The objective of this paper is a reflective discussion on the validity of the construct Information Literacy in the perspective of changing information and communication technologies. The research question that will be answered is: what is the impact of technological developments on the relevance of the Information Literacy concept? Technological developments that will be discussed are: - content integration (federated search engines) - amateur publishing (user generated content) - use of social networks to find information - personalisation and push technology - loss of context / fragmentation of information. Research methods: desk research and critical analysis of the results that were found. The analysis of the influence of the discussed technologies on the Information Literacy concept is represented by arrow diagrams. Findings: The Information Literacy concept refers to a set of sub skills varying from retrieval skills to critical use of scholar information. Changing technologies reduce the significance of the more instrumental sub skills of the Information Literacy concept. On the other hand, higher order cognitive skills (for instance critical evaluation of resources and analysis of content) become more and more important for students and professionals who try to solve their information problems. The paper concludes with a description of the facets of the Information Literacy concept that need extra attention in the education of the knowledge workers of the future. [De hier gepubliceerde versie is het 'accepted paper' van het origineel dat is gepubliceerd op www.springerlink.com . De officiële publicatie kan worden gedownload op http://www.springerlink.com/content/n32j3um878720h40/abstract/]
The purpose of the research was the development of a questionnaire that can measure the behaviour of groups of students (for instance departments' cohorts) in Personal Information Management (PIM). Variables for the questionnaire were derived from the international literature on PIM. The questionnaire has been tested out on 79 students (last year before graduation) from four different departments of the Academy of ICT&Media at The Hague University of Applied Sciences. The students' responses were checked on consistency, item non response, desirability bias and information value of the results. All these criteria indicated that the questionnaire is an adequate tool for the assessment of PIM at an institutional level. The results that have been found for the four departments have not yet been discussed with the managers of the Academy and those of the individual departments. [De hier gepubliceerde versie is het 'accepted paper' van het origineel dat is gepubliceerd op www.springerlink.com . De officiële publicatie kan worden gedownload op http://www.springerlink.com/content/n0h3k71u85024xnt/]
Introduction: Success of e-health relies on the extent to which the related technology, such as the electronic device, is accepted by its users. However, there has been limited research on the patients’ perspective on use of e-health-related technology in rehabilitation care. Objective: To explore the usage of common electronic devices among rehabilitation patients with access to email and investigate their preferences regarding their usage in rehabilitation. Methods: Adult patients who were admitted for inpatient and/or outpatient rehabilitation and were registered with an email address were invited to complete an electronic questionnaire regarding current and preferred use of information and communication technologies in rehabilitation care. Results: 190 out of 714 invited patients completed the questionnaire, 94 (49%) female, mean age 49 years (SD 16). 149 patients (78%) used one or more devices every day, with the most frequently used devices were: PC/laptop (93%), smartphone (57%) and tablet (47%). Patients mostly preferred to use technology for contact with health professionals (mean 3.15, SD 0.79), followed by access to their personal record (mean 3.09, SD 0.78) and scheduling appointments with health professionals (mean 3.07, SD 0.85). Conclusion: Most patients in rehabilitation used one or more devices almost every day and wish to use these devices in rehabilitation. https://doi.org/10.1080/17483107.2017.1358302
MULTIFILE
Today, embedded devices such as banking/transportation cards, car keys, and mobile phones use cryptographic techniques to protect personal information and communication. Such devices are increasingly becoming the targets of attacks trying to capture the underlying secret information, e.g., cryptographic keys. Attacks not targeting the cryptographic algorithm but its implementation are especially devastating and the best-known examples are so-called side-channel and fault injection attacks. Such attacks, often jointly coined as physical (implementation) attacks, are difficult to preclude and if the key (or other data) is recovered the device is useless. To mitigate such attacks, security evaluators use the same techniques as attackers and look for possible weaknesses in order to “fix” them before deployment. Unfortunately, the attackers’ resourcefulness on the one hand and usually a short amount of time the security evaluators have (and human errors factor) on the other hand, makes this not a fair race. Consequently, researchers are looking into possible ways of making security evaluations more reliable and faster. To that end, machine learning techniques showed to be a viable candidate although the challenge is far from solved. Our project aims at the development of automatic frameworks able to assess various potential side-channel and fault injection threats coming from diverse sources. Such systems will enable security evaluators, and above all companies producing chips for security applications, an option to find the potential weaknesses early and to assess the trade-off between making the product more secure versus making the product more implementation-friendly. To this end, we plan to use machine learning techniques coupled with novel techniques not explored before for side-channel and fault analysis. In addition, we will design new techniques specially tailored to improve the performance of this evaluation process. Our research fills the gap between what is known in academia on physical attacks and what is needed in the industry to prevent such attacks. In the end, once our frameworks become operational, they could be also a useful tool for mitigating other types of threats like ransomware or rootkits.
The integration of renewable energy resources, controllable devices and energy storage into electricity distribution grids requires Decentralized Energy Management to ensure a stable distribution process. This demands the full integration of information and communication technology into the control of distribution grids. Supervisory Control and Data Acquisition (SCADA) is used to communicate measurements and commands between individual components and the control server. In the future this control is especially needed at medium voltage and probably also at the low voltage. This leads to an increased connectivity and thereby makes the system more vulnerable to cyber-attacks. According to the research agenda NCSRA III, the energy domain is becoming a prime target for cyber-attacks, e.g., abusing control protocol vulnerabilities. Detection of such attacks in SCADA networks is challenging when only relying on existing network Intrusion Detection Systems (IDSs). Although these systems were designed specifically for SCADA, they do not necessarily detect malicious control commands sent in legitimate format. However, analyzing each command in the context of the physical system has the potential to reveal certain inconsistencies. We propose to use dedicated intrusion detection mechanisms, which are fundamentally different from existing techniques used in the Internet. Up to now distribution grids are monitored and controlled centrally, whereby measurements are taken at field stations and send to the control room, which then issues commands back to actuators. In future smart grids, communication with and remote control of field stations is required. Attackers, who gain access to the corresponding communication links to substations can intercept and even exchange commands, which would not be detected by central security mechanisms. We argue that centralized SCADA systems should be enhanced by a distributed intrusion-detection approach to meet the new security challenges. Recently, as a first step a process-aware monitoring approach has been proposed as an additional layer that can be applied directly at Remote Terminal Units (RTUs). However, this allows purely local consistency checks. Instead, we propose a distributed and integrated approach for process-aware monitoring, which includes knowledge about the grid topology and measurements from neighboring RTUs to detect malicious incoming commands. The proposed approach requires a near real-time model of the relevant physical process, direct and secure communication between adjacent RTUs, and synchronized sensor measurements in trustable real-time, labeled with accurate global time-stamps. We investigate, to which extend the grid topology can be integrated into the IDS, while maintaining near real-time performance. Based on topology information and efficient solving of power flow equation we aim to detect e.g. non-consistent voltage drops or the occurrence of over/under-voltage and -current. By this, centrally requested switching commands and transformer tap change commands can be checked on consistency and safety based on the current state of the physical system. The developed concepts are not only relevant to increase the security of the distribution grids but are also crucial to deal with future developments like e.g. the safe integration of microgrids in the distribution networks or the operation of decentralized heat or biogas networks.
Despite the benefits of the widespread deployment of diverse Internet-enabled devices such as IP cameras and smart home appliances - the so-called Internet of Things (IoT) has amplified the attack surface that is being leveraged by cyber criminals. While manufacturers and vendors keep deploying new products, infected devices can be counted in the millions and spreading at an alarming rate all over consumer and business networks. The objective of this project is twofold: (i) to explain the causes behind these infections and the inherent insecurity of the IoT paradigm by exploring innovative data analytics as applied to raw cyber security data; and (ii) to promote effective remediation mechanisms that mitigate the threat of the currently vulnerable and infected IoT devices. By performing large-scale passive and active measurements, this project will allow the characterization and attribution of compromise IoT devices. Understanding the type of devices that are getting compromised and the reasons behind the attacker’s intention is essential to design effective countermeasures. This project will build on the state of the art in information theoretic data mining (e.g., using the minimum description length and maximum entropy principles), statistical pattern mining, and interactive data exploration and analytics to create a casual model that allows explaining the attacker’s tactics and techniques. The project will research formal correlation methods rooted in stochastic data assemblies between IoT-relevant measurements and IoT malware binaries as captured by an IoT-specific honeypot to aid in the attribution and thus the remediation objective. Research outcomes of this project will benefit society in addressing important IoT security problems before manufacturers saturate the market with ostensibly useful and innovative gadgets that lack sufficient security features, thus being vulnerable to attacks and malware infestations, which can turn them into rogue agents. However, the insights gained will not be limited to the attacker behavior and attribution, but also to the remediation of the infected devices. Based on a casual model and output of the correlation analyses, this project will follow an innovative approach to understand the remediation impact of malware notifications by conducting a longitudinal quasi-experimental analysis. The quasi-experimental analyses will examine remediation rates of infected/vulnerable IoT devices in order to make better inferences about the impact of the characteristics of the notification and infected user’s reaction. The research will provide new perspectives, information, insights, and approaches to vulnerability and malware notifications that differ from the previous reliance on models calibrated with cross-sectional analysis. This project will enable more robust use of longitudinal estimates based on documented remediation change. Project results and methods will enhance the capacity of Internet intermediaries (e.g., ISPs and hosting providers) to better handle abuse/vulnerability reporting which in turn will serve as a preemptive countermeasure. The data and methods will allow to investigate the behavior of infected individuals and firms at a microscopic scale and reveal the causal relations among infections, human factor and remediation.
