The Proceedings of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia and overseas, of which ten were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conferences. To our sponsors also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Biometrics

Biometrics uses methods for unique recognition of humans based upon one or more intrinsic physical or behavioral traits. In computer science, particularly, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. The book consists of 13 chapters, each focusing on a certain aspect of the problem. The book chapters are divided into three sections: physical biometrics, behavioral biometrics and medical biometrics. The key objective of the book is to provide comprehensive reference and text on human authentication and people identity verification from both physiological, behavioural and other points of view. It aims to publish new insights into current innovations in computer systems and technology for biometrics development and its applications. The book was reviewed by the editor Dr. Jucheng Yang, and many of the guest editors, such as Dr. Girija Chetty, Dr. Norman Poh, Dr. Loris Nanni, Dr. Jianjiang Feng, Dr. Dongsun Park, Dr. Sook Yoon and so on, who also made a significant contribution to the book

A systems-based approach to integrating security risk management into the management practice & culture of a global multi-national organisation

I work in the Corporate Security department of a global multi-national company that operates a wide range of businesses in many complex and turbulent environments, including developing countries and those recovering from conflict or similar strife. To help deliver the best level of protection for people, assets and business processes, my project sought to find an innovative, cost-effective and non-disruptive approach to integrating security risk management into the mainstream management practice and culture of my organisation. The solution needed to be responsive both to global corporate policy, the ontological and epistemological stances of the diverse professions within the company and the demands of the security risk environments where we conduct our business. The project’s theoretical framework is inherently multi-disciplinary and derives from theories of crime and theories of risk and the fusion of these with theories of management and organisation – particularly those related to systems theory. It provides a powerful platform for an innovative approach to security risk management to help to locate it alongside other key disciplines within the mainstream requirements for management thinking, knowledge and ability. I developed the approach while conducting internal security risk assessments and corporate security investigations, and while contributing to my company’s consultancy work for external organisations. The project is reflexive in that it has required me to reflect on, evaluate and enhance ways of working that I have acquired by experience and various forms of learning, alongside the various theoretical models that I refer to. I gathered the project data using focus groups, interviews and participant observations, and incorporated elements of bricolage into my methodology to cope with unpredictable field conditions and other disruptions, which were numerous. My project’s analytical framework is based on a sensemaking approach, derived from the project’s theoretical framework. The units of analysis are case studies of my treatment of businesses in a range of different industries and countries. In addition to evaluating the security implications of explicit formal structures, such as physical design or documented procedures, it also emphasised the significance of ‘soft’ inputs, such as employee perceptions of risk and various styles of management. Collaboration with technical experts enabled mutual learning and significant steps towards designing-in security to systems and processes. The project’s success was to be defined by the endorsement of the senior corporate and local managers who are ultimately responsible for risk management. It has achieved this goal, manifested in recommendations to use the approach to address a wide range of business challenges. This is supported by testimonials to the effectiveness of the approach and a growing commitment to embedding it within the company’s businesses via training and education programmes which I am currently developing. My conclusion summarises the project and argues that security risk management is about changing and managing perceptions of opportunities to offend. These include the perceptions of managers and others who support the organisation’s objectives and goals, as well as those of potential offenders who would otherwise perceive organisational assets and processes as attractive targets

L'atomisme, le holisme et la quête d'une tierce alternative viable

Selon John McDowell, l'atomisme et le holisme sont chacun incapables de porter fruit. Plutôt que d'osciller futilement entre ces deux pôles, il croit que nous devrions repenser notre façon de concevoir la relation liant l'esprit et le monde. Inspiré par certains passages de Kant, il nous invite donc à reconsidérer l'expérience de telle sorte qu'on y admette d'entrée de jeu l'exercice d'une liberté distinctement humaine-l'étendue de l'esprit devenant ainsi dénuée de toute contrainte externe. À notre avis, McDowell a plus de succès lorsqu'il dépeint le va-et-vient entre l'atomisme et le holisme que lorsqu'il propose une façon d'échapper à ce mouvement. Nous croyons que la fusion qu'il cherche à développer ne tient pas la route dans la mesure où, d'un point de vue naturaliste, il y a bel et bien lieu de distinguer la réceptivité empirique et la spontaneité conceptuelle. À l'encontre de McDowell, nous soutenons qu'il n'y a oscillation entre ces facultés que si l'on endosse une inférence allant du statut non-atomique des représentations au holisme, saut inductif qui repose sur une approche spéculative que nous rejetons. Le premier chapitre cherche à démontrer comment les théories holistes de filière quinéenne se fondent sur des présupposés spéculatifs et comment les éléments plus louables de la philosophie de McDowell à cet égard sont rendus impuissants par son assentiment à la critique que fait W. Sellars du "mythe du Donné". Le second chapitre reconstruit méticuleusement l'argument fort complexe qu'étale McDowell dans Mind and World, pour ensuite critiquer sa suggestion que la culture et l'éducation induisent chez l'être humain une attitude critique pouvant remplacer la friction produite par l'expérience. Le troisième chapitre soutient que la thèse de Sellars voulant que l'expérience peut causer mais non justifier nos représentations détruirait non seulement la connaissance empirique mais aussi la capacité de tirer des inférences. Enfin, le quatrième chapitre présente une nouvelle vision "constrictive" qui, par l'entremise des notions de coercition et de complexité, reconnait que la représentation du monde met en jeu une échelle plus large que l'atome mais plus petite que le tout. ______________________________________________________________________________ MOTS-CLÉS DE L’AUTEUR : Atomisme, Holisme, Représentation, John McDowell

Electronic Evidence and Electronic Signatures

In this updated edition of the well-established practitioner text, Stephen Mason and Daniel Seng have brought together a team of experts in the field to provide an exhaustive treatment of electronic evidence and electronic signatures. This fifth edition continues to follow the tradition in English evidence text books by basing the text on the law of England and Wales, with appropriate citations of relevant case law and legislation from other jurisdictions. Stephen Mason (of the Middle Temple, Barrister) is a leading authority on electronic evidence and electronic signatures, having advised global corporations and governments on these topics. He is also the editor of International Electronic Evidence (British Institute of International and Comparative Law 2008), and he founded the innovative international open access journal Digital Evidence and Electronic Signatures Law Review in 2004. Daniel Seng (Associate Professor, National University of Singapore) is the Director of the Centre for Technology, Robotics, AI and the Law (TRAIL). He teaches and researches information technology law and evidence law. Daniel was previously a partner and head of the technology practice at Messrs Rajah & Tann. He is also an active consultant to the World Intellectual Property Organization, where he has researched, delivered papers and published monographs on copyright exceptions for academic institutions, music copyright in the Asia Pacific and the liability of Internet intermediaries

Fakes in art

Tese de doutoramento, Estudos de Literatura e de Cultura (Teoria da Literatura), Universidade de Lisboa, Faculdade de Letras, 2013Knowing a work of art is fake influences one’s opinion about it. Moreover, it has important effects on the lives of people who are interested in art. These claims will be made in articulation with the following: judgements about art are not much different from judgements about actions that are unrelated to art. Art forgery is not a special case within the judgement of actions and intentions. Opinions about works of art, particularly about the intention to deceive, are moral descriptions.Saber que uma obra de arte é falsa influencia a nossa opinião acerca dessa obra e tem consequências importantes na vida das pessoas que se interessam por arte. Defender-se-á também que opiniões sobre arte não são muito diferentes de opiniões a respeito de acções que nada têm a ver com arte. As falsificações em arte não constituem um caso especial da avaliação de acções e intenções. Opiniões sobre obras de arte, particularmente sobre a intenção de enganar, são descrições morais.Fundação Calouste Gulbenkia

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

DRONE DELIVERY OF CBNRECy – DEW WEAPONS Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD)

Drone Delivery of CBNRECy – DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD) is our sixth textbook in a series covering the world of UASs and UUVs. Our textbook takes on a whole new purview for UAS / CUAS/ UUV (drones) – how they can be used to deploy Weapons of Mass Destruction and Deception against CBRNE and civilian targets of opportunity. We are concerned with the future use of these inexpensive devices and their availability to maleficent actors. Our work suggests that UASs in air and underwater UUVs will be the future of military and civilian terrorist operations. UAS / UUVs can deliver a huge punch for a low investment and minimize human casualties.https://newprairiepress.org/ebooks/1046/thumbnail.jp