introduction: programs must demonstrate that their residents are taught and assessed in professionalism. most programs struggle with finding viable ways to teach and assess this critical competency. uthscsa family and community medicine residency developed an innovative option for interactive learning and assessment of residents in this competency which would be transferrable to other programs ...

The key threat to information security is constituted by careless employees who do not comply with information security policies. To ensure that employees comply with organizations’ information security procedures, a number of information security policy compliance measures have been proposed in the past. Prior research has criticized these measures as lacking theoretically and empirically grou...

abstract This article briefly reviews two important goals in online education: interaction and presence. These are important goals in online education because they are linked to learning and motivation to learn. The article provides guidelines and an extended example of how to design an online course in information security in a manner that will enhance interaction and presence. This article's ...

Purpose – In methods and manuals, the product of an information security incident’s probability and severity is seen as a risk to manage. The purpose of the test described in this paper is to investigate if information security risk is perceived in this way, if decision-making style influences the perceived relationship between the three variables and if the level of information security expert...

Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, security experts often find it difficult to determine IT risks reliably with precision. In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches. Our ex...

End users activities in social media lead to regular changes in the overall privacy impact because they continually encounter or meddle in all forms of private data associations. Users are exposed to regular changes in risk level as a result of regular updates. To keep an overview over risk exposure, privacy risk assessments, in theory, should be re-done upon every update in a user’s network. E...

This paper explores the idea that IT security risk assessment can be formalized as an argumentation game in which assessors argue about how the system can be attacked by a threat agent and defended by the assessors. A system architecture plus assumptions about the environment is specified as an ASPIC argumentation theory, and an argument game is defined for exchanging arguments between assessor...

Recently, a novel approach towards semi-quantitative IT security risk assessment has been proposed in the draft IEC 62443-3-2. This approach is analyzed from several different angles, e.g. embedding into the overall standard series, semantic and methodological aspects. As a result, several systematic flaws in the approach are exposed. As a way forward, an alternative approach is proposed which ...

Introducrion: Self and peer assessment provides important information about the individual’s performance and behavior in all aspects of their professional environment work. The aim of this study is to evaluate the professional behavior and performance in medical students in the form of team based assessment.Methods: In a cross-sectional study, 100 medical students in the 7th yearof education we...