The Design and Implementation of an Automated Security Compliance Toolkit: A Pedagogical Exercise

The demand, through government regulations, for the preservation of the security, integrity, and privacy of corporate and customer information is increasing at an unprecedented pace. Government and private entities struggle to comply with these regulations through various means—both automated and manual controls. This paper presents an automated security compliance toolkit that is designed and developed using mostly open source tools to demonstrate that 1) meeting regulatory compliance does not need to be a very expensive proposition and 2) an undertaking of this magnitude could be served as a pedagogical exercise for students in the areas of collaboration, project management, software engineering, information assurance, and regulatory compliance

Developing a Conceptual Framework for Cloud Security Assurance

Postprin

Private Accreditation as a Substitute for Direct Government Regulation in Public Health Insurance Programs: When Is It Appropriate?

The appropriateness of the use of private accreditation in regulating and defining the quality of health care providers under government health insurance programs is examined. The characteristics of health care institutions and the patients they serve are important considerations

The case for cloud service trustmarks and assurance-as-a-service

Cloud computing represents a significant economic opportunity for Europe. However, this growth is threatened by adoption barriers largely related to trust. This position paper examines trust and confidence issues in cloud computing and advances a case for addressing them through the implementation of a novel trustmark scheme for cloud service providers. The proposed trustmark would be both active and dynamic featuring multi-modal information about the performance of the underlying cloud service. The trustmarks would be informed by live performance data from the cloud service provider, or ideally an independent third-party accountability and assurance service that would communicate up-to-date information relating to service performance and dependability. By combining assurance measures with a remediation scheme, cloud service providers could both signal dependability to customers and the wider marketplace and provide customers, auditors and regulators with a mechanism for determining accountability in the event of failure or non-compliance. As a result, the trustmarks would convey to consumers of cloud services and other stakeholders that strong assurance and accountability measures are in place for the service in question and thereby address trust and confidence issues in cloud computing

A framework for development of android mobile electronic prescription transfer applications in compliance with security requirements mandated by the Australian healthcare industry

This thesis investigates mobile electronic transfer of prescription (ETP) in compliance with the security requirements mandated by the Australian healthcare industry and proposes a framework for the development of an Android mobile electronic prescription transfer application. Furthermore, and based upon the findings and knowledge from constructing this framework, another framework is also derived for assessing Android mobile ETP applications for their security compliance. The centralised exchange model-based ETP solution currently used in the Australian healthcare industry is an expensive solution for on-going use. With challenges such as an aging population and the rising burden of chronic disease, the cost of the current ETP solution’s operational infrastructure is certain to rise in the future. In an environment where it is increasingly beneficial for patients to engage in and manage their own information and subsequent care, this current solution fails to offer the patient direct access to their electronic prescription information. The current system also fails to incorporate certain features that would dramatically improve the quality of the patient’s care and safety, i.e. alerts for the patient’s drug allergies, harmful dosage and script expiration. Over a decade old, the current ETP solution was essentially designed and built to meet legislation and regulatory requirements, with change-averting its highest priority. With little, if any, provision for future growth and innovation, it was not designed to cater to the needs of the ETP process. This research identifies the gap within the current ETP implementation (i.e. dependency on infrastructure, significant on-going cost and limited availability of the patient’s medication history) and proposes a framework for building a secure mobile ETP solution on the Android mobile operating system platform which will address the identified gap. The literature review part of this thesis examined the significance of ETP for the nation’s larger initiative to provide an improved and better maintainable healthcare system. The literature review also revealed the stance of each jurisdiction, from legislative and regulatory perspectives, in transitioning to the use of a fully electronic ETP solution. It identified the regulatory mandates of each jurisdiction for ETP as well as the security standards by which the current ETP implementation is iii governed so as to conform to those regulatory mandates. The literature review part of the thesis essentially identified and established how the Australian healthcare industry’s various prescription-related legislations and regulations are constructed, and the complexity of this construction for eTP. The jurisdictional regulatory mandates identified in the literature review translate into a set of security requirements. These requirements establish the basis of the guiding framework for the development of a security-compliant Android mobile ETP application. A number of experimentations were conducted focusing on the native security features of the Android operating system, as well as wireless communication technologies such as NFC and Bluetooth, in order to propose an alternative mobile ETP solution with security assurance comparable to the current ETP implementation. The employment of a proof-of-concept prototype such as this alongside / coupled with a series of iterative experimentations strengthens the validity and practicality of the proposed framework. The first experiment successfully proved that the Android operating system has sufficient encryption capabilities, in compliance with the security mandates, to secure the electronic prescription information from the data at rest perspective. The second experiment indicated that the use of NFC technology to implement the alternative transfer mechanism for exchanging electronic prescription information between ETP participating devices is not practical. The next iteration of the experimentation using Bluetooth technology proved that it can be utilised as an alternative electronic prescription transfer mechanism to the current approach using the Internet. These experiment outcomes concluded the partial but sufficient proofof- concept prototype for this research. Extensive document analysis and iterative experimentations showed that the framework constructed by this research can guide the development of an alternative mobile ETP solution with both comparable security assurance to and better access to the patient’s medication history than the current solution. This alternative solution would present no operational dependence upon infrastructure and its associated, ongoing cost to the nation’s healthcare expenditure. In addition, use of this mobile ETP alternative has the potential to change the public’s perception (i.e. acceptance from regulatory and security perspectives) of mobile healthcare solutions, thereby paving the way for further innovation and future enhancements in eHealth

Feeding Britain: Food Security after Brexit

This Food Brexit Briefing brings together three interlinked issues that demand policy attention as the clock ticks towards Brexit: 1. The question of whether the Government is paying enough attention to agri-food in the negotiating process, given its central role in both public wellbeing and the national economy. 2. The threat a careless Brexit poses to the UK’s short-term food security – and any long-term attempt to develop a genuinely sustainable food strategy for the whole of the UK. 3. The risk generated to the UK’s status as a potential trading partner of the EU by the Food Standards Agency’s decision to press ahead with major reform of UK food safety regulation, at a time when regulatory stability and clarity have never been more important. The report was written by FRC’s Professor Tim Lang, with Professor Erik Millstone (Sussex), Tony Lewis (Head of Policy at Chartered Institute for Environmental Health) and Professor Terry Marsden (Cardiff). It takes stock of ‘food Brexit’ and argues that a hard Brexit or no-deal Brexit (and retreat to WTO rules) would imperil the sustainability and security of Britain’s food supply. The report recommends that the Government should: - Maintain a clear and explicit focus on the potential adverse effects of Brexit on food security in the UK, while negotiating the UK’s future trading relationships with the EU and other jurisdictions. - Publish Brexit impact studies on the UK’s agricultural and food system for the White Paper and Chequers Statement and any subsequent proposals. - Ensure that high food standards remain at the heart of any future trade deals. - Provide clarity on its proposed migration policy, taking account of the contributions that non-UK citizens of the EU are making to the quantity and quality of the UK’s food supply and services. - Avoid a hard Food Brexit at all costs.The UK must not retreat to a WTO-rules-based regime. The EU would then categorise the UK as a ‘3rd Country’, which could be a recipe for chaos. - Create a new Sustainable Food Security Strategy. This would engage with the complexities of the food system and the multiple criteria by which it should be evaluated; and identify clear priorities and pathways for progress. The report also calls on the Food Standards Agency to: - Address the calls for clarification and evidence posed in the paper in respect of its Regulating Our Future (ROF) Where such clarification or evidence is not available, then the Agency should modify or suspend the introduction of its proposals, at least until after Brexit

Identity Trust Framework for iGaming

The online gambling community, or the iGaming industry in the United States has individual solutions and a mix of classic processes to manage universal customer identity but it lacks a standard identity management framework in which to enroll new iGaming users, monitor those users and ensure secure transactions, which leaves it open to identity theft and financial fraud. The iGaming industry offers online poker, sports betting and casino table games. iGaming providers (provider/providers) include companies such as PartyPoker.com, Pokerstars.com, Bovada.com, BetOnline.com among others. An iGaming player (player/players) is anyone who plays to gamble on games through the Internet. This report focuses on the requirements and specification for an Identity Trust Framework to enhance security and privacy in the United States iGaming industry and players.Informatio

Optimized trusted information sharing

As the digital world expands the building of trust and the retention of privacy in information sharing becomes paramount. A major impediment to information sharing is a lack of trust between the parties, based on security and privacy concerns, as well as information asymmetry. Several technological solutions have been proposed to solve this problem, including our\u27s: a trusted enclave with a Continuous Compliance Assurance (CCA) mechanism. Of the work surrounding these proposed solutions, no attention has been directed toward studying the issues of performance surrounding processing of this nature. Studies have shown that ignoring the performance of a system can lead to ineffectiveness (i.e. disabling certain features), and can be severely detrimental to system adoption.;To ensure that our trusted enclave and CCA mechanism are viable solutions to the trusted information sharing problem, we have built a prototype CCA mechanism and a test bed. The test bed has allowed us to identify problem areas within our prototype. One such area is compliance verification, which utilizes the XPath language in order to test XML encoded information for compliance to regulatory and corporate policies. The compliance verification problem can be described as the answering of multiple queries over a single XML document. We proposed and tested multiple state-of-the-art algorithmic as well as system-based improvements to XPath evaluation, in order to better the overall performance of this aspect of our system. We integrated each of the improvements into our prototype mechanism and have observed the results. Our experiments have taught us much about the problem of compliance verification, and has led us in new directions as we continue to search for a solution