Mitigating Insider Threat in Relational Database Systems

The dissertation concentrates on addressing the factors and capabilities that enable insiders to violate systems security. It focuses on modeling the accumulative knowledge that insiders get throughout legal accesses, and it concentrates on analyzing the dependencies and constraints among data items and represents them using graph-based methods. The dissertation proposes new types of Knowledge Graphs (KGs) to represent insiders\u27 knowledgebases. Furthermore, it introduces the Neural Dependency and Inference Graph (NDIG) and Constraints and Dependencies Graph (CDG) to demonstrate the dependencies and constraints among data items. The dissertation discusses in detail how insiders use knowledgebases and dependencies and constraints to get unauthorized knowledge. It suggests new approaches to predict and prevent the aforementioned threat. The proposed models use KGs, NDIG and CDG in analyzing the threat status, and leverage the effect of updates on the lifetimes of data items in insiders\u27 knowledgebases to prevent the threat without affecting the availability of data items. Furthermore, the dissertation uses the aforementioned idea in ordering the operations of concurrent tasks such that write operations that update risky data items in knowledgebases are executed before the risky data items can be used in unauthorized inferences. In addition to unauthorized knowledge, the dissertation discusses how insiders can make unauthorized modifications in sensitive data items. It introduces new approaches to build Modification Graphs that demonstrate the authorized and unauthorized data items which insiders are able to update. To prevent this threat, the dissertation provides two methods, which are hiding sensitive dependencies and denying risky write requests. In addition to traditional RDBMS, the dissertation investigates insider threat in cloud relational database systems (cloud RDMS). It discusses the vulnerabilities in the cloud computing structure that may enable insiders to launch attacks. To prevent such threats, the dissertation suggests three models and addresses the advantages and limitations of each one. To prove the correctness and the effectiveness of the proposed approaches, the dissertation uses well stated algorithms, theorems, proofs and simulations. The simulations have been executed according to various parameters that represent the different conditions and environments of executing tasks

The charity hospice: a theory of governance processes

The study considers the processes by which a charity hospice reconciles internal, external and governmental tensions in the provision of public healthcare services. Thus the focus is on change, decision-making and relationships with public sector partners. The study is practice-based utilising a grounded theory methodology and a case study strategy based in two empirical phases. Phase 1 comprises a single organisation case study at a charitable hospice for the purposes of theory production. Data collection was primarily via participant observations from a close insider perspective as recognised by Adler & Adler (1987). Emerging theory from phase 1 was later tested and developed via Phase 2 empirics, comprising a cluster of four organisational case studies. Data collection during phase 2 was based in semi-structured interviews and, in part, critical incident technique. Around thirty interviews were held, evenly spread across participating organisations and between trustees and managers. The original contribution is a theoretical model of governance processes that identifies the ‘individual contribution’ of trustees and the ‘collective will’ of the board of trustees as key concepts. It is recognised that both are subject to ‘leakage’ from their maximum potential. Component elements of the three concepts are identified and discussed. A three-tier model is presented using these key concepts as linkages between governance, culture and change management. The theory is used to form a framework for practice, aimed at facilitating improved control and effectiveness of a charity hospice board of trustees. The theory is placed in a critical realist perspective for discussion. The study contributes to the debate on issues around public and voluntary sector commissioning and funding relationships. There is also a methodological discussion in the context of researching from the perspective of a close-insider addressing issues of access, ethics and the dual role of researcher/practitioner. There is a contention that production of emergent grounded theory for testing and development and the Scapens (1990) differentiation between positive/normative perspectives may be too simplistic for the purposes of this study

Data Partitioning Methods to Process Queries on Encrypted Databases on the Cloud

Many features and advantages have been brought to organizations and computer users by Cloud computing. It allows different service providers to distribute many applications and services in an economical way. Consequently, many users and companies have begun using cloud computing. However, the users and companies are concerned about their data when data are stored and managed in the Cloud or outsourcing servers. The private data of individual users and companies is stored and managed by the service providers on the Cloud, which offers services on the other side of the Internet in terms of its users, and consequently results in privacy concerns [61]. In this dissertation, a technique has been explored to improve query processing performance while protecting database tables on a Cloud by encrypting those so that they remain secure. It shows how to process SQL queries on encrypted databases designed to protect data from any leakage or attack, even from the service providers. The strategy is to process the query on the Cloud without having to decrypt the data, and data decryption is performed only at the client site. Therefore, to achieve efficiency, no more than the exact set of requested data is returned to the client. In addition, four different techniques have been developed to index and partition the data. The indexes and partitions of the data are used to select part of the data from the Cloud or outsource data depending on the required data. The index data can be stored on the Cloud or server with the encrypted database table. This helps in reducing the entire processing time, which includes data transfer time from the Cloud to the client and also data decryption and processing time at the client

CYBEREDUCATION-BY-DESIGN™: DEVELOPING A FRAMEWORK FOR CYBERSECURITY EDUCATION AT SECONDARY EDUCATION INSTITUTIONS IN ARIZONA

Most survey results agree that there is a current and ongoing shortage of skilled cybersecurity workers that places our privacy, infrastructure, and nation at risk. Estimates for the global Cybersecurity Workforce Gap range from 2.72 million (ISC2, 2021) to 3.5 million (Cyber Academy, 2021) for 2021 and the United States estimates range from 465,000 (Brooks, 2021) to over 769,000 (Cyber Seek, 2022) open jobs as of November 2022. The most optimistic estimates still demonstrate a critical issue. As cybersecurity threats continue to grow in sophistication, scope, and scale, the ability to secure the United States from these threats lies in the ability to develop cybersecurity professionals with the knowledge, skills, and abilities (KSAs) to accomplish the tasks associated with their cyber roles. The ability to supply qualified cybersecurity professionals is outpaced by the growing demand as previously outlined. This study proposes that conducting a case study of existing cybersecurity programs at secondary education institutions can identify the critical elements of these programs. These elements can be codified into program profiles and further refined into a comprehensive cybersecurity education framework for secondary education institutions. This framework can be used by school districts throughout Arizona to develop cybersecurity programs and ultimately develop qualified and competent cybersecurity professionals to overcome the cybersecurity workforce gap

Zatrudnienie w Polsce 2006: Produktywnosc dla pracy

This book constitutes a follow-up and extension of Employment in Poland 2005. In this issue we analyse the influence of demand-side factors on Polish labour market and especially so from the macroeconomic and regional perspectives. We begin with macroeconomic look at the labour markets in eight – out of ten – states which joined the EU in 2004. We focus on identifying aggregate disturbances which had a crucial influence on the economic fluctuations within the CEE region in the period 1994-2005, and we assess to what extent these disturbances are responsible for different dynamics of unemployment and employment trends in the examined countries and to what extent different fiscal and monetary approaches adopted at that time contributed to remedy these disturbances. The key finding resulting is that the relatively most significant decrease in employment and increase in unemployment levels in Europe, which came about in Poland after the year 2000, are due to the idiosyncratic decrease in return on capital and total factor productivity [TFP] dynamics. We also find that, although the policy-mix adopted in the above period was not the direct cause for the slowdown, its role in accommodating the shock was probably moderately negative. Then we study regional differences in the labour market in Poland in the period 2000-2005. We analyse aggregate data and identify microeconomic factors affecting trends in job creation and destruction. We group the NUTS4 regions in Poland in six homogenous clusters and find that in the period 2000-2005 no significant changes in the labour market indicators occurred either between clusters or between voivodeships (NUTS2 regions). This is so because the direction and depth of fluctuations on the regional scale were generally shaped by aggregate shocks which affected the economy as a whole. Moreover, the above period saw a greater differentiation in terms of productivity and thus, in most parts of Poland, increasing employment and unemployment rates are due to the development of labour-intensive manufacturing. We argue that only the largest urban conglomerations in Poland have adopted the development model which supports high economic growth in medium and long term. In third part of the study we focus on spatial mobility of Polish workers. In case of both internal and international migrations we demonstrate that economic factors determine significantly decisions about changing place of residence and that the key incentive to migrate is higher wages in the destination location and a relatively worse situation in the labour market in the region of origin. We also estimate the scale of international migration from Poland, which indicate that the number of people who stayed abroad for more than two months in the year 2005 was higher by approximately 165,000-379,000 people than before EU accession, due to one-time increase in migration flows. Moreover, we point out that international migration is mostly seasonal and that emigrants retain strong ties with their homeland. As for internal migration, we argue that its aggregate intensity is relatively modest and we emphasise that although in general the population moves from smaller to larger conglomerates, the limited scale of these movements makes the progress in urbanisation being slow and agglomerations less numerous than in other EU member states. In the long run, this may constitute an obstacle for real convergence to the most developed EU countries. Finally we scrutinize work in the non-observed economy (NOE) in Poland. According to various methodologies we asses the NOE output at 15-30 per cent of the GDP, and we find that the main reasons behind the existence of the grey economy in Poland are overly burdensome fiscal policy and excessively restrictive economic regulations. We close the report with demonstrating links between areas we studied and implications for labour market and economic policy in Poland.Poland; unemployment; employment; transition countries; labour market shocks; unemployment persistance; regional disparities; labour migration; informal employment

The charity hospice : a theory of governance processes

The study considers the processes by which a charity hospice reconciles internal, external and governmental tensions in the provision of public healthcare services. Thus the focus is on change, decision-making and relationships with public sector partners. The study is practice-based utilising a grounded theory methodology and a case study strategy based in two empirical phases. Phase 1 comprises a single organisation case study at a charitable hospice for the purposes of theory production. Data collection was primarily via participant observations from a close insider perspective as recognised by Adler ;Adler (1987). Emerging theory from phase 1 was later tested and developed via Phase 2 empirics, comprising a cluster of four organisational case studies. Data collection during phase 2 was based in semi-structured interviews and, in part, critical incident technique. Around thirty interviews were held, evenly spread across participating organisations and between trustees and managers. The original contribution is a theoretical model of governance processes that identifies the ‘individual contribution’ of trustees and the ‘collective will’ of the board of trustees as key concepts. It is recognised that both are subject to ‘leakage’ from their maximum potential. Component elements of the three concepts are identified and discussed. A three-tier model is presented using these key concepts as linkages between governance, culture and change management. The theory is used to form a framework for practice, aimed at facilitating improved control and effectiveness of a charity hospice board of trustees. The theory is placed in a critical realist perspective for discussion. The study contributes to the debate on issues around public and voluntary sector commissioning and funding relationships. There is also a methodological discussion in the context of researching from the perspective of a close-insider addressing issues of access, ethics and the dual role of researcher/practitioner. There is a contention that production of emergent grounded theory for testing and development and the Scapens (1990) differentiation between positive/normative perspectives may be too simplistic for the purposes of this study.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

A Comparative Analysis of the Control of Financial Crime From the Perspective of the UK, USA and Nigeria

In 1939, Edwin Sutherland’s thesis on white collar crime drew the global attention to the bane of crime committed by persons in upper social class who use their privileged position to commit crime and are protected from prosecution by the state while persons in the lower social class who commit street crimes do not enjoy similar privilege, despite several criticisms against the thesis, it altered the theory of causation of crime and the earlier perception that financial crime is a victimless crime and thus created an awareness of the consequences of financial crime on economic development, social stability, national security, integrity of the capital market and good governance. The influence of information technology, globalisation and the link between financial crime, corruption, illicit drug trade, terrorist financing, human traffic and fraud (many of which are predicate offences of money laundering) demand a global concerted approach, development of which the UK and US laws have influenced with the introduction of national and international AML, OECD initiatives, the Vienna and Palermo conventions, the UNCAC and the FATF Recommendations. Many of these international initiatives (excluding the earlier Commonwealth initiatives) evolved from drug control measures, consequently, they have not effectively achieved the desired objectives in diverse ways, like the failure of the existing international initiatives (multilateral or mutual legal assistance) on the enforcement of transnational crimes. In Nigeria, part of the reason why regulating, interdicting and disrupting financial crime has been less effective is due to the introduction of the British method of criminal jurisprudence to Nigeria criminal justice system, in contradiction to the Nigerian traditional customary laws, values and remedies of restitution, compensation and reconciliation; consequently, the imposed foreign criminal codes failed to adequately control crime and also failed to adequately disgorge the proceeds of financial crime. While different nations have adopted various means of disgorging the proceeds of crime either by amending their adjectival laws to shift the burden of proof in certain circumstances (like criminalising the possession of unexplained wealth) without violating the offender’s right of presumption of innocence or right to remain silence, however, such adopted method must be informed by the circumstance of any given country, so far due process, equity and justice are ensured. Nigeria has not deemed it appropriate to use the prohibition of possession of unexplained wealth as an effective tool of financial crime control, except Lagos state. Again, due to the vast involvement of corporations in financial crime, an effective means of holding them liable through a clearly defined and pragmatic concept of corporate criminal liability has become necessary because this would play a crucial role in crime control. Consequently, this research questions the gross inconsistencies and ineffectiveness in the application of the organic or directing mind theory in holding complex, modern multinational corporations culpable and argues in favour of using a combination of principles of organic or directing mind, vicarious responsibility and strict liability offence (for failure to implement adequate internal policies to prevent crime by agents, similar to the provisions of the UK Bribery Act 2010, s.7) in attributing the knowledge of the agent or employee to the corporation, depending on the circumstance of a given case.The thesis argues that the future of money laundering control lies in the criminalisation of unexplained wealth, without infringing the right to own property. It identifies and proffers solutions to the problems associated with legal systems, jurisdictions, complexity of law and standard of proof, it recommends the use of civil enforcement by victim, regulatory actions, disruption of financial crime through internal control and compliance mechanisms with emphasis on recovery of proceeds of crime either through conviction based confiscation or civil forfeiture. Further, the thesis argues that due to the challenges associated with scientific means of evidence gathering and the high standard of proof in criminal proceedings beyond reasonable doubt, it prescribes that Nigeria ought to adopt the non-conviction based civil recovery of proceeds of crime, it also recommends the use of tax law to seize proceeds of money laundering. The thesis observes that the Nigeria criminal justice system needs to deemphasise the restrictive use of traditional punishment like imprisonment and fine in controlling complex financial crime, and suggested the use of clearly defined negotiated pleas like DPA, NPA and plea bargain. In addition, argues that the social and cultural factors responsible for greed and impunity must be identified and attacked in order to create a new social order, similar to the African communal lifestyle which was effective in controlling public and private corruption, notwithstanding, its basic tenet of gift giving. The thesis recommends that Nigeria ought to consider the introduction of an hybrid accusatorial and inquisitorial system of criminal justice so as to make its judiciary more participatory in criminal proceedings, it also recommends the provisions of fund for legal aid, compensation of victims of crime; prison and judiciary reform with a view to removing corruption without compromising the independence of judiciary and finally, it recommends legislations for protection and motivation of whistle blowers

Avoiding non-proliferation atrophy: the effectiveness of multilateral cooperation, regime dynamics and the case of nuclear non-proliferation

This project investigates the evolution multilateral nuclear non-proliferation arrangements to prevent state and non-state actors to access potentially destructive weapons and components thereof. While less scrutinized by political scientists and security experts, cooperative frameworks abound in practice. This begets questions as to the mechanisms and processes by which actors effectively cooperate in a crowded, complex and pluralist environment. Which factors determine the success and resilience of non-proliferation arrangements? How much explanatory power do cognitive beliefs and institutional practices command to understand and explain variance in governance effectiveness? While previous studies have focused on the ‘front-end’ of cooperation by examining factors leading states to cut deals, others have focused on the ‘back-end’ by focusing on the role of military and diplomatic means, such as alliances, coercion and the role of law. In addition, while scholarship on cooperation neglects sovereignty-conscious issues, non-proliferation studies disregard what happens between the ‘front- and the backend’ of the cooperation loop. This work analyzes three arrangements – the review process of the Nuclear Non- Proliferation Treaty, U.N. Security Council Resolution 1540 and the Nuclear Security Summits. Using case study analysis, elite interviews and participant observation, this study undertakes an investigation from a cognitivist perspective and examines the “principles, norms, rules, and decision-making procedures” governing non-proliferation. While factors related to knowledge and learning affect actors' understandings of risks and their mitigation pathways, their impact is intertwined with idiosyncratic factors, with crisis as overarching and crosscutting thread. Theoretically, compared to neorealism and neoliberal institutionalism, cognitive approaches to international regimes provide the most cogent explanations to account for governance effectiveness, but cannot wholly explain a case. Operatively, effective and resilient nuclear non-proliferation governance should provide for permanent interaction whereby novel implementation and monitoring mechanisms are experimented in a sovereignty-respecting way

Nuclear Law

This open access book traces the journey of nuclear law: its origins, how it has developed, where it is now, and where it is headed. As a discipline, this highly specialized body of law makes it possible for us to benefit from the life-saving applications of nuclear science and technology, including diagnosing cancer as well as avoiding and mitigating the effects of climate change. This book seeks to give readers a glimpse into the future of nuclear law, science and technology. It intends to provoke thought and discussion about how we can maximize the benefits and minimize the risks inherent in nuclear science and technology. This compilation of essays presents a global view in discipline as well as in geography. The book is aimed at representatives of governments—including regulators, policymakers and lawmakers—as well representatives of international organizations and the legal and insurance sectors. It will be of interest to all those keen to better understand the role of law in enabling the safe, secure, and peaceful use of nuclear technology around the world. The contributions in this book are written by leading experts, including the IAEA’s Director General, and discuss the four branches of nuclear law—safety, security, safeguards and nuclear liability—and the interaction of nuclear law with other fields of national and international law

Approximation of substantive criminal law in the EU

This book dedicated to the substantive criminal law in the EU put the Libson Treaty under scrutiny. It evaluates the changes introduced by this new Treaty and their impact, before reflecting on future prospects