Can IT Security be improved with better IT Leadership in the 21st Century University?

Organizations generally are not responding effectively to rising IT security threats because people issues receive inadequate attention. The stark example of IT security is just the latest strategic IT priority demonstrating deficient IT leadership attention to the social dimension of IT. Universities in particular, with their devolved people organization, diverse adoption of IT, and split central/local federated approach to governance and leadership of IT, demand higher levels of interpersonal sophistication and strategic engagement from their IT leaders. An idealized model for IT leaders for the 21st century university is proposed to be developed as a framework for further investigation. The testing of this model in an action research study is proposed.

Security of Two-Party Identity-Based Key Agreement

Identity-based cryptography has become extremely fashionable in the last few years. As a consequence many proposals for identity-based key establishment have emerged, the majority in the two party case. We survey the currently proposed protocols of this type, examining their security and efficiency. Problems with some published protocols are noted.

Security and legal issues in E-tendering

The Queensland Department of Public Works (QDPW) and the Queensland Department of Main Roads (QDMR) have identified a need for industry e-contracting guidelines in the short to medium term. Each of these organisations conducts tenders and contracts for over $600 million annually. This report considers the security and legal issues relating to the shift from a paper-based tendering system to an electronic tendering system. The research objectives derived from the industry partners include: • a review of current standards and e-tendering systems; • a summary of legal requirements impacting upon e-tendering; • an analysis of the threats and requirements for any e-tendering system; • the identification of outstanding issues; • an evaluation of possible e-tendering architectures; • recommendations for e-tendering systems.

Security metrics for object-oriented class designs

Measuring quality attributes of object-oriented designs (e.g. maintainability and performance) has been covered by a number of studies. However, these studies have not considered security as much as other quality attributes. Also, most security studies focus at the level of individual program statements. This approach makes it hard and expensive to discover and fix vulnerabilities caused by design errors. In this work, we focus on the security design of an object oriented application and define a number of security metrics. These metrics allow designers to discover and fix security vulnerabilities at an early stage, and help compare the security of various alternative designs. In particular, we propose seven security metrics to measure Data Encapsulation (accessibility) and Cohesion (interactions) of a given object-oriented class from the point of view of potential information flow.

Privacy and security in open and trusted health information systems

The Open and Trusted Health Information Systems (OTHIS) Research Group has formed in response to the health sector’s privacy and security requirements for contemporary Health Information Systems (HIS). Due to recent research developments in trusted computing concepts, it is now both timely and desirable to move electronic HIS towards privacy-aware and security-aware applications. We introduce the OTHIS architecture in this paper. This scheme proposes a feasible and sustainable solution to meeting real-world application security demands using commercial off-the-shelf systems and commodity hardware and software products.

On analysing and interpreting variability in motor output

A recent article in the Journal of Science and Medicine in Sport by Chapman et al.1 reported data from an empirical investigation comparing lower extremity joint motions, joint coordination and muscle recruitment in expert and novice cyclists. 3D kinematic and intramuscular electromyographic (EMG) analyses revealed no differences between expert and novice cyclists for normalised joint angles and velocities of the pelvis, hip, knee and ankle. However, significant differences in the strength of sagittal plane kinematics for hip–ankle and knee–ankle joint couplings were reported, with expert cyclists displaying tighter coupling relationships than novice cyclists. Furthermore, significant differences between expert and novice cyclists for all muscle recruitment parameters, except timing of peak EMG amplitude, were also reported.

Magnitude and variability of loading on the osseointegrated implant of transfemoral amputees during walking

This study directly measured the load acting on the abutment of the osseointegrated implant system of transfemoral amputees during level walking, and studied the variability of the load within and among amputees. Twelve active transfemoral amputees (age: 54±12 years, mass:84.3±16.3 kg, height: 17.8±0.10 m) fitted with an osseointegrated implant for over 1 year participated in the study. The load applied on the abutment was measured during unimpeded, level walking in a straight line using a commercial six-channel transducer mounted between the abutment and the prosthetic knee. The pattern and the magnitude of the three-dimensional forces and moments were revealed. Results showed a low step-to-step variability of each subject, but a high subject-to-subject variability in local extrema of body-weight normalized forces and moments and impulse data. The high subject-to-subject variability suggests that the mechanical design of the implant system should be customized for each individual, or that a fit-all design should take into consideration the highest values of load within a broad range of amputees. It also suggests specific loading regime in rehabilitation training are necessary for a given subject. Thus the loading magnitude and variability demonstrated should be useful in designing an osseointegrated implant system better able to resist mechanical failure and in refining the rehabilitation protocol.

A Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.