The thrust of the Computer Security Plan

The thrust of the Computer Security Plan part of the Business Plan is to ensure that the information systems to be deployed by the company will be in line with of the strategic mission and vision of the company. In order to insure that the information technology infrastructure and resources will meet the requisite requirements of every strategic, tactical and operational plan, the company decided to start on the right footing by adapting the standards contained in the ISO/IEC 17799:2005 or specifically known as the Information Technology – Security Techniques – Code of Practice for Information Security Management. By purchasing the ISO 17799 Toolkit, the company can follow the roadmap for a more secure information systems environment, implement the policies contained in the toolkit, and eventually obtain ISO 17799 certification to add more value to the consulting business. Specifically, the company will initially address the following areas that require immediate attention: 1.User authentication methods and policies – This will be based on Section 11.1.1 of ISO 17799 wherein, â€Å"An access control policy should be established, documented, and reviewed based on business and security requirements for access. Access control rules and rights for each user or group of users should be clearly stated in an access control policy. Access controls are both logical and physical and these should be considered together. Users and service providers should be given a clear statement of the business requirements to be met by access controls.† 2.Desktop policies – This will be based on Sections 11.3.2 Unattended user equipment and 11.3.3 Clear desk and clear screen policy wherein, â€Å"Users should ensure that unattended equipment has appropriate protection. All users should be made aware of the security requirements and procedures for protecting unattended equipment, as well as their responsibilities for implementing such protection. Users should be advised to terminate active sessions when finished, unless they can be secured by an appropriate locking mechanism, e.g. a password protected screen saver; log-off mainframe computers, servers, and office PCs when the session is finished; secure PCs or terminals from unauthorized use by a key lock or an equivalent control. A clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities should be adopted.† 3.Remote user authentication methods and policies – This will be based on Section 11.4.2 User authentication for external users of ISO 17799 wherein, â€Å"Appropriate authentication methods should be used to control access by remote users. Authentication of remote users can be achieved using, for example, a cryptographic based technique, hardware tokens, or a challenge/response protocol. Possible implementations of such techniques can be found in various virtual private network (VPN) solutions. Dedicated private lines can also be used to provide assurance of the source of connections. Dial-back procedures and controls, e.g. using dial-back modems, can provide protection against unauthorized and unwanted connections to an organization's information processing facilities. This type of control authenticates users trying to establish a connection to an organization's network from remote locations.† 4.Password policy – This will be based on Section 11.3.1 Password use of ISO 17799 wherein, â€Å"Users should be required to follow good security practices in the selection and use of passwords. All users should be advised to keep passwords confidential; avoid keeping a paper or software record of passwords, unless this can be stored securely and the method of storing has been approved; change passwords whenever there is any indication of possible system or password compromise; select quality passwords with sufficient minimum length which are easy to remember; not based on anything somebody else could easily guess or obtain using person related information; not vulnerable to dictionary attacks; free of consecutive identical, all-numeric or all-alphabetic characters; change passwords at regular intervals or based on the number of accesses, and avoid re-using or cycling old passwords; change temporary passwords at the first log-on; not include passwords in any automated log-on process, not use the same password for business and non-business purposes.† 5.Communication process for email, secure file exchange via email – This will be based on Section 10.1.1 Documented operating procedures of ISO 17799 wherein, â€Å"Operating procedures should be documented, maintained, and made available to all users who need them. Documented procedures should be prepared for system activities associated with information processing and communication facilities, such as computer start-up and close-down procedures, backup, equipment maintenance, media handling, computer room and mail handling management, and safety. Operating procedures, and the documented procedures for system activities, should be treated as formal documents and changes authorized by management. Where technically feasible, information systems should be managed consistently, using the same procedures, tools, and utilities.† To further manage the information technology infrastructure and resources, the plan calls for the adoption of the â€Å"best-of-breed† approach by way of making certain that the building blocks of information security (Shaurette 2002) are fully exploited. These building blocks include the optimum use of security policies, authentication, access control, anti-virus/content filtering systems, virtual private networking (VPN)/encryption methodologies, vulnerability services consulting, intrusion protection system, and public key infrastructure (PKI)/certification authorities (CA)/digital signatures systems. This is considered to be the first step towards finding a technique for modeling and evaluating the security of a system (Stjerneby 2002).

Case Incident 2 Professional Sports: Rewarding?

Case Incident 2 PROFESSIONAL SPORTS: REWARDING AND PUNISHING THE SAME BEHAVIOUR QUESTION: 1. What type of reinforcement schedule does random drug testing represent? Is this type of schedule typically effective or ineffective? Answer: The type of reinforcement schedules that random drug testing represent is the variable interval type. As defined, this type of schedule occurs when a response is rewarded after an unpredictable amount of time has passed. In the case, the reinforcement schedule is done randomly and unexpected.It is typically effective because athletes not aware of the test and when these tests will be taken place. Therefore, athletes are unprepared. QUESTION: 2. What are some examples of behaviors in typical organization that supervisors reward that may actually be detrimental to others or to the organization as a whole? As a manager, what might you do to try to avoid quandary? Answer: It’s when the athletes are taking steroids. When athletes take steroids to enhan ce their performance abilities, they are misleading their managers and their fans.At first, they will be rewarded. Like they can earn more profit and increase their popularity, But in the end, when it is discovered that the athlete were taking steroids, he destroys his team’s reputation and of course his own reputation and also the loyalty the fans had for him. If I was a manager, what I might do in order to avoid this quandary, if I was made aware of someone using steroids, I would do a random drug testing as soon as possible instead of having the whole team suffer for that one insubordinate athlete. QUESTION: 3.If you were the commissioner of baseball, what steps would you take to try to reduce the use of steroids in baseball? Is punishment likely to be the most effective deterrent? Why or why not? Answer: Yes, punishment is the most effective deterrent. Because punishment is everyone’s scared of. It’s the only way how can they make their selves responsible. I f I were a baseball commissioner, I will enforce a policy that will monitor athlete’s condition regarding the usage of steroids and enforce heavy punishment for those athletes that will be caught using steroids

Amusement park dangers Essay

How many people have to die, or sustain serious injury from amusement park rides before the federal government steps in and regulates the amusement park industry? Rosy Esparza’s family had every right to believe that she would return from the Texas Giant roller coaster without harm or injury. However, Esparza fell to her death on the Texas Giant roller coaster at Six Flags Over Texas. Incidents like this are sadly becoming a more common event in the United States at amusement and waterparks. In fact, the number of fatalities per passenger mile on roller coasters is greater than the amount of tragedies on passenger trains, passenger buses, or passenger planes. These tragedies often occur because the rides are not independently inspected, inspections are not done frequently enough, accidents are not made public and the accidents are investigated by the parks. The federal government needs to create national safety standards for all rides at amusement parks, so that every amusement park patron can enjoy the park as it is intended without fear of injury or death. Less than three months after the death of Esparza the Texas Giant has been re-opened , and back in full operation. The roller coaster underwent extensive testing, and received approval from the Texas Department of Insurance to resume operations, however the findings of the testing are not available to the public due to ongoing litigation. Even though Texas Six Flags has claimed no fault for the Esparza accident; the park has added incremental and overlapping safety features. These safety features include redesigned restraint-bar pads and new seat belts. So the question is, are the department of insurance officials, who inspected this ride in the past, sufficient enough to make sure these rides are safe for future riders? Amusement park rides should be inspected by an independent third party, which has no financial interest in the amusement park. Having the insurance company inspect the rides is not sufficient; all rides should be investigated by inspectors with the mechanical aptitude to know if the ride is in proper working condition. The United States has trained safety inspectors for baby strollers, bikes, and motorized ride-on toys; shouldn’t rides that travel up to heights of 456 feet and at 128 miles per hour have safety inspectors also? Currently there are no federal regulations on amusement park rides, so there are no reliable national statistics of injuries on amusement park rides. Each state has its own regulations for amusement parks; some states do not have any regulations of amusement park rides. Many states do not have an inspection force and rely on insurance investigators to inspect and or approve these rides. However, most states do require the rides be inspected annually, but these regulations are not enforced. According to state records more than half of Pennsylvania’s permanent amusement parks and water parks did not turn in all of their required inspections. In fact, the state agency had no reports at all for 12 of the 117 state amusement and water parks. Following the death of a child on a roller coaster ride at Disney’s MGM studios in Orlando, Florida, lawmakers began the process of trying to pass the National Amusement Park Ride Safety Act. This act was introduced by Congressman Ed Markey, a Democrat from Massachusetts, in 2005. The act calls for fixed-site park rides to fall under the regulation act of the U. S. Consumer Product Safety Commission. The commission currently only oversees traveling carnival rides, because fixed-site theme park rides are exempt from federal oversight. Even though the fixed-site rides are rode more frequently than traveling carnival rides they are subject to less regulations. Many of these rides are operated hundreds of times a day, seven days per week but only inspected once during the year. There needs to be a regulation that all rides are to be inspected a minimum of quarterly to find any mechanical issues that may pose a danger to riders. Because some of these rides travel in excess of 100 miles per hour they should face similar safety standards as automobiles which do not travel at such a high rates of speed. Another issue with the absence of federal regulations among amusement park rides is that, when an accident or mechanical failure occurs, the parks are the ones conducting the investigation and the findings of the investigation are not made public. Also, if there is no media attention about the accident or mechanical failure, the accident is unknown to the public. The federal government should create a database for all amusement parks that includes all of the rides for each. The database should include all mechanical failures of all rides in the past 12 months, any accidents in the past 12 months and the last four quarterly inspections for the ride. That way, amusement park patrons can make informed decisions whether to go to certain amusement parks and ride particular rides. Amusement-park patrons should have the right to know the history of the park and all rides, prior to riding them. With all of the things that have federal regulations, it is hard to believe that amusement park rides do not have federal inspections and regulations. In an effort to ensure these rides are safe for the public to ride and enjoy, the federal government needs to establish national safety standards for all riders at amusement parks. If national safety standards and inspections can save the life of one person, aren’t they worth creating? Works Cited Moser, Jeff. â€Å"Family sues over Texas Giant death on the same day Six Flags says it will reopen ride. † The Dallas Morning News September 10, 2013: Newspaper Source. Web. 31 Oct. 2013 Pataro, Luca. â€Å"Scary rides, scary risks: more than 300 million people visit U. S. amusement facilities and safely enjoy 1. 8 billion rides each year. But for a small number of thrill-seekers, good times can become a matter of life and death. † Risk Management. Aug. 2007: 50+. Biography In Context. Web. 26 Oct. 2013. Watson, Stephen T. â€Å"Recent tragedies strap in safety as peak concern. † Buffalo News, The (NY) 23 Aug. 2011: Newspaper Source. Web. 26 Oct. 2013.

Speech class Essay Example | Topics and Well Written Essays - 500 words

Speech class - Essay Example To one estimate over 90 percent and above enterprises and business organizations have resorted to variable pay schemes in order to minimize the chances of further damages and losses that may be incurred in the longer run. The case and practical example presented relates to the power point slide number 8 in such a way that it is a practical demonstration of the managerial terms and concepts that are often used for in management courses and programs. The variable pay scheme may also be taken into account keeping in view the HR functions such as the clients satisfaction, the overall level of interaction between the top management, middle and lower administration along with the interaction between the inside of the organization and the supply chain outside. Variable pay method is subject to various factors consideration. These factors pertain to the past history of the organization, the cultural trend and the clients’ adaption to the new concept as well as the legal aspects fulfillment in this regard. Business cycle must also be taken into account and the overall forecast considerations in terms of the small level forecast to medium and long term forecast procedures undertaking. Caterpillar Inc in 2013 took up the variable pay scheme in the light of prevailing circumstances and global recession (Harrer). The variable pay scheme was introduced in the wake of the overall low profits and low investor responses recorded in the recent years. The responses so incurred and recorded were as low as 40 percent compared to the previous year performances and the subsequent gains and benefits from it. Caterpillar Inc found relative stability in its ranks after undertaking the variable pay scheme for the purpose of handling the employees concerns and overcoming the risks of global recession and low sales in the recent years and recent

Breast cancer- human diease- epidemiology Dissertation

Breast cancer- human diease- epidemiology - Dissertation Example The term ‘cancer’ refers to an uncontrolled growth of abnormal cells, which are known as malignant cells that proliferate until they form a tumour, which is an abnormal mass of tissue or can be described as a swelling. This causes the malignant cells to break away from the tumour and travel through blood or the lymphatic system to other organs such as the lungs, where the uncontrolled growth cycle repeats itself. The report of a working group to the Department of Health defines breast cancer as a â€Å"primary malignant neoplasm of the breast excluding those arising from connective tissue† (Breast Cancer: Report of a Working Group to the Department of Health, 2000). This being a major problem that affects a considerable percentage of the population, it gains significance as a public health issue and needs to be addressed from that perspective. In this context, the following data published by the NHS, National Institute for Clinical Excellence, appended below in ta bulated form, is relevant: Country No of Registrations (1998) Incidence: Crude Rate Per 100,000 (1998) No of Deaths (2000) Mortality: Crude Rate Per 100,000 (2000) England 32,908 131.0 10,609 41.9 Wales 1,914 128.05 731 48.7 (Guidance on Cancer Care Services: Improving Outcomes in Breast Cancer, 2002). ... Thus, the data reveals that the problem of breast cancer, though it affects female population largely, has to be recognized as a serious public health problem. Detailed region-wise graphical data has been appended as Annexure-I to VI to this paper. The Information Centre for Health and Social Care of the NHS has published data relating to current status of breast screening programmes in heir publication titled, Breast Screening Programme, England 2009-10 as under: (Breast Screening Programme, England 2009-10, 2011) From the above it transpires that 76.9 women in England, who fall within the age group of 53-70, have undergone the screening process for checking breast cancer. On the other hand, the percentage in London shows a downward trend at 67%. Remaining regions also show the rates around 80. While this is a good percentage, considering the issue’s relevance as a major social problem, efforts need to be made to provide coverage to more women through such programmes. The rep ort further projects data for 2002-2010, with the breakup of women into three categories based on age, as under: (Breast Screening Programme, England 2009-10, 2011) From this data, it emerges that the coverage for women in the age group of 53-64 has varied by a mere 1.1% from 76.1 in 2002 to 77.2 in 2010, while that of women 65-70 has increased considerably by 44.5% from 31.7 in 2002 to 76.2 in 2010. The average coverage of both groups put together registers an increase of 16.4% from 63.5 in 2002 to 76.9 in 2010. Thus, the overall trend is encouraging while there is still scope for including more women in the purview of breast screening programmes. This growth of cancer is classified as metastatic spread as the cancer cells leave an area and form a tumour in another body

Grammar Essay Example | Topics and Well Written Essays - 2500 words

Grammar - Essay Example Thus, the language particular-level provides us with the information about the distinctive characteristics of different categories used in English. This gives an opportunity to state that a word refers to a noun, verb, adjective, adverb, etc. For example, a verb has six grammatical categories: person, number, tense, aspect, voice and mood. It is the only part of speech that may change according to tense. As for the general level, it gives an opportunity to analyze two or more languages and find their common features. This helps to simplify the process of learning by the usage of the same terms. There are nouns, adjectives, verbs in all the languages. They just sound in different ways. For example, when there are pronouns in English, the same part of speech is called Pronomen in German. B) Should pronouns be treated as a subclass of nouns, or as a separate word class? Why? Pronouns should be treated as a separate word class. The main reason is that both these parts of speech have diff erent functions. A noun is applied in order to name substances and living beings. The same cannot be stated about pronouns. They do not name things, they only pointy out them. Moreover, English grammar would become more difficult if nouns and pronouns were the same part of speech. Thus, there are no special plural cases when we learn pronouns and the latter cannot be countable or uncountable. So, there is no need to change something in the traditional way to learn two separate parts of speech – nouns and pronouns. C) What are kernel clauses and what are the advantages of recognising the kernel vs non-kernel distinction? A kernel clause is a simple sentence that does not have any optional expression. It is indicative. This clause is unmarked in voice, mood, and polarity. It cannot be passive. For example: He threw a ball. Non-kernel clause is either negative or missing some element. Moreover, if there is an adjective, infinitive or gerund, it is also a non-kernel clause. For e xample: They saw him crossing the street. There is one major advantage of recognizing kernel and non-kernel clauses – this gives a significant simplification of grammar. D) Why is it important to systematically distinguish between grammatical class and grammatical function? Grammatical class is a grouping of words that are distinguished by common characteristics. For example, such words as dog, coat, man, and umbrella are nouns, because they name objects, have gender and number. They may have different grammatical function performed in a sentence. The latter helps to see the role of one and the same word in different contexts. That is why we should distinguish grammatical class and grammatical function. E) How does Huddleston's treatment of prepositions differ from that found in traditional grammars? What are the advantages (and disadvantages?) of Huddleston’s treatment? It is necessary to stress that Huddleston has another point of view upon prepositions. From his per spective, there are two types of propositions – they can refer either to coordinator or subordinator classes. That is why propositions are not secondary in English sentence; their function is very important. This part of speech often stands together with a verb – the principal member of a sentence. Moreover, proposition may function as one element in an utterance.

Consumer Buying Behavior Essay Example | Topics and Well Written Essays - 3750 words

Consumer Buying Behavior - Essay Example It has been further highlighted by Chiu et al. (2006) that consumer buying behavior is about asking key questions. For example, one might engage with the questions of why consumers buy or how consumers buy and what influences their purchasing. There is a mix of internal and external factors surrounding consumers that help shape and define their buying behavior and preferences. According to Pelsmacker et al. (2006), these internal factors include a perceptual filter, knowledge about products, attitude towards the brand, personality of the consumer, lifestyle of the consumer, perceived roles of consumer, and their overall motivation for making the purchase. It is also distinguished by the fact that the external factors include: group or segment membership of consumer and purchase situation or cultures of the consumer. For example, culture is one of the most important factors affecting the consumer’s buying behavior; because the consumer’s preference will be according to t heir beliefs and backgrounds. However, both internal and external factors are interconnected and play a vital role in the consumer’s buying behavior. This leads the reader to understand that a consumer’s choice and buying behavior is localized and will not be the same among individuals and businesses need to understand how to target the consumers from various backgrounds and lifestyles.The factors that have been mentioned help to identify the main reasons why people purchase products in general (Harper, 2005).