An assurance-based model to holistically assess the information security posture

EXECUTIVE SUMMARY : Evaluating Information Security Posture within an organization is becoming a very complex task. Currently, the evaluation and assessment of Information Security are commonly performed using frameworks, methodologies and standards which often consider the various aspects of security independently. Unfortunately this is ineffective because it does not take into consideration the necessity of having a global and systemic multidimensional approach to Information Security evaluation. At the same time the overall security level is globally considered to be only as strong as its weakest link. This thesis proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat will exploit the weakest link. A formalized structure taking into account all security elements is presented; this is based on a methodological evaluation framework in which Information Security is evaluated from a global perspective. This dissertation is divided into three parts. Part One: Information Security Evaluation issues consists of four chapters. Chapter 1 is an introduction to the purpose of this research purpose and the Model that will be proposed. In this chapter we raise some questions with respect to "traditional evaluation methods" as well as identifying the principal elements to be addressed in this direction. Then we introduce the baseline attributes of our model and set out the expected result of evaluations according to our model. Chapter 2 is focused on the definition of Information Security to be used as a reference point for our evaluation model. The inherent concepts of the contents of a holistic and baseline Information Security Program are defined. Based on this, the most common roots-of-trust in Information Security are identified. Chapter 3 focuses on an analysis of the difference and the relationship between the concepts of Information Risk and Security Management. Comparing these two concepts allows us to identify the most relevant elements to be included within our evaluation model, while clearing situating these two notions within a defined framework is of the utmost importance for the results that will be obtained from the evaluation process. Chapter 4 sets out our evaluation model and the way it addresses issues relating to the evaluation of Information Security. Within this Chapter the underlying concepts of assurance and trust are discussed. Based on these two concepts, the structure of the model is developed in order to provide an assurance related platform as well as three evaluation attributes: "assurance structure", "quality issues", and "requirements achievement". Issues relating to each of these evaluation attributes are analysed with reference to sources such as methodologies, standards and published research papers. Then the operation of the model is discussed. Assurance levels, quality levels and maturity levels are defined in order to perform the evaluation according to the model. Part Two: Implementation of the Information Security Assurance Assessment Model (ISAAM) according to the Information Security Domains consists of four chapters. This is the section where our evaluation model is put into a welldefined context with respect to the four pre-defined Information Security dimensions: the Organizational dimension, Functional dimension, Human dimension, and Legal dimension. Each Information Security dimension is discussed in a separate chapter. For each dimension, the following two-phase evaluation path is followed. The first phase concerns the identification of the elements which will constitute the basis of the evaluation: ? Identification of the key elements within the dimension; ? Identification of the Focus Areas for each dimension, consisting of the security issues identified for each dimension; ? Identification of the Specific Factors for each dimension, consisting of the security measures or control addressing the security issues identified for each dimension. The second phase concerns the evaluation of each Information Security dimension by: ? The implementation of the evaluation model, based on the elements identified for each dimension within the first phase, by identifying the security tasks, processes, procedures, and actions that should have been performed by the organization to reach the desired level of protection; ? The maturity model for each dimension as a basis for reliance on security. For each dimension we propose a generic maturity model that could be used by every organization in order to define its own security requirements. Part three of this dissertation contains the Final Remarks, Supporting Resources and Annexes. With reference to the objectives of our thesis, the Final Remarks briefly analyse whether these objectives were achieved and suggest directions for future related research. Supporting resources comprise the bibliographic resources that were used to elaborate and justify our approach. Annexes include all the relevant topics identified within the literature to illustrate certain aspects of our approach. Our Information Security evaluation model is based on and integrates different Information Security best practices, standards, methodologies and research expertise which can be combined in order to define an reliable categorization of Information Security. After the definition of terms and requirements, an evaluation process should be performed in order to obtain evidence that the Information Security within the organization in question is adequately managed. We have specifically integrated into our model the most useful elements of these sources of information in order to provide a generic model able to be implemented in all kinds of organizations. The value added by our evaluation model is that it is easy to implement and operate and answers concrete needs in terms of reliance upon an efficient and dynamic evaluation tool through a coherent evaluation system. On that basis, our model could be implemented internally within organizations, allowing them to govern better their Information Security. RÉSUMÉ : Contexte général de la thèse L'évaluation de la sécurité en général, et plus particulièrement, celle de la sécurité de l'information, est devenue pour les organisations non seulement une mission cruciale à réaliser, mais aussi de plus en plus complexe. A l'heure actuelle, cette évaluation se base principalement sur des méthodologies, des bonnes pratiques, des normes ou des standards qui appréhendent séparément les différents aspects qui composent la sécurité de l'information. Nous pensons que cette manière d'évaluer la sécurité est inefficiente, car elle ne tient pas compte de l'interaction des différentes dimensions et composantes de la sécurité entre elles, bien qu'il soit admis depuis longtemps que le niveau de sécurité globale d'une organisation est toujours celui du maillon le plus faible de la chaîne sécuritaire. Nous avons identifié le besoin d'une approche globale, intégrée, systémique et multidimensionnelle de l'évaluation de la sécurité de l'information. En effet, et c'est le point de départ de notre thèse, nous démontrons que seule une prise en compte globale de la sécurité permettra de répondre aux exigences de sécurité optimale ainsi qu'aux besoins de protection spécifiques d'une organisation. Ainsi, notre thèse propose un nouveau paradigme d'évaluation de la sécurité afin de satisfaire aux besoins d'efficacité et d'efficience d'une organisation donnée. Nous proposons alors un modèle qui vise à évaluer d'une manière holistique toutes les dimensions de la sécurité, afin de minimiser la probabilité qu'une menace potentielle puisse exploiter des vulnérabilités et engendrer des dommages directs ou indirects. Ce modèle se base sur une structure formalisée qui prend en compte tous les éléments d'un système ou programme de sécurité. Ainsi, nous proposons un cadre méthodologique d'évaluation qui considère la sécurité de l'information à partir d'une perspective globale. Structure de la thèse et thèmes abordés Notre document est structuré en trois parties. La première intitulée : « La problématique de l'évaluation de la sécurité de l'information » est composée de quatre chapitres. Le chapitre 1 introduit l'objet de la recherche ainsi que les concepts de base du modèle d'évaluation proposé. La maniéré traditionnelle de l'évaluation de la sécurité fait l'objet d'une analyse critique pour identifier les éléments principaux et invariants à prendre en compte dans notre approche holistique. Les éléments de base de notre modèle d'évaluation ainsi que son fonctionnement attendu sont ensuite présentés pour pouvoir tracer les résultats attendus de ce modèle. Le chapitre 2 se focalise sur la définition de la notion de Sécurité de l'Information. Il ne s'agit pas d'une redéfinition de la notion de la sécurité, mais d'une mise en perspectives des dimensions, critères, indicateurs à utiliser comme base de référence, afin de déterminer l'objet de l'évaluation qui sera utilisé tout au long de notre travail. Les concepts inhérents de ce qui constitue le caractère holistique de la sécurité ainsi que les éléments constitutifs d'un niveau de référence de sécurité sont définis en conséquence. Ceci permet d'identifier ceux que nous avons dénommés « les racines de confiance ». Le chapitre 3 présente et analyse la différence et les relations qui existent entre les processus de la Gestion des Risques et de la Gestion de la Sécurité, afin d'identifier les éléments constitutifs du cadre de protection à inclure dans notre modèle d'évaluation. Le chapitre 4 est consacré à la présentation de notre modèle d'évaluation Information Security Assurance Assessment Model (ISAAM) et la manière dont il répond aux exigences de l'évaluation telle que nous les avons préalablement présentées. Dans ce chapitre les concepts sous-jacents relatifs aux notions d'assurance et de confiance sont analysés. En se basant sur ces deux concepts, la structure du modèle d'évaluation est développée pour obtenir une plateforme qui offre un certain niveau de garantie en s'appuyant sur trois attributs d'évaluation, à savoir : « la structure de confiance », « la qualité du processus », et « la réalisation des exigences et des objectifs ». Les problématiques liées à chacun de ces attributs d'évaluation sont analysées en se basant sur l'état de l'art de la recherche et de la littérature, sur les différentes méthodes existantes ainsi que sur les normes et les standards les plus courants dans le domaine de la sécurité. Sur cette base, trois différents niveaux d'évaluation sont construits, à savoir : le niveau d'assurance, le niveau de qualité et le niveau de maturité qui constituent la base de l'évaluation de l'état global de la sécurité d'une organisation. La deuxième partie: « L'application du Modèle d'évaluation de l'assurance de la sécurité de l'information par domaine de sécurité » est elle aussi composée de quatre chapitres. Le modèle d'évaluation déjà construit et analysé est, dans cette partie, mis dans un contexte spécifique selon les quatre dimensions prédéfinies de sécurité qui sont: la dimension Organisationnelle, la dimension Fonctionnelle, la dimension Humaine, et la dimension Légale. Chacune de ces dimensions et son évaluation spécifique fait l'objet d'un chapitre distinct. Pour chacune des dimensions, une évaluation en deux phases est construite comme suit. La première phase concerne l'identification des éléments qui constituent la base de l'évaluation: ? Identification des éléments clés de l'évaluation ; ? Identification des « Focus Area » pour chaque dimension qui représentent les problématiques se trouvant dans la dimension ; ? Identification des « Specific Factors » pour chaque Focus Area qui représentent les mesures de sécurité et de contrôle qui contribuent à résoudre ou à diminuer les impacts des risques. La deuxième phase concerne l'évaluation de chaque dimension précédemment présentées. Elle est constituée d'une part, de l'implémentation du modèle général d'évaluation à la dimension concernée en : ? Se basant sur les éléments spécifiés lors de la première phase ; ? Identifiant les taches sécuritaires spécifiques, les processus, les procédures qui auraient dû être effectués pour atteindre le niveau de protection souhaité. D'autre part, l'évaluation de chaque dimension est complétée par la proposition d'un modèle de maturité spécifique à chaque dimension, qui est à considérer comme une base de référence pour le niveau global de sécurité. Pour chaque dimension nous proposons un modèle de maturité générique qui peut être utilisé par chaque organisation, afin de spécifier ses propres exigences en matière de sécurité. Cela constitue une innovation dans le domaine de l'évaluation, que nous justifions pour chaque dimension et dont nous mettons systématiquement en avant la plus value apportée. La troisième partie de notre document est relative à la validation globale de notre proposition et contient en guise de conclusion, une mise en perspective critique de notre travail et des remarques finales. Cette dernière partie est complétée par une bibliographie et des annexes. Notre modèle d'évaluation de la sécurité intègre et se base sur de nombreuses sources d'expertise, telles que les bonnes pratiques, les normes, les standards, les méthodes et l'expertise de la recherche scientifique du domaine. Notre proposition constructive répond à un véritable problème non encore résolu, auquel doivent faire face toutes les organisations, indépendamment de la taille et du profil. Cela permettrait à ces dernières de spécifier leurs exigences particulières en matière du niveau de sécurité à satisfaire, d'instancier un processus d'évaluation spécifique à leurs besoins afin qu'elles puissent s'assurer que leur sécurité de l'information soit gérée d'une manière appropriée, offrant ainsi un certain niveau de confiance dans le degré de protection fourni. Nous avons intégré dans notre modèle le meilleur du savoir faire, de l'expérience et de l'expertise disponible actuellement au niveau international, dans le but de fournir un modèle d'évaluation simple, générique et applicable à un grand nombre d'organisations publiques ou privées. La valeur ajoutée de notre modèle d'évaluation réside précisément dans le fait qu'il est suffisamment générique et facile à implémenter tout en apportant des réponses sur les besoins concrets des organisations. Ainsi notre proposition constitue un outil d'évaluation fiable, efficient et dynamique découlant d'une approche d'évaluation cohérente. De ce fait, notre système d'évaluation peut être implémenté à l'interne par l'entreprise elle-même, sans recourir à des ressources supplémentaires et lui donne également ainsi la possibilité de mieux gouverner sa sécurité de l'information.

Speed-cohesion trade-offs in collective decision making in ants and the concept of precision in animal behaviour

In decision making, speed-accuracy trade-offs are well known and often inevitable because accuracy depends on being well informed and gathering information takes time. However, trade-offs between speed and cohesion, that is the degree to which a group remains together as a single entity, as a result of their decision making, have been comparatively neglected. We combine theory and experimentation to show that in decision-making systems, speed-cohesion trade-offs are a natural complement to speed-accuracy trade-offs and are therefore of general importance. We then analyse the decision performance of 32 rock ant, Temnothorax albipennis, colonies in experiments in which accuracy of collective decision making was held constant, but time urgency varied. These experiments reveal for the first time an adaptive speed-cohesion trade-off in collective decision making and how this is achieved. In accord with different time constraints, colonies can decide quickly, at the cost of social unity, or they can decide slowly with much greater cohesion. We discuss the similarity between cohesion and the term precision as used in statistics and engineering. This emphasizes the generality of speed versus cohesion/precision trade-offs in decision making and decision implementation in other fields within animal behaviour such as sexually selected motor displays and even certain aspects of birdsong. We also suggest that speed versus precision trade-offs may occur when individuals within a group need to synchronize their activity, and in collective navigation, cooperative hunting and in certain escape behaviours.

An Empirical Study on Faculty Perceptions and Teaching Practices of Wikipedia

Some faculty members from different universities around the world have begun to use Wikipedia as a teaching tool in recent years. These experiences show, in most cases, very satisfactory results and a substantial improvement in various basic skills, as well as a positive influence on the students' motivation. Nevertheless and despite the growing importance of e-learning methodologies based on the use of the Internet for higher education, the use of Wikipedia as a teaching resource remains scarce among university faculty.Our investigation tries to identify which are the main factors that determine acceptance or resistance to that use. We approach the decision to use Wikipedia as a teaching tool by analyzing both the individual attributes of faculty members and the characteristics of the environment where they develop their teaching activity. From a specific survey sent to all faculty of the Universitat Oberta de Catalunya (UOC), pioneer and leader in online education in Spain, we have tried to infer the influence of these internal and external elements. The questionnaire was designed to measure different constructs: perceived quality of Wikipedia, teaching practices involving Wikipedia, use experience, perceived usefulness and use of 2.0 tools. Control items were also included for gathering information on gender, age, teaching experience, academic rank, and area of expertise.Our results reveal that academic rank, teaching experience, age or gender, are not decisive factors in explaining the educational use of Wikipedia. Instead, the decision to use it is closely linked to the perception of Wikipedia's quality, the use of other collaborative learning tools, an active attitude towards web 2.0 applications, and connections with the professional non-academic world. Situational context is also very important, since the use is higher when faculty members have got reference models in their close environment and when they perceive it is positively valued by their colleagues. As far as these attitudes, practices and cultural norms diverge in different scientific disciplines, we have also detected clear differences in the use of Wikipedia among areas of academic expertise. As a consequence, a greater application of Wikipedia both as a teaching resource and as a driver for teaching innovation would require much more active institutional policies and some changes in the dominant academic culture among faculty members.

Delivery of European Cross-Border Health Care and the Relevance and Effects of EU Regulations and Judicial Processes with Reference to Delivery of Drugs and Blood Donor Information Material.

Valtion rajat ylittävät terveyspalvelut Euroopan unionissa sekä Euroopan unionin säädösten merkitys ja vaikutus erityisesti lääkejakeluun ja verenluovuttajille jaettavaan tiedotusaineistoon Valtion rajat ylittävä terveydenhuolto on suuren kiinnostuksen kohteena Euroopan unionissa. Resurssien hyödyntäminen parhaalla mahdollisella tavalla ja tiedon keskittäminen ovat tarpeen terveydenhuollon kustannusten alati noustessa. Terveydenhuoltopalvelut kuuluvat Euroopan sisämarkkinoiden vapaan liikkuvuuden piiriin. Euroopan unionilla ei ole kuitenkaan toimivaltaa säädellä terveydenhuoltojärjestelmiä, vaan sen mahdollisuudet ovat enimmäkseen kansanterveyden edistämisessä ja suojelussa, myös muilla toimialueilla kuin terveydenhuollossa. Tutkimuksen tavoitteena oli tutkia Euroopan unionin säädösten vaikutusta terveydenhuoltosektoriin, erityisesti valtion rajat ylittäviin terveydenhuoltopalveluihin. Erityiskohteena olivat lääkemääräyksen toimittaminen toisen Euroopan unionin jäsenmaan apteekista, resepti-lääkkeiden maahantuonti omaan henkilökohtaiseen käyttöön, sähköisen lääkemääräyksen käyttö kansallisesti ja mahdollisuudet sen käyttöön eri jäsenmaiden välillä, online-apteekkien soveltuvuus Euroopan unionin sisämarkkinoille sekä verenluovuttajille jaettavan tiedotusaineiston yhtenäistämistarve Euroopan unionin alueella. Tutkimuksen osa-alueiden aineisto koottiin vuosina 1999–2003, jolloin Euroopan unioniin kuului 15 jäsenmaata. Apteekit toimittivat useimmiten myös ei-kansalliset, toisessa Euroopan unionin jäsenmaassa annetut lääkemääräykset. Kaikki jäsenmaat rajoittivat lääkemääräyksen vaativien lääkkeiden maahantuontia. Rajoituksia oli maahantuontimäärissä ja -tavoissa. Lisäksi sairasvakuutuskorvausten saaminen ulkomailla lunastetuista reseptilääkkeistä oli hankalaa. Sähköiset lääkemääräykset olivat käytössä vain kahdessa maassa, mutta useissa maissa suunniteltiin niiden kokeilua. Standardit ja käyttöjärjestelmät olivat erilaisia eri maissa. Euroopan unionin alueelle on perustettu online-apteekkeja, joiden toiminta on kuitenkin vaatimatonta. Verenluovuttajille annettava tiedotusaineisto ei missään maassa täyttänyt veridirektiivin vaatimuksia. Tutkimuksen tulokset osoittivat kansallisten käytäntöjen eroavaisuuksien rajoittavan valtion rajat ylittäviä terveydenhuoltopalveluita. Vaikka Euroopan unionin tavoitteena ei ole yhtenäistää terveydenhuoltojärjestelmiä, on tarpeen arvioida uudelleen unionin ja jäsenmaiden välistä työnjakoa. Kansalliset terveydenhuoltojärjestelmät eivät ole erillään Euroopan sisämarkkinoista, jotka merkittävästi vaikuttavat terveydenhuoltoon.

Collective decision making in a heterogeneous environment: Lasius niger colonies preferentially forage at easy to learn locations

Many ants forage in complex environments and use a combination of trail pheromone information and route memory to navigate between food sources and the nest. Previous research has shown that foraging routes differ in how easily they are learned. In particular, it is easier to learn feeding locations that are reached by repeating (e.g. left-left or right-right) than alternating choices (left-right or right-left) along a route with two T-bifurcations. This raises the hypothesis that the learnability of the feeding sites may influence overall colony foraging patterns. We studied this in the mass-recruiting ant Lasius niger. We used mazes with two T-bifurcations, and allowed colonies to exploit two equidistant food sources that differed in how easily their locations were learned. In experiment 1, learnability was manipulated by using repeating versus alternating routes from nest to feeder. In experiment 2, we added visual landmarks along the route to one food source. Our results suggest that colonies preferentially exploited the feeding site that was easier to learn. This was the case even if the more difficult to learn feeding site was discovered first. Furthermore, we show that these preferences were at least partly caused by lower error rates (experiment 1) and greater foraging speeds (experiment 2) of foragers visiting the more easily learned feeder locations. Our results indicate that the learnability of feeding sites is an important factor influencing collective foraging patterns of ant colonies under more natural conditions, given that in natural environments foragers often face multiple bifurcations on their way to food sources.

Respiratory health effects of fifteen years of improved collective protection in a wheat-processing worker population.

INTRODUCTION: Occupational exposure to grain dust causes respiratory symptoms and pathologies. To decrease these effects, major changes have occurred in the grain processing industry in the last twenty years. However, there are no data on the effects of these changes on workers' respiratory health. OBJECTIVES: The aim of this study was to evaluate the respiratory health of grain workers and farmers involved in different steps of the processing industry of wheat, the most frequently used cereal in Europe, fifteen years after major improvements in collective protective equipment due to mechanisation. MATERIALS AND METHOD: Information on estimated personal exposure to wheat dust was collected from 87 workers exposed to wheat dust and from 62 controls. Lung function (FEV1, FVC, and PEF), exhaled nitrogen monoxide (FENO) and respiratory symptoms were assessed after the period of highest exposure to wheat during the year. Linear regression models were used to explore the associations between exposure indices and respiratory effects. RESULTS: Acute symptoms - cough, sneezing, runny nose, scratchy throat - were significantly more frequent in exposed workers than in controls. Increased mean exposure level, increased cumulative exposure and chronic exposure to more than 6 mg.m (-3) of inhaled wheat dust were significantly associated with decreased spirometric parameters, including FEV1 and PEF (40 ml and 123 ml.s (-1) ), FEV1 and FVC (0.4 ml and 0.5 ml per 100 h.mg.m (-3) ), FEV1 and FVC (20 ml and 20 ml per 100 h at >6 mg.m (-3) ). However, no increase in FENO was associated with increased exposure indices. CONCLUSIONS: The lung functions of wheat-related workers are still affected by their cumulative exposure to wheat dust, despite improvements in the use of collective protective equipment.

Swiss family physicians' perceptions and attitudes towards knowledge translation practices.

BACKGROUND: Several studies have been performed to understand the way family physicians apply knowledge from medical research in practice. However, very little is known concerning family physicians in Switzerland. In an environment in which information constantly accumulates, it is crucial to identify the major sources of scientific information that are used by family physicians to keep their medical knowledge up to date and barriers to use these sources. Our main objective was to examine medical knowledge translation (KT) practices of Swiss family physicians. METHODS: The population consisted of French- and German-speaking private practice physicians specialised in family medicine. We conducted four interviews and three focus groups (n = 25). The interview guides of the semi-structured interviews and focus groups focused on (a) ways and means used by physicians to keep updated with information relevant to clinical practice; (b) how they consider their role in translating knowledge into practice; (c) potential barriers to KT; (d) solutions proposed by physicians for effective KT. RESULTS: Family physicians find themselves rather ambivalent about the translation of knowledge based on scientific literature, but generally express much interest in KT. They often feel overwhelmed by "information floods" and perceive clinical practice guidelines and other supports to be of limited usefulness for their practice. They often combine various formal and informal information sources to keep their knowledge up to date. Swiss family physicians report considering themselves as artisans, caring for patients with complex needs. CONCLUSION: Improved performance of KT initiatives in family medicine should be tailored to actual needs and based on high quality evidence-based sources.

Reuse of information for selection of methods and operating conditions for drying of pharmaceutical materials

Drying is a major step in the manufacturing process in pharmaceutical industries, and the selection of dryer and operating conditions are sometimes a bottleneck. In spite of difficulties, the bottlenecks are taken care of with utmost care due to good manufacturing practices (GMP) and industries' image in the global market. The purpose of this work is to research the use of existing knowledge for the selection of dryer and its operating conditions for drying of pharmaceutical materials with the help of methods like case-based reasoning and decision trees to reduce time and expenditure for research. The work consisted of two major parts as follows: Literature survey on the theories of spray dying, case-based reasoning and decision trees; working part includes data acquisition and testing of the models based on existing and upgraded data. Testing resulted in a combination of two models, case-based reasoning and decision trees, leading to more specific results when compared to conventional methods.

Standard care practices and psychosocial interventions aimed at reducing parental distress following stillbirth: A systematic narrative review

Objective: To summarise and critically evaluate the evidence informing the provision of standard care practices and psychosocial interventions following stillbirth. Background: Stillbirth is increasingly recognised as a significant bereavement experience with the potential to cause substantial psychological distress for parents. Standard care practices and psychosocial interventions to support parents have undergone dramatic changes, with limited basis in evidence. Methods: A systematic narrative review was conducted of quantitative studies examining interventions designed to reduce psychological distress in parents following the loss of a stillborn baby. Results: Twenty-five studies met the inclusion criteria for the review. Substantial methodological weaknesses were identified among reviewed studies, including small and heterogeneous loss samples, weak study designs and lack of clarity in reported methods and outcomes. Inadequate replication of many findings substantially limits the generalisability of the evidence. Conclusion: Tentative evidence was found for the provision of mementoes of the baby and information regarding the cause of the loss, support group attendance, and cognitive behavioural interventions for parents identified with clinical levels of distress. Contradictory findings for the impact of contact with the baby prevent the formation of clear conclusions for this practice. Due to the methodological weaknesses prevalent in the research identified, the current evidence base is not considered sufficiently able to reliably inform care practices and intervention approaches. High-quality research evidence in this field is urgently required.

Gestion et communication de l'information en surveillance biologique. Une approche éthique et interdisciplinaire [Biomonitoring information management and communication: an ethical and interdisciplinary perspective]

This study explores biomonitoring communication with workers exposed to risks. Using a qualitative approach, semi-directive interviews were performed. Results show that occupational physicians and workers share some perceptions, but also point out communication gaps. Consequently, informed consent is not guaranteed. This article proposes some recommendations for occupational physicians' practices.

Practices of place-making through locative media artworks

Peer-reviewed

OERopoly : A Game to Generate Collective Intelligence around OER

Collective Intelligence (CI ) is a phenomenon that emerges at the crossroads of three worlds: Open Educational Resources (OER), Web 2.0 technologies and Online Learning Communities. Building CI for the OER movement means capturing the richness of information, experiences, knowledge and resources, that the movement is constantly generating, in a way that they can be shared and reused for the benefit of the movement itself. The organisation of CI starts from collecting the knowledge and experiences of OER's practitioners and scholars in new creative forms, and then situating this knowledge in a collective 'pot' from where it can be leveraged with new 'intelligent' meanings and toward new 'intelligent' goals. This workshop is an attempt to do so by engaging participants in a CI experience, in which they will contribute to, and at the same time take something from, the existing CI around OER, Web 2.0 technologies and Online Learning Communities.

Estudio cualitativo sobre factores psicosociales de riesgo en profesionales de enfermería (Catalunya-España).

Peer-reviewed

Warranty Practices and Costs in the Industry of Welding Machines Manufacturing

The objective of the master’s thesis is to define the warranty practices and costs in the welding machines manufacturing company and do a proposal for a warranty policy based on the practices and costs. The study include a disquisition of the warranty practices in the subsidiaries and distributor sales. The disquisition of the warranty practices introduces the information relates to warranty period, warranty costs, including repair, spare part and other costs, the practices with the replaced parts, the utilization rate of the eWarranty system and information relates to special arrangements in the warranties. The warranty costs are defined besides the group level also separately per regions and product families. From some product families the disquisition is done per products. In this study is also done a proposal for a warranty policy for the company. The proposal speaks out the length of warranty period, the compensation of the warranty costs, the practices with replaced parts and usage of eWarranty system.