Our board of trustees is being given a boost with the appointment of three new people, bringing with them a diverse set of skills which will help to strengthen Jisc and ultimately the education and research sectors.
Professor Liz Barnes, vice-chancellor and chief executive at Staffordshire University, will contribute her knowledge and passion for the student experience – a subject that she’s been bringing to audiences all over the world for the last nine years.
Liz said:
“Having recently become vice-chancellor at Staffordshire University I am delighted to be joining the board at Jisc.
In Staffordshire we have delivered computing degree programmes for over 50 years and we are currently moving all of our data to the cloud. We are aspiring to be a digitally led university which is dependent on services such as those provided through Jisc.
Jisc has been a part of our digital solutions in higher education for most of my career and is central to our future providing the networks, connectivity and the ‘know-how’. I am sure that Jisc will continue to play a lead role in visioning and supporting the changes in higher education as technologies impact on delivery and I am privileged to support the ongoing development and provision of this service.”
Susan Bowen is vice-president and general manager at Cogeco Peer 1. She has experience of leading organisational change, implementing new business models and has sat on boards for organisations ranging from the Department for Business, Innovation and Skills to TechUK. Susan was recently recognised in CRN UK’s Top 50 Most Influential Women.
Susan said:
“I am delighted to have the opportunity to be part of the Jisc team and I will bring my 25 years of experience in the technology industry to the table. I believe that Jisc is uniquely positioned to lead the conversation about digital transformation and my aspiration is that Jisc elevates itself to become the digital backbone behind economic growth and innovation in the UK.”
Rob McWilliam was previously vice-president of consumables at Amazon UK and was formerly finance director of ASDA. He will bring his experience of developing strategy in the technology and consumer sectors.
Rob said:
“These are exciting times to be in the digital revolution in education. Jisc plays a vital role in ensuring the UK sector continues to lead the world, and provides the digitally ‘native' talent our country will need in the decades ahead.”
David Maguire, Jisc chair and vice-chancellor at the University of Greenwich said:
“Susan, Liz and Rob bring exceptional experience and capability into the Jisc organisation. I am sure they will be able to help the UK keep its position as a front runner in global education and research.
I’m excited about working with people of such high calibre and seeing what they will add to the Jisc board.”
via Jisc news
Bett is the world’s largest education technology event. This year, as to be expected, it did not disappoint, with some very exciting talks and lots of great new products and technologies. In our podcast we chat to Martin Hamilton, our futurist, who shares the best of Bett. You can also read the accompanying blog post.
via Jisc news
Now is the time to closely examine whether ‘challenger institutions’ are really providing students with an alternative choice. The Higher Education and Research Bill proposes a radical change in the regulatory architecture of higher education. Hear our response to the Bill as we look at a changing HE landscape and what this means for the sector. Read more in the accompanying blog post.
via Jisc news
There are a range of key strands in education policy across the UK, focusing on the need to widen participation and ensure that everyone has equal access to educational opportunities. Julia Taylor, subject specialist in accessibility and inclusion, explains our role to deliver inclusive practice. Read the accompanying blog post.
via Jisc news
As part of delivering on the vision of a UK national digital library, Jisc and OCLC announce a partnership to build a new shared service that will aggregate academic bibliographic data at scale, improving library collection management and resource discovery for students and researchers.
Today Jisc announced that OCLC, the global library cooperative, has been awarded the contract to develop a new national bibliographic knowledgebase (NBK).
The NBK, originally proposed in our national monograph strategy, will support the learning and research needs of the UK higher education community. The vision is to extend the capabilities of the current Copac service, by investing in technology that can ingest diverse library data at higher speed and greater volume. The new service will enable a shift in the way that libraries manage their print and digital collections and in the ways that people access those resources.
“This exciting collaborative partnership is an important part of building a national digital library for the UK,”
explains Neil Grindley, head of resource discovery at Jisc.
"The NBK will be a genuine knowledgebase combining information from various sources to tackle the collection management challenges facing UK academic institutions. The building of this system will be a shared community endeavour.
We are working closely with Research Libraries UK (RLUK), the Society of College, National and University Libraries (SCONUL), the British Library, individual representatives from academic libraries, publishers, licensing organisations and service providers to try and really think through how to realise transformational change.”
Neil Wilson, head of collection metadata at the British Library, commented on their involvement:
“With its aim of combining new technology, rich metadata assets and the collective experience of leading library community members, the national bibliographic knowledgebase fits perfectly with the British Library’s strategic objectives for effective collaboration.”
The library community is grappling with two core challenges as budgets come under threat. Firstly, the need to make important decisions about the ongoing management of their print and digital book collections. Secondly, to ensure that researchers and learners have sustainable and convenient access to digital books
The NBK is regarded as a key element in the delivery against these issues, providing a source of information that libraries can confidently rely upon when making decisions about the future of the resources that they manage and make accessible.
Supported by WorldCat, the world’s largest aggregation of library data, the project is due to start in January 2017, with launch of a beta service projected in January 2018.
Speaking on behalf of OCLC, Eric van Lubeek, vice president, managing director OCLC Europe, Middle East and Africa (EMEA) and Asia Pacific (APAC) said:
“We are simply delighted to be partnering with Jisc for the development of the NBK. We know the importance of this project to UK academia and will seek to engage the whole community. This change will increase the quality and comprehensiveness of information across the whole UK bibliographic ecosystem.
The mechanisms in place as part of the NBK will enable shared bibliographic metadata to flow into WorldCat and other systems, such as global search engines. Libraries around the world are looking forward to being able to easily locate material from the rich collections of UK academic institutions.
The NBK will also interoperate with a number of sources to describe where books are kept, in what formats and under what conditions they are available to be used. Going forward we will build on our collaborative approach to integrate this service with additional discovery, analysis and management tools, including WorldShare Management Services.”
Commenting on OCLC’s appointment, Grindley continues:
“OCLC was selected because they are uniquely positioned to connect library data hubs at scale to the global network. OCLC is built on collaboratively making knowledge sharable and reusable by all contributing libraries and organisations that support discovery and enhancement of that information.
OCLC is also a known quantity in this area as they are already a provider of national and regional bibliographic infrastructure in a number of countries, including in Australia, France, Germany, Switzerland and the Netherlands.”
via Jisc news
In a new report, Rebooting Learning for the Digital Age, published by the Higher Education Policy Institute (HEPI), Jisc's chief executive Paul Feldman, with Sarah Davies and Joel Mullan, calls on university leaders to embrace new technology to meet the challenges faced by the higher education sector.
The report reviews best practice around the world to show how technology is benefiting universities and students through better teaching and learning, improved retention rates and lower costs:
In the US, curriculum redesign using technology-enhanced learning produced better student outcomes in 72% of projects and average savings of 31%; in Australia, the University of New England reduced student drop-out rates from 18% to 12% via learning analytics; and in the UK at Nottingham Trent University, 81% of first-year students increased their study time after seeing their own engagement data.
Paul Feldman, chief executive of Jisc said:
“The Teaching Excellence Framework (TEF) puts universities under pressure to improve student satisfaction, retention and employability while managing costs. Digital developments show this can be done, but only where there is strong leadership and suitably-skilled staff.
“Results from the USA and Australia prove students become more engaged in their learning where technology is used well. In the UK, there are some good examples of transformational technology, but these need to become much more mainstream if we are to compete.”
Sarah Davies, co-author of the report and head of higher education and student experience at Jisc, said:
“The examples we reviewed for the report show how technology has become an essential component of an effective and engaging higher education experience.
“Universities and course teams need to identify the approaches that work in their context and embed them into their teaching approaches. Whether this is using learning analytics to identify and support students who may be at risk of under-achieving, using online research to prepare for engaging face-to-face workshops, or creating assignments which support students in public engagement and developing a professional profile.”
Commenting on the report, Nick Hillman, director of HEPI, said:
“Staying ahead of the international competition is a constant battle for world-class higher education institutions and world-class higher education systems. It can’t be done without making full use of new technology.
“This report shows how to do it. There is a potential win:win:win, which is remarkably rare in policymaking. Universities can improve their education, help students and cut costs, all at the same time. But it will only happen if they ensure all staff are on board, if they accept cost savings are a by-product rather than the main goal and, most importantly, if they protect students’ personal data.”
The report makes seven recommendations:
via Jisc news
Subject specialists Allen Crawford-Thomas and Mark Ayton share advice ?on the questions that further education leaders need to ask themselves before developing a digital strategy. Read the original blog post.
via Jisc news
At this year’s BETT Jisc unveiled developments that support higher and further education in making the most of big data to support student success. Jisc is pleased to announce its newest partners as part of the next exciting phase of its national learning analytics platform.
Working in partnership with Excelsoft and DTP Solutionpath, Jisc will be able to offer its member institutions the chance to deploy the products offered by these suppliers, building on top of Jisc’s national learning analytics platform.
The partnership will enable DTP Solutionpath, Excelsoft and Jisc to develop and share case studies to highlight the benefits to universities and colleges that can be achieved through using learning analytics services.
Howard Hall, group managing director of DTP Solutionpath comments,
“DTP Solutionpath is delighted to be joining forces with Jisc within the Jisc learner analytics partnership to pool our collective expertise and experience in helping accelerate the adoption of learner analytics across the UK higher and further education sectors.
I believe the partnership will play a significant role in supporting UK universities and colleges in delivering a personalised learner journey, improved student experiences and of course better academic outcomes, as well as significantly reducing the time to value for institutions.”
Back in 2015 Jisc’s learning analytics project created the learning analytics procurement framework, to enable Jisc to secure products and services to build a learning analytics service for its members. Two years on and the marketplace for learning analytics has changed dramatically with new products and services regularly coming to market. The aim of the learning analytics partnership is to facilitate innovation and develop relationships with new suppliers so that Jisc and its members can easily access new products and services as they become available.
Gabriel Engelhard, business development manager for Excelsoft UK/Europe, comments:
“Excelsoft considers it a privilege both to work alongside a respected organisation like Jisc but also to be actively involved in projects that will benefit students and teaching staff in the UK higher and further education sector through our wealth of sector experience and technological expertise. We are pleased to work again with Jisc having done so in 2004 on the TOIA project (Technology for Online Interoperable Assessment) which saw a Lite version of our Saras Test and Assessment Engine made available to the UK higher education sector.
Excelsoft has shown a total commitment to education over the last 16 years with products and solutions which are used worldwide by the education sector in areas ranging from data analytics, educational positioning systems, interactive book platforms, test and assessment to learning management systems among others. We truly look forward to a true partnership where our technologies have a measurable impact on all aspects of teaching and learning.”
Phil Richards, chief innovation officer at Jisc said:
“Through our national learning analytics endeavour, Jisc is giving our higher and further education members the collaborative benefits of working together on a national scheme, whilst also allowing them more easily to tap into the best commercial solutions in the marketplace.
To that end, we are delighted to now be working in close partnership with DTP Solutionpath and Excelsoft – an arrangement from which all parties should benefit.”
For more information on the learning analytics partnership and how it can support your institution, please contact Mark Harrington, co-design manager at Jisc.
Creative Commons attribution information
All rights reserved
via Jisc news
The imperative to increase use of technology and improve the digital skills capability of the workforce is a common thread running through recent government and sector reports. How are skills providers meeting these challenges and using digital technologies to enhance the learning experience? Listen to our podcast, written by Clare Killen, or read her original blog post.
via Jisc news
As researchers get deeper and deeper into the process of collaboration, storage and sharing, it soon becomes apparent that they will need to manage their data too. As a result, researchers continuously have to make decisions around preserving their data, the best way to describe it, and who will have the long-term oversight.
In this podcast we chat to Daniela Duca, our senior co-design manager, as she looks into ways we can create user-led solutions for better research. Read the original blog post.
via Jisc news
We explore the complex threat posed by spoof emails and some of the strategies institutions use to counter it.
Given that more than 70% of people would give their passwords away for a bar of chocolate, as the BBC revealed a few years ago, it’s perhaps not surprising that the promise of free money – unclaimed grants, tax rebates, exorbitantly well-paid work – is enough to entice students into revealing personal information, sharing passwords and bank details, and even risking jail for money laundering.
The threat to UK universities from phishing emails is more potent and complex than ever before. Student Finance England’s Counter Fraud and Security teams estimate they have prevented the theft of over £1.5m in maintenance payments through scams aimed primarily at freshers over the last three Septembers alone, but security firm McAfee still caution in their most recent quarterly report that, for every ten emails sent by fraudsters, at least one will be successful.
Indeed, the BBC and Money Saving Expert warned of a new scam just before fresher’s week this academic year, which defrauded a Queen Mary University of London (QMUL) student of £300. The email appeared genuine, even down to the logo of the university’s finance department, and invited students to click on a link to claim a government bursary. Instead, the link transferred students to an online form which asked them to enter personal and bank details before taking them to a bank verification page, by which point fraudsters had already retrieved sensitive information.
The sophistication of this latest attack highlights the rapidly evolving and elusive nature of the threat posed by phishing. Some attempts are easy to identify – they begin with a generic form of address, contain significant errors in spelling, grammar or punctuation and may come from unexpected email addresses.
Others – commonly known as ‘spear phishing’ – look as if they come from an expected or reputable source, such as university IT helpdesks or financial organisations, and apply considerable pressure on recipients, warning students that their account has been hacked, or they need to verify login details, or their loan payment has been delayed, and offering a short timeframe to respond.
Recognising these scams can require as careful an approach as hovering over an embedded link to find that a website URL has been changed from 'bankofabc.com' to 'bancofabc.com'.
Social media adds another tier of intricacy: it is far harder to spot fake links when they are disguised using bit.ly or tinyurl. Spear phishing campaigns are increasingly methodical and systematic in their approach.
"Ten years ago phishing was very basic," says Austin Chamberlain, senior information security officer at University College London (UCL). "Now big organised crime groups are doing it as an industry and making hundreds of millions of dollars a year, with professional programmers working on this. It is a huge criminal industry."
He estimates that of the two to three million emails UCL receives each day, 90% is spam. The worst phishing scam he has seen occurred recently over the August bank holiday weekend, shortly before online registration for returning students, when an email was sent to UCL students from an academic address, offering a UCL-specific grant. "Six to seven UCL students were expecting to receive grant information from UCL," he reveals, "and at least one was financially hit."
While attacks targeting a particular subset of users are hardest to identify, comprehensive attacks on the entire student body pose their own challenges.
UCL outsources the bulk of its immediate threat management to Microsoft, and Chamberlain explains that, while UCL could manage its own content-filtering – scanning emails to filter them out if they contain nothing but a link to a domain – it is in traffic analysis that Microsoft has helped oversee what he characterises as a ‘slight improvement’.
"Microsoft are such a large organisation they get a much bigger threat picture, with a very good picture of mailflow around the world. They can assess how emails are being sent, is it in bulk, and if it looks suspicious, drop it".
For most universities, ongoing threat management relies upon education to raise awareness and prevent the phishing spam getting through in the first place: updating Twitter feeds, sending email alerts, promoting awareness training and online guidelines. But such arrangements require students to actively seek out information – and so-called digital natives are surprisingly blasé about the risks of online security.
A survey conducted by Computer Weekly in March 2016 found that while 77% of the 406 students asked recognise cyber security as a growing threat, only 35% think it is their responsibility to learn about it, and fewer than 20% say they are concerned. In particular, they found that 48% of students said they would attend university seminars on online security, but 57% then admitted that after arriving on campus they failed to find out about their university’s existing security policies.
Watch the University of Sheffield's video on the dangers of phishing.
Counterintuitively therefore, despite the increasing complexity of the phishing threat, the most effective response involves simplicity and repetition. Bob Booth, IT communication manager at the University of Sheffield who commissioned and scripted a short video on the subject three years ago, explains that phishing is "an important, but not very interesting subject" that's "also difficult to explain as there are so many variants".
Sheffield found that raising awareness about each specific threat meant that each time the message was slightly different and so there was little cumulative benefit over time. Booth explains they came to see that the "one strong defence against these kinds of attacks are clear, consistent safety advice messages that will catch people's attention and be memorable".
The video was a strategic response to a growing problem designed "so that we could use the same video to raise awareness of many different threats and keep messages consistent", and a link to it is included in every response to a phishing attempt and all general security correspondence with students.
Students, however, are not the only potential victims of phishing scams at HE institutions. At UCL, Chamberlain says, "we see staff as a bigger risk, partly because they have access to more information, including student information". Chamberlain cites an instance where a senior member of staff apparently sent an email to their PA requesting payment for a specific research purpose, only for the scam to be revealed days later when the PA requested further information.
The particular vulnerability he identifies is in HE’s collaborative ethos: "people expect to receive messages from outside the university as part of their day-to-day jobs, often unsolicited and with attachments, and this leaves many departments very exposed", particularly to system reconfiguration attacks and ransomware.
Research by Zinaida Benenson, head of the Human Factors in Security and Privacy Group at the University of Erlangen-Nuremberg, has found that "by a careful design and timing of the message, it should be possible to make virtually any person to click on a link", especially if it appeals to ‘(usually reliable) decision heuristics such as 'this message fits my current expectations' or 'I know the sender'" – staff opening emails and attachments labelled ‘Proposal’, ‘Abstract’ or ‘Invoice’, for example.
"Expecting error-free decision making from users under these circumstances seems to be highly unrealistic, even if they are provided with effective awareness training," she explains. It makes them either inefficient at their jobs, or inclined to disregard education attempts as counter-productive. Benenson concludes that it cannot constitute the only line of defence against phishing, for "more research is needed to determine the feasible level of defence that non-expert users are able to achieve through security education and training".
Frances Burton, Jisc’s lead security liaison, maintains that while ‘the specific targeting of key personnel is becoming more prevalent in these attacks’, nevertheless ‘educating users has shown to be effective in reducing an organisation’s risk from staff falling victim to a phishing email’. New staff at UCL have, for the last 18 months, attended a mandatory security training course, but existing staff members prove more recalcitrant and as Benenson’s research suggests, education alone cannot suffice.
Chamberlain says that UCL are, as a result, considering a controversial simulated phishing exercise, sending out an imitation phishing email to staff and monitoring the response. "It’s not about being aggressive or blaming people", Chamberlain stresses, simply that given "the amount of phishing we’ve experienced we think that something more drastic has to happen".
And it's not just HE - while the threat currently seems most potent for higher education institutions, further education colleges were warned in 2014 that fraudsters were beginning to target staff in the sector, pretending in that instance to be the Skills Funding Agency.
For both students and staff, the challenge is how to convey key information about new attack methodologies in a rapidly mutating threat landscape without incurring user fatigue.
"People are becoming more aware", concludes Chamberlain, but "the attackers are becoming very savvy and their tools are getting better. All we can do is tell people to think again, think twice when you get an email with an attachment, or requesting bank details, or asking that you send money somewhere - just double check, maybe make a phone call and confirm it with the purported sender."
via Jisc news
Our Times Higher Education Award celebrates the innovative use of digital technology to improve an institution’s teaching, learning or research activity. In this podcast, we speak to Dr Daniel Morgan from the University of Leeds about the winning project, Virtual Landscapes, and technology-enhanced learning.
Our own Martin Hamilton also discusses the shortlisted projects for the Jisc Times Higher Education award, a list of serious calibre. Read more about the winning project in our blog post.
via Jisc news
Imagine you’re busy creating a world-class research paper. Now imagine you’re doing it whilst juggling multiple passwords and usernames to access all the online resources you need, as well as the many buildings you need to enter.
This was a problem in education before the UK’s cybersecurity strategy reiterated the importance of password safety. The UK Access Management Federation solved this problem some ten years ago, by giving access to multiple sites, through single sign on to trusted academic resources.
The UK Access Management Federation was born in 2006; currently the largest of its kind in the world and amongst commercial service providers too. Now, ten years on, with over 1000 organisations to its name, the federation is celebrating a decade of success.
In time with this anniversary, Jisc will be piloting the option of a self-service portal, for all service providers, schools, further, and higher education, which will also be free to use. The portal will allow system administrators to make changes behind the scenes without needing to contact the helpdesk. The helpdesk will remain a firm feature of the service however, for customers wanting a bit of extra assistance.
Tim Kidd, executive director of Jisc technologies said:
‘We’re really proud of this service, it’s gone from strength to strength since its inception. A cooperative, collegiate effort; across the sector and internationally, the UK federation is interoperable with eduGAIN, creating access worldwide with 38 partners globally”
Dr Rhys Smith, Jisc chief technical architect for trust and identity said:
“The self-service portal will allow knowledgeable administrators to make changes more immediately than at present - though the helpdesk will always be available to make changes for customers who want assistance in doing so”
Operated by Jisc, the sector’s support organisation for digital solutions, the federation enables staff, students, researchers and school children to access online resources and services using their institutions' credentials. When users request access a service or resource, their home institution authenticates them and in doing so confirms their identity so that they can access the resource.
Mark Toole, one-time chair of the UK Federation board said:
“This upgrade to the federation will allow us to have a slicker system to support the growing needs of students and researchers in accessing services online, and navigating ever-changing digital learning environments.
Open access and the Research Excellence Framework mean greater sharing of digital information, so it’s great to have a tried and tested service we can trust, particularly important as global collaboration grows.”
86% of colleges, 99% of higher education institutes as well as research bodies, publishers and schools have access to the Access Management Federation, saving money and allowing for collaboration through ease of access. Alongside the portal, service developments are taking place that focus on the methods of distributing metadata to reduce system requirements for education providers running their own systems.
Mark Williams, federation service manager at Jisc said:
“We’re thrilled to be celebrating the 10th anniversary of the Access Management Federation, and to have seen it grown over the years to support so much of the UK education sector. It saves federated members huge costs in having multiple sign-ons, widens participation to all learners, and helps institutions to deliver a 21st century experience to learners and staff alike.”
Alongside supporting administrators to make changes to the system themselves, Jisc is also rolling out the service beyond academia, with a pilot in English public libraries, giving seamless access to top quality learning resources fit for a digital generation.
via Jisc news
The hunt is on for the next breakthrough edtech startup companies.
Entries are now being accepted for the startups category of Jisc’s edtech competition, which supports startups and student ideas for education. With the UK's first Edtech UK Global Summit having taken place in London earlier this month, it certainly seems that the UK edtech sector is tipped for take-off, and Jisc’s startups competition could give edtech startups the boost that they need.
Winners will provide real solutions for education sector issues, and stand to bag funding of up to £20,000 and business support for their growing edtech enterprise.
Ten startups will be chosen to pitch at Jisc’s Digifest event (which celebrates and supports learning and teaching for higher education (HE) and further education (FE) and skills sector) in a bid to get through to the next round. Once through, the winning startups will enter a six-month ‘accelerator programme’, where they will receive mentoring business support.
That’s not all, there’s even a chance to pitch to Jisc (and other potential investors) for support packages and investment to become successful edtech products. Previous startups supported by Jisc have set out to solve numerous sector issues with their innovative ideas.
Anish Bagga, Unitu founder, said:
‘‘Being part of the accelerator programme has been instrumental to the success of developing Unitu and building a truly effective business model. Thanks to the programme, our platform has taken off in a real way, and we have created a place where students, course representatives and staff can collectively raise, discuss and resolve academic issues all in one place.
"We’ve had support navigating our startups business through the HE technology sector, enabling us to build key contacts along the way, and the funding we received and continuing support from Jisc have been invaluable. We urge anyone thinking of entering to just go for it.”
Paul Bailey, senior co-design manager at Jisc, said:
“This year it’s more important than ever that we find and support fantastic edtech ideas. At Jisc we believe that digital has the power to revolutionise learning and teaching, for universities, colleges and learners alike. In our current economic climate, edtech startups could really benefit from a financial boost, and we’re thrilled to be able to offer funding along with business advice and support.
"This will be the fifth year of our competition, and I’m looking forward to seeing what inspiring and innovative startups we can work with this time around”.
Find out more about the competition and enter.
via Jisc news
We've made available 23 maths and English resources from exam boards through our e-books for FE service, which practitioners and learners from subscribing colleges can access for free.
Hundreds of thousands of learners aged 17-and-over are now obligated to resit their English and maths GCSEs, presenting a real challenge for colleges. We chatted to Karla Youngs, our head of digital content services for further education and skills, as she explains how Jisc is helping. Read the original blog post.
via Jisc news
Reading College has won an Association of Colleges (AoC) Beacon Award for introducing new cloud-based technology on campus.
The award for effective use of technology in further education, sponsored by Jisc, was given for the college’s programme - ‘Seamless learning – any time, any place’ - which involved making cloud-based learning available to students and staff across the college.
The AoC Beacon Awards celebrate the best and most innovative practice among UK further education colleges. They reward colleges that go above and beyond in providing high-quality technical and professional education. Award winners must also offer something exceptional to students and the wider community.
As part of a phased introduction of the technology, the invested £1.3 million to improve its previously insufficient Wi-Fi coverage. Introducing the new system, which uses Google apps, has brought significant improvements in teaching, learning and student achievement.
Sally Dicketts, chief executive of Activate Learning, which runs Reading College, said:
“Our approach to using online technologies has helped to realise our aim of extending and enlivening students' learning. This has led to them making faster progress and achieving higher grades.
Digital technologies have also enabled us to connect with employers in new ways; to facilitate the co-creation of project based learning. This has provided a flexible solution to building relationships with those individuals who are knowledge rich but time poor.
As the pace of technological change increases, we are pleased to be at the forefront of exploring and utilising new technologies to support our students' learning.”
Paul McKean, Jisc head of further education and skills, said:
“As UK government continues in its aim to reform post-16 education, the role of technology will grow in importance – supporting colleges to build a strong foundation that will enable them to survive, thrive and continue delivering outstanding learning experiences into the future.
We already know of colleges who are leading the charge and using technology to elevate learning, teaching and assessment. This award celebrates those frontrunners, while giving an excellent opportunity to showcase best practice so that others can learn by their example.
I wish to congratulate all those who entered, but in particular Reading College, who stood out for delivering truly transformational digital experiences.”
Dame Pat Bacon, chair of the AoC Beacon Awards, said:
“Reading College is an outstanding representative of the excellent work happening in colleges across the country. It’s a privilege to be part of an awards programme that recognises the energy colleges put into supporting their students, staff, employers and local communities.”
Mike Davis, chief assessor for the AoC Beacon Awards, said:
“The high standard of submissions to the AoC Beacon Awards often makes it very hard for the judges to choose the winners. Reading College can be proud to receive this award for demonstrating its commitment to create the best possible experience for its students.”
The college was announced as a winner by comedian Jon Culshaw at the Association of Colleges Annual Conference and Exhibition in Birmingham.
via Jisc news
The AoC Annual Conference and Exhibition marks the coming together of people from across the further education sector to exchange ideas, share best practice and stimulate debate.
Speaking to Val Keay, Paul McKean, our head of further education and skills, reflects on the Jisc panel session from the first day, which featured college principals who are using technology to enable organisational change and enhance the learning experience.
via Jisc news
Universities UK (UUK), in partnership with Civitas Learning and Jisc, recently released a report on learning analytics in UK higher education, which recognises it as being a powerful set of tools for helping institutions to support learner retention and progression.
Jisc's Niall Sclater takes a closer look at the report, discussing the potential of learning analytics, blockers and challenges, and gives advice on how to move forward and make the most of the opportunities.
via Jisc news
Earlier this year we spoke to Dr Nick Moore, director of IT services at the University of Gloucestershire, about the university’s interest in learning analytics and involvement in our effective learning analytics pilot.
Now a couple of months into deployment, we pick up conversations with Nick to find out how far they’ve come in the on-boarding process, experiences in terms of challenges and opportunities, and what comes next.
via Jisc news
The burgeoning use of big data in healthcare research is revolutionising the way health records are collected, used and shared. But, with controversial projects such as NHS care.data still fresh in everyone’s minds, how can researchers reassure the public that highly sensitive data is safe in their hands?
Remember the NHS care.data controversy from a couple of years ago? Of course – it was a complete public relations disaster for both the health service and health data research.
Eventually fully scrapped in July this year, wasting millions of pounds, it caused a public outcry over privacy and data sharing, amid accusations that the creation of a vast database of medical records was being rushed through without explaining to patients of the security implications for their highly sensitive information. Leaflets posted through letterboxes failed to include any information on the risks of sharing data (and in many cases apparently didn’t arrive at all) while it also emerged that many patients who had opted-out were still having their data shared.
NHS care.data is one example, albeit a calamitous one, of the rise of health informatics - a rapidly expanding field seeking to exploit the potential of big data analytics for healthcare - and some of the red-hot issues around this new industry.
Health informatics is revolutionising the way that healthcare information is collected, managed, analysed and shared, and the research and clinical potential is unprecedented.
"We are seeing the convergence of traditional health records, laboratory test results, imaging and genomics data, all being used to answer more and more complex questions regarding the determinants of health and effectiveness of treatments" says Jonathan Monk, director of IT at the University of Dundee. "When we combine this with advances in analytics, such as natural language processing, we will hopefully start to see changes in the way patients are treated, which should ultimately lead to better outcomes for everyone."
The implications stretch far beyond the integration of electronic health records. From allowing patients to access their own medical records online, to analysing enormous datasets to identify trends in disease and treatments, to ascertaining gaps in healthcare provision and directing more efficient allocation of resources, health informatics is a burgeoning industry.
A 2014 Burning Glass report projected that demand for health informatics workers would increase 22% by 2018 – more than twice the rate of growth for all industries, translating to more than 40,000 new jobs. Once primarily an administrative field, health informatics is now struggling to recruit sufficient numbers of qualified coders, software developers and e-infrastructure specialists.
As with all revolutions, however, it is controversial. "More and more data is becoming available to for research, but the sheer scale of it creates new problems ensuring privacy and confidentiality," says Monk. NHS care.data stalled on the issue of informed consent. "Much of the rich patient data available within the NHS was not collected specifically for research purposes," he explains, "so patients have not given consent for researchers to use it".
A governance committee review of the NHS’s failings stressed the need to build trust with the public. Nathan Lea, senior research associate at the UCL Institute of Health Informatics, argues that the NHS remit was "too broad to be able to get any kind of consent".
He reflects that "the overriding message is that people have a right to opt out and we should respect that". The research community needs to encourage open, informed discussion, while accepting that "trust is not something you build, trust is something you may or not get – it’s something beyond your control".
For Lea, the issue of trust encapsulates a wider problem with public engagement and articulating the benefits of data collection in healthcare. "On one hand," he explains, "people are bleeding personal information on Twitter, Facebook, social media, collecting data and putting it through apps, often to their detriment, yet at the same time they are concerned that medical records are being used without their knowledge."
Instead of trying to persuade people, he suggests, a more productive line of inquiry would be to investigate that dichotomy – why are people apparently more trusting in one environment than another?
Lea works with the Farr Institute, a UK-wide research collaboration involving 21 academic institutions and health partners in England, Scotland and Wales working to develop governance frameworks to underpin the safe and trusted use of patient data, and answer the sector’s most urgent question: given the particular requirements of health informatics in terms of data management, privacy and data protection, what constitutes good governance for health research?
A campaign designed to highlight the positive impact of health informatics research on public health
For Lea, while technical elements are important, security is also more fundamentally about how you assess and understand risk, and use it to develop procedure, ranging from encryption to NDAs1.
"Security will make it more likely for people to trust you," Lea says, "but ultimately you cannot guarantee security, there’s always some uncertainty. My position has always been that if you’re clear with people that there is always some risk – “we think it’s unlikely but always possible” – that’s a good place to start an open, honest conversation that you deal with together."
People don’t need to be technically savvy, he explains, but they do need to be able to articulate and understand risk.
It seems significant, then, that at Dundee, security and research ethics is not solely an issue for the university’s Health Informatics Centre (HIC) but requires a collaborative, interdisciplinary approach.
"We are seeing a lot of interest from other disciplines that work with confidential, identifiable data such as social sciences and computing", says Monk, which means the university needed to develop tools enabling researchers to collaborate securely both internally and externally. As a result, Dundee has clear published guidance that helps research staff use the most appropriate method for storing and managing data, from the enterprise file sync and share service Box, through to the large IBM Spectrum Scale Research Data Stores and the highly secure environment within the HIC.
Monk explains that Dundee has several key approaches to improve secure storage and access to files. "Firstly, the data is anonymised for each research question. Secondly, to mitigate the risk of data leakage, the researcher does not get given the data; rather, they are given access to a virtual desktop from which they can run analysis. We have a lot of automated pre-processing and validation that ensures consistency in data definitions, usage and reduces the manual effort needed to get data to the researcher."
"Finally," he concludes, "we have built a detailed set of documented processes and standards, all managed through Box, that have enabled us to be certified as compliant to the ISO27001:2013 standard and to be considered an accredited Safe Haven by NHS Scotland."
Monk’s advice for other institutions would be to understand that it is highly likely that they will need a palette of tools and technology to meet diverse learning and research needs, one combining technical security measures such as anonymity and encryption with stringent governance procedures in order to ensure research is conducted with access to data only where appropriate and with the approval of public benefit and privacy panels.
Monk maintains that, as a result, "we are seeing a sector-wide improvement in the management of data and information due to both legislative pressure and more widely available best practice."
A similar plurality of approach characterises a recent secure data access pilot called the safe share project. Led by Jisc, safe share creates encrypted and assured network connections between parts of infrastructure and safe places where research can happen, with intrusion detection and security monitoring at network level, provided by a impartial not-for-profit service.
At Swansea University Medical School, safe share assists projects for the Administrative Data Research Centre as well as healthcare research. At its most basic it effectively provides "a managed service, where Jisc put a firewall here and then encrypt traffic between here and wherever the data is trying to go, where there will be another Jisc-owned firewall, which can decrypt the data there," explains Simon Thompson, systems analyst at the school.
Safe share currently connects universities at Swansea and Cardiff and, will soon be connecting Leeds, Manchester, Southampton and Edinburgh and also ensures compatibility, becoming a de facto standard for interconnecting securely. Its potential resides in "making things easier on a per-project basis - this project is allowed to talk to this institution on this dataset – and we can make data requests on a more impromptu basis, because we know all the endpoints are secure," says Thompson.
While he fears that "you wouldn't be able to create such a large dataset now compared to when the repository was first created ten years ago, there's too much nervousness," he insists "you do need this size to avoid bias in the research; you can look at subgroups of people but that only makes sense in comparison to everyone else. You need everyone's data to get real value." And for that, research institutions need public trust.
Nathan Lea concludes that there are potentially disturbing parallels with the use of data and the case of Henrietta Lacks, or the Alder Hey organs scandal. Both provoked highly emotional public debates, but they were also defining moments in the history of health research, engendering crucial ethical re-evaluation and, ultimately, new codes of practice.
"What we must do," Lea says, "is show that we have learnt some lessons, especially in the research community. You have to foster a trusting dialogue between the public and the data science community, and you have to maintain that – trust is not something you get and keep, it is ongoing – a process."
via Jisc news
Charlie McMurdie, who spent 32 years in the Metropolitan Police, is senior cybercrime adviser at PwC consulting with clients on a range of global strategic and operational cybersecurity programmes. She talks to us about how universities tick all the boxes for cybercrime risk factors – and how people, more than technology, are both the problem and the solution.
What are the latest trends in cybercrime?
"To put the latest cybercrime trends in context, technology is now integral to virtually everything we do. New technology and new features are constantly coming out, from the Internet of Things1 to biometrics2. The more accelerated the pace of change we go through, and the greater the demands from customers and companies to roll out technology quickly, the more opportunities there are for cybercriminals.
In terms of trends, there’s been an increase in denial of service (DDoS) attacks on companies, knocking them over, and also rogue emails – there’s been a 37% increase in phishing emails, with criminals using them as a point of access and compromise into organisations.
2016 has been called the year of ransomware, with an increase in the use of malware infections to lock down an individual’s or organisation’s data followed by demands for money, normally through the cryptocurrency Bitcoin, which in itself presents a challenge for law enforcement to try to track and trace for legal recovery.
One of the biggest features we see every time is the part that insiders seem to play in most of the breaches that take place. That’s insiders either deliberately engineering themselves into an organisation to gain a position of access, or gaining entry into premises through fake IDs. Or, often, employees just not following policy and process, perhaps through a lack of awareness, training or understanding, and doing something that results in allowing an infiltration or a breach to occur."
So, cybersecurity is less a technology problem than a people and process problem?
"Yes. There’s certainly fantastic technology and automated processes being rolled out but, at the end of the day, it’s always individuals making the decisions around how that technology should be used and checking it is safe and secure before it’s actually deployed.
Time and time again, when you look at most of the breaches, it is down to companies not checking who’s got access to their network and who should have various permissions within that network. If you give a member of staff permissions across the HR database, the finance database and more, you actually make that individual quite a nice target for cybercriminals.
If the criminals can compromise that person then they’ve got lots of access and permissions that they can then use for criminal purposes. It’s a very complex picture for those that need to defend and implement security."
What threats do education and research, in particular, need to be aware of?
"Universities are one of the top targets for cybercriminals and that's a top concern raised by most security services. One of the reasons is that universities aren’t just a place of education. They are where most of our cutting edge research happens and where a lot of our new technologies are up and running as businesses because that’s where they have been commissioned and developed.
But look also at how universities are set up: they’ve got a massive population coming and going all the time and that’s a huge group of users who want access to technology 24/7 and who want to have it all on the move. So you’ve got a large population that’s constantly changing and lots of end points that could present opportunities to cybercriminals and you’ve got some of the crown jewels of the latest R&D taking place.
On top of that, you've got a nice big population of students who have previously been targeted in scams – the student loans scam was a fairly high profile one - by criminals seeking to defraud them or use them for money muling purposes."
The recent PwC report Cybersecurity and Privacy Hot Topics said that one of the key points of an organisation's strategic approach to cybersecurity is to 'understand your adversaries'. In the case of education and research, do we have an understanding of who those adversaries might be?
"First of all, you’ve got different types of crime under the cyber banner. There are organised crime groups around the world that will look to capitalise on stealing data and turning it into monetary assets, perhaps by compromising financial credentials or taking over bank account details. Then there are the hacktivists, the likes of Anonymous. We’ve seen relatively young individuals attacking companies because they disagree with what they’re doing or how they’re doing it, whether it’s animal research or stem cell development – that might apply to universities.
Then there are the cyberterrorists using cybercrime for funding or market manipulation. The big concern here is the potential for blended attacks - using technology to bring down or take control of our utilities and perhaps blending that with a physical attack at the same time. And then you’ve got the 'state sponsored' attacks, attributed back to various nation states who might be attacking infrastructure or infiltrating and taking sensitive data for espionage purposes.
When you look at those different types of attacks, and different types of cybercrime, universities are clearly going to be a particular target because of the nature of what they do and the way that they are set up and the high value of the population on the networks."
So it sounds like universities tick all the boxes in terms of risk?
"Yes, they do. Cyberterrorism is an obvious area to look at in terms of compromising individuals. With some of the extremist activity that takes place, we see the befriending and social engineering of individuals, to gain access to networks, as a key factor. We need to encourage people to think about who it is that's communicating with them online.
We already recognise that risk with child abuse grooming - kids think they’re communicating with somebody of a similar age and background and it turns out it’s not, it’s actually a paedophile. Well, the same tactics and tools and issues are there when it’s organised crime. When somebody is doing what they’re doing for criminal purposes or terrorist purposes, you don’t necessarily know who it is you’re communicating with. We do tend to trust what we see on the screen."
What areas of risk do people most misunderstand or underestimate? It sounds like that’s one of them.
"You ask people how many friends they’ve got and these days it’s not three or four friends or even half a dozen friends, but ‘I’ve got 1500 friends’, because of social media.
That means they’re giving away what they’re doing, where they’re going, what’s exciting them, in innocent conversations and postings, which is really useful data for somebody who wants to use it for unlawful purposes. That's a big, commonly underestimated, risk."
You've described DDoS attacks as a 'diversionary tactic' rather than merely a short-term annoyance or disruption. Can you say a bit about that?
"The UK suffers significantly with DDoS attacks, in fact it suffers more than a lot of other European companies – we're one of the top three most targeted countries, along with the US and Japan. These attacks can be diversionary tactics. What for? It's possible to speculate - for extortion purposes, for testing to see if they have got the capability to knock over our infrastructure as and when they wished to? Is it stock market manipulation?
However, although cybercrime statistics in the UK are particularly high, we’ve also got quite a good reporting, intelligence sharing network here so we’re getting a better intelligence picture, and that in turn obviously pumps up our statistics."
There are some issues around openness when it comes to security breaches. Obviously, there’s an incentive for organisations to try to cover up security breaches. What is the best way around that and is there also, conversely, a security risk in revealing too much information about a security breach?
"We’re going to see more breaches being reported and made public. The EU general data protection regulation is coming out soon and significant fines will be imposed if companies are found wanting by having redundant or irrelevant data or inappropriate security or encryption to protect their data.
I think the risk is in not revealing the right information in a timely fashion. When breaches occur, the outcry is often not so much about the data loss or breach but why it took so long for the breach to be reported, and how it's done.
If a significant breach is dealt with by providing the correct information in a timely fashion and all the right steps are taken, it's rarely newsworthy. But if the organisation isn't prepared, if they don’t know what to do or say, if they don’t know what their message to the market or their shareholders should be, if they’re giving incorrect information and then they have to correct the information, that's a problem."
And that’s a leadership issue not an IT issue, isn’t it?
"It is. I think the culture is changing within companies. It used to be that cyber and 'all this technology stuff' was dealt with by the IT department and it was an IT issue. Now it is a board issue. The chief executive and stakeholders want to know what’s going on and have oversight of it to make sure things are dealt with appropriately.
Some companies are now creating positions where one person has overarching security responsibility covering IT, information, physical security, and people training. You need to bring all those different aspects of the business together to make sure that you haven’t got any gaps in your cybersecurity. If that position then reports up to the board, there is genuine oversight."
There’s been quite a lot of discussion recently about whether there’s a cyber security skills gap. Is there one, where is it and, if so, how can it be filled?
"Time and time again, people talk about the skills gap. But I know that there are thousands and thousands of fantastic people out there who have technology skills. You look at any of the universities, and the students on their masters and PhDs, and they’ve got cyber skills all over the place.
The issue is aggregating and utilising the skill set that’s out there. Cyber cannot be considered in isolation, we need to bring together the different skill sets that exist in organisations and share the intelligence. Technology is moving and changing at such a pace that you will never have one single person who is aware and up to date about every different aspect of technology.
Yes, you need network investigators, who can interrogate malware etc, but you also need, more generally, to have people who are keen, passionate, enthusiastic and intelligent. So it’s not so much a skills gap as changing who you’re looking for, who you’re recruiting and taking the people with the passion who want to learn and keep up to date, and they can be given the cybersecurity brief on top of their normal skill sets.?
Cybersecurity needs to be integrated into all aspects of training now. So I’m not so sure that there is this massive skills gap, it's more that we’re not really investing in the right people in the right way."
via Jisc news
Ian Levy, technical director of the government’s brand new National Cyber Security Centre and keynote speaker at today's Jisc security conference, explains how the centre will open up cybersecurity and work with the education and research sector to help it protect itself better.
What’s the structure and focus of the National Cyber Security Centre and how does it improve on what’s gone before?
"The National Cyber Security Centre (NCSC) brings together, in a single new organisation, significant chunks of government that deal with cyber; from CESG, the information security part of GCHQ, to CERT-UK, our computer emergency response team. For large swathes of cyber advice and transaction, the NCSU will now be your first port of call.
There are two things that make the NCSC fundamentally different. Firstly, our focus on the customer. In the past, like all governments, we’ve sat in our ivory doughnuts and proclaimed that we know everything and pronounced on what people should do. And, of course, it turns out it’s not that simple. There are always constraints that we don’t understand.
The NCSC is going to work much more closely with our customers so that we really understand their constraints and their environment and can be a much better partner for them."
"As a corollary of that, we’re going to be much more open. We want to generate data. We want to publish it online. We want everything that we do in the NCSC to be online, by default.
Learn more about the NCSC in their introductory video
We should be saying, here’s what we think the problem was, here’s what we’ve done to try to address it and here’s what the effect was – and do that whether it worked or not, and in a way that people can understand. That way, you start to get people to understand how cybersecurity affects them and how they can participate in their own protection.
The second big change is that we’re becoming more active in our protection of the UK, more interventionist. The full details of that will come out when the national strategy is published. But the general idea is that we’ll build automated systems that get rid of a significant amount of the commodity attacks that affect the UK: we want to make spam go away for people, we want to make the banking attacks go away for people, we want to make it very difficult for anybody to impersonate the government brands."
Looking specifically at the education and research sector, how are you going to work with the sector to do that?
"We want to work with the education and research sector in two ways. Firstly, by working with them on research and helping people to get into STEM (science, technology, engineering and mathematics) subjects.
In terms of how we help the sector protect itself, we’ve traditionally had a hard time talking to academics and universities. That’s because, usually, government comes along and says, ‘we think you should be filtering these sorts of things’. And they say, ‘No. Academic freedom’. So that’s one of the reasons we want to talk to Jisc.
We want to say, look - here’s what we do for the rest of the country. We don’t want to do this for you. We want you to do it in a way that works for you, that you’re happy with as a community. Let us help you do that."
"Protecting the sector is critical because it’s where the future of the economy lies. We don’t want to interfere in academic freedoms but we do want to partner with organisations like Jisc to help the academic sector protect itself better."
That involves listening as well?
"Of course. We want the NCSC to be much more open.
To contrast, GCHQ is a top secret organisation and it’s very difficult to get into our buildings, it’s very difficult to talk to us. The NCSC building is an unclassified building and about 20% of its space will be reserved for collaboration."
"I want to get people from various sectors to come and sit in there and a) teach us, and b) let us work with them to help them understand the threat better so that we don’t end up with this artificial divide between cybersecurity people and people who understand the sectors.
We also want to deploy people out in the various sectors so we really understand how our customers work."
What do you think are the particular cybersecurity threats faced by education and research?
"In terms of research, it’s intellectual property theft on a massive scale. That’s our differentiator in the world, and there’s going to be disruption at some point."
What about the things that are, perhaps, lower level but very annoying and disruptive such as phishing and DDoS attacks?
"We want to tackle those at national scale.
One of the things we are doing is making it very hard for somebody to spoof a gov.uk address. Until six weeks ago you could fake some @gov.uk addresses, such as taxrefund @gov.uk, and there were thousands being sent every day. We’ve stopped it. It’s a relatively simple thing to do. And I’d like all the universities to do that so that university addresses can’t be spoofed."
What else would you like institutions to do?
"DNS filtering. We’re going to do it for government first, to prove it works and prove you can manage all the privacy issues, and then we want the ISPs to do it for the public at large so, by default, you get protected from bad sites (bad meaning they’re trying to send you malware or steal your credentials or get you in a phishing campaign).
We think it would be sensible for institutions to do that for their staff and students."
"But there is always a balance around academic freedom and it’s not for us to say what the balance is, it’s for us to say ‘here’s what we’re doing for government, here’s the data that shows what benefit it brings’. If you want help to do this filtering stuff, you can have it, that’s absolutely fine. If you do take it, I’d really like high level stats back about how you stopped 10,000 phishing attacks today or 25,000 malware attacks today so that we can start to build a national threat picture - but that’s all I want back."
Is there going to be a fear that there may be an element of compulsion involved?
"There will not be any element of compulsion from government. That’s not how we want to do this."
In the past you’ve said some interesting things about language and how that impacts on risk management. Tell me a bit more about that.
"Take the names of the financial instrument that caused the 2008 crash. You start off with ‘mortgaged-backed securities’. They sound good, they’ve got the word secure in them and they’re backed by a mortgage. You go through until you get to ‘toxic debt’ and you say, you can be forgiven for investing in mortgage-backed securities but you’d be an idiot to invest in toxic debt. But they’re all the same thing."
"The way you talk about something fundamentally changes how you view the risk of it. The way we talk about cybersecurity today is all very scary and doesn’t aid good risk management.
We need to get evidence, we need to get data and we need to be realistic about what the threats actually are."
Is there a risk that you may heighten people’s fear rather than assuaging it by being so much more open, ie by publicising the amount of phishing?
"No I don’t think so. If you read the technical press today or even the tabloids, it’s all codified in words that sound scary, such as cyberwar and cyberterrorism.
What I’m hoping we’ll be able to show in the next six to nine months is that we can take away a good amount of phishing, scamming, credential stealing malware for people at scale. We can make email trust mean something again. We can make it harder to launch DDoS attacks against the UK."
"The question then is, how do you generate the data and the evidence to show people that it works or doesn’t work and be honest about that? What will happen is that the attackers will evolve as our defences evolve? So this isn’t a one-stop shop."
One of NCSC’s objectives is to nurture and grow the UK’s cybersecurity capability. How will you do that? Is there a cybersecurity skills gap?
"There definitely is one. I think it probably starts back at school. We’re not good at keeping enough people in STEM subjects, generally, and we’re not good at making cybersecurity an interesting subject for them at the moment. We need to try to fix that over the next few years. "
"We’ve got CyberFirst, which talks about how we intend to do stuff in schools. We’ve got sponsored MScs, we’ve got an apprentice scheme, cyber apprentices.
Over the next few years we’re trying to build a pipeline of people who have a sustainable set of skills. I think the key thing for me is how you get everybody who is involved in technology - of whatever kind - to understand cybersecurity. They don’t have to be experts but they have to be cognisant of it.
Getting it into the right curricula across the space is really important. The final bit is getting it into MBAs, because it’s business who generally do the risk management. They have to manage cyber risk and they’re doing it differently to the way they manage any other business risk at the moment and that doesn’t seem right. I think that’s because it’s not well taught in MBAs at the moment."
So, it needs to be a leadership issue?
"In a business it absolutely should be a board-level issue. It’s just another business risk.
As an example, every business must have a financial control policy, which is audited and presented to the board every three months. But ask them if they have a patching policy for their system and they’ll say yes, of course, our IT guys patch our systems, according to our patching policy. Then ask when it was last taken as an audit item, and the answer, generally speaking, is “never”. Because they push it down to the IT guys, because it’s “weird techy stuff”. You’d never do that with a financial liability, so why do you do it with a cybersecurity liability?
There’s a dissonance between the different business risks and we need to try to corral them together."
via Jisc news
As we mark the beginning of another Open Access Week, we speak to Mike Taylor, palaeontologist, open access campaigner and co-founder of Who Needs Access website, about the moral imperative for open access and the destructive power of the brand name in academic publishing.
You've written about the moral dimensions of open access - can you outline what you mean by that?
"It’s hugely important to me. A lot of open access advocates come from a very different foundation, supporting open access because they think it will save money, for example. That’s important, of course. But to me, what's much more important is this very fundamental thing that the internet is essentially a machine for creating value out of thin air.
So, pre-internet, if I had a reprint of a paper and I gave you my copy, I would no longer have my copy. Now we are living in a world where I can give you a copy at no expense to myself and retain all of my collection. I can do that an infinite number of times and give everybody in the whole world a copy. So, suddenly, a thing that was of value to me can be of value to six billion people instead.
It feels morally wrong, given the capacity we have to do that, not to do it. Anything that stands in the way of our making this enormous increase in value for everybody in the world is inherently a bad thing. That’s the fundamental argument for open access - we can create free value. It’s stupid not to.
I co-run a website called Who Needs Access. It’s anecdotal because, often, anecdotes will reach people when numbers won’t. It’s about those people outside of academia who are deeply reliant on access to published academic papers, such as people running small businesses, translators, third world entrepreneurs, patients with various obscure diseases.
Christy Collins is one. She has a child with a rare genetic condition. Her GP doesn’t have time to do the enormous amount of work involved in reading up and becoming an expert on a condition suffered by just one of his patients. Christy has the time and motivation to do it yet constantly runs into problems where she can’t find out what she needs to know about her own child’s medical condition because paywalls are in the way. That, for me, is a very compelling moral case for open access, quite aside from what it means for cost savings in libraries and suchlike.
We in academia are generating this astonishing amount of fantastically valuable information. We have to get it into the hands of the people who need it – and that doesn’t just mean other academics."
The theme of open access week this year is 'open in action' and it’s about the small steps that everyone can take to make openness in research a reality. Are there any particular areas of great practice that you can point to?
"I’m an associate researcher at the University of Bristol and it was very encouraging when we finally adopted our own open access policy within the university. However, I’m in a slightly unusual position. Although I’m a research associate of Bristol, my day job is not in academia, I’m a computer programmer. So I don’t need to play a lot of the games that paid researchers have to play to make their CVs look good for the kinds of jobs they want to get.
So, for example, if I suddenly stumble across definitive evidence for the biggest dinosaur that ever existed, I don’t have to send that to Science or Nature in the desperate hope of getting a Science or Nature paper that will make my career, I can send it to the journal that I think will do the best scientific job. As a result of that, it’s very easy for me to take a fundamentalist position on open access, and I need to remind myself that other people don’t always have the privilege of looking at it in such a black and white way.
But the upshot is that all my stuff goes to open access journals. None of it goes to journals that are owned by large multinational corporations, even if those publishers do run open access journals. That’s because I’m more concerned about the openness of my work than I am about any other aspects of its publication.
Now, I would love everybody else to adopt that same policy but I do understand why it’s not always that straightforward for people in other situations."
Would it have been more difficult for you in the past to find open access journals that you wanted to publish in, has there been a proliferation of journals that have opened things up for you?
"There definitely has been a proliferation. It’s not affected me personally as much as it might have done because palaeontology has always been somewhat ahead of the field in open access. I’ve got more choices now than I had before, but ever since I started publishing there have been good open access places to put my papers.
It varies enormously between different fields. So chemists, for example, have a much harder time finding somewhere appropriate."
How about the level of debate in recent times and the extent of awareness of open access?
"A few years ago there was a whole series of articles, particularly in the Guardian, but also the Independent, Telegraph and all sorts of other mainstream publications, looking at open access issues. I think that was really important in gradually shifting the views of a lot of people, making it an issue that became difficult to ignore. So I’m really happy about that.
Having said that, the quality of debate is sometimes not all we might to ask for."
How might open access progress?
"The neuroscientist Bjorn Brembs talks about building a completely new infrastructure that takes full advantage of the technological advances we’ve seen since we first started putting paper journals on the internet. He would like to do something dramatically different in areas such as dynamic illustrations – and he's done this with one or two of his own papers - where you can fiddle with the data and the tables and see the graphs and the paper updating in real time, showing how it would come out differently if various things happened.
All of this kind of thing feels terribly futuristic to us but it really isn’t, of course, it’s just the kind of stuff, that outside of academia, is happening all the while on the internet.
Bizarrely, we're in a situation where, although the world wide web was created primarily for enabling the free sharing of scholarly publications, scholarly publications is behind almost any other field of endeavour in taking advantage of the internet.
Bjorn Brembs’ new infrastructure solution is not a particularly difficult thing to do, technically, and the cost would be tiny compared with what we throw away in subscriptions every year."
Is it important for the community to own its infrastructure?
"I think that’s crucial. Geoffrey Bilder, Jennifer Lin and Cameron Neylon wrote an important paper, Principles for Open Scholarly Infrastructures, that lays this out in terms of the social structure of an organisation and what kind of contractual or legal things can be put in around it to ensure that remains it open. They've really thought it through in detail.
Geoff Bilder works at CrossRef, which exemplifies most of those principles very effectively, despite being funded by publishers. CrossRef has done a fantastic job of maintaining its independence because it nailed down these principles very early on. Whatever we build absolutely needs these considerations, from having open software to financial firewalls between various parts of the organisation."
What’s holding back infrastructure development?
"The real problem, of course, as always, is not the technical one, it’s the social one. How do you persuade people to turn away from the brands that they’ve become comfortable with?
We really are only talking about brands, the value of publishing in, say, a big name journal rather than publishing in a preprint repository. It is nothing to do with the value of the research that gets published. It’s like buying a pair of jeans that are ten times as expensive as the exact same pair of jeans in Marks and Spencer because you want to get the ones that have an expensive label. Now ask why we’re so stupid that we care about the labels."
OK, why are we so stupid that we care about the labels?
"It’s because we are tied into this ridiculous way of assessing people in the academic world. So a researcher who does very, very good work but publishes that work in, say, PLOS ONE will receive less academic credit for doing that than had he or she published a tiny super-summarised compressed version of the same work with one illustration all squeezed in, too small to see, and got it into Science or Nature.
The work itself is the same but the exposition of the work is objectively less good in every way and yet, because of the Science or Nature label, that person will have better prospects for getting a job or promotion or whatever it might be and that’s insane.
So we’re in a system that has extremely perverse incentives and that teaches scholars to present their work in the least useful possible way because that’s what we reward them for doing."
Which is ridiculous?
"It really is. Ultimately, I think all of our problems come down to cultural inertia. But analysing it out to that doesn’t really get us very far because cultural inertia is an extremely difficult thing to deal with.
How can we bring about that kind of level of culture change, and get university administrators and research committees and everybody else to recognise the valuable work that is published in objectively good venues, that are open access, that have no arbitrary length limits, that allow large full-colour illustrations and supplementary video and all the other good stuff?
How do we get people to recognise the value of that in a way that helps them get the jobs and promotions?"
Open Access Week takes place between 24-30 October 2016.
via Jisc news
The recent Diamond Review has reformed higher education (HE) and financing for students in Wales, putting student and researcher experience under the microscope.
So now more than ever, it’s fundamental that students and researchers get a learning experience worth every penny. Jisc has been helping to improve this experience in several new endeavours that showcase why Wales is a trailblazer when it comes to sharing information and digital resources.
Times Higher recently reported that:
“A transformation of higher education funding in Wales could give it a “more attractive” system than England by creating “exceptionally generous” support for students’ living costs, funded by ending subsidies for tuition fees.”
If these reforms go ahead, Wales could be set to become an even more popular destination for HE students.
We also know from several surveys that access to digital resources are key to a successful HE experience. Jisc’s student digital experience tracker recently found that approximately three-quarters of HE students (78%) produce work in a digital format. Fortunate then, that Wales is so ahead of the game when it comes to accessing digital resources, thanks to the following recent outcomes.
In a groundbreaking achievement, as of autumn 2016 all universities in Wales, NHS libraries and the National Library of Wales, now share a single bilingual library management system (LMS). Students and researchers can search library collections throughout Wales in a consistent way for the first time, and it is envisaged that the platform will have the potential for a student in one university to access a resource at another.
In 2012, Jisc funded the Wales Higher Education Libraries Forum (WHELF) to undertake a feasibility study into having a shared LMS for Wales, and continue to support the shared LMS process for Wales. Collaboration is key in such a venture and Wales is a shining example of how partnership working can make a whole sector achieve an ideal.
At Cardiff and Swansea University Jisc’s new safe share pilot service has already been a great success, enabling competitive research by providing secure access to remote data. The service means that UK researchers can use and share sensitive health, biomedical and administrative data safely and securely by providing encrypted connections over Jisc’s Janet network, the UK’s national research and education network. The secure connection saves precious time and resources.
Simon Thompson, chief technology officer at Swansea University Medical School said:
“What safe share effectively does is run a managed service, so Jisc puts a firewall in an organisation then encrypts traffic so data can go from one place to another, where there will be another Jisc-owned firewall, which can decrypt the data once it arrives.
It's about making things easier on a per-project basis - this project is allowed to talk to an institution and access their datasets – and we can make requests on a more impromptu and flexible basis, because its managed by the system it is guaranteed that all the end points are secure.”
We’re in the information age where big data management is an expectation of consumers, and students and researchers are no different. In this respect, Wales is at the forefront of information sharing and setting an excellent example for those looking to follow in their digital footsteps.
via Jisc news
Earlier this year the University of Glasgow school of mathematics and statistics won The Herald Higher Education Awards category for Innovation Technology Excellence. These awards celebrate the best and brightest in higher education in Scotland, with the school commended for its innovative digital approach to providing students with continuous feedback.
In this podcast, we speak to the university's Professor Tara Brendle, Professor Ian Strachan and Dr Andrew Wilson to find out more.
via Jisc news