SlideShare a Scribd company logo

Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice

Download as PPTX, PDF
Catherine Ebenezer
Catherine Ebenezer

An account of the methods and findings of a research project that investigated web filtering practices with NHS Trusts in England and their impacts upon health professionals' information seeking, with recommendations for LIS practitioners.

Health & Medicine
1 of 20
Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice Catherine Ebenezer PhD student, Information School, University of Sheffield Health Libraries Group Conference, Scarborough 16th September 2016 Supervisors: Professor Peter Bath, Professor Stephen Pinfield 1
“People assume that abusing the Internet is an IT problem … it isn’t an IT problem, it’s a management problem.” Retired NHS IT manager Shouldn’t we be managing the risks more effectively in order to allow learners the freedom to use IT resources to better effect? Prince et al. (2010, p. 437) 2
Overview • Introduction and background • Web application blocking: earlier findings • Research questions and issues • Methodology and methods • Web use at work – a risk? • Approaches to managing information security • Secure web gateways / web proxies • False positives – the ROC curve • Findings / Discussion • Recommendations • Questions 3
Introduction and background • LIS Manager in mental health NHS FT 2008-2012 • Variety of technological barriers / hindrances to information seeking, teaching and learning, clinical and management decision-making – ascribed variously to: • Information governance/ information security • IT infrastructure policies and practices • Communications policy • Blocking of ‘legitimate’ websites • Obstacles to use of particular content types and applications • Social media / Web 2.0 a particular problem • Implications? 4
Web application blocking 77 57 51 69 35 25 11 9 0 10 20 30 40 50 60 70 80 90 Social networking applications Wikis and blogs Communication tools Discussion forums Webmail E-journals* E-books* Online databases 5 % of trusts SHALL IT subgroup survey of NHS librarians (2008)) *’core content’ or locally purchased Impacts
Research questions / issues • The nature and extent of restrictions on access to the World Wide Web within NHS organisations arising from organisational policies and practices • Their impacts on professional information seeking and sharing, and working practices in general • The attitudes, presuppositions and practices which bear on how web filtering is implemented within NHS trusts, in relation to overall organisational strategies 6 • Web filtering devices and their limitations Differing stakeholder perspectives involved • Attitudes to / assumptions about (information governance, information security) risks • NB distinction between websites and web applications Part of a wider study of access to information for learning and teaching
Methodology and methods Exploratory case study • Unit(s) of analysis • One or more NHS trusts of different types (DGH + community services, MH + community services, teaching hospital) • Methods • Semi-structured interviews with key informants (10+ per trust) • selected via purposive / snowball sampling • representing a variety of perspectives: • Clinician education and staff development • Library and information • Communications • Information governance • IT management, esp. network security and PC support • Human resources • Workforce development 7
Methodology and methods Exploratory case study • Methods (cont’d) • Interviews with other key informants: NHS Evidence, medical school e-learning lead, secure web gateway vendor • Gained additional perspectives • Documentary analysis – selective / ad hoc • Background • Policies and strategies: IT, LIS, workforce development, information governance, Internet AUPs • Codes and standards • Reports and reviews • Statements of values • Security device documentation • Thematic analysis using NVivo 8
Web use at work – a risk? Categories of potential risk to the organisation: • Legal – employers can be legally liable for staff accessing and distributing illegal material • Child pornography and other obscene material or racially inflammatory material, racial or sexual harassment, discrimination, hacking, the defamation of management, customers or competitors, software piracy, copyright infringement, fraud, and breaches of the Data Protection Act • Security - ??? risks from websites and web applications • Web-borne malware – major security threat – but …. • NB not a close correlation between subject matter of web content type of content and malware risk - Provos et al. (2008) • Productivity - ??? • Network bandwidth clogged / performance degraded • Staff wasting time • Positive effects? 9
Approaches to managing information security (adapted from Fléchais et al., 2006) 10 Category Description Example Technical Prevent Stop attacks from occurring Firewalls, secure web gateways, access control etc. Detect Notice and identify attacks Monitoring of web use – not routinely permitted under UK law React Stop or mitigate an attack Automated response systems linked to intrusion detection systems Deter Discourage misuse Visibility of countermeasures Social Prevent Stop attacks from occurring AUPs; rules on locking screens, rules against p/w sharing, etc. Detect Notice and identify attacks Sysadmins, alert users, auditing React Stop or mitigate an attack Sysadmins or emergency response teams Deter Discourage misuse Prosecution, disciplinary action
Secure web gateways / web proxies • Sit at perimeter of organisation’s network – enforce acceptable use policies • Commonly in use: Forcepoint (formerly Websense), Smoothwall, Bloxx, Trustwave WebMarshal, Webroot, etc. • Two roles: • Authorisation and authentication / filters ‘inappropriate’ content • Blocks web-borne malware • SWGs are able to categorise URLs and to analyse and manipulate scripts on web pages • Main mechanisms: • Blacklists (may be third-party) • ‘On the fly’ via machine learning / content categorisation – ‘black box’ – commercially confidential 11
False positives / the ROC curve As sensitivity increases, specificity / accuracy declines 12 Zhang and Janssen, s.d.
Results • Blocking of websites a problem frequently reported to NICE by librarians • District general hospital (DGH) and mental health services (MH) reported very few instances of website blocking • When a legitimate website blocked, IT department had unblocked it promptly once reported • Pharmacists most affected; instances of website blocking at MH usually related to substance misuse, eating disorders or sexuality • Staff at teaching hospital (TH) experienced greatest number of obstacles to information-seeking caused by blocking of legitimate websites • Reported frequencies of blocking varied from ‘every two months’ to ‘constant’ or ‘daily, probably’ • Affected the work of clinical educators in particular • Most blocked sites not reported to IT department 13
Results 14
Results • Much decision-making in relation to information security issues was tacit – IT managers did not explicitly discuss risk • IT security managers reported not having time to evaluate the effectiveness or impact of the SWGs they deployed • Depended on reports from users (via calls logged with trust helpdesk) of false positives • Likely to accept default configurations and categorisations of content offered by suppliers • IT manager at TH appeared aware (via emails sent to him) of the inconvenience caused to users by false positives • Main focus of attention and concern at TH and MH: potential security risks or impact on network traffic presented by ‘recreational’/ non-work use of the web 15
Results • TH had explicit policy of blocking advertising • Claimed to mitigate potential security threat of ‘malvertising’ (web- borne malware spread via syndicated advertising) • Sometimes seemed to have effect of blocking entire site content • Likely factor in high number of blocked websites • Possible factor: TH SWG’s lack of specificity in identifying and blocking inappropriate or compromised content • Neither librarians nor IT managers aware of national whitelist of sites not to be blocked • No relationship found between IG / IT structures and levels of blocking • But communication between IT and IG in TH very poor 16
Discussion •“First, do no harm …” Hippocratic oath • IT staff should be at pains to avoid blocking the good when attempting to prevent the bad (Verma et al., 2012) • “Users … don’t pursue innovative ideas because they can’t face any more ‘battles with security’ that they anticipate on the way to realising those ideas” • Users’ experiencing false positives reduces the overall credibility of information security • (Sasse, 2015) 17
Recommendations • National whitelist: • Efforts needed to engage librarians with reporting / maintenance / updating • Put in place robust local systems for IT departments to be notified of updates • Responses to information security incidents should be proportionate • IT and IG departments should: • encourage the reporting of false positives as applicable • institute processes for responding promptly to unblocking requests • consult more widely with stakeholders in the development and revision of Internet AUPs • publicise / consult on web filtering practices and monitor and evaluate their impacts – part of policy process • establish enhanced levels of access to web content for clinical and clinical support staff groups (e.g. librarians) 18
Questions? Catherine Ebenezer lip12cme@sheffield.ac.uk http://www.mendeley.com/profiles/catherine-ebenezer1/ @ebenezer1954 19
References • Blenkinsopp, J. (2008). Bookmarks: web blocking – giving Big Brother a run for his money. He@lth Information on the Internet, (62), 2008. • Fléchais, I., Riegelsberger, J., & Sasse, M. A. (2006). Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems. In Proceedings of the 2005 workshop on new security paradigms (pp. 33–41). ACM. • Prince, N. J., Cass, H. D., & Klaber, R. E. (2010). Accessing e-learning and e-resources. Medical Education, 44 436-437. • Provos, N., Mavrommatis, P., Rajab, M. A., & Monrose, F. (2008). All your iFRAMEs point to us. Mountain View, CA. http://research.google.com/archive/provos-2008a.pdf • Renaud, K., & Goucher, W. (2012). Health service employees and information security policies : an uneasy partnership? Information Management and Computer Security, 20(4), 296–311. • Sasse, M. A. (2015). Scaring and bullying people into security won’t work. IEEE Security and Privacy, (June), 80–83. • Technical Design Authority Group (2008). TDAG survey of access to electronic resources in healthcare libraries. London: TDAG. • Verma, S., Kavita, & Budhiraja, S. (2012). Internet security. International Journal of Computer Applications in Engineering Sciences, II(III), 210–213. • Zhang, W., & Janssen, F. (s.d.). The relationship between PR and ROC curves. Darmstadt: Technische Universität Darmstadt. http://bit.ly/2cpN7LO 20

Recommended

Access denied? Barriers for staff accessing, using and sharing published info...
Access denied? Barriers for staff accessing, using and sharing published info...Access denied? Barriers for staff accessing, using and sharing published info...
Access denied? Barriers for staff accessing, using and sharing published info...
Catherine Ebenezer
 
Strategies for success - volunteer recruitment & prevention of over-volunteer...
Strategies for success - volunteer recruitment & prevention of over-volunteer...Strategies for success - volunteer recruitment & prevention of over-volunteer...
Strategies for success - volunteer recruitment & prevention of over-volunteer...
Steffan Stringer
 
Keynote speech - Carole Goble - Jisc Digital Festival 2015
Keynote speech - Carole Goble - Jisc Digital Festival 2015Keynote speech - Carole Goble - Jisc Digital Festival 2015
Keynote speech - Carole Goble - Jisc Digital Festival 2015
Jisc
 
Data visualisations: drawing actionable insights from science and technology ...
Data visualisations: drawing actionable insights from science and technology ...Data visualisations: drawing actionable insights from science and technology ...
Data visualisations: drawing actionable insights from science and technology ...
EFSA EU
 
Incentives for modern research
Incentives for modern researchIncentives for modern research
Incentives for modern research
Jisc
 
Almaden presentation 15-dec-2015
Almaden presentation 15-dec-2015Almaden presentation 15-dec-2015
Almaden presentation 15-dec-2015
Paul Courtney
 
Facing the Data Challenge: Institutions, Disciplines, Services and Risks
Facing the Data Challenge: Institutions, Disciplines, Services and RisksFacing the Data Challenge: Institutions, Disciplines, Services and Risks
Facing the Data Challenge: Institutions, Disciplines, Services and Risks
LizLyon
 
Freeing Up Investigators' Time to Engage with Patients
Freeing Up Investigators' Time to Engage with PatientsFreeing Up Investigators' Time to Engage with Patients
Freeing Up Investigators' Time to Engage with PatientsTransPerfect Trial Interactive
 

Recommended

Access denied? Barriers for staff accessing, using and sharing published info...
Access denied? Barriers for staff accessing, using and sharing published info...Access denied? Barriers for staff accessing, using and sharing published info...
Access denied? Barriers for staff accessing, using and sharing published info...
Catherine Ebenezer
 
Strategies for success - volunteer recruitment & prevention of over-volunteer...
Strategies for success - volunteer recruitment & prevention of over-volunteer...Strategies for success - volunteer recruitment & prevention of over-volunteer...
Strategies for success - volunteer recruitment & prevention of over-volunteer...
Steffan Stringer
 
Keynote speech - Carole Goble - Jisc Digital Festival 2015
Keynote speech - Carole Goble - Jisc Digital Festival 2015Keynote speech - Carole Goble - Jisc Digital Festival 2015
Keynote speech - Carole Goble - Jisc Digital Festival 2015
Jisc
 
Data visualisations: drawing actionable insights from science and technology ...
Data visualisations: drawing actionable insights from science and technology ...Data visualisations: drawing actionable insights from science and technology ...
Data visualisations: drawing actionable insights from science and technology ...
EFSA EU
 
Incentives for modern research
Incentives for modern researchIncentives for modern research
Incentives for modern research
Jisc
 
Almaden presentation 15-dec-2015
Almaden presentation 15-dec-2015Almaden presentation 15-dec-2015
Almaden presentation 15-dec-2015
Paul Courtney
 
Facing the Data Challenge: Institutions, Disciplines, Services and Risks
Facing the Data Challenge: Institutions, Disciplines, Services and RisksFacing the Data Challenge: Institutions, Disciplines, Services and Risks
Facing the Data Challenge: Institutions, Disciplines, Services and Risks
LizLyon
 
Freeing Up Investigators' Time to Engage with Patients
Freeing Up Investigators' Time to Engage with PatientsFreeing Up Investigators' Time to Engage with Patients
Freeing Up Investigators' Time to Engage with PatientsTransPerfect Trial Interactive
 
Without data, science is merely an opinion: African Open Science Platform/Ina...
Without data, science is merely an opinion: African Open Science Platform/Ina...Without data, science is merely an opinion: African Open Science Platform/Ina...
Without data, science is merely an opinion: African Open Science Platform/Ina...
African Open Science Platform
 
Incentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
Incentivizing data sharing: a "bottom up" perspective/Louise BezuidenhoutIncentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
Incentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
African Open Science Platform
 
How you can enhance the efficiency and effectiveness of teaching and learning...
How you can enhance the efficiency and effectiveness of teaching and learning...How you can enhance the efficiency and effectiveness of teaching and learning...
How you can enhance the efficiency and effectiveness of teaching and learning...
Jisc
 
Web accessible nfro 2017 as of 08152017
Web accessible nfro 2017 as of 08152017Web accessible nfro 2017 as of 08152017
Web accessible nfro 2017 as of 08152017
Michigan State University Research
 
Research data spring: streamlining deposit
Research data spring: streamlining depositResearch data spring: streamlining deposit
Research data spring: streamlining deposit
Jisc RDM
 
Open science and data sharing: the DataFirst experience/Martin Wittenberg
Open science and data sharing: the DataFirst experience/Martin WittenbergOpen science and data sharing: the DataFirst experience/Martin Wittenberg
Open science and data sharing: the DataFirst experience/Martin Wittenberg
African Open Science Platform
 
The African Open Science Platform/Geoffrey Boulton
The African Open Science Platform/Geoffrey BoultonThe African Open Science Platform/Geoffrey Boulton
The African Open Science Platform/Geoffrey Boulton
African Open Science Platform
 
Spotlight Webinar: ROBIS
Spotlight Webinar: ROBISSpotlight Webinar: ROBIS
Spotlight Webinar: ROBIS
The National Collaborating Centre for Methods and Tools
 
Survey of research data management practices up2010
Survey of research data management practices up2010Survey of research data management practices up2010
Survey of research data management practices up2010heila1
 
INSPIRE @ IMSH 2015 ALERTs
INSPIRE @ IMSH 2015 ALERTsINSPIRE @ IMSH 2015 ALERTs
INSPIRE @ IMSH 2015 ALERTs
INSPIRE_Network
 
Creating an e-Environment for scholarship: dream or reality?
Creating an e-Environment for scholarship: dream or reality?Creating an e-Environment for scholarship: dream or reality?
Creating an e-Environment for scholarship: dream or reality?
heila1
 
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
heila1
 
The Future of Data Science @ UVA
The Future of Data Science @ UVAThe Future of Data Science @ UVA
The Future of Data Science @ UVA
Philip Bourne
 
Inn Presentation
Inn PresentationInn Presentation
Inn Presentation
Nick Sheppard
 
What does it mean to build a Citizen Science Project?
What does it mean to build a Citizen Science Project?What does it mean to build a Citizen Science Project?
What does it mean to build a Citizen Science Project?
EDINA, University of Edinburgh
 
Implementing an Institutional Repository for Leeds Met
Implementing an Institutional Repository for Leeds MetImplementing an Institutional Repository for Leeds Met
Implementing an Institutional Repository for Leeds Met
Nick Sheppard
 
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
National Information Standards Organization (NISO)
 
Spotlight Webinar: Rapid Review Guidebook
Spotlight Webinar: Rapid Review GuidebookSpotlight Webinar: Rapid Review Guidebook
Spotlight Webinar: Rapid Review Guidebook
The National Collaborating Centre for Methods and Tools
 
Alert 2014-progress-cheng
Alert 2014-progress-chengAlert 2014-progress-cheng
Alert 2014-progress-chengINSPIRE_Network
 
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
National Information Standards Organization (NISO)
 
Access to and use of Web 2.0 and social media applications within the NHS in ...
Access to and use of Web 2.0 and social media applications within the NHS in ...Access to and use of Web 2.0 and social media applications within the NHS in ...
Access to and use of Web 2.0 and social media applications within the NHS in ...
ifuturesconf
 
“Access denied”? Barriers for staff accessing, using and sharing published in...
“Access denied”? Barriers for staff accessing, using and sharing published in...“Access denied”? Barriers for staff accessing, using and sharing published in...
“Access denied”? Barriers for staff accessing, using and sharing published in...
Catherine Ebenezer
 

More Related Content

What's hot

Without data, science is merely an opinion: African Open Science Platform/Ina...
Without data, science is merely an opinion: African Open Science Platform/Ina...Without data, science is merely an opinion: African Open Science Platform/Ina...
Without data, science is merely an opinion: African Open Science Platform/Ina...
African Open Science Platform
 
Incentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
Incentivizing data sharing: a "bottom up" perspective/Louise BezuidenhoutIncentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
Incentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
African Open Science Platform
 
How you can enhance the efficiency and effectiveness of teaching and learning...
How you can enhance the efficiency and effectiveness of teaching and learning...How you can enhance the efficiency and effectiveness of teaching and learning...
How you can enhance the efficiency and effectiveness of teaching and learning...
Jisc
 
Web accessible nfro 2017 as of 08152017
Web accessible nfro 2017 as of 08152017Web accessible nfro 2017 as of 08152017
Web accessible nfro 2017 as of 08152017
Michigan State University Research
 
Research data spring: streamlining deposit
Research data spring: streamlining depositResearch data spring: streamlining deposit
Research data spring: streamlining deposit
Jisc RDM
 
Open science and data sharing: the DataFirst experience/Martin Wittenberg
Open science and data sharing: the DataFirst experience/Martin WittenbergOpen science and data sharing: the DataFirst experience/Martin Wittenberg
Open science and data sharing: the DataFirst experience/Martin Wittenberg
African Open Science Platform
 
The African Open Science Platform/Geoffrey Boulton
The African Open Science Platform/Geoffrey BoultonThe African Open Science Platform/Geoffrey Boulton
The African Open Science Platform/Geoffrey Boulton
African Open Science Platform
 
Spotlight Webinar: ROBIS
Spotlight Webinar: ROBISSpotlight Webinar: ROBIS
Spotlight Webinar: ROBIS
The National Collaborating Centre for Methods and Tools
 
Survey of research data management practices up2010
Survey of research data management practices up2010Survey of research data management practices up2010
Survey of research data management practices up2010heila1
 
INSPIRE @ IMSH 2015 ALERTs
INSPIRE @ IMSH 2015 ALERTsINSPIRE @ IMSH 2015 ALERTs
INSPIRE @ IMSH 2015 ALERTs
INSPIRE_Network
 
Creating an e-Environment for scholarship: dream or reality?
Creating an e-Environment for scholarship: dream or reality?Creating an e-Environment for scholarship: dream or reality?
Creating an e-Environment for scholarship: dream or reality?
heila1
 
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
heila1
 
The Future of Data Science @ UVA
The Future of Data Science @ UVAThe Future of Data Science @ UVA
The Future of Data Science @ UVA
Philip Bourne
 
Inn Presentation
Inn PresentationInn Presentation
Inn Presentation
Nick Sheppard
 
What does it mean to build a Citizen Science Project?
What does it mean to build a Citizen Science Project?What does it mean to build a Citizen Science Project?
What does it mean to build a Citizen Science Project?
EDINA, University of Edinburgh
 
Implementing an Institutional Repository for Leeds Met
Implementing an Institutional Repository for Leeds MetImplementing an Institutional Repository for Leeds Met
Implementing an Institutional Repository for Leeds Met
Nick Sheppard
 
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
National Information Standards Organization (NISO)
 
Spotlight Webinar: Rapid Review Guidebook
Spotlight Webinar: Rapid Review GuidebookSpotlight Webinar: Rapid Review Guidebook
Spotlight Webinar: Rapid Review Guidebook
The National Collaborating Centre for Methods and Tools
 
Alert 2014-progress-cheng
Alert 2014-progress-chengAlert 2014-progress-cheng
Alert 2014-progress-chengINSPIRE_Network
 
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
National Information Standards Organization (NISO)
 

What's hot (20)

Without data, science is merely an opinion: African Open Science Platform/Ina...
Without data, science is merely an opinion: African Open Science Platform/Ina...Without data, science is merely an opinion: African Open Science Platform/Ina...
Without data, science is merely an opinion: African Open Science Platform/Ina...
 
Incentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
Incentivizing data sharing: a "bottom up" perspective/Louise BezuidenhoutIncentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
Incentivizing data sharing: a "bottom up" perspective/Louise Bezuidenhout
 
How you can enhance the efficiency and effectiveness of teaching and learning...
How you can enhance the efficiency and effectiveness of teaching and learning...How you can enhance the efficiency and effectiveness of teaching and learning...
How you can enhance the efficiency and effectiveness of teaching and learning...
 
Web accessible nfro 2017 as of 08152017
Web accessible nfro 2017 as of 08152017Web accessible nfro 2017 as of 08152017
Web accessible nfro 2017 as of 08152017
 
Research data spring: streamlining deposit
Research data spring: streamlining depositResearch data spring: streamlining deposit
Research data spring: streamlining deposit
 
Open science and data sharing: the DataFirst experience/Martin Wittenberg
Open science and data sharing: the DataFirst experience/Martin WittenbergOpen science and data sharing: the DataFirst experience/Martin Wittenberg
Open science and data sharing: the DataFirst experience/Martin Wittenberg
 
The African Open Science Platform/Geoffrey Boulton
The African Open Science Platform/Geoffrey BoultonThe African Open Science Platform/Geoffrey Boulton
The African Open Science Platform/Geoffrey Boulton
 
Spotlight Webinar: ROBIS
Spotlight Webinar: ROBISSpotlight Webinar: ROBIS
Spotlight Webinar: ROBIS
 
Survey of research data management practices up2010
Survey of research data management practices up2010Survey of research data management practices up2010
Survey of research data management practices up2010
 
INSPIRE @ IMSH 2015 ALERTs
INSPIRE @ IMSH 2015 ALERTsINSPIRE @ IMSH 2015 ALERTs
INSPIRE @ IMSH 2015 ALERTs
 
Creating an e-Environment for scholarship: dream or reality?
Creating an e-Environment for scholarship: dream or reality?Creating an e-Environment for scholarship: dream or reality?
Creating an e-Environment for scholarship: dream or reality?
 
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
Visit of the Principal, Prof C de la Rey to the UP Library, 18 June 2010
 
The Future of Data Science @ UVA
The Future of Data Science @ UVAThe Future of Data Science @ UVA
The Future of Data Science @ UVA
 
Inn Presentation
Inn PresentationInn Presentation
Inn Presentation
 
What does it mean to build a Citizen Science Project?
What does it mean to build a Citizen Science Project?What does it mean to build a Citizen Science Project?
What does it mean to build a Citizen Science Project?
 
Implementing an Institutional Repository for Leeds Met
Implementing an Institutional Repository for Leeds MetImplementing an Institutional Repository for Leeds Met
Implementing an Institutional Repository for Leeds Met
 
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
June 18 NISO Virtual Conference: Keynote Speaker: Altmetrics at the Portfolio...
 
Spotlight Webinar: Rapid Review Guidebook
Spotlight Webinar: Rapid Review GuidebookSpotlight Webinar: Rapid Review Guidebook
Spotlight Webinar: Rapid Review Guidebook
 
Alert 2014-progress-cheng
Alert 2014-progress-chengAlert 2014-progress-cheng
Alert 2014-progress-cheng
 
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within Al...
 

Similar to Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice

Access to and use of Web 2.0 and social media applications within the NHS in ...
Access to and use of Web 2.0 and social media applications within the NHS in ...Access to and use of Web 2.0 and social media applications within the NHS in ...
Access to and use of Web 2.0 and social media applications within the NHS in ...
ifuturesconf
 
“Access denied”? Barriers for staff accessing, using and sharing published in...
“Access denied”? Barriers for staff accessing, using and sharing published in...“Access denied”? Barriers for staff accessing, using and sharing published in...
“Access denied”? Barriers for staff accessing, using and sharing published in...
Catherine Ebenezer
 
Social media applications within the NHS: role and impact of organisational c...
Social media applications within the NHS: role and impact of organisational c...Social media applications within the NHS: role and impact of organisational c...
Social media applications within the NHS: role and impact of organisational c...
Catherine Ebenezer
 
Researching Data Privacy in eLearning
Researching Data Privacy in eLearningResearching Data Privacy in eLearning
Researching Data Privacy in eLearning
Malinka Ivanova
 
Researching Data Privacy in eLearning
Researching Data Privacy in eLearningResearching Data Privacy in eLearning
Researching Data Privacy in eLearning
Gabriela Grosseck
 
Griffiths lace workshop-eden-2016
Griffiths lace workshop-eden-2016Griffiths lace workshop-eden-2016
Griffiths lace workshop-eden-2016
Dai Griffiths
 
Olivia Velez - Requirements Analysis for an mHealth Application with Midwive...
Olivia Velez - Requirements Analysis for an mHealth Application with Midwive...Olivia Velez - Requirements Analysis for an mHealth Application with Midwive...
Olivia Velez - Requirements Analysis for an mHealth Application with Midwive...Johns Hopkins
 
Crossing the Threshold: Clinical Portals from a Site Perspective
Crossing the Threshold: Clinical Portals from a Site Perspective Crossing the Threshold: Clinical Portals from a Site Perspective
Crossing the Threshold: Clinical Portals from a Site Perspective
Intralinks
 
Chapter 23
Chapter 23Chapter 23
Chapter 23bodo-con
 
GLOBAL HEALTH TRIALS Overview
GLOBAL HEALTH TRIALS OverviewGLOBAL HEALTH TRIALS Overview
GLOBAL HEALTH TRIALS Overview
Prof .Dr. SREEDHAR TIRUNAGARI ,MD
 
Access to e-resources within the NHS in England: the role and impact of organ...
Access to e-resources within the NHS in England: the role and impact of organ...Access to e-resources within the NHS in England: the role and impact of organ...
Access to e-resources within the NHS in England: the role and impact of organ...
Catherine Ebenezer
 
4A-2015 April CLMA LabHIT SAFER PPT
4A-2015 April CLMA LabHIT SAFER PPT4A-2015 April CLMA LabHIT SAFER PPT
4A-2015 April CLMA LabHIT SAFER PPTMegan Sawchuk
 
Comp8 unit8a lecture_slides
Comp8 unit8a lecture_slidesComp8 unit8a lecture_slides
Comp8 unit8a lecture_slides
CMDLMS
 
2016 IQPC 13th Laboratory Informatics Summit Preparing for Possibly, Maybe, H...
2016 IQPC 13th Laboratory Informatics Summit Preparing for Possibly, Maybe, H...2016 IQPC 13th Laboratory Informatics Summit Preparing for Possibly, Maybe, H...
2016 IQPC 13th Laboratory Informatics Summit Preparing for Possibly, Maybe, H...
Bruce Kozuma
 
Cyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataCyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded data
TecnoIncentive
 
Learning analytics at the intersections of student trust, disclosure and benefit
Learning analytics at the intersections of student trust, disclosure and benefitLearning analytics at the intersections of student trust, disclosure and benefit
Learning analytics at the intersections of student trust, disclosure and benefit
University of South Africa (Unisa)
 
technology in health education.pptx technology
technology in health education.pptx technologytechnology in health education.pptx technology
technology in health education.pptx technology
NameNoordahsh
 
technology in health education.pptxtechn
technology in health education.pptxtechntechnology in health education.pptxtechn
technology in health education.pptxtechn
NameNoordahsh
 
Barriers to, and enablers of, adoption of technology enabled care services
Barriers to, and enablers of, adoption of technology enabled care servicesBarriers to, and enablers of, adoption of technology enabled care services
Barriers to, and enablers of, adoption of technology enabled care services
Innovation Agency
 
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
e-SIDES.eu
 

Similar to Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice (20)

Access to and use of Web 2.0 and social media applications within the NHS in ...
Access to and use of Web 2.0 and social media applications within the NHS in ...Access to and use of Web 2.0 and social media applications within the NHS in ...
Access to and use of Web 2.0 and social media applications within the NHS in ...
 
“Access denied”? Barriers for staff accessing, using and sharing published in...
“Access denied”? Barriers for staff accessing, using and sharing published in...“Access denied”? Barriers for staff accessing, using and sharing published in...
“Access denied”? Barriers for staff accessing, using and sharing published in...
 
Social media applications within the NHS: role and impact of organisational c...
Social media applications within the NHS: role and impact of organisational c...Social media applications within the NHS: role and impact of organisational c...
Social media applications within the NHS: role and impact of organisational c...
 
Researching Data Privacy in eLearning
Researching Data Privacy in eLearningResearching Data Privacy in eLearning
Researching Data Privacy in eLearning
 
Researching Data Privacy in eLearning
Researching Data Privacy in eLearningResearching Data Privacy in eLearning
Researching Data Privacy in eLearning
 
Griffiths lace workshop-eden-2016
Griffiths lace workshop-eden-2016Griffiths lace workshop-eden-2016
Griffiths lace workshop-eden-2016
 
Olivia Velez - Requirements Analysis for an mHealth Application with Midwive...
Olivia Velez - Requirements Analysis for an mHealth Application with Midwive...Olivia Velez - Requirements Analysis for an mHealth Application with Midwive...
Olivia Velez - Requirements Analysis for an mHealth Application with Midwive...
 
Crossing the Threshold: Clinical Portals from a Site Perspective
Crossing the Threshold: Clinical Portals from a Site Perspective Crossing the Threshold: Clinical Portals from a Site Perspective
Crossing the Threshold: Clinical Portals from a Site Perspective
 
Chapter 23
Chapter 23Chapter 23
Chapter 23
 
GLOBAL HEALTH TRIALS Overview
GLOBAL HEALTH TRIALS OverviewGLOBAL HEALTH TRIALS Overview
GLOBAL HEALTH TRIALS Overview
 
Access to e-resources within the NHS in England: the role and impact of organ...
Access to e-resources within the NHS in England: the role and impact of organ...Access to e-resources within the NHS in England: the role and impact of organ...
Access to e-resources within the NHS in England: the role and impact of organ...
 
4A-2015 April CLMA LabHIT SAFER PPT
4A-2015 April CLMA LabHIT SAFER PPT4A-2015 April CLMA LabHIT SAFER PPT
4A-2015 April CLMA LabHIT SAFER PPT
 
Comp8 unit8a lecture_slides
Comp8 unit8a lecture_slidesComp8 unit8a lecture_slides
Comp8 unit8a lecture_slides
 
2016 IQPC 13th Laboratory Informatics Summit Preparing for Possibly, Maybe, H...
2016 IQPC 13th Laboratory Informatics Summit Preparing for Possibly, Maybe, H...2016 IQPC 13th Laboratory Informatics Summit Preparing for Possibly, Maybe, H...
2016 IQPC 13th Laboratory Informatics Summit Preparing for Possibly, Maybe, H...
 
Cyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataCyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded data
 
Learning analytics at the intersections of student trust, disclosure and benefit
Learning analytics at the intersections of student trust, disclosure and benefitLearning analytics at the intersections of student trust, disclosure and benefit
Learning analytics at the intersections of student trust, disclosure and benefit
 
technology in health education.pptx technology
technology in health education.pptx technologytechnology in health education.pptx technology
technology in health education.pptx technology
 
technology in health education.pptxtechn
technology in health education.pptxtechntechnology in health education.pptxtechn
technology in health education.pptxtechn
 
Barriers to, and enablers of, adoption of technology enabled care services
Barriers to, and enablers of, adoption of technology enabled care servicesBarriers to, and enablers of, adoption of technology enabled care services
Barriers to, and enablers of, adoption of technology enabled care services
 
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
 

More from Catherine Ebenezer

Libraries, learning and information meeting the future needs of healthcare st...
Libraries, learning and information meeting the future needs of healthcare st...Libraries, learning and information meeting the future needs of healthcare st...
Libraries, learning and information meeting the future needs of healthcare st...
Catherine Ebenezer
 
E-resources in Tees, Esk and Wear Valleys NHS Foundation Trust
E-resources in Tees, Esk and Wear Valleys NHS Foundation TrustE-resources in Tees, Esk and Wear Valleys NHS Foundation Trust
E-resources in Tees, Esk and Wear Valleys NHS Foundation Trust
Catherine Ebenezer
 
Use of the SHALL online toolkit for impact assessment: TEWV LIS’s impact study
Use of the SHALL online toolkit for impact assessment: TEWV LIS’s impact studyUse of the SHALL online toolkit for impact assessment: TEWV LIS’s impact study
Use of the SHALL online toolkit for impact assessment: TEWV LIS’s impact studyCatherine Ebenezer
 
Embedding the Team Knowledge Officer role within clinical teams via a pilot c...
Embedding the Team Knowledge Officer role within clinical teams via a pilot c...Embedding the Team Knowledge Officer role within clinical teams via a pilot c...
Embedding the Team Knowledge Officer role within clinical teams via a pilot c...Catherine Ebenezer
 
Key developments in electronic delivery in LIS 2005-2008
Key developments in electronic delivery in LIS 2005-2008Key developments in electronic delivery in LIS 2005-2008
Key developments in electronic delivery in LIS 2005-2008Catherine Ebenezer
 
Knowledge management in mental health services: the role of NHS libraries
Knowledge management in mental health services: the role of NHS librariesKnowledge management in mental health services: the role of NHS libraries
Knowledge management in mental health services: the role of NHS librariesCatherine Ebenezer
 
Literature searching for research
Literature searching for researchLiterature searching for research
Literature searching for research
Catherine Ebenezer
 

More from Catherine Ebenezer (7)

Libraries, learning and information meeting the future needs of healthcare st...
Libraries, learning and information meeting the future needs of healthcare st...Libraries, learning and information meeting the future needs of healthcare st...
Libraries, learning and information meeting the future needs of healthcare st...
 
E-resources in Tees, Esk and Wear Valleys NHS Foundation Trust
E-resources in Tees, Esk and Wear Valleys NHS Foundation TrustE-resources in Tees, Esk and Wear Valleys NHS Foundation Trust
E-resources in Tees, Esk and Wear Valleys NHS Foundation Trust
 
Use of the SHALL online toolkit for impact assessment: TEWV LIS’s impact study
Use of the SHALL online toolkit for impact assessment: TEWV LIS’s impact studyUse of the SHALL online toolkit for impact assessment: TEWV LIS’s impact study
Use of the SHALL online toolkit for impact assessment: TEWV LIS’s impact study
 
Embedding the Team Knowledge Officer role within clinical teams via a pilot c...
Embedding the Team Knowledge Officer role within clinical teams via a pilot c...Embedding the Team Knowledge Officer role within clinical teams via a pilot c...
Embedding the Team Knowledge Officer role within clinical teams via a pilot c...
 
Key developments in electronic delivery in LIS 2005-2008
Key developments in electronic delivery in LIS 2005-2008Key developments in electronic delivery in LIS 2005-2008
Key developments in electronic delivery in LIS 2005-2008
 
Knowledge management in mental health services: the role of NHS libraries
Knowledge management in mental health services: the role of NHS librariesKnowledge management in mental health services: the role of NHS libraries
Knowledge management in mental health services: the role of NHS libraries
 
Literature searching for research
Literature searching for researchLiterature searching for research
Literature searching for research
 

Recently uploaded

Sex determination from mandible pelvis and skull
Sex determination from mandible pelvis and skullSex determination from mandible pelvis and skull
Sex determination from mandible pelvis and skull
ShashankRoodkee
 
Top-Vitamin-Supplement-Brands-in-India List
Top-Vitamin-Supplement-Brands-in-India ListTop-Vitamin-Supplement-Brands-in-India List
Top-Vitamin-Supplement-Brands-in-India List
SwisschemDerma
 
How STIs Influence the Development of Pelvic Inflammatory Disease.pptx
How STIs Influence the Development of Pelvic Inflammatory Disease.pptxHow STIs Influence the Development of Pelvic Inflammatory Disease.pptx
How STIs Influence the Development of Pelvic Inflammatory Disease.pptx
FFragrant
 
Pictures of Superficial & Deep Fascia.ppt.pdf
Pictures of Superficial & Deep Fascia.ppt.pdfPictures of Superficial & Deep Fascia.ppt.pdf
Pictures of Superficial & Deep Fascia.ppt.pdf
Dr. Rabia Inam Gandapore
 
ANATOMY AND PHYSIOLOGY OF URINARY SYSTEM.pptx
ANATOMY AND PHYSIOLOGY OF URINARY SYSTEM.pptxANATOMY AND PHYSIOLOGY OF URINARY SYSTEM.pptx
ANATOMY AND PHYSIOLOGY OF URINARY SYSTEM.pptx
Swetaba Besh
 
Aortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 BernAortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 Bern
suvadeepdas911
 
Physiology of Special Chemical Sensation of Taste
Physiology of Special Chemical Sensation of TastePhysiology of Special Chemical Sensation of Taste
Physiology of Special Chemical Sensation of Taste
MedicoseAcademics
 
Novas diretrizes da OMS para os cuidados perinatais de mais qualidade
Novas diretrizes da OMS para os cuidados perinatais de mais qualidadeNovas diretrizes da OMS para os cuidados perinatais de mais qualidade
Novas diretrizes da OMS para os cuidados perinatais de mais qualidade
Prof. Marcus Renato de Carvalho
 
Cervical & Brachial Plexus By Dr. RIG.pptx
Cervical & Brachial Plexus By Dr. RIG.pptxCervical & Brachial Plexus By Dr. RIG.pptx
Cervical & Brachial Plexus By Dr. RIG.pptx
Dr. Rabia Inam Gandapore
 
Cardiac Assessment for B.sc Nursing Student.pdf
Cardiac Assessment for B.sc Nursing Student.pdfCardiac Assessment for B.sc Nursing Student.pdf
Cardiac Assessment for B.sc Nursing Student.pdf
shivalingatalekar1
 
Identification and nursing management of congenital malformations .pptx
Identification and nursing management of congenital malformations .pptxIdentification and nursing management of congenital malformations .pptx
Identification and nursing management of congenital malformations .pptx
MGM SCHOOL/COLLEGE OF NURSING
 
SURGICAL ANATOMY OF THE RETROPERITONEUM, ADRENALS, KIDNEYS AND URETERS.pptx
SURGICAL ANATOMY OF THE RETROPERITONEUM, ADRENALS, KIDNEYS AND URETERS.pptxSURGICAL ANATOMY OF THE RETROPERITONEUM, ADRENALS, KIDNEYS AND URETERS.pptx
SURGICAL ANATOMY OF THE RETROPERITONEUM, ADRENALS, KIDNEYS AND URETERS.pptx
Bright Chipili
 
Superficial & Deep Fascia of the NECK.pptx
Superficial & Deep Fascia of the NECK.pptxSuperficial & Deep Fascia of the NECK.pptx
Superficial & Deep Fascia of the NECK.pptx
Dr. Rabia Inam Gandapore
 
Colonic and anorectal physiology with surgical implications
Colonic and anorectal physiology with surgical implicationsColonic and anorectal physiology with surgical implications
Colonic and anorectal physiology with surgical implications
Dr Maria Tamanna
 
micro teaching on communication m.sc nursing.pdf
micro teaching on communication m.sc nursing.pdfmicro teaching on communication m.sc nursing.pdf
micro teaching on communication m.sc nursing.pdf
Anurag Sharma
 
Ophthalmology Clinical Tests for OSCE exam
Ophthalmology Clinical Tests for OSCE examOphthalmology Clinical Tests for OSCE exam
Ophthalmology Clinical Tests for OSCE exam
KafrELShiekh University
 
Light House Retreats: Plant Medicine Retreat Europe
Light House Retreats: Plant Medicine Retreat EuropeLight House Retreats: Plant Medicine Retreat Europe
Light House Retreats: Plant Medicine Retreat Europe
Lighthouse Retreat
 
BRACHYTHERAPY OVERVIEW AND APPLICATORS
BRACHYTHERAPY OVERVIEW AND APPLICATORSBRACHYTHERAPY OVERVIEW AND APPLICATORS
BRACHYTHERAPY OVERVIEW AND APPLICATORS
Krishan Murari
 
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic ApproachIntegrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Ayurveda ForAll
 
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptxThyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Dr. Rabia Inam Gandapore
 

Recently uploaded (20)

Sex determination from mandible pelvis and skull
Sex determination from mandible pelvis and skullSex determination from mandible pelvis and skull
Sex determination from mandible pelvis and skull
 
Top-Vitamin-Supplement-Brands-in-India List
Top-Vitamin-Supplement-Brands-in-India ListTop-Vitamin-Supplement-Brands-in-India List
Top-Vitamin-Supplement-Brands-in-India List
 
How STIs Influence the Development of Pelvic Inflammatory Disease.pptx
How STIs Influence the Development of Pelvic Inflammatory Disease.pptxHow STIs Influence the Development of Pelvic Inflammatory Disease.pptx
How STIs Influence the Development of Pelvic Inflammatory Disease.pptx
 
Pictures of Superficial & Deep Fascia.ppt.pdf
Pictures of Superficial & Deep Fascia.ppt.pdfPictures of Superficial & Deep Fascia.ppt.pdf
Pictures of Superficial & Deep Fascia.ppt.pdf
 
ANATOMY AND PHYSIOLOGY OF URINARY SYSTEM.pptx
ANATOMY AND PHYSIOLOGY OF URINARY SYSTEM.pptxANATOMY AND PHYSIOLOGY OF URINARY SYSTEM.pptx
ANATOMY AND PHYSIOLOGY OF URINARY SYSTEM.pptx
 
Aortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 BernAortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 Bern
 
Physiology of Special Chemical Sensation of Taste
Physiology of Special Chemical Sensation of TastePhysiology of Special Chemical Sensation of Taste
Physiology of Special Chemical Sensation of Taste
 
Novas diretrizes da OMS para os cuidados perinatais de mais qualidade
Novas diretrizes da OMS para os cuidados perinatais de mais qualidadeNovas diretrizes da OMS para os cuidados perinatais de mais qualidade
Novas diretrizes da OMS para os cuidados perinatais de mais qualidade
 
Cervical & Brachial Plexus By Dr. RIG.pptx
Cervical & Brachial Plexus By Dr. RIG.pptxCervical & Brachial Plexus By Dr. RIG.pptx
Cervical & Brachial Plexus By Dr. RIG.pptx
 
Cardiac Assessment for B.sc Nursing Student.pdf
Cardiac Assessment for B.sc Nursing Student.pdfCardiac Assessment for B.sc Nursing Student.pdf
Cardiac Assessment for B.sc Nursing Student.pdf
 
Identification and nursing management of congenital malformations .pptx
Identification and nursing management of congenital malformations .pptxIdentification and nursing management of congenital malformations .pptx
Identification and nursing management of congenital malformations .pptx
 
SURGICAL ANATOMY OF THE RETROPERITONEUM, ADRENALS, KIDNEYS AND URETERS.pptx
SURGICAL ANATOMY OF THE RETROPERITONEUM, ADRENALS, KIDNEYS AND URETERS.pptxSURGICAL ANATOMY OF THE RETROPERITONEUM, ADRENALS, KIDNEYS AND URETERS.pptx
SURGICAL ANATOMY OF THE RETROPERITONEUM, ADRENALS, KIDNEYS AND URETERS.pptx
 
Superficial & Deep Fascia of the NECK.pptx
Superficial & Deep Fascia of the NECK.pptxSuperficial & Deep Fascia of the NECK.pptx
Superficial & Deep Fascia of the NECK.pptx
 
Colonic and anorectal physiology with surgical implications
Colonic and anorectal physiology with surgical implicationsColonic and anorectal physiology with surgical implications
Colonic and anorectal physiology with surgical implications
 
micro teaching on communication m.sc nursing.pdf
micro teaching on communication m.sc nursing.pdfmicro teaching on communication m.sc nursing.pdf
micro teaching on communication m.sc nursing.pdf
 
Ophthalmology Clinical Tests for OSCE exam
Ophthalmology Clinical Tests for OSCE examOphthalmology Clinical Tests for OSCE exam
Ophthalmology Clinical Tests for OSCE exam
 
Light House Retreats: Plant Medicine Retreat Europe
Light House Retreats: Plant Medicine Retreat EuropeLight House Retreats: Plant Medicine Retreat Europe
Light House Retreats: Plant Medicine Retreat Europe
 
BRACHYTHERAPY OVERVIEW AND APPLICATORS
BRACHYTHERAPY OVERVIEW AND APPLICATORSBRACHYTHERAPY OVERVIEW AND APPLICATORS
BRACHYTHERAPY OVERVIEW AND APPLICATORS
 
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic ApproachIntegrating Ayurveda into Parkinson’s Management: A Holistic Approach
Integrating Ayurveda into Parkinson’s Management: A Holistic Approach
 
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptxThyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
 

Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice

  • 1. Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice Catherine Ebenezer PhD student, Information School, University of Sheffield Health Libraries Group Conference, Scarborough 16th September 2016 Supervisors: Professor Peter Bath, Professor Stephen Pinfield 1
  • 2. “People assume that abusing the Internet is an IT problem … it isn’t an IT problem, it’s a management problem.” Retired NHS IT manager Shouldn’t we be managing the risks more effectively in order to allow learners the freedom to use IT resources to better effect? Prince et al. (2010, p. 437) 2
  • 3. Overview • Introduction and background • Web application blocking: earlier findings • Research questions and issues • Methodology and methods • Web use at work – a risk? • Approaches to managing information security • Secure web gateways / web proxies • False positives – the ROC curve • Findings / Discussion • Recommendations • Questions 3
  • 4. Introduction and background • LIS Manager in mental health NHS FT 2008-2012 • Variety of technological barriers / hindrances to information seeking, teaching and learning, clinical and management decision-making – ascribed variously to: • Information governance/ information security • IT infrastructure policies and practices • Communications policy • Blocking of ‘legitimate’ websites • Obstacles to use of particular content types and applications • Social media / Web 2.0 a particular problem • Implications? 4
  • 5. Web application blocking 77 57 51 69 35 25 11 9 0 10 20 30 40 50 60 70 80 90 Social networking applications Wikis and blogs Communication tools Discussion forums Webmail E-journals* E-books* Online databases 5 % of trusts SHALL IT subgroup survey of NHS librarians (2008)) *’core content’ or locally purchased Impacts
  • 6. Research questions / issues • The nature and extent of restrictions on access to the World Wide Web within NHS organisations arising from organisational policies and practices • Their impacts on professional information seeking and sharing, and working practices in general • The attitudes, presuppositions and practices which bear on how web filtering is implemented within NHS trusts, in relation to overall organisational strategies 6 • Web filtering devices and their limitations Differing stakeholder perspectives involved • Attitudes to / assumptions about (information governance, information security) risks • NB distinction between websites and web applications Part of a wider study of access to information for learning and teaching
  • 7. Methodology and methods Exploratory case study • Unit(s) of analysis • One or more NHS trusts of different types (DGH + community services, MH + community services, teaching hospital) • Methods • Semi-structured interviews with key informants (10+ per trust) • selected via purposive / snowball sampling • representing a variety of perspectives: • Clinician education and staff development • Library and information • Communications • Information governance • IT management, esp. network security and PC support • Human resources • Workforce development 7
  • 8. Methodology and methods Exploratory case study • Methods (cont’d) • Interviews with other key informants: NHS Evidence, medical school e-learning lead, secure web gateway vendor • Gained additional perspectives • Documentary analysis – selective / ad hoc • Background • Policies and strategies: IT, LIS, workforce development, information governance, Internet AUPs • Codes and standards • Reports and reviews • Statements of values • Security device documentation • Thematic analysis using NVivo 8
  • 9. Web use at work – a risk? Categories of potential risk to the organisation: • Legal – employers can be legally liable for staff accessing and distributing illegal material • Child pornography and other obscene material or racially inflammatory material, racial or sexual harassment, discrimination, hacking, the defamation of management, customers or competitors, software piracy, copyright infringement, fraud, and breaches of the Data Protection Act • Security - ??? risks from websites and web applications • Web-borne malware – major security threat – but …. • NB not a close correlation between subject matter of web content type of content and malware risk - Provos et al. (2008) • Productivity - ??? • Network bandwidth clogged / performance degraded • Staff wasting time • Positive effects? 9
  • 10. Approaches to managing information security (adapted from Fléchais et al., 2006) 10 Category Description Example Technical Prevent Stop attacks from occurring Firewalls, secure web gateways, access control etc. Detect Notice and identify attacks Monitoring of web use – not routinely permitted under UK law React Stop or mitigate an attack Automated response systems linked to intrusion detection systems Deter Discourage misuse Visibility of countermeasures Social Prevent Stop attacks from occurring AUPs; rules on locking screens, rules against p/w sharing, etc. Detect Notice and identify attacks Sysadmins, alert users, auditing React Stop or mitigate an attack Sysadmins or emergency response teams Deter Discourage misuse Prosecution, disciplinary action
  • 11. Secure web gateways / web proxies • Sit at perimeter of organisation’s network – enforce acceptable use policies • Commonly in use: Forcepoint (formerly Websense), Smoothwall, Bloxx, Trustwave WebMarshal, Webroot, etc. • Two roles: • Authorisation and authentication / filters ‘inappropriate’ content • Blocks web-borne malware • SWGs are able to categorise URLs and to analyse and manipulate scripts on web pages • Main mechanisms: • Blacklists (may be third-party) • ‘On the fly’ via machine learning / content categorisation – ‘black box’ – commercially confidential 11
  • 12. False positives / the ROC curve As sensitivity increases, specificity / accuracy declines 12 Zhang and Janssen, s.d.
  • 13. Results • Blocking of websites a problem frequently reported to NICE by librarians • District general hospital (DGH) and mental health services (MH) reported very few instances of website blocking • When a legitimate website blocked, IT department had unblocked it promptly once reported • Pharmacists most affected; instances of website blocking at MH usually related to substance misuse, eating disorders or sexuality • Staff at teaching hospital (TH) experienced greatest number of obstacles to information-seeking caused by blocking of legitimate websites • Reported frequencies of blocking varied from ‘every two months’ to ‘constant’ or ‘daily, probably’ • Affected the work of clinical educators in particular • Most blocked sites not reported to IT department 13
  • 15. Results • Much decision-making in relation to information security issues was tacit – IT managers did not explicitly discuss risk • IT security managers reported not having time to evaluate the effectiveness or impact of the SWGs they deployed • Depended on reports from users (via calls logged with trust helpdesk) of false positives • Likely to accept default configurations and categorisations of content offered by suppliers • IT manager at TH appeared aware (via emails sent to him) of the inconvenience caused to users by false positives • Main focus of attention and concern at TH and MH: potential security risks or impact on network traffic presented by ‘recreational’/ non-work use of the web 15
  • 16. Results • TH had explicit policy of blocking advertising • Claimed to mitigate potential security threat of ‘malvertising’ (web- borne malware spread via syndicated advertising) • Sometimes seemed to have effect of blocking entire site content • Likely factor in high number of blocked websites • Possible factor: TH SWG’s lack of specificity in identifying and blocking inappropriate or compromised content • Neither librarians nor IT managers aware of national whitelist of sites not to be blocked • No relationship found between IG / IT structures and levels of blocking • But communication between IT and IG in TH very poor 16
  • 17. Discussion •“First, do no harm …” Hippocratic oath • IT staff should be at pains to avoid blocking the good when attempting to prevent the bad (Verma et al., 2012) • “Users … don’t pursue innovative ideas because they can’t face any more ‘battles with security’ that they anticipate on the way to realising those ideas” • Users’ experiencing false positives reduces the overall credibility of information security • (Sasse, 2015) 17
  • 18. Recommendations • National whitelist: • Efforts needed to engage librarians with reporting / maintenance / updating • Put in place robust local systems for IT departments to be notified of updates • Responses to information security incidents should be proportionate • IT and IG departments should: • encourage the reporting of false positives as applicable • institute processes for responding promptly to unblocking requests • consult more widely with stakeholders in the development and revision of Internet AUPs • publicise / consult on web filtering practices and monitor and evaluate their impacts – part of policy process • establish enhanced levels of access to web content for clinical and clinical support staff groups (e.g. librarians) 18
  • 20. References • Blenkinsopp, J. (2008). Bookmarks: web blocking – giving Big Brother a run for his money. He@lth Information on the Internet, (62), 2008. • Fléchais, I., Riegelsberger, J., & Sasse, M. A. (2006). Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems. In Proceedings of the 2005 workshop on new security paradigms (pp. 33–41). ACM. • Prince, N. J., Cass, H. D., & Klaber, R. E. (2010). Accessing e-learning and e-resources. Medical Education, 44 436-437. • Provos, N., Mavrommatis, P., Rajab, M. A., & Monrose, F. (2008). All your iFRAMEs point to us. Mountain View, CA. http://research.google.com/archive/provos-2008a.pdf • Renaud, K., & Goucher, W. (2012). Health service employees and information security policies : an uneasy partnership? Information Management and Computer Security, 20(4), 296–311. • Sasse, M. A. (2015). Scaring and bullying people into security won’t work. IEEE Security and Privacy, (June), 80–83. • Technical Design Authority Group (2008). TDAG survey of access to electronic resources in healthcare libraries. London: TDAG. • Verma, S., Kavita, & Budhiraja, S. (2012). Internet security. International Journal of Computer Applications in Engineering Sciences, II(III), 210–213. • Zhang, W., & Janssen, F. (s.d.). The relationship between PR and ROC curves. Darmstadt: Technische Universität Darmstadt. http://bit.ly/2cpN7LO 20

Editor's Notes

  1. Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice
  2. As we start, a couple of thoughts for you about proportionality in the management of risk in relation to use of the web … From one of my respondents And two medical education researchers
  3. The work reported here formed part of a wider study of technological and organisational barriers to information seeking, use and sharing within the NHS. My presentation focuses on the blocking of websites.
  4. My library was part of a Medical Education and Development Department As a librarian I was concerned with access to information – as a fundamental professional value Barriers a source of much discussion and complaint – not just by me, but by others – complaints made to the Chief Executive! When investigated informally they were explained or justified to me as relating to a number of different organisational issues or factors Hindrances (discussed in more detail later) included Blocking of websites e-journals, union catalogues such as COPAC, official websites) Unable to download podcasts Unable to use many web applications It seemed that significant barriers were thereby being presented to: Information seeking to support clinical and management decision-making Teaching of students CPD and e-learning Networking with professional peers Clinical practice With possible adverse consequences for quality of care?
  5. There has been very little previous research on this. The effects of blocking of access to consumer health resources has been studied in the USA The MAIPLE project (Loughborough University) and McMenemy and associates at Strathclyde have studied website blocking in British public libraries Prince, Cass and Klaber (2009), whose work I quoted earlier, studies access to resources for medical education Blenkinsopp’s LIS-MEDICAL post about website blocking, and an article he published in the Health Information on the Internet, led to … … a piece of work you may remember Survey conducted among NHS librarians in England in autumn 2008, published 2009 – Blenkinsopp’s work led to the former Technical Design Authority Group undertaking this Note how discussion forums, wikis, blogs, and SNS are frequently blocked – would include things such as iCSP, RCSLT Discussion Groups etc. I wasn’t able to run the survey again as part of my research, for research governance reasons – it wouldn’t have been practical. I feel strongly, however, that this survey should be re-run, to see how far we have progressed in the last eight years, or not …
  6. Essentially this is about: What is going on? What effects is it having? Why is it happening?
  7. Two groups of staff: clinicians with staff development responsibilities, and non-clinicians with relevant perspectives: Clinicians were medical, AHP, nursing, pharmacy Had hoped to recruit a psychologist in MH but failed! Maybe should have interviewed midwives in DGH and TH Stratified sample of respondents
  8. I conducted other interviews with other key informants. Unable to recruit publishers. Not conducted systematic documentary analysis – was ad hoc / as indicated, mostly AUPs Wasn’t able to get hold of technical documentation for security devices – only promotional material The major themes emerged from the process of coding. Wrote up in a matrix format: major themes vs. interview topics
  9. I thought I would talk about some of the different types of security risk relating to web use. We cannot live without the World Wide Web, but … access to it does present significant risks. What I am saying here concerns mainly non-work-related web use, but legitimate use can present issues as well … I am trying to convey some of the complexities. Threats can be categorised as legal, security-related and productivity-related You may think: OK to block illegal material, but impossible to block everything potentially illegal, especially where copyright infringement is concerned – cannot stop cut/paste, saving images, etc. Sometimes cited as a reason to block YouTube, as includes pirate versions of TV programmes! In US health care organisations, Web-borne malware attacks now among the most common forms of security incident (Ponemon report, February 2016) Important to note that legitimate websites can be compromised via a variety of mechanisms, including drive-by downloads, malvertising and so-called search engine poisoning / DNS poisoning – DNS information is deliberately corrupted to point to an infected site. Also that there is no behavioural defence these forms of compromise – any site can be compromised – all you have to do is visit the page – and, if it’s a zero-day exploit and your AV doesn’t recognise it and block it, you have malware on your computer … Personal web use at work (PWU) is also referred to in the literature as cyber loafing or cyberslacking Many different types of PWU – some relatively innocent, some nefarious (see under ‘Legal’ on the slide) Many organisations allow sensible PWU during breaks – analogy with use of telephones Most of us have look at the news, silly cat videos, etc. at some stage of our lives … Adverse effects on productivity of PWU are disputed: some research shows positive effects associated with personal web use, such as increased productivity and job satisfaction, improved morale, relief of stress, and improved work-life balance Attempts to regulate PWU may have adverse effects, e.g. reduced organisational trust, lower staff morale
  10. Just to set web filtering in context: the table on this slide represents the main approaches to managing information security as a whole, much of which is applicable to the management of PWU. Approaches can be categorised as either technical or social, and can be further divided into measures to prevent, detect, react to or deter computer misuse. Note that routine monitoring of individual web use is not allowable under British law – RIPA and its associated code of practice - IT departments can only monitor individual web use at a manager’s request if misuse is suspected. The role of the acceptable use policy – to prevent and discourage misuse – specifies disciplinary sanctions for different forms of misuse The NHS tends to favour technological rather than social measures for managing information security.
  11. Am going to focus on web filtering in my discussion; there are, however, issues about the security of browsers and plugins with which you may be familiar, e.g. regarding older browser versions, Java, ActiveX controls, Shockwave, Flash – Secunia Research’s 2016 Vulnerability Review found that among the five most popular web browsers (Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Safari), 1,114 vulnerabilities were discovered in 2015, and the majority were rated highly critical. Unfortunately, as we know, browser security controls enforced via group policies can impinge on access to information. An important type of security device commonly used within the NHS is the secure web gateway (SWG), also known as a web proxy . The popularity of these as security devices has increased in response to the increased incidence of web-borne threats. They sit at the organisation’s perimeter, and all web traffic has to pass through them. (However, the Sophos report of August 2016 on cybersecurity in the NHS suggests that only 38% of respondents indicated that their organisation was using web gateway scanning.) SWGs have two roles: 1) they perform security-related tasks such as authorisation and authentication relating to web content requests sent from a user’s browser, rejecting requests which do not meet the configured criteria; 2) they examine the requested content for malware and other threats before sending it to the user. One can say that their role in 1) is to represent and enforce the AUP … Content categories are established by the system vendor. These categorisations vary considerably. One may legitimately ask, therefore, what values does this categorisation represent? SWGs vary in the accuracy of their filtering … which brings us to …
  12. Main problem with web filtering devices in general – blocking of legitimate websites = false positives – these are what cause grief to users and librarians, and makes their so controversial. No device is perfect – there is a trade-off between specificity and sensitivity Relationship between specificity and sensitivity may be represented graphically via the ROC – receiver operating characteristic Blue line – useless device Yellow line – excellent device Purple line – decent device A perfect device would have the line right up to the top and against the left hand side!
  13. The high incidence of blocking of websites at a teaching hospital surprised me immensely – no apparent correlation with research and teaching activity / research ‘culture’ One clinical educator reported taking work home on many evenings a week to avoid website blocking Others looked for information elsewhere: “I just shrug” (Pharmacist, TH)
  14. My model of factors leading NHS staff to report or not to report blocked websites. Confirms what we know intuitively … The considerations listed relate to: the information itself, relationships with the IT department, and the frequency of blocking Discussions with respondents indicated that, where incidence of blocking was high, blocked sites were often not reported. Reporting occurred where frequency of blocking was low and IT department was perceived to be responsive.
  15. IT managers didn’t ever look at logs of blocked websites or act on individual instances of blocking reported by SWGs – no time – depended on users reporting them Categories of blocked content listed in TH SWG marketing material reproduced verbatim in TH AUP! IT managers at both MH and TH would have liked to extend overall monitoring of / reporting on non-work related web use – felt it represented a risk to the organisation.
  16. As well as the malvertising issue, the IT manager at TH seemed to be unclear about the image blocking settings of the TH SWG Users told me that sites carrying advertising and sites with images tended to be blocked. Some sites appear in Google searches twice, at top if advertising, elsewhere if not. Advertising sites could be blocked, but same site not blocked further down. NB some highly informative websites are advertising-supported (e.g. newspapers) Communication and working relationships between IG and IT in DGH and MH seemed to be good - pragmatic, proportionate approach. However, they were virtually non-existent in TH, despite physical proximity of departments, and IG did not have effective reporting lines to senior management. Actually I was surprised that my IG manager in TH hadn’t resigned some time ago!
  17. Information security researchers do discuss the usability of security … In a health libraries context, Verma et al.’s reference to the Hippocratic oath is noteworthy, as are the ideas of Angela Sasse, a security usability researcher based at UCL Sasse’s comment brings out the extent to which problems with the functioning and usability of information security, of which blocking of websites is a part, acts as a ‘drag factor’ on people’s working lives in knowledge industries, and can potentially affect the organisation in which they work …
  18. Proportionate – e.g. no blanket bans We need as librarians to go into battle with IT departments on this on behalf of our users – ask about their web security devices and their configurations – and challenge their policies where access to information is being blocked.