Exploring Features of a Full-Coverage Integrated Solution for Business Process Compliance

The last few years have seen the introduction of several techniques for automatically tackling some aspects of compliance checking between business processes and business rules. Some of them are quite robust and mature and are provided with software support that partially or fully implement them. However, as far as we know there is not yet a tool that provides for the complete management of business process compliance in the whole lifecycle of business processes. The goal of this paper is to move towards an integrated business process compliance management system (BPCMS) on the basis of current literature and existing support. For this purpose, we present a description of some compliance-related features such a system should have in order to provide full coverage of the business process lifecycle, from compliance aware business process design to the audit process. Hints about what existing approaches can fit in each feature and challenges for future work are also provided

UK Research Information Shared Service (UKRISS) Final Report, July 2014

The reporting of research information is a complex and expensive activity for research organisations (ROs). There is little alignment between funders of the reporting requests made to institutions and requests made to individual researchers about their research outputs and outcomes. This inevitably results in duplication and increased costs across the sector, whilst limiting the potential sharing and reuse of the information. The UK Research Information Shared Service (UKRISS) project conducted a feasibility and scoping study for the reporting of research information at a national level based on CERIF (Common European Research Information Format), with the objective of increasing efficiency, productivity and quality across the sector. The aim was to define and prototype solutions which are compelling, easy to use, have a low entry barrier, and support innovative information sharing and benchmarking. CERIF has emerged as the preferred format for expressing research information across Europe. To date, CERIF has been piloted for specific applications, but not as a format for reporting requirements across all UK ROs. The final report presents the work carried out by the UKRISS project, including requirements gathering, modelling and prototyping, as well as recommendation for sustainability. UKRISS was divided into two phases. Phase 1, mapping the reporting landscape, ran from March 2012 to December 2012. Phase 2, exploring delivery of potential solutions, began in February 2013 and ended in December 2013

Broadcasting services amendment (Media Ownership) Bill 2006 and related bills

To help better explore the potential implications associated with the proposed legislation, we conducted a survey of 919 WA television viewers drawing from our TV Panel of 3000 viewers. Our panel has been recruited from a variety of sources including through lists acquired through marketing research firms, as well as direct mail and newspaper advertising recruitment drives. In many ways, our panel is better informed regarding future possibilities because they participate in regular studies where such scenarios are tested. In this way, the panel is better positioned to understand potential futures

Open-TEE - An Open Virtual Trusted Execution Environment

Hardware-based Trusted Execution Environments (TEEs) are widely deployed in mobile devices. Yet their use has been limited primarily to applications developed by the device vendors. Recent standardization of TEE interfaces by GlobalPlatform (GP) promises to partially address this problem by enabling GP-compliant trusted applications to run on TEEs from different vendors. Nevertheless ordinary developers wishing to develop trusted applications face significant challenges. Access to hardware TEE interfaces are difficult to obtain without support from vendors. Tools and software needed to develop and debug trusted applications may be expensive or non-existent. In this paper, we describe Open-TEE, a virtual, hardware-independent TEE implemented in software. Open-TEE conforms to GP specifications. It allows developers to develop and debug trusted applications with the same tools they use for developing software in general. Once a trusted application is fully debugged, it can be compiled for any actual hardware TEE. Through performance measurements and a user study we demonstrate that Open-TEE is efficient and easy to use. We have made Open- TEE freely available as open source.Comment: Author's version of article to appear in 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, Helsinki, Finland, August 20-22, 201

Reinforcement learning for efficient network penetration testing

Penetration testing (also known as pentesting or PT) is a common practice for actively assessing the defenses of a computer network by planning and executing all possible attacks to discover and exploit existing vulnerabilities. Current penetration testing methods are increasingly becoming non-standard, composite and resource-consuming despite the use of evolving tools. In this paper, we propose and evaluate an AI-based pentesting system which makes use of machine learning techniques, namely reinforcement learning (RL) to learn and reproduce average and complex pentesting activities. The proposed system is named Intelligent Automated Penetration Testing System (IAPTS) consisting of a module that integrates with industrial PT frameworks to enable them to capture information, learn from experience, and reproduce tests in future similar testing cases. IAPTS aims to save human resources while producing much-enhanced results in terms of time consumption, reliability and frequency of testing. IAPTS takes the approach of modeling PT environments and tasks as a partially observed Markov decision process (POMDP) problem which is solved by POMDP-solver. Although the scope of this paper is limited to network infrastructures PT planning and not the entire practice, the obtained results support the hypothesis that RL can enhance PT beyond the capabilities of any human PT expert in terms of time consumed, covered attacking vectors, accuracy and reliability of the outputs. In addition, this work tackles the complex problem of expertise capturing and re-use by allowing the IAPTS learning module to store and re-use PT policies in the same way that a human PT expert would learn but in a more efficient way

The administrative burden reduction policy boom in Europe: comparing mechanisms of policy diffusion

Much has been written on the diffusion of public management and regulatory reform tools. Available evidence suggests that cross-national policy diffusion is an increasingly significant phenomenon, especially in the European context. While internationalisation of policy discourses and expert communities are regarded as key driving forces of policy diffusion, public management reforms are also said to be particularly vulnerable to mechanisms of 'diffusion without convergence'. This paper analyses the case of policies aiming at reducing administrative burdens of regulations through the lens of the literature on policy diffusion. The diffusion of the so-called Standard Cost Model for measuring administrative burden between 2003 and 2007 is used as a case to explore the mechanisms facilitating policy diffusion in this domain. The analysis reveals patterns of rapid diffusion. This policy boom has been driven by a combination of different mechanisms of policy diffusion rather than by a single driving factor

How 5G wireless (and concomitant technologies) will revolutionize healthcare?

The need to have equitable access to quality healthcare is enshrined in the United Nations (UN) Sustainable Development Goals (SDGs), which defines the developmental agenda of the UN for the next 15 years. In particular, the third SDG focuses on the need to “ensure healthy lives and promote well-being for all at all ages”. In this paper, we build the case that 5G wireless technology, along with concomitant emerging technologies (such as IoT, big data, artificial intelligence and machine learning), will transform global healthcare systems in the near future. Our optimism around 5G-enabled healthcare stems from a confluence of significant technical pushes that are already at play: apart from the availability of high-throughput low-latency wireless connectivity, other significant factors include the democratization of computing through cloud computing; the democratization of Artificial Intelligence (AI) and cognitive computing (e.g., IBM Watson); and the commoditization of data through crowdsourcing and digital exhaust. These technologies together can finally crack a dysfunctional healthcare system that has largely been impervious to technological innovations. We highlight the persistent deficiencies of the current healthcare system and then demonstrate how the 5G-enabled healthcare revolution can fix these deficiencies. We also highlight open technical research challenges, and potential pitfalls, that may hinder the development of such a 5G-enabled health revolution

Assessing Scotland's Progress on the Environmental Agenda

For good reasons the environment has a high political profile in Scotland. This report is concerned with three important components of the environmental agenda and the way in which they are being taken forward by the responsible authorities in Scotland. The delivery of environmental outcomes on agricultural land by means of a range of current policies, including agri-environment schemes, cross-compliance conditions on direct payments to farmers and implementation of the EU Water Framework Directive.The selection and management of a new network of Marine Protected Areas.Policy measures designed to reduce greenhouse gas emissions and to mitigate climate change.Each of these topics is addressed individually in three separate chapters, aiming to identify some of the leading questions and the policy responses that have been adopted. The progress that is being made in meeting the objectives and aspirations set out in legislation and other key policy documents is then considered. Some of the objectives under review are determined entirely by the Government and by more local authorities in Scotland. Others arise primarily from obligations under EU legislation

The development of social and environmental accounting research 1995-2000

This paper reviews five years of social and environmental accounting literature (from 1995-2000) in an attempt to evaluate the current position. The methodology used follows that employed in Mathews (1997a) which covered a period of 25 years in three time periods: 1971-1980; 1981-1990; and 1991- 1995. The literature was classified into several sub-groups including empirical studies, normative statements, philosophical discussion, non-accounting literature, teaching programmes and text books, regulatory frameworks, and other reviews. In this review a number of new sub-categories have been employed as appropriate. The author is able to conclude on an optimistic note. The additions to the literature during the period 1995-2000 are encouraging. Researchers in this area are perhaps less naïve and more experienced than previously, and this, when added to their enthusiasm should lead to penetrating observations and commentaries over the next five years