Reinforcing the security of corporate information resources:a critical review of the role of the acceptable use policy

Increasingly users are seen as the weak link in the chain, when it comes to the security of corporate information. Should the users of computer systems act in any inappropriate or insecure manner, then they may put their employers in danger of financial losses, information degradation or litigation, and themselves in danger of dismissal or prosecution. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of inappropriate behaviours, and in so doing, protecting corporate information, is through the formulation and application of a formal ‘acceptable use policy (AUP). Whilst the AUP has attracted some academic interest, it has tended to be prescriptive and overly focussed on the role of the Internet, and there is relatively little empirical material that explicitly addresses the purpose, positioning or content of real acceptable use policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and composition of a sample of authentic policies – taken from the higher education sector – rather than simply making general prescriptions about what they ought to contain. There are two important conclusions to be drawn from this study: (1) the primary role of the AUP appears to be as a mechanism for dealing with unacceptable behaviour, rather than proactively promoting desirable and effective security behaviours, and (2) the wide variation found in the coverage and positioning of the reviewed policies is unlikely to be fostering a coherent approach to security management, across the higher education sector.

A concept-based framework for retrieving evidence to support emergency physician decision making at the point of care

The goal of evidence-based medicine is to uniformly apply evidence gained from scientific research to aspects of clinical practice. In order to achieve this goal, new applications that integrate increasingly disparate health care information resources are required. Access to and provision of evidence must be seamlessly integrated with existing clinical workflow and evidence should be made available where it is most often required - at the point of care. In this paper we address these requirements and outline a concept-based framework that captures the context of a current patient-physician encounter by combining disease and patient-specific information into a logical query mechanism for retrieving relevant evidence from the Cochrane Library. Returned documents are organized by automatically extracting concepts from the evidence-based query to create meaningful clusters of documents which are presented in a manner appropriate for point of care support. The framework is currently being implemented as a prototype software agent that operates within the larger context of a multi-agent application for supporting workflow management of emergency pediatric asthma exacerbations. © 2008 Springer-Verlag Berlin Heidelberg.

How do older people with sight loss manage their general health? A qualitative study

Purpose: Older people with sight loss experience a number of barriers to managing their health. The purpose of this qualitative study was to explore how older people with sight loss manage their general health and explore the techniques used and strategies employed for health management. Methods: Semi-structured face-to-face interviews were conducted with 30 participants. Interviews were audio-recorded, transcribed verbatim and analysed using thematic analysis. Results: Health management challenges experienced included: managing multiple health conditions; accessing information; engaging in health behaviours and maintaining wellbeing. Positive strategies included: joining support groups, clubs and societies; using low vision aids; seeking support from family and friends and accessing support through health and social care services. Conclusion: Healthcare professionals need to be more aware of the challenges faced by older people with sight loss. Improved promotion of group support and charity services which are best placed to share information, provide fora to learn about coping techniques and strategies, and give older people social support to prevent isolation is needed. Rehabilitation and support services and equipment can only be beneficial if patients know what is available and how to access them. Over-reliance on self-advocacy in current healthcare systems is not conducive to patient-centred care. Implications for Rehabilitation Sight loss in older people can impact on many factors including health management. This study identifies challenges to health management and highlights strategies used by older people with sight loss to manage their health. Access to support often relies on patients seeking information for themselves. However, self-advocacy is challenging due to information accessibility barriers. Informal groups and charities play an important role in educating patients about their condition and advising on available support to facilitate health management.

Designing a methodology for an office communication and information system:for executives in the Malaysian public sector : the Prime Minister's office

Modern managers are under tremendous pressure in attempting to fulfil a profoundly complex managerial task, that of handling information resources. Information management, an intricate process requiring a high measure of human cognition and discernment, involves matching a manager's lack of information processing capacity against his information needs, with voluminous information at his disposal. The nature of the task will undoubtedly become more complex in the case of a large organisation. Management of large-scale organisations is therefore an exceedingly challenging prospect for any manager to be faced with. A system that supports executive information needs will help reduce managerial and informational mismatches. In the context of the Malaysian public sector, the task of overall management lies with the Prime Minister and the Cabinet. The Prime Minister's Office is presently supporting the Prime Minister's information and managerial needs, although not without various shortcomings. The rigid formalised structure predominant of the Malaysian public sector, so opposed to dynamic treatment of problematic issues as faced by that sector, further escalates the managerial and organisational problem of coping with a state of complexity. The principal features of the research are twofold: the development of a methodology for diagnosing the problem organisation' and the design of an office system. The methodological development is done in the context of the Malaysian public sector, and aims at understanding the complexity of its communication and control situation. The outcome is a viable model of the public sector. `Design', on the other hand, is developing a syntax or language for office systems which provides an alternative to current views on office systems. The design is done with reference to, rather than for, the Prime Minister's Office. The desirable outcome will be an office model called Office Communication and Information System (OCIS).

The value of proprietary health and safety software to proactive health and safety management

There has been little research in health and safety management concernmg the application of information technology to the field. This thesis attempts to stimulate interest in this area by analysing the value of proprietary health and safety software to proactive health and safety management. The thesis is based upon the detailed software evaluation of seven pieces of proprietary health and safety software. It features a discussion concerning the development of information technology and health and safety management, a review of the key issues identified during the software evaluations, an analysis of the commercial market for this type of software, and a consideration of the broader issues which surround the use of this software. It also includes practical guidance for the evaluation, selection, implementation and maintenance of all health and safety management software. This includes a comprehensive software evaluation chart. The implications of the research are considered for proprietary health and safety software, the application of information technology to health and safety management, and for future research.

Assessment of national health systems performance in the WHO African region

There is growing peer and donor pressure on African countries to utilize available resources more efficiently in a bid to support the ongoing efforts to expand coverage of health interventions with a view to achieving the health-related Millennium Development Goals. The purpose of this study was to estimate the technical and scale efficiency of national health systems in African continent. Methods The study applied the Data Envelopment Analysis approach to estimate the technical efficiency and scale efficiency among the 53 countries of the African Continent. Results Out of the 38 low-income African countries, 12 countries national health systems manifested a constant returns to scale technical efficiency (CRSTE) score of 100%; 15 countries had a VRSTE score of 100%; and 12 countries had a SE score of one. The average variable returns to scale technical efficiency (VRSTE) score was 95% and the mean scale efficiency (SE) score was 59%; meaning that while on average the degree of inefficiency was only 5%, the magnitude of scale inefficiency was 41%. Of the 15 middle-income countries, 5 countries, 9 countries and 5 countries had CRSTE, VRSTE and SE scores of 100%. Ten countries, six countries and 10 countries had CRSTE, VRSTE and SE scores of less than 100%; and thus, they were deemed inefficient. The average VRSTE (i.e. pure efficiency) score was 97.6%. The average SE score was 49.9%. Conclusion There are large unmet need for health and health-related services among countries of the African Continent. Thus, it would not be advisable for health policy-makers address NHS inefficiencies through reduction in excess human resources for health. Instead, it would be more prudent for them to leverage health promotion approaches and universal access prepaid (tax-based, insurance-based or mixtures) health financing systems to create demand for under utilised health services/interventions with a view to increasing ultimate health outputs to efficient target levels.

The information security policy unpacked:a critical study of the content of university policies

Ensuring the security of corporate information, that is increasingly stored, processed and disseminated using information and communications technologies [ICTs], has become an extremely complex and challenging activity. This is a particularly important concern for knowledge-intensive organisations, such as universities, as the effective conduct of their core teaching and research activities is becoming ever more reliant on the availability, integrity and accuracy of computer-based information resources. One increasingly important mechanism for reducing the occurrence of security breaches, and in so doing, protecting corporate information, is through the formulation and application of a formal information security policy (InSPy). Whilst a great deal has now been written about the importance and role of the information security policy, and approaches to its formulation and dissemination, there is relatively little empirical material that explicitly addresses the structure or content of security policies. The broad aim of the study, reported in this paper, is to fill this gap in the literature by critically examining the structure and content of authentic information security policies, rather than simply making general prescriptions about what they ought to contain. Having established the structure and key features of the reviewed policies, the paper critically explores the underlying conceptualisation of information security embedded in the policies. There are two important conclusions to be drawn from this study: (1) the wide diversity of disparate policies and standards in use is unlikely to foster a coherent approach to security management; and (2) the range of specific issues explicitly covered in university policies is surprisingly low, and reflects a highly techno-centric view of information security management.