LIPIcs, Volume 277, GIScience 2023, Complete Volume

LIPIcs, Volume 277, GIScience 2023, Complete Volum

Strategic Supply Management practices in the WA mining industry

Substantial research has focused on supply management as a key contributor to companies’ competitive advantage with agreement on the characteristics inherent to achieve strategic benefits through more intelligent supply management. This research investigates the characteristics evident in the WA mining industry and the alignment of practices with existing frameworks/models. The WA mining industry is found not to be an anomaly

Multidimensional Epidemiological Transformations: Addressing Location-Privacy in Public Health Practice

The following publications arose directly from this research: AbdelMalik P, Boulos MNK: Multidimensional point transform for public health practice. Methods of Information in Medicine. (In press; ePub ahead of print available online) http://dx.doi.org/10.3414/ME11-01-0001 AbdelMalik P, Boulos MNK, Jones R: The Perceived Impact of Location Privacy: A web-based survey of public health perspectives and requirements in the UK and Canada. BMC Public Health, 8:156 (2008) http://www.biomedcentral.com/1471-2458/8/156 The following papers were co-authored in relation to this research: Khaled El Emam, Ann Brown, Philip AbdelMalik, Angelica Neisa, Mark Walker, Jim Bottomley, Tyson Roffey: A method for managing re-identification risk from small geographic areas in Canada. BMC Medical Informatics and Decision Making. 10:18 (2010) http://www.biomedcentral.com/1472-6947/10/18 Maged N. Kamel Boulos, Andrew J. Curtis, Philip AbdelMalik: Musings on privacy issues in health research involving disaggregate geographic data about individuals. International Journal of Health Geographics. 8:46 (2009) http://www.ij-healthgeographics.com/content/pdf/1476-072X-8-46.pdf Khaled El Emam, Ann Brown, Philip AbdelMalik: Evaluating predictors of geographic area population size cut-offs to manage re-identification risk. Journal of the American Medical Informatics Association, 16:256-266 (2009)The ability to control one’s own personally identifiable information is a worthwhile human right that is becoming increasingly vulnerable. However just as significant, if not more so, is the right to health. With increasing globalisation and threats of natural disasters and acts of terrorism, this right is also becoming increasingly vulnerable. Public health practice – which is charged with the protection, promotion and mitigation of the health of society and its individuals – has been at odds with the right to privacy. This is particularly significant when location privacy is under consideration. Spatial information is an important aspect of public health, yet the increasing availability of spatial imagery and location-sensitive applications and technologies has brought location-privacy to the forefront, threatening to negatively impact the practice of public health by inhibiting or severely limiting data-sharing. This study begins by reviewing the current relevant legislation as it pertains to public health and investigates the public health community’s perceptions on location privacy barriers to the practice. Bureaucracy and legislation are identified by survey participants as the two greatest privacy-related barriers to public health. In response to this clash, a number of solutions and workarounds are proposed in the literature to compensate for location privacy. However, as their weaknesses are outlined, a novel approach - the multidimensional point transform - that works synergistically on multiple dimensions, including location, to anonymise data is developed and demonstrated. Finally, a framework for guiding decisions on data-sharing and identifying requirements is proposed and a sample implementation is demonstrated through a fictitious scenario. For each aspect of the study, a tool prototype and/or design for implementation is proposed and explained, and the need for further development of these is highlighted. In summary, this study provides a multi-disciplinary and multidimensional solution to the clash between privacy and data-sharing in public health practice.Partially sponsored by the Public Health Agency of Canad

DATA MINING AND RE-IDENTIFICATION: ANALYSIS OF DATABASE QUERY PATTERNS THAT POSE A THREAT TO ANONYMISED INFORMATION

To maintain the globally connected civilization culture in place today, a number of sectors are built on the gathering and sharing of data. Personal and sensitive data are collected and shared about the individuals using the services offered by these sectors. Data controllers rely on the robustness of anonymisation measures to keep personal and sensitive attributes in the shared dataset privacy safe. Typically, the dataset is stripped of direct identifiers such as names and National Insurance (NI) numbers, such that individuals in the dataset are not uniquely identifiable. However, details in the dataset perceived by data controllers to have no negative data privacy impact can be used by attackers to perform a re-identification attack. Such an attack uses the details shared in the dataset in conjunction with a secondary data source to rebuild a personally identifiable profile for individual(s) in the supposedly anonymised shared dataset. There have been a few publicised cases of re-identification attacks, and with the information reported about these attacks, it is unknown what constitutes a re-identification attack from a technical perspective other than its outcome. The work in this thesis explores real cases of successful re-identification attacks to analyse and build a technical profile of what re-identification entails. Using the Netflix Prize Data and the re-identification of Governor William Weld as case studies, synthetic datasets are created to represent the anonymised databases shared in each of these re-identification attack cases. An exploratory study to technically represent re-identification attacks as database queries in SQL is conducted. This involves the research performing re-identification attacks on the synthetic databases by executing a series of SQL queries. With a hypothesis that there is enough similarity in the patterns of SQL database queries that lead to re-identification attacks on anonymised databases, this research employs data mining techniques and machine learning algorithms to train classifiers to recognise re-identification patterns in SQL queries. Four classification algorithms: Multilayer Perceptron (MLP), Naive Bayes (NB), K-Nearest Neighbors (KNN), and Logistic Regression (LR) are trained in this research to recognise and predict attempts of re-identification attacks. The results of the performance evaluation and unseen data testing indicate that the MLP, Multinomial Naive Bayes (MNB), and the LR classifiers are most effective at recognising patterns of re-identification attacks. During performance evaluation, the MLP classifier achieved an accuracy of 100%, the MNB achieved 79.3% and the LR achieved 100%. The unseen data testing shows that the MLP, MNB, and LR classifiers are able to predict new instances of re-identification attack attempts 79%, 71%, and 79% of the time respectively, indicating a good generalisation performance. To the best of this research’s knowledge, the work in this thesis is the only effort to date to automate the recognition and prediction of re-identification attack attempts on anonymised databases. The novel system developed in this research can be implemented to improve the monitoring of anonymised databases in data sharing environments

Evaluation of medical response in disaster preparedness : with special reference to full-scale exercises

Background: Disaster exercises and simulations serves as teaching and training tool for improving medical response in disaster preparedness. Rapid and effective medical response in major incidents is known as a “key phase” to optimise resources, and this requires that management systems have an “all hazards” approach. Decision-making at all levels of management is based on available information and involves allocation of medical resources and triage decisions. Aim: The overall aim of this thesis was to increase our knowledge of the impact of quantitative evaluation of medical response on disaster preparedness. The specific aims were: to increase the ability to learn from full-scale exercises by applying quality indicators at two levels of command and control (I, II); to identify key indicators essential for initial disaster medical response registration (III); to explore ambulance staff attitudes towards practising triage tagging (IV); and to increase our knowledge of the applicability of a technical support system and its potential to provide real-time, overall situation awareness available to those overseeing the medical management of the operation. Methods: Study I, II and V were observational studies based on data collections from full-scale exercises. Templates with measurable performance indicators for evaluation of command and control were used in Study I and II and the same performance indicators combined with outcome indicators was also included in Study II. A consensus method, the Delphi technique, with 30 experts was used in Study III. Study IV used mixed methods, a pre-and post web survey answered by ambulance nurses and physicians (n=57 respectively 57) before and after a time limited strategy with triage tags and three focus groups interviews comprising 21 ambulance nurses and emergency medical technicians. Study V used major two incidents simulations to test the applicability of Radio Frequency Identification (RFID tags) technology and compare it with traditionally paper-based triage tags (n= 20 respectively 20). The quantitative data were analysed using descriptive statistics, and content analysis was used for the qualitative data. Results: The evaluation model exposed several problems occurring in the initial decision-making process that were repeatedly observed (I, II). These results in study II also demonstrated to have a major impact on patient outcome.Out of 17 severely injured patients five respectively seven were at risk for preventable death. A total of 97 statements were generated, of these 77 statements reached experts consensus, and 20 did not (III). Ambulance staffs believe in the usefulness of standardised triage methods, but the sparse application of triage tags at the scene indicates that the tags are not used frequently. Infrequent use in daily practice prevents participants from feeling confident with the triage tool (IV).The Radio Frequency Identification system improved situational awareness in disaster management. Triage information was available at least one hour earlier compared to a paper-based triage system (V). Conclusions: The presented evaluation model can be used in an objective, systematic and reproducible way to evaluate complex medical responses, which is a prerequisite for quality assurance, identification of problems, and the development of disaster preparedness

12th International Conference on Geographic Information Science: GIScience 2023, September 12–15, 2023, Leeds, UK

No abstract available

Value focused assessment of cyber risks to gain benefits from security investments

Doutoramento em GestãoCom a multiplicação de dispositivos tecnológicos e com as suas complexas interacções, os ciber riscos não param de crescer. As entidades supervisoras estabelecem novos requisitos para forçar organizações a gerir os ciber riscos. Mesmo com estas crescentes ameaças e requisitos, decisões para a mitigação de ciber riscos continuam a não ser bem aceites pelas partes interessadas e os benefícios dos investimentos em segurança permanecem imperceptíveis para a gestão de topo. Esta investigação analisa o ciclo de vida da gestão de ciber risco identificando objectivos de mitigação de ciber risco, capturados de especialistas da área, prioritizando esses objectivos para criar um modelo de decisão para auxiliar gestores de risco tendo em conta vários cenários reais, desenvolvendo um conjunto de princípios de gestão de risco que possibilitam o estabelecimento de uma base para a estratégia de ciber risco aplicável e adaptável às organizações e finalmente a avaliação dos benefícios dos investimentos em segurança para mitigação dos ciber riscos seguindo uma abordagem de melhoria contínua. Duas frameworks teóricas são integradas para endereçar o ciclo de vida completo da gestão de ciber risco: o pensamento focado em valor guia o processo de decisão e a gestão de benefícios assegura que os benefícios para o negócio são realizados durante a implementação do projecto, depois de tomada a decisão para investir numa solução de segurança para mitigação do ciber risco.With the multiplication of technological devices and their multiple complex interactions, the cyber risks keep increasing. Supervision entities establish new compliance requirements to force organizations to manage cyber risks. Despite these growing threats and requirements, decisions in cyber risk minimization continue not to be accepted by stakeholders and the business benefits of security investments remain unnoticed to top management. This research analyzes the cyber risk management lifecycle by identifying cyber risk mitigation objectives captured from subject matter experts, prioritizing those objectives in a cyber risk management decision model to help risk managers in the decision process by taking into account multiple real scenarios, developing the baseline of cyber risk management principles to form a cyber risk strategy applicable and adaptable to current organizations and finally evaluating the business benefits of security investments to mitigate cyber risks in a continuous improvement approach. Two theoretical frameworks are combined to address the full cyber risk management lifecycle: value focused thinking guides the decision process and benefits management ensures that business benefits are realized during project implementation, after the decision is taken to invest in a security solution to mitigate cyber risk.info:eu-repo/semantics/publishedVersio

Assessment of fundamental strategic issues in structural change in United Kingdom and South African ports by systemic scenarios

The future complexity of strategic issues in international structural change was demonstrated by UK and SA ports. This arose from the likely extent of structural constraints and the effects of stakeholder power. From a review of emerging Advanced Systems Theory a new Boundary -spanning perspective of strategy was developed, that led to the specification of conceptual circumstances of potential outcomes of change. Since existing systems methodologies could not accommodate future power relationships, a new methodology and data collection technique was developed. The circumstances were developed into multiple scenarios which were judged by international decision-makers. These judgements were subjected to quantitative and qualitative analysis from a Strategic Choice Perspective. The outcome was a Boundary -spanning 'Long-term Strategic Service Industry' model which proposed the outlines of the future strategy and organisational structure that ought to be adopted to meet 'public interest' constraints. A dual subject and methodological contribution was made

An integrated approach to export performance assessments

The importance of export performance measurement has long been acknowledged in the literature and various conceptualisations of export-related behaviours have been linked to performance variables. From a research perspective, such emphasis on performance aims to explain why some firms are more successful than others in the export front and seeks to develop empirically-based guidelines on how exporters could perform better than they do. From a business perspective, sound measurement of export performance is essential for managers to be able to evaluate the impact of their decision making and therefore assess the extent to which their firms' export objectives have been attained. [Continues.