Rethinking De-Perimeterisation: Problem Analysis And Solutions

For businesses, the traditional security approach is the hard-shell model: an organisation secures all its assets using a fixed security border, trusting the inside, and distrusting the outside. However, as technologies and business processes change, this model looses its attractiveness. In a networked world, “inside” and “outside” can no longer be clearly distinguished. The Jericho Forum - an industry consortium part of the Open Group – coined this process deperimeterisation and suggested an approach aimed at securing data rather than complete systems and infrastructures. We do not question the reality of de-perimeterisation; however, we believe that the existing analysis of the exact problem, as well as the usefulness of the proposed solutions have fallen short: first, there is no linear process of blurring boundaries, in which security mechanisms are placed at lower and lower levels, until they only surround data. To the contrary, we experience a cyclic process of connecting and disconnecting of systems. As conditions change, the basic trade-off between accountability and business opportunities is made (and should be made) every time again. Apart from that, data level security has several limitations to start with, and there is a big potential for solving security problems differently: by rearranging the responsibilities between businesses and individuals. The results of this analysis can be useful for security professionals who need to trade off different security mechanisms for their organisations and their information systems

A General Approach for Securely Querying and Updating XML Data

Over the past years several works have proposed access control models for XML data where only read-access rights over non-recursive DTDs are considered. A few amount of works have studied the access rights for updates. In this paper, we present a general model for specifying access control on XML data in the presence of update operations of W3C XQuery Update Facility. Our approach for enforcing such updates specifications is based on the notion of query rewriting where each update operation defined over arbitrary DTD (recursive or not) is rewritten to a safe one in order to be evaluated only over XML data which can be updated by the user. We investigate in the second part of this report the secure of XML updating in the presence of read-access rights specified by a security views. For an XML document, a security view represents for each class of users all and only the parts of the document these users are able to see. We show that an update operation defined over a security view can cause disclosure of sensitive data hidden by this view if it is not thoroughly rewritten with respect to both read and update access rights. Finally, we propose a security view based approach for securely updating XML in order to preserve the confidentiality and integrity of XML data.Comment: No. RR-7870 (2012

Twice the Opportunity: Policy Recommendations to Support Expectant and Parenting Youth in Foster Care and Their Children

In 2011 the Center for the Study of Social Policy (CSSP), with funding from the Annie E. Casey Foundation, commenced an effort to draw attention to the urgent and unmet needs of one of the more vulnerable populations in our society: youth in foster care who are expectant or parenting their children. These young families face significant challenges to becoming healthy, stable and successful for both parents and their children. They also present policymakers and child welfare administrators with an opportunity to design a comprehensive set of policies and programs to reduce the poor and costly outcomes that these families too often experience and to instead positively support these two generations to thrive. As more states extend foster care beyond age 18, child welfare agencies will face an increase in the number of expectant and parenting youth in their system. This guide presents elements of a policy agenda for addressing the health, safety, permanency, educational, housing and financial needs of both the expectant and parenting youth and their children. It is based on CSSP's experience working for the past two years with four jurisdictions (New York City, Washington DC, Knox County, Tennessee and the State of Washington) to support their efforts to improve outcomes for these young families. The policy recommendations in this guide build on the on-the ground experiences of the four sites and are also informed by the advice CSSP received from a group of national experts on expectant and parenting youth in foster care. This publication is an update of a set of draft recommendations that CSSP published in 2011

International Guidelines for Securing Sustainable Small-scale Fisheries

The 'Zero Draft' of the International Guidelines for Securing Sustainable Small-scale Fisheries(SSF Guidelines) has been prepared based on the outcomes of the extensive consultation process that has taken place during the last few years. This preliminary draft text draws in particular on the Discussion Document: Towards Voluntary Guidelines on Securing Sustainable Small-scale Fisheries–prepared as a stock-taking exercise by the FAO SSF Guidelines Secretariat in July 2011 and the contributions to and the outcomes of the FAO Workshop on International Guidelines for Securing Sustainable Small-scale Fisheries held on 7-10 February 2012 in FAO, Rome. It has been prepared to stimulate further consultations among all concerned parties. The outcomes of these additional consultations will provide guidance to the FAO Secretariat when preparing the text of the SSF Guidelines that will be submitted as a draft to the formal inter-governmental negotiation process tentatively scheduled for May 2013

Game of Stones:feasibility randomised controlled trial of how to engage men with obesity in text message and incentive interventions for weight loss

Objectives To examine the acceptability and feasibility of narrative text messages with or without financial incentives to support weight loss for men. Design Individually randomised three-arm feasibility trial with 12 months’ follow-up. Setting Two sites in Scotland with high levels of disadvantage according to Scottish Index for Multiple Deprivation (SIMD). Participants Men with obesity (n=105) recruited through community outreach and general practitioner registers. Interventions Participants randomised to: (A) narrative text messages plus financial incentive for 12 months (short message service (SMS)+I), (B) narrative text messages for 12 months (SMS only), or (C) waiting list control. Outcomes Acceptability and feasibility of recruitment, retention, intervention components and trial procedures assessed by analysing quantitative and qualitative data at 3, 6 and 12 months. Results 105 men were recruited, 60% from more disadvantaged areas (SIMD quintiles 1 or 2). Retention at 12 months was 74%. Fewer SMS+I participants (64%) completed 12-month assessments compared with SMS only (79%) and control (83%). Narrative texts were acceptable to many men, but some reported negative reactions. No evidence emerged that level of disadvantage was related to acceptability of narrative texts. Eleven SMS+I participants (31%) successfully met or partially met weight loss targets. The cost of the incentive per participant was £81.94 (95% CI £34.59 to £129.30). Incentives were acceptable, but improving health was reported as the key motivator for weight loss. All groups lost weight (SMS+I: −2.51 kg (SD=4.94); SMS only: −1.29 kg (SD=5.03); control: −0.86 kg (SD=5.64) at 12 months). Conclusions This three-arm weight management feasibility trial recruited and retained men from across the socioeconomic spectrum, with the majority from areas of disadvantage, was broadly acceptable to most participants and feasible to deliver

IT and the NHS: Investigating different perspectives of IT using soft systems methodology

The UK NHS National Programme for IT has been criticized for a lack of clinical engagement. This paper uses a soft systems methodology (SSM) analysis of a case study from the use of electronic systems within a National Health Service (NHS) Mental Health Trust in the United Kingdom (UK) to explore the legal and ethical implications of the failure to develop clinical systems which are fit for purpose. Soft systems methodology (SSM) was used as a theoretical model both to derive deeper insights into the survey data and suggest how communication between those producing information and those using it, could be improved. Multiple methods were employed which included a postal survey and participant interviews to triangulate the data The use of SSM reinforced the concept that the national IT programme is based on a 'hard' systems view and does not take local factors (which are related to 'soft systems' thinking) into account. The study found administrative staff to be a crucial link between clinicians and information departments and highlighted the need for a joint-up information strategy and integrated systems. The article concludes with a discussion of the legal and ethical implications of the findings and the lessons for the broader UK national programme. It argues that the failure to deliver systems that are fit for purpose is not value neutral but an ethical issue

Healthcare disparities and models for change.

With Healthy People 2010 making the goal of eliminating health disparities a national priority, policymakers, researchers, medical centers, managed care organizations (MCOs), and advocacy organizations have been called on to move beyond the historic documentation of health disparities and proceed with an agenda to translate policy recommendations into practice. Working models that have successfully reduced health disparities in managed care settings were presented at the National Managed Health Care Congress Inaugural Forum on Reducing Racial and Ethnic Disparities in Health Care on March 10-11, 2003, in Washington, DC. These models are being used by federal, state, and municipal governments, as well as private, commercial, and Medicaid MCOs. Successful models and programs at all levels reduce health disparities by forming partnerships based on common goals to provide care, to educate, and to rebuild healthcare systems. Municipal models work in collaboration with state and federal agencies to integrate patient care with technology. Several basic elements of MCOs help to reduce disparities through emphasis on preventive care, community and member health education, case management and disease management tracking, centralized data collection, and use of sophisticated technology to analyze data and coordinate services. At the community level, there are leveraged funds from the Health Resources and Services Administration's Bureau of Primary Health Care. Well-designed models provide seamless monitoring of patient care and outcomes by integrating human and information system resources

Securing All intraVenous devices Effectively in hospitalised patients—the SAVE trial: study protocol for a multicentre randomised controlled trial

Introduction: Over 70% of all hospital admissions have a peripheral intravenous device (PIV) inserted; however, the failure rate of PIVs is unacceptably high, with up to 69% of these devices failing before treatment is complete. Failure can be due to dislodgement, phlebitis, occlusion/infiltration and/or infection. This results in interrupted medical therapy; painful phlebitis and reinsertions; increased hospital length of stay, morbidity and mortality from infections; and wasted medical/nursing time. Appropriate PIV dressing and securement may prevent many cases of PIV failure, but little comparative data exist regarding the efficacy of various PIV dressing and securement methods. This trial will investigate the clinical and cost-effectiveness of 4 methods of PIV dressing and securement in preventing PIV failure. Methods and analysis: A multicentre, parallel group, superiority randomised controlled trial with 4 arms, 3 experimental groups (tissue adhesive, bordered polyurethane dressing, sutureless securement device) and 1 control (standard polyurethane dressing) is planned. There will be a 3-year recruitment of 1708 adult patients, with allocation concealment until randomisation by a centralised web-based service. The primary outcome is PIV failure which includes any of: dislodgement, occlusion/infiltration, phlebitis and infection. Secondary outcomes include: types of PIV failure, PIV dwell time, costs, device colonisation, skin colonisation, patient and staff satisfaction. Relative incidence rates of device failure per 100 devices and per 1000 device days with 95% CIs will summarise the impact of each dressing, and test differences between groups. Kaplan-Meier survival curves (with log-rank Mantel-Cox test) will compare device failure over time. p Values of <0.05 will be considered significant. Secondary end points will be compared between groups using parametric or non-parametric techniques appropriate to level of measurement