From usability to secure computing and back again

Secure multi-party computation (MPC) allows multiple parties to jointly compute the output of a function while preserving the privacy of any individual party’s inputs to that function. As MPC protocols transition from research prototypes to realworld applications, the usability of MPC-enabled applications is increasingly critical to their successful deployment and widespread adoption. Our Web-MPC platform, designed with a focus on usability, has been deployed for privacy-preserving data aggregation initiatives with the City of Boston and the Greater Boston Chamber of Commerce. After building and deploying an initial version of the platform, we conducted a heuristic evaluation to identify usability improvements and implemented corresponding application enhancements. However, it is difficult to gauge the effectiveness of these changes within the context of real-world deployments using traditional web analytics tools without compromising the security guarantees of the platform. This work consists of two contributions that address this challenge: (1) the Web-MPC platform has been extended with the capability to collect web analytics using existing MPC protocols, and (2) as a test of this feature and a way to inform future work, this capability has been leveraged to conduct a usability study comparing the two versions ofWeb-MPC. While many efforts have focused on ways to enhance the usability of privacy-preserving technologies, this study serves as a model for using a privacy-preserving data-driven approach to evaluate and enhance the usability of privacy-preserving websites and applications deployed in realworld scenarios. Data collected in this study yields insights into the relationship between usability and security; these can help inform future implementations of MPC solutions.Published versio

Information infrastructure governance and windows of opportunity

This document reinterprets C. P. Snow’s famous “Two Cultures” (the so-called “literary elite” and scientists) lecture of 1959, in light of advances in information systems in the past fifty years. While Snow referred to specific groups, his analysis is generalizable: cultural groups differentiate through lack of communication. Here Snow’s analysis and advice are applied to a different pair of “cultures”(IT purveyors and IT users) as an example of his general principles. At a time of great unease about terrorism in the face of apparently relentless technological advance – analogous to Snow’s speech at the height of the Cold War—and also during a time of (then) apparently dramatic technological advance, the lessons Snow derived can now apply usefully to today’s specific “two cultures” case

Perceptions of Chief Information Officers Who Have Managed Information Technology both Outside and Inside Higher Education

This study was conducted to examine perceptions about information technology management of Chief Information Officers (CIOs) in higher education who have previously worked outside that environment. Participants from the University System of Georgia and from universities in the Southern Regional Education Board were interviewed. They had a variety of backgrounds outside higher education, including corporate, military, not-for-profit, and small business. Participants in the study identified challenges related to diversity of students and faculty; the demand by students for leading-edge technology; academic culture; accountability; funding levels and methods; information security; the lack of a bottom line; the decision-making process; and human resources management. Most of these challenges were perceived to be unique to the higher education environment. They affected the IT management practices of participants by making the environment more complex, and increasing requirements for communication and collaboration. However, participants were satisfied with their choice to move into higher education. The researcher concluded that CIOs are subjected to many pressures in the complex and diverse higher education environment. These include diverse needs for technology among faculty and students, an atmosphere that lacks accountability for decisions, and restrictions on funding levels and methods. The environment also lacks a strong goal-setting mechanism that would help CIOs to deal with these pressures, so decision making in higher education is a time-consuming and labor-intensive process. The combination of conflicting factors is unique to the higher education environment, but similar across four-year institutions. To be effective, CIOs establish strong partnerships and communicate with key stakeholders frequently. Despite the pressures, CIOs perceive value in the mission and outcomes of their institutions and are generally satisfied with their work. A CIO considering a move into the higher education environment should consider environmental challenges carefully to determine if the CIO can accept those challenges. This results of this study have implications for IT practitioners in higher education, CIOs who are considering moving into the higher education environment, and senior administrators who manage or interact with a CIO in higher education

Suicidality and divalproex sodium: analysis of controlled studies in multiple indications

<p>Abstract</p> <p>Background</p> <p>Recent analyses of antiepileptic drugs have indicated an increase in the risk of suicidality. The objective of this report was to provide clinical information and an independent meta-analysis of divalproex sodium and suicidality events by analyzing data from 13 placebo-controlled studies and 1 low-dose controlled study.</p> <p>Methods</p> <p>Adverse events considered to be possibly suicide related were identified using the Columbia Classification Algorithm of Suicide Assessment (C-CASA) methodology. Indications included epilepsy, bipolar disorder, migraine prophylaxis, impulsive aggression, and dementia. Narratives were produced for every event, and suicidality event ratings were performed by a third party blinded to treatment assignment. Statistical analyses were conducted using methodology similar to that reported by the US Food and Drug Administration (FDA).</p> <p>Results</p> <p>Suicidality events were identified in 5 of the 13 placebo-controlled studies. Of the 1,327 (0.83%) subjects taking divalproex sodium, 11 had suicidality events: 2 suicide attempts and 9 suicidal ideation. Of 992 (0.91%) subjects taking placebo, 9 had suicidality events: 1 preparatory act toward suicide, 2 suicide attempts, and 6 suicidal ideation. Across placebo-controlled studies, the overall estimated odds ratio (OR) of suicidal behavior or ideation was 0.72 (95% CI 0.29 to 1.84). The OR for suicidal behavior was 0.37 (95% CI 0.04 to 2.58), and the OR for suicidal ideation was 0.90 (95% CI 0.31 to 2.79).</p> <p>Conclusions</p> <p>In this meta-analysis, divalproex sodium does not appear to increase the risk of suicide-related adverse events relative to placebo in the populations studied. Clinicians should nonetheless remain vigilant in assessing suicidality, not only in patients treated for mental disorders with inherently high suicide risk, but also in patients taking antiepileptic medications.</p

Leveraging IT for Business Innovation: Does the Role of the CIO Matter?

The evolving role of Information Technology (IT) in business innovation places increasing emphasis on the role of the Chief Information Officer (CIO). Yet, the role of the CIO in business innovation is understudied in the extant literature. Drawing on organizational theory of boundary spanning leadership, we posit that the CIO’s cross-functional role pertaining to entities and functions outside the IT organization help explain the firm’s propensity for IT-enabled business innovation. Our large-sample empirical analysis of U.S. firms largely supports our theoretical propositions. We empirically find that IT-enabled business innovation is more likely when the CIO reports to the Chief Executive Officer, has more interactions with the firm’s customers and is more involved in new product development. This study contributes to our understanding of the role of the CIO in IT-enabled business innovation and provides implications for practice

Enterprise information technology organizational flexibility : managing uncertainty and change

Chief Information Officers (CIOs) lead enterprise information technology organizations (EITOs) in today\u27s dynamic competitive business environment. CIOs deal with external and internal environmental changes, changing internal customer needs, and rapidly changing technology. New models for the organization include flexibility and suggest that CIOs should create and manage an enterprise IT organization that is more flexible in order to manage change and prepare for uncertainty, but they do not define what is meant by flexibility. The first objective of this exploratory and ethnographic research study was to understand how uncertainty and unexpected change are currently managed by CIOs. The second was to develop a systematic definition of enterprise IT organizational flexibility, The third was to explore the potential value of a proposed \u27enterprise IT organizational flexibility framework\u27 to be used by CIOs to better manage uncertainty and unexpected change. Rich research data was collected in an exploratory ethnographic study from in-depth interviews with twenty CIOs. These participants included a diverse representation from large to small enterprises, different industries, and with a variety of IT education and functional enterprise experiences. The conclusions from this study included a clearer understanding of the CIO\u27s leadership role when managing uncertainty and unexpected change, a definition of enterprise IT organizational flexibility with three aspects: anticipation, agility, and adaptability, and a framework for enterprise IT organizational flexibility assessment and development

Information Outlook, May 2001

Volume 5, Issue 5https://scholarworks.sjsu.edu/sla_io_2001/1004/thumbnail.jp

Exploring Strategies for Successful Implementation of Electronic Health Records

Adoption of electronic health records (EHR) systems in nonfederal acute care hospitals has increased, with adoption rates across the United States reaching as high as 94%. Of the 330 plus acute care hospital EHR implementations in Texas, only 31% have completed attestation to Stage 2 of the meaningful use (MU) criteria. The purpose of this multiple case study was to explore strategies that hospital chief information officers (CIOs) used for the successful implementation of EHR. The target population consists of 3 hospitals CIOs from a multi-county region in North Central Texas who successfully implemented EHRs meeting Stage 2 MU criteria. The conceptual framework, for this research, was the technology acceptance model theory. The data were collected through semistructured interviews, member checking, review of the literature on the topic, and publicly available documents on the respective hospital websites. Using methodological triangulation of the data, 4 themes emerged from data analysis: EHR implementation strategies, overcoming resistance to technology acceptance, strategic alignment, and patient wellbeing. Participants identified implementation teams and informatics teams as a primary strategy for obtaining user engagement, ownership, and establishing a culture of acceptance to the technological changes. The application of the findings may contribute to social change by identifying the strategies hospital CIOs used for successful implementation of EHRs. Successful EHR implementation might provide positive social change by improving the quality of patient care, patient safety, security of personal health information, lowering health care cost, and improvements in the overall health of the general population