Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Stakeholder perspectives regarding the mandatory notification of Australian data breaches

The advent of data breach notification laws in the United States (US) has unearthed a significant problem involving the mismanagement of personal information by a range of public and private sector organisations. At present, there is currently no statutory obligation under Australian law requiring public or private sector organisations to report a data breach of personal information to law enforcement agencies or affected persons. However, following a comprehensive review of Australian privacy law, the Australian Law Reform Commission (ALRC) has recommended the introduction of a mandatory data breach notification scheme. The issue of data breach notification has ignited fierce debate amongst stakeholders, especially larger private sector entities. The purpose of this article is to document the perspectives of key industry and government representatives to identify their standpoints regarding an appropriate regulatory approach to data breach notification in Australia.

The aftermath of the Lehman Brothers collapse in Hong Kong : the saga, regulatory deficiencies and government responses

The paper examines the fallout of the Lehman Brothers collapse in Hong Kong. As an international financial hub in Asia, Hong Kong was profoundly affected by the collapse of this company. As a result, it impacted negatively on the public’s confidence in the Hong Kong’s banking sector. Furthermore, this event has exposed a number of regulatory deficiencies in Hong Kong. In response to this financial crisis, the Hong Kong government had made an unprecedented move to negotiate with local banks to refund the investors. In addition, the government has also sought public consultation on proposal to enhance the regulation of the sale of financial products. This paper argues that there needs to be amendments to the prevailing laws and the inclusions of legal rules to back up those proposed measures so that the disclosed information from the financial institution will not mislead the investors or misrepresent the products offered.

Public participation, values and interests in the procurement of infrastructure projects in Australia : a review and future research direction

In many countries, the main providers for major infrastructure projects are government or public agencies. Public infrastructure projects includes economic and social infrastructure such as transportation, education and health facilities. Most decision-making models for delivery of public infrastructure projects are heavily weighted towards financial/economic factors. In Australia, public participation is an essential instrument in the procurement of infrastructure and development within Australia. This study reviews the public participation, values and interests in the procurement of infrastructure projects in Australia, and identifies the research direction in this research area in order to improve the decision-making models that capture stakeholder social, economical and environmental concerns in infrastructure projects.

Evaluating sustainability of urban development and its contribution to a knowledge-base development

Purpose – The purpose of the paper is to discuss the components of urban sustainability as to their implications about knowledge-base economy and society Design/methodology/approach – An indexing model which can be used by the local government specifically in Australia is presented to generate sustainable urban development policies. The model consists of sustainable neighbourhood indicators and employs a spatial indexing method to measure the sustainability performance of the urban settings Originality/value – This methodology puts in evidence about the use of indexing methodology in the assessment of sustainable neighbourhood performance Practical implications – This model could be considered as a practical decision aid tool for local government planning agencies for the evaluation of development scenarios Keywords – knowledge-based urban development, sustainable urban development, sustainable transport, sustainability assessment Paper type – Academic Research Paper

Government : charity boundaries

The Preamble1 was the initial legislative statement of matters construed by government to constitute charitable purposes in a common law context. It provided an outline of what was to become the core agenda for government’s relationship with charity. The resulting implied partnership, as viewed by government, endured for four centuries and in many different cultural contexts across the common law world. During that period, judicial mediation on the balance to be struck between government interest in acquiring value for granting tax exempt privileges and the right of individuals to freely dispose of property in accordance with their particular altruistic wishes steadily broadened the range of purposes deemed to be charitable, the vagaries of donor choice often prevailing over government interest in acquiring value for tax exemption.

The application of public asset management in Indonesian local government : a case study in South Sulawesi Province

Purpose To identify the challenges faced by local government in Indonesia when adopting a Public Asset Management Framework. Design A Case Study in South Sulawesi Provincial Government was used as the approach to achieving the research objective. The case study involved two data collection techniques - interviews and document analysis. Findings The result of the study indicates there are significant challenges that the Indonesian local government need to manage when adopting a public asset management framework. Those challenges are: absence of an institutional and legal framework to support the asset management application; non-profit principle of public assets; multiple jurisdictions involved in the public asset management processes; the complexity of local government objectives; unavailability of data for managing public property; and limited human resources. Research Limitation This research is limited to one case study. It is a preliminary study from larger research that uses multiple case studies. The main research also investigates opportunities for local government by adopting and implementing public asset management. Originality/Value Findings from this study provide useful input for the policy makers, academics and asset management practitioners in Indonesia to establish a public asset management framework resulting in efficient and effective organizations, as well as an increase of public services quality. This study has a potential application for other developing countries.

G4C2C : enabling citizen engagement at arms' length from government

The recognition that Web 2.0 applications and social media sites will strengthen and improve interaction between governments and citizens has resulted in a global push into new e-democracy or Government 2.0 spaces. These typically follow government-to-citizen (g2c) or citizen-to-citizen (c2c) models, but both these approaches are problematic: g2c is often concerned more with service delivery to citizens as clients, or exists to make a show of ‘listening to the public’ rather than to genuinely source citizen ideas for government policy, while c2c often takes place without direct government participation and therefore cannot ensure that the outcomes of citizen deliberations are accepted into the government policy-making process. Building on recent examples of Australian Government 2.0 initiatives, we suggest a new approach based on government support for citizen-to-citizen engagement, or g4c2c, as a workable compromise, and suggest that public service broadcasters should play a key role in facilitating this model of citizen engagement.