Merge remote-tracking branch 'origin/main' into cansavvy/test

fhdsl · Oct 1, 2024 · cd20402 · cd20402
2 parents f69e080 + 517bc67
commit cd20402
Show file tree

Hide file tree

Showing 7 changed files with 39 additions and 27 deletions.
diff --git a/02-Data_Privacy.Rmd b/02-Data_Privacy.Rmd
@@ -167,7 +167,7 @@ ottrpal::include_slide("https://docs.google.com/presentation/d/1SRokLaGAc2hiwJSN
 
 <!-- GINA is critical to the well-being of research participants, however this does not nullify the benefits and necessity of data sharing. Indeed both things are true: genetic data is sensitive and its protection is imperative *but* for research to benefit society and reach cures data sharing is also critical. -->
 
-<!-- So what does GINA mean in terms of data sharing? The principle of [least privilege](https://jhudatascience.org/Ethical_Data_Handling_for_Cancer_Research/data-security.html#the-principal-of-least-privilege) discussed in the previous security chapter still applies. -->
+<!-- So what does GINA mean in terms of data sharing? The principle of [least privilege](https://hutchdatascience.org/Ethical_Data_Handling_for_Cancer_Research/data-security.html#the-principle-of-least-privilege) discussed in the previous security chapter still applies. -->
 
 <!-- For many genetic data types a controlled access database is the appropriate solution to balance data sharing while maintaining the security of these data. One such database is dbGaP. dbGaP holds genetic dataset information but for individuals to gain access, they must apply and explain how their project and access will be of benefit. More details about how these applications for access are [described here](https://www.ncbi.nlm.nih.gov/projects/gap/cgi-bin/GetPdf.cgi?document_name=GeneralAAInstructions.pdf). -->
 

diff --git a/03-Data_Security.Rmd b/03-Data_Security.Rmd
@@ -350,7 +350,7 @@ Avoid clicking on links in emails as much as possible! If you know that your col
 
 An example of these types of phishing methods is if your colleague hasn't told you that he is sending a Google doc link and you receive an email from him with a link, then do not click it before verifying that the person really intended to send it. Yet another example is if an administrator sends you a link for you to update your password. Typically they will instead have you go to whatever portal you need to go to manually on your own to update your password. **Keep in mind that phishing criminals can make the emails look very legitimate!**
 
-Here is a [real example](https://www.csun.edu/it/phishing-examples) of a such a phishing email from California State University Northridge:
+Here is a [real example](https://w2.csun.edu/it/information-security/information-security-tips/avoid-fraudulent-email-messages/phishing-examples) of a such a phishing email from California State University Northridge:
 
 
 <div class = "email">
@@ -383,7 +383,7 @@ If someone asks for your credentials or personal information, you should be espe
 
 Often phishers will create a false urgent situation to trick you into clicking a link or giving information.
 
-Here is a [real example](https://www.csun.edu/it/phishing-examples) of a such a phishing email from California State University Northridge:
+Here is a [real example](https://w2.csun.edu/it/information-security/information-security-tips/avoid-fraudulent-email-messages/phishing-examples) of a such a phishing email from California State University Northridge:
 
 
 <div class = "email">

diff --git a/04-Data_Sharing.Rmd b/04-Data_Sharing.Rmd
@@ -159,7 +159,7 @@ There are several things to keep in mind when using REDCap to ensure that data p
 
 1) Roles
 
-REDCap allows for various roles to be established for users on a project. Thus access to certain data and tasks can be restricted to certain individuals. As described previously, according to the Principal of Least Privilege, it is a good idea to restrict access to the smallest number of individuals necessary. 
+REDCap allows for various roles to be established for users on a project. Thus access to certain data and tasks can be restricted to certain individuals. As described previously, according to the Principle of Least Privilege, it is a good idea to restrict access to the smallest number of individuals necessary. 
 
 You can modify roles using the `User Rights` menu.
 
@@ -177,7 +177,7 @@ Roles should be verified by your institutional review board (IRB) before beginni
 
 2) Reports
 
-Reports that are exported can be customized to only show data that should be shared with the individual that you plan to share with. Please see the section on [de-identification](https://jhudatascience.org/Ethical_Data_Handling_for_Cancer_Research/data-security.html#de-identification) to better understand what data you might want to be restrictive about sharing. Again, the way you intend to share your data should be reviewed by your IRB before you begin your study.
+Reports that are exported can be customized to only show data that should be shared with the individual that you plan to share with. Please see the section on [de-identification](https://hutchdatascience.org/Ethical_Data_Handling_for_Cancer_Research/data-security.html#de-identification) to better understand what data you might want to be restrictive about sharing. Again, the way you intend to share your data should be reviewed by your IRB before you begin your study.
 
 For example, you might remove the dates from the following report:
 

diff --git a/05-Data_Ethics.Rmd b/05-Data_Ethics.Rmd
@@ -8,7 +8,7 @@ ottrpal::set_knitr_image_path()
 
 Now that we have covered the basics of data management, we will take a moment to consider and reflect on the implications of our use and sharing of data.
 
-```{r, fig.align='center', echo = FALSE, fig.alt= "Learning Objectives: 1. Recognize that the process of ethical data handling happens long before a study and long after. 2. Describe the general considerations for data ethics. 3. Recognize where these considerations come from in the history of research. 4. Understand the consequences of irresponsible research.", out.width="100%"}
+```{r, fig.align='center', echo = FALSE, fig.alt= "Learning Objectives: 1. Recognize that the process of ethical data handling happens long before a study and long after. 2. Describe the general considerations for data ethics. 3. Recognize where these considerations come from in the history of research. 4. Explain some of the consequences of irresponsible research.", out.width="100%"}
 ottrpal::include_slide("https://docs.google.com/presentation/d/1SRokLaGAc2hiwJSN26FHE0ZEEhPr3KQdyMICic8kAcs/edit#slide=id.g11ef3a2f2bf_0_4")
 ```
 
@@ -59,7 +59,11 @@ Overall there is a continuum of risk across the various types of data that we as
 ottrpal::include_slide("https://docs.google.com/presentation/d/1SRokLaGAc2hiwJSN26FHE0ZEEhPr3KQdyMICic8kAcs/edit#slide=id.g302b08a6790_0_0")
 ```
 
-Note that recent technology advances in AI, show that chest X-ray images can now re-identify individuals (@packhauser_deep_2022). In addition, some histopathology images are also re-identifiable, see @ganz_re-identification_2025 for guidance about how to share images more safely. These suggestions may be out-of-date or may not be in alignment with institutional regulations, so please consult with experts at your organization. 
+Note that recent technology advances in AI, show that chest X-ray images can now re-identify individuals (@packhauser_deep_2022). In addition, some histopathology images are also re-identifiable, see @ganz_re-identification_2025 for guidance about how to share images more safely. 
+
+:::warning
+By the time you read these suggestions, they may be out-of-date or they may not be in alignment with institutional regulations, so please consult with experts at your organization. 
+:::
 
 ### Why does it mater that research subjects might be identifiable to others?
 
@@ -234,7 +238,7 @@ See [here](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2280818/pdf/canfamphys00
 
 ### Declaration of Helsinki (1964)
 
-The [Declaration of Helsinki](https://www.wma.net/what-we-do/medical-ethics/declaration-of-helsinki/) was published by the World Medical Association (WMA) and is considered "the world’s most widely recognized ethical principle for medical research involving humans" [@kurihara_declaration_2024]. It describes a set of principals for "medical research involving human subjects, including research on identifiable human material and data." It has been amended several times and the WMA aims to keep it up to date.
+The [Declaration of Helsinki](https://www.wma.net/what-we-do/medical-ethics/declaration-of-helsinki/) was published by the World Medical Association (WMA) and is considered "the world’s most widely recognized ethical principle for medical research involving humans" [@kurihara_declaration_2024]. It describes a set of principles for "medical research involving human subjects, including research on identifiable human material and data." It has been amended several times and the WMA aims to keep it up to date.
 
 It outlines that research subjects welfare is the priority, that they have a right to self determination and the right to informed consent. Risks and benefits should be carefully considered and research should be discontinued if risks are determined to be to high [@wma_1964].
 
@@ -254,7 +258,7 @@ The [Belmont Report](https://www.hhs.gov/ohrp/sites/default/files/the-belmont-re
 
 Here we briefly describe some of the major aspects of the report [@belmont_1979].
 
-There are 3 ethical principals defined:
+There are 3 ethical principles defined:
 
 1) Respect for Persons
 
@@ -270,7 +274,7 @@ Benefits and burdens of research should be distributed equally.
 
 > Justice demands both that these not provide advantages only to those who can afford them and that such research should not unduly involve persons from groups unlikely to be among the beneficiaries of subsequent applications of the research [@belmont_1979]
 
-The application of these principals should involve the following:
+The application of these principles should involve the following:
 
 1) Informed Consent
 

diff --git a/06-Current_Data_Concerns.Rmd b/06-Current_Data_Concerns.Rmd
@@ -8,7 +8,7 @@ ottrpal::set_knitr_image_path()
 
 Given rapid changes in technology, data ethics is also rapidly evolving. Now we cover some of the current concerns for cancer research.
 
-```{r, fig.align='center', echo = FALSE, fig.alt= "Learning Objectives:  1. Understand what the current ethical dilemmas are in the current climate of biomedical research 2. Be aware of methods for mitigating current ethical issues to protect both the participants in your research and others. ", out.width="100%"}
+```{r, fig.align='center', echo = FALSE, fig.alt= "Learning Objectives:  1. Eplain what some of the current ethical dilemmas are in the current climate of biomedical research 2. Recognize methods for mitigating current ethical issues to protect both the participants in your research and others. ", out.width="100%"}
 ottrpal::include_slide("https://docs.google.com/presentation/d/1SRokLaGAc2hiwJSN26FHE0ZEEhPr3KQdyMICic8kAcs/edit#slide=id.g256fece0af0_0_184")
 ```
 

diff --git a/About.Rmd b/About.Rmd
@@ -15,31 +15,39 @@ These credits are based on our [course contributors table guidelines](https://gi
 |Credits|Names| 
 |-------|-----|
 |**Pedagogy**||
-|Lead Content Instructor|[Carrie Wright](https://carriewright11.github.io)|
-|Content Contributors|[Candace Savonen](https://www.cansavvy.com/) (sections of Data Sharing, Data Security, Data Ethics, and quizzes)|
-|Content Editors/Reviewers|[Candace Savonen](https://www.cansavvy.com/), [Jeff Leek](https://jtleek.com/), [Jodyn Platt](https://sph.umich.edu/faculty-profiles/platt-jodyn.html)|
-|Content Directors| [Jeff Leek](https://jtleek.com/)|
-|Content Consultant (General)| [Elana Fertig](https://fertiglab.com/)|
+|Lead Content Instructor|[Carrie Wright]|
+|Content Contributors|[Candace Savonen] (sections of Data Sharing, Data Security, Data Ethics, and Coursera/Leanpub quizzes), [Kate Isaac] (Coursera practice quizzes)|
+|Content Editors/Reviewers|[Candace Savonen], [Jeff Leek], [Jodyn Platt]|
+|Content Directors| [Jeff Leek]|
+|Content Consultant (General)| [Elana Fertig]|
 |Content Consultants (REDCap section)| Jennifer Durham|
 |Acknowledgments ||
 |**Production**||
-|Content Publisher|[Ira Gooding](https://publichealth.jhu.edu/faculty/4130/ira-gooding)|
-|Content Publishing Reviewers|[Ira Gooding](https://publichealth.jhu.edu/faculty/4130/ira-gooding), [Candace Savonen](https://www.cansavvy.com/)|
+|Content Publisher|[Kate Isaac]|
+|Content Publishing Reviewers|[Candace Savonen]|
 |**Technical**||
-|Course Publishing Engineer|[Carrie Wright](https://carriewright11.github.io/)|
-|Template Publishing Engineers|[Candace Savonen](https://www.cansavvy.com/), [Carrie Wright](https://carriewright11.github.io/) [Ava Hoffman]|
-|Publishing Maintenance Engineer|[Candace Savonen](https://www.cansavvy.com/)|
-|Technical Publishing Stylists|[Carrie Wright](https://carriewright11.github.io/), [Candace Savonen](https://www.cansavvy.com/)|
-|Package Developers ([ottrpal](https://github.com/jhudsl/ottrpal))|[John Muschelli](https://johnmuschelli.com/), [Candace Savonen](https://www.cansavvy.com/), [Carrie Wright](https://carriewright11.github.io/)|
+|Course Publishing Engineer|[Carrie Wright]|
+|Template Publishing Engineers|[Candace Savonen], [Carrie Wright], [Ava Hoffman]|
+|Publishing Maintenance Engineer|[Candace Savonen]|
+|Technical Publishing Stylists|[Carrie Wright], [Candace Savonen]|
+|Package Developers ([ottrpal](https://github.com/jhudsl/ottrpal))|[Candace Savonen], [John Muschelli], [Carrie Wright]|
 |**Art and Design**||
-|Illustrator|[Carrie Wright](https://carriewright11.github.io)|
+|Illustrator|[Carrie Wright]|
 |**Funding**||
 |Funder|[National Cancer Institute (NCI)](https://www.cancer.gov/) [UE5 CA254170](https://grantome.com/grant/NIH/UE5-CA254170-01)|
 |Funding Staff| [Sandra Ormbrek], [Shasta Nicholson] |
 
+[Carrie Wright]: https://carriewright11.github.io
+[Candace Savonen]: https://www.cansavvy.com/
+[Jeff Leek]: https://jtleek.com/
 [Ava Hoffman]: https://www.avahoffman.com/
 [Sandra Ormbrek]: https://hutchdatascience.org/ourteam/
 [Shasta Nicholson]: https://www.linkedin.com/in/shastanicholson/
+[Jodyn Platt]: https://sph.umich.edu/faculty-profiles/platt-jodyn.html
+[Elana Fertig]: https://fertiglab.com/
+[John Muschelli]: https://johnmuschelli.com/
+[Kate Isaac]: https://kweav.github.io/
+
 
 &nbsp;
 

diff --git a/docs/03-Data_Security.md b/docs/03-Data_Security.md
@@ -76,9 +76,9 @@ The `-` at the beginning indicates that the file is a regular file, the next 3 v
 There are commands to modify file permissions. If you are using a Unix-like system, you can modify permissions with the `chmod` command, which stands for "change mode" [@chmod].
 
 
-#### The principal of least privilege
+#### The principle of least privilege
 
-The principal of least privilege (PoLP) also called the principal of least authority specifies that users should only have access to the data or resources necessary to complete a task.
+The principle of least privilege (PoLP) also called the principle of least authority specifies that users should only have access to the data or resources necessary to complete a task.
 
 If someone does not need access to perform work, they should not be given access. Furthermore, if someone is given access to perform a task and they complete that task, access should then be removed from that person. Additionally, if someone only needs to read a file, then they do not need  access to modify the file. In this case a user can have read permissions but not write permissions. Ultimately this type of management leads to the least number of users having access to read or alter protected or sensitive data at a given time [@CISA_Least_Privilege; @Wikipedia_principle].
 
@@ -407,7 +407,7 @@ In summary, we covered issues related to data security in this chapter. We prese
 - Authentication is the process of verifying the identity of users and servers in a communication. Users provide their credentials (username and password), while servers present certificates to confirm their identity.
 - Authorization is the process of ensuring that someone has permission to access a file or computing resource in a particular way. 
 - In Unix-like systems, files have permissions for three types of users: owner, group users, and other users. These permissions include read, write, and execute privileges, and they are represented by letters (r, w, x) in file listings.
-- Principal of Least Privilege: This principle states that users should only have access to data or resources necessary to complete their tasks. Unnecessary access should be avoided, and privileges should be revoked when no longer needed.
+- Principle of Least Privilege: This principle states that users should only have access to data or resources necessary to complete their tasks. Unnecessary access should be avoided, and privileges should be revoked when no longer needed.
 - It is crucial to use secure WiFi networks and avoid public ones whenever possible. If necessary, use a Virtual Private Network (VPN) to enhance security while using public networks.
 - Strong passwords should be used, preferably in the form of sentences with symbols and numbers. Password managers like Keychain, Dashlane, or other services can help securely store passwords.
 - Computers use caching to store recent data for faster access. Clearing caches regularly is essential to avoid security risks and potential exposure of sensitive data.