| 1. |
- Amorim, Joni A., et al.
(author)
-
Awareness and training : Identification of relevant security skills and competencies
- 2014
-
In: Engineering Education in a Technology-Dependent World. - Guimarães : INTERTECH. - 9788565992282 - 9788566680287 ; , s. 37-
-
Conference paper (peer-reviewed)abstract
- In order to identify needed skills and competencies for privacy and security, we propose a systematic process that maps privacy and security threats to related controls that are required to prevent, detect or remove such threats. This work suggests how to apply the process, while discussing how games and simulations can be used both to develop the desired behavior and to monitor the current competency level.
|
|
| 2. |
- Amorim, Joni A., et al.
(author)
-
Privacy and Security in Cyberspace : Training Perspectives on the Personal Data Ecosystem
- 2013
-
In: European Intelligence and Security Informatics Conference (EISIC), Proceedings CD. - : IEEE conference proceedings. - 9780769550626 ; , s. 139-142
-
Conference paper (peer-reviewed)abstract
- There is a growing understanding that privacy is an essential component of security. In order to decrease the probability of having data breaches, the design of information systems, processes and architectures should incorporate considerations related to both privacy and security. This incorporation may benefit from the offering of appropriate training. In this way, this paper intends to discuss how to better offer training while considering new developments that involve both multimedia production and the “gamification” of training. The paper suggests the use in conjunction of two frameworks: the EduPMO Framework, useful for the management of large scale projects that may involve a consortium of organizations developing multimedia for the offering of training, and the Game Development Framework, useful for the identification of the main components of the serious game for training on privacy by design to be developed as part of the training offering.
|
|
| 3. |
- Bergström, Erik, 1976-, et al.
(author)
-
Information Classification Issues
- 2014
-
In: Secure IT Systems. - Cham : Springer. - 9783319115986 - 9783319115993 ; , s. 27-41
-
Conference paper (peer-reviewed)abstract
- This paper presents an extensive systematic literature review with the aim of identifying and classifying issues in the information classification process. The classification selected uses human and organizational factors for grouping the identified issues. The results reveal that policy-related issues are most commonly described, but not necessarily the most crucial ones. Furthermore, gaps in the research field are identified in order to outline paths for further research.
|
|
| 4. |
|
|
| 5. |
|
|
| 6. |
|
|
| 7. |
- Krasniqi, Hanife, et al.
(author)
-
Patients' Experiences of Communicating with Healthcare - an Information Exchange Perspective
- 2011
-
In: Proceedings of the 15th International Symposium on Health Information Management Research (ISHIMR 2011). - : University of Zurich. - 9780955928314 ; , s. 241-251
-
Conference paper (peer-reviewed)abstract
- Aims: To explore on how patients experience the information exchange with healthcare organizations and how this relates to the six areas that constitute good quality care.Method: A qualitative approach inspired by Grounded Theory was adopted. Seven interviews with patients were carried out in the homes of patients.Conclusion: Healthcare does not always meet the requirements of Health and Medical Services Act with regard to good quality health. An effective exchange of information between health professionals and patients was found as a key issue for creating the conditions for good quality care.
|
|
| 8. |
|
|
| 9. |
- Scandurra, Isabella, et al.
(author)
-
Building Usability into National eHealth Strategies : an Action Research Approach
- 2013
-
In: Proceedings of the 4th international workshop on Infrastructures for Healthcare: Action Research, Intervention and Participatory Design 2013.
-
Conference paper (peer-reviewed)abstract
- Many healthcare organizations are currently committed to organizational change and quality improvement projects. Unfortunately, little effort is put into health information system development according to usability requirements and methodology, leading to bottlenecks in the eHealth systems when implemented into daily practice. This paper presents a national initiative to build usability of eHealth systems into the Swedish national eHealth strategy and its action plan to ensure impact on practice. Action researchers within the health informatics domain collaborated with representatives of different care professions to propose high-priority changes necessary to improve the usability of health information systems.
|
|
| 10. |
|
|
| 11. |
|
|
| 12. |
- Scandurra, Isabella, et al.
(author)
-
Challenges in Applying a Participatory Approach in a Nation-wide Project -The Case of ‘Usability of Swedish eHealth Systems 2013’
- 2013
-
In: Past History and Future Challenges of Human Work Interaction Design (HWID). - Cape Town : INTERACT. - 9780620580373 ; , s. 33-38
-
Conference paper (peer-reviewed)abstract
- Many healthcare organizations are currently committed to organizational change and quality improvement projects. Unfortunately, little effort is put into health information system development according to usability requirements and methodology, leading to bottlenecks in the eHealth systems when implemented into daily practice. This paper presents the experiences of applying a participatory approach in a nation-wide project. The aim of this national initiative was to build usability of eHealth systems into the Swedish national eHealth strategy and its action plan to ensure impact on practice. Action researchers within the health informatics domain collaborated with representatives of different care professions to propose high-priority changes necessary to improve the usability of health information systems. Reflections from the first phase of this initiative are further explored in terms of methodological challenges and recommendations, whereof one recommendation is to increase the use of HI-U specialists – health informaticians with usability and human work interaction design expertise within national and local eHealth development.
|
|
| 13. |
- Scandurra, Isabella, 1973-, et al.
(author)
-
Disturbing or Facilitating? On the Usability of Swedish eHealth Systems 2013
- 2014
-
In: E-Health – For Continuity of Care. - Amsterdam : IOS Press. - 9781614994312 - 9781614994329 ; 205, s. 221-5
-
Conference paper (peer-reviewed)abstract
- As many evaluations show, healthcare organizations do not accomplish the intended effects of their eHealth systems due to inadequate usability. On behalf of the Swedish Ministry of Health and Social Affairs, the usability of current eHealth systems in Swedish healthcare have been analysed from the perspective of healthcare and social service professionals. The objective of the study was to report on current problems, potential solutions as well as to relate these to research in relevant areas. Using a participatory approach, seven workshops were held where researchers within health informatics collaborated with staff from different care providers, representatives of the national associations of health and social care professionals and the national eHealth system vendor organization. This paper presents a foundation for further development of eHealth systems, condensed into 10 issues that the Swedish health and social care professionals find imperative to improve. The study emphasizes that the development of eHealth systems is always a matter of organizational and process development and must be integrated into the care practice improvement process. Further, based on the findings, some identified challenges are discussed.
|
|
| 14. |
- Scandurra, Isabella, 1973-, et al.
(author)
-
Experiences of Novel e-Health Services for Patients - Pros, Cons and Future Challenge. Workshop
- 2013
-
In: Proceedings of the 14th World Congress on Medical and Health Informatics (MEDINFO 2013). - Amsterdam, Netherlands : IOS Press. - 0926-9630 .- 1879-8365. - 9781614992882 - 9781614992899 ; , s. 1254-
-
Conference paper (peer-reviewed)abstract
- It is crucial to involve the patient in the development of patient accessible eHealth systems. But who, how and when? Patient involvement in development of e-health services for citizens has gained little attention to date. It is important to highlight the experiences, pros and cons, and explore new issues and future challenges that arise for all different stakeholders involved in e-health development.One source of inspiration for this workshop is the European funded SUSTAINS project which aims to deploy e-health services with the patient as an important actor. Another is the Swedish research project My Care Pathways where focus is on development of new e-health services that enable the patient to follow and interact with their care processes.This workshop aims to discuss the experiences made in ongoing European deployment projects of online e-health services as well as methods to improve patient participation in such development based on current evaluations and future needs.The objective is to collect and disseminate various experiences from novel e-health service deployment in Europe; during the workshop active participation is desired via twitter and other eLearning tools, and afterwards the results of the workshop are published on easily accessible web sites.
|
|
| 15. |
- Scandurra, Isabella, 1973-, et al.
(author)
-
Towards National Deployment of Online Medical Records and eHealth Services
- 2014
-
In: Vitalis - Nordens ledande eHälsomöte. - Göteborg : Göteborgs universitet. ; , s. 16-19
-
Conference paper (peer-reviewed)abstract
- Information and Communication Technology for health and wellbeing ('eHealth') is becoming increasingly important to deliver top-quality care to European citizens. There are a number of currently ongoing national and international efforts related to public access to eHealth services. In Sweden, the action research project DOME (Deployment of Online Medical Records and eHealth Services) aims to study and contribute to ongoing national deployment projects. This paper presents the DOME project's objectives, goals and methods as well as expected results regarding the national deployment of online medical records.
|
|
| 16. |
|
|
| 17. |
- Söderström, Eva, et al.
(author)
-
Trusting digitized patient-related information: The need for a new approach
- 2011
-
In: In Furnell and Clarke (eds.), Proceedings of the 5th International Symposium on Human Aspects of Information Security and Assurance (HAISA), London, 2011. - : Plymouth Center for Security, Comunications & Network Research, University of Plymouth. - 9781841022840 ; , s. 119-129
-
Conference paper (peer-reviewed)abstract
- Trust is receiving increasing attention nowadays, particularly since new technology enables communication and collaboration like it has never been seen before. However, trust is a fuzzy concept that needs further examination and attention from multiple levels. For example, security is very important from a user’s point of view in trusting that technology will function in accordance with the user’s intended and requested function. This paper reviews the concept of patient safety, which thus far has been discussed and defined from a narrow technical perspective. We demonstrate that it is much more complex, and that it is not primarily the technical issues that are problematic, but rather the cultural, process-related and personnel issues. Our results point to a need for a new approach, which takes the patients’ view of healthcare and the patient-related digital information as its focus. The discussion is made from a Swedish perspective, but the issues are international. The needs for information and knowledge in healthcare are obvious. Without clear definitions of concepts and roles, a good information flow or process cannot be designed. Our discussion shows that trusted digital patient information gives an opportunity for a patient-focused healthcare. Multidimensional trust must be addressed on all levels; organization, person and technology. More empirical research into trust in digital patient-related information is necessary, to develop a model for patient safety from a trust perspective that encompasses all levels of trust.
|
|
| 18. |
- Yano, Edgar Toshiro, et al.
(author)
-
Towards a Methodology for Cybersecurity Risk Management Using Agents Paradigm
- 2014
-
In: JISIC 2014. - Piscataway : IEEE. - 9781479963645 ; , s. 325-
-
Conference paper (other academic/artistic)abstract
- In order to deal with shortcomings of security management systems, this work proposes a methodology based on agents paradigm for cybersecurity risk management. In this approach a system is decomposed in agents that may be used to attain goals established by attackers. Threats to business are achieved by attacker's goals in service and deployment agents. To support a proactive behavior, sensors linked to security mechanisms are analyzed accordingly with a model for Situational Awareness(SA)[4].
|
|
| 19. |
- Åhlfeldt, Rose-Mharie, 1960-, et al.
(author)
-
Förstudie kompetensbehov informationssäkerhet
- 2014
-
Reports (pop. science, debate, etc.)abstract
- På uppdrag av Myndigheten för samhällsskydd och beredskap (MSB) har en förstudie genomförts med syftet att sammanställa forskningsresultat om kompetenshöjande åtgärder inom informationssäkerhetsområdet för att kartlägga utbildningsbehov och identifierade nyttoeffekter. Arbetet har genomförts av forskare från tre olika lärosäten, Högskolan Skövde, Karlstad Universitet och Stockholms Universitet, samt inom tre forskningsdiscipliner nämligen pedagogik, informationssäkerhet och företagsekonomi.Förstudien har haft i uppdrag att besvara följande frågeställningar:Hur definieras kompetens?Hur mäter man kompetens?Hur skiljer sig olika typer av utbildningsinsatser avseende nyttoeffekter? Vilka erfarenheter,utvärderingar förklaringsfaktorer kan identifieras?Hur och i vilken utsträckning tillgodogörs olika typer av utbildningar?Vad kännetecknar framgångsrika utbildningsinsatser?Resultatet visar att kompetensbegreppet är svårdefinierat och det finns ingen tydlig definition av begreppet. Ett försök till en sammanfattande beskrivning av kompetensbegreppet utifrån granskningen är att kompetens innebär en viss uppsättning kunskaper, färdigheter, etik och attityder i en viss kontext. Kompetens innefattar både egenskaper och intentioner där egenskap inkluderar kunskap och färdighet, och intentioner innefattar etik och attityder. Allt måste dock relatera till en kontext och alltid ses i sitt sammanhang.Ytterst få studier har fokus på mätning av kompetens både generellt och inom informationssäkerhetsområdet. De studier som genomfört någon form av mätning mäter främst kompetens utifrån det akademiska fältet och då i första hand utifrån ett kunskapsperspektiv. Forskning av mätning på yrkesverksamma är minimal inom de sökområden som granskats i denna förstudie.Avseende kompetensbehov, nyttoeffekter, erfarenheter och framgångsfaktorer visar granskningen att framgångsfaktorer generellt är när utbildningsinsatserna för yrkesverksamma har ett praktiknära fokus. Motivationen och engagemanget hos de som går en utbildning är av avgörande betydelse. Det går inte direkt att avgöra vilka utbildningstyper eller aktiviteter som är av störst betydelse utan granskningen visar att en kombination av olika utbildningsformer och aktiviteter är att föredra. Vidare är dialog och diskussion i den dagliga verksamheten av stor betydelse för att bygga upp en hållbar säkerhetskultur i organisationen. Den s k tysta kunskapen ska inte underskattas utan behöver tas i beaktande och stödjas.Ytterligare är ledningens engagemang, delaktighet och stöd för utbildningens genomförande av avgörande betydelse om en utbildning ska uppnå en tydlig effekt i verksamheten.Granskningen visar att det finns behov av ytterligare forskning avseende kompetensbehov och på vilket sätt olika utbildningsinsatser ger effekt i organisationer. Förslag på ett diskussionsunderlag för framtida arbete har tagits fram. Förslagen innefattar bl a behov av kompetensanalyser, metoder och verktyg för att mäta utbildningseffekter, riktade kompetenshöjande insatser för managementnivån, longitudinella studier för uppföljning av effekter samt utveckling av metoder och verktyg för ett situerat lärande.Granskningen har genomförts inom olika disciplinområden vilket har uppfattats mycket positivt av de deltagande forskarna. Eftersom informationssäkerhet är ett interdisciplinärt område krävs också att bredare perspektiv och ytterligare discipliner bör ingå i framtida fördjupade analyser i området. Exempel på tillkommande discipliner är beteendevetenskap, psykologi och juridik. Behovet av kompetens inom informationssäkerhetsområdet lär inte minska i framtiden och ytterligare forskning behövs för att rätt utbildning ska nå rätt person vid rätt tidpunkt och på rätt plats.Skövde i mars 2014
|
|
| 20. |
- Åhlfeldt, Rose-Mharie, et al.
(author)
-
Patient Safety and Patient Privacy in Information Security from the Patient's view : A case study
- 2010
-
In: Journal of Information System Security. - : The Information Institute. - 1551-0123 .- 1551-0808. ; 6:4, s. 71-85
-
Journal article (peer-reviewed)abstract
- The patient is the most important actor in healthcare and it is an obligation for healthcare to operate so that it fulfils the requirements of good care, i.e. provide patients with both patient safety and patient privacy. Furthermore, patients visit more than one healthcare provider, which implies the need for cross-border healthcare and a focus on the patient process. In order to manage sensitive patient information, IT solutions are required and the need of information security in healthcare is obvious. This paper presents the results from a case study in Swedish healthcare aiming to identify problems and needs concerning patient safety and patient privacy from a patient view. We also present how patient safety and patient privacy relate to the information security area, and emphasize the patient's view on these issues when the transfer of patient information between different healthcare providers becomes more common in the future. The results show that patients focus more on patient safety than on patient privacy, and that their role in their own process must be highlighted.
|
|
| 21. |
- Åhlfeldt, Rose-Mharie, et al.
(author)
-
Patient Safety and Patient Privacy when Patient Reading their Medical Records
- 2014
-
In: Safe and Secure Cities. - Cham : Springer. - 9783319102108 - 9783319102115 ; , s. 230-239
-
Conference paper (peer-reviewed)abstract
- When patients get access to their personal health information new security demands arise. This paper presents results from a study aiming to improve the understanding of how the patients’ different perceptions of their own personal health and health information preferences can be linked to anticipated positive and negative security concerns. The analysis and discussion focuses on investigating how the security issues and patients’ perception on the benefits and threats of accessing their medical records relate to each other. The results show that a more holistic systemic perspective to information security is needed to support the effective use of medical records in the healthcare in information and data driven society in order to improve both patient safety and patient privacy.
|
|
| 22. |
|
|
| 23. |
- Åhlfeldt, Rose-Mharie, et al.
(author)
-
Supporting Active Patient and Healthcare Collaboration - A Prototype for Future Healthcare Information Systems
- 2013
-
In: Proceedings of the 16<sup>th</sup> International Symposium on Health Information Management Research (ISHIMR 2013). Halifax, June 26-28 2013. ; , s. 13-23
-
Conference paper (peer-reviewed)abstract
- This paper presents and illustrates the main features of a proposed process oriented approach for patient information distribution in future healthcare information systems by using a prototype of a process support system. The development of the prototype was based on Visuera method which includes five various steps. The results indicate that a visualised prototype is a suitable tool for illustrating both the opportunities and constraints of future ideas and solutions in eHealth. The main challenges for developing and implementing a fully functional process support system are both on a technical and organisational/management level.
|
|
