Privacy and Cloud Computing in Public Schools

Today, data driven decision-making is at the center of educational policy debates in the United States. School districts are increasingly turning to rapidly evolving technologies and cloud computing to satisfy their educational objectives and take advantage of new opportunities for cost savings, flexibility, and always-available service among others. As public schools in the United States rapidly adopt cloud-computing services, and consequently transfer increasing quantities of student information to third-party providers, privacy issues become more salient and contentious. The protection of student privacy in the context of cloud computing is generally unknown both to the public and to policy-makers. This study thus focuses on K-12 public education and examines how school districts address privacy when they transfer student information to cloud computing service providers. The goals of the study are threefold: first, to provide a national picture of cloud computing in public schools; second, to assess how public schools address their statutory obligations as well as generally accepted privacy principles in their cloud service agreements; and, third, to make recommendations based on the findings to improve the protection of student privacy in the context of cloud computing. Fordham CLIP selected a national sample of school districts including large, medium and small school systems from every geographic region of the country. Using state open public record laws, Fordham CLIP requested from each selected district all of the district’s cloud service agreements, notices to parents, and computer use policies for teachers. All of the materials were then coded against a checklist of legal obligations and privacy norms. The purpose for this coding was to enable a general assessment and was not designed to provide a compliance audit of any school district nor of any particular vendor.https://ir.lawnet.fordham.edu/clip/1001/thumbnail.jp

Privacy and Cloud Computing in Public Schools

Today, data driven decision-making is at the center of educational policy debates in the United States. School districts are increasingly turning to rapidly evolving technologies and cloud computing to satisfy their educational objectives and take advantage of new opportunities for cost savings, flexibility, and always-available service among others. As public schools in the United States rapidly adopt cloud-computing services, and consequently transfer increasing quantities of student information to third-party providers, privacy issues become more salient and contentious. The protection of student privacy in the context of cloud computing is generally unknown both to the public and to policy-makers. This study thus focuses on K-12 public education and examines how school districts address privacy when they transfer student information to cloud computing service providers. The goals of the study are threefold: first, to provide a national picture of cloud computing in public schools; second, to assess how public schools address their statutory obligations as well as generally accepted privacy principles in their cloud service agreements; and, third, to make recommendations based on the findings to improve the protection of student privacy in the context of cloud computing. Fordham CLIP selected a national sample of school districts including large, medium and small school systems from every geographic region of the country. Using state open public record laws, Fordham CLIP requested from each selected district all of the district’s cloud service agreements, notices to parents, and computer use policies for teachers. All of the materials were then coded against a checklist of legal obligations and privacy norms. The purpose for this coding was to enable a general assessment and was not designed to provide a compliance audit of any school district nor of any particular vendor.https://ir.lawnet.fordham.edu/clip/1001/thumbnail.jp

Privacy and Cloud Computing in Public Schools

Today, data driven decision-making is at the center of educational policy debates in the United States. School districts are increasingly turning to rapidly evolving technologies and cloud computing to satisfy their educational objectives and take advantage of new opportunities for cost savings, flexibility, and always-available service among others. As public schools in the United States rapidly adopt cloud-computing services, and consequently transfer increasing quantities of student information to third-party providers, privacy issues become more salient and contentious. The protection of student privacy in the context of cloud computing is generally unknown both to the public and to policy-makers. This study thus focuses on K-12 public education and examines how school districts address privacy when they transfer student information to cloud computing service providers. The goals of the study are threefold: first, to provide a national picture of cloud computing in public schools; second, to assess how public schools address their statutory obligations as well as generally accepted privacy principles in their cloud service agreements; and, third, to make recommendations based on the findings to improve the protection of student privacy in the context of cloud computing. Fordham CLIP selected a national sample of school districts including large, medium and small school systems from every geographic region of the country. Using state open public record laws, Fordham CLIP requested from each selected district all of the district’s cloud service agreements, notices to parents, and computer use policies for teachers. All of the materials were then coded against a checklist of legal obligations and privacy norms. The purpose for this coding was to enable a general assessment and was not designed to provide a compliance audit of any school district nor of any particular vendor.https://ir.lawnet.fordham.edu/clip/1001/thumbnail.jp

Knowledge Management and Sustainable Agriculture:the Italian Case

The contemporary knowledge-based economy requires global usage of information in all aspects of modern society. Pertinent information is an important asset for successful business, therefore an application of knowledge management in organisational practice has become a crucial factor for the viability and sustainable development of enterprises. This is particularly relevant for the agricultural context, which needs modern practices for enhancement and development. However, information and knowledge, due to their intangible character, seem difficult to manage and organize. Therefore the paper targeted at developing sustainable organizational model of knowledge management for small and medium enterprises. Italian agriculture is considered as a context for this study, and knowledge management was offered as a tool for facilitating agricultural performance and increasing competitiveness of agricultural sector. A wide concept of knowledge management and specified agricultural context require a theory-based approach to research and a survey. Thus, the research methodology includes the next four parts. The first one contains literature review and examines definitions, strategies, approaches and models of sustainable knowledge management. The second part includes content analysis of 105 scientific publications. The third part of methodology is based on the results of the two previous parts and includes creating the model of knowledge management. Verification of this model is the last part of the research. Verification was executed through on-line questionnaire distributed to Italian agricultural enterprises throughout the country on their intentions and awareness towards knowledge management and developed model of knowledge management. The results of the survey have demonstrated farmer’s incentives to implement the developed knowledge management model with flexible approach in its organisation

A Dynamic Access Control Model Using Authorising Workfow and Task Role-based Access Control

Access control is fundamental and prerequisite to govern and safeguard information assets within an organisation. Organisations generally use Web enabled remote access coupled with applications access distributed across various networks. These networks face various challenges including increase operational burden and monitoring issues due to the dynamic and complex nature of security policies for access control. The increasingly dynamic nature of collaborations means that in one context a user should have access to sensitive information, whilst not being allowed access in other contexts. The current access control models are static and lack Dynamic Segregation of Duties (SoD), Task instance level of Segregation, and decision making in real time. This thesis addresses these limitations describes tools to support access management in borderless network environments with dynamic SoD capability and real time access control decision making and policy enforcement. This thesis makes three contributions: i) Defining an Authorising Workflow Task Role Based Access Control (AW-TRBAC) using existing task and workflow concepts. This new workflow integrates dynamic SoD, whilst considering task instance restriction to ensure overall access governance and accountability. It enhances existing access control models such as Role Based Access Control (RBAC) by dynamically granting users access rights and providing access governance. ii) Extension of the OASIS standard of XACML policy language to support dynamic access control requirements and enforce access control rules for real time decision making. This mitigates risks relating to access control, such as escalation of privilege in broken access control, and insucient logging and monitoring. iii) The AW-TRBAC model is implemented by extending the open source XACML (Balana) policy engine to demonstrate its applicability to a real industrial use case from a financial institution. The results show that AW-TRBAC is scalable, can process relatively large numbers of complex requests, and meets the requirements of real time access control decision making, governance and mitigating broken access control risk

Efficient systems for the securities transaction industry : a framework for the European Union

This paper provides a framework for the securities transaction industry in the EU to understand the functions performed, the institutions involved and the parameters concerned that shape market and ownership structure. Of particular interest are microeconomic incentives of the industry players that can be in contradiction to social welfare. We evaluate the three functions and the strategic parameters - the boundary decision, the communication standard employed and the governance implemented - along the lines of three efficiency concepts. By structuring the main factors that influence these concepts and by describing the underlying trade-offs among them, we provide insight into a highly complex industry. Applying our framework, the paper describes and analyzes three consistent systems for the securities transaction industry. We point out that one of the systems, denoted as 'contestable monopolies', demonstrates a superior overall efficiency while it might be the most sensitive in terms of configuration accuracy and thus difficult to achieve and sustain

Enterprise Architecture Context Analysis Proposal

The enterprise architecture (EA) is defined as a coherent and consistent set of principles and rules that guide system design. In the EA modelling methods, an enterprise is identified with institution, business or administrative unit. The EA development methods mostly focus on the EA internal problem visualization, as well as on the procedural and different viewpoint approaches. However, in this paper, author would like to emphasize the EA context specification. The first part of the paper covers presentation of different meanings of context in information science. Next, the discussion on the EA context in related publications is included. The third part comprises a proposal of considering EA stakeholders, principles and other information technology (IT) systems as an EA context. Finally, a short case study is included for the context visualization