COSPO/CENDI Industry Day Conference

The conference's objective was to provide a forum where government information managers and industry information technology experts could have an open exchange and discuss their respective needs and compare them to the available, or soon to be available, solutions. Technical summaries and points of contact are provided for the following sessions: secure products, protocols, and encryption; information providers; electronic document management and publishing; information indexing, discovery, and retrieval (IIDR); automated language translators; IIDR - natural language capabilities; IIDR - advanced technologies; IIDR - distributed heterogeneous and large database support; and communications - speed, bandwidth, and wireless

Risks and opportunities of open-source generative AI

Applications of Generative AI (Gen AI) are expected to revolutionize a number of different areas, ranging from science & medicine to education. The potential for these seismic changes has triggered a lively debate about the potential risks of the technology, and resulted in calls for tighter regulation, in particular from some of the major tech companies who are leading in AI development. This regulation is likely to put at risk the budding field of open-source generative AI. Using a three-stage framework for Gen AI development (near, mid and long-term), we analyze the risks and opportunities of open-source generative AI models with similar capabilities to the ones currently available (near to mid-term) and with greater capabilities (long-term). We argue that, overall, the benefits of open-source Gen AI outweigh its risks. As such, we encourage the open sourcing of models, training and evaluation data, and provide a set of recommendations and best practices for managing risks associated with open-source generative AI

Audit implications of EDI; Auditing procedure study;

https://egrove.olemiss.edu/aicpa_guides/1035/thumbnail.jp

‘Enhanced Encryption and Fine-Grained Authorization for Database Systems

The aim of this research is to enhance fine-grained authorization and encryption so that database systems are equipped with the controls necessary to help enterprises adhere to zero-trust security more effectively. For fine-grained authorization, this thesis has extended database systems with three new concepts: Row permissions, column masks and trusted contexts. Row permissions and column masks provide data-centric security so the security policy cannot be bypassed as with database views, for example. They also coexist in harmony with the rest of the database core tenets so that enterprises are not forced to compromise neither security nor database functionality. Trusted contexts provide applications in multitiered environments with a secure and controlled manner to propagate user identities to the database and therefore enable such applications to delegate the security policy to the database system where it is enforced more effectively. Trusted contexts also protect against application bypass so the application credentials cannot be abused to make database changes outside the scope of the application’s business logic. For encryption, this thesis has introduced a holistic database encryption solution to address the limitations of traditional database encryption methods. It too coexists in harmony with the rest of the database core tenets so that enterprises are not forced to choose between security and performance as with column encryption, for example. Lastly, row permissions, column masks, trusted contexts and holistic database encryption have all been implemented IBM DB2, where they are relied upon by thousands of organizations from around the world to protect critical data and adhere to zero-trust security more effectively

The role of the European Commission during the COVID-19 pandemic in fostering coordination and solidarity among member states

In the first weeks of the COVID-19 outbreak in the European Union, Member States reacted in a unilateral and nationalist manner that was contradictory to a spirit of solidarity. Therefore, this dissertation aimed to assess the European Commission’s role regarding the challenges of the Member States’ responses to the COVID-19 pandemic, especially regarding solidarity and coordination among them. The definition of European Solidarity is however weak, as demonstrated in the Literature review chapter. For a concept to gain its meaning and be defined, constant practice is needed. Through a qualitative document analysis of documents issued by the European Commission addressing the sanitary crisis caused by the COVID-19 pandemic in 2020, this dissertation aimed to answer its research question and validate its hypothesis. It was concluded that the European Commission played an active role in responding to the COVID-19 pandemic and fostering coordination and solidarity among Member States. During the analysis, it was also concluded that in its actions to respond to the pandemic, the Commission put in place the constant practice of European Solidarity, demonstrating what it means to act in a solidarity manner and pushing for Member States to act in such a manner through the indication of concrete actions. It was also concluded that in its action in response to the COVID-19 pandemic in 2020, the von der Leyen Commission was also coherent with its six policy priorities that guided the undertaken efforts.Nas primeiras semanas do surto de COVID-19 na União Europeia, os Estados Membros reagiram de uma forma unilateral e nacionalista contraditória ao espírito de solidariedade. Assim, esta dissertação procurou avaliar o papel da Comissão Europeia no que se refere aos desafios colocados pelas respostas dos Estados Membros à pandemia de COVID-19, especialmente relativamente à solidariedade e coordenação entre estes. A definição de Solidariedade Europeia é, no entanto, fraca, como demonstrado no capítulo da Revisão de Literatura. Para um conceito ganhar o seu significado e ser definido, é necessária a prática constante. Através de uma análise documental qualitativa de documentos emitidos pela Comissão Europeia relativamente à pandemia de COVID-19 em 2020, esta dissertação procurou responder à sua pergunta de partida e validar as suas hipóteses. Foi, então, concluído que a Comissão Europeia assumiu um papel importante ao responder à pandemia de COVID-19 e fomentar a coordenação e solidariedade entre Estados Membros. Durante a analise, concluiu-se também que nas suas ações em resposta à Covid-19, a Comissão colocou em prática a Solidariedade Europeia de forma constante, demonstrando como se age de maneira solidária e incentivando os Estados Membros a assim agir através da indicação de ações concretas. Conclui-se ainda que na sua ação em resposta à pandemia de COVID-19 em 2020, a Comissão von der Leyen foi coerente com as suas seis prioridades políticas, que guiaram os seus esforços

Building a national maritime security policy

The issue of port security raised concerns at the highest levels after the terrorist attacks on September 11, 2001 against the United States. Security threats against ports and vessels acquired a new perspective and in 2002 the International Maritime Organization (IMO) adopted amendments to the International Convention for the Safety of Life at Sea (SOLAS), 1974, introducing Chapter XI-2 - Special measures to enhance maritime security. This set of regulations enshrines the International Ship and Port Facilities Security Code (ISPS Code), which entered into force on 1 July 2004. This Code establishes a set of measures to enhance the security of ships and port facilities. It encompasses two parts. Part A establishes the mandatory provisions, the non-mandatory (“recommended”) and part B provides guidelines about how to comply with the obligatory requirements of part A. Together with a critical analysis of the national legislation about the enactment of the ISPS Code into national law, this dissertation examines the level of implementation and compliance of this instrument in Mexico with special focus on port security. This dissertation also provides a transparent incident-reporting instrument developed and tested through this research effort in Mexico for reporting of port and maritime security incidents. This tool joins three primary port/maritime security functions: a) Reporting of port and maritime security incidents; b) Classification and investigation of serious security incidents that require reassessments of the Port Security Assessments, (PSA), Port Facility Security Assessments (PFSA), and amendments to Port Security Plans (PSP) and Port Facility Security Plans (PFSP) and finally; c) Collection of evidence material related to the security incident. This instrument, combined with statistics, provides nations with crucial information, about threats, needs and challenges for allocation of economic, material and human resources. It also provides essential information material to set up strategies for the development of a National Maritime Security Policy. Its flexibility and adaptability makes possible its implementation at any State of the world. The results of this analysis reflect the conflictive cooperation between the Secretaría de Marina (SEMAR) and the Secretaría de Comunicaciones y Transportes, (SCT). This, together with the ambiguities and contradictions of the National Maritime Regime, even though the extensive reforms of 2016 limits the exercise of authority of SEMAR and the operation of the CUMAR(s), the organ responsible for implementation and compliance of the ISPS Code, at all ports across the country. This doctoral dissertation comprises six introductory chapters, which are referred to as the kappa and five annexed papers. It aims to contribute to the maritime realm within the area of maritime security, with special focus on port security through the following general objectives: • Elaborate a critical analysis of the current port security situation of Mexico, with special focus on implementation and compliance of the ISPS Code, including the state of the art and harmonization of international legislation with national law; • Identify the most relevant security threats to port facilities in Mexico, including oil terminals and offshore installations; • Develop an analytical instrument for security incidents-reporting & incident investigation, to strengthen the continual evolution of PSA/PFSA and PSP/PFSP and useful for setting up the strategies of a national maritime security policy with possibility for implementation worldwide. The approach adopted in this study is mainly based on qualitative methods, combined with action research and a limited use of statistics. The research objectives call for classical documental analyses examining the elements of relevant international legislation against its implementation into national legislation in the referred nation-state. The methods were selected on their usefulness and efficacy for analysis of law and policy. Action Research was used for implementation test and improvement of the reporting incident instrument, which can also be used for setting up the strategies for the development of a National Maritime Security Policy. Action Research is recommended when it is intended to improve understanding, develop his/others learning and influence other’s learning, taking action for social improvement. The findings related to serious deficiencies in the implementation and compliance of the ISPS Code in Mexico, concerning reporting of security incidents and its re- evaluation with the PFSA and respective amendments to PFSP, the poor exercise of authority from the representatives of SEMAR at the CUMARs in respect of fulfilling its obligations and responsibilities concerning port and maritime security; and the identification of necessary legal amendments to national law, as well as the remarkable improvement in reporting security incidents after the implementation of the “transparent security-incident-reporting tool”, that enables port/maritime security incident investigation and can serve to identify the problem areas; contributing to set up the strategies for the development of a national maritime security policy, together with the instrument itself, are some of the most relevant contributions of this dissertation

Falling Down Before the Divine Right of Experts? Exploring the significance of epistemic communities in multi-level governance arrangements

Public policy is increasingly made and governed using experts across many levels of ‘governance’ – from the international to the local. But how experts influence the design of this ‘multi-level’ governance is not well understood. This thesis investigates this puzzle by examining how groups of experts, conceptualised as ‘epistemic communities’, and those processes of multi-level governance influence each other. But the design of those processes can also be influenced by matters such as national identity. Therefore, the thesis also explores the extent to which experts holding a linguistic cultural identity, which highlights the importance of language and associated culture, influences the epistemic community-multi-level governance relationship. This study uses a specific definition of expertise to describe epistemic communities, which concerns the mastery of the language and practice of a field of knowledge, to make an original contribution to the literature. A further important contribution is made by examining the relationship between epistemic communities and multi-level governance in new settings. The cases of the development of the Loi sur le patrimoine culturel and the Historic Environment (Wales) Act in Québec and Wales show the usefulness of cultural heritage policy in these territories for understanding the two concepts. Epistemic communities were found to ‘frame’ policy problems, especially those that were technical or uncertain, in ways that created demands for more expertise. The design of multi-level policymaking processes was shown to be frequently shaped by these frames to different extents. Linguistic cultural identity shaped epistemic community actions too, at times, especially when it was perceived as politically relevant. This influenced multi-level policymaking designs primarily by reducing the number of different actors and different fields of knowledge represented. The findings imply that experts can be very important for shaping the design of policymaking processes but that this may limit their effectiveness and legitimacy