Category / BU research

There’s a massive cyber security job gap – we should fill it by employing hackers

BU research, Research news, the conversation

File 20190404 123395 155dk1m.jpg?ixlib=rb 1.1
Gorodenkoff/Shutterstock.com

John McAlaney, Bournemouth University and Helen Thackray, University of Portsmouth

Cyber security incidents are gaining an increasingly high profile. In the past, these incidents may have been perceived primarily as a somewhat distant issue for organisations such as banks to deal with. But recent attacks such as the 2017 Wannacry incident, in which a cyber attack disabled the IT systems of many organisations including the NHS, demonstrates the real-life consequences that cyber attacks can have.

These attacks are becoming increasingly sophisticated, using psychological manipulation as well as technology. Examples of this include phishing emails, some of which can be extremely convincing and credible. Such phishing emails have led to cyber security breaches at even the largest of technology companies, including Facebook and Google.

To face these challenges, society needs cyber security professionals who can protect systems and mitigate damage. Yet the demand for qualified cyber security practitioners has quickly outpaced the supply, with three million unfilled cyber security posts worldwide.

So it might come as a surprise that there is already an active population with a strong passion for cyber security – hackers. This is a term with many negative connotations. It evokes the stereotypical image of a teenage boy sat in a dark room, typing furiously as green text flies past on the computer monitor, often with the assumption that some criminal activity is taking place. The idea of including such individuals in helping build and protect cyber systems may seem counter intuitive.

But – as we have highlighted in our recent research – the reality of hacking communities is more complex and nuanced than the stereotypes would suggest. Even the phrase “hacker” is contentious for many individuals who may be labelled hackers. This is because it has lost the original meaning: of someone who uses technology to solve a problem in an innovative manner.

Researching cyber security.
Bournemouth University, Author provided

Hacking today

There are a growing number of online hacking communities – and regular offline meetings and conventions where hackers meet in person. One of the largest of these events is DEFCON, held every year in Las Vegas and attended by up to 20,000 people. These hacking communities and events are an important source of information for young people who are becoming involved in hacking, and may be the first contact they have with other hackers.

On the surface, the conversations that are held on these forums often relate to sharing information. People seek advice on how to overcome different technical barriers in the hacking process. Assistance is given to those who are having difficulties – provided that they firstly demonstrate a willingness to learn. This reflects one of the characteristics of hacking communities, in that there is a culture of individuals demonstrating passion and the desire to overcome barriers.

But such events are about more than sharing practical skills. As individuals, we are strongly influenced by those around us, often to a greater agree that we are aware of. This is especially the case when we are in a new environment and unsure of the social norms of the group. As such, these online and offline hacking communities also provide an important source of social identity to individuals. They learn what is and what is not acceptable behaviour, including the ethics and legality of hacking.

Technological approaches alone cannot prevent cyber attacks.
Bournemouth University, Author provided

Myths and opportunities

It is important to stress here that hacking is not an inherently illegal activity. There are many opportunities to engage in ethical hacking, which refers to attempting to hack systems for the purpose of finding and fixing the flaws that malicious hackers may try to exploit for criminal activity.

Our research demonstrates that the majority of people active within hacking communities have no wish to exploit the flaws they find although they do believe that such flaws should be exposed so that they can be addressed – especially when the organisation concerned is holding public data and have sufficient resources that it is reasonable to feel they should not have any gaps in their cyber security in the first place. Several large and well-known companies actively engage with this culture, by offering hackers “bug bounties” – financial rewards for identifying and reporting previously undiscovered weaknesses in their systems.

Of course criminal hacking does happen – and many of the people we have spoken to acknowledge that they take part in activities that are of questionable legality in order to achieve their goal of finding the flaws in a system. This creates a risk for those people, especially young adults, who are becoming involved in hacking. Through ignorance or through being wilfully misled, they may become involved in activities that result in them gaining a criminal record.

If so, this impacts not only them as an individual but also the cyber security profession. As a result of this culture, many companies are being deprived of individuals who could have helped fill the increasingly urgent gap in cyber security professionals. To address both of these problems, we need to move past unhelpful and negative stereotypes and work with young people and hacking communities to provide an awareness of how their passion and skills can be used to address the cyber security challenges that society faces.The Conversation

John McAlaney, Associate Professor in Psychology, Bournemouth University and Helen Thackray, Senior Research Associate, University of Portsmouth

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Setting up NHS / HSC research in the UK– upcoming changes

BU research, Clinical Governance, data management, NHS, Research Ethics, research integrity, Research news

The UK Local Information Pack

A ‘UK Local Information Pack‘ will be introduced on the 5 June 2019 to support the set-up of NHS / HSC research in the UK.

The ‘UK Local Information Pack’ is the set of documents that NHS / HSC organisations use to formally start preparing to deliver the study. You can find more information here, including what comprises the pack. All researchers wishing to set-up their study at an NHS/HSC site from 5 June, will need to be aware of this change.

The Organisation Information Document

Researchers and research teams may be aware of a document called the ‘Statement of Activities’ – this is essentially a document that allows the sponsor to make clear to the research site, what activities will be undertaken locally. The document can also act as the agreement between the sponsor and site. Researchers setting up their study before 5 June should continue to use this document.

From 5 June the Statement of Activities will be replaced by a document called the ‘Organisation Information Document‘. For non-commercially sponsored studies, that are not clinical trials or clinical investigations, the ‘Organisation Information Document’ should be used as the agreement between sponsor and participating NHS / HSC organisation.

A new delegation log template

Another feature of the UK Local Information Pack is the inclusion of a delegation log template, which is intended to be used at participating NHS / HSC organisations. This will allow NHS/HSC organisations to locally record who will be working on the study and who is authorised to undertake study tasks.

Schedule of Events or Schedule and Events Cost Attribution Tool (SoECAT)

For non-commercially sponsored studies studies an IRAS Schedule of Events or a SoECAT will be a part of the IRAS Form submission and is used in the UK Local Information Pack as a way of providing clarity to participating NHS / HSC organisations on the cost attributions associated with a study.

Further help and guidance

Guidance on the use of the UK Local Information Pack has now been published in the Site Specific page of IRAS Help to help applicants get ready for the change.

If you are making an IRAS Form submission or planning to set up research in an NHS / HSC organisation from 5 June 2019 please read the transition guidance so that you prepare the correct materials.

If you have any queries regarding any of the information provided above, or would like some guidance with regard to implementing your research in a healthcare setting – please get in touch with BU’s Research Ethics team.

You can also take a look at the Clinical Governance blog for documents, links and training opportunities.

Excellent scientific paper by Dr. Alison Taylor

BU research, Featured academics, NHS, PG research, Publishing, Research news, Uncategorized, writing

Congratulations to Dr. Alison Taylor and her Ph.D. supervisors on the acceptance of the paper ‘’Scrutinised, judged and sabotaged’: A qualitative video diary study of first-time breastfeeding mothers’ by Midwifery (published by Elsevier) [1].  This is the second paper from Alison’s extremely interesting Ph.D. research, the first one was accepted late last year.  The first article ‘The therapeutic role of video diaries: A qualitative study involving breastfeeding mothers’ was accepted by the international journal Women & Birth  [2].  Alison is Senior Lecturer in Midwifery in the Centre for Midwifery, Maternal & Perinatal Health (CMMPH) and Infant Feeding Lead in the Faculty of Health & Social Sciences.  Her co-authors are Professor Emerita Jo Alexander, Prof. Edwin van Teijlingen (in CMMPH) and Prof. Kath Ryan based at the University of Reading.

 

 

 

Reference:

  1. Taylor, A.M., van Teijlingen, E., Ryan, K., Alexander, J.,  2019, Scrutinised, judged and sabotaged’: A qualitative video diary study of first-time breastfeeding mothers. Midwifery, 75: 16-23.
  2. Taylor, A.M., van Teijlingen, E., Alexander, J., Ryan, K., 2018, The therapeutic role of video diaries: A qualitative study involving breastfeeding mothers, Women and Birth, (online first) DOI. 10.1016/j.wombi.2018.08.160

 

Congratulations to Fairbairn, Tsofliou & Johnson

BU research, Publishing, Research news, Uncategorized, writing

Congratulations to BU’s Paul Fairbairn, Fotini Tsofliou and Andrew Johnson who together with former BU academic Simon Dyall (now at the University of Roehampton) published their latest paper in the journal Prostaglandins, Leukotrienes and Essential Fatty Acids . This scientific paper is called: ‘Combining a high DHA multi-nutrient supplement with aerobic exercise: Protocol for a randomised controlled study assessing mobility and cognitive function in older women‘.

Well done.

Prof. Edwin van Teijlingen

CMMPH

Research in the NHS – HR Good Practice Resource Pack updated

BU research, Clinical Governance, data management, Guidance, NHS, PG research, Research communication, Research Ethics, student research

Researchers from BU wishing to conduct their research within NHS premises will require the appropriate documentation. There is plenty of guidance available to guide researchers through these processes.

The Human Resources (HR) Good Practice Resource Pack has been reviewed and updated in light of the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR) which came into force in the UK on 25 May 2018.

The HR Good Practice Resource Pack describes the process for handling HR arrangements for researchers and provides a streamlined approach for confirming details of the pre-engagement checks they have undergone with the NHS.

Changes to the document include:

  1. Inclusion of a transparency notice, which informs and clarifies to the applicant the purpose of collecting their personal data, their rights relating to data processing, as well as fulfilling other GDPR transparency requirements.
  2. The data requested in the Research Passport application form has been minimised following discussion with Data Protection and Information Governance Officers and Human Resource experts.
  3. All references to the Data Protection Act 1998 have been updated to DPA 2018.

You can find all the updated documents here along with the RDS workflow here surrounding staffing and delegation.

Remember that there is guidance available at BU with regard to implementing your research in a healthcare setting. Take a look at the Clinical Governance blog for documents, links and training opportunities. You can also get in touch with BU’s Research Ethics team with any queries.

Research impact and the Research Excellence Framework (REF): an introduction

Impact, Research Training, Training, Uncategorized

The impact of your research directly affects BU’s ability to do more research.

Thursday 25th April 14:00 – 16:00 Talbot Campus

This session will explain why, providing a brief introduction to the Research Excellence Framework (REF) and exploring the impact element of the submission.

This session looks at how impact is defined for the purposes of the REF, what a good impact case study looks like, (and what a bad one features), how impact case studies are developed throughout the research lifecycle and what you need to think about ahead of the next REF submission.

The aims & objectives of this session are:

  • to examine the extent to which you are in a position to develop an impact case study for the REF
  • to explore how you can develop the impact of your research to ensure a strong submission for the next exercise

See the event details or more information and to book onto this session.

NIHR RDS Grant Applications Seminar & Support Event – 2 May 2019

BU research, Funding opportunities, NHS, pre-award

Are you planning to submit a grant application to NIHR?

We are holding a one-day event at the University of Bristol that is aimed at helping you to improve your chances of success.

The morning seminar session is open to anyone to come and hear Simon Goodwin, RfPB Programme Manager for the South West, and RDS advisers give presentations on what makes a good grant proposal. Topics covered will include:

  • what does the NIHR (and in particular RfPB) look for?
  • the application as a marketing document: selling the topic, selling the method, and selling the team
  • the team
  • clarity of description and explanation
  • feasibility issues
  • identifying and avoiding potential pitfalls.

The afternoon support session of one-to-one appointments is for those who would like to discuss their own proposal with an RDS adviser.

This event is FREE and refreshments and lunch will be provided. Places are limited and will be allocated on a ‘first come, first served’ basis. In order to secure your place please register using our online form by 1pm, 24 April 2019Find out more.

And don’t forget, your local branch of the NIHR RDS (Research Design Service) is based within the BU Clinical Research Unit (BUCRU) on the 5th floor of Royal London House. Feel free to pop in and see us, call us on 61939 or send us an email.

NIHR Clinical Research Network Portfolio

BU research, Clinical Governance, data management, NHS

Structure

The National Institute for Health Research (NIHR) is one of the largest funders of clinical research in Europe and have a number of funding streams that you can apply for in order to conduct health-related research. The NIHR then has a number of Clinical Research Networks or ‘CRNs’ that are spread out to each region of England. The local CRN is Wessex, based in Hedge End, Southampton.

The ‘Portfolio’

At the heart of CRN activities is the NIHR CRN Portfolio of studies. This consists of high-quality clinical research studies that are eligible for consideration for support from the CRN in England. Adoption onto the portfolio has a number of benefits for researchers, such as help in identifying potential research sites, access to patients and the public to carry out ‘PPI‘ and advice on recruitment strategy at any point during the study. The CRN offers support to researchers via their Study Support Service and likewise via each portfolio manager and their team. You can see a breakdown of each portfolio here on the Wessex CRN page.

The Portfolio and the NHS

Portfolio adoption is usually vital to participating NHS Trusts when considering the research studies they wish to undertake, as they are reimbursed for the resource given to conduct the study (e.g. research nurse support, data manager time).

Each CRN is given a budget for the financial year by the NIHR, which is then distributed to sites based on their recruitment figures.

Requirements

In order to be eligible for portfolio adoption, there are three criteria a study must meet:

  • The study must be ‘research’ (this is stipulated, as often what’s classed as research outside the NHS setting, is sometimes a service evaluation, quality improvement etc. within the NHS – see this table);
  • Have appropriate ethical approval; and Health Research Authority (HRA) Approval where required;
  • Have full research funding – this has to have been awarded via open competition and by the NIHR, other areas of central Government, or an NIHR non-commercial partner (for which there is a list). If the study has received support from multiple funders, then it will be still considered automatically eligible, if one of the funding streams is the NIHR, an area of central Government or a non-commercial partner.

You can read more about study eligibility here, including research funded by overseas partners.

The Portfolio and BU

The source of research funding is the principal determinant of eligibility for NIHR CRN support and so it is encouraged that researchers seek external funding where possible and appropriate, from the NIHR, another area of central Government or one of their non-commercial partners. The amount of funding doesn’t need to substantial in order to be eligible.

For any queries to do with the portfolio or for guidance regarding implementing your research in a healthcare setting, take a look at the Clinical Governance blog. You can also get in touch with BU’s Research Ethics team with any queries.

EDGE International Conference 2019 – CONNECTED

BU research, Clinical Governance, data management, Events, international, Knowledge Exchange, NHS, Research communication, Research Ethics, research integrity, Research news

BU takes responsibility for a large number of NHS-based research projects, spanning a number of clinical areas. To better support BU’s position as Sponsor for these studies, last August the university adopted the EDGE system. This allows us to better collaborate with our NHS colleagues and to ensure our research data is held in a secure and central location. Currently the system is being piloted within the Faculty of Health and Social Sciences for a year.

Last week the EDGE International Conference took place at The Vox Conference Centre in Birmingham, hosted by Fergus Walsh, the BBC’s Medical Correspondent, and organised by the Clinical Informatics Research Unit at the University of Southampton.

Over the two days we heard from speakers from across various organisations during breakouts, workshops and meet & greet sessions. Topics ranged from how to get the best out of the system’s features, using EDGE to connect with colleagues, and use of the system to improve the recording of study data and procedures. Given our implementation of EDGE, and the rarity of use by Universities, BU’s Clinical Governance Advisor, Suzy Wignall was invited to present on how BU has integrated the system.

Across the two days we likewise had keynote sessions, including talks from colleagues in New Zealand and Belgium where the system has been implemented. We also heard from parents of children who have been given access to life-saving research projects, improving their quality of life and health conditions, substantially.

The full agenda can be found here, with EDGE’s twitter feed here, showing photos from the event, and numerous tweets by colleagues.

For any guidance regarding implementing your research in a healthcare setting, take a look at the Clinical Governance blog or get in touch with BU’s Research Ethics team with any queries.

Introduction to Good Clinical Practice – 15th May 2019

BU research, Clinical Governance, data management, NHS, Research Ethics, research integrity, Research Training, Training

Are you interested in running your own research project within the NHS? Good Clinical Practice, or ‘GCP’, is a requirement for those wishing to work on clinical research projects in a healthcare setting.

GCP is the international ethical, scientific and practical standard to which all clinical research is conducted. By undertaking GCP, you’re able to demonstrate the rights, safety and wellbeing of your research participants are protected, and that the data collected are reliable.

The next GCP full day session is scheduled for Wednesday 15th May, at Bournemouth University, Lansdowne Campus (Bournemouth House) – 8:45am – 4:30pm.

The day will comprise of the following sessions:

  • Introduction to research and the GCP standards;
  • Preparing to deliver your study;
  • Identifying and recruiting participants – eligibility and informed consent;
  • Data collection and ongoing study delivery;
  • Safety reporting;
  • Study closure.

If you’re interested in booking a place, please contact Research Ethics.

Remember that support is on offer at BU if you are thinking of introducing your research ideas into the NHS – email the Research Ethics mailbox, and take a look at the Clinical Governance blog.

BU research website – new site coming this month

BU research

Over the last few months, M&C and RDS (formerly RKEO) have been working on a project to redevelop the research website and migrate its content into the main BU website.

The aims of the project are to revitalise some of our existing content, better profile our current research strengths and further support beneficial outcomes around our research from website visitors, including:

  • Additional research funding,
  • Collaboration and partnership,
  • Expanding international reputation,
  • Consultancy,
  • Expanding publishing and media coverage.

Members of the project team have visited Faculty Research & Professional Practice Committees / Faculty Research & Knowledge Exchange Committees across all faculties to share information and also gather feedback from academic staff.

The project began with a survey with over 90 academics to find out what they value about the existing research website, what they’d change and how we could better profile their research. We followed this up by working with each Deputy Dean for Research & Professional Practice to fully understand the requirements of all our faculties.

In addition to this, we explored examples of best web practice from around the world to identify the most effective ways of presenting complicated research-based information, such as universities and commercial technological research organisations.

We also broke down our overall research audience to identify the many objectives different classifications of people have in visiting our research content, and identifying how best to create a beneficial user experience for them.

Throughout the autumn and winter, the cross-departmental team have been creating, editing and migrating new and old content. This is being carried out in collaboration with our academic staff, who will have the opportunity to both advise on and sign off any content referencing their work. Once complete, the existing site will be archived so as not to lose any existing content.

The new web content is going live on Thursday 25 April, from which point, we’ll offer full support to any academic needing to update different parts of the research content, specifically Centre, Institute and project content. The existing Research Blog will not be affected by this project at this stage

If anyone has any questions about the project, please contact Dan Ford, M&C or Rachel Bowen, RDS.

EPSRC supporting flexible research careers

BU research, EPSRC, Guidance

EPSRC logoWhether you want to continue with existing university or external activities, have caring responsibilities or are returning from a career break, EPSRC is committed to provide support both as part of your initial application and should your situation change over the course of your grant. With this in mind, we welcome applications from academics who job share, have a part-time contract, or need flexible working arrangements.

Read EPSRC’s blog post on this topic to see what’s available to you as an applicant and existing grant holder.

In addition, EPSRC wish to ensure the support they offer is flexible in practice as well as in principle, and are interested to hear your views. Throughout April they will have a survey open where you can share your experiences of where their support has and has not worked for you and help them improve their guidance and policy. A separate survey is available for students.