Climate change adaptation in the boardroom

Abstract Climate adaptation is recognised by many of the world’s largest businesses as a global risk and one that requires critical attention. The World Economic Forum’s 2013 Global Risks Perception Survey, identified the ‘failure of climate change adaptation and rising greenhouse gas emissions as among those global risks considered to be the most likely to materialize within a decade’ (p.16). Yet despite action by many transnationals and international firms, it seems evident that most Australian companies appear to be struggling to move forward in responding to climate change impacts, apparently paralysed by short-term profit-first thinking, uncertain political risks and a corporate culture unused to volatility and disruption. Research approach This project set out to communicate adaptation to climate change to the “big end of town” and to gather soft data, acquire information and present issues back to the National Climate Change Adaptation Research Facility (NCCARF), the funder of this research. Our approach to the research challenge differed from a traditional technical, analytical or academic method. We used action-learning principles to engage a community in which we, as advisors to corporate Australia and as co-researchers, have social capital and standing. Through trusted information sharing networks, private closed-door meetings and one on one conversation with executives and senior management from over 100 companies we shared ideas, gathered, researched and refined information and tested our findings. Findings Our findings from the boardroom engagement include the following:   The Australian Government expects the private sector to adapt, yet little or no incentives exist to promote this behaviour. Autonomous adaptation as practiced may only benefit the lead actor while creating disbenefit for others (including other corporations, society and the environment). Market practices on current paradigms cannot be expected to meet greater societal adaptation needs. Further adaptation research is required in some areas to help guide shape and monitor adaptation for the private sector. A multiplicity of policy reform may be necessary, but crafting and implementing it is likely to remain beyond the capability of the Australian Public Service (APS) or individual Governments. Highly sophisticated mining, gas and some Asian owned technology companies are leading the way with many opportunities missed by Australian companies. Adaptation for the corporate sector is a key strategic issue, unlike mitigation and corporate social responsibility (CSR), as it benefits the corporate primarily. Insurance dependency may only be a short-term risk transfer mechanism as, in its current paradigm, it can mask risk, create a false sense of security and may impede adaptation.   Conclusion We hope that this report is of benefit to Australian organisations, policy makers, regulators and to researchers in adaptation science. This project shows that, on a whole, the Australian private sector is giving little consideration about the impacts climate change. This project has identified that considerable research gaps exist, but has also provided direction for organisations and researchers. Individual corporations and private sector peak bodies urgently need to explore the risks and opportunities that climate change and associated responses bring. This is especially so for the ICT, aviation, energy, insurance and finance sectors. Please cite this report as: Johnston, GS, Burton, DL, Baker-Jones, M, 2013 Climate Change Adaptation in the Boardroom National Climate Change Adaptation Research Facility, Gold Coast. pp. 81

Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that these devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Unfortunately, web security is known to be difficult, and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the vendor, device, or architecture. To achieve this goal, our framework performs full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we analyze the web interfaces within the firmware using both static and dynamic tools. We also present some interesting case-studies, and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale. We validate our framework by testing it on 1925 firmware images from 54 different vendors. We discover important vulnerabilities in 185 firmware images, affecting nearly a quarter of vendors in our dataset. These experimental results demonstrate the effectiveness of our approach

PP-SDLC The privacy protecting systems development life cycle

Many new Privacy Laws and Regulations have placed an increased importance on the correct design and implementation of information systems. This is an attempt to preserve and protect user and information privacy. Incorporating privacy regulations and guidelines into an active information system is often unsuccessful and ineffective. In addition, systems that have already progressed through the development life cycle can very expensive to change once implemented. We propose the integration of privacy preservation methodologies and techniques into each phase of the system development life cycle (SDLC). This is to preserve the privacy of individuals and to protect PII (Personally Identifiable Information) data. The incorporation of IT Security measures in each SDLC phase is also discussed. This is due to its direct relevance and correlation with information system privacy issues. The proposed methodology involves identifying the privacy and security issues in each phase. From there appropriate privacy protecting and security techniques are applied to address these issues. Special mention is made of the recently proposed Common Criteria. The CC is an international standard for IT Security for Information Systems. Specifically, this paper will analyse the way the Common Criteria currently deals with privacy in information systems, and what is needed to improve its current inadequate handling of information privacy

Children's Databases - Safety and Privacy

This report describes in detail the policy background, the systems that are being built, the problems with them, and the legal situation in the UK. An appendix looks at Europe, and examines in particular detail how France and Germany have dealt with these issues. Our report concludes with three suggested regulatory action strategies for the Commissioner: one minimal strategy in which he tackles only the clear breaches of the law, one moderate strategy in which he seeks to educate departments and agencies and guide them towards best practice, and finally a vigorous option in which he would seek to bring UK data protection practice in these areas more in line with normal practice in Europe, and indeed with our obligations under European law

Privacy in Cooperative Distributed Systems: Modeling and Protection Framework

A new form of computation is emerging rapidly with cloud computing, mobile computing, wearable computing and the Internet-of-Things. All can be characterized as a class of “Cooperative Distributed Systems” (CDS) in open environment. A major driver of the growth is the exponential adoption by people and organizations within all aspects of their day-to-day matters. In this context, users’ requirements for privacy protection are becoming essential and complex beyond the traditional approaches. This requires a formal treatment of “privacy” as a fundamental computation concept in CDS paradigm. The objective is to develop a comprehensive formal model for “privacy” as base to build a CDS based framework and platform in which various applications allow users to enjoy the comprehensive services in open environments while protecting their privacy seamlessly. To this end, this thesis presents a novel way of understudying, modeling and analyzing privacy concerns in CDS. A formal foundations and model of privacy is developed within the context of information management. This served as a base for developing a privacy protection management framework for CDS. It includes a privacy-aware agent model for CDS platform with the ability to support interaction-based privacy protection. The feasibility of the proposed models has been demonstrated by developing an agent-based CDS platform using JIAC framework and a privacy-based Contract Net Protocol. It also included the application scenarios for the framework for privacy protection is Internet-of-Tings, cloud-based resource scheduling and personal assistance

Avenues for corporate sustainability management: guiding SMEs in their strategic journey towards a sustainable long-term growth

L'impatto potenziale delle piccole e medie imprese (PMI) sullo sviluppo sostenibile globale è considerevole e deve derivare da un programma di responsabilità e sostenibilità d’impresa (RSI) strutturato internamente. Questo, tuttavia, non è un compito facile, data, da un lato, l'esistenza di barriere interne che caratterizzano le operazioni delle PMI e, dall'altro, le due nuove sfide mondiali emergenti dell'accelerazione digitale e della crisi derivante dall'emergenza pandemica da Covid-19. Inoltre, queste due questioni globali si rafforzano a vicenda e mettono le PMI in una situazione rischiosa in termini di continuità. Ma anche la sostenibilità d'impresa, che sta diventando sempre più una leva strategica di cui ci si aspetta che le aziende di tutte le dimensioni si avvalgano, presenta rischi simili. È in questo contesto che la tesi cerca di trovare delle soluzioni alle barriere interne e alle sfide esterne che impediscono alle PMI di diventare leader di successo del movimento per lo sviluppo sostenibile. Gli elementi di resilienza alla crisi, coordinamento delle attività di RSI e reporting, digitalizzazione e leadership sembrano avere la capacità intrinseca di guidare lo sviluppo sostenibile di un'azienda nel lungo termine. Tuttavia, per realizzare ciò, devono essere gestiti mediante procedure sistematiche e diventare parte del quadro strategico della sostenibilità all'interno delle aziende. Lo scopo di questa tesi è, dunque, quello di analizzare ciascuno di questi aspetti che sono strettamente legati al tema della sostenibilità aziendale (fornendo output che potrebbero supportare le aziende nel loro percorso di transizione verso la sostenibilità), e che le PMI oggi trovano difficili da affrontare perché il contesto in cui operano diventa sempre più complesso e iniziano a formarsi dei divari tra ciò che ci si aspetta dall’operatività delle PMI e la loro effettiva capacità. La struttura della tesi è composta da quattro capitoli che seguono una prospettiva macro-micro e ogni capitolo adotta una metodologia di ricerca diversa per esplorare gli elementi sopra menzionati. I risultati possono essere utilizzati principalmente dalle aziende che cercano di avviare o migliorare un programma esistente di gestione della sostenibilità. Nonostante il progetto di ricerca sia principalmente rivolto alle PMI, poiché le best practice analizzate sono state principalmente quelle delle grandi aziende, anche queste ultime potranno dunque trarre ispirazione per le loro operazioni di sostenibilità. Per quanto riguarda le PMI, il vantaggio principale sarebbe quello di trovare soluzioni per evitare che le loro barriere interne e le questioni mondiali ne compromettano la capacità di impegno verso un approccio di CSR correttamente strutturato.The potential impact of small-medium enterprises (SMEs) on the global sustainable development is considerable and must stem from an internally structured corporate sustainability and responsibility (CSR) program. This, however, is no easy task, given, on one hand, the existence of internal barriers that characterize SME operations, and on the other, the two newly emerging world-wide challenges of digital acceleration and the crisis resulting from the Covid-19 pandemic. Moreover, these two global matters are mutually reinforcing and put SMEs in a risky situation in terms of continuity. But so does corporate sustainability, which is increasingly becoming a strategic lever that companies of all sizes are expected to make use of. It is within this context that the thesis seeks to find solutions to the internal barriers and external challenges that prevent SMEs from successfully becoming the leaders of the sustainable development movement. The elements of resilience to crisis, coordination of CSR activities and reporting, digitalization, and leadership all seem to have the intrinsic ability to guide the sustainable development of a company in the long term. However, to do so, they must be managed through systematic procedures and become part of the sustainability strategic framework within companies. The aim of this thesis is, thus, to analyze each of these aspects that closely relate to the topic of corporate sustainability (providing outputs that could support companies in their sustainability transition journey), and which SMEs nowadays find difficult to deal with because the context in which they operate becomes increasingly complex and gaps begin to form between what is expected of them and their actual capacity. The structure of the thesis consists of four chapters that follow a macro-micro perspective, each chapter adopting a different research methodology to focus on the above-mentioned elements. The results can be of use mainly by the companies seeking to initiate or improve and existing sustainability management program. Despite the research project being primarily targeted at SMEs, since the best practices analyzed have been mainly those of larger corporations, the latter will also be able to receive some inspiration for their sustainability operations. As for SMEs, the main advantage would be to find solutions to prevent their internal barriers and worldwide issues tamper their ability to engage in a correctly structured CSR approach

Dying of a hundred good symptoms: why good security can still fail - a literature review and analysis

Many organizations suffer serious information security incidents, despite having taken positive steps towards achieving good security standards. The authors hypothesize that these issues are often as a result of security arrangements not being sufficiently integrated with businesses. We believe that adopting an enterprise architecture (EA) approach to implementing information security – commonly referred to as an ‘Enterprise Information Security Architecture’ (EISA) – will deliver substantial benefits. Our paper has reviewed and analyzed literature concerning the root causes of information security incidents and describes a novel approach with 8 domains for ensuring critical factors are considered when building an EISA framework

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

Financial system inquiry: final report

Executive summary This report responds to the objective in the Inquiry’s Terms of Reference to best position Australia’s financial system to meet Australia’s evolving needs and support economic growth. It offers a blueprint for an efficient and resilient financial system over the next 10 to 20 years, characterised by the fair treatment of users.   The Inquiry has made 44 recommendations relating to the Australian financial system. These recommendations reflect the Inquiry’s judgement and are based on evidence received by the Inquiry. The Inquiry’s test has been one of public interest: the interests of individuals, businesses, the economy, taxpayers and Government.   Australia’s financial system has performed well since the Wallis Inquiry and has many strong characteristics. It also has a number of weaknesses: taxation and regulatory settings distort the flow of funding to the real economy; it remains susceptible to financial shocks; superannuation is not delivering retirement incomes efficiently; unfair consumer outcomes remain prevalent; and policy settings do not focus on the benefits of competition and innovation. As a result, the system is prone to calls for more regulation.   To put these issues in context, the Overview first deals with the characteristics of Australia’s economy. It then describes the characteristics of and prerequisites for a well-functioning financial system and the Inquiry’s philosophy of financial regulation.   The Inquiry focuses on seven themes in this report (summarised in Guide to the Financial System Inquiry Final Report).   The Overview deals with the general themes of funding the Australian economy and competition.   The Inquiry has also made recommendations on five specific themes, which comprise the next chapters of this report: Strengthen the economy by making the financial system more resilient. Lift the value of the superannuation system and retirement incomes. Drive economic growth and productivity through settings that promote innovation. Enhance confidence and trust by creating an environment in which financial firms treat customers fairly. Enhance regulator independence and accountability and minimise the need for future regulation. These recommendations seek to improve efficiency, resilience and fair treatment in the Australian financial system, allowing it to achieve its potential in supporting economic growth and enhancing standards of living for current and future generations.   Financial system inquiry committee   Mr David Murray AO (Chair) Mr David Murray AO (Sydney) was most recently the inaugural Chairman of the Australian Government’s Future Fund Board of Guardians between 2006 and 2012. Mr Murray was previously the Chief Executive Officer of the Commonwealth Bank of Australia between 1992 and 2005. In this time, Mr. Murray oversaw the transformation of the Commonwealth Bank from a partly privatised bank to an integrated financial services company. In 2001, he was awarded the Centenary Medal for service to Australian society in banking and corporate governance, and in 2007 he was made an Officer of the Order of Australia for his service to the finance sector, both domestically and globally, and service to the community.   Professor Kevin Davis Professor Kevin Davis (Melbourne) is currently a Professor of Finance at the University of Melbourne, Research Director at the Australian Centre for Financial Studies and a Professor of Finance at Monash University. Professor Davis is also a part-time member of the Australian Competition Tribunal and Co-Chair of the Australia–New Zealand Shadow Financial Regulatory Committee.   Mr Craig Dunn Mr Craig Dunn (Sydney) was most recently Chief Executive Officer and Managing Director of AMP. Mr Dunn led AMP through the global financial crisis and has extensive experience in the financial sector. He was a member of the Australian Government\u27s Financial Sector Advisory Council and the Australian Financial Centre Forum, and an executive member of the Australia Japan Business Co-operation Committee. Mr Dunn is a director of the Australian Government’s Financial Literacy Board.   Ms Carolyn Hewson AO Ms Carolyn Hewson AO (Adelaide) served as an investment banker at Schroders Australia for 15 years. Ms Hewson has over 30 years’ experience in the finance sector and currently serves on the boards of BHP Billiton Ltd and Stockland. Ms Hewson was made an Officer of the Order of Australia for her services to the YWCA and to business. Ms Hewson has served on both the boards of Westpac and AMP and retired from the board of BT Investment Management Ltd and as the Chair of the Westpac Foundation upon her appointment to the Financial System Inquiry Committee.   Dr Brian McNamee AO Dr Brian McNamee AO (Melbourne) served as the Chief Executive Officer and Managing Director of CSL Limited from 1990 to 30 June 2013. During that time, CSL transitioned from a Government-owned enterprise to a global company with a market capitalisation of approximately $30 billion. He has extensive experience in the biotech and global healthcare industries. Dr McNamee was made an Officer of the Order of Australia for his service to business and commerce. &nbsp