Root Cause Analysis to Improve Incident Reporting in an Ambulatory Care Setting

Problem: The subject organization (SO) is a Federally Qualified Health Center (FQHC) with an internally developed incident reporting system. The SO wanted to improve patient and employee safety using data from incident reports, but the incident reporting system did not give enough information to recognize patterns and develop countermeasures. Context: Supervisors welcomed the opportunity to learn more about incident report follow-up and conducting root cause analysis (RCA). Members of the Safety Committee were eager for data to use to develop countermeasures to improve patient and employee safety. Decreases in employee injuries can save the SO from increases in the cost of worker’s compensation coverage, so the SO leadership supported the project. The organization is covered by the Federal Tort Claims Act (FTCA) for malpractice insurance, but there is always a cost to preparing a defense against claims, so the Chief Financial Officer was supportive of a project that could reduce the chance of claims. Interventions: The project was conducted in three stages. The first stage was to design a data collection tool for supervisors to use to guide incident report follow-up and document RCA. The second stage was to conduct training sessions for supervisors to teach them about organizational fairness, using a human-factors approach to evaluate incidents, how to conduct an investigation, and how to perform RCA. The third step was to send the data collection tool to supervisors to collect additional information about incidents. The data were extracted from the completed tools and presented to the Safety Committee. Measures: The project measured effectiveness of the class in increasing confidence with doing RCA and conducting IR follow-up. The project also measured the effectiveness of the class in training supervisors to use the data collection tool correctly. A third measure was whether the training and use of the tool improved the rate of RCA documentation in IRs when it was assigned to supervisors. Results: The emphasis of the class training shifted due to the need to do remedial incident report training with the supervisors, therefore completion of the data collection tool was de-emphasized. Of the returned responses, most (95.7% for general incident and 98.4% for employee incident) respondents completed the section requesting an analysis of accident causes. Just over half of the respondents (54.3% and 51.6%) completed the analysis of workflow variance, and few (17.4% and 20.3%) provided a root cause. The comfort level with collecting additional information after an incident increased 24.9% and the agreement with understanding how to conduct RCA increased 46.5%. The completion rate of RCA documented in the IRs themselves increased slightly from 61.5% in the 24-week period before the intervention to 67.9% in 24-week intervention period. Conclusions: While the project has not yet provided a direct benefit to the SO by producing countermeasures for incidents, the work done by the project lead and the Senior Vice President and General Counsel (SVPGC) will enable the SO to improve the incident reporting system. The project implies that more training is needed for supervisors to conduct follow-up investigations and to do RCA after an incident. The findings also imply that the organization needs to spread a culture of safety to all departments and to all levels. In addition to improving patient care by decreasing errors, establishing a culture of organizational fairness and safety may support other quality improvement efforts and help with employee retention

UNDERSTANDING CRIMINOLOGICAL THEORIES AS A TOOL FOR CRIME PREVENTION

The story of Adam and Eve shows that there was a law (not to eat the fruit from the tree of good and evil). The consequence or punishment would be death as stated by God, while the benefit was ‘to be like God’ according to Satan. Therefore, the choices were either to receive a punishment or a benefit. Eve then chose the latter. This may reflect how one foreign theory of crime causation (rational choice theory) works, especially when it comes to crimes and punishments. A person would weigh the costs and benefits and decides according to his/her belief, judgment and conviction. In the local setting, a recent incident showed a preliminary applicability of one of the theories of crime causation, specifically, the rational choice theory (RCT) in the Philippine setting. It was when a relieved security guard turned into a hostage taker

Failure Analysis in Next-Generation Critical Cellular Communication Infrastructures

The advent of communication technologies marks a transformative phase in critical infrastructure construction, where the meticulous analysis of failures becomes paramount in achieving the fundamental objectives of continuity, security, and availability. This survey enriches the discourse on failures, failure analysis, and countermeasures in the context of the next-generation critical communication infrastructures. Through an exhaustive examination of existing literature, we discern and categorize prominent research orientations with focuses on, namely resource depletion, security vulnerabilities, and system availability concerns. We also analyze constructive countermeasures tailored to address identified failure scenarios and their prevention. Furthermore, the survey emphasizes the imperative for standardization in addressing failures related to Artificial Intelligence (AI) within the ambit of the sixth-generation (6G) networks, accounting for the forward-looking perspective for the envisioned intelligence of 6G network architecture. By identifying new challenges and delineating future research directions, this survey can help guide stakeholders toward unexplored territories, fostering innovation and resilience in critical communication infrastructure development and failure prevention

Development of Incident Response Playbooks and Runbooks for Amazon Web Services Ransomware Scenarios

In today’s digital landscape, enterprises encounter myriad cybersecurity challenges that jeopardize their critical digital assets. Modern cyber threats have evolved drastically, adapting to the proliferation of cloud technologies that drive organizations towards platforms like AWS that offer convenience, cost-reduction, and reliability. However, this transition introduces new security risks because threat actors are motivated to craft and deploy advanced malware explicitly targeting the cloud. Ransomware emerged as one of the most impactful and dangerous cyber threats, still in 2023, encrypting data and demanding payment (usually in untraceable tokens) for the decryption key. Confidentiality, integrity, and availability of cloud assets stand perpetually vulnerable, and sometimes, unprepared businesses suddenly hit by ransomware cannot find a way out. Besides financial loss and operation disruption, the breach of sensitive information compromises trust, leading to reputational damage that's hard to mend. Corporations are urged to develop robust defensive strategies to identify, contain, and recover from ransomware and other cloud threat exploitation. Traditional cybersecurity approaches must rapidly reshape to manage emerging menaces. Hence, they require new specialized and well-structured incident response plans to become the bedrock of the security tactics. This thesis dives into the complexities of designing and implementing accurate incident response Playbooks and Runbooks, focusing on handling the common danger of ransomware, especially within Amazon Web Services (AWS). This research journey is strictly connected to the real-world context, resulting from a six-month internship within Bynder, a digital asset management leader company. This experience culminated in conceptualizing the step-by-step procedures against ransomware incidents in cloud infrastructures, improving communication, and coordinating actions during high-pressure situations

Early warning characteristics of monitoring and evaluation systems on the "functionality" of municipal service delivery processes

Thesis (Ph.D.)--University of the Witwatersrand, Faculty of Commerce, Law and Management, Wits School of Governance, 2017Since 1994, the new democratically elected government has embarked on a series of massive initiatives, policies and programmes to improve municipal service delivery performance. Municipalities are, however, still incapable of fulfilling their designated service delivery mandate. The preliminary study of this research discovered that the current municipal monitoring and evaluation (M&E) systems, although they are legislated to serve as an early warning system (EWS), do not have essential components of an EWS and, as a result, cannot alert key players and stakeholders of developing problematic trends in municipal service delivery processes. The research examined the extent to which the current M&E system of the City of Johannesburg contains the components of an EWS. The purpose is to design and propose a model of M&E system that can serve as an EWS and enable municipalities to receive advance information about potential problems, and then to implement the necessary corrective interventions. Using a qualitative and a casestudy methodology, data were collected through observation, interviews, focus-group discussions (FGDs) and documentary study. Root cause, thematic analysis and data categorisation were used to analyse data. The findings indicate that early warning signals exist and are noticed by some officials and staff, but no mechanism or budget exists to enable them to use the knowledge (i.e., no EWS exists). An important original finding this study makes is that one of the root causes of municipal problems is the state of alienation municipal workers and managers across race and class experience, which results in silo mentality of workers, departments and sectors, and fragmentation throughout planning, functionalities, information and knowledge, as the effects of alienation on municipal performance have not been in the local government discourse. Conceptually, it argues that the M&E concept and framework need to be re-designed to encompass and build-in the concept of EWS, and, in turn, proposes a model of proactive M&E (pM&E), i.e., an M&E system integrated with EWS components, and therefore serves as an EWS. Moreover, it also suggests that concept and approach of the Weak Signals Theory (WST) is applicable in an M&E framework, but would be hard to use in “municipal” M&E systems, for three reasons: capacity constraint, political, and the multi-sectorial nature of the municipal system. ■ ii KEY WORDS Local government, Municipal service delivery processes, Municipal service delivery challenges, Monitoring and Evaluation (M&E), pM&E (proactive M&E), eM&E (M&E system integrated with EWS components and therefore serves as an EWS), Early Warning System (EWS), Weak Signal Theory, Alienation, Alienation in local government contextGR201

Early warning characteristics of monitoring and evaluation systems on the "functionality" of municipal service delivery processes

Thesis (Ph.D.)--University of the Witwatersrand, Faculty of Commerce, Law and Management, Wits School of Governance, 2017Since 1994, the new democratically elected government has embarked on a series of massive initiatives, policies and programmes to improve municipal service delivery performance. Municipalities are, however, still incapable of fulfilling their designated service delivery mandate. The preliminary study of this research discovered that the current municipal monitoring and evaluation (M&E) systems, although they are legislated to serve as an early warning system (EWS), do not have essential components of an EWS and, as a result, cannot alert key players and stakeholders of developing problematic trends in municipal service delivery processes. The research examined the extent to which the current M&E system of the City of Johannesburg contains the components of an EWS. The purpose is to design and propose a model of M&E system that can serve as an EWS and enable municipalities to receive advance information about potential problems, and then to implement the necessary corrective interventions. Using a qualitative and a casestudy methodology, data were collected through observation, interviews, focus-group discussions (FGDs) and documentary study. Root cause, thematic analysis and data categorisation were used to analyse data. The findings indicate that early warning signals exist and are noticed by some officials and staff, but no mechanism or budget exists to enable them to use the knowledge (i.e., no EWS exists). An important original finding this study makes is that one of the root causes of municipal problems is the state of alienation municipal workers and managers across race and class experience, which results in silo mentality of workers, departments and sectors, and fragmentation throughout planning, functionalities, information and knowledge, as the effects of alienation on municipal performance have not been in the local government discourse. Conceptually, it argues that the M&E concept and framework need to be re-designed to encompass and build-in the concept of EWS, and, in turn, proposes a model of proactive M&E (pM&E), i.e., an M&E system integrated with EWS components, and therefore serves as an EWS. Moreover, it also suggests that concept and approach of the Weak Signals Theory (WST) is applicable in an M&E framework, but would be hard to use in “municipal” M&E systems, for three reasons: capacity constraint, political, and the multi-sectorial nature of the municipal system. ■ ii KEY WORDS Local government, Municipal service delivery processes, Municipal service delivery challenges, Monitoring and Evaluation (M&E), pM&E (proactive M&E), eM&E (M&E system integrated with EWS components and therefore serves as an EWS), Early Warning System (EWS), Weak Signal Theory, Alienation, Alienation in local government contextGR201

Identity crimes in the UK: An examination of the strategies employed by front-line practitioners in the public and private sector to detect, prevent and mitigate against this crime

Identity related crimes are becoming increasingly prevalent in modern society. It is a crime type that concerns and impacts governments, private institutions and consumers worldwide. The aim of this research was to provide a better insight into how this crime is perceived by government and commercial institutions in the UK (including their views on offenders and victims), to review the processes employed by the public and private sector to assess risk and develop mitigation and prevention strategies and, in doing so, to discover how the most prominent criminological theories contribute to these efforts. Its final aim was to examine the current state and effectiveness of the collaborations and partnerships which have been developed across the public/private sector spectrum to understand and combat this crime. The methodology employed to undertake this research was based on conducting interviews with the key identity fraud and crime practitioners within major public and private organisations. Qualitative research was used in order to generate as much information as possible to form ideas. In addition, documents were also examined to complement the data collected from interviews. The researcher, due to previous employment within the UK financial sector dealing payment fraud, was ideally placed to access, and generate participation across government, law enforcement and other commercial organisations. The study highlights the current thinking and approaches by front-line identity crime prevention practitioners in defining, perceiving, measuring, policing, detecting, preventing and mitigating identity crime. It also highlights how heavily existing situational crime prevention techniques are being used to combat this issue and how they are complemented by partnership approaches and, most importantly, data-sharing which is widely accepted by practitioners as being a vitally effective tool in dealing with this issue. Problems exist in the majority of these areas with the central concern being the lack of leadership from the government in taking ownership of this insidious and escalating crime type which creates commercial and individual victims but also significantly, enables serious crimes such as human and drug trafficking and terrorism. Equally pressing is the need for the commercial sector, instead of treating identity crime as a phenomenon to be denied or ignored (or as one which needs to be accepted as a cost of doing business) to improve data sharing, strengthen its defences and review its approach to the treatment and support of victims

Resistance commons : file-sharing litigation and the social system of commoning

textThis dissertation is an investigation into the practice of peer-to-peer file-sharing and the litigation campaign targeting individual file-sharers carried out by the Recording Industry Association of America (RIAA) from 2003 to 2008. The competing conceptualizations of social relations which motivate the conflict over peer-to-peer file-sharing are explored using a combination of Autonomist Marxist theory and structuration theory. Peer-to-peer file-sharing is framed as part of the social system of commoning stemming from the recent ascendancy of immaterial labor within that sector of the economy dedicated to the production and distribution of informational and cultural goods. The RIAA litigation campaign is framed as a reaction to the emergence of new forms of social relations which are seen by the content-producing industries as subversive of revenue streams premised on commodity exchange in informational and cultural goods. The history of the RIAA litigation campaign is presented in detail with careful attention given to those instances in which defendants and other interested parties fought back against RIAA legal actions. The acts of resistance within the legal arena affected the ultimate potential of the litigation campaign to control the spread of file-sharing activities. Subsequent legal campaigns which have been based on the RIAA litigation model are also examined. These later file-sharing cases have been met with similar forms of resistance which have likewise mitigated the impact of legal efforts to combat file-sharing. In addition, a survey of file-sharers is included in this research as part of an attempt to understand the relationship between legal actions targeting peer-to-peer systems and individual file-sharers and the technological and social development of peer-to-peer systems. This research argues that file-sharing litigation has proven ineffective in turning back the flood of file-sharing and may have increased the technological sophistication and community ties among file-sharers. In the end, the conflict over peer-to-peer file-sharing is cast as a manifestation of a larger dynamic of capitalist crisis as content-producing industries attempt to come to terms with the contradictory tendencies of immaterial labor and the production of common pools of digital resources.Radio-Television-Fil

Identifying the critical success factors to improve information security incident reporting

There is a perception amongst security professionals that the true scale of information security incidents is unknown due to under reporting. This potentially leads to an absence of sufficient empirical incident report data to enable informed risk assessment and risk management judgements. As a result, there is a real possibility that decisions related to resourcing and expenditure may be focussed only on what is believed to be occurring based on those incidents that are reported. There is also an apparent shortage of research into the subject of information security incident reporting. This research examines whether this assumption is valid and the potential reasons for such under reporting. It also examines the viability of re-using research into incident reporting conducted elsewhere, for example in the healthcare sector. Following a review of what security related incident reporting research existed together with incident reporting in general a scoping study, using a group of information security professionals from a range of business sectors, was undertaken. This identified a strong belief that security incidents were significantly under-reported and that research from other sectors did have the potential to be applied across sectors. A concept framework was developed upon which a proposal that incident reporting could be improved through the identification of Critical Success Factors (CSF’s). A Delphi study was conducted across two rounds to seek consensus from information security professionals on those CSF’s. The thesis confirms the concerns that there is under reporting and identifies through a Delphi study of information security professionals a set of CSF’s required to improve security incident reporting. An Incident Reporting Maturity Model was subsequently designed as a method for assisting organisations in judging their position against these factors and tested using the same Delphi participants as well as a control group. The thesis demonstrates a contribution to research through the rigorous testing of the applicability of incident reporting research from other sectors to support the identification of solutions to improve reporting in the information security sector. It also provides a practical novel approach to make use of a combination of CSF’s and an IRMM that allows organisations to judge where their level of maturity is set against each of the four CSF’s and make changes to strategy and process accordingly