Delegation framework for federated systems

It is not uncommon for enterprises today to be faced with the demand to integrate and incor- porate many different and possibly heterogeneous systems which are generally independently designed and developed, to allow seamless access. In effect, the integration of these systems results in one large whole system that must be able, at the same time, to maintain the local autonomy and to continue working as an independent entity. This problem has introduced a new distributed architecture called federated systems. The most challenging issue in federated systems is to find answers for the question of how to efficiently cooperate while preserving their autonomous characteristic, especially the security autonomy. This thesis intends to address this issue. The thesis reviews the evolution of the concept of federated systems and discusses the organisational characteristics as well as remaining security issues with the existing approaches. The thesis examines how delegation can be used as means to achieve better security, especially authorisation while maintaining autonomy for the participating member of the federation. A delegation taxonomy is proposed as one of the main contributions. The major contribution of this thesis is to study and design a mechanism to support dele- gation within and between multiple security domains with constraint management capability. A novel delegation framework is proposed including two modules: Delegation Constraint Man- agement module and Policy Management module. The first module is designed to effectively create, track and manage delegation constraints, especially for delegation processes which require re-delegation (indirect delegation). The first module employs two algorithms to trace the root authority of a delegation constraint chain and to prevent the potential conflict when creating a delegation constraint chain if necessary. The first module is designed for conflict prevention not conflict resolution. The second module is designed to support the first module via the policy comparison capability. The major function of this module is to provide the delegation framework the capability to compare policies and constraints (written under the format of a policy). The module is an extension of Lin et al.'s work on policy filtering and policy analysis. Throughout the thesis, some case studies are used as examples to illustrate the discussed concepts. These two modules are designed to capture one of the most important aspects of the delegation process: the relationships between the delegation transactions and the involved constraints, which are not very well addressed by the existing approaches. This contribution is significant because the relationships provide information to keep track and en- force the involved delegation constraints and, therefore, play a vital role in maintaining and enforcing security for transactions across multiple security domains.

Strategic Management Practices in the Construction Industry : a Dynamic Capabilities View

This book is an empirical study of strategic management practices in the construction industry. It examines the dynamic capabilities paradigm within the context of the Indonesian construction industry. The characteristics of asset-capability combinations were found to be significant determinants of the competitive advantage of the Indonesian construction enterprises, and that such advantage sequentially contributes to organizational performance. In doing so, this study fills an important gap in the empirical literature and reinforces the dynamic capabilities framework’s recognition as a rigorous theory of strategic management. As the dynamic capabilities framework can work in the context of Indonesia, it suggests that the framework has potential applicability in other emerging and developing countries

The role of strategic intelligence in anticipating transnational organised crime: A literary review

Transnational Organised Crime (TOC) has become a focal point for a range of private and public stakeholders. While not a new phenomenon, the rapid expansion of TOC activities and interests, its increasingly complex structures and ability to maximise opportunity by employing new technologies at a rate impossible for law enforcement to match complicates law enforcement’s ability to develop strategies to detect, disrupt, prevent and investigate them. In an age where the role of police has morphed from simplistic response and enforcement activities to one of managing human security risk, it is argued that intelligence can be used to reduce the impact of strategic surprise from evolving criminal threats and environmental change. This review specifically focuses on research that has implications for strategic intelligence and strategy setting in a TOC context. The review findings suggest that current law enforcement intelligence literature focuses narrowly on the management concept of intelligence-led policing in a tactical, operational setting. As such the review identifies central issues surrounding strategic intelligence and highlights key questions that future research agendas must address to improve strategic intelligence outcomes, particularly in the fight against TOC.

Strategic Intelligence in Law Enforcement: A Review

In an age where the role of police has morphed from simplistic response and enforcement activities to one of managing human security risk, it is argued that intelligence can be used to reduce the impact of strategic surprise from evolving criminal threats and environmental change. This review specifically focusses on research that has implications for strategic intelligence in law enforcement. The review findings highlight the absence of detailed research of law enforcement strategic intelligence. Findings suggest that current law enforcement intelligence literature focuses narrowly on the management concept of intelligence-led policing in a tactical, operational setting. As a result there is little theory on how to improve strategic intelligence outcomes. This is despite the fact that intelligence –led policing is envisaged as a management tool to guide strategic decision making. the review identifies central issues surrounding strategic intelligence and highlights key questions that future research agendas must address to improve strategic intelligence outcomes

Education for strategic environmental behavior

This article reviews four bodies of research that shed light on how to promote active care for the environment in children and youth: research on sources of proenvironmental behavior, socialization for democratic skills and values, the development of a personal sense of competence, and the development of collective competence. The article begins with an overview of studies of formative childhood experiences reported by environmental activists and educators, followed by correlational and experimental studies with young people regarding factors associated with their taking action for the environment. Because behaviors with the largest potential benefits for the environment require political engagement, the article also reviews experiences associated with young people’s interest and engagement in public issues. Action for the environment in the home or in public arena like schools and communities requires a personal sense of competence and a sense of collective competence, or confidence in one’s ability to achieve goals by working with a group. Therefore experiences that promote the development of these assets are summarized as well. The conclusion compares major findings in these different fields and discusses implications for environmental educators.

The enterprise information security policy as a strategic business policy within the corporate strategic plan (extended abstract)

Information security has been recognized as a core requirement for corporate governance that is expected to facilitate not only the management of risks, but also as a corporate enabler that supports and contributes to the sustainability of organizational operations. In implementing information security, the enterprise information security policy is the set of principles and strategies that guide the course of action for the security activities and may be represented as a brief statement that defines program goals and sets information security and risk requirements. The enterprise information security policy (alternatively referred to as security policy in this paper) that represents the meta-policy of information security is an element of corporate ICT governance and is derived from the strategic requirements for risk management and corporate governance. Consistent alignment between the security policy and the other corporate business policies and strategies has to be maintained if information security is to be implemented according to evolving business objectives. This alignment may be facilitated by managing security policy alongside other corporate business policies within the strategic management cycle. There are however limitations in current approaches for developing and managing the security policy to facilitate consistent strategic alignment. This paper proposes a conceptual framework for security policy management by presenting propositions to positively affect security policy alignment with business policies and prescribing a security policy management approach that expounds on the propositions.

Business capability and its strategic impacts

A business capability, or simply a “capability,” Defines what a business does. It does not communicate or expose where, why, or how something is done. Specifically, the business capability is “a particular ability or capacity that a business may possess or exchange to achieve a specific purpose or outcome.Figure13 provides an external view of a capability by highlighting the fact that a business capability is related to the business in many ways (William Ulrich and Michael Rosen, 2011).