Integrating information security policy management with corporate risk management for strategic alignment

Information security policy defines the governance and implementation strategy for information security in alignment with the corporate risk policy objectives and strategies. Research has established that alignment between corporate concerns may be enhanced when strategies are developed concurrently using the same development process as an integrative relationship is established. Utilizing the corporate risk management framework for security policy management establishes such an integrative relationship between information security and corporate risk management objectives and strategies. There is however limitation in the current literature on presenting a definitive approach that fully integrates security policy management with the corporate risk management framework. This paper presents an approach that adopts a conventional corporate risk management framework for security policy development and management to achieve alignment with the corporate risk policy. A case example is examined to illustrate the alignment achieved in each process step with a security policy structure being consequently derived in the process. It is shown that information security policy management outcomes become both integral drivers and major elements of the corporate-level risk management considerations. Further study should involve assessing the impact of the use of the proposed framework in enhancing alignment as perceived in this paper.

Developing risk assessment tools for fleet settings : where to from here?

The costs of work-related crashes In Australia and overseas, fleet safety or work-related road safety is an issue gaining increased attention from researchers, organisations, road safety practitioners and the general community. This attention is primarily in response to the substantial physical, emotional and economic costs associated with work-related road crashes. The increased risk factors and subsequent costs of work-related driving are also now well documented in the literature. For example, it is noteworthy that research has demonstrated that work-related drivers on average report a higher level of crash involvement compared to personal car drivers (Downs et al., 1999; Kweon and Kockelman, 2003) and in particular within Australia, road crashes are the most common form of work-related fatalities (Haworth et al., 2000).

Requirements for enhancing trust, security and integrity of GNSS location services

The paper describes a number of requirements for enhancing the trust of location acquisition from Satellite Navigation Systems, particularly for those applications where the location is monitored through a remote GNSS receiver. We discuss how the trust of a location acquisition could be propagated to an application through the use of a proposed tamper-­resistant GNSS receiver which quantifies the trust of a location solution from the signaling used (ie. P(Y) code, Galileo SOL, PRS, CS) and provides a cryptographic proof of this to a remote application. The tamper­-resistance state of the receiver is also included in this cryptographic proof.

Infant and young child feeding indicators and determinants of poor feeding practices in India : secondary data analysis of National Family Health Survey 2005–06

Background: In India, poor feeding practices in early childhood contribute to the burden of malnutrition and infant and child mortality. Objective. To estimate infant and young child feeding indicators and determinants of selected feeding practices in India. Methods: The sample consisted of 20,108 children aged 0 to 23 months from the National Family Health Survey India 2005–06. Selected indicators were examined against a set of variables using univariate and multivariate analyses. Results: Only 23.5% of mothers initiated breastfeeding within the first hour after birth, 99.2% had ever breastfed their infant, 89.8% were currently breastfeeding, and 14.8% were currently bottle-feeding. Among infants under 6 months of age, 46.4% were exclusively breastfed, and 56.7% of those aged 6 to 9 months received complementary foods. The risk factors for not exclusively breastfeeding were higher household wealth index quintiles (OR for richest = 2.03), delivery in a health facility (OR = 1.35), and living in the Northern region. Higher numbers of antenatal care visits were associated with increased rates of exclusive breastfeeding (OR for ≥ 7 antenatal visits = 0.58). The rates of timely initiation of breastfeeding were higher among women who were better educated (OR for secondary education or above = 0.79), were working (OR = 0.79), made more antenatal clinic visits (OR for ≥ 7 antenatal visits = 0.48), and were exposed to the radio (OR = 0.76). The rates were lower in women who were delivered by cesarean section (OR = 2.52). The risk factors for bottle-feeding included cesarean delivery (OR = 1.44), higher household wealth index quintiles (OR = 3.06), working by the mother (OR=1.29), higher maternal education level (OR=1.32), urban residence (OR=1.46), and absence of postnatal examination (OR=1.24). The rates of timely complementary feeding were higher for mothers who had more antenatal visits (OR=0.57), and for those who watched television (OR=0.75). Conclusions: Revitalization of the Baby Friendly Hospital Initiative in health facilities is recommended. Targeted interventions may be necessary to improve infant feeding practices in mothers who reside in urban areas, are more educated, and are from wealthier households.

Civics and citizenship education in the national history curriculum : conducting the same music or rehearsing an incomplete tune?

This paper raises some questions about teaching and teacher education in the social sciences in response to the decision to implement a national curriculum in Australia. In particular, it contends that the decision to focus on discipline-specific knowledge in the social sciences will not necessarily meet the hopes of the Melbourne Declaration and deliver a 21st century curriculum that prepares students for the future. In doing so, it suggests that social educators need to engage with the broader discourse and political context shaping the push for curriculum reform in Australia and makes reference to the marginalisation of civics and citizenship education in the latest draft of the Australian curriculum: History.

Socioeconomic inequality profiles in physical and developmental health from 0-7 years : Australian National Study

Background: Early and persistent exposure to socioeconomic disadvantage impairs children’s health and wellbeing. However, it is unclear at what age health inequalities emerge or whether these relationships vary across ages and outcomes. We address these issues using cross-sectional Australian population data on the physical and developmental health of children at ages 0-1, 2-3, 4-5 and 6-7 years. Methods: 10 physical and developmental health outcomes were assessed in 2004 and 2006 for two cohorts each comprising around 5000 children. Socioeconomic position was measured as a composite of parental education, occupation and household income. Results: Lower socioeconomic position was associated with increased odds for poor outcomes. For physical health outcomes and socio-emotional competence, associations were similar across age groups and were consistent with either threshold effects (for poor general health, special healthcare needs and socio-emotional competence) or gradient effects (for illness with wheeze, sleep problems and injury). For socio-emotional difficulties, communication, vocabulary and emergent literacy, stronger socioeconomic associations were observed. The patterns were linear or accelerated and varied across ages. Conclusions: From very early childhood, social disadvantage was associated with poorer outcomes across most measures of physical and developmental health and showed no evidence of either strengthening or attenuating at older compared to younger ages. Findings confirm the importance of early childhood as a key focus for health promotion and prevention efforts.

How I became the first Aboriginal person in Australia to lead a national education organisation

In this paper, Bronwyn Fredericks reflects on how, in 1997, she became the National President of the Council of Australian Postgraduate Associations Inc. (CAPA). The paper describes the election process faced by Fredericks, and identifies some of her key achievements during her time as National President. In becoming the National President, Bronwyn became the first Aboriginal person in Australia to lead a national education organisation. The story within this paper is told from the author’s autobiographical memory, drawing on the cultural, social and political context in which the story and the author were (and are) situated (Wojecki 2007). In this way the story teller reveals story lines which have not previously been articulated (Wojecki 2007). Throughout this paper, Fredericks ‘re-stories’ her experiences of leadership.

Australian data breach notification : avoiding the State/Federal overlap

Mandatory data breach notification has become a matter of increasing concern for law reformers. In Australia, this issue was recently addressed as part of a comprehensive review of privacy law conducted by the Australian Law Reform Commission (ALRC) which recommended a uniform national regime for protecting personal information applicable to both the public and private sectors. As in all federal systems, the distribution of powers between central and state governments poses problems for national consistency. In the authors’ view, a uniform approach to mandatory data breach notification has greater merit than a ‘jurisdiction specific’ approach epitomized by US state-based laws. The US response has given rise to unnecessary overlaps and inefficiencies as demonstrated by a review of different notification triggers and encryption safe harbors. Reviewing the US response, the authors conclude that a uniform approach to data breach notification is inherently more efficient.

Automatic generation of assertions to detect potential security vulnerabilities in C programs that use union and pointer types

Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.

Reinforcing bad behaviour : the misuse of security indicators on popular websites

Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.

Security metrics for object-oriented designs

Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.

Gender equality in national politics : the views of Australian male politicians

Studies of gender and politics have typically been studies of women and politics. In contrast, this paper places men at the centre of its inquiry by drawing on interviews with 15 current federal male politicians. Of concern is exploring the ways in which men conceptualise the question of gender equity in the Australian parliament. Three frameworks are identified in the men's narratives. These are that the parliament is a masculinised space but that this is unavoidable; that the parliament is now feminised and women are advantaged; and that the parliament is gender neutral and gender is irrelevant. It is argued that collectively these framing devices operate to mask the many constraints which exist to marginalise women from political participation and undermine attempts to address women's political disadvantage as political participants. The paper concludes by highlighting the significance of the paper beyond the Australian context and calling for further research which names and critiques political men and their discourses on gender and parliamentary practices and processes.

Assessing the impact of refactoring on security-critical object-oriented designs

Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.

Proactive communication management beats hostile media exposure : training for multi-cultural community leaders in living with mass media

Proactive communication management instead of mortification in the glare of hostile media attention became the theme of a four-day training program for multi-cultural community leaders, the object of this research. The program in Brisbane from December 2009 through to February this year was conducted under auspices of a Community Media Link grant program shared by Griffith University and the Queensland Ethnic Communities Council, together with Journalism academics from the Queensland University of Technology. Twenty-eight participants from 23 organisations took part, with a team of nine facilitators from the host organisations, and guest presenters from the news media. This paper reviews the process, taking into account: its objectives, to empower participants by showing how Australian media operate and introducing participants to journalists; pedagogical thrust, where overview talks, with role play seminars with guest presenters from the media, were combined with practice in interviews and writing for media; and outcomes, assessed on the basis of participants’ responses. The research methodology is qualitative, in that the study is based on discussions to review the planning and experience of sessions, and anonymous, informal feed-back questionnaires distributed to the participants. Background literature on multiculturalism and community media was referred to in the study. The findings indicate positive outcomes for participants from this approach to protection of persons unversed in living in the Australian “mediatised” environment. Most affirmed that the “production side” perspective of the exercise had informed and motivated them effectively, such that henceforth they would venture far more into media management, in their community leadership roles.