The Figmentum Project: appropriating information and communication technologies to animate our urban fabric

This paper explores how we may design located information and communication technologies (ICTs) to foster community sentiment. It focuses explicitly on possibilities for ICTs to create new modalities of place through exploring key factors such as shared experiences, shared knowledge and shared authorship. To contextualise this discussion in a real world setting, this paper presents FIGMENTUM, a situated generative art application that was developed for and installed in a new urban development. FIGMENTUM is a non-authoritative, non-service based application that aims to trigger emotional and representational place-based communities. Out of this practice-led research comes a theory and a process for designing creative place-based ICT’s to animate our urban communities.

Urban management revolution : intelligent management systems for ubiquitous cities

A successful urban management support system requires an integrated approach. This integration includes bringing together economic, socio-cultural and urban development with a well orchestrated transparent and open decision making mechanism. The paper emphasises the importance of integrated urban management to better tackle the climate change, and to achieve sustainable urban development and sound urban growth management. This paper introduces recent approaches on urban management systems, such as intelligent urban management systems, that are suitable for ubiquitous cities. The paper discusses the essential role of online collaborative decision making in urban and infrastructure planning, development and management, and advocates transparent, fully democratic and participatory mechanisms for an effective urban management system that is particularly suitable for ubiquitous cities. This paper also sheds light on some of the unclear processes of urban management of ubiquitous cities and online collaborative decision making, and reveals the key benefits of integrated and participatory mechanisms in successfully constructing sustainable ubiquitous cities.

SELinux policy management framework for HIS

Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.

Business Service Management

Business Service Management describes the emerging discipline dedicated to the IT-enabled management of services as corporate assets. Business Service Management deals with the service orientation of the organisation and the provisioning and use of business services. The term business service describes an autonomous transformational capability that is offered to and consumed by external or internal customers for their benefit. The prefix ‘business’ stresses that such a service has a market value, requires the ability to be managed internally as a corporate asset and that its implementation is technology-agnostic. While business services (or so called capabilities) have attracted the attention of many vendors and organisations, a lack of understanding of the activities required for the successful management of such business services remains a critical issue. In order to fill this gap, a framework consisting of Service Lifecycle Management, Service Value Management, Service Relationship Management and Service Enablement is proposed. This Framework has the potential to provide organisations with the much needed guidance in their attempts to convert current IT-driven service initiatives into successful service-centric business models.

Controlled flexibility and lifecycle management of business processes through extensibility

Vendors provide reference process models as consolidated, off-the-shelf solutions to capture best practices in a given industry domain. Customers can then adapt these models to suit their specific requirements. Traditional process flexibility approaches facilitate this operation, but do not fully address it as they do not sufficiently take controlled change guided by vendors' reference models into account. This tension between the customer's freedom of adapting reference models, and the ability to incorporate with relatively low effort vendor-initiated reference model changes, thus needs to be carefully balanced. This paper introduces process extensibility as a new paradigm for customizing reference processes and managing their evolution over time. Process extensibility mandates a clear recognition of the different responsibilities and interests of reference model vendors and consumers, and is concerned with keeping the effort of customer-side reference model adaptations low while allowing sufficient room for model change.

Business and software service lifecycle management

Although the service-oriented paradigm has been well established in the technical domain for quite some time now, service governance is still considered a research gap. To ensure adequate governance, there is a necessity to manage services as first-class assets throughout the lifecycle. Now that the concept of ser-vice-orientation is also increasingly applied on the business level to structure an organisation’s capabili-ties, the problem has become an even bigger chal-lenge. This paper presents a generic business and software service lifecycle and aligns it with the com-mon management layers in organisations. Using ser-vice analysis as an example, it moreover illustrates how activities in the service lifecycle may vary on lower levels of granularity depending on the focus on business or software services.

Economic issues in funding and supplying public sector information

In May 2005, a research team began to investigate whether designing and implementing a whole-of-government information licensing framework was possible. This framework was needed to administer copyright in relation to information produced by the government and to deal properly with privately-owned copyright on which government works often rely. The outcome so far is the design of the Government Information Licensing Framework (GILF) and its gradual uptake within a number of Commonwealth and State government agencies. However, licensing is part of a larger issue in managing public sector information (PSI); and it has important parallels with the management of libraries and public archives. Among other things, managing the retention and supply of PSI requires an ability to search and locate information, ability to give public access to the information legally, and an ability to administer charges for supplying information wherever it is required by law. The aim here is to provide a summary overview of pricing principles as they relate to the supply of PSI.

Maintaining centralised application systems : a cross-country, cross-sector, cross-platform comparison

Past studies of software maintenance issues have largely concentrated on the average North American firm. While they have made a substantial contribution to good information system management practice, it is believed that further segmentation of sample data and cross-country comparisons will help to identify patterns of behaviour more akin to many less average organizations in North America and elsewhere. This paper compares the Singapore maintenance scene with the reported North American experience. Comparisons are also made between: Government organizations, Singapore corporations and multinational corporations (MNCs); mainframe and minicomputer installations; and fourth-generation language (4GL) and non-4GL computer installations. Study findings, while in many cases were similar to earlier US studies, do show the importance of Singapore's young application portfolio, the widespread usage of 4GLs and the severe maintenance personnel problems.

Reconceptualising the information system as a service

The study will cross-fertilise Information Systems (IS) and Services Marketing ideas through reconceptualising the information system as a service (ISaaS). The study addresses known limitations of arguably the two most significant dependent variables in these disciplines - Information System Success or IS-Impact, and Service Quality. Planned efforts to synthesise analogous conceptions across these disciplines, are expected to force a deeper theoretical understanding of the broad notions of success, quality, value and satisfaction and their interrelations. The aims of this research are to: (1) yield a conceptually superior and more extensively validated IS success measurement model, and (2) develop and operationalise a more rigorously validated Service Quality measurement model, while extending the ‘service’ notion to ‘operational computer-based information systems in organisations’. In the development of the new models the study will address contemporary validation issues.

Enforcing P3P policies using a digital rights management system

The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRM is one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumer’s privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.

Location constraints in digital rights management

Digital rights management allows information owners to control the use and dissemination of electronic documents via a machine-readable licence. This paper describes the design and implementation of a system for creating and enforcing licences containing location constraints that can be used to restrict access to sensitive documents to a defined area. Documents can be loaded onto a portable device and used in the approved areas, but cannot be used if the device moves to another area. Our contribution includes a taxonomy for access control in the presence of requests to perform non-instantaneous controlled actions.

Using SITDRM for Privacy Rights Management

SITDRM 1 is a privacy protection system that protects private data through the enforcement of MPEG REL licenses provided by consumers. Direct issuing of licenses by consumers has several usability problems that will be mentioned in this paper. Further, we will describe how SITDRM incorporates P3P language to provide a consumer-centered privacy protection system.

Information security culture : a behaviour compliance conceptual framework

Understanding the complex dynamic and uncertain characteristics of organisational employees who perform authorised or unauthorised information security activities is deemed to be a very important and challenging task. This paper presents a conceptual framework for classifying and organising the characteristics of organisational subjects involved in these information security practices. Our framework expands the traditional Human Behaviour and the Social Environment perspectives used in social work by identifying how knowledge, skills and individual preferences work to influence individual and group practices with respect to information security management. The classification of concepts and characteristics in the framework arises from a review of recent literature and is underpinned by theoretical models that explain these concepts and characteristics. Further, based upon an exploratory study of three case organisations in Saudi Arabia involving extensive interviews with senior managers, department managers, IT managers, information security officers, and IT staff; this article describes observed information security practices and identifies several factors which appear to be particularly important in influencing information security behaviour. These factors include values associated with national and organisational culture and how they manifest in practice, and activities related to information security management.

Planning for smart urban ecosystems : information technology applications for capacity building in environmental decision making

Since the industrial revolution, our world has experienced rapid and unplanned industrialization and urbanization. As a result, we have had to cope with serious environmental challenges. In this context, an explanation of how smart urban ecosystems can emerge, gains a crucial importance. Capacity building and community involvement have always been key issues in achieving sustainable development and enhancing urban ecosystems. By considering these, this paper looks at new approaches to increase public awareness of environmental decision making. This paper will discuss the role of Information and Communication Technologies (ICT), particularly Webbased Geographic Information Systems (Web-based GIS) as spatial decision support systems to aid public participatory environmental decision making. The paper also explores the potential and constraints of these webbased tools for collaborative decision making.

A distributed knowledge management infrastructure based on a Topic Map grid

Modern enterprise knowledge management systems typically require distributed approaches and the integration of numerous heterogeneous sources of information. A powerful foundation for these tasks can be Topic Maps, which not only provide a semantic net-like knowledge representation means and the possibility to use ontologies for modelling knowledge structures, but also offer concepts to link these knowledge structures with unstructured data stored in files, external documents etc. In this paper, we present the architecture and prototypical implementation of a Topic Map application infrastructure, the ‘Topic Grid’, which enables transparent, node-spanning access to different Topic Maps distributed in a network.