121,573 research outputs found
On Properties of Policy-Based Specifications
The advent of large-scale, complex computing systems has dramatically
increased the difficulties of securing accesses to systems' resources. To
ensure confidentiality and integrity, the exploitation of access control
mechanisms has thus become a crucial issue in the design of modern computing
systems. Among the different access control approaches proposed in the last
decades, the policy-based one permits to capture, by resorting to the concept
of attribute, all systems' security-relevant information and to be, at the same
time, sufficiently flexible and expressive to represent the other approaches.
In this paper, we move a step further to understand the effectiveness of
policy-based specifications by studying how they permit to enforce traditional
security properties. To support system designers in developing and maintaining
policy-based specifications, we formalise also some relevant properties
regarding the structure of policies. By means of a case study from the banking
domain, we present real instances of such properties and outline an approach
towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338
Are Existing Security Models Suitable for Teleworking?
The availability of high performance broadband services from the home will allow a growing number of organisations to offer teleworking as an employee work practice. Teleworking delivers cost savings, improved productivity and provides a recruitment policy to attract and retain personnel. Information security is one of the management considerations necessary before an effective organisational teleworking policy can be implemented. The teleworking computing environment presents a different set of security threats to those present in an office environment. Teleworking requires a security model to provide security policy enforcement to counter the set of security threats present in the teleworking computing environment. This paper considers four existing security models and assesses each modelâs suitability to define security policy enforcement for telework. The approach taken is to identify the information security threats that exist in a teleworking environment and to categorise the threats based upon their impact upon confidentiality of data, system and data integrity, and availability of service in the teleworking environment. It is found that risks exist to the confidentiality, integrity and availability of information in a teleworking environment and therefore a security model is required that provides appropriate policy enforcement. A set of security policy enforcement mechanisms to counter the identified information security threats is proposed. Using an abstraction of the identified threats and the security policy enforcement mechanisms, a set of attributes for a security model for teleworking is proposed. Each of the four existing security models is assessed against this set of attributes to determine its suitability to specify policy enforcement for telework. Although the four existing models were selected based upon their perceived suitability it is found that none provide the required policy enforcement for telework
Ethics in Alternative Dispute Resolution: New Issues, No Answers from the Adversary Conception of Lawyersâ Responsibilities
The romantic days of ADR appear to be over. To the extent that proponents of ADR, like myself, were attracted to it because of its promise of flexibility, adaptability, and creativity, we now see the need for ethics, standards of practice and rules as potentially limiting and containing the promise of alternatives to rigid adversarial modes of dispute resolution. It is almost as if we thought that anyone who would engage in ADR must of necessity be a moral, good, creative, and, of course, ethical person. That we are here today is deeply ironic and yet, also necessary, as appropriate dispute resolution struggles to define itself and insure its legitimacy against a variety of theoretical and practical challenges
Auditor Independence-Its Importance to the External Auditor's Role in Banking Regulation and Supervision
The role of the external auditor in the supervisory process requires standards such as
independence,objectivity and integrity to be achieved. Even though the regulator and external auditor
perform similar functions, namely the verification of financial statements, they serve particular
interests. The regulator works towards safeguarding financial stability and investor interests. On the
other hand, the external auditor serves the private interests of the shareholders of a company. The
financial audit remains an important aspect of corporate governance that makes management
accountable to shareholders for its stewardship of a company2. The external auditor may however,
have a commercial interest too. The debate surrounding the role of external auditors focusses in
particular on auditor independence. A survey by the magazine âFinancial Directorâ shows that the
fees derived from audit clients in terms of non-audit services are significant in comparison with fees
generated through auditing.3 Accounting firms sometimes engage in a practice called âlow ballingâ
whereby they set audit fees at less than the market rate and make up for the deficit by providing
non audit services. As a result, some audit firms have commercial interests to protect too. There is
concern that the auditor's interests to protect shareholders of a company and his commercial interests do
not conflict with each other. Sufficient measures need to be in place to ensure that the external
auditor's independence is not affected. Brussels proposed a new directive for auditors to try to prevent
further scandals such as those of Enron and Parmalat.4 The new directive states that all firms listed on the
stock market must have independent audit committees which will recommend an auditor for shareholder
approval.5 It also states that auditors or audit partners must be rotated but does not mention the separation
of auditors from consultancy work despite protests that there is a link to compromising the independence of
auditors.6 However this may be because Brussels also shares the view that there is no evidence confirming
correlation between levels of non-audit fees and audit failures and that as a result, sufficient safeguards are
in place.7
This paper aims to consider the importance of auditor independence in the external auditor's role in banking
regulation and supervision. In doing so, it also considers factors which may threaten independence and
efforts which have been introduced to act as safeguards to the auditor's independence. It will also support the
claim that auditor independence is indeed central to the auditor's role in banking regulation and supervision
- âŠ