Web engineering security: essential elements

Security is an elusive target in today’s high-speed and extremely complex, Web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. These elements are derived from empirical evidence based on a Web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the Web Engineering specific elements that need to be acknowledged and resolved prior to the assessment of a Web Engineering process from a security perspective. The second contribution is that these elements can be used to help guide Security Improvement Initiatives in Web Engineering

Web development evolution: the assimilation of web engineering security

In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components

Web development evolution: the business perspective on security

Protection of data, information, and knowledge is a hot topic in today’s business environment. Societal, legislative and consumer pressures are forcing companies to examine business strategies, modify processes and acknowledge security to accept and defend accountability. Research indicates that a significant portion of the financial losses is due to straight forward software design errors. Security should be addressed throughout the application development process via an independent methodology containing customizable components. The methodology is designed to integrate with an organization’s existing software development processes while providing structure to implement secure applications, helping companies mitigate hard and soft costs

Secure web application development and global regulation

The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today’s global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled technology has instigated the development of local, national, and global efforts to regulate criminal activities on the World Wide Web. This paper makes two contributions. The first contribution is the high-level review of the United States and United Kingdom legislation that has developed from the escalation and integration of the World Wide Web into society. The second contribution is the support for the idea that legislative compatibility, in concert with an organization’s policy compatibility, needs to be acknowledged in secure Web application development methodologies

Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

Effects of physical activity on debilitating behaviours in 13- to 20-year-old males with severe autism spectrum disorder

The presented study investigated the extent to which engaging in a therapeutic sporting programme in males with severe Autism Spectrum Disorder (ASD) improves the debilitating behaviours commonly associated with ASD. Furthermore, the views of parents of the autistic participants were assessed concerning the effectiveness of the programme. Participants were eight 13-20 year old males born in the UK from a school and sports college for pupils with severe learning difficulties. The selection was using volunteer sampling from the “Monday Club” initiative, run by Saracens Sports Foundation in partnership with a local School and specialist Sports College. The Gilliam Autism Rating Scale (GARS-3) was administered to identify and measure the severity of ASD behaviours at four time periods namely: at programme entry as the baseline (T1), a second time after 8 weeks (T2), a third time after sixteen weeks (T3) and a fourth time post programme (T4). The results showed that for the more severe cases of ASD (Autism Index >101) there was no positive change in subscale performance from Time1 to Time2. For milder cases (Autism Index 71-100) there were subtle non-significant improvements on the subscale scores from Time1 to Time2. Of the 6 subscales at Time2, Emotional Responses (ER), Cognitive Style (CS) and Maladaptive Speech (MS) approached significance at the p = 0.05 level. At Time3 and Time4, there was also no statistically significant improvement in ASD behaviours compared to the baseline for either condition. Finally parents’ were “very satisfied” with their child’s participation in the physical activity programme

Temperature dependence of the ohmic conductivity and activation energy of Pb1+y(Zr0.3Ti0.7)O3 thin films

The ohmic conductivity of the sol-gel derived Pb1+y(Zr0.3Ti0.7)O3 thin films (with the excess lead y=0.0 to 0.4) are investigated using low frequency small signal alternate current (AC) and direct current (DC) methods. Its temperature dependence shows two activation energies of 0.26 and 0.12 eV depending on temperature range and excess Pb levels. The former is associated with Pb3+ acceptor centers, while the latter could be due to a different defect level yet to be identified.Comment: 13 pages, 3 figures, PostScript. Submitted to Applied Physics Letter

Revalidation and quality assurance: the application of the MUSIQ framework in independent verification visits to healthcare organisations

Objectives We present a national evaluation of the impact of independent verification visits (IVVs) performed by National Health Service (NHS) England as part of quality assuring medical revalidation. Organisational visits are central to NHS quality assurance. They are costly, yet little empirical research evidence exists concerning their impact, and what does exist is conflicting. Setting The focus was on healthcare providers in the NHS (in secondary care) and private sector across England, who were designated bodies (DBs). DBs are healthcare organisations that have a statutory responsibility, via the lead clinician, the responsible officer (RO), to implement medical revalidation. Participants All ROs who had undergone an IVV in England in 2014 and 2015 were invited to participate. 46 ROs were interviewed. Ethnographic data were gathered at 18 observations of the IVVs and 20 IVV post visit reports underwent documentary analysis. Primary and secondary outcome measures Primary outcomes were the findings pertaining to the effectiveness of the IVV system in supporting the revalidation processes at the DBs. Secondary outcomes were methodological, relating to the Model for Understanding Success in Quality (MUSIQ) and how its application to the IVV reveals the relevance of contextual factors described in the model. Results The impact of the IVVs varied by DB according to three major themes: the personal context of the RO; the organisational context of the DB; and the visit and its impact. ROs were largely satisfied with visits which raised the status of appraisal within their organisations. Inadequate or untimely feedback was associated with dissatisfaction. Conclusions Influencing teams whose prime responsibility is establishing processes and evaluating progress was crucial for internal quality improvement. Visits acted as a nudge, generating internal quality review, which was reinforced by visit teams with relevant expertise. Diverse team membership, knowledge transfer and timely feedback made visits more impactful

Sport rehabilitation in a young offenders institution: the "get onside" Rugby intervention, from practice to perception

The effectiveness of using rugby as a tool for rehabilitation in a Young Offenders Institution (YOI) was investigated in three studies. In Study 1, an intervention group (N = 33, mean age = 19.55, SD = .79) and a control group (N = 21, mean age = 19.76, SD = .89) across four cohorts of young adult males currently serving sentences at the YOI, completed the Measure of Criminal Attitudes and Associates (MCAA) instrument (Mills et al., 2002) pre and post intervention. Additionally, qualitative interviews were carried out with intervention (N = 27) and control (N = 14) groups. There was a small reduction between attitudes on MCAA measures taken before and after Rugby intervention. Analysis across the 4 cohorts showed significant differences between cohorts and time of questionnaire completion. Thematic Analysis of qualitative data indicated the programme developed pro-social values, fostered social cohesion, and provided its participants with protective factors against reoffending. Study 2 employed a questionnaire with 12 items which was presented to student respondents (Male = 27, Female = 61, mean age = 29.78, SD = 11.75) after reading a vignette depicting an offender as having committed a violent crime (N = 44) or a non-violent crime (N = 44) to explore their perceptions of rehabilitation. Results showed female respondents demonstrated perceptions significantly more supportive of the success of the programme in the areas of reduced criminal attitudes and social and behavioural outcomes. The perceptions of vignette character convicted of violent compared to non-violent crime were not demonstrated to be significantly different. Thematic analysis of open-ended responses indicated the programme was perceived to be a positive initiative that promotes health and wellbeing and provides a community and sense of belonging. Study 3 formed an Interpretative Phenomenological case study with an ex-prisoner. Semi-structured interview provided an insight into the development and formation of his personal identity in the prison and beyond, and the understanding of the impact of this specific intervention programme. Findings from this thesis present a novel contribution to prison sport literature, by placing prisoners’ experiences at the heart of the research process. Implications are discussed and recommendations made in terms of prison-based sport rehabilitation for researchers and policy makers