Transparent safe settlement protocol and I-ticket booth user verification mechanism for electronic commerce

Sai, Ying

09 May 2011

Not available / text

Electronic commerce--Security measures

Securing the 'Internet of Things' : decentralised security for wireless networks of embedded systems

King-Lacroix, Justin

January 2016

The phrase 'Internet of Things' refers to the pervasive instrumentation of physical objects with sensors and actuators, and the connection of those sensors and actuators to the Internet. These sensors and actuators are generally based on similar hardware as, and have similar capabilities to, wireless sensor network nodes. However, they operate in a completely different network environment: wireless sensor network nodes all generally belong to a single entity, whereas Internet of Things endpoints can belong to different, even competing, ones. This difference has profound implications for the design of security mechanisms in these environments. Wireless sensor network security is generally focused on defence against attack by external parties. On the Internet of Things, such an insider/outsider distinction is impossible; every entity is both an endpoint for legitimate communications, and a possible source of attack. We argue that that under such conditions, the centralised models that underpin current networking standards and protocols for embedded systems are simply not appropriate, because they require such an insider/outsider distinction. This thesis serves as an exposition in the design of decentralised security mechanisms, applied both to applications, which must perform access control, and networks, which must guarantee communications security. It contains three main contributions. The first is a threat model for Internet of Things networks. The second is BottleCap, a capability-based access control module, and an exemplar of decentralised security architecture at the application layer. The third is StarfishNet, a network-layer protocol for Internet of Things wireless networks, and a similar exemplar of decentralised security architecture at the network layer. Both are evaluated with microbenchmarks on prototype implementations; StarfishNet's association protocol is additionally validated using formal verification in the protocol verification tool Tamarin.

An evaluation of security issues in cloud-based file sharing technologies

Fana, Akhona

January 2015

Cloud computing is one of the most promising technologies for backup and data storage that provides flexible access to data. Cloud computing plays a vital role in remote backup. It is so unfortunate that this computing technique has flaws that thrilled and edgy end users in implementing it effectively. These flaws include factors like lack of integrity, confidentiality and privacy to information. A secure cloud is impossible unless the computer-generated environment is appropriately secured. In any form of technology it is always advisable that security challenges must be prior identified and fixed before the implementation of that particular technology. Primarily, this study will focus on finding security issues in cloud computing with the objective of finding concerns like credential theft and session management in the ―Cloud‖. Main arguments like HTTP banner disclosure, Bash ―ShellShock‖ Injection and password issues were discovered during the stages of study implementation. These challenges may provide information that will permit hackers in manipulating and exploiting cloud environment. Identifying credential theft and session management in cloud-based file sharing technologies a mixed method approach was implemented throughout the course of the study due to the nature of study and unity of analysis. Penetration tests were performed as security testing technique. Prevention and guideline of security threats leads to a friendly and authentic world of technology.

Cloud computing -- Security measures

Computer networks -- Security measures

Computer security

Information security of a bluetooth-enabled handheld device

Tvrz, Frankie

16 November 2009

M.Tech. / Mobile handheld devices are moving from being peripheral devices and are now fulfilling functionality provided by laptops and desktops. The capability and functionality of handheld devices have improved. This makes the devices more prominent within public and private environments, allowing information to be processed inside and outside of the organisation’s network. Of all mobile handheld devices, the personal digital assistant (PDA) is seen to be more robust and powerful, increasing its use and popularity among users. PDAs offer wireless connectivity like Bluetooth and operate with multiple operating systems, also allowing them to be considered as a private or organisational enterprise tool. Bluetooth connectivity allows workers to access information anywhere, including both personal and corporate information. Software and applications have been specifically developed for handheld devices such as PDAs, giving users a high level of usability and functionality. The purpose of this dissertation is to present an information security evaluation of a Bluetooth-enabled handheld device, such as a PDA. The use of Bluetooth wireless technology and functionality provides added benefits, but also brings new information security threats to an organisation’s information assets. The research attempts to understand the implications of using a Bluetooth-enabled handheld device in both public and private environments. Five high-level layers are defined for this discussion. Information security risks are evaluated based on current research into vulnerabilities, attacks and tools that exist to compromise a Bluetooth-enabled handheld device. A Bluetooth penetration testing methodology is suggested for the identified vulnerabilities, attacks and tools, where a practical assessment is performed for a critical analysis of the information security mechanisms implemented by the Bluetooth-enabled handheld device (PDA). Possible recommendations to mitigate identified information security risks are also made. This study motivates the necessity of understanding the risks presented by a mobile workforce using Bluetooth connectivity in mobile handheld devices which can be used in both private and public environments.

Risk management initiatives for post 9/11 maritime security

Metaparti, Satya Prakash.

January 2009

published_or_final_version / Asian Studies / Doctoral / Doctor of Philosophy

Shipping - Security measures.

Terrorism - Prevention.

Transmit design optimization for wireless physical layer security. / CUHK electronic theses & dissertations collection

January 2012

在信息傳輸過程中如何保證信息的安全性是通信中的重要問題之一。目前常用的保密傳輸方式是基於密鑰的加密技術，但是隨著現代無線通信網絡的發展和計算資源的不斷豐富，基於密鑰的技術在無線網絡中的應用正面臨着巨大挑戰。這些挑戰一方面來自於無線介質的開放性使得竊聽更為容易，另一方面由於動態無線網絡和自組織無線網絡的發展使得密鑰的發布和管理更為困難。因此，為解決密鑰技術所面臨的挑戰，基於物理層的保密傳輸技術研究在近些年受到了很大關注。該技術最早在七十年代由Wyner 提出，其核心思想是利用無線信道的隨機性和目標用戶與竊聽者間無線信道容量的差異，通過對發射信號進行編碼設計使得目標用戶能正確解碼信息但竊聽者卻不能。該技術的關鍵問題之一是如何對發射信號進行設計從而提高保密信息的傳輸速率（或保密容量）。本論文的主要工作即是以此出發，旨在研究不同通信場景下最優化發射信號的設計，具體而言，本論文主要研究了以下場景下的最優發射信號設計： / 本論文的第一部分考慮一個多天線的發射機傳輸保密信息給一個單天線的目標用戶，同時有多個多天線的偷聽者在偷聽的場景。我們的目標是設計最優化發射信號使得保密信息傳輸速率最大化。該優化問題的難點在於保密信息速率函數是發射信號的一個非凸函數，因而很難求解到全局最優解。我們通過運用凸鬆弛技術證明這個非凸優化問題的全局最優解可以由它的凸鬆弛問題得到，並且我們證明了最優化的發射信號方案是採用波束聚焦。以上結論在發射機完全知道和部分知道接收機的信道信息時均成立。 / 本論文的第二部分是在第一部分的基礎上考慮在發射信號中加入人為噪聲以輔助保密信息的傳輸。具體而言，發射機可以分配部分功率來發射人為噪聲以達到干擾竊聽者的接收的目的。儘管在現有很多研究中已經證明了這種人為噪聲輔助的發射方式可有效提高保密信息傳輸速率，但是如何對保密信號和人為噪聲進行聯合優化設計使得保密傳輸速率最大化的問題一直未能有效解決。在本論文中，我們給出了一種保密信號和人為噪聲聯合最優化的求解方案。該方案是基於優化理論中的半正定規劃算法來獲得全局最優解，並且該算法在發射機完全知道和部分知道接收機信道信息時均適用。 / 本論文的第三部分主要考慮的是發射機、目標用戶和偷聽者均是多天線情況下，最大化保密信息容量的發射信號設計問題。該優化問題可以看作是之前單天線目標用戶的一個推廣，但較之前的最優信號設計問題更加具有挑戰性。在目前已知的工作中，該優化問題還沒有一個有效的多項式時間算法能求解到全局最優解。這裡，我們提出了一種基於交替優化算法的發射信號設計方案來獲得（局部）最優發射信號設計。我們證明該交替優化算法可以通過迭代注水算法來實現，因而具有很低的複雜度，並且該算法可以保證收斂到原最優化問題的穩定點，因而可以在多數情況下獲得（局部）最優解。同時在該部分，我們也研究了在發射機部分知道信道信息狀態時魯棒性發射信號的設計問題，並給出了基於交替優化算法的魯棒發射信號設計。 / 除以上提到的主要結果，本論文還考慮了多播保密信息速率最優化發射信號設計，和具有中斷概率約束的保密信息速率最優化發射信號的設計。 / Security is one of the most important issues in communications. Conventional techniques for achieving confidentiality in communication networks are based on cryptographic encryption. However, for wireless networks, this technique is faced with more challenges due to the open nature of the wireless medium as well as the dynamic topology of mobile networks. In the 1970's, Wyner proposed a physical layer-based approach to achieve perfectly secure communication without using encryption. One of the key problems of Wyner's approach is how to optimally design the transmit signal such that a high secrecy rate (i.e., the data rate at which the confidential information can be securely transmitted) can be achieved. In our work, we aim to solve this transmit signal optimization problem under various scenarios using convex optimization techniques. Specifically, the thesis consists of the following three main parts: / In the first part, we consider a multi-input single-output (MISO) scenario, where a multi-antenna transmitter sends confidential information to a singleantenna legitimate receiver, in the presence of multiple multi-antenna eavesdroppers. Our goal is to maximize an achievable secrecy rate by appropriately designing the transmit signal. The challenge of this secrecy rate maximization (SRM) problem is that it is a nonconvex optimization problem by nature. We show, by convex relaxation, that this seemingly nonconvex SRM problem admits a convex equivalent under both perfect and imperfect channel state information (CSI) cases. Our result also indicates that transmit beamforming is an optimal transmit strategy, irrespective of the number of eavesdroppers and the number of antennas employed by each eavesdropper. This provides a useful design guideline for practical implementations. / In the second part, we consider a scenario where the transmitter is able to simultaneously generate artificial noise (AN) to interfere the eavesdroppers during the transmission of the confidential message. While the efficacy of AN in improving the system security has been demonstrated in many existing works, how to jointly optimize the AN and the transmit signal is still an unsolved problem. In this part, we solve this AN-aided SRM problem under the same scenario as the first part, and give an efficient, semidefinite program (SDP)- based line search approach to obtain an optimal transmit signal and AN design under both perfect and imperfect-CSI situations. / In the last part, we consider a secrecy capacity maximization (SCM) problem for a multi-input multi-output (MIMO) scenario, where the legitimate receiver and the eavesdropper are both equipped with multiple antennas. This MIMOSCM problem is a generalization of the previous MISO-SRM problems. So far there is no known efficient algorithm to solve this problem in a global optimal manner. Herein, we propose an alternating optimization algorithm to tackle the SCM problem. The proposed algorithm has a nice iterative water-filling interpretation and is guaranteed to converge to a stationary solution of the MIMO-SCM problem. Extensions to robust SCM are also investigated in this part. / Besides the above three main results, this thesis also developed some approximate solutions to the multicast SRM of multiple MISO legitimate channels overheard by multiple MIMO eavesdroppers, and to the outage-constrained SRM of an MISO legitimate channel overheard by multiple MISO eavesdroppers. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Li, Qiang. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references. / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Contributions of This Thesis --- p.3 / Chapter 1.2 --- Organization of This Thesis --- p.5 / Chapter 2 --- Fundamentals of Physical-Layer Secrecy --- p.6 / Chapter 2.1 --- Elements of Information Theoretic Security --- p.6 / Chapter 2.2 --- Transmit Design for Physical-layer Secrecy: State-of-the-Art --- p.14 / Chapter 2.2.1 --- MISO Secrecy Capacity Maximization --- p.14 / Chapter 2.2.2 --- MIMO Secrecy Capacity Maximization --- p.17 / Chapter 2.2.3 --- AN-aided Secrecy Rate Maximization --- p.21 / Chapter 2.2.4 --- Secrecy Rate Maximization with Additional Covariance Constraints --- p.24 / Chapter 2.2.5 --- Robust Transmit Design for Physical-Layer Secrecy under Imperfect CSI --- p.28 / Chapter 2.3 --- Summary --- p.36 / Chapter 2.4 --- Appendix: GSVD --- p.37 / Chapter 3 --- MISOMEs Secrecy Rate Maximization --- p.38 / Chapter 3.1 --- System Model and Problem Statement --- p.39 / Chapter 3.1.1 --- System Model --- p.39 / Chapter 3.1.2 --- Problem Statement --- p.40 / Chapter 3.2 --- An SDP Approach to SRM Problem (3.4) --- p.43 / Chapter 3.2.1 --- The Secrecy-Rate Constrained Problem --- p.44 / Chapter 3.2.2 --- The Secrecy-Rate Maximization Problem --- p.46 / Chapter 3.3 --- Secrecy-Rate Optimization with Imperfect CSI --- p.49 / Chapter 3.3.1 --- Robust Secrecy-Rate Problem Formulations --- p.49 / Chapter 3.3.2 --- The Robust Secrecy-Rate Constrained Problem --- p.50 / Chapter 3.3.3 --- The Robust Secrecy-Rate Maximization Problem --- p.53 / Chapter 3.4 --- Simulation Results --- p.55 / Chapter 3.4.1 --- The Perfect CSI Case --- p.56 / Chapter 3.4.2 --- The Imperfect CSI Case --- p.58 / Chapter 3.5 --- Summary --- p.59 / Chapter 3.6 --- Appendix --- p.61 / Chapter 3.6.1 --- Proof of Proposition 3.1 --- p.61 / Chapter 3.6.2 --- Verifying Slater's Constraint Qualification for Problem (3.10) --- p.63 / Chapter 3.6.3 --- Proof of Theorem 3.1 --- p.63 / Chapter 3.6.4 --- Relationship between Super-Eve Design and the Optimal SDP Design --- p.65 / Chapter 3.6.5 --- Proof of Proposition 3.4 --- p.67 / Chapter 3.6.6 --- Proof of Proposition 3.5 --- p.70 / Chapter 3.6.7 --- Worst-case Secrecy Rate Calculation --- p.71 / Chapter 4 --- Multicast Secrecy Rate Maximization --- p.73 / Chapter 4.1 --- System Model and Problem Statement --- p.74 / Chapter 4.2 --- An SDP Approximation to Problem (4.2) --- p.75 / Chapter 4.3 --- Simulation Results --- p.78 / Chapter 4.4 --- Summary --- p.79 / Chapter 4.5 --- Appendix --- p.81 / Chapter 4.5.1 --- Proof of Proposition 4.1 --- p.81 / Chapter 4.5.2 --- Proof of Theorem 4.1 --- p.82 / Chapter 5 --- AN-aided MISOMEs Secrecy Rate Maximization --- p.85 / Chapter 5.1 --- System Model and Problem Statement --- p.86 / Chapter 5.1.1 --- System Model --- p.86 / Chapter 5.1.2 --- Problem Statement --- p.87 / Chapter 5.2 --- An SDP-based Approach to the SRM Problem --- p.89 / Chapter 5.2.1 --- A Tight Relaxation of the SRM Problem (5.4) --- p.90 / Chapter 5.2.2 --- An SDP-based Line Search Method for the Relaxed SRM Problem (5.9) --- p.92 / Chapter 5.3 --- Robust Transmit Design for Worst-Case SRM --- p.94 / Chapter 5.3.1 --- Worst-Case Robust SRM Problem Formulation --- p.95 / Chapter 5.3.2 --- A Tight Relaxation of the WCR-SRM Problem (5.17) --- p.96 / Chapter 5.3.3 --- An SDP-based Line Search Method for the RelaxedWCRSRM Problem (5.23) --- p.98 / Chapter 5.4 --- Robust Transmit Design for Outage SRM --- p.100 / Chapter 5.4.1 --- A Sphere-bounding Safe Approximation to OCR-SRM Problem (5.29) --- p.101 / Chapter 5.5 --- Simulation Results --- p.103 / Chapter 5.5.1 --- The Perfect-CSI Case --- p.104 / Chapter 5.5.2 --- The Imperfect-CSI: Bounded Spherical Uncertainty --- p.105 / Chapter 5.5.3 --- The Imperfect-CSI: Gaussian Random Uncertainty --- p.108 / Chapter 5.6 --- Summary --- p.111 / Chapter 5.7 --- Appendix --- p.112 / Chapter 5.7.1 --- Proof of Proposition 5.1 --- p.112 / Chapter 5.7.2 --- Proof of Theorem 5.1 --- p.114 / Chapter 5.7.3 --- Proof of Theorem 5.2 --- p.117 / Chapter 6 --- Outage Secrecy Rate Maximization for MISOSEs --- p.120 / Chapter 6.1 --- System Model and Problem Statement --- p.121 / Chapter 6.2 --- A Bernstein-type Inequality-Based Safe Approximation to Problem (6.2) --- p.122 / Chapter 6.3 --- Simulation Results --- p.127 / Chapter 6.4 --- Summary --- p.128 / Chapter 6.5 --- Appendix --- p.129 / Chapter 6.5.1 --- Proof of Lemma 6.1 --- p.129 / Chapter 6.5.2 --- Proof of Proposition 6.1 --- p.130 / Chapter 7 --- MIMOME Secrecy Rate Maximization --- p.134 / Chapter 7.1 --- An Alternating Optimization Approach to the MIMO-SCM Problem (7.1) --- p.135 / Chapter 7.2 --- An Alternating Optimization Approach to theWorst-case MIMOSCM Problem --- p.140 / Chapter 7.3 --- An Alternating Optimization Approach to the Outageconstrained SCM --- p.142 / Chapter 7.4 --- Simulation Results --- p.145 / Chapter 7.4.1 --- The Perfect CSI Case --- p.146 / Chapter 7.4.2 --- The Imperfect CSI case --- p.149 / Chapter 7.5 --- Summary --- p.150 / Chapter 7.6 --- Appendix --- p.153 / Chapter 7.6.1 --- Proof of Proposition 7.1 --- p.153 / Chapter 7.6.2 --- Proof of the monotonicity of Tr(W? ) w.r.t. --- p.154 / Chapter 7.6.3 --- Proof of Proposition 7.2 --- p.155 / Chapter 8 --- Conclusion --- p.157 / Chapter 8.1 --- Summary --- p.157 / Chapter 8.2 --- Future Directions --- p.158 / Bibliography --- p.161

Trust- and clustering-based authentication service in MANET.

January 2004

Ngai Cheuk Han. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2004. / Includes bibliographical references (leaves 110-117). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Background Study --- p.5 / Chapter 2.1 --- Mobile Ad Hoc Networks --- p.5 / Chapter 2.1.1 --- Definition --- p.5 / Chapter 2.1.2 --- Characteristics --- p.5 / Chapter 2.1.3 --- Applications --- p.6 / Chapter 2.1.4 --- Standards --- p.7 / Chapter 2.1.5 --- Routing Protocols --- p.8 / Chapter 2.2 --- Security in Mobile Ad Hoc Networks --- p.11 / Chapter 2.2.1 --- Vulnerabilities --- p.11 / Chapter 2.2.2 --- Motivation for the Attacks --- p.12 / Chapter 2.2.3 --- Types of Attacks --- p.13 / Chapter 2.3 --- Cryptography --- p.13 / Chapter 2.3.1 --- Cryptographic goals --- p.13 / Chapter 2.3.2 --- Symmetric-key encryption --- p.14 / Chapter 2.3.3 --- Asymmetric-key encryption --- p.14 / Chapter 2.3.4 --- Digital Signatures --- p.15 / Chapter 2.3.5 --- Digital Certificates --- p.15 / Chapter 2.3.6 --- Certificate Authority --- p.16 / Chapter 2.4 --- Literature Review --- p.17 / Chapter 3 --- Related Work --- p.23 / Chapter 4 --- Architecture and Models --- p.26 / Chapter 4.1 --- Architecture of the Authentication Service --- p.26 / Chapter 4.2 --- The Network Model --- p.28 / Chapter 4.2.1 --- Clustering-Based Structure --- p.31 / Chapter 4.2.2 --- Clusterhead Selection Criteria and Role --- p.33 / Chapter 4.3 --- The Trust Model --- p.37 / Chapter 4.3.1 --- Direct TVust --- p.40 / Chapter 4.3.2 --- Recommendation Trust --- p.41 / Chapter 4.3.3 --- Deriving Direct Trust --- p.41 / Chapter 5 --- Trust- and Clustering-Based Authentication Service --- p.43 / Chapter 5.1 --- Clustering Structure Formation and Maintenance --- p.43 / Chapter 5.1.1 --- Clustering Structure Formation --- p.43 / Chapter 5.1.2 --- Network Maintenance --- p.45 / Chapter 5.2 --- Security Operations --- p.50 / Chapter 5.2.1 --- Public Key Certification --- p.51 / Chapter 5.2.2 --- Identification of Malicious Nodes --- p.55 / Chapter 5.2.3 --- Trust Value Update --- p.58 / Chapter 5.3 --- Special Scenarios --- p.60 / Chapter 5.3.1 --- Join the network --- p.60 / Chapter 5.3.2 --- Move to another cluster --- p.61 / Chapter 5.3.3 --- Not Enough Introducer --- p.62 / Chapter 6 --- Simulations and Results --- p.65 / Chapter 6.1 --- Authentication Service Based on Trust and Network Mod- els --- p.65 / Chapter 6.1.1 --- Experiments Set-Up --- p.65 / Chapter 6.1.2 --- Simulation Results --- p.67 / Chapter 6.2 --- Clusters Formation and Maintenance --- p.85 / Chapter 6.2.1 --- Experiments Set-Up --- p.85 / Chapter 6.2.2 --- Simulation Results --- p.86 / Chapter 6.3 --- Authentication Service Based on Trust and Network Mod- els with Clusters Formation and Maintenance --- p.91 / Chapter 6.3.1 --- Experiments Set-Up --- p.91 / Chapter 6.3.2 --- Simulation Results --- p.94 / Chapter 7 --- Conclusion --- p.108 / Bibliography --- p.117

Wireless LANs--Security measures

Authentication

Application the principles of corporate governance to enhance efficiency of airport security services

Chau, Foo-cheong, Sidney., 周富祥.

January 2012

Today, aviation security is at the forefront of public consciousness particularly when they think of their own personal safety. The dramatic and catastrophic attacks of 911, utilizing civil aviation resources has made the world view aviation security with a critical eye. It could be argued that the response by States and individual airports and airlines has been positive and rapid, however the effectiveness has been marginal. Many factors have been proffered as the reason, from ineffective conservative governments, out-dated equipment, old infrastructure to a traditional mind-set that does not always accept change. Due to the limited scope of this research paper, the author has chosen to concentrate on Corporate Governance and three associated principles, “ethics”, “accountability” and “oversight” to assess the effectiveness of aviation security. This theme was chosen because, in the 1990s the Hong Kong Government considered Corporate Governance was a key ingredients needed for a positive paradigm shift in the way aviation security was implemented at the Hong Kong International Airport (HKIA). Government and the public felt, that the management of the old “Kai Tak” airport in Kowloon prior to 1998 did not adequately consider Corporate Governance as a key ingredient to successful security resulting in long-standing misgivings about the airport’s ability to meet security requirements. Fortuitously for this research paper, HKIA was relocated from Kowloon to Lantau Island in 1998 and a new Government owned company Aviation Security Company Limited (AVSECO) was set up at that time to provide the security. The Government and the Board of Directors of AVSECO were able to learn from the weaknesses of the old airport and from the outset understood the need for a change in the way the security was provided at the airport. So spurred on by the imminent airport relocation and the establishment of a AVSECO at the new airport, the Government considered it was an ideal time to change the security philosophy and make the new company accountable through good corporate governance. With this background, the aim of this research paper is to review the standards and recommended practices set by the International Civil Aviation Organization (ICAO), which is a Specialized agency of the UN having the aim of safeguarding civil aviation against actual and threats of ‘unlawful interference to civil aviation’. To do this, there is a literature review and observations from within the aviation industry. This review found that the security measures implemented to enforce the standards and therefore counter the real and emerging threats has been poor throughout the world. The question the industry therefore needs to ask is “If all the experts of the world have joined together (through ICAO) to set the standards to mitigate the risk, why does the public still feel the measures are unrealistic or ineffective in most airports?” Also, “Why, when we know in theory what to do, is it that many airports still fail to stop the threats? “In order to solve this puzzle, the paper critically looks at the international standards and their global implementation. Then, utilizing HKIA as a case study, the paper discusses if good corporate governance is a key to the successful implementation of effective aviation security. The literature review and analysis of security data collected over the past 6 years at HKIA suggests that good Corporate Governance is in fact a key ingredient for effective security at airports. The limitations of this paper, only allows for the study of three principles of good corporate governance, namely ‘Oversight’, ‘Ethics’ and ‘Accountability’. It goes without saying that there are many other factors that can influence the success or otherwise of the implementation of effective aviation security – for example organizational culture, equipment employed, staff training, quality control, policies and procedures, to name just a few. The paper only discusses these other variables when they directly relate to the three chosen corporate governance principles at HKIA. To sum up, despite the effective promulgation of international standards, the related effectiveness of the implementation has varied greatly from airport to airport. Many variables, either independently or collectively can be the cause of failure. This paper concentrated only on how the introduction of corporate governance (particularly the three key principles) improved the way HKIA conducted business in relation to Aviation Security forever. The change to good corporate governance did not occur over night and has taken almost 15 years for effective management oversight, company ethics and accountability to become enshrined into the company philosophy. The data reviewed from HKIA, however, does suggest that the transformation has been dramatic and effective, showing that, when emphasized and enshrined into corporate culture, good Corporate Governance will increase the likelihood of success in the on-going fight against unlawful interference against civil aviation. / published_or_final_version / Politics and Public Administration / Master / Master of Public Administration

Corporate governance.

Airports - Security measures.

Maritime security after 9/11: the shipping industry's response to the terrorist threat

Metaparti, Satya Prakash.

January 2004

published_or_final_version / abstract / toc / Asian Studies / Master / Master of Philosophy

Shipping - Security measures.

Terrorism - Prevention.

Fiscal guidelines for disaster planning

Price, Ralph

January 1977

Statement of the ProblemThe paramount purpose of the study was to develop a model disaster plan to assist practicing school administrators in being prepared for fiscal loss impacts after major man-made or natural disasters.Procedure UsedThe study was limited to agencies, persons, and materials relating to fiscal losses resulting from major disasters. Department of education officials in eight states that had been repeatedly plagued by major natural disasters submitted information regarding what steps a school administrator should take to offset fiscal loss impact resulting from a major disaster. Officials ofthree major insurance companies were interviewed to provide defined procedures for underwriters to follow in writing exposure coverage when Insuring public school corporations. Data were gathered from literature and personal Interviews. Persons Interviewed Included school officials, Insurance officials, and underwriters.FindingsFindings were based on the data gathered.1. There was a lack of conformity In writing insurance schedules.2. School administrators generally, did not exhibit insurance schedule writing and marketing. 3. Clear guidelines for school administrators in handling fiscal losses resulting from major disasters were not being provided by any of the state departments of education. 4. The school corporations studied were found to have insufficient insurance coverage and had depended upon P.L. 81-815 and P.L. 81-874 for funds to offset fiscal losses.5. School administrators frequently were reluctant to purchase contingency insurance for added fiscal protection in the event of fiscal disaster.ConclusionsConclusions based on the findings were as follows: l. A reluctancy exists among school officials to plan adequately for future disasters by carrying adequate insurance.2. Generally, administrators lack knowledge in insurance programming.3. Educational inventories are, in general, outdated and Incomplete.4. Fiscal losses arise from inept selection of underwriters or marketing the schedule of exposures.GuidelinesThe following recommendations are guidelines to aid acting school administrators in offsetting fiscal losses caused by major disasters.The recommendations, based on the findings and conclusions of the study were divided into two categories: (I) pre-disaster action and (2) post-disaster action.I. Pre-disaster Action:A. Conduct a complete inventory of educational property initially.1. Attach a replacement cost of each category of property to the inventories.2. Update the inventories at least once each year.B. Have all educational facilities evaluated by professional appraisers.1. Subsequent inventory reevaluation should be conducted by professional appraisersannually.2. Inventories should be maintained under custodial care in a safe guarded place,protected from storm and fire.C. Use updated appraisal inventory as a basis for the purchase of necessary disaster insurance coverage.D. Utilize risk managers, professional appraisers, and insurance underwriters in preparing blanket insurance coverage as dictated by Inventories II.Post-disaster Action:Design a hazard survey chart to determine the losses and particular areas effected. B. Ascertain to what extent the losses are covered by insurance.Use immediate means and agencies to offset fiscal loss due to disaster. D. Immediately set about planning for reestablishing the educational curricular instructional programs.Recommendations for Further ResearchThe following recommendations for further research were generated as a result of the findings ofthe study.1. Research should be conducted to determine attitudes of school boards about allocating resources for the purchase of sufficient insurance to offset fiscal losses resulting from man-made or natural disasters.2. A study should be conducted to determine what school administrative courses should provide preparation for school administrators in insurance programming and the marketing of insurance schedules.3. A similar study with a broader based sample should be undertaken to validate and/or improve upon the guidelines for school administrators generated from this study.

Schools -- Security measures.

School insurance.