Saturday, 3 May 2008

Security is primarily about people and processes

Security is primarily about people and processes. The matter how good the technology, it still requires people to manage, maintain and make use of it effectively (DTI, 2006). Without the proper training, processes and controls even the best intentioned employee will eventually fail to maintain adequate security.

Even in cases where staff acts with the best of intentions, when acting without guidance they are unlikely to act uniformly. Without guidance this hodgepodge of actions in itself becomes risky (Bosworth, Seymour & Kabay, 2002).

The primary aim of information security is to provide good information governance. Good governance requires the support and interaction of the people involved with the system (DTI, 2006).

As a result, technology is only truly effective when deployed in an environment conducive to its goals (Gosh, 1998).

Insider Risk

The highest risk of insider attack generally occurs in organisations with an ineffectual internal security policy and procedure framework.

Wells (2004, p7) relates the “fraud triangle” to us for a model of corporate fraud. The risk of insider attack against computers and physical are similar and often one leads to the other. The three primary root-causes of internal attack; whether from computer-derived or other sources are thus;
1 Opportunity
2 Pressure
3 Rationalisation.

In any situation where more than one of these factors is allowed to grow unchecked, problems are likely to arise.

Attacks to an organisation instigated by external parties or hackers are difficult to categorise. This is a result of the difficulty in categorising hackers into a single taxonomy. The variety of methodologies, means and goals deployed and envisioned by these groups makes a simple classification difficult.

In general however, more attacks will occur and the more damaging where a level of due care is lacking. This is true both for internal and external attacks (Bosworth, Seymour & Kabay, 2002).

Friday, 2 May 2008

GPL and other open-source licenses

There are several types of Open Source licenses. Template Licenses (Apache, BSD, MPL) may be used by others simply by changing the names. These are further divided into Academic vs. Reciprocal Licenses. Academic Licenses originated in institutions of higher learning (Berkeley, MIT) which wanted to deliver the widest circulation achievable. In the terms of an Academic license there are no real restrictions on use, rewriting, and dissemination (CCH).

Reciprocal Licenses such as the GPL require that anyone distributing the software offer the source code for the entire work as distributed, including all changes (GPL).

In explaining the differences between the GPL (GNU Public License) and other open-source software licenses, we need to first look to property law and the common law concept of licensing (McKeough, Bowrey, & Griffiths, 2002). In the most basic terms, a license is a unilateral permission to use someone else's property. In this case the property is not real property or a chattel but an Intellectual Property. Thus the license is a right to make use of a copyright material (Van Caenegem, 2001).

A license may be granted within a contract (Cornish, 2000), but a license is not a contract in itself. We have to ask, “What is a contract?” Although simplified, a contract is a promise that is legally binding (Carter & Harland, 2002). The three pillars of a contract in common law are:

  1. Offer,
  2. Acceptance, and
  3. Consideration.
It is common for the legal novice to take the GPL as a contract, this is a fallacy. Offer was defined in the classic case of Carlill v Carbolic Smoke Ball Co [1893] 1 QB 256. The terms of offer and acceptance were developed by the court in Carlill v Carbolic Smoke Ball Co as the company had set aside funds and consideration was made for the goods. In a GPL arrangement, no offer can be said to be made and no consideration is supplied. Thus the GPL is a pure or bare license and may not be attached to contract.

A bare license can be revoked as it is not a contract and there has been no consideration (Ricketson, 1999). The court could recognize the user’s dependence on the software to act as a substitution for consideration. This would prevent the license being revoked (Rosen, 2005, p. 56).

So GPL is not a contractual arrangement and may not be made into one. To see how this affects an issue of a license under property, it is necessary to look at the Copyright Act (“CA”). This statute defines four requirements for copyright protection:

(i) Created by a ‘qualified person’ – ss32(4), 84, 184 CA.
(ii) Subject matter – ‘works’ and ‘subject matter other than works’ – ss10, 32, 89-92 CA.
(iii) Material form – ss10, 22 CA, and
(iv) Originality – s32 CA.

The GPL license[1] states that redistribution of any “derived” works needs be published under the terms of the GPL. Thus any software created using a GPL base must remain under the GPL. This is the "traditional" format used in open-source licensing. The objective of which is to ensure that an open-source program will always stay open-source.

A derivative work is an original work by an author that is based on a pre-existing work. The author of the derivative work can license and distribute the derivative work provided he has license for the pre-existing work to create a derivative work from it and to distribute that derivative work (Ricketson & Richardson, 2005).

The GPL can be firstly distinguished from another of the “Open Source” software license structures, the “FL - project-open "Free License"”. FL software is distributed openly without cost to use and modify. It is however classified as commercial software, but the license fee for use and modification is given without consideration. This is where FL deviates from the GPL. Whereas GPL provides the free distribution of any derived software, FL requires consideration for this right (Garnsey).

The GPL is a true copyright license: a unilateral permission, in which no obligations are reciprocally required by the licensor (Cornish, 4th ed). FL is thus a licensing agreement that is issued to end-users without consideration, but is assigned under contract for the purpose of development or distribution.

The next distinguishing feature of the GPL from the FL is that of ownership. The GPL allows for open redistribution of the source code under the sole condition that derivative works remain covered by the GPL. FL license terms allow the rights of distribution to remain in the full control of the “maker”[2]. The FL thus can create sole property rights and ownership, while the GPL is a “work of joint ownership”[3].

In the terms of the FL, the developers of the work are each owners they can each license the entire joint work to others as they individually see fit (Van Caenegem, 2001). The rights are assigned under contract. GPL creates no such contract; the work is a collective work, each of which is under its author’s respective license, and thus by the terms of the GPL must also be distributed under the GPL (CCH, Australian Industrial and Intellectual Property).

Most Open Source projects are joint works (Rosen, 2005) with no reason for the assigning of copyrights. In the case of a collective works[4], the collector is the author and can license and distribute the sole portion that has been created, but only with license to distribute from the authors of the constituent pieces themselves. In the GPL this is an implied license attached to the chain of rights. Proprietary Rights and Assignments[5] of the GPL come with an implied licence of the GPL terms.

The GPL, condensed to its core, (Rosen, 2005) consists of an agreement to: copy, modify and redistribute the software, whether modified or unmodified, freely. “If you redistribute it, in modified or unmodified form, your permission extends only to distribution under the terms of this license. If you violate the terms of this license, all permission is withdrawn.”

Thus the primary factors that distinguish open source software licenses are basically no more than terms of legal art. In all cases the moral rights[6] are not assigned.

[2] s22 CA.
[3] ss10(1)”work of joint authorship”, 35(2), 35(3), 35(4), 35(5), 35(6) CA.
[4] Community ownership: Bulun Bulun v R & T Textiles Pty Ltd (1998) 157 ALR 193 (MBG 2002 at pp129-138).
[5] s196(1), 197 CA
[6] Loughlan, P (2001) 12 AIPJ 189

Thursday, 1 May 2008

False Rejection Rate (FRR)

The False Rejection Rate (FRR) is the technical designation for the level of statistical Type I errors associated with a biometric product. False rejection rates are the level at which valid users are incorrectly rejected by the system when they should've been allowed access.

Although the False Accept Rate is generally considered more critical (Type II error) as this determines the number of unauthorized accesses that are validated and granted access to the system without authority, the false rejection rate may create undue frustration (1) and indeed operational efficiency if the rate is too high.

FRR may be increased through smudged lenses, improper alignment of the reading system or through items which obscure the subject’s features[1]. In many instances, uncooperative users will either overtly or covertly compromise, damage or sabotage the effectiveness of the system (1). As some people believe that biometric systems are a breach of their personal privacy, providing an incentive for them to use the system may be difficult. These uncooperative uses will often engage in small acts of sabotage to lower the effectiveness and efficiency of the system which may result in its removal.


SOX and things we forget...

Based on recent client engagements I have come to the determination that most firms do not understand that SOX requires more than compliance with §§ 302 and 404 for IT systems. Most would not even make it this far.

Two significant provisions of Sarbanes-Oxley are defined in §§ 802 and 1102 and codified, respectively, at 18 U.S.C. 1519 and 18 U.S.C. 1512(c). These provisions impose substantial criminal penalties on any individual or entity -- public or private -- for destruction of evidence or obstruction of justice regarding any actual or "contemplated" federal investigation, matter or official proceeding.

In Dec. 1, 2006, amendments to the Federal Rules of Civil Procedure where introduced to focus on retention and production of electronically stored information. Courts, government regulators, public auditors and the plaintiffs' bar require increasingly sophisticated means of electronic discovery detailing issues such as metadata, keyword searching and forensic imaging. In turn, the demands have intensified for greater transparency in companies' policies and practices.

There is supporting case law for these provisions [see U.S. v. Ionia Management S.A., No. 3:07 CR 134, 2007 U.S. Dist. Lexis 91203 (D. Conn. Dec. 12, 2007) and U.S. v. Fumo, No. Crim. A. 06-319, 2007 U.S. Dist. Lexis 79454 (E.D. Pa. Oct. 26, 2007)].

The Real-Time Disclosure (§ 409) reporting also requires the disclosure of legal risks. With the determination of the 2001 California case against Cisco and the subsequent introduction of security breach disclosure rules, it is legally mandated that SOX also encompasses monitoring.

Mistakes or omissions are incorporated in § 906. This requires that data handling and error testing has been conducted. It is insufficient to state that we use a vendor product as a number of clients have done.

Non-compliance with § 802 is the simplest breach. The US courts have determined that email is a business record. Two week backup and retention cycles (as many companies are doing) is a breach of SOX and also Australian legislation. This is attached to fines of up to $5,000,000 and imprisonment for up to 20 years (it is a criminal offence).

Monday, 28 April 2008


The online delivery paradigm both adds value to the traditional learning approach, and creates new educational opportunities. Consumers of online education are generally “non-traditional” students and as a result this medium allows in the university to expand their client base without impacting their existing market resulting in a projected increase in market share.
The added benefits of increased community cohesion and interaction can not be overlooked. Aligning the needs of the community in this manner can help provide many of the “soft goals” projected by Universities while simultaneously providing the core aims to enhance and promote education.

In order to ensure that when a university plans to expand offerings and open new markets through the use of Internet based delivery mechanisms is successful, it is essential that the university formulates a strategic plan to implement this new delivery medium. Many of the issues associated with this are detailed in this paper.

Mintzberg (1994) believes that strategic planning should be more correctly called strategic programming as it is an analysis, articulation, and elaboration of that which already exists. Mintzberg (p 52) points out that “in seeking to measure productivity we are basically concerned with the question of how well (how efficiently) available inputs are converted into outputs”.
Lane (2004) tells us that strategic plans generally consist of:
1. Vision (where we want to be)
2. Mission (our purpose or reason for existence)
3. Values (the principles that guide our behaviour, give us a sense of direction, which also helps us decide what is important and provide us with an ethical and moral foundation).

To address these stages, we need to investigate both the concerns and hurdles to implementation (Kotter, 1992), as well as reviewing what the university seeks to gain. In order to be successful this new project must align to the vision, mission and values of the University as it currently exists. Additionally, the project needs to add value both to existing students and faculty as well as in opening new opportunities for educational delivery (Tsang, 1998).

Issues that may impact the project
There are a number of concerns that need to be addressed before any online course can be successfully introduced (Romm & Taylor, 2000). The needs of the University from both the perspective of the faculty and also of the students need to be taken into consideration. Each of these issues will be addressed individually.

For all the criticisms, it will be clearly demonstrated that few if any universities can maintain the traditional only approach in the longer-term (Beldore et al, 2002). At the least universities need to complement the existing offerings allowing students to broaden their experience through both online and traditional offerings. This process provides the framework for structured online learning system that fulfils both the needs of the students and faculty (Hay/McBer, 2000).

The growing trend towards distance and lifelong learning (Taylor et al, 2003; Longworth, 1999; Salmon, 2000) provides ample justification in itself. The clear advantages to both society and the economy cannot be overlooked either. It must never be forgotten that a public university as the primary goal of providing education and as such it is clear that it must create a homogeneous structure to disseminate information as fairly as possible (Dark, 2004a; Beirne, 2002; Berge, 1993). ICT can provide a structure to achieve this goal (Beyer, 1998).

Student concerns and needs
Simon, Brooks & Wilkes (2003) demonstrate that one of the fist points to consider is the perception of online courses by students. In a business sense the students are the key clients for the University. As such, the deceptions all of potential students and their opinions either for or against online courses need to be examined (Jacques, 1991).

In their study, Simon, Brooks & Wilkes (2003) demonstrated that many students who enrol in online degrees are "non-traditional" and do not fir the model of a standard university student. The online student is generally older, employed in a full-time occupation and has already completed at least one degree (Schooley, 2001). It was also shown that students to complete online degrees are generally more motivated. Students who travel with work generally also find online courses attractive (Alexander, 1995).

Concerns held by faculty and institutions
There is a common concerned that "faculty will become me shepherds heading their passive sheep through pre-prepared fields of outdated and insubstantial information" and that further web-based academics do not focused enough on the interaction between faculty and students which is needed to "generate debate, conversation, and participation" (Accetta, 2001).
It is also suggested that students will not get the same campus experience as those who enrol in traditional programs (Cox, 2001). In order to be successful any university offering online courses needs to ensure that its students are prepared to engage in self-directed learning. Additionally it is more important that quality assurance measures designed around rigor and quality ensure that the student completes the required work to the required standard (Jackson, 1992).

Logistical concerns such as providing the same level of support to online distance students as traditional students need to be taken into account. Access to libraries, bookstores, advisory and counselling services are areas that are generally lacking in most online offerings. In addition it is even more crucial that students understand the expectations of the course as it is more likely that they may complete the entire semester without any formal contact.

General concerns
One of the key criticisms of online courses and a possible disadvantage is the lack of provision of forums for physical contact and live debate. It is believed by many that the lack of an avenue for debate amongst staff and students at the University through live concourse cannot be adequately compensated through the use of web-based and other forms of messaging. Symonds (2001) quotes Harvard University professor, W Earl Sasser's view that an online degree "would distract from the residential experience. Similarly, Kumar et al. (2002, p140) cite "strong evidence that students perceive interaction, student to student and student to instructor, to suffer as a result of virtual education ".

A further consideration is the ethical dilemma associated with the need to access computers at home. The cost of Internet access and an adequate computer, although comparatively lower in cost than even a couple years ago, are still excessive too many. This dilemma however is outside the scope of this paper other than to be noted as a concern.

Developments in Online Education
Peltz (2000) has suggested that e-learning is already a multibillion dollar industry. Weil (2001) suggests that either 54% of US higher education institutions offer courses either the Internet. International Data Corporation was cited by Weil (2000) with a predicted 87% of institutions offering online courses by 2004. In fact, many new universities have been created that only offer courses online and do not engage in any traditional lectures (Peltz, 2000).

Massachusetts Institute of Technology (MIT) has an open courseware program where they post lecture notes reading assignments and even real audio/RealVideo feeds from their lectures. Although the open courseware program does not lead to the issuing of a degree or certificate, it provides an educational framework that is available freely over the Internet.

The University of Phoenix online[1] is one of the largest private providers of online education with bachelor's, masters and doctoral degree programs. They claim that students gain the following benefits:
· attend class at times and places that fit their schedule
· complete 100% of the education via the Internet
· earn their degree in two or three years
· classes are offered one at a time, for five to six weeks, so they can focus on one subject
· programs are continually updated to provide skills and experience in high demand
· all faculty members hold a master's or doctoral degree
· All coursework is designed to apply to the work environment.

Additionally, several universities, such as Duke University, offer a combination of online and work in residency based programs. Slusky & Partow-Navid (2003) detail the introduction of a remote UNIX lab at California State University. This system was used to train UNIX system administrators, Oracle database administrators and programmers/developers. They developed a remote DBA and a wireless DBA application. These were configured to provide students with hands-on experience and chew to lead situations without having to be at the University.

The UNIX lab project enabled California State University to enhance “the learning and teaching experience in UNIX, Linux and Oracle in a predictable atmosphere of confidence, control and satisfaction”. This project enabled the university to add new courses to the curriculum for both internal and external students.

Burgess & Darbyshire (2003) demonstrate how the use of IT in businesses reflects the needs of the modern university. The list of benefits, including:
· Improved support of business operations,
· Enhanced support of managerial decision-making, and the
· Growth of a strategic advantage (such as also is detailed by Porter [1985]).

Thus, some strategies that need to be considered include becoming a low cost provider of quality educational services, producing a unique or differentiated good, or providing to a niche market.

Links to Employers and Business
“Training personnel to acquire knowledge, skills, and attitudes are an essential role for instructional systems design, and so is training that translates knowledge, skills and attitudes into effective performance.” (Davies, 1994, p 111). Ghoshal & Bartlett (1995, p89) deliver the same importance to training systems as Davies.

Jackson (1995) criticises the competency movement for specifying performance goals in clear, precise, detailed and measurable terms. Training for IT workers should not just be seen as a means of improving performance. Training can be both reward and ambition to the Information Technology employee where training and associated development are a reward for a job well done.

As such, the University could look to integrating programs with the needs and focus of selected businesses in mind. The Australian government reports, “Backing Australia's ability” (2001), “Knowledge and Innovation” (1999), and “Investing for Growth” (1997), or provide a framework to enable universities to work with industry to create courses that provide graduates with the qualities needed in industry.

These courses would improve the employment prospects of graduates making the courses more attractive (Vroom, 1964). It is further noted that by working with industry it would be possible to provide online courses for the existing employees of a number of both government and commercial organisations (Senge, 1994). This practice is already common in the US with several online universities aligning themselves with organisations such as Price Waterhouse Coopers, the US military, and IBM (McGill, 2002).

Application and Design
Taylor et al (2003) argue that “the philosophical framework used in the development of an online course…” “is largely based on sociological theory”. They further argue the need for a student-centred approach to learning.

The importance of placing the student at the centre of the learning process is articulated by Taylor et al (2003) in engaging the student in “one to one”, “one to many” and “many to many” forums. They state that “the future learning environment will be increasingly ubiquitous and require the full capacity of information technology operating asynchronously and at a distance to engage the needs of ‘lifelong’ and ‘life wide’ learners while minimising the extra demands of teachers and facilitators”.

Habermas (1984) provides a foundation for critically analysing educational practices through communicative action. This discourse would allow both faculty and students to disclose their orientations relevant to the subject matter in a format that is less asymmetrical with regards the relations of power.

The critical aspect is the development of learning communities aimed towards both self-directed and for-group learning. Romm & Taylor (2000) showed that the “many to many” mode of distance education generally reflect the traditional “face to face” learning paradigm, which lends itself to a power relationship (Habermas, 1984).

The learning model proposed by Taylor et al (2003) for the delivery of online courses there is that as devised by Romm & Taylor (2000). This model includes instructional materials for the course which consists of a video or RealAudio feed that contains explanations on how to use because functions; a course outline which provides the information about the course; textbooks; and an interactive class forum.

In this model, students are expected to subscribe to the forum. The lecture encourages the students to introduce themselves online in order to conceptualize their backgrounds and provide a framework of discussion and interpretation within the cohort. Individual virtual groups are then established.

The model involves three modes of faculty/student interaction. There is the traditional model of “one to many” teaching. Next students have the capability to engage in “one to one” interaction with the lecturer through a variety of communication methods. The bulk of interaction in this model is through the “many to many” mode. In this students interact through the groups in development of presentations to the cohort and the critical analysis of other group presentations.

Wellman et al. (1996) contends that limiting social presence, such as through the use of online education is a factor in “removing inhibition, increasing creativeness, and strengthening weak social ties in narrowly focused groups such as learning groups”. This view is supported by Rice (1993) who suggests that social presence “fundamentally affects how participants sense emotion, intimacy, and immediacy”.

In this way the use of online forums can aid in the development of understanding across cultural groupings (Taylor et al, 2003). The ease of accommodating distant students from different ethnic backgrounds not only adds to the creative process but also accommodates development of community. Both distance and traditional students gain advantages.

This approach to online education allows the individual and communities to “live an ongoing learning experience”[2]. This thus allows the university to not only expand their funding base through increased revenue, but to also meet the goals set by the Australian government in a manner that is both socially and educationally accountable.

Structured Methodology
In designing the course, it is first necessary to state the business level objectives (Stiller, 2003). The business level objectives determine all other levels for both requirements and solutions.
Appropriate technologies are then selected to meet business needs:
· Strategic business planning
· Business process reengineering
· Identification of major business functions
· Identification of business processes
· Identification of business opportunities

In this format, the educational institution is treated as a business. The accountability of universities to deliver courses and programs relevant to today's society (Stiller, 2003) has resulted in the need to align programs in a manner that will ensure adequate funding.
Only when the business level objectives have been decided can we move to design the application, data and network technologies. The university needs to decide on what markets will add to its profile. To do this it needs to define its core strengths and focus. It is for instance of little use for a school known predominantly for its law programme to seek to develop an online IT and engineering programme as it’s first offering.

In this, the university need to develop a strategic plan that allows them to build on its existing strengths and maintain its core values. This will allow for the optimum marketing of its traditional and online offerings while synergistically minimising the costs to either.

It is clear that there are a number of obstacles to formulating an online educational platform. The benefits outweigh the costs, both financially and through the achievement of educational accountability through enhanced learning.

The online delivery paradigm both adds value to the traditional learning approach, and creates new educational opportunities. Being that many of the consumers of online education are “non-traditional” students, this medium allows in the university to expand their client base without impacting their existing market. This would result in an overall performance improvement for the University (Rummler, 1995).

Finally, the added benefits of increased community cohesion and interaction can not be overlooked (Adler, 1959). Aligning the needs of the community in this manner can help provide many of the “soft goals” projected by Universities while simultaneously providing the core aims to enhance and promote education.

Before a definitive solution may be derived, the strategic plan and strengths of the University need to be determined (Bolman, 2003). Without this phase, the project is at best a blind stab in the dark.

1. Accetta, R. (2001) “E-Learning Crossfire” (Saved: 22 Oct 2002) (
2. Adler, A., (1959). “Understanding Human Nature”. New York: Premier Books.
3. Alexander, S (1995)”Teaching and Learning on the World Wide Web” Proceedings of AusWeb ’95
4. Ansoff, I. (1965), “Corporate Strategy”, McGraw-Hill, New York.
5. Azadegan, S. Lavine, M. O'Leary, M. Wijesinha, A. Zimand, M. “An Undergraduate Track in Computer Security”. ACM SIGCSE Bulletin, Proceedings of the annual conference on Innovation and technology in computer science education, Volume 35 Issue 3. June 2003. Available on March 14, 2006 -
6. Beirne, T. Brecht, H.D. & Sauls, E. (2002) “Using the web to serve students as information clients” Proceedings of Informing Sciences and IT Education Conference, University College Cork, Cork IRE (June 19-21, 2002)
7. Beldore, T & Brecht, H.D. & Sauls, E. (2002) “Online Education: The future is now” Socrates Distance Learning Technologies Group, Academic Research and Technologies
8. Berge, Z (1993) “Computer Conferencing and Online Education” The Point Electronic Journal on Virtual Culture, (1) 3.
9. Beyer, H. and Holtzblatt, K. (1998) “Contextual Design Defining Customer-Centered Systems”, Morgan Kaufman Publishers Inc
10. Bogolea, Bradley & Wijekumar, Kay (2004) “Information Security Curriculum Creation: A Case Study” ACM InfoSecCD Conference’04, October 8, 2004, Kennesaw, GA, USA.
11. Bolman, Lee & Deal, Terrance, (2003) “Reframing Organizations : Artistry, Choice, and Leadership”, Jossey-Bass; 3 edition, USA
12. Border, Charles. Holden, Ed. “Security Education within the IT Curriculum”. Proceeding of the 4th conference on information technology curriculum on Information technology education. Oct 2003. Available on March 14, 2006 -
13. Boud, D., Dunn, J. and Hegarty-Hazel, E. (1986) “Teaching in Laboratories”. SRHE & NFER-Nelson, Surrey, UK
14. Boyd, C. and Mathuria, A. (2003) “Protocols for Authentication and Key Establishment”. Springer-Verlag, Berlin, Germany
15. Burgess, S. & Darbyshire, P. (2003) “A Comparison between the use of IT in Business and Education: Applications of the Internet to Tertiary Education” Victoria University, Au
16. Cox, R. and Light, G. (2001) “Learning & Teaching in Higher Education: The reflective professional”. Sage Publications, London, UK
17. Crowley, Ed. “Information System Security Curricula Development.” Proceeding of the 4th conference on information technology curriculum on Information technology education. Oct 2003. Available on March 11, 2006 at
18. Darbyshire, P. (1999) “Distributed Web Based assignment submission and access” Proceedings – International Resource Management Assoc. IRMA 1999. Hershey PA: Idea Publishing Group
19. Dark, Melissa J. (2004.a) “Assessing Student Performance Outcomes in an Information Security Risk Assessment, Service Learning Course” Purdue University
20. Dark, Melissa. J. (2004.b). “Civic Responsibility and Information Security: An Information Security Management, Service Learning Course”. Proceedings of the Information Security Curriculum Development Conference, 2004.
21. Davies, I.K. 1994, “Process re-design for enhanced human performance”. Performance Improvement Quarterly, 7 (3): 103-113
22. Earl, M.J. (1989) “Management Strategies for Information Technology” Prentice Hall NY
23. Ford, W. and Baum, M. S. (1997) “Secure Electronic Commerce”. Prentice Hall
24. Garfinkel, S. and Spafford, G. (2001) “Web Security, Privacy & Commerce”. 2nd Edition. Cambridge, Mass: O'Reilly
25. Ghosh, A. K. (1998) “E-Commerce Security”. Wiley
26. Ghoshal, S. & Bartlett, C.A. 1995”Changing the role of top management: beyond structure to processes”. Harvard Business Review, January-February: 86-96
27. Habermas, J. (1984) “The Theory of Communicative Action: reasons and Rationalisation of Society” Beacon Press, Boston MA
28. Hay/McBer (2000). “Research into teacher effectiveness: A model of teacher effectiveness report by Hay McBer to the Department for Education and Employment”. Report prepared by Hay/McBer for the government of the United Kingdom,
29. Infosec Graduate Program. Purdue University. First viewed on March 12, 2006 at
30. Issacs, Henri (2003) “On-Line Case Discussion: A Methodology” Paris Dauphine University, France
31. Jackson, Nancy. (1992); Chapter 7 “Training Needs: An Objective Science?” In Training for What? Labour Perspectives on Job Training, ed. Nancy Jackson. Toronto: Our Schools/Our Selves Education Foundation.
32. Jacques, D., Gibbs, G. and Rust, C. (1991) “Designing and Evaluating Courses”. Oxford Brookes University, Oxford, UK
33. Kalakota, R. and Whinston, A. B. (1996) “Frontiers of Electronic Commerce”. Addison-Wesley
34. Kollock, P. (1997) “The design prnciples for Online Communities” The Internet and Society: Harvard Conference Proceedings, Cambridge, MA: O’Reilly & Assoc.
35. Kotter, John P. & Cohen, Dan S. (1992). “The heart of change”. Harvard Business School Press, Boston, Massachusetts
36. Kumar, A., Kumar, P., & Basu, S. C. (2002) “Student Perceptions of virtual Education; An exploratory study” In M. Khosrow-Pour (Ed.) Web Based Instructional Learning (pp 132-141) Hershey, PA IRM Press.
37. Lane, David, 2004, “Foundations of HRM, Performance and Compensation Management”, Course Notes, University of SA
38. Longworth, N (1999) “Making Lifelong Learning Work” Kogan Page, London UK
39. Master of Science degree program in Information Security and Assurance. George Mason University. Available on March 12, 2006 at
40. Master of Science in Security Informatics. Johns Hopkins University. Available on March 12, 2006 at
41. McGill, Tanya, Ed. (2002) “Current issues in IT education”, Murdock University, IRM Press, Melbourne, Australia.
42. McLelland, Ross (2004), “Emotional intelligence in the Australian context”, Pacific Consulting,
43. Mintzberg, H. (1994) “The rise and fall of strategic planning”. New York: Free Press
44. Peltz, P (2000) “Do virtual classrooms make the grade” (Saved article from Apr 2001, no current link)
45. Porter, M.E. & Millar, V.E. (1985) “How Information gives you competitive advantage” Harvard Business Review, 63, 4 July/August pp 149-160.
46. Rice, R (1993) “Media appropriateness using social presence theory to compare traditional and new organisational media” Human Communications Research, 19, (pp 451 - 484)
47. Robey, D. (1994). “Designing Organizations”. (4th Ed.). Irwin. Homewood, Illinois
48. Romm, C & Taylor W. (2000) “Online Education – Can we combine efficiency with quality?” Proceedings ACIS, Brisbane 6-8, 2000
49. Romm, C & Taylor W. (2001) “Teaching Online is about Psychology – not technology” In M.Khosrow-Pour (Ed.) Proceedings of IRMA Conference, Hersey PA, Idea Group Publishing
50. Rummler, G.A. and Brache, A.P. 1995 “Improving performance”. 2nd edition, San Francisco: Jossey Bass
51. Salmon, G (2000) “E-Moderating: The Key to Teaching and Learning Online” Kogan Page, London UK
52. Schooley, C (2001) “Online universities introduce alternatives for higher education” Planning Assumption. GIGA Group.
53. Senge, P. M. (1994). “The Fifth Discipline: The Art & Practice of the Learning Organization”. New York: Currency-Doubleday. Stace, D. and Dunphy, D. (2001), “Beyond the Boundaries”, 2nd ed. McGraw-Hill Australia: Roseville.
54. Shaikh, Siraj A. (2004) “Information Security Education in the UK: a proposed course in Secure E-Commerce Systems” ACM InfoSecCD Conference’04, October 8, 2004, Kennesaw, GA, USA.
55. Sherif, M. H. (2000) “Protocols for Secure Electronic Commerce”. CRC Press
56. Simon, Judith C., Brooks, Llyod D., & Wilkes, Ronald B. (2003) “Empirical Study of Student’s Perceptions of Online Classes” The University of Memphis, USA
57. Slusky, Ludwig & Partow-Navid Parviz (2003) “Training in Remote Database Server Administration” California State University US
58. Stiller, A.D. (2003) “Designing e-Business and e-Commerce Courses to Meet Industry Needs”, University of the Sunshine Coast, Au
59. Taylor, Wal; Dekkers, John; & Marshall, Stewart (2003) “Community Informatics – Enabling Emancipatory Learning” Central Qld University Au
60. Tsang, P. & Fong, T. L. (1998) “Learning support via the web: How do know I make a difference?” Proceedings of the 12th Annual Conference of the Asian Association of Open Universities, New Delhi, 4-6 Nov 1998
61. Vaughn Jr. Rayford B., Dampier, David A. & Warkentin, Merrill B (2004) “Building an Information Security Education Program” ACM InfoSecCD Conference’04, October 8, 2004, Kennesaw, US
62. Vroom, V.H. 1964, “Work and Motivation”. New York: John Wiley & Sons.
63. Weade, R., & Gritzmacher, J. 1987. “Personality characteristics and curriculum design preferences of vocational home economics educators”. Journal of Vocational Education Research, 12(2), 1-18.
64. Weil, N (2001) “University net courses help make pros make the grade” (Viewed and saved; 16 May 2003) (
65. Wellman, B, Salaff, J., Dimitrova, D., Garton, L., Gulia, M., and Haythornthwaite, C. (1996) “Computer networks as social networks: Collaborative work, telework, and virtual community” Annual review of Sociology, 22 (p 213 – 238)
66. Wellman, B., Boase, J. & Chen, W. (2002) “The Networked Nature of Community: Online and Offline”. IT & Society, 1(1), 151--165.
67. Winfield Treese, G. and Stewart, L. C. (2002) “Designing Systems for Internet Commerce”. 2nd Edition, Addison-Wesley
68. Yang, Andrew. “Computer Security and Impact on Computer Science Education”. The Journal of Computing Small Colleges, Proceedings of the sixth annual CCSC north-eastern conference on the journal of computing in small colleges, Volume 16 Issue 4. April 2001. Available on March 21, 2006 -

[1] See
[2] Taylor et al, 2003

Sunday, 27 April 2008

A week of water

The Heron's are ok, but for the rest of us... It is to say wet!
The normally small creek is now a small river...
And the river...

Well let us just say I am not leaving over that road (as is usual) this weekend.
As you can see the river has broken its banks.
And it is flowing fast.
The thing with the country, it is eaither dry or wet. There seems only a brief pausity in the middle that passes in a blink of the eye.