352 resultados para confidentiality
Resumo:
This study provides proposed core elements of social media policy that specifically designed for academic libraries.Evaluation of social media policies from five organisations and a review of the literature were used for data collection.There are 15 proposed core elements recommended: policy objectives; policy definition; scope of the policy;university’s vision and mission; policy users; disclaimer; confidentiality; copyright; privacy; workflow; publicinformation; the use of professional language; the accuracy of the information; rule for links; and university andlibrary’s voices. The results of this study provide important aspects in the development of social media policy. Theproposed core elements of the social media policy discussed in this paper is specifically designed for the academiclibraries, but can also be used for other library types. Kajian ini memuat usulan kerangka kebijakan penggunaan media sosial dari elemen-elemen inti yang disusun khusus untuk perpustakaan perguruan tinggi. Evaluasi kebijakan penggunaan media sosial dari lima organisasi dan kajian literatur digunakan untuk pengumpulan data. Ada 15 elemen inti kebijakan yang diusulkan, yaitu: tujuan kebijakan; definisi kebijakan; lingkup kebijakan; visi dan misi universitas; sasaran pengguna kebijakan; disclaimer; kerahasiaan; hak cipta; privasi; alur kerja; informasi publik; penggunaan bahasa professional; keakuratan informasi; kaidah tautan; serta suara universitas dan perpustakaan. Hasil kajian ini menyediakan aspek penting dalam pengembangan kebijakan penggunaan media sosial. Usulan elemen inti kebijakan yang diusulkan dalam kajian ini secara khusus dirancang untuk perpustakaan perguruan tinggi, tetapi dapat juga digunakan untuk perpustakaan jenis lainnya.
Resumo:
Compression is desirable for network applications as it saves bandwidth; however, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the Transport Layer Security (TLS) protocol. The general guidance in light of these attacks has been to disable compression, preserving confidentiality but sacrificing bandwidth. In this paper, we examine two techniques - heuristic separation of secrets and fixed-dictionary compression|for enabling compression while protecting high-value secrets, such as cookies, from attack. We model the security offered by these techniques and report on the amount of compressibility that they can achieve.
Resumo:
Efficient error-Propagating Block Chaining (EPBC) is a block cipher mode intended to simultaneously provide both confidentiality and integrity protection for messages. Mitchell’s analysis pointed out a weakness in the EPBC integrity mechanism that can be used in a forgery attack. This paper identifies and corrects a flaw in Mitchell’s analysis of EPBC, and presents other attacks on the EPBC integrity mechanism.
Resumo:
This project analyses and evaluates the integrity assurance mechanisms used in four Authenticated Encryption schemes based on symmetric block ciphers. These schemes are all cross chaining block cipher modes that claim to provide both confidentiality and integrity assurance simultaneously, in one pass over the data. The investigations include assessing the validity of an existing forgery attack on certain schemes, applying the attack approach to other schemes and implementing the attacks to verify claimed probabilities of successful forgeries. For these schemes, the theoretical basis of the attack was developed, the attack algorithm implemented and computer simulations performed for experimental verification.
Resumo:
Adopting a multi-theoretical approach, I examine external auditors’ perceptions of the reasons why organizations do or do not adopt cloud computing. I interview forensic accountants and IT experts about the adoption, acceptance, institutional motives, and risks of cloud computing. Although the medium to large accounting firms where the external auditors worked almost exclusively used private clouds, both private and public cloud services were gaining a foothold among many of their clients. Despite the advantages of cloud computing, data confidentiality and the involvement of foreign jurisdictions remain a concern, particularly if the data are moved outside Australia. Additionally, some organizations seem to understand neither the technology itself nor their own requirements, which may lead to poorly negotiated contracts and service agreements. To minimize the risks associated with cloud computing, many organizations turn to hybrid solutions or private clouds that include national or dedicated data centers. To the best of my knowledge, this is the first empirical study that reports on cloud computing adoption from the perspectives of external auditors.
Resumo:
Australian Media Law details and explains the complex case law, legislation and regulations governing media practice in areas as diverse as journalism, advertising, multimedia and broadcasting. It examines the issues affecting traditional forms of media such as television, radio, film and newspapers as well as for recent forms such as the internet, online forums and digital technology, in a clear and accessible format. New additions to the fifth edition include: - the implications of new anti-terrorism legislation for journalists; - developments in privacy law, including Law Reform recommendations for a statutory cause of action to protect personal privacy in Australia and the expanding privacy jurisprudence in the United Kingdom and New Zealand; - liability for defamation of internet search engines and service providers; - the High Court decision in Roadshow v iiNet and the position of internet service providers in relation to copyright infringement via their services; - new suppression order regimes; - statutory reforms providing journalists with a rebuttable presumption of non-disclosure when called upon to reveal their sources in a court of law; - recent developments regarding whether journalists can use electronic devices to collect and disseminate information about court proceedings; - contempt committed by jurors via social media; and an examination of recent decisions on defamation, confidentiality, vilification, copyright and contempt.
Resumo:
With the introduction of the PCEHR (Personally Controlled Electronic Health Record), the Australian public is being asked to accept greater responsibility for the management of their health information. However, the implementation of the PCEHR has occasioned poor adoption rates underscored by criticism from stakeholders with concerns about transparency, accountability, privacy, confidentiality, governance, and limited capabilities. This study adopts an ethnographic lens to observe how information is created and used during the patient journey and the social factors impacting on the adoption of the PCEHR at the micro-level in order to develop a conceptual model that will encourage the sharing of patient information within the cycle of care. Objective: This study aims to firstly, establish a basic understanding of healthcare professional attitudes toward a national platform for sharing patient summary information in the form of a PCEHR. Secondly, the studies aims to map the flow of patient related information as it traverses a patient’s personal cycle of care. Thus, an ethnographic approach was used to bring a “real world” lens to information flow in a series of case studies in the Australian healthcare system to discover themes and issues that are important from the patient’s perspective. Design: Qualitative study utilising ethnographic case studies. Setting: Case studies were conducted at primary and allied healthcare professionals located in Brisbane Queensland between October 2013 and July 2014. Results: In the first dimension, it was identified that healthcare professionals’ concerns about trust and medico-legal issues related to patient control and information quality, and the lack of clinical value available with the PCEHR emerged as significant barriers to use. The second dimension of the study which attempted to map patient information flow identified information quality issues, clinical workflow inefficiencies and interoperability misconceptions resulting in duplication of effort, unnecessary manual processes, data quality and integrity issues and an over reliance on the understanding and communication skills of the patient. Conclusion: Opportunities for process efficiencies, improved data quality and increased patient safety emerge with the adoption of an appropriate information sharing platform. More importantly, large scale eHealth initiatives must be aligned with the value proposition of individual stakeholders in order to achieve widespread adoption. Leveraging an Australian national eHealth infrastructure and the PCEHR we offer a practical example of a service driven digital ecosystem suitable for co-creating value in healthcare.
Resumo:
Purpose Peer-review programmes in radiation oncology are used to facilitate the process and evaluation of clinical decision-making. However, web-based peer-review methods are still uncommon. This study analysed an inter-centre, web-based peer-review case conference as a method of facilitating the decision-making process in radiation oncology. Methodology A benchmark form was designed based on the American Society for Radiation Oncology targets for radiation oncology peer review. This was used for evaluating the contents of the peer-review case presentations on 40 cases, selected from three participating radiation oncology centres. A scoring system was used for comparison of data, and a survey was conducted to analyse the experiences of radiation oncology professionals who attended the web-based peer-review meetings in order to identify priorities for improvement. Results The mean scores for the evaluations were 82·7, 84·5, 86·3 and 87·3% for cervical, prostate, breast and head and neck presentations, respectively. The survey showed that radiation oncology professionals were confident about the role of web-based peer-reviews in facilitating sharing of good practice, stimulating professionalism and promoting professional growth. The participants were satisfied with the quality of the audio and visual aspects of the web-based meeting. Conclusion The results of this study suggest that simple inter-centre web-based peer-review case conferences are a feasible technique for peer review in radiation oncology. Limitations such as data security and confidentiality can be overcome by the use of appropriate structure and technology. To drive the issues of quality and safety a step further, small radiotherapy departments may need to consider web-based peer-review case conference as part of their routine quality assurance practices.
Resumo:
This submission responds to the document Intellectual Property Arrangements Issues Paper (Issues Paper) released by the Productivity Commission in October 2015 for public consultation and input by 30 November 2015. The API is grateful for the extension of time granted by the Commission to complete and lodge this submission. The overall need for an inquiry into intellectual property is supported by API. In particular it is noted with approval that the Commission states in its Issues Paper that it is to consider the appropriate balance between “incentives for innovation and investments, and the interests of both individuals and businesses in assessing products”.1 However, API is of the view that intellectual property in the area of real property presents a number of issues which are not fully canvassed in the abovementioned Issues Paper. Intellectual property embedded in valuation and other property-related reports of API members involves the acquisition of information which may possibly be confidential. Yet, when engaged in banks and financial institutions the intellectual property in such valuations and/ or reports is commonly required to be passed to the client bank or financial institution. In the Issues Paper it is proposed that there are seven different forms of intellectual property rights.2 It is the view of API that an eight form exists, namely private agreements. The Issues Paper, however, regards private agreements between firms as alternatives to intellectual property rights. The API considers that “secrecy or confidentiality arrangements”3 as identified in the Issues Paper form a much larger part of the manner in which intellectual property is maintained in Australia for the purposes of trade secrecy or more often, financial confidentiality...
Resumo:
In this paper, we analyse a block cipher mode of operation submitted in 2014 to the cryptographic competition for authenticated encryption (CAESAR). This mode is designed by Recacha and called ++AE (plus-plus-ae). We propose a chosen plaintext forgery attack on ++AE that requires only a single chosen message query to allow an attacker to construct multiple forged messages. Our attack is deterministic and guaranteed to pass ++AE integrity check. We demonstrate the forgery attack using 128-bit AES as the underlying block cipher. Hence, ++AE is insecure as an authenticated encryption mode of operation.
Resumo:
In this thesis we study a series of multi-user resource-sharing problems for the Internet, which involve distribution of a common resource among participants of multi-user systems (servers or networks). We study concurrently accessible resources, which for end-users may be exclusively accessible or non-exclusively. For all kinds we suggest a separate algorithm or a modification of common reputation scheme. Every algorithm or method is studied from different perspectives: optimality of protocols, selfishness of end users, fairness of the protocol for end users. On the one hand the multifaceted analysis allows us to select the most suited protocols among a set of various available ones based on trade-offs of optima criteria. On the other hand, the future Internet predictions dictate new rules for the optimality we should take into account and new properties of the networks that cannot be neglected anymore. In this thesis we have studied new protocols for such resource-sharing problems as the backoff protocol, defense mechanisms against Denial-of-Service, fairness and confidentiality for users in overlay networks. For backoff protocol we present analysis of a general backoff scheme, where an optimization is applied to a general-view backoff function. It leads to an optimality condition for backoff protocols in both slot times and continuous time models. Additionally we present an extension for the backoff scheme in order to achieve fairness for the participants in an unfair environment, such as wireless signal strengths. Finally, for the backoff algorithm we suggest a reputation scheme that deals with misbehaving nodes. For the next problem -- denial-of-service attacks, we suggest two schemes that deal with the malicious behavior for two conditions: forged identities and unspoofed identities. For the first one we suggest a novel most-knocked-first-served algorithm, while for the latter we apply a reputation mechanism in order to restrict resource access for misbehaving nodes. Finally, we study the reputation scheme for the overlays and peer-to-peer networks, where resource is not placed on a common station, but spread across the network. The theoretical analysis suggests what behavior will be selected by the end station under such a reputation mechanism.
Resumo:
A5-GMR-1 is a synchronous stream cipher used to provide confidentiality for communications between satellite phones and satellites. The keystream generator may be considered as a finite state machine, with an internal state of 81 bits. The design is based on four linear feedback shift registers, three of which are irregularly clocked. The keystream generator takes a 64-bit secret key and 19-bit frame number as inputs, and produces an output keystream of length between $2^8$ and $2^{10}$ bits. Analysis of the initialisation process for the keystream generator reveals serious flaws which significantly reduce the number of distinct keystreams that the generator can produce. Multiple (key, frame number) pairs produce the same keystream, and the relationship between the various pairs is easy to determine. Additionally, many of the keystream sequences produced are phase shifted versions of each other, for very small phase shifts. These features increase the effectiveness of generic time-memory tradeoff attacks on the cipher, making such attacks feasible.
Resumo:
We propose a keyless and lightweight message transformation scheme based on the combinatorial design theory for the confidentiality of a message transmitted in multiple parts through a network with multiple independent paths, or for data stored in multiple parts by a set of independent storage services such as the cloud providers. Our combinatorial scheme disperses a message into v output parts so that (k-1) or less parts do not reveal any information about any message part, and the message can only be recovered by the party who possesses all v output parts. Combinatorial scheme generates an xor transformation structure to disperse the message into v output parts. Inversion is done by applying the same xor transformation structure on output parts. The structure is generated using generalized quadrangles from design theory which represents symmetric point and line incidence relations in a projective plane. We randomize our solution by adding a random salt value and dispersing it together with the message. We show that a passive adversary with capability of accessing (k-1) communication links or storage services has no advantage so that the scheme is indistinguishable under adaptive chosen ciphertext attack (IND-CCA2).
Resumo:
The need for paying with mobile devices has urged the development of payment systems for mobile electronic commerce. In this paper we have considered two important abuses in electronic payments systems for detection. The fraud, which is an intentional deception accomplished to secure an unfair gain, and an intrusion which are any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. Most of the available fraud and intrusion detection systems for e-payments are specific to the systems where they have been incorporated. This paper proposes a generic model called as Activity-Event-Symptoms(AES) model for detecting fraud and intrusion attacks which appears during payment process in the mobile commerce environment. The AES model is designed to identify the symptoms of fraud and intrusions by observing various events/transactions occurs during mobile commerce activity. The symptoms identification is followed by computing the suspicion factors for event attributes, and the certainty factor for a fraud and intrusion is generated using these suspicion factors. We have tested the proposed system by conducting various case studies, on the in-house established mobile commerce environment over wired and wire-less networks test bed.
Resumo:
Since the 1990s, European policy strategies have stressed the mutual responsibility and joint action of all societal branches in preventing social problems. Network policy is an integral part of the new governance that generates a new kind of dependency between the state and civil society in formulating and adhering to policy goals. Using empirical group interview data collected in Helsinki, the capital of Finland, this case study explores local multi-agency groups and their efforts to prevent the exclusion of children and young people. These groups consist mainly of professionals from the social office, youth clubs and schools. The study shows that these multi-agency groups serve as forums for professional negotiation where the intervention dilemma of liberal society can be addressed: the question of when it is justified and necessary for an authority or network to intervene in the life of children and their families, and how this is to be done. An element of tension in multi-agency prevention is introduced by the fact that its objectives and means are anchored both in the old tradition of the welfare state and in communitarian rhetoric. Thus multi-agency groups mend deficiencies in wellbeing and normalcy while at the same time try to co-ordinate the creation of the new community, which will hopefully reduce the burden on the public sector. Some of the professionals interviewed were keen to see new and even forceful interventions to guide the youth or to compel parents to assume their responsibilities. In group discussions, this approach often met resistance. The deeper the social problems that the professionals worked with, the more solidarity they showed for the families or the young people in need. Nothing seems to assure professionals and to legitimise their professional position better than advocating the under-privileged against the uncertainties of life and the structural inequalities of society. The groups that grappled with the clear, specific needs of certain children and families were the most capable of co-operation. This requires the approval of different powers and the expertise of distinct professions as well as a forum to negotiate case-specific actions in professional confidentiality. The ideals of primary prevention for everyone and value discussions alone fail to inspire sufficient multiagency co-operation. The ideal of a network seems to give word and shape to those societal goals that are difficult or even impossible to reach, but are nevertheless yearned for: mutual understanding of the good life, close social relationships, mutual trust and active agency for all citizens. Individualisation, the multiplicity of life styles and the possibility to choose have come true in such a way that the very idea of a mutual and binding network can be attained only momentarily and between restricted participants. In conclusion, uniting professional networks that negotiate intervention dilemmas with citizen networks based on changing compassions and feelings of moral superiority seems impossible. Rather, one should encourage openness to scrutiny among tangential or contradicting groups, networks and communities. Key words: network policy, prevention of exclusion, multi-agency groups, young people
