An account of the methods and findings of a research project that investigated web filtering practices with NHS Trusts in England and their impacts upon health professionals' information seeking, with recommendations for LIS practitioners.
Access denied? Barriers for staff accessing, using and sharing published info...Catherine Ebenezer
I begin by outlining briefly the background to my study and the research questions I developed. I then talk about my methodology and methods. I indicate the theoretical perspectives I drew on in formulating my model, and talk about the ways in which use of the WWW presents risks to organisations. I then outline the individual components of my model, and bring them together at the end.
Keynote speech - Carole Goble - Jisc Digital Festival 2015Jisc
Carole Goble is a professor in the school of computer science at the University of Manchester.
In this keynote, Carole offered her insights into research data management and data centres.
Incentives for sharing research data – Veerle Van den Eynden, UK Data Service
Incentives to innovate – Joe Marshall, NCUB
Incentives in university collaboration - Tim Lance, NYSERNET
Giving researchers credit for their data – Neil Jefferies, The Bodleian Digital Library Systems and Services (BDLSS)
Jisc and CNI conference, 6 July 2016
Presentation about OHSL's new initiative, Mycroft Cognitive Assistant®, which is intended to streamline the operational aspects of research using IBM Watson cognitive computing capabilities.
Access denied? Barriers for staff accessing, using and sharing published info...Catherine Ebenezer
I begin by outlining briefly the background to my study and the research questions I developed. I then talk about my methodology and methods. I indicate the theoretical perspectives I drew on in formulating my model, and talk about the ways in which use of the WWW presents risks to organisations. I then outline the individual components of my model, and bring them together at the end.
Keynote speech - Carole Goble - Jisc Digital Festival 2015Jisc
Carole Goble is a professor in the school of computer science at the University of Manchester.
In this keynote, Carole offered her insights into research data management and data centres.
Incentives for sharing research data – Veerle Van den Eynden, UK Data Service
Incentives to innovate – Joe Marshall, NCUB
Incentives in university collaboration - Tim Lance, NYSERNET
Giving researchers credit for their data – Neil Jefferies, The Bodleian Digital Library Systems and Services (BDLSS)
Jisc and CNI conference, 6 July 2016
Presentation about OHSL's new initiative, Mycroft Cognitive Assistant®, which is intended to streamline the operational aspects of research using IBM Watson cognitive computing capabilities.
How you can enhance the efficiency and effectiveness of teaching and learning...Jisc
Led by Sue Attewell, head of change - further education and skills, Jisc.
With contributions from
Claire George, programme leader in information and creative, Bridgend College
Anne Marggraf-Turley, ILT coordinator, Coleg Ceredigion
Connect more in Wales, Thursday 7 July 2016
Research data spring: streamlining depositJisc RDM
The research data spring project "Streamlining deposit: an OJS to repository plugin" slides for the third sandpit workshop. Project led by Ernesto Priego of City University London.
ROBIS: A Risk of Bias Assessment Tool for Systematic Reviews
ROBIS is a tool designed to assess risk of bias in systematic reviews. ROBIS differs from other tools that assess systematic reviews as it was specifically designed to assess risk of bias, while other tools focus on broader goals such as critical appraisal and quality assessment. The use of ROBIS can lead to more robust recommendations and improvements in public health and patient care.
How can ROBIS help you?
Public health practitioners require evidence to guide their decision making. Systematic reviews are considered the most reliable form of evidence, but they need to be appraised to ensure that results are not biased. ROBIS was designed to assess risk of bias in reviews within health care settings in terms of four main categories: interventions, diagnosis, prognosis and etiology. The target audience for ROBIS also includes anyone interested in assessing risk of bias in systematic reviews such as guideline developers, authors of overviews of systematic reviews and review authors who want to assess and avoid risk of bias in their reviews.
Click here (https://www.nccmt.ca/knowledge-repositories/search/315) to access the ROBIS tool.
The National Collaborating Centre for Methods and Tools is funded by the Public Health Agency of Canada and affiliated with McMaster University. The views expressed herein do not necessarily represent the views of the Public Health Agency of Canada.
NCCMT is one of six National Collaborating Centres (NCCs) for Public Health. The Centres promote and improve the use of scientific research and other knowledge to strengthen public health practices and policies in Canada.
Creating an e-Environment for scholarship: dream or reality?heila1
A short presentation about the Library's e-Strategy: its governance and examples of products of the e-Strategy in support of scholarship. Feel free to contact any of the colleagues responsible for the implementation of the e-Strategy if you want to become involved with any of the projects. Mobile services and preservation are two 2 focus areas.
Part of collaborative citizen science presentation with James Stewart and co-developed with Eugenia Rodrigues, for the UoE Institute for Study of Science, Technology and Innovation Retreat. 9th June 2015.
June 18 NISO Virtual Conference: Transforming Assessment: Alternative Metrics and Other Trends
Keynote Speaker: Altmetrics at the Portfolio Level
- Paul Groth, Ph.D., Assistant Professor at the VU University Amsterdam
Rapid reviews in public health
As public health organizations across Canada adopt and implement evidence-informed approaches to public health decision-making, there is a need for up to date evidence that can be applied to local contexts. While the most rigorous approach is to find or do a systematic review, timelines and resources often dictate a rapid review of the literature. Rapid reviews are tailored for a shorter timeline, but still use rigorous and transparent methodology to ensure that the best available research evidence is used in decision making.
How can the Rapid Review Guidebook help you?
The NCCMT has developed a Rapid Review Guidebook that details each step in the rapid review process, with notes on how to tailor the process given resource limitations. The Guidebook also includes a guide to writing the final report, with details on how to structure the report and what to include in each section.
Click here to access the method: http://www.nccmt.ca/knowledge-repositories/search/308
There is a 'Links to Supporting Rapid Review Tools' resource available to assist in the rapid review process: https://www.slideshare.net/NCCMT/rapid-review-guidebook-links-to-supporting-tools
The National Collaborating Centre for Methods and Tools is funded by the Public Health Agency of Canada and affiliated with McMaster University. The views expressed herein do not necessarily represent the views of the Public Health Agency of Canada.
NCCMT is one of six National Collaborating Centres (NCCs) for Public Health. The Centres promote and improve the use of scientific research and other knowledge to strengthen public health practices and policies in Canada.
June 18, 2014
NISO Virtual Conference: Transforming Assessment: Alternative Metrics and Other Trends
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within All Activities
- Dr. Lisa Colledge, Snowball Metrics Program Director, Elsevier
How you can enhance the efficiency and effectiveness of teaching and learning...Jisc
Led by Sue Attewell, head of change - further education and skills, Jisc.
With contributions from
Claire George, programme leader in information and creative, Bridgend College
Anne Marggraf-Turley, ILT coordinator, Coleg Ceredigion
Connect more in Wales, Thursday 7 July 2016
Research data spring: streamlining depositJisc RDM
The research data spring project "Streamlining deposit: an OJS to repository plugin" slides for the third sandpit workshop. Project led by Ernesto Priego of City University London.
ROBIS: A Risk of Bias Assessment Tool for Systematic Reviews
ROBIS is a tool designed to assess risk of bias in systematic reviews. ROBIS differs from other tools that assess systematic reviews as it was specifically designed to assess risk of bias, while other tools focus on broader goals such as critical appraisal and quality assessment. The use of ROBIS can lead to more robust recommendations and improvements in public health and patient care.
How can ROBIS help you?
Public health practitioners require evidence to guide their decision making. Systematic reviews are considered the most reliable form of evidence, but they need to be appraised to ensure that results are not biased. ROBIS was designed to assess risk of bias in reviews within health care settings in terms of four main categories: interventions, diagnosis, prognosis and etiology. The target audience for ROBIS also includes anyone interested in assessing risk of bias in systematic reviews such as guideline developers, authors of overviews of systematic reviews and review authors who want to assess and avoid risk of bias in their reviews.
Click here (https://www.nccmt.ca/knowledge-repositories/search/315) to access the ROBIS tool.
The National Collaborating Centre for Methods and Tools is funded by the Public Health Agency of Canada and affiliated with McMaster University. The views expressed herein do not necessarily represent the views of the Public Health Agency of Canada.
NCCMT is one of six National Collaborating Centres (NCCs) for Public Health. The Centres promote and improve the use of scientific research and other knowledge to strengthen public health practices and policies in Canada.
Creating an e-Environment for scholarship: dream or reality?heila1
A short presentation about the Library's e-Strategy: its governance and examples of products of the e-Strategy in support of scholarship. Feel free to contact any of the colleagues responsible for the implementation of the e-Strategy if you want to become involved with any of the projects. Mobile services and preservation are two 2 focus areas.
Part of collaborative citizen science presentation with James Stewart and co-developed with Eugenia Rodrigues, for the UoE Institute for Study of Science, Technology and Innovation Retreat. 9th June 2015.
June 18 NISO Virtual Conference: Transforming Assessment: Alternative Metrics and Other Trends
Keynote Speaker: Altmetrics at the Portfolio Level
- Paul Groth, Ph.D., Assistant Professor at the VU University Amsterdam
Rapid reviews in public health
As public health organizations across Canada adopt and implement evidence-informed approaches to public health decision-making, there is a need for up to date evidence that can be applied to local contexts. While the most rigorous approach is to find or do a systematic review, timelines and resources often dictate a rapid review of the literature. Rapid reviews are tailored for a shorter timeline, but still use rigorous and transparent methodology to ensure that the best available research evidence is used in decision making.
How can the Rapid Review Guidebook help you?
The NCCMT has developed a Rapid Review Guidebook that details each step in the rapid review process, with notes on how to tailor the process given resource limitations. The Guidebook also includes a guide to writing the final report, with details on how to structure the report and what to include in each section.
Click here to access the method: http://www.nccmt.ca/knowledge-repositories/search/308
There is a 'Links to Supporting Rapid Review Tools' resource available to assist in the rapid review process: https://www.slideshare.net/NCCMT/rapid-review-guidebook-links-to-supporting-tools
The National Collaborating Centre for Methods and Tools is funded by the Public Health Agency of Canada and affiliated with McMaster University. The views expressed herein do not necessarily represent the views of the Public Health Agency of Canada.
NCCMT is one of six National Collaborating Centres (NCCs) for Public Health. The Centres promote and improve the use of scientific research and other knowledge to strengthen public health practices and policies in Canada.
June 18, 2014
NISO Virtual Conference: Transforming Assessment: Alternative Metrics and Other Trends
Snowball Metrics: University-owned Benchmarking to Reveal Strengths within All Activities
- Dr. Lisa Colledge, Snowball Metrics Program Director, Elsevier
communication presented at ITHET 2015, IEETeL2015, 11-13 June, 2015, Caparica, Lisbon, Portugal by Malinka Ivanova (http://www.slideshare.net/malinkaiv)
The Global Health Trials is a free, neutral network of communities of researchers, who are working together to share their knowledge about how to conduct research, so as to facilitate more research around the world and so improve health outcomes. It is for everyone, whatever your job role and wherever you are based, as long as you work in a Low or low-middle income country.
Presentation at LAK19, Tempe, Arizona. Text available at Proceedings of the 9th International Conference on Learning Analytics & Knowledge - https://dl.acm.org/citation.cfm?id=3303796
Pages 235-244
Barriers to, and enablers of, adoption of technology enabled care servicesInnovation Agency
Professor Alison Marshall, Health Technology & Innovation, University of Cumbria discusses the processes behind adopting technology enabled care services.
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018e-SIDES.eu
The following presentation was given at the workshop "Technology solutions for privacy issues: what is the best way forward?" organized by e-SIDES at the BDVe Meet-up in Sofia on May 14, 2018. The workshop, chaired by Gabriella Cattaneo from IDC, involved stakeholders from ICT-18 projects.
Similar to Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice (20)
Title: Sense of Taste
Presenter: Dr. Faiza, Assistant Professor of Physiology
Qualifications:
MBBS (Best Graduate, AIMC Lahore)
FCPS Physiology
ICMT, CHPE, DHPE (STMU)
MPH (GC University, Faisalabad)
MBA (Virtual University of Pakistan)
Learning Objectives:
Describe the structure and function of taste buds.
Describe the relationship between the taste threshold and taste index of common substances.
Explain the chemical basis and signal transduction of taste perception for each type of primary taste sensation.
Recognize different abnormalities of taste perception and their causes.
Key Topics:
Significance of Taste Sensation:
Differentiation between pleasant and harmful food
Influence on behavior
Selection of food based on metabolic needs
Receptors of Taste:
Taste buds on the tongue
Influence of sense of smell, texture of food, and pain stimulation (e.g., by pepper)
Primary and Secondary Taste Sensations:
Primary taste sensations: Sweet, Sour, Salty, Bitter, Umami
Chemical basis and signal transduction mechanisms for each taste
Taste Threshold and Index:
Taste threshold values for Sweet (sucrose), Salty (NaCl), Sour (HCl), and Bitter (Quinine)
Taste index relationship: Inversely proportional to taste threshold
Taste Blindness:
Inability to taste certain substances, particularly thiourea compounds
Example: Phenylthiocarbamide
Structure and Function of Taste Buds:
Composition: Epithelial cells, Sustentacular/Supporting cells, Taste cells, Basal cells
Features: Taste pores, Taste hairs/microvilli, and Taste nerve fibers
Location of Taste Buds:
Found in papillae of the tongue (Fungiform, Circumvallate, Foliate)
Also present on the palate, tonsillar pillars, epiglottis, and proximal esophagus
Mechanism of Taste Stimulation:
Interaction of taste substances with receptors on microvilli
Signal transduction pathways for Umami, Sweet, Bitter, Sour, and Salty tastes
Taste Sensitivity and Adaptation:
Decrease in sensitivity with age
Rapid adaptation of taste sensation
Role of Saliva in Taste:
Dissolution of tastants to reach receptors
Washing away the stimulus
Taste Preferences and Aversions:
Mechanisms behind taste preference and aversion
Influence of receptors and neural pathways
Impact of Sensory Nerve Damage:
Degeneration of taste buds if the sensory nerve fiber is cut
Abnormalities of Taste Detection:
Conditions: Ageusia, Hypogeusia, Dysgeusia (parageusia)
Causes: Nerve damage, neurological disorders, infections, poor oral hygiene, adverse drug effects, deficiencies, aging, tobacco use, altered neurotransmitter levels
Neurotransmitters and Taste Threshold:
Effects of serotonin (5-HT) and norepinephrine (NE) on taste sensitivity
Supertasters:
25% of the population with heightened sensitivity to taste, especially bitterness
Increased number of fungiform papillae
Recomendações da OMS sobre cuidados maternos e neonatais para uma experiência pós-natal positiva.
Em consonância com os ODS – Objetivos do Desenvolvimento Sustentável e a Estratégia Global para a Saúde das Mulheres, Crianças e Adolescentes, e aplicando uma abordagem baseada nos direitos humanos, os esforços de cuidados pós-natais devem expandir-se para além da cobertura e da simples sobrevivência, de modo a incluir cuidados de qualidade.
Estas diretrizes visam melhorar a qualidade dos cuidados pós-natais essenciais e de rotina prestados às mulheres e aos recém-nascidos, com o objetivo final de melhorar a saúde e o bem-estar materno e neonatal.
Uma “experiência pós-natal positiva” é um resultado importante para todas as mulheres que dão à luz e para os seus recém-nascidos, estabelecendo as bases para a melhoria da saúde e do bem-estar a curto e longo prazo. Uma experiência pós-natal positiva é definida como aquela em que as mulheres, pessoas que gestam, os recém-nascidos, os casais, os pais, os cuidadores e as famílias recebem informação consistente, garantia e apoio de profissionais de saúde motivados; e onde um sistema de saúde flexível e com recursos reconheça as necessidades das mulheres e dos bebês e respeite o seu contexto cultural.
Estas diretrizes consolidadas apresentam algumas recomendações novas e já bem fundamentadas sobre cuidados pós-natais de rotina para mulheres e neonatos que recebem cuidados no pós-parto em unidades de saúde ou na comunidade, independentemente dos recursos disponíveis.
É fornecido um conjunto abrangente de recomendações para cuidados durante o período puerperal, com ênfase nos cuidados essenciais que todas as mulheres e recém-nascidos devem receber, e com a devida atenção à qualidade dos cuidados; isto é, a entrega e a experiência do cuidado recebido. Estas diretrizes atualizam e ampliam as recomendações da OMS de 2014 sobre cuidados pós-natais da mãe e do recém-nascido e complementam as atuais diretrizes da OMS sobre a gestão de complicações pós-natais.
O estabelecimento da amamentação e o manejo das principais intercorrências é contemplada.
Recomendamos muito.
Vamos discutir essas recomendações no nosso curso de pós-graduação em Aleitamento no Instituto Ciclos.
Esta publicação só está disponível em inglês até o momento.
Prof. Marcus Renato de Carvalho
www.agostodourado.com
micro teaching on communication m.sc nursing.pdfAnurag Sharma
Microteaching is a unique model of practice teaching. It is a viable instrument for the. desired change in the teaching behavior or the behavior potential which, in specified types of real. classroom situations, tends to facilitate the achievement of specified types of objectives.
Integrating Ayurveda into Parkinson’s Management: A Holistic ApproachAyurveda ForAll
Explore the benefits of combining Ayurveda with conventional Parkinson's treatments. Learn how a holistic approach can manage symptoms, enhance well-being, and balance body energies. Discover the steps to safely integrate Ayurvedic practices into your Parkinson’s care plan, including expert guidance on diet, herbal remedies, and lifestyle modifications.
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Access denied? Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice
1. Access denied? Managing access to the Web within the
NHS in England: technology, risk, culture, policy and
practice
Catherine Ebenezer
PhD student, Information School, University of Sheffield
Health Libraries Group Conference, Scarborough
16th September 2016
Supervisors:
Professor Peter Bath, Professor Stephen Pinfield
1
2. “People assume that abusing the Internet is an IT
problem … it isn’t an IT problem, it’s a
management problem.”
Retired NHS IT manager
Shouldn’t we be managing the risks more
effectively in order to allow learners the freedom to
use IT resources to better effect?
Prince et al. (2010, p. 437)
2
3. Overview
• Introduction and background
• Web application blocking: earlier findings
• Research questions and issues
• Methodology and methods
• Web use at work – a risk?
• Approaches to managing information security
• Secure web gateways / web proxies
• False positives – the ROC curve
• Findings / Discussion
• Recommendations
• Questions
3
4. Introduction and background
• LIS Manager in mental health NHS FT 2008-2012
• Variety of technological barriers / hindrances to
information seeking, teaching and learning, clinical and
management decision-making
– ascribed variously to:
• Information governance/ information security
• IT infrastructure policies and practices
• Communications policy
• Blocking of ‘legitimate’ websites
• Obstacles to use of particular content types and
applications
• Social media / Web 2.0 a particular problem
• Implications?
4
5. Web application blocking
77
57
51
69
35
25
11
9
0 10 20 30 40 50 60 70 80 90
Social networking applications
Wikis and blogs
Communication tools
Discussion forums
Webmail
E-journals*
E-books*
Online databases
5
% of trusts
SHALL IT subgroup survey of NHS librarians (2008))
*’core content’
or locally
purchased
Impacts
6. Research questions / issues
• The nature and extent of restrictions on access to the World Wide
Web within NHS organisations arising from organisational policies
and practices
• Their impacts on professional information seeking and sharing, and
working practices in general
• The attitudes, presuppositions and practices which bear on how web
filtering is implemented within NHS trusts, in relation to overall
organisational strategies
6
• Web filtering devices and their limitations
Differing stakeholder perspectives involved
• Attitudes to / assumptions about (information governance, information
security) risks
• NB distinction between websites and web applications
Part of a wider study of access to information for learning and teaching
7. Methodology and methods
Exploratory case study
• Unit(s) of analysis
• One or more NHS trusts of different types (DGH + community
services, MH + community services, teaching hospital)
• Methods
• Semi-structured interviews with key informants (10+ per trust)
• selected via purposive / snowball sampling
• representing a variety of perspectives:
• Clinician education and staff development
• Library and information
• Communications
• Information governance
• IT management, esp. network security and PC support
• Human resources
• Workforce development
7
8. Methodology and methods
Exploratory case study
• Methods (cont’d)
• Interviews with other key informants: NHS Evidence, medical
school e-learning lead, secure web gateway vendor
• Gained additional perspectives
• Documentary analysis – selective / ad hoc
• Background
• Policies and strategies: IT, LIS, workforce development, information
governance, Internet AUPs
• Codes and standards
• Reports and reviews
• Statements of values
• Security device documentation
• Thematic analysis using NVivo
8
9. Web use at work – a risk?
Categories of potential risk to the organisation:
• Legal – employers can be legally liable for staff accessing and
distributing illegal material
• Child pornography and other obscene material or racially inflammatory material,
racial or sexual harassment, discrimination, hacking, the defamation of
management, customers or competitors, software piracy, copyright infringement,
fraud, and breaches of the Data Protection Act
• Security - ??? risks from websites and web applications
• Web-borne malware – major security threat – but ….
• NB not a close correlation between subject matter of web content
type of content and malware risk - Provos et al. (2008)
• Productivity - ???
• Network bandwidth clogged / performance degraded
• Staff wasting time
• Positive effects?
9
10. Approaches to managing
information security (adapted from Fléchais et al., 2006)
10
Category Description Example
Technical
Prevent Stop attacks from occurring Firewalls, secure web gateways,
access control etc.
Detect Notice and identify attacks Monitoring of web use – not
routinely permitted under UK law
React Stop or mitigate an attack Automated response systems
linked to intrusion detection
systems
Deter Discourage misuse Visibility of countermeasures
Social
Prevent Stop attacks from occurring AUPs; rules on locking screens,
rules against p/w sharing, etc.
Detect Notice and identify attacks Sysadmins, alert users, auditing
React Stop or mitigate an attack Sysadmins or emergency
response teams
Deter Discourage misuse Prosecution, disciplinary action
11. Secure web gateways / web proxies
• Sit at perimeter of organisation’s network – enforce
acceptable use policies
• Commonly in use: Forcepoint (formerly Websense), Smoothwall,
Bloxx, Trustwave WebMarshal, Webroot, etc.
• Two roles:
• Authorisation and authentication / filters ‘inappropriate’ content
• Blocks web-borne malware
• SWGs are able to categorise URLs and to analyse and manipulate
scripts on web pages
• Main mechanisms:
• Blacklists (may be third-party)
• ‘On the fly’ via machine learning / content categorisation
– ‘black box’ – commercially confidential
11
12. False positives / the ROC curve
As sensitivity increases, specificity / accuracy declines
12
Zhang and
Janssen, s.d.
13. Results
• Blocking of websites a problem frequently reported to NICE by
librarians
• District general hospital (DGH) and mental health services
(MH) reported very few instances of website blocking
• When a legitimate website blocked, IT department had unblocked it
promptly once reported
• Pharmacists most affected; instances of website blocking at MH
usually related to substance misuse, eating disorders or sexuality
• Staff at teaching hospital (TH) experienced greatest number
of obstacles to information-seeking caused by blocking of
legitimate websites
• Reported frequencies of blocking varied from ‘every two months’ to
‘constant’ or ‘daily, probably’
• Affected the work of clinical educators in particular
• Most blocked sites not reported to IT department
13
15. Results
• Much decision-making in relation to information security issues was
tacit – IT managers did not explicitly discuss risk
• IT security managers reported not having time to evaluate the
effectiveness or impact of the SWGs they deployed
• Depended on reports from users (via calls logged with trust helpdesk) of
false positives
• Likely to accept default configurations and categorisations of
content offered by suppliers
• IT manager at TH appeared aware (via emails sent to him) of the
inconvenience caused to users by false positives
• Main focus of attention and concern at TH and MH:
potential security risks or impact on network traffic
presented by ‘recreational’/ non-work use of the web
15
16. Results
• TH had explicit policy of blocking advertising
• Claimed to mitigate potential security threat of ‘malvertising’ (web-
borne malware spread via syndicated advertising)
• Sometimes seemed to have effect of blocking entire site content
• Likely factor in high number of blocked websites
• Possible factor: TH SWG’s lack of specificity in identifying
and blocking inappropriate or compromised content
• Neither librarians nor IT managers aware of national
whitelist of sites not to be blocked
• No relationship found between IG / IT structures and
levels of blocking
• But communication between IT and IG in TH very poor
16
17. Discussion
•“First, do no harm …”
Hippocratic oath
• IT staff should be at pains to avoid blocking the good
when attempting to prevent the bad (Verma et al., 2012)
• “Users … don’t pursue innovative ideas because they
can’t face any more ‘battles with security’ that they
anticipate on the way to realising those ideas”
• Users’ experiencing false positives reduces the overall
credibility of information security
• (Sasse, 2015)
17
18. Recommendations
• National whitelist:
• Efforts needed to engage librarians with reporting / maintenance / updating
• Put in place robust local systems for IT departments to be notified of
updates
• Responses to information security incidents should be proportionate
• IT and IG departments should:
• encourage the reporting of false positives as applicable
• institute processes for responding promptly to unblocking requests
• consult more widely with stakeholders in the development and revision of
Internet AUPs
• publicise / consult on web filtering practices and monitor and evaluate their
impacts – part of policy process
• establish enhanced levels of access to web content for clinical
and clinical support staff groups (e.g. librarians)
18
20. References
• Blenkinsopp, J. (2008). Bookmarks: web blocking – giving Big Brother a run for his money.
He@lth Information on the Internet, (62), 2008.
• Fléchais, I., Riegelsberger, J., & Sasse, M. A. (2006). Divide and conquer: the role of trust and
assurance in the design of secure socio-technical systems. In Proceedings of the 2005
workshop on new security paradigms (pp. 33–41). ACM.
• Prince, N. J., Cass, H. D., & Klaber, R. E. (2010). Accessing e-learning and e-resources.
Medical Education, 44 436-437.
• Provos, N., Mavrommatis, P., Rajab, M. A., & Monrose, F. (2008). All your iFRAMEs point to us.
Mountain View, CA. http://research.google.com/archive/provos-2008a.pdf
• Renaud, K., & Goucher, W. (2012). Health service employees and information security policies :
an uneasy partnership? Information Management and Computer Security, 20(4), 296–311.
• Sasse, M. A. (2015). Scaring and bullying people into security won’t work. IEEE Security and
Privacy, (June), 80–83.
• Technical Design Authority Group (2008). TDAG survey of access
to electronic resources in healthcare libraries. London: TDAG.
• Verma, S., Kavita, & Budhiraja, S. (2012). Internet security.
International Journal of Computer Applications in Engineering
Sciences, II(III), 210–213.
• Zhang, W., & Janssen, F. (s.d.). The relationship between PR and ROC curves. Darmstadt:
Technische Universität Darmstadt. http://bit.ly/2cpN7LO
20
Editor's Notes
Managing access to the Web within the NHS in England: technology, risk, culture, policy and practice
As we start, a couple of thoughts for you about proportionality in the management of risk in relation to use of the web …From one of my respondents
And two medical education researchers
The work reported here formed part of a wider study of technological and organisational barriers to information seeking, use and sharing within the NHS. My presentation focuses on the blocking of websites.
My library was part of a Medical Education and Development Department
As a librarian I was concerned with access to information – as a fundamental professional value
Barriers a source of much discussion and complaint – not just by me, but by others – complaints made to the Chief Executive!
When investigated informally they were explained or justified to me as relating to a number of different organisational issues or factors
Hindrances (discussed in more detail later) included
Blocking of websites
e-journals, union catalogues such as COPAC, official websites)
Unable to download podcasts
Unable to use many web applications
It seemed that significant barriers were thereby being presented to:
Information seeking to support clinical and management decision-making
Teaching of students
CPD and e-learning
Networking with professional peers
Clinical practice
With possible adverse consequences for quality of care?
There has been very little previous research on this.The effects of blocking of access to consumer health resources has been studied in the USAThe MAIPLE project (Loughborough University) and McMenemy and associates at Strathclyde have studied website blocking in British public libraries
Prince, Cass and Klaber (2009), whose work I quoted earlier, studies access to resources for medical educationBlenkinsopp’s LIS-MEDICAL post about website blocking, and an article he published in the Health Information on the Internet, led to …
… a piece of work you may remember
Survey conducted among NHS librarians in England in autumn 2008, published 2009 – Blenkinsopp’s work led to the former Technical Design Authority Group undertaking thisNote how discussion forums, wikis, blogs, and SNS are frequently blocked – would include things such as iCSP, RCSLT Discussion Groups etc.
I wasn’t able to run the survey again as part of my research, for research governance reasons – it wouldn’t have been practical. I feel strongly, however, that this survey should be re-run, to see how far we have progressed in the last eight years, or not …
Essentially this is about:
What is going on?What effects is it having?Why is it happening?
Two groups of staff: clinicians with staff development responsibilities, and non-clinicians with relevant perspectives:
Clinicians were medical, AHP, nursing, pharmacyHad hoped to recruit a psychologist in MH but failed!Maybe should have interviewed midwives in DGH and THStratified sample of respondents
I conducted other interviews with other key informants. Unable to recruit publishers.Not conducted systematic documentary analysis – was ad hoc / as indicated, mostly AUPs
Wasn’t able to get hold of technical documentation for security devices – only promotional material
The major themes emerged from the process of coding.Wrote up in a matrix format: major themes vs. interview topics
I thought I would talk about some of the different types of security risk relating to web use. We cannot live without the World Wide Web, but … access to it does present significant risks.
What I am saying here concerns mainly non-work-related web use, but legitimate use can present issues as well … I am trying to convey some of the complexities.
Threats can be categorised as legal, security-related and productivity-related
You may think: OK to block illegal material, but impossible to block everything potentially illegal, especially where copyright infringement is concerned – cannot stop cut/paste, saving images, etc. Sometimes cited as a reason to block YouTube, as includes pirate versions of TV programmes!
In US health care organisations, Web-borne malware attacks now among the most common forms of security incident (Ponemon report, February 2016)
Important to note that legitimate websites can be compromised via a variety of mechanisms, including drive-by downloads, malvertising and so-called search engine poisoning / DNS poisoning – DNS information is deliberately corrupted to point to an infected site. Also that there is no behavioural defence these forms of compromise – any site can be compromised – all you have to do is visit the page – and, if it’s a zero-day exploit and your AV doesn’t recognise it and block it, you have malware on your computer …
Personal web use at work (PWU) is also referred to in the literature as cyber loafing or cyberslacking
Many different types of PWU – some relatively innocent, some nefarious (see under ‘Legal’ on the slide)
Many organisations allow sensible PWU during breaks – analogy with use of telephones
Most of us have look at the news, silly cat videos, etc. at some stage of our lives …
Adverse effects on productivity of PWU are disputed:some research shows positive effects associated with personal web use, such as increased productivity and job satisfaction, improved morale, relief of stress, and improved work-life balance
Attempts to regulate PWU may have adverse effects, e.g. reduced organisational trust, lower staff morale
Just to set web filtering in context: the table on this slide represents the main approaches to managing information security as a whole, much of which is applicable to the management of PWU. Approaches can be categorised as either technical or social, and can be further divided into measures to prevent, detect, react to or deter computer misuse.Note that routine monitoring of individual web use is not allowable under British law – RIPA and its associated code of practice - IT departments can only monitor individual web use at a manager’s request if misuse is suspected.
The role of the acceptable use policy – to prevent and discourage misuse – specifies disciplinary sanctions for different forms of misuse
The NHS tends to favour technological rather than social measures for managing information security.
Am going to focus on web filtering in my discussion; there are, however, issues about the security of browsers and plugins with which you may be familiar, e.g. regarding older browser versions, Java, ActiveX controls, Shockwave, Flash –
Secunia Research’s 2016 Vulnerability Review found that among the five most popular web browsers (Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Safari), 1,114 vulnerabilities were discovered in 2015, and the majority were rated highly critical.
Unfortunately, as we know, browser security controls enforced via group policies can impinge on access to information.
An important type of security device commonly used within the NHS is the secure web gateway (SWG), also known as a web proxy . The popularity of these as security devices has increased in response to the increased incidence of web-borne threats. They sit at the organisation’s perimeter, and all web traffic has to pass through them.(However, the Sophos report of August 2016 on cybersecurity in the NHS suggests that only 38% of respondents indicated that their organisation was using web gateway scanning.)
SWGs have two roles:1) they perform security-related tasks such as authorisation and authentication relating to web content requests sent from a user’s browser, rejecting requests which do not meet the configured criteria;
2) they examine the requested content for malware and other threats before sending it to the user.
One can say that their role in 1) is to represent and enforce the AUP …
Content categories are established by the system vendor. These categorisations vary considerably. One may legitimately ask, therefore, what values does this categorisation represent?
SWGs vary in the accuracy of their filtering … which brings us to …
Main problem with web filtering devices in general – blocking of legitimate websites = false positives – these are what cause grief to users and librarians, and makes their so controversial.No device is perfect – there is a trade-off between specificity and sensitivity
Relationship between specificity and sensitivity may be represented graphically via the
ROC – receiver operating characteristicBlue line – useless deviceYellow line – excellent devicePurple line – decent device
A perfect device would have the line right up to the top and against the left hand side!
The high incidence of blocking of websites at a teaching hospital surprised me immensely – no apparent correlation with research and teaching activity / research ‘culture’
One clinical educator reported taking work home on many evenings a week to avoid website blocking
Others looked for information elsewhere: “I just shrug” (Pharmacist, TH)
My model of factors leading NHS staff to report or not to report blocked websites.
Confirms what we know intuitively …
The considerations listed relate to: the information itself, relationships with the IT department, and the frequency of blocking
Discussions with respondents indicated that, where incidence of blocking was high, blocked sites were often not reported. Reporting occurred where frequency of blocking was low and IT department was perceived to be responsive.
IT managers didn’t ever look at logs of blocked websites or act on individual instances of blocking reported by SWGs – no time – depended on users reporting them
Categories of blocked content listed in TH SWG marketing material reproduced verbatim in TH AUP!
IT managers at both MH and TH would have liked to extend overall monitoring of / reporting on non-work related web use – felt it represented a risk to the organisation.
As well as the malvertising issue, the IT manager at TH seemed to be unclear about the image blocking settings of the TH SWG
Users told me that sites carrying advertising and sites with images tended to be blocked.
Some sites appear in Google searches twice, at top if advertising, elsewhere if not. Advertising sites could be blocked, but same site not blocked further down.
NB some highly informative websites are advertising-supported (e.g. newspapers)
Communication and working relationships between IG and IT in DGH and MH seemed to be good - pragmatic, proportionate approach. However, they were virtually non-existent in TH, despite physical proximity of departments, and IG did not have effective reporting lines to senior management. Actually I was surprised that my IG manager in TH hadn’t resigned some time ago!
Information security researchers do discuss the usability of security …
In a health libraries context, Verma et al.’s reference to the Hippocratic oath is noteworthy, as are the ideas of Angela Sasse, a security usability researcher based at UCL
Sasse’s comment brings out the extent to which problems with the functioning and usability of information security, of which blocking of websites is a part, acts as a ‘drag factor’ on people’s working lives in knowledge industries, and can potentially affect the organisation in which they work …
Proportionate – e.g. no blanket bans
We need as librarians to go into battle with IT departments on this on behalf of our users – ask about their web security devices and their configurations – and challenge their policies where access to information is being blocked.