Public Key Infrastructure based on Authentication of Media Attestments

Many users would prefer the privacy of end-to-end encryption in their online communications if it can be done without significant inconvenience. However, because existing key distribution methods cannot be fully trusted enough for automatic use, key management has remained a user problem. We propose a fundamentally new approach to the key distribution problem by empowering end-users with the capacity to independently verify the authenticity of public keys using an additional media attestment. This permits client software to automatically lookup public keys from a keyserver without trusting the keyserver, because any attempted MITM attacks can be detected by end-users. Thus, our protocol is designed to enable a new breed of messaging clients with true end-to-end encryption built in, without the hassle of requiring users to manually manage the public keys, that is verifiably secure against MITM attacks, and does not require trusting any third parties

A trust label system for communicating trust in cloud services.

Cloud computing is rapidly changing the digital service landscape. A proliferation of Cloud providers has emerged, increasing the difficulty of consumer decisions. Trust issues have been identified as a factor holding back Cloud adoption. The risks and challenges inherent in the adoption of Cloud services are well recognised in the computing literature. In conjunction with these risks, the relative novelty of the online environment as a context for the provision of business services can increase consumer perceptions of uncertainty. This uncertainty is worsened in a Cloud context due to the lack of transparency, from the consumer perspective, into the service types, operational conditions and the quality of service offered by the diverse providers. Previous approaches failed to provide an appropriate medium for communicating trust and trustworthiness in Clouds. A new strategy is required to improve consumer confidence and trust in Cloud providers. This paper presents the operationalisation of a trust label system designed to communicate trust and trustworthiness in Cloud services. We describe the technical details and implementation of the trust label components. Based on a use case scenario, an initial evaluation was carried out to test its operations and its usefulness for increasing consumer trust in Cloud services.N/

Legal issues in clouds: towards a risk inventory.

Cloud computing technologies have reached a high level of development, yet a number of obstacles still exist that must be overcome before widespread commercial adoption can become a reality. In a cloud environment, end users requesting services and cloud providers negotiate service-level agreements (SLAs) that provide explicit statements of all expectations and obligations of the participants. If cloud computing is to experience widespread commercial adoption, then incorporating risk assessment techniques is essential during SLA negotiation and service operation. This article focuses on the legal issues surrounding risk assessment in cloud computing. Specifically, it analyses risk regarding data protection and security, and presents the requirements of an inherent risk inventory. The usefulness of such a risk inventory is described in the context of the OPTIMIS project

Network governance and climate change adaptation: collaborative responses to the Queensland floods

Abstract This research examines ways to build adaptive capacity to climate change, through a case study of organisations that participated in the response to Queensland’s major flood disaster in Queensland in 2010/11. The research applied a network governance approach, including social network analysis and qualitative investigations, to the communities of Rockhampton, Emerald and Brisbane. The study was designed to compare social networks across a range of different geographical; functional; and institutional and regulatory contexts.Primary data were obtained from organisations involved in disaster management and water management, through a telephone survey conducted March – September 2012. The network analyses examined collaboration and communication patterns; changes in the network structure from routine management to flood operations; similarities and differences between the geographic regions, and whether collaboration was correlated with trust. A cultural values analysis was then performed to identify the key values of the network actors in each region. Two workshops were conducted in Rockhampton and Brisbane to disseminate the findings to stakeholders, as well as to obtain feedback through group activities.A total of 63 organisations participated in the study. As the network analyses and visualisations indicated that the Rockhampton and Emerald networks were tightly interconnected, a single ‘Central Queensland’ (CQ) network was used for all subsequent analyses. In both Brisbane and CQ, slightly higher levels of collaboration amongst organisations were recorded during flood periods compared with routine operations; and organisations tended to provide, as well as receive, information and/or resources from their collaborators. Overall, both networks appeared to feature high trust, with only a low level of difficult ties (problematic relationships) being reported.The cultural analyses identified patterns of common values amongst participating organisations. In Brisbane, respondents placed a high value on shared information systems and resources; shared communication and language; as well as on collaboration and flexibility. In the CQ network, there was a greater emphasis on local solutions, community wellbeing and longitudinal issues (such as post-disaster supply chains for recovery). The workshop activities suggested that the current structure of Local Disaster Management Groups was heavily influential on broader network participation; and that defining an ‘effective’ disaster response was a complex issue.This study has demonstrated that a network governance approach can provide new ways of understanding the core elements of adaptive capacity, in areas such as enablers and barriers to adaptation, and translating capacity into adaptation. The key implications for policy and practice include the need for stakeholders to drive adaptation to climate change through collaboration and communication; the need for stakeholders to share a common goal and language; the need for better engagement with community, diversity and Indigenous organisations; the need to establish collaboration outside of disaster events; and the need for network governance systems to play an important role in helping to facilitate climate change adaptation. The areas identified for future research included further methodological development and longitudinal studies of social networks, understanding effective modes of communication, and the influence of the changing nature of regional Australian communities on climate change adaptation.Please cite this report as:Kinnear, S, Patison, K, Mann, J, Malone, E, Ross, V 2013, Network governance and climate change adaptation: collaborative responses to the Queensland floods, National Climate Change Adaptation Research Facility, Gold Coast, pp. 113.This research examines ways to build adaptive capacity to climate change, through a case study of organisations that participated in the response to Queensland’s major flood disaster in Queensland in 2010/11. The research applied a network governance approach, including social network analysis and qualitative investigations, to the communities of Rockhampton, Emerald and Brisbane. The study was designed to compare social networks across a range of different geographical; functional; and institutional and regulatory contexts.Primary data were obtained from organisations involved in disaster management and water management, through a telephone survey conducted March – September 2012. The network analyses examined collaboration and communication patterns; changes in the network structure from routine management to flood operations; similarities and differences between the geographic regions, and whether collaboration was correlated with trust. A cultural values analysis was then performed to identify the key values of the network actors in each region. Two workshops were conducted in Rockhampton and Brisbane to disseminate the findings to stakeholders, as well as to obtain feedback through group activities.A total of 63 organisations participated in the study. As the network analyses and visualisations indicated that the Rockhampton and Emerald networks were tightly interconnected, a single ‘Central Queensland’ (CQ) network was used for all subsequent analyses. In both Brisbane and CQ, slightly higher levels of collaboration amongst organisations were recorded during flood periods compared with routine operations; and organisations tended to provide, as well as receive, information and/or resources from their collaborators. Overall, both networks appeared to feature high trust, with only a low level of difficult ties (problematic relationships) being reported.The cultural analyses identified patterns of common values amongst participating organisations. In Brisbane, respondents placed a high value on shared information systems and resources; shared communication and language; as well as on collaboration and flexibility. In the CQ network, there was a greater emphasis on local solutions, community wellbeing and longitudinal issues (such as post-disaster supply chains for recovery). The workshop activities suggested that the current structure of Local Disaster Management Groups was heavily influential on broader network participation; and that defining an ‘effective’ disaster response was a complex issue.This study has demonstrated that a network governance approach can provide new ways of understanding the core elements of adaptive capacity, in areas such as enablers and barriers to adaptation, and translating capacity into adaptation. The key implications for policy and practice include the need for stakeholders to drive adaptation to climate change through collaboration and communication; the need for stakeholders to share a common goal and language; the need for better engagement with community, diversity and Indigenous organisations; the need to establish collaboration outside of disaster events; and the need for network governance systems to play an important role in helping to facilitate climate change adaptation. The areas identified for future research included further methodological development and longitudinal studies of social networks, understanding effective modes of communication, and the influence of the changing nature of regional Australian communities on climate change adaptation

Hutcheson Medical Center: Focusing on Personal Interactions

Outlines elements of a strategy for high patient satisfaction focused on patient-staff interactions and patients' needs, including a culture of customer service, shared governance, better data collection, more visible leaders, and evidence-based practice

Better Safe than Sorry: A Conceptual Framework for the Use of the Cloud

Cloud computing has come to stay and is expanding rapidly. The mode of deployment of services has implications for users who store data in the cloud and risk exposure to potentially severeconsequences. The safe use of cloud computing services is therefore necessitated. Drawing on the principle of self-preservation and the theory of protection motivation, this paper develops a conceptual framework for the safe use of cloud computing services by individuals

Evaluating a Reference Architecture for Privacy Level Agreement\u27s Management

With the enforcement of the General Data Protection Regulation and the compliance to specific privacyand security-related principles, the adoption of Privacy by Design and Security by Design principles can be considered as a legal obligation for all organisations keeping EU citizens’ personal data. A formal way to support Data Controllers towards their compliance to the new regulation could be a Privacy Level Agreement (PLA), a mutual agreement of the privacy settings between a Data Controller and a Data Subject, that supports privacy management, by analysing privacy threats, vulnerabilities and Information Systems’ trust relationships. However, the concept of PLA has only been proposed on a theoretical level. In this paper, we propose a novel reference architecture to enable PLA management in practice, and we report on the application and evaluation of PLA management within the context of real-life case studies from two different domains, the public administration and the healthcare, where sensitive data is kept. The results are rather positive, indicating that the adoption of such an agreement promotes the transparency of an organisation while enhances data subjects’ trust