ISO/IEC 27000, 27001 and 27002 for Information Security Management

With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.

Efficient Secure Computation for Real-world Settings and Security Models

Secure computation involves multiple parties computing a common function while keeping their inputs private, and is a growing field of cryptography due to its potential for maintaining privacy guarantees in real-world applications. However, current secure computation protocols are not yet efficient enough to be used in practice. We argue that this is due to much of the research effort being focused on generality rather than specificity. Namely, current research tends to focus on constructing and improving protocols for the strongest notions of security or for an arbitrary number of parties. However, in real-world deployments, these security notions are often too strong, or the number of parties running a protocol would be smaller. In this thesis we make several steps towards bridging the efficiency gap of secure computation by focusing on constructing efficient protocols for specific real-world settings and security models. In particular, we make the following four contributions: - We show an efficient (when amortized over multiple runs) maliciously secure two-party secure computation (2PC) protocol in the multiple-execution setting, where the same function is computed multiple times by the same pair of parties. - We improve the efficiency of 2PC protocols in the publicly verifiable covert security model, where a party can cheat with some probability but if it gets caught then the honest party obtains a certificate proving that the given party cheated. - We show how to optimize existing 2PC protocols when the function to be computed includes predicate checks on its inputs. - We demonstrate an efficient maliciously secure protocol in the three-party setting.

Multi-outcome construction policies : comparative analysis of western australian and queensland policies

This document provides an overview of the differences and similarities in the objectives and implementation frameworks of the training and employment policies applying to public construction projects in Western Australia and Queensland. The material in the document clearly demonstrates the extent to which approaches to the pursuit of training objectives in particular have been informed by the experiences of other jurisdictions. The two State governments now have very similar approaches to the promotion of training with the WA government basing a good part of its policy approach on the “Queensland model”. As the two States share many similar economic and other characteristics, and have very similar social and economic goals, this similarity is to be expected. The capacity to benefit from the experiences of other jurisdictions is to be welcomed. The similarity in policy approach also suggests a potential for ongoing collaborations between the State governments on research aimed at further improving training and employment outcomes via public construction projects.

Old Brisbane Botanic Gardens: Conservation Plan Review 2005, Report of Stage 1 Heritage Significance and Conservation Policies

Report for City Design, for Environment and Parks, within the Brisbane City Council. Context of this Project A Conservation Study for the Old Brisbane Botanic Gardens, formerly called the Brisbane City Botanic Gardens, was finalised in 1995 and prepared by Jeannie Sim for the Landscape Section of Brisbane City Council, the same author of the present report. This unpublished report was the first conservation plan prepared for the place and it was recommended that it be reviewed in five years time. That time has arrived finally with the preparation of the 2005 Review. The present project was commissioned by City Design on behalf of Environment and Parks Section of Brisbane City Council. The author has purposely chosen to call the study site the 'Old Brisbane Botanic Gardens' (OBBG) to differentiate it from the Brisbane Botanic Gardens, Mt. Coot-tha (BBG-MC), and to maintain the claim for this original garden to remain as a botanic garden for Brisbane. This name immediately brings to mind an association with history, as in the precedent set by the naming of the nearby 'Old Government House' at Gardens Point.

Energy and population policies in Australia

The Australian Government is about to release Australia’s first sustainable population policy. Sustainable population growth, among other things, implies sustainable energy demand. Current modelling of future energy demand both in Australia and by agencies such as the International Energy Agency sees population growth as one of the key drivers of energy demand. Simply increasing the demand for energy in response to population policy is sustainable only if there is a radical restructuring of the energy system away from energy sources associated with environmental degradation towards one more reliant on renewable fuels and less reliant on fossil fuels. Energy policy can also address the present nexus between energy consumption per person and population growth through an aggressive energy efficiency policy. The paper considers the link between population policies and energy policies and considers how the overall goal of sustainability can be achieved. The methods applied in this analysis draw on the literature of sustainable development to develop elements of an energy planning framework to support a sustainable population policy. Rather than simply accept that energy demand is a function of population increase moderated by an assumed rate of energy efficiency improvement, the focus is on considering what rate of energy efficiency improvement is necessary to significantly reduce the standard connections between population growth and growth in energy demand and what policies are necessary to achieve this situation. Energy efficiency policies can only moderate unsustainable aspects of energy demand and other policies are essential to restructure existing energy systems into on-going sustainable forms. Policies to achieve these objectives are considered. This analysis shows that energy policy, population policy and sustainable development policies are closely integrated. Present policy and planning agencies do not reflect this integration and energy and population policies in Australia have largely developed independently and whether the outcome is sustainable is largely a matter of chance. A genuinely sustainable population policy recognises the inter-dependence between population and energy policies and it is essential that this is reflected in integrated policy and planning agencies

Energy and population policies in Australia

The Australian Government is about to release Australia’s first sustainable population policy. Sustainable population growth, among other things, implies sustainable energy demand. Current modelling of future energy demand both in Australia and by agencies such as the International Energy Agency sees population growth as one of the key drivers of energy demand. Simply increasing the demand for energy in response to population policy is sustainable only if there is a radical restructuring of the energy system away from energy sources associated with environmental degradation towards one more reliant on renewable fuels and less reliant on fossil fuels. Energy policy can also address the present nexus between energy consumption per person and population growth through an aggressive energy efficiency policy. The paper considers the link between population policies and energy policies and considers how the overall goal of sustainability can be achieved. The methods applied in this analysis draw on the literature of sustainable development to develop elements of an energy planning framework to support a sustainable population policy. Rather than simply accept that energy demand is a function of population increase moderated by an assumed rate of energy efficiency improvement, the focus is on considering what rate of energy efficiency improvement is necessary to significantly reduce the standard connections between population growth and growth in energy demand and what policies are necessary to achieve this situation. Energy efficiency policies can only moderate unsustainable aspects of energy demand and other policies are essential to restructure existing energy systems into on-going sustainable forms. Policies to achieve these objectives are considered. This analysis shows that energy policy, population policy and sustainable development policies are closely integrated. Present policy and planning agencies do not reflect this integration and energy and population policies in Australia have largely developed independently and whether the outcome is sustainable is largely a matter of chance. A genuinely sustainable population policy recognises the inter-dependence between population and energy policies and it is essential that this is reflected in integrated policy and planning agencies

A descriptive approach for power system stability and security assessment

Power system dynamic analysis and security assessment are becoming more significant today due to increases in size and complexity from restructuring, emerging new uncertainties, integration of renewable energy sources, distributed generation, and micro grids. Precise modelling of all contributed elements/devices, understanding interactions in detail, and observing hidden dynamics using existing analysis tools/theorems are difficult, and even impossible. In this chapter, the power system is considered as a continuum and the propagated electomechanical waves initiated by faults and other random events are studied to provide a new scheme for stability investigation of a large dimensional system. For this purpose, the measured electrical indices (such as rotor angle and bus voltage) following a fault in different points among the network are used, and the behaviour of the propagated waves through the lines, nodes, and buses is analyzed. The impact of weak transmission links on a progressive electromechanical wave using energy function concept is addressed. It is also emphasized that determining severity of a disturbance/contingency accurately, without considering the related electromechanical waves, hidden dynamics, and their properties is not secure enough. Considering these phenomena takes heavy and time consuming calculation, which is not suitable for online stability assessment problems. However, using a continuum model for a power system reduces the burden of complex calculations

On the robustness and security of digital image watermarking

In most of the digital image watermarking schemes, it becomes a common practice to address security in terms of robustness, which is basically a norm in cryptography. Such consideration in developing and evaluation of a watermarking scheme may severely affect the performance and render the scheme ultimately unusable. This paper provides an explicit theoretical analysis towards watermarking security and robustness in figuring out the exact problem status from the literature. With the necessary hypotheses and analyses from technical perspective, we demonstrate the fundamental realization of the problem. Finally, some necessary recommendations are made for complete assessment of watermarking security and robustness.

Improving trust and securing data accessibility for e-health decision making by using data encryption techniques

In the medical and healthcare arena, patients‟ data is not just their own personal history but also a valuable large dataset for finding solutions for diseases. While electronic medical records are becoming popular and are used in healthcare work places like hospitals, as well as insurance companies, and by major stakeholders such as physicians and their patients, the accessibility of such information should be dealt with in a way that preserves privacy and security. Thus, finding the best way to keep the data secure has become an important issue in the area of database security. Sensitive medical data should be encrypted in databases. There are many encryption/ decryption techniques and algorithms with regard to preserving privacy and security. Currently their performance is an important factor while the medical data is being managed in databases. Another important factor is that the stakeholders should decide more cost-effective ways to reduce the total cost of ownership. As an alternative, DAS (Data as Service) is a popular outsourcing model to satisfy the cost-effectiveness but it takes a consideration that the encryption/ decryption modules needs to be handled by trustworthy stakeholders. This research project is focusing on the query response times in a DAS model (AES-DAS) and analyses the comparison between the outsourcing model and the in-house model which incorporates Microsoft built-in encryption scheme in a SQL Server. This research project includes building a prototype of medical database schemas. There are 2 types of simulations to carry out the project. The first stage includes 6 databases in order to carry out simulations to measure the performance between plain-text, Microsoft built-in encryption and AES-DAS (Data as Service). Particularly, the AES-DAS incorporates implementations of symmetric key encryption such as AES (Advanced Encryption Standard) and a Bucket indexing processor using Bloom filter. The results are categorised such as character type, numeric type, range queries, range queries using Bucket Index and aggregate queries. The second stage takes the scalability test from 5K to 2560K records. The main result of these simulations is that particularly as an outsourcing model, AES-DAS using the Bucket index shows around 3.32 times faster than a normal AES-DAS under the 70 partitions and 10K record-sized databases. Retrieving Numeric typed data takes shorter time than Character typed data in AES-DAS. The aggregation query response time in AES-DAS is not as consistent as that in MS built-in encryption scheme. The scalability test shows that the DBMS reaches in a certain threshold; the query response time becomes rapidly slower. However, there is more to investigate in order to bring about other outcomes and to construct a secured EMR (Electronic Medical Record) more efficiently from these simulations.

The digital storyteller's stage: queer everyday activists negotiating privacy and publicness

This article explores how queer digital storytellers understand and mobilize concepts of privacy and publicness as they engage in everyday activism through creating and sharing personal stories designed to contribute to cultural and political debates. Through the pre-production, production, and distribution phases of digital storytelling workshops and participation in a related online community, these storytellers actively negotiate the tensions and continuua among visibility and hiddenness; secrecy and pride; finite and fluid renditions of self; and individual and collective constructions of identity. We argue that the social change they aspire to is at least partially achieved through “networked identity work” on and offline with both intimate and imagined publics.

Usability and security of gaze-based graphical grid passwords

We present and analyze several gaze-based graphical password schemes based on recall and cued-recall of grid points; eye-trackers are used to record user's gazes, which can prevent shoulder-surfing and may be suitable for users with disabilities. Our 22-subject study observes that success rate and entry time for the grid-based schemes we consider are comparable to other gaze-based graphical password schemes. We propose the first password security metrics suitable for analysis of graphical grid passwords and provide an in-depth security analysis of user-generated passwords from our study, observing that, on several metrics, user-generated graphical grid passwords are substantially weaker than uniformly random passwords, despite our attempts at designing schemes to improve quality of user-generated passwords.

Australia's mining interests within Nigeria and Libya : policies, corruption and conflict

Crude petroleum remains the single most imported commodity into Australia and is sourced from a number of countries around the world (Department of Foreign Affairs and Trade (DFAT), 2011a). While interest in crude petroleum is widespread, in recent years Australia's focus has been drawn to the continent of Africa, where increased political stability, economic recovery and an improved investment climate has made one of the largest oil reserves in the world increasingly more attractive. Despite improvement across the continent, there remain a number of risks which have the potential to significantly damage Australia's economic interests in the petroleum sector,including government policies and legislation, corruption and conflict. The longest exporters of crude petroleum products to Australia – Nigeria and Libya – have been subject to these factors in recent years and, accordingly, are the focus of this paper. Once identified, the impact of political instability, conflict, government corruption and other risk factors to Australia's mining interests within these countries is examined, and efforts to manage such risks are discussed.