, the existing video surveillance systems are still not at a stage where they can be used for crime prevention. The systems rely heavily on human observers and are therefore limited by factors such as fatigue and monitoring capabilities over long periods of time. This work attempts to address these problems by proposing an automatic suspicious behaviour detection which utilises contextual information. The utilisation of contextual information is done via three main components: a context space model, a data stream clustering algorithm, and an inference algorithm. The utilisation of contextual information is still limited in the domain of suspicious behaviour detection. Furthermore, it is nearly impossible to correctly understand human behaviour without considering the context where it is observed. This work presents experiments using video feeds taken from CAVIAR dataset and a camera mounted on one of the buildings Z-Block) at the Queensland University of Technology, Australia. From these experiments, it is shown that by exploiting contextual information, the proposed system is able to make more accurate detections, especially of those behaviours which are only suspicious in some contexts while being normal in the others. Moreover, this information gives critical feedback to the system designers to refine the system.
Resumo:
Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, an important security attribute called key compromise impersonation (KCI) resilience has been completely ignored for the case of GKE protocols. Informally, a protocol is said to provide KCI resilience if the compromise of the long-term secret key of a protocol participant A does not allow the adversary to impersonate an honest participant B to A. In this paper, we argue that KCI resilience for GKE protocols is at least as important as it is for 2PKE protocols. Our first contribution is revised definitions of security for GKE protocols considering KCI attacks by both outsider and insider adversaries. We also give a new proof of security for an existing two-round GKE protocol under the revised security definitions assuming random oracles. We then show how to achieve insider KCIR in a generic way using a known compiler in the literature. As one may expect, this additional security assurance comes at the cost of an extra round of communication. Finally, we show that a few existing protocols are not secure against outsider KCI attacks. The attacks on these protocols illustrate the necessity of considering KCI resilience for GKE protocols.
Resumo:
Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.
Resumo:
Since 1980 there has been an increasing incidence of the use of public inquiries as a process through which scandals raising patient safety and health care quality concerns can be subject to highly public scrutiny. The use of public inquiries and their impact on the governance of health or social systems, especially around issues of patient or client safety, has been examined by a number of commentators (Butler and Drakeford 2003, Masso and Eager 2009, Stanley and Manthorpe 2004, Walshe and Higgins 2002) but public inquiries into scandals in the health system also raise a question about the impact of these inquiries on public perceptions about the adequacy of the various mechanisms for health professional regulation...
Resumo:
The advancements of technology in the field of public transport have been considerable. Information Technology (IT) has made the dissemination of information effortless, contributing to reduced perceived waiting time, increased sense of security, and value for money. Nevertheless, and in light of the ever more obvious widespread presence of powerful mobile devices, it seems that the use of technology may be geared towards supplementary services other than telematics. Looking at it from a passenger’s perspective, this article provides an overview of what IT-based services are currently offered in public transport and what is their assessed impact. We finalise by putting forward possible directions that future services might follow, and stress out the necessity to come up with frameworks that enable for the impact assessment on service quality and customer satisfaction.
Resumo:
Amongst the most vulnerable workers in a neoliberal world are retail employees. In many countries these low paid workers comprise around 10 per cent of the workforce. The retail labour market is highly feminised, in some countries quite youthful and often part time or in various forms of precarious employment. The industry and its unions have however rarely been studied by academics. A three-country research team (United Kingdom, Australia and New Zealand) is investigating retail union strategy across these Anglophone countries in order to determine how, and how effectively, unions are contributing to workplace justice for retail workers.
Resumo:
While prior research has addressed how collective workplace outcomes are negotiated between employers and trade unions, less attention has been afforded to the ‘everyday’, micro-level exchanges between managers and employees in adjusting work, alongside the ‘standard’ terms and conditions set out in employment contracts. Building on previous work on idiosyncratic deals and requests for flexible scheduling, this article presents the findings from a survey of Australian parents which addressed manager-employee exchanges which led to customized work arrangements. The survey examined the frequency with which various employment terms and conditions were negotiated, who initiated the interactions, where they occurred, and the extent of perceived compromise. The study revealed that manager-employee exchanges occur frequently in the context of roles in nuclear and extended families, and are influenced by the parameters around which formal childcare and educational settings function. Women rated the exchanges as more important than men, but men and women were similarly comfortable with the interactions and satisfied with outcomes. The findings have important implications for managers and organizations in terms of balancing the goals of efficiency with employees’ preferences for workplace flexibility and other terms beyond those which are standardized.
Resumo:
With the advent of large-scale wind farms and their integration into electrical grids, more uncertainties, constraints and objectives must be considered in power system development. It is therefore necessary to introduce risk-control strategies into the planning of transmission systems connected with wind power generators. This paper presents a probability-based multi-objective model equipped with three risk-control strategies. The model is developed to evaluate and enhance the ability of the transmission system to protect against overload risks when wind power is integrated into the power system. The model involves: (i) defining the uncertainties associated with wind power generators with probability measures and calculating the probabilistic power flow with the combined use of cumulants and Gram-Charlier series; (ii) developing three risk-control strategies by specifying the smallest acceptable non-overload probability for each branch and the whole system, and specifying the non-overload margin for all branches in the whole system; (iii) formulating an overload risk index based on the non-overload probability and the non-overload margin defined; and (iv) developing a multi-objective transmission system expansion planning (TSEP) model with the objective functions composed of transmission investment and the overload risk index. The presented work represents a superior risk-control model for TSEP in terms of security, reliability and economy. The transmission expansion planning model with the three risk-control strategies demonstrates its feasibility in the case study using two typical power systems
Resumo:
This article provides an overview on some of the key aspects that relate to the co-evolution of languages and its associated content in the Internet environment. A focus on such a co-evolution is pertinent as the evolution of languages in the Internet environment can be better understood if the development of its existing and emerging content, that is, the content in the respective language, is taken into consideration. By doing so, this article examines two related aspects: the governance of languages at critical sites of the Internet environment, including ICANN, Wikipedia and Google Translate. Following on from this examination, the second part outlines how the co-evolution of languages and associated content in the Internet environment extends policy-making related to linguistic pluralism. It is argued that policies which centre on language availability in the Internet environment must shift their focus to the dynamics of available content instead. The notion of language pairs as a new regime of intersection for both languages and content is discussed to introduce an extended understanding of the uses of linguistic pluralism in the Internet environment. The ultimate extrapolation of such an enhanced approach, it is argued, centres less on 6,000 languages but, instead, on 36 million language pairs. This article describes how such a powerful resource evolves in the Internet environment.
Resumo:
Modern applications comprise multiple components, such as browser plug-ins, often of unknown provenance and quality. Statistics show that failure of such components accounts for a high percentage of software faults. Enabling isolation of such fine-grained components is therefore necessary to increase the robustness and resilience of security-critical and safety-critical computer systems. In this paper, we evaluate whether such fine-grained components can be sandboxed through the use of the hardware virtualization support available in modern Intel and AMD processors. We compare the performance and functionality of such an approach to two previous software based approaches. The results demonstrate that hardware isolation minimizes the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution's correctness. We also show that our relatively simple implementation has equivalent run-time performance, with overheads of less than 34%, does not require custom tool chains and provides enhanced functionality over software-only approaches, confirming that hardware virtualization technology is a viable mechanism for fine-grained component isolation.
Resumo:
All civil and private aircraft are required to comply with the airworthiness standards set by their national airworthiness authority and throughout their operational life must be in a condition of safe operation. Aviation accident data shows that over twenty percent of all fatal accidents in aviation are due to airworthiness issues, specifically aircraft mechanical failures. Ultimately it is the responsibility of each registered operator to ensure that their aircraft remain in a condition of safe operation, and this is done through both effective management of airworthiness activities and the effective program governance of safety outcomes. Typically, the projects within these airworthiness management programs are focused on acquiring, modifying and maintaining the aircraft as a capability supporting the business. Program governance provides the structure through which the goals and objectives of airworthiness programs are set along with the means of attaining them. Whilst the principal causes of failures in many programs can be traced to inadequate program governance, many of the failures in large scale projects can have their root causes in the organisational culture and more specifically in the organisational processes related to decision-making. This paper examines the primary theme of project and program based enterprises, and introduces a model for measuring organisational culture in airworthiness management programs using measures drawn from 211 respondents in Australian airline programs. The paper describes the theoretical perspectives applied to modifying an original model to specifically focus it on measuring the organisational culture of programs for managing airworthiness; identifying the most important factors needed to explain the relationship between the measures collected, and providing a description of the nature of these factors. The paper concludes by identifying a model that best describes the organisational culture data collected from seven airworthiness management programs.
Resumo:
To protect the health information security, cryptography plays an important role to establish confidentiality, authentication, integrity and non-repudiation. Keys used for encryption/decryption and digital signing must be managed in a safe, secure, effective and efficient fashion. The certificate-based Public Key Infrastructure (PKI) scheme may seem to be a common way to support information security; however, so far, there is still a lack of successful large-scale certificate-based PKI deployment in the world. In addressing the limitations of the certificate-based PKI scheme, this paper proposes a non-certificate-based key management scheme for a national e-health implementation. The proposed scheme eliminates certificate management and complex certificate validation procedures while still maintaining security. It is also believed that this study will create a new dimension to the provision of security for the protection of health information in a national e-health environment.
Resumo:
The dynamic capabilities view (DCV) focuses on renewal of firms’ strategic knowledge resources so as to sustain competitive advantage within turbulent markets. Within the context of the DCV, the focus of knowledge management (KM) is to develop the KMC through deploying knowledge governance mechanisms that are conducive to facilitating knowledge processes so as to produce superior business performance over time. The essence of KM performance evaluation is to assess how well the KMC is configured with knowledge governance mechanisms and processes that enable a firm to achieve superior performance through matching its knowledge base with market needs. However, little research has been undertaken to evaluate KM performance from the DCV perspective. This study employed a survey study design and adopted hypothesis-testing approaches to develop a capability-based KM evaluation framework (CKMEF) that upholds the basic assertions of the DCV. Under the governance of the framework, a KM index (KMI) and a KM maturity model (KMMM) were derived not only to indicate the extent to which a firm’s KM implementations fulfill its strategic objectives, and to identify the evolutionary phase of its KMC, but also to bench-mark the KMC in the research population. The research design ensured that the evaluation framework and instruments have statistical significance and good generalizabilty to be applied in the research population, namely construction firms operating in the dynamic Hong Kong construction market. The study demonstrated the feasibility of quantitatively evaluating the development of the KMC and revealing the performance heterogeneity associated with the development.
