http://roar.uel.ac.uk/jspui The DSpace digital repository system captures, stores, indexes, preserves, and distributes digital research material. Search the Channel search http://roar.uel.ac.uk/jspui/simple-search http://hdl.handle.net/10552/1594 Title: Diagnosing norovirus-associated infectious intestinal disease using viral load <br/> <br/>Authors: Phillips, Gemma <br/> <br/>Abstract: Background: Reverse transcription-polymerase chain reaction (RT-PCR) is the main method for laboratory diagnosis of norovirus-associated infectious intestinal disease (IID). However, up to 16% of healthy individuals in the community, with no recent history of IID, may be RT-PCR positive; so it is unclear whether norovirus is actually the cause of illness in an IID case when they are RT-PCR positive. It is important to identify the pathogen causing illness in sporadic IID cases, for clinical management and for community based incidence studies. The aim of this study was to investigate how faecal viral load can be used to determine when norovirus is the most likely cause of illness in an IID case. Methods: Real-time RT-PCR was used to determine the viral load in faecal specimens collected from 589 IID cases and 159 healthy controls, who were infected with genogroup II noroviruses. Cycle threshold (Ct) values from the real-time RT-PCR were used as a proxy measure of viral load. Receiver-operating characteristic (ROC) analysis was used to identify a cut-off in viral load for attributing illness to norovirus in IID cases. Results: One hundred and sixty-nine IID cases and 159 controls met the inclusion criteria for the ROC analysis. The optimal Ct value cut-off for attributing IID to norovirus was 31. The same cutoff was selected when using healthy controls, or IID cases who were positive by culture for bacterial pathogens, as the reference negative group. This alternative reference negative group can be identified amongst specimens routinely received in clinical virology laboratories. Conclusion: We demonstrated that ROC analysis can be used to select a cut-off for a norovirus real time RT-PCR assay, to aid clinical interpretation and diagnose when norovirus is the cause of IID. Specimens routinely received for diagnosis in clinical virology laboratories can be used to select an appropriate cut-off. Individual laboratories can use this method to define in-house cut-offs for their assays, to provide the best possible diagnostic service to clinicians and public health workers. Other clinical and epidemiological information should also be considered for patients with Ct values close to the cut-off, for the most accurate diagnosis of IID aetiology. Wed, 13 May 2009 22:58:59 GMT http://hdl.handle.net/10552/1593 Title: Asymptomatic Rotavirus Infections in England: Prevalence, Characteristics, and Risk Factors <br/> <br/>Authors: Phillips, Gemma <br/> <br/>Abstract: Rotavirus is a major cause of infectious intestinal disease in young children; a substantial prevalence of asymptomatic infection has been reported across all age groups. In this study, the authors determined characteristics of asymptomatic rotavirus infection and potential risk factors for infection. Healthy persons were recruited at random from the general population of England during the Study of Infectious Intestinal Disease in England (1993–1996). Rotavirus infection was identified using reverse-transcription polymerase chain reaction. Multivariable logistic regression was used to compare exposures reported by participants with rotavirus infection with those of participants who tested negative. Multiple imputation was used to account for missing responses in the data set. The age-adjusted prevalence of asymptomatic rotavirus infection was 11%; prevalence was highest in children under age 18 years. Attendance at day care was a risk factor for asymptomatic rotavirus infection in children under age 5 years; living in a household with a baby that was still in diapers was a risk factor in older adults. The results suggest that asymptomatic rotavirus infection is transmitted through the same route as rotavirus infectious intestinal disease: person-to-person contact. More work is needed to understand the role of asymptomatic infections in transmission leading to rotavirus disease. Tue, 13 Apr 2010 22:58:59 GMT http://hdl.handle.net/10552/1592 Title: Risk factors for symptomatic and asymptomatic norovirus infection in the community <br/> <br/>Authors: Phillips, Gemma <br/> <br/>Abstract: The objective of this study was to investigate risk factors for norovirus-associated infectious intestinal disease (IID) and asymptomatic norovirus infection. Individuals with IID and healthy controls were recruited in a community-based study in England (1993–1996). This is the first risk-factor study to use viral load measurements, generated by real-time RT–PCR, to identify cases of norovirus-associated IID and asymptomatic infections. Using multivariable logistic regression the main risk factor identified for norovirus-associated IID was contact with a person with IID symptoms. Infectious contacts accounted for 54% of norovirus cases in young children and 39% of norovirus cases in older children and adults. For young children, contacts outside the household presented the highest risk ; for older children and adults, the highest risk was associated with child contacts inside the household. Foreign travel and consumption of shellfish increased the risk of norovirus-associated IID. Lifestyle and dietary factors were associated with a decreased risk of both norovirus-associated IID and asymptomatic infection. No risk factors were identified for asymptomatic norovirus infection. Sun, 28 Nov 2010 22:58:59 GMT http://hdl.handle.net/10552/1591 Title: The effectiveness of M-health technologies for improving health and health services: a systematic review protocol <br/> <br/>Authors: Phillips, Gemma <br/> <br/>Abstract: Background: The application of mobile computing and communication technology is rapidly expanding in the fields of health care and public health. This systematic review will summarise the evidence for the effectiveness of mobile technology interventions for improving health and health service outcomes (M-health) around the world. Findings: To be included in the review interventions must aim to improve or promote health or health service use and quality, employing any mobile computing and communication technology. This includes: (1) interventions designed to improve diagnosis, investigation, treatment, monitoring and management of disease; (2) interventions to deliver treatment or disease management programmes to patients, health promotion interventions, and interventions designed to improve treatment compliance; and (3) interventions to improve health care processes e.g. appointment attendance, result notification, vaccination reminders. A comprehensive, electronic search strategy will be used to identify controlled studies, published since 1990, and indexed in MEDLINE, EMBASE, PsycINFO, Global Health, Web of Science, the Cochrane Library, or the UK NHS Health Technology Assessment database. The search strategy will include terms (and synonyms) for the following mobile electronic devices (MEDs) and a range of compatible media: mobile phone; personal digital assistant (PDA); handheld computer (e.g. tablet PC); PDA phone (e.g. BlackBerry, Palm Pilot); Smartphone; enterprise digital assistant; portable media player (i.e. MP3 or MP4 player); handheld video game console. No terms for health or health service outcomes will be included, to ensure that all applications of mobile technology in public health and health services are identified. Bibliographies of primary studies and review articles meeting the inclusion criteria will be searched manually to identify further eligible studies. Data on objective and self-reported outcomes and study quality will be independently extracted by two review authors. Where there are sufficient numbers of similar interventions, we will calculate and report pooled risk ratios or standardised mean differences using meta-analysis. Discussion: This systematic review will provide recommendations on the use of mobile computing and communication technology in health care and public health and will guide future work on intervention development and primary research in this field. Tue, 05 Oct 2010 22:58:59 GMT http://hdl.handle.net/10552/1590 Title: The influence of environmental factors on the generalisability of public health research evidence: physical activity as a worked example <br/> <br/>Authors: Watts, Paul; Phillips, Gemma; Harden, Angela; Renton, Adrian <br/> <br/>Abstract: Background: It is rare that decisions about investing in public health interventions in a city, town or other location can be informed by research generated in that specific place. It is therefore necessary to base decisions on evidence generated elsewhere and to make inferences about the extent to which this evidence is generalisable to the place of interest. In this paper we discuss the issues involved in making such inferences, using physical activity as an example. We discuss the ways in which elements of the structural, physical, social and/or cultural environment (environmental factors [EFs]) can shape physical activity (PA) and also how EFs may influence the effectiveness of interventions that aim to promote PA. We then highlight the ways in which EFs may impact on the generalisability of different types of evidence. Discussion: We present a framework for thinking about the influence of EFs when assessing the generalisability of evidence from the location in which the evidence was generated (place A) to the location to which the evidence is to be applied (place B). The framework relates to similarities and differences between place A and place B with respect to: a) the distributions of EFs; b) the causal pathways through which EFs or interventions are thought to exert their effect on PA and c) the ways in which EFs interact with each other. We suggest, using examples, how this scheme can be used by public health professionals who are designing, executing, reporting and synthesising research on PA; or designing/implementing interventions. Summary: Our analysis and scheme, although developed for physical activity, may potentially be adapted and applied to other evidence and interventions which are likely to be sensitive to influence by elements of the structural, physical, social and/or cultural environment such as the epidemiology of obesity and healthy weight promotion. Tue, 15 Nov 2011 22:58:59 GMT http://hdl.handle.net/10552/1589 Title: Community Incidence of Norovirus-associated Infectious Intestinal Disease in England: Improved Estimates Using Viral Load for Norovirus Diagnosis <br/> <br/>Authors: Phillips, Gemma <br/> <br/>Abstract: Existing estimates of the incidence of infectious intestinal disease (IID) caused by norovirus are based on electron microscopy or reverse transcription-polymerase chain reaction (RT-PCR). Neither method accurately represents norovirus disease burden: Electron microscopy has poor diagnostic sensitivity, and RT-PCR has poor diagnostic specificity. In this study, viral load measurements were used to identify cases of norovirus-associated IID and to produce new incidence estimates for England. IID cases were ascertained in the Study of Infectious Intestinal Disease in England (1993–1996), and stool specimens were tested by semiquantitative real-time RTPCR for norovirus. The age-adjusted community incidence of norovirus-associated IID was 4.5/100 person-years (95% credibility interval: 3.8, 5.2), equating to 2 million episodes/year. Among children aged less than 5 years, the community incidence was 21.4/100 person-years (95% credibility interval: 15.9, 27.7), and the incidence of consultations to general practitioners for norovirus-associated IID was 3.2/100 person-years (95% credibility interval: 2.6, 3.8), with 100,000 children visiting their general practitioner for norovirus-associated IID each year. Norovirus is the most common cause of IID in the community in England and is responsible for a similar number of pediatric primary care consultations as rotavirus. Wed, 31 Mar 2010 22:58:59 GMT http://hdl.handle.net/10552/1588 Title: Prevalence and characteristics of asymptomatic norovirus infection in the community in England <br/> <br/>Authors: Phillips, Gemma <br/> <br/>Abstract: Norovirus is a major cause of infectious intestinal disease, and a substantial prevalence of asymptomatic infection has been reported. We describe the prevalence, seasonality and characteristics of asymptomatic norovirus infection in England. Healthy individuals were recruited at random from the general population during the Study of Infectious Intestinal Disease (1993–1996). Norovirus was identified using real-time RT–PCR. The age-adjusted prevalence of asymptomatic norovirus infection was 12%; prevalence was highest in children aged <5 years and showed wintertime seasonality. More work is needed to understand whether asymptomatic infections are important for norovirus transmission leading to sporadic illness and outbreaks. Tue, 02 Mar 2010 22:58:59 GMT http://hdl.handle.net/10552/1587 Title: Cannabis-related deficits in real-world memory <br/> <br/>Authors: Jansari, Ashok <br/> <br/>Abstract: Background Research shows that cannabis users exhibit deficits in prospective memory (PM) and executive function, which persist beyond acute intoxication. However, many studies rely on self-reports of memory failures or use laboratory-based measures that may not mimic functional deficits in the real world. The present study aimed to assess real-world memory functioning. Method Twenty cannabis-only users and 20 non-illicit drug users were recruited. Participants completed a substance use inventory and a mood scale, followed by a non-immersive virtual reality task assessing PM and executive functioning. The task involved the participant playing the role of an office worker for the day and performing routine office duties. A number of subscales were used to assess facets of executive function (planning, adaptive thinking, creative thinking, selection, prioritisation) and PM (time-based, event-based and action-based PM). Results Multivariate analysis of variance revealed cannabis users performed worse overall on the task, with poor performance on the planning, time-based PM and event-based PM subscales. In addition, indices of cannabis (length, dose, frequency, total use) were correlated with performance on these three subscales. Conclusions The present study expands on previously established research, providing support for the cannabis-related deficits in PM and executive functioning, and the role of different aspects of cannabis use in these deficits. Mon, 27 Feb 2012 22:58:59 GMT http://hdl.handle.net/10552/1586 Title: Human Factors in Software Security Risk Management <br/> <br/>Authors: Islam, Shareeful <br/> <br/>Abstract: All kinds of human factors can deeply affect the results and efficiency of software risk management. This paper focuses on our ongoing work of studying human factors in security risk management. The human factors are identified and classified for the categories of individual, team, management and stakeholder, as well as for the activities of security risk identification, analysis and mitigation. Then some considerations and recommendations for mitigating these factors and risks are presented, and the generic framework of evolving them into the secure software architecture is also figured. Mon, 29 Oct 2007 22:58:59 GMT http://hdl.handle.net/10552/1585 Title: Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint <br/> <br/>Authors: Islam, Shareeful <br/> <br/>Abstract: Reducing production cost is vital for ensuring sustainable competitive strength. This is particularly true in software development, in which there has been a move from in-house development to global and now also to offshore-outsourced software development. In offshore outsourcing, development activities are mostoften moved to low-cost development environments that are locally managed. However, this type of outsourcing is not without problems. Most development projects are complex, and moving control and responsibility away from the client increase complexity. But, there is a trade-off between cost and complexity and control, as well as an increased chance of failure of the project. This paper contributes to identify the goals from the early development components and risk factors threatening the goals to fulfill. A goal-driven software development risk management modeling (GSRM) propose to supports this task. We conducted a study based on Delphi survey process to obtain the goals and the risk factors in a different cultural environment for the offshore vendors in Bangladesh Wed, 29 Oct 2008 22:58:59 GMT http://hdl.handle.net/10552/1584 Title: Software Development Risk Management Model – A Goal Driven Approach <br/> <br/>Authors: Islam, Shareeful <br/> <br/>Abstract: Software development project is often faced with unanticipated problems which pose any potential risks within the development environment. Controlling these risks arises from both the technical and non-technical development components already from the early stages of the development is crucial to arrive at a successful project. Therefore, software development risk management is becoming recognized as a best practice in the software industry for reducing these risks before they occur. This thesis contributes for a goal-driven software development risk management model to assess and manage software development risk within requirement engineering phase. Wed, 29 Oct 2008 22:58:59 GMT http://hdl.handle.net/10552/1583 Title: Offshore-Outsourced Software Development Risk Management Model <br/> <br/>Authors: Islam, Shareeful <br/> <br/>Abstract: Offshore-outsourced software development is gaining popularity because companies are continuously forced to reduce production costs while keeping sustainable competitive strength. However, this trend of software development increases projects’ complexity and brings up risks to the overall project environment. Therefore, risks of offshore software development require to be managed as early as possible for a successful project. This paper considers a risk management model from a holistic perspective to manage offshore software development risk, integrated into early stages of development. The approach effectively identifies and specifies the goals of a project and the related risk factors. This is done at the basis of selected software development components within the running project. We show how to trace and control these risks already during early requirements engineering activities. The model at hand is implemented into an ongoing offshore software development project to (1) identify goals and risk factors from the local context and finally (2) to determine its applicability of the approach in offshore software development projects from a vendor’s perspective. Wed, 29 Oct 2008 22:58:59 GMT http://hdl.handle.net/10552/1582 Title: Integrating Risk Management Activities into Requirements Engineering <br/> <br/>Authors: Islam, Shareeful <br/> <br/>Abstract: Software projects are often faced with unanticipated problems caused by e.g. changes in the development environment resulting in delays or threatening the ability of the project to succeed. Managing these uncertainties is a challenging task at all phases of the development, but nevertheless crucial in controlling schedule and costs. Therefore software development risks need to be controlled as early as possible. As software development risks are not merely of technical nature it is equally important to tackle non-technical risks. The paper presents a goal-driven software development risk management model (GSRM) that takes a holistic view on development, taking both technical and non-technical development components into consideration. The focus of the paper is on how to integrate GSRM and particularly the holistic risk perspective into requirements engineering. GSRM effectively identifies and makes explicit the critical project goals (for arriving at a successful project) and the risk factors that may obstruct these goals. GSRM also helps in planning how to employ control actions for mitigating risks and by that increase the ability to meet project goals. The integrated requirements engineering risk management model has been applied to an on-going development project in a low-cost development environment (Bangladesh). The result showed it to be relatively trivial to integrate the model into requirements engineering activities and that the model did indeed contribute to the overall project success. Wed, 07 Jul 2010 22:58:59 GMT http://hdl.handle.net/10552/1581 Title: Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations <br/> <br/>Authors: Islam, Shareeful; Mouratidis, Haralambos <br/> <br/>Abstract: [Context and motivation] The increasing demand of software systems to process and manage sensitive information has led to the need that software systems should comply with relevant laws and regulations, which enforce the privacy and other aspects of the stored information. [Question/problem] However, the task is challenging because concepts and terminology used for requirements engineering are mostly different to those used in the legal domain and there is a lack of appropriate modelling languages and techniques to support such activities. [Principal ideas/results] The legislation need to be analysed and align with the system requirements. [Contribution] This paper motivates the need to introduce a framework to assist the elicitation and management of security and privacy requirements from relevant legislation and it briefly presents the foundations of such a framework along with an example. Thu, 29 Oct 2009 22:58:59 GMT http://hdl.handle.net/10552/1580 Title: Measuring Security Requirements for Software Security <br/> <br/>Authors: Islam, Shareeful; Falcarin, Paolo <br/> <br/>Abstract: For the last decade’s software security has gained attention by industries, experts and all other communities. Secure software is about mitigating risks from assets to achieve business goals. Security is highly depending on the context where software is deployed. But measuring software security even within a specific context is still not mature. This is because properties and metrics for measuring security are not properly defined and methods are lacking to provide a complete picture for measuring software security. Here we identify security requirements through asset based risk management process to describe soft ware security goal. Then based on the Goal-Question-Metric approach the identified security requirements are evaluated for measuring software security. Fri, 29 Oct 2010 22:58:59 GMT http://hdl.handle.net/10552/1579 Title: Supporting Requirements Engineers in Recognising Security Issues <br/> <br/>Authors: Islam, Shareeful <br/> <br/>Abstract: Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to nish on time and in budget. Principal ideas/results: In this paper, we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identi ed with help of a Bayesian classi er. Our results indicate that this is feasible, in particular if the classi er is trained with domain speci c data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a work ow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process.We discuss limitations and potential of this approach. Fri, 29 Oct 2010 22:58:59 GMT http://hdl.handle.net/10552/1578 Title: A CASE tool to support automated modelling and analysis of security requirements <br/> <br/>Authors: Pavlidis, Michalis; Islam, Shareeful; Mouratidis, Haralambos <br/> <br/>Abstract: Secure Tropos, an extension of the Tropos methodology, considers security requirements alongside functional requirements, from the early stages of the system development process. The Secure Tropos language uses security concepts such as security constraint, secure goal, secure plan, secure resource, and threat to capture the security concepts from both social and organisational settings. These concepts are used to model and reason about security for a specific system context. This paper presents a CASE tool, called SecTro, which supports automated modelling and analysis of security requirements based on Secure Tropos. The tool’s architecture, layout, and functionalities are demonstrated through a real world example using the Secure Tropos concepts. Sat, 29 Oct 2011 22:58:59 GMT http://hdl.handle.net/10552/1577 Title: Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec <br/> <br/>Authors: Islam, Shareeful <br/> <br/>Abstract: Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams, and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 (Common Criteria) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the Common Criteria. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the Common Criteria and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design,which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the Common Criteria, the heuristic requirements editorHeRA, andUMLsec. SecReqmakes systematic use of the security engineering knowledge contained in the Common Criteria and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the Common Criteria, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experiencewithin SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution. Wed, 29 Oct 2008 22:58:59 GMT http://hdl.handle.net/10552/1576 Title: Towards a Framework for Offshore Outsource Software Development Risk Management Model <br/> <br/>Authors: Islam, Shareeful <br/> <br/>Abstract: Due to high demands on cost savings in software development projects, offshore outsource software development is becoming increasingly popular. Offshore outsourcing takes advantages of large labor pool in lowwage countries, round-the-clock development, and easy access to additional resources, in addition to the development cost savings. However, there are risks associated to this trend, as it brings new challenges into the development process, where some may even jeopardise the cost savings. The geographical and cultural distance is one part of the problem, inexperienced developers and lack of communication and a common cultural basis are other challenges. We therefore advocate the use of risk management (RM) to control risks in offshore outsource development. Here we present a RM framework tailored for such development contexts. The model; Goal-driven Software Development Risk Management modelling (GSRM) framework, assesses and manages risk during the early development phases, where risks can easier be tackled at a reasonable cost. The framework is comprised of four layers that together identify and link project goals, risks and treatments together in a goal-risk causal relationship model. The goal model makes use of an extended subset of the KAOS goal modelling language. We report on a study project focusing on the efficiency of the GSRM process model. Fri, 29 Oct 2010 22:58:59 GMT http://hdl.handle.net/10552/1575 Title: A Framework to Support Alignment of Secure Software Engineering with Legal Regulations <br/> <br/>Authors: Islam, Shareeful; Mouratidis, Haralambos <br/> <br/>Abstract: Regulation compliance is getting more and more important for software systems that process and manage sensitive information. Therefore, identifying and analysing relevant legal regulations and aligning them with security requirements become necessary for the effective development of secure software systems. Nevertheless, Secure Software Engineering Modelling Languages (SSEML) use different concepts and terminology from those used in the legal domain for the description of legal regulations. This situation, together with the lack of appropriate background and knowledge of laws and regulations, introduces a challenge for software developers. In particular, it makes difficult to perform (i) the elicitation of appropriate security requirements from the relevant laws and regulations; and (ii) the correct tracing of the security requirements throughout the development stages. This paper presents a framework to support the consideration of laws and regulations during the development of secure software systems. In particular, the framework enables software developers (i) to correctly elicit security requirements from the appropriate laws and regulations; and (ii) to trace these requirements throughout the development stages in order to ensure that the design indeed supports the required laws and regulations. Our framework is based on existing work from the area of secure software engineering, and it complements this work with a novel and structured process and a well-defined method. A practical case study is employed to demonstrate the applicability of our work. Thu, 29 Oct 2009 22:58:59 GMT