the WISDOM centre  

Advanced Informatics Course

Advanced Course in Health Informatics

The advanced course is for those who have a firm grasp of the basics of health informatics. The course introduces more advanced aspects of software packages and addresses some other issues of importance to NHS staff.

These are the course units

1. Unit 1: Advanced Searching
2. Unit 2: Advanced Wordprocessing
3. Unit 3: Advanced Spreadsheets
4. Unit 4: Clinical Decision Making
5. Unit 5: Reference Manager
6. Unit 6: Miquest
7. Unit 7: Security
8. Unit 8: SPSS
9. Unit 9: Advanced PowerPoint

See below for a sample.

The method of study is entirely on-line and you can work at your own pace. In each chapter there are exercises enabling you to try out your new skills.

The cost for an individual registration is £250.00. Group rates can be agreed by negotiation. NHS staff may apply to their local Workforce Development Confederation for funding to study this course.

To register for the course, please send an e-mail to WISDOM Course Registration giving your name and e-mail address.

This is a small sample of material from the WISDOM advanced informatics course

Security, Firewalls and Viruses

By Dr Trefor Roscoe

Contents

• NHSnet security
• Social engineering
• Firewalls
• Viruses
• Reflective exercises
• References and further reading

An inevitable consequence of moving sensitive information and its processing from paper to computers is an increase in the motivation for criminal acts to be perpetrated on computers. With the connection of computers to networks and to the Internet, the number of people who are in a position to attack a particular system has grown immensely.

When considering security it is best to assume that attacks will happen and put in place means of detecting and acting on those attacks. There is a clear trend of computers and software becoming more homogeneous: almost all desktop machines use a version of MS Windows running one of two Web browsers (i.e. Netscape or Internet Explorer) and most likely using MS Outlook for reading e-mail. If an attacker finds a way to break into one of these systems, a great many users become potential victims.

NHSnet security

As computers become more complex, the number of possible opportunities for attack increases. Some weaknesses are due to human error in construction of the system, its operation, or maintenance. These failings can be minimised but not eliminated and it must be accepted that there is no such thing as a guaranteed secure system. When data is transferred across the Internet, it passes through a great many computers en-route to its destination. Users have little or no control over who owns or runs the routing computers. The NHS attempted to overcome this by setting up a secure private network, NHSnet. This however was not a complete solution and was much criticised (Roscoe and Wells, 1999) at the time of its inception. What is certain is that there is little to stop owners of the intervening computers from reading, storing, and even altering the contents of the information passing through their machines. Often passwords to allow users to log onto remote computers are transferred across the Internet in a form readable on an intervening computer. The solution is to encrypt the information, the process of altering data into a form that is only understandable by those authorised to read it. The NHS will be implementing encryption in the near future.

One of the problems faced by many considering computer security is an appreciation of what the potential weaknesses could be. For physical security, everyone knows that locks can be picked, windows can be broken, guards can be bribed, and that people leave office doors unlocked when they pop out because it is convenient. It is usually much harder with computer security for people to imagine where the weak points might lie. Physical security is as important in General Practice as any considerations of technical security issues which are usually dealt with by system suppliers or by PCT experts.