Our journey into the future begins in the past free essay sample

Journey is a very broad topic for everyone. It encompasses all of time and space, everywhere and anywhere. It could be a journey about a growing process; it could be a journey about an exploration. There are tons of topics about a journey; journeys are different for everyone. Our journey into the future begins in the past. Our growing process of us starts when we are born. We grow and learn until death. Our growing process comes with experiences, and experiences help us to gain knowledge. Remember TV came out in the 20s? It was black and white until the early 60s when the colored TV began. TV wasn’t popular until the 60s, but because people could watch the news and movies instead of going to the theatres and listening to radio, they gained more knowledge about many topics. Later on in the 21st century, TV became HD. The growing process doesn’t just come from experiences and knowledge, but also from imagination and popularity. We will write a custom essay sample on Our journey into the future begins in the past or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page However, that’s not all; this is just the beginning! Our inventions lead us to the future. A long running sci-fi series named Star Trek that had many technologies from the James T. Kirk era has now been successfully popularized. Back in the 1960-1980s, Star Trek popularized over 10 technologies such as, personal computers, tablets, remote location finding (GPS), sliding doors, large view screens, communicator, and many others! Without Star Trek, we would not even know how these technologies were used. The inventions continued and some inventions were inspired from movies and TV shows. In Japan, a long running animated detective series known as Detective Conan had a pair of glasses that could be used with GPS to track down a target. A similar or perhaps the same invention by Google, inspired Detective Conan and invented Google Glass. Our inspiration, imagination and inventions won’t end. When we have surpassed rocket technology, our next goal will be invent Star Trek’s starship to many passengers to explore every star, every planet. The most famous quote of Star Trek is, â€Å"Space, the final frontier. These are the voyages of the starship Enterprise. Its mission is to explore strange new worlds, to seek out new life and new civilizations, to boldly go where no man has gone before. † Now, that is when our journey into the future begins in the past.

Cultural Heritage Paper Essays - National Symbols Of The Philippines

Cultural Heritage Paper Essays - National Symbols Of The Philippines Cultural Heritage Paper HUB 500 Cross Cultural Dynamics of Behavior September 1, 2013 The Filipino culture has always been an amazing thing to me, especially with all the information I have never even knew about myself. The first people to ever enter the United States were both my Grandmother and Grandfather. They have come along way back in the day, and the day they finally got to start their new life in the United States was a great blessing. As they came to the Philippines, they tried to get as many of my aunts and uncles into their as quick as they can, but unfortunately only just a few were able to. And one of those few was my father. Growing up, I was left there for about two years until my father came to come get me, along with my mother. But from then on after I was four years old and changing to a different environment and different language was a pretty challenging task for myself even though I dont remember much. Identifying myself as well as my family, I would consider myself as an Ilocono and as I grew up I definitely came to know about it more because I would speak my language so fluently although I wasnt able to learn the main language which was Tagalog. My family entered the United States as immigrants back then but later below, I will explain the significance of the race, skin color and hair play within my group. One of the most dominant religions in the Philippines would have to be Catholicism but they do have other religions. My expectations when I was little was becoming a basketball player because growing up, I would always watched basketball but then realized I was too short and didnt have the determination to become an NBA player. In most Asian countries as well as the Philippines is that individuals seem to have an awfully hard time saying no all because they have a tendency to try and avoid hurting another persons feelings. Basically saying no to a person, can be considered by others as not being so friendly or even disrespectful. Filipinos would rather agree and say yes, even though they really mean to say no. Many Filipinos are dialogue oriented but in some cases it somewhat resembles and has a relation to Spanish. As a sign of respect, they usually do simple things that people tend to find a little strange but they usually address people by their title. After awhile from time to time, as well as a relationship being established, they address business associates by their nickname or title. Knowing the Filipino culture, there are also ways that they communicate. For an example they might have made a gesture, which means something. A smile can easily be understood as an agreement or conformation in a discussion that may have recently occurred. This same exact smiling gesture can also be used to hide an embarrassing disagreement, as well as an aggravation. An eyebrow that is raised and a jerking of the head upward is a nonverbal sign of affirmation. A person could also point their head downward is a gesture for saying no. Another example could also be when an individual says yes including the pointing of their head down can be legitimately certain that they have a negative agreement with what you have been recently discussing about. While in most of the cultures, it is similar and mutual for both women and men to shake hands with each other when they are introduced for the first time as well as being able to greet each other. With that being said, Filipinos are the opposite. For the Filipino culture, any kind of touching is a low for most. When men touch women, that is the case. All across the Philippines there are many dialects, but one interesting thing is that the country is split into different regions. These regions are called Luzon, Visayas and Mindanao. In the Philippines, the Gender roles are mostly found in dating, marriage, school systems, and especially the many families of Filipinos. Their sex is assumed when they are born according to Filipinos. The most respect goes to all males for the most

Compare and Contrast Research Paper Essay Example | Topics and Well Written Essays - 750 words

Compare and Contrast Research Paper - Essay Example This art shows the philosophers gathered together learning from each other and sharing ideas. The great figures in history lived at different times. However, The School of Athens illustrates the great scholars under one roof. Two great thinkers, Aristotle and Plato, are conspicuous in the painting. The duo has played crucial role in shaping the Western thinking. In addition, their philosophical differences have been incorporated into Christianity (Kleinbub 52). However, Aristotle holds his hand down, a clear indication that humanity can only subscribe to the reality that can be seen or experienced by tough as well as sight. This, in essence, is the exact reality that Plato had dismissed. Aristotle holds his famous book (Aristotle’s Ethics) essentially emphasized elements of justice, relationship, government of the human world, and friendship, as well as reasons for the study (Kleinbub 52). Pythagoras is to the lower left of the painting, The School of Athens. Pythagoras held t o the belief that the world as well as the movement of the stars and other planets operated in a manner that was reflective of distinct mathematical laws (Kleinbub 52). Incidentally, the mathematical laws had close connection to the ideas of cosmic and musical harmony. Apotheosis of Homer was a remarkable work by Ingres (1827). ... However, Homer appears to rein above all the great ancient artists and writers in history. Ingres intended to depict the painting to be the sum of aesthetic rules though it barely lived to the expectation. Incidentally, the creation of this painting was a result of the artist (Ingres) combining more than 100 small drawings for the various characters (Kleiner & Helen 782). Each of the assorted characters made the drawing more precise and detailed in equal measure. Apparently, Ingress conducted an extensive study of the paintings and other artistic works of assorted artists. For instance, he studied the paintings of Raphael, Apelles, and Poussin, the playwright, as well as other important figures, including the Roman and Greek gods. Jean- Stylistic Analysis The School of Athens (by Raphael) provides high renaissance perspective with regard philosophers, scientists, mathematicians who held divergent views, conducted researches, and held different perceptions about the universe and other phenomena (Strinati 28). In the art, Plato is seen holding his book called The Timaeus. Plato (on the left) points up which is a clear implication of his philosophy about everything in the universe being merely a shadow of the higher, eternal reality that is not only unchanging but also eternal. These include things such as beauty and goodness (Strinati 28). In essence, he holds to the belief that the other worldly reality is in fact the ultimate reality, and the seat of beauty, justice, wisdom, and truth. However, Aristotle holds his hand down, a clear indication that humanity can only subscribe to the reality that can be seen or experienced by tough as well as sight. Auguste-Dominique Ingres first exhibited the Apotheosis of Homer in 1827 in the yearly Salon. This art

The lack of specific statutory legislation to deal with media Essay

The lack of specific statutory legislation to deal with media intrusion can be regarded as a weakness in English law. The Irish Privacy Bill 2006 represents a m - Essay Example In UK there is no specific statutory provision for the protection of privacy. However, because the violation of personal life cannot remain in certain circumstances without punishment, for this reason, the courts use instead the principles of law that are related with Human Rights in general. In this context, Human Rights Act of 1998 is the most common legislative text used by courts in UK in order to provide protection to people that have suffered an intrusion to their personal life by media. It has to be noticed though that English courts deal with the issue only at the level that the relevant freedoms provided by the English law are violated. In accordance with the article 2 of the Human Rights Act of 1998 ‘Everyone’s right to life shall be protected by the law’ (article 2, par.1). Furthermore, Human Rights Act of 1998 include a series of articles that provide protection in many cases when human rights are been threatened. We can indicatively refer to ‘th e right to liberty and security (article 5), the right to a fair trial (article 6), the right to respect for private and family life (article 8), the freedom of thought, conscience and religion (article 9), the freedom of expression (article 10), the freedom of assembly and association (article 11), the right to an effective remedy (article 13)’ and so on. At the European level, the right of privacy is also protected using the European Convention on the Protection of Fundamental Rights and Freedoms of 1948 as it has been amended by a series of protocols (no. 4, 6, 7, 11 and 12). An interesting legislative text in the area of protection of privacy is the Irish Privacy Bill 2006 which covers all possible aspects of personal life that can suffer an intrusion and violation. Generally, it has been stated by Ellis (1993, 85) that ‘British law recognises no statutory right to privacy but The Data Protection Act 1984 was the first Act to address this

Response paper Essay Example | Topics and Well Written Essays - 500 words - 3

Response paper - Essay Example Cat therefore, symbolizes women’s status that at all times strives to conform to the demands of their husband. ‘It isn’t any fun to be a poor kitty out in the rain’ reflects the way of woman’s life who is constantly under the vigil of her husband. The protagonist in the story is first addressed as ‘American wife’ and then as ‘American girl’ that subtly defines the difference between a married girl and girl who can pursue their happiness as they deem within the broader framework of patriarchal society. Married women are denied the basic right for self expression and empowerment of women and have to restrict themselves within the expected behavior as decided by their husband. Indeed, social conditioning significantly impacts marital bond and makes women rebel against the restrictions that make the unequal and less worthy of their counterparts. On the other hand, Hemingway in the story, ‘Hills like White Elephants’ shows human frailty and confused state when confronted with issues that are socially unacceptable. The author has touched the issue of abortion and describes the vacillating views of the two individuals who are trying to justify the decision for abortion. Abortion is highly sensitive issue within the society and refers to deliberate termination of fetus. It has huge moral, religious and legal implications which make it almost a taboo subject. The author’s foray into the subject is highly abstract and touches the subject in various ways to display the personal fear, social stigma and future hope. The inter-related consequences of abortion have wide ramifications and as such, make the decision as most critical aspect of the deed. The characters talk around the subject of abortion and the story slowly reflects how the woman succumbs to the desires of her partner and says ‘Then Ill do it.

Strengthening Community Action Through Community Development Social Work Essay

Strengthening Community Action Through Community Development Social Work Essay Although the term empowerment is frequently used, the availability of high-quality research which demonstrates its success for improving the wellbeing of communities is fairly minimal (Woodall et al. 2010). There is, however, some evidence that shows that empowerment programs can lead to improve outcomes for participants. For example, in examining the effectiveness of interventions using community development approach, the Migrant Resource Centre of South Australia, which provides programs that targets particular community groups, including women, younger people, has recorded some promising ability to impact the lives of young refugees (MRCSA Annual Report, 2009). In fact, this essay argues that while community development interventions are difficult to measure, the migrant Resource Centre of South Australia has registered significant gains in the area of youth empowerment. This essay will highlight the various intervention programs implemented by the Migrant Resource Centre of South Australia (MRCSA). However, case study will focus on its youth empowerment component and to evaluate the overall effectiveness of community development approach of the organisation. To achieve this task, the essay is partitioned as follows. The first part will examine the definitions of empowerment. The next section will discuss about community development as a strategy and a model of practice by the Migrant Resource Centre of South Australia (MRCSA). The third section discusses the impact and challenges of this intervention. The final part of the essay will evaluate the impact of MRCSAs youth empowerment program among a number of interventions. Background and definition of the Concept of Empowerment In the 1990s the term empowerment began to replace community participation (Rifkin, 2003). Empowerment according to Rifkin has conceptually evolved from the idea of lay participation in technical activities to a broader concern of improving life situations of the poor. This evolution can be traced historically in the areas of policy and in community activities. In the policy area, Rifkin proposes that three theoretical constructs can be identified to trace the changing view of participatory approaches from consensus building to empowerment. These Rafkin stated correspond to the political and political environment of the time. The historical development of the concept of empowerment helps explain why there is no universally accepted definition of empowerment (Rifkin, 2003). However a number of scholars defined it as a process (McArdle, 1989; Laverack, 2005; Werner, 1988; Kilby, 2002). McArdle (1989) defines empowerment as a process whereby decisions are made by the people who will wear the consequences of those decisions. Similarly Werner (1988) and Laverack (2005) describe the concept of empowerment as a process by which people are able to gain or seize power to control over decisions and resources that determine their lives. Moreover, Kilby (2002) describe a process by which disadvantaged people work together to increase control over events that determine their lives. Expansion of individuals choices and actions, primarily in relation to others à ¢Ã¢â€š ¬Ã‚ ¦ fundamentally a shift of power to those who are disempowered. From a public health perspective, empowerment involves acting with communities to achieve their goals (Talbot Verrinder, 2005). This implies working with disadvantaged individuals or groups to challenge structural disadvantaged (on the basis of class, gender, ethnicity or ability) and influence their health in a positive way. The application of the concept into the field of health promotion as outline by Laverack and Labonte (2000) is categorized in two folds; the bottom-up programming and the top-down programming. The former more associated with the concept of community empowerment begins on issues of concern to particular groups or individuals and regards some improvement in their overall power or capacity as the important health outcome. The later more associated with disease prevention efforts begin by seeking to involve particular groups or individuals in issues and activities largely defined by health agencies and regards improvement in particular behaviours as the important h ealth outcome. Laverack and Labonte (2000) thus viewed community empowerment more instrumentally as a means to the end of health behaviour change. They argue that community empowerment which is defined as a shift towards greater equality in the social relations of power is an unavoidable feature of any health promotion efforts. On a much broader scale empowerment promotes participation of people, organisations and communities towards the goals of increased individual and community control, political efficacy, improved quality of community life, and social justice (Wallerstein, 1992). The next section is a case example of how this approach is applied by an agency in dealing with question of social inclusion. Community Development: A case of Migrant Resource Centre of South Australia (MRCSA) By reviewing the previous definitions of empowerment and examining MRCSAs framework, It is clear that the worker in (MRCSA) understand and adopt empowerment concept similar to which all of McArdle (1989); Laverack (2005); Werner (1988); Kilby (2002) and WHO (1986) do understand and adopt where empowerment is a matter of giving people the right and the opportunity to exercise power and control regarding making decisions that affect their health promoting. In addition, in order to empower migrant people and communities, the (MRCSA) provide and still providing number of interventions based on community development model of practice. According to Tesoriero (2010), community development is the use of a set of ongoing structures and processes which enable the community to meet its own needs. Similar to Tesoriero (2010), Community Development is understood and implemented by the (MRCSA) as a multifaceted program of activities that concentrated on supporting the need of new arrivals and their new and emerging communities to understand their rights and obligations, to link into training and employment pathways and to develop networks of support within their local and in the broader community (www.mrcsa.com.au). In fact, The MRCSA has adopted Laverack and Labontes (2000) bottom-up approach in implementing their programs by consult sing and working closely with leaders and key representatives of new and emerging communities, including women and young people, to support them in gaining the knowledge and skills that they need to further their independence as well as their capacity to support and provide assistance to their members. Moreover, beside community development programs, MRCSA is providing number of womens advocacy programs, youth leadership and participation and employment advocacy programs, As well. The programs also include Refugee Mens Talk, an initiative supporting men to adapt to their new social environment. To ensure and facilitate the participation of new and emerging communities in their local areas and in regional areas where they settle, or resettle, the program includes local government and regional initiatives. MRCSA believes that new and emerging communities require a place in which to implement their own activities. The organisation provides these through its own community centres and through linkages with other community facilities. Also, Given that community development as an approach require working across divergent spheres, the Migrant Resource Centre of South Australia (MRCSA) maintain link with a number of stakeholders. These include the Commonwealth Government, the state of South Australia and the NGO community.(www.mrcsa.com.au). At the level of the Commonwealth Government, the links include; Department of Immigration and Citizenship, Centrelink, Employee Advocate, Department of Families, Housing, Community Services and Indigenous Affairs and Australia Council for the Arts. At the level of the State Government the links are; Multicultural SA, Department of Health, Department of Families and Communities, Department of Education and Childrens Services, Skills SA, English Language Services TAFE SA, Arts SA, Office for Women, Womens Information Service, Womens Health State Wide, Local Government Association of SA and Be Active. The links within the Non-Government Sector includes; Settlement Council of Austra lia (SCoA), Refugee Council of Australia, Federation of Ethnic Communities Councils of Australia (FECCA) LM Training Specialists, SA Council of Social Service (SACOSS), Service to Youth Council (SYC), Working Womens Centre, Migrant Womens Support and Accommodation Service, Youth Affairs Council of SA (YACSA), Anglicare SA, African Communities Council (ACCSA), Middle Eastern Communities Council (MECCSA), Volunteering SA and Northern Territory. Analysing this web of networks from Labontes, (1992) community development continuum, the MRCSAs programs deal with individuals which transcend to small groups, community organisations, coalition advocacy and political action. With this wide array of networks, the organization has been facilitated to maintains a huge amount of social capital and through careful co-ordination, it stands a lot to gain in achieving its primary objectives (Butter et al. 1966) The next section will focus on one of its many programs in the area of youth enhancement. Youth Empowerment Program The Migrant Resource Centre of South Australia (MRCSA) works closely with the leadership and key representatives of its client communities, including women and young people to support them in acquiring the knowledge and skills that they need to further their independence and self-determination, as well as their capacity to assist their members with their settlement and participation (www.mrcsa.com.au)). These goals are achieved through a number of programs including ethnic leaders forum, adult migrant education, community management and leadership forum by way of funding and leadership training. This section focuses on its youth empowerment program with emphasis on the Newly Arrived Youth Settlement Services (NAYS). The primary objective of this program as outlined in the MRCSA Annual Report (2008-2009) is to empower young people to develop their own programs and to become advocates for themselves, their families and communities. In partnership with TAFE SA, the MRCSA conducted a number of training programs for young people who were not engaged in school or work. Specific training includes Certificate II in Information Technology, Productively Places Program Certificate II, Volunteering, work experience capacity building, apprentiships and traineeships (MRCSA Annual Report (2008-2009). Through its new arrival humanitarian settlement program, the MRCSA has been an advocate and a voice for the inclusion and participation of young people of refugee background (www.mrcsa.com.au). According to the 2010 MRCSA Youth Empowerment Program Annual Report, the program has since 1998 addressed the needs of young people from new and emerging communities in South Australia through a multi-faceted program. The program provides young people with a range of services that aim to further their resilience, leadership skills and pathways to employment and independence. The MRCSA Youth Empowerment Program for 2008-2009 provided assistance to five hundred and twenty-nine (529) young people of refugee background, most of them recent arrivals to South Australia, to achieve some of their goals (Annual Report 2009-2010). These achievements were based on strong foundations upon which MRCSA operate. The next section will discuss the guiding principles which form the basis of MRCSAs operations. MRCSA Guiding Principles The Migrant Resource Centre of South Australias philosophy and approach in working with young people from refugee backgrounds outline a number of guiding principles (Annual Report, 2008-2009). The principles discussed below indicate that MRCSA operates Laverack and Labontes (2000) bottom-up approach of community development. The guiding principles include the following: Firstly, any youth programs, initiatives or activities are shaped and driven by the young people themselves through consultation with their peers. Secondly, young people are encouraged and supported to speak for themselves to drive their own development; the role of the MRCSA is that of mentor and advisor only. Thirdly, the importance of young peoples connection to family and community is recognized, valued and supported. Fourthly, the ethnic, religious and cultural identity and heritage of young people is affirmed and respected. Fifthly, respect for gender differences and how these impact on the planning and delivery of the youth program. Also, young people are active decision makers. Finally, an action research approach informs continuous service improvement and best practice. These guiding principles are based on the premise that empowerment strategies focus on what people can do to empower themselves and so deflect attention from social issues (Keleher et al. 2007; Keleher, and Murphy, 2004) . However, Labonte (1990) warns that unless national and international trends are taken into account, the decentralization of decision-making may shift from victim blaming of individuals to victimizing powerless communities. In view of such warnings, Wilson et al (1999) suggest that effective primary health care as in the case of public health functions depends on efforts to link local issues to broader social issues. Intersectoral action can be used to promote and achieve shared goals in a number of other areas, for example policy, research, planning, practice and funding. It may be implemented through a myriad of activities including advocacy, legislation, community projects, and policy and programme action. It may take different forms such as cooperative initiativ es, alliances, coalitions or partnerships (Health Canada http://www.hc-sc.gc.ca) What are the Barriers? In achieving their goal of empowering communities, the Migrant Resource Centre of South Australia (MRCSA) faces a number of challenging issues. When young refugees arrive in Australia they face a number of challenges. They need to begin a new life, establish new friends and networks and find pathways that link them into mainstream community (MRCSA Annual Report, 2008-2009). Some young people may also be at risk and need to deal with issues around language, religious identity, grief and loss, the justice system, consumer culture and intergenerational tension (MRCSA Annual Report, 2008-2009). Young people also need ways of dealing with race, racism and their identity (MRCSA Annual Report, 2008-2009). There are fewer opportunities for young women from new and emerging communities to participate in sport due to the barriers they experience from within sporting environments and their own communities (MRCSA Annual Report, 2009). These barriers can be based on cultural, religious, and gender expectations of young women and their roles in their community. The report (MRCSA, 2009) also highlighted other factors affecting young women participation in sports. These include; lack of parental support, perceived fear of racism, lack of knowledge about the structure of sport in Adelaide and high cost of membership and registration fees. On the other hand, community development approach can pose barriers to Public Health Practitioners in a number of ways. Epidemiological, sociological, and psychological evidence of the relationship between influence, control, and health, provide a rationale for a community empowerment approach to health education. For example, studies show an association between powerlessness (or similarly, learned helplessness, alienation, exploitation) and mental and physical health status. Examining the application of community empowerment approach to health education, Israel (1994) identified a number of limitations and barriers to this approach. Firstly, situations where community members past experiences and normative beliefs result in feelings that they do not have influence within the system (powerlessness, quiescence) and hence, they may feel that getting involved in an empowerment intervention would not be worthwhile. Secondly, differences in, for example, social class, race, ethnicity, tha t often exist between community members and health educators that may impede trust, communication, and collaborative work. Thirdly, role-related tensions and differences that may arise between community members and health educators around the issues of values and interests, resources and skills, control, political realities, and rewards. Fourthly, difficulty in assessing/measuring community empowerment and being able to show that change has occurred. Fifthly, the health education profession does not widely understand and value this Approach. Next, risks involved with and potential resistance encountered when challenging the status quo, for the individual, organizations, and community as well as the health educator. Seventhly, the short time-frame expectations of some health educators, their employers, and community members are inconsistent with the sustained effort that this approach requires in terms of long-time commitment of financial and personal resources. Finally, the collecti on and analysis of extensive amounts of both qualitative and quantitative data to be used for action as well as evaluation purposes may be perceived as slowing down the process. Inspire of these barriers, community development is still relevant to Public Health Practitioners. Epidemiological, sociological, and psychological evidence of the relationship between influence, control, and health, provide a rationale for a community development approach to health education (Israel, 1994). For example, studies show an association between powerlessness (or similarly, learned helplessness, alienation, exploitation) and mental and physical health status (Israel, 1994). The challenges posed by community development approach also extend to the wider arena of state level. The demand on government and competition for resources by professionals is a major obstacle. Similarly, Inter-professional distrust and reluctance to share information also remains a major obstacle. The way in which governments fund departments can be an obstacle to collaboration (Baum, 1993). It is therefore argued that Stability of an organisation and its staff is important for interagency agreements and establishing trust (Walker et al. 2000). Walker (2002) further argued that Competition for resources can affect trust and intergroup conflict can occur when there is a lack of adversaries. However, insecurity brought on by political and economic uncertainty can facilitate political coalitions (Weisner, 1983). Overcoming the barriers Overcoming the barriers will require a concerted effort from communities, concerned organisations and government. The Proceedings of 2008 the Conference on Social Inclusion for New and Emerging Communities, outline some of the areas that need urgent interventions are discussed below. Racism and discrimination Identified as a major area of concern, combating discrimination requires coordinated and targeted social inclusion and human right measures. The focus should not be limited to what occurs in a social context (e.g. schoolyard, public places etc.) but also the systemic racism that supports discrimination, the perpetuation of racial stereotypes, and institutional inclusion e.g. within the justice system, the employment sector and in the blocks to the recognition of overseas qualifications and experience as well as the registration and utilization of these. Women and safety Women should have the right to feel safe in their homes as well as the broader community, to access culturally appropriate services for themselves and their families (e.g. health, childcare, education etc ), to learn English without it compromising their chances at finding a job and to undertake training that prepares them for work and improve their employment potential. Empowering young people The voices of the diversity of young people rather than a token representative from new and emerging communities must be listened to and give strong credence in the advance of a national or state framework for social inclusion. Supporting the empowerment and participation of young people as future citizens and leaders of Australia will serve the country culturally, socially and economically. Base on the above discussion in the case of challenges to MRCSA operations, solutions to barriers could be summarized therein; Barriers can be overcome through integrated structures, developing responsibility within structures Support of local leaders, developing leadership skills for negotiation and collaboration. Enhancing Regional networks/structures, established processes and relationships are important for collaboration. Conclusion From the case studies, it was found that the Migrant Resource Centre of South Australia (MRCSA) utilize community mobilization approaches to improve equity of services, reduce institutional barriers within the society, enhance participation in new and emerging communities, strengthen civil society associations and create healthy social policies. The programs demonstrated that opportunities for community voices to be heard had been increased and this had raised community capacity to maximise their needs and create change. This study also found that empowerment can have a positive impact on participants self-efficacy, self-esteem, sense of community and sense of control and, in some cases, empowerment can increase individuals knowledge and awareness and lead to behaviour change. These findings were particularly apparent on youth empowerment approaches and those programmes concerning young women.

Abraham Lincoln :: essays research papers

Abraham Lincoln Lincoln, Abraham (1809-65), 16th president of the United States (1861-65), who steered the Union to victory in the American Civil War and abolished slavery. Early Life Lincoln was born on February 12, 1809, near Hodgenville, Kentucky, the son of Nancy Hanks and Thomas Lincoln, pioneer farmers. At the age of two he was taken by his parents to nearby Knob Creek and at eight to Spencer County, Indiana. The following year his mother died. In 1819 his father married Sarah Bush Johnston, a kindly widow, who soon gained the boy's affection. Lincoln grew up a tall, gangling youth, who could hold his own in physical contests and also showed great intellectual promise, although he had little formal education. In 1831, after moving with his family to Macon County, Illinois, he struck out on his own, taking cargo on a flatboat to New Orleans, Louisiana. He then returned to Illinois and settled in New Salem, a short-lived community on the Sangamon River, where he split rails and clerked in a store. He gained the respect of his fellow townspeople, including the so-called Clary Grove boys, who had challenged him to physical combat, and was elected captain of his company in the Black Hawk War (1832). Returning from the war, he began an unsuccessful venture in shopkeeping that ended when his partner died. In 1833 he was appointed postmaster but had to supplement his income with surveying and various other jobs. At the same time he began to study law. That he gradually paid off his and his deceased partner's debts firmly established his reputation for honesty. The story of his romance with Ann Rutledge, a local young woman whom he knew briefly before her untimely death, is unsubstantiated. Illinois Politician and Lawyer Defeated in 1832 in a race for the state legislature, Lincoln was elected on the Whig ticket two years later and served in the lower house from 1834 to 1841. He quickly emerged as one of the leaders of the party and was one of the authors of the removal of the capital to Springfield, where he settled in 1837. After his admission to the bar (1836), he entered into successive partnerships with John T. Stuart, Stephen T. Logan, and William Herndon, and soon won recognition as an effective and resourceful attorney. In 1842 Lincoln married Mary Todd, the daughter of a prominent Kentucky banker, and despite her somewhat difficult disposition, the marriage seems to have been reasonably successful. The Lincolns had four children, only one of whom reached adulthood. His birth in a slave state notwithstanding, Lincoln had long opposed slavery.

Exemplar

INVESTIGATING THE ECOLOGICAL NICHE OF THE CRAB USING A FAIR TEST INTRODUCTION: The ecological niche of the crab Hemigrapsus edwardsi. The crab is a member of the Crustacea phylum and is in the family Grapsidae. This crab species is found only in New Zealand on rocky shores. The rocky shore, where the crabs studied in this investigation were found is quite exposed. There is a large rock platform that provides small crevices and small rocks which help to protect them from wave action and predators. There are also sea lettuce, and other algae growing on parts of the rocks.The crab has many adaptations that allow it to live on the rocky shore including: †¢ grey/black colour for camouflage †¢ food detection structures (antennae on its head and hairs on the mouth parts to sense chemicals in the sea water) †¢ 4 pairs of legs with muscles that allow it to move sideways, as well as forwards and backwards †¢ behavioural adaptations such as scuttling under rocks when the tid e goes out or to avoid predators †¢ freezing when being attacked (we noticed this when we touched some of them on their backs). This might confuse predators. †¢ gills for gas exchange.The rock pools provide a micro-climate where the temperature and salinity of the water will change, depending on the weather. If it was a really hot day, the rock pools will get warmer, more water will evaporate and the salinity will increase. The crab would have to be adapted to cope with these changes in salinity, otherwise, as the concentration of salt in the water around it changes, it will gain or loose mass due to osmosis. Through the process of osmoregulation, the crab is able to maintain a constant water balance in its body, but to do so requires energy and this could be measured by an increase in the respiration rate.This is what I am going to investigate. Aim: To determine whether the respiratory rate of the crab changes in different salinities. Hypothesis: The respiratory rate of t he crab will increase as the salinity changes away from â€Å"normal† salinity. METHOD Thirty crabs of similar size, were collected from the rocky shore. The salinity was varied by diluting the 200% conc. seawater provided in to five different concentrations. The volume of the solutions was 200mL each. The concentrations were 150%, 125%, 100%, 75%, 50% conc. Water with 100% concentration is equivalent to the concentration of normal seawater.Sixty-five mL of the 150% solution was poured into a petri dish. The petri dish had a thin layer of stones in the base to recreate the natural environment of the crabs. One crab was put into this petri dish and left for five minutes to allow them to adjust to the conditions. The petri dishes were floated on a water bath which was set at 180C. The water bath was placed in the room where the light intensity was the same for all petri dishes. An indirect method of estimating respiration was used. This was to count the number of currents seen on the surface of the water.I assumed that a higher number of currents indicated a higher respiration rate. A little bit of carmine red was sprinkled onto the solution in the petri dish in order to see the movement of water more clearly. The crabs were left in the petri dishes for five minutes before counting the respiratory currents. The respiratory currents were counted for 30 seconds. This amount was doubled to give the rate per minute. 5 more trials with different crabs were done at each concentration. Each time a fresh 65 mL of solution was added. The results were recorded and the rates per minute were averaged.This process was repeated for the 4 remaining concentrations and the results for these were averaged. Results: Average respiratory rate of the crab in different concentrations of seawater. | |% concentration of the water (100% = normal sea water) | | |50 |75 |100 |125 |150 | |Average number of respiratory | | | | | | |currents per minute |7. 2 |6. 75 |6. 00 |7. 50 |12. 4 2 | Average respiratory rate of the crab in different seawater concentrations. Statistical analysis of results: The graph of the results suggests that there is a significant relationship between the concentration of the seawater and the respiratory rate of the crabs. This is confirmed by the r2 value of 0. 9642, which indicates that 96% of the variation in the results is explained by the change in seawater concentration. Conclusion:The respiratory rate of the crab, as measured by respiratory currents, increased when the concentration of the seawater either increased or decreased from the 100% conc. (normal seawater). Discussion: This investigation was carried out to determine whether respiratory rates of the crab increased as the salinity was changed from normal levels. The crab is a euryhaline organism that lives on the rocky shore, often in rock pools. Because of the tidal movements of water, the salinity of the crab’s environment fluctuates. To maintain homeostasis, the cr ab osmoregulates.This means it actively controls the salinity levels inside its body. As the seawater concentration increased or decreased from the concentration of normal seawater (100% conc. ) the respiration rate increased. This is because the crab is most comfortable at the concentration of normal seawater. As osmoregulation involves the active transport of ions, it requires energy to adjust to higher or lower seawater concentrations than 100% seawater. As the salinity of the crab’s environment increases or decreases from the salinity of normal seawater it requires more energy in order to osmoregulate.So in order to obtain that energy, it needs more oxygen and its respiration rate increases. This is necessary for the crab as it must deal with a range of salinity as the tidal pools dry out. If the concentration of the water is greater than that of the crab’s internal environment, it will go through osmosis. Although the crab has an exoskeleton, water can still leave its body through the space around its joints and gills. Evaluation: Initially I found that there were several problems with my investigation.The most significant one was that the crabs were out of their natural environment which made them more fidgety. Some of mine even attempted to escape from the petri dishes during the trials. This clearly shows that they were unsettled and perhaps not responding as they usually would. If they decided to stay inside the petri dish, they stayed close to the edge and moved away from the movement of people around them. I moved my investigation to a more secluded position and screened them off with a cover so that were not able to see what was around them.I also lined the petri dish with a thin layer of stones to attempt to somewhat recreate the natural environment. This change made the crabs calmer and produced a more natural response. The counting of actual respiration itself was difficult as it was a humid day and the carmine red seemed to be con gealing before being placed in the water. Perhaps in humid conditions chalk dust or very fine sand would have been more suitable but these were not available where I was carrying out the investigation.Where the crabs were sampled from may have biased the outcome of the results as the position in the tidal zone might influence the levels of salinity that they were accustomed to. Most of my animals appeared to be female, this may also have biased my results. Further investigations would need to be carried out to determine if sex or original location influences crab respiration rate. Despite these limitations my results show that the increase in respiratory rates can be explained by the changing concentration of the seawater. ———————–INTRODUCTION ECOLOGICAL NICHE AIM HYPOTHESIS Explains aspects of the ecological niche that are related to the investigation. Hypothesis linked to ecological niche. VARIABLE INDEPENDENT VARIABLE CONTRO LLED VARIABLE DEPENDENT VARIABLE Controlled variables A valid range of the Independent variable Controlled variables Dependent variables Sufficient data PROCESSED DATA [pic] STATISTICAL ANALYSIS CONCLUSION Sufficient data that is appropriately and accurately processed to show relevant pattern. (raw data is in log book) Workable method outlinedSufficient data that is appropriately and accurately processed to show relevant pattern. (raw data is in log book) Statistical analysis of the validity of the conclusion A valid conclusion that is justified by the data and relates to the hypothesis DISCUSSION EVALUATION Critical evaluation through analysis of the validity of the investigation Critical evaluation – limitations discussed and changes made to the method justified in relation to validity of investigation Discussion of results related to niche Significance of findings in relation to the ecological niche

Principles of Information Security, 4th Ed. – Michael E. Whitman Chap 01

Licensed to: CengageBrain User Licensed to: CengageBrain User Principles of Information Security, Fourth Edition Michael E. Whitman and Herbert J. Mattord Vice President Editorial, Career Education & Training Solutions: Dave Garza Director of Learning Solutions: Matthew Kane Executive Editor: Steve Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Development Editor: Lynne Raughley Editorial Assistant: Jennifer Wheaton Vice President Marketing, Career Education & Training Solutions: Jennifer Ann Baker Marketing Director: Deborah S.Yarnell Senior Marketing Manager: Erin Coffin Associate Marketing Manager: Shanna Gibbs Production Manager: Andrew Crouth Content Project Manager: Brooke Greenhouse Senior Art Director: Jack Pendleton Manufacturing Coordinator: Amy Rogers Technical Edit/Quality Assurance: Green Pen Quality Assurance  © 2012 Course Technology, Cengage Learning For more information, contact or find us on the World Wide Web at: www. course. com ALL R IGHTS RESERVED.No part of this work covered by the copyright herein may be reproduced, transmitted, stored or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher.For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or product, submit all requests online at cengage. com/permissions Further permission questions can be emailed to [email  protected] comLibrary of Congress Control Number: 2010940654 ISBN-13: 978-1-111-13821-9 ISBN-10: 1-111-13821-4 Course Technology 20 Channel Center Boston, MA 02210 USA Cengage Learning is a leading provider of custo mized learning solutions with office locations around the globe, including Singapore, the United Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at: international. cengage. com/region. Cengage Learning products are represented in Canada by Nelson Education, Ltd. For your lifelong learning solutions, visit course. cengage. com Purchase any of our products at your local college store or at our preferred online store www. engagebrain. com. Printed in the United States of America 1 2 3 4 5 6 7 8 9 14 13 12 11 10 Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it . Licensed to: CengageBrain User hapter 1 Introduction to Information Security Do not figure on opponents not attacking; worry about your own lack of preparation. BOOK OF THE FIVE RINGS For Amy, the day began like any other at the Sequential Label and Supply Company (SLS) help desk. Taking calls and helping office workers with computer problems was not glamorous, but she enjoyed the work; it was challenging and paid well. Some of her friends in the industry worked at bigger companies, some at cutting-edge tech companies, but they all agreed that jobs in information technology were a good way to pay the bills.The phone rang, as it did on average about four times an hour and about 28 times a day. The first call of the day, from a worried user hoping Amy could help him out of a jam, seemed typical. The call display on her monitor gave some of the facts: the user’s name, his phone number, the department in which he worked, where his office was on the company campus, and a list of all the calls he’d made in the past. â€Å"Hi, Bob,† she said. â€Å"Did you get that document formatting problem squared away? † â€Å"Sure did, Amy. Hope we can figure out what’s going on this time. † â€Å"We’ll try, Bob. Tell me about it. † â€Å"Well, my PC is acting weird,† Bob said. When I go to the screen that has my e-mail program running, it doesn’t respond to the mouse or the keyboard. † â€Å"Did you try a reboot yet? † 1 Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageB rain User Chapter 1 â€Å"Sure did. But the window wouldn’t close, and I had to turn it off. After it restarted, I opened the e-mail program, and it’s just like it was before—no response at all. The other stuff is working OK, but really, really slowly. Even my Internet browser is sluggish. † â€Å"OK, Bob. We’ve tried the usual stuff we can do over the phone. Let me open a case, and I’ll dispatch a tech over as soon as possible. † Amy looked up at the LED tally board on the wall at the end of the room. She saw that there were only two technicians dispatched to deskside support at the moment, and since it was the day shift, there were four available. Shouldn’t be long at all, Bob. † She hung up and typed her notes into ISIS, the company’s Information Status and Issues System. She assigned the newly generated case to the deskside dispatch queue, which would page the roving deskside team with the details in just a few minutes. A moment later, Amy looked up to see Charlie Moody, the senior manager of the server administration team, walking briskly down the hall. He was being trailed by three of his senior technicians as he made a beeline from his office to the door of the server room where the company servers were kept in a controlled environment. They all looked worried.Just then, Amy’s screen beeped to alert her of a new e-mail. She glanced down. It beeped again—and again. It started beeping constantly. She clicked on the envelope icon and, after a short delay, the mail window opened. She had 47 new e-mails in her inbox. She opened one from Davey Martinez, an acquaintance from the Accounting Department. The subject line said, â€Å"Wait till you see this. † The message body read, â€Å"Look what this has to say about our managers’ salaries†¦Ã¢â‚¬  Davey often sent her interesting and funny e-mails, and she failed to notice that the file attachment icon was unu sual before she clicked it.Her PC showed the hourglass pointer icon for a second and then the normal pointer reappeared. Nothing happened. She clicked the next e-mail message in the queue. Nothing happened. Her phone rang again. She clicked the ISIS icon on her computer desktop to activate the call management software and activated her headset. â€Å"Hello, Tech Support, how can I help you? † She couldn’t greet the caller by name because ISIS had not responded. â€Å"Hello, this is Erin Williams in receiving. † Amy glanced down at her screen. Still no ISIS.She glanced up to the tally board and was surprised to see the inbound-call-counter tallying up waiting calls like digits on a stopwatch. Amy had never seen so many calls come in at one time. â€Å"Hi, Erin,† Amy said. â€Å"What’s up? † â€Å"Nothing,† Erin answered. â€Å"That’s the problem. † The rest of the call was a replay of Bob’s, except that Amy had to jot notes down on a legal pad. She couldn’t dispatch the deskside support team either. She looked at the tally board. It had gone dark. No numbers at all. Then she saw Charlie running down the hall from the server room. He didn’t look worried anymore. He looked frantic. Amy picked up the phone again.She wanted to check with her supervisor about what to do now. There was no dial tone. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 3LEARNING OBJECTIVES: Upon completion of this material, you should be able to: †¢ †¢ †¢ †¢ †¢ Define information security Recount the history of computer security, and explain how it evolved into information security Define key terms and critical concepts of information security Enumerate the phases of the security systems development life cycle Describe the information security roles of professionals within an organization 1 Introduction James Anderson, executive consultant at Emagined Security, Inc. , believes information security in an enterprise is a â€Å"well-informed sense of assurance that the information risks and controls are in balance. He is not alone in his perspective. Many information security practitioners recognize that aligning information security needs with business objectives must be the top priority. This chapter’s opening scenario illustrates that the information risks and controls are not in balance at Sequential Label and Supply. Though Amy works in a technical support role and her job is to solve technical problems, it does not occur to her that a malicious software program, like a worm or virus, might be the agent of the company’s current ills.Management also shows signs of confusion and seems to have no idea how to contain this kind of incident. If you were in Amy’s place and were faced with a similar situation, what would you do? How would you react? Would it occur to you that something far more insidious than a technical malfunction was happening at your company? As you explore the chapters of this book and learn more about information security, you will become better able to answer these questions. But before you can begin studying the details of the discipline of information security, you must first know the history and evolution of the field.The History of Information Security The history of information security begins with computer security. The need for computer security—that is, the need to secure physical locations, hardware, and softwa re from threats— arose during World War II when the first mainframes, developed to aid computations for communication code breaking (see Figure 1-1), were put to use. Multiple levels of security were implemented to protect these mainframes and maintain the integrity of their data.Access to sensitive military locations, for example, was controlled by means of badges, keys, and the facial recognition of authorized personnel by security guards. The growing need to maintain national security eventually led to more complex and more technologically sophisticated computer security safeguards. During these early years, information security was a straightforward process composed predominantly of physical security and simple document classification schemes. The primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.One of the first documented security problems that fell outside these categories occurred in the early 196 0s, when a systems administrator was working on an MOTD Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Licensed to: CengageBrain User 4 Chapter 1 Earlier versions of the German code machine Enigma were ? rst broken by the Poles in the 1930s. The British and Americans managed to break later, more complex versions during World War II. The increasingly complex versions of the Enigma, especially the submarine or Unterseeboot version of the Enigma, caused considerable anguish to Allied forces before ? nally being cracked. The information gained from decrypted transmissions was used to anticipate the actions of German armed forces. Some ask why, if we were reading the Enigma, we did not win the war earlier. One might ask, instead, when, if ever, we would have won the war if we hadn’t read it. †1 Figure 1-1 The Enigma Source: Courtesy of National Security Agency (message of the day) file, and another administrator was editing the password file. A software glitch mixed the two files, and the entire password file was printed on every output file. 2 The 1960s During the Cold War, many more mainframes were brought online to accomplish more complex and sophisticated tasks.It became necessary to enable these mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers. In response to this need, the Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant, networked communications system to support the military’s exchange of information. Larr y Roberts, known as the founder of the Internet, developed the project—which was called ARPANET—from its inception. ARPANET is the predecessor to the Internet (see Figure 1-2 for an excerpt from the ARPANET Program Plan).The 1970s and 80s During the next decade, ARPANET became popular and more widely used, and the potential for its misuse grew. In December of 1973, Robert M. â€Å"Bob† Metcalfe, who is credited Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 5 1 Figure 1-2 Development of the ARPANET Program Plan3 Source: Courtesy of Dr. Lawrence Roberts with the development of Ethernet, one of the most popular networking protocols, identified fundamental problems with ARPANET security. Individual remote sites did not have sufficient controls and safeguards to protect data from unauthorized remote users.Other problems abounded: vulnerability of password structure and formats; lack of safety procedures for dial-up connections; and nonexistent user identification and authorization to the system. Phone numbers were widely distributed and openly publicized on the walls of phone booths, giving hackers easy access to ARPANET. Because of the range and frequency of computer security violations and the explosion in the numbers of hosts and users on ARPANET, network security was referred to as network insecurity. In 1978, a famous study entitled â€Å"Protection Analysis: Final Report† was published. It focused on a project undertaken by ARPA to discover the vulnerabilitie s of operating system security. For a timeline that includes this and other seminal studies of computer security, see Table 1-1. The movement toward security that went beyond protecting physical locations began with a single paper sponsored by the Department of Defense, the Rand Report R-609, which attempted to define the multiple controls and mechanisms necessary for the protection of a multilevel computer system.The document was classified for almost ten years, and is now considered to be the paper that started the study of computer security. The security—or lack thereof—of the systems sharing resources inside the Department of Defense was brought to the attention of researchers in the spring and summer of 1967. At that time, systems were being acquired at a rapid rate and securing them was a pressing concern for both the military and defense contractors. Copyright 2011 Cengage Learning. All Rights Reserved.May not be copied, scanned, or duplicated, in whole or in pa rt. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 6 Chapter 1 Date 1968 1973 1975 1978 Documents Maurice Wilkes discusses password security in Time-Sharing Computer Systems.Schell, Downey, and Popek examine the need for additional security in military systems in â€Å"Preliminary Notes on the Design of Secure Military Computer Systems. †5 The Federal Information Processing Standards (FIPS) examines Digital Encryption Standard (DES) in the Federal Register. Bisbey and Hollingworth publish their study â€Å"Protection Analysis: Final Report,† discussing the Protection Analysis project created by ARPA to better understand the vulnerabilities of opera ting system security and examine the possibility of automated vulnerability detection techniques in existing system software. Morris and Thompson author â€Å"Password Security: A Case History,† published in the Communications of the Association for Computing Machinery (ACM). The paper examines the history of a design for a password security scheme on a remotely accessed, time-sharing system. Dennis Ritchie publishes â€Å"On the Security of UNIX† and â€Å"Protection of Data File Contents,† discussing secure user IDs and secure group IDs, and the problems inherent in the systems. Grampp and Morris write â€Å"UNIX Operating System Security. In this report, the authors examine four â€Å"important handles to computer security†: physical control of premises and computer facilities, management commitment to security objectives, education of employees, and administrative procedures aimed at increased security. 7 Reeds and Weinberger publish â€Å"File Secu rity and the UNIX System Crypt Command. † Their premise was: â€Å"No technique can be secure against wiretapping or its equivalent on the computer. Therefore no technique can be secure against the systems administrator or other privileged users †¦ the naive user has no chance. 8 1979 1979 1984 1984 Table 1-1 Key Dates for Seminal Works in Early Computer Security In June of 1967, the Advanced Research Projects Agency formed a task force to study the process of securing classified information systems. The Task Force was assembled in October of 1967 and met regularly to formulate recommendations, which ultimately became the contents of the Rand Report R-609. 9 The Rand Report R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security.It noted that the wide utilization of networking components in information systems in the military introduced security risks that could not be mitigated by the routine pra ctices then used to secure these systems. 10 This paper signaled a pivotal moment in computer security history—when the scope of computer security expanded significantly from the safety of physical locations and hardware to include the following: Securing the data Limiting random and unauthorized access to that data Involving personnel from multiple levels of the organization in matters pertaining to information securityMULTICS Much of the early research on computer security centered on a system called Multiplexed Information and Computing Service (MULTICS). Although it is now obsolete, MULTICS is noteworthy because it was the first operating system to integrate security into Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 7 its core functions. It was a mainframe, time-sharing operating system developed in the mid1960s by a consortium of General Electric (GE), Bell Labs, and the Massachusetts Institute of Technology (MIT). In mid-1969, not long after the restructuring of the MULTICS project, several of its developers (Ken Thompson, Dennis Ritchie, Rudd Canaday, and Doug McIlro) created a new operating system called UNIX.While the MULTICS system implemented multiple security levels and passwords, the UNIX system did not. Its primary function, text processing, did not require the same level of security as that of its predecessor. In fact, it was not until the early 1970s that even the simplest component of security, the password function, became a component of UNIX. In the late 1970s, the microprocessor brought the personal computer and a new age of computing. The PC became the workhorse of modern computing, thereby moving it out of the data center.This decentralization of data processing systems in the 1980s gave rise to networking—that is, the interconnecting of personal computers and mainframe computers, which enabled the entire computing community to make all their resources work together. 1 The 1990s At the close of the twentieth century, networks of computers became more common, as did the need to connect these networks to each other. This gave rise to the Internet, the first global network of networks. The Internet was made available to the general public in the 1990s, having previously been the domain of government, academia, and dedicated industry professionals.The Internet brought connectivity to virtually all computers that could reach a phone line or an Internet-connected local area network (LAN). After the Internet was commercialized, the tec hnology became pervasive, reaching almost every corner of the globe with an expanding array of uses. Since its inception as a tool for sharing Defense Department information, the Internet has become an interconnection of millions of networks. At first, these connections were based on de facto standards, because industry standards for interconnection of networks did not exist at that time.These de facto standards did little to ensure the security of information though as these precursor technologies were widely adopted and became industry standards, some degree of security was introduced. However, early Internet deployment treated security as a low priority. In fact, many of the problems that plague e-mail on the Internet today are the result of this early lack of security. At that time, when all Internet and e-mail users were (presumably trustworthy) computer scientists, mail server authentication and e-mail encryption did not seem necessary.Early computing approaches relied on secu rity that was built into the physical environment of the data center that housed the computers. As networked computers became the dominant style of computing, the ability to physically secure a networked computer was lost, and the stored information became more exposed to security threats. 2000 to Present Today, the Internet brings millions of unsecured computer networks into continuous communication with each other. The security of each computer’s stored information is now contingent on the level of security of every other computer to which it is connected.Recent years have seen a growing awareness of the need to improve information security, as well as a realization that information security is important to national defense. The growing threat of Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 8 Chapter 1 cyber attacks have made governments and companies more aware of the need to defend the computer-controlled control systems of utilities and other critical infrastructure. There is also growing concern about nation-states engaging in information warfare, and the possibility that business and personal information systems could become casualties if they are undefended.What Is Security? In general, security is â€Å"the quality or state of being secure—to be free from danger. †11 In other words, protection against adversaries—from those who would do harm, intentionally or otherwise—is the objective. National security, for example, is a multilayered system that protects the sovereignty of a st ate, its assets, its resources, and its people. Achieving the appropriate level of security for an organization also requires a multifaceted system.A successful organization should have the following multiple layers of security in place to protect its operations: Physical security, to protect physical items, objects, or areas from unauthorized access and misuse Personnel security, to protect the individual or group of individuals who are authorized to access the organization and its operations Operations security, to protect the details of a particular operation or series of activities Communications security, to protect communications media, technology, and content Network security, to protect networking components, connections, and contents Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing, or transmission. It is achieved via the application of policy, education, training and awareness, and techno logy.The Committee on National Security Systems (CNSS) defines information security as the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. 12 Figure 1-3 shows that information security includes the broad areas of information security management, computer and data security, and network security. The CNSS model of information security evolved from a concept developed by the computer security industry called the C. I. A. triangle. The C. I. A. triangle has been the industry standard for computer security since the development of the mainframe. It is based on the three characteristics of information that give it value to organizations: confidentiality, integrity, and availability.The security of these three characteristics of information is as important today as it has always been, but the C. I. A. triangle model no longer adequately addresses the constantly changing environment. The threats to the c onfidentiality, integrity, and availability of information have evolved into a vast collection of events, including accidental or intentional damage, destruction, theft, unintended or unauthorized modification, or other misuse from human or nonhuman threats. This new environment of many constantly evolving threats has prompted the development of a more robust model that addresses the complexities of the current information security environment.The expanded model consists of a list of critical characteristics of information, which are described in the next Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 9 1 Information security Figure 1-3 Components of Information SecuritySource: Course Technology/Cengage Learning section. C. I. A. triangle terminology is used in this chapter because of the breadth of material that is based on it. Key Information Security Concepts This book uses a number of terms and concepts that are essential to any discussion of information security. Some of these terms are illustrated in Figure 1-4; all are covered in greater detail in subsequent chapters. Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or object. Authorized users have legal access to a system, whereas hackers have illegal access to a system. Access controls regulate this ability.Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site, information, or data; or an asset can be physical, such as a person, c omputer system, or other tangible object. Assets, and particularly information assets, are the focus of security efforts; they are what those efforts are attempting to protect. Attack: An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. Someone casually reading sensitive information not intended for his or her use is a passive attack.A hacker attempting to break into an information system is an intentional attack. A lightning strike that causes a fire in a building is an unintentional attack. A direct attack is a hacker using a personal computer to break into a system. An indirect attack is a hacker compromising a system and using it to attack other systems, for example, as part of a botnet (slang for robot network). This group of compromised computers, running software of the attacker’s choosing, can operate autonomously or under the attacker’s direct control to attack systems and steal user information or conduct distributed denial-of-service attacks. Direct attacks originate from the threat itself.Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 10 Chapter 1 Vulnerability: Buffer overflow in online database Web interfaceThreat: Theft Threat agent: Ima Hacker Exploit: Script from MadHackz Web site Attack: Ima Hacker downloads an exploit from MadHackz web site and then accesses buybay’s Web site. Ima then applies the script which runs and compromises buybay's security controls and steals customer data. These actions cause buybay to experience a loss. Asset: buybay’s customer database Figure 1-4 Information Security Terms Source: Course Technology/Cengage Learning Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.The various levels and types of controls are discussed more fully in the following chapters. Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain. Or, an exploit can be a documented process to take advantage of a vulnerability or exposure, usually in software, that is either inherent in the software or is created by the attacker. Exploits make use of existing software tools or custom-made software components. Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present.Loss: A single instance of an information asset suffering damage or unintended or unauthorized modification or disclosure. When an organization’s information is stolen, it has suffered a loss. Protection profile or security posture: The entire set of controls and safeguards, including policy, education, training and awareness, and technology, that the Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cen gage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 11 organization implements (or fails to implement) to protect the asset. The terms are sometimes used interchangeably with the term security program, although the security program often comprises managerial aspects of security, including planning, personnel, and subordinate programs. Risk: The probability that something unwanted will happen. Organizations must minimize risk to match their risk appetite—the quantity and nature of risk the organization is willing to accept.Subjects and objects: A computer can be either the subject of an attack—an agent entity used to conduct the attack—or the object of an attack—the target entity, as shown in Figure 1-5. A computer can be both the subject and object of an attack, when, for example, it is compromised by an attack (object), and is then used to attack other systems (subject). Threat: A category of objects, persons, or other entities that presents a danger to an asset. Threats are always present and can be purposeful or undirected. For example, hackers purposefully threaten unprotected information systems, while severe storms incidentally threaten buildings and their contents. Threat agent: The specific instance or a component of a threat.For example, all hackers in the world present a collective threat, while Kevin Mitnick, who was convicted for hacking into phone systems, is a specific threat agent. Likewise, a lightning strike, hailstorm, or tornado is a threat agent that is part of the threat of severe storms. Vulnerability: A weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Some examples of vulnerabilities are a flaw in a software package, an unprotected system port, and an unlocked door. Some well-known vulnerabilities have been examined, documented, and pu blished; others remain latent (or undiscovered). 1 Critical Characteristics of InformationThe value of information comes from the characteristics it possesses. When a characteristic of information changes, the value of that information either increases, or, more commonly, decreases. Some characteristics affect information’s value to users more than others do. This can depend on circumstances; for example, timeliness of information can be a critical factor, because information loses much or all of its value when it is delivered too late. Though information security professionals and end users share an understanding of the characteristics of subject object Figure 1-5 Computer as the Subject and Object of an Attack Source: Course Technology/Cengage LearningCopyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Edit orial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 12 Chapter 1 information, tensions can arise when the need to secure the information from threats conflicts with the end users’ need for unhindered access to the information.For instance, end users may perceive a tenth-of-a-second delay in the computation of data to be an unnecessary annoyance. Information security professionals, however, may perceive that tenth of a second as a minor delay that enables an important task, like data encryption. Each critical characteristic of information—that is, the expanded C. I. A. triangle—is defined in the sections below. Availability Availability enables authorized users—persons or computer systems—to access information without interference or obstr uction and to receive it in the required format. Consider, for example, research libraries that require identification before entrance.Librarians protect the contents of the library so that they are available only to authorized patrons. The librarian must accept a patron’s identification before that patron has free access to the book stacks. Once authorized patrons have access to the contents of the stacks, they expect to find the information they need available in a useable format and familiar language, which in this case typically means bound in a book and written in English. Accuracy Information has accuracy when it is free from mistakes or errors and it has the value that the end user expects. If information has been intentionally or unintentionally modified, it is no longer accurate. Consider, for example, a checking account.You assume that the information contained in your checking account is an accurate representation of your finances. Incorrect information in your che cking account can result from external or internal errors. If a bank teller, for instance, mistakenly adds or subtracts too much from your account, the value of the information is changed. Or, you may accidentally enter an incorrect amount into your account register. Either way, an inaccurate bank balance could cause you to make mistakes, such as bouncing a check. Authenticity Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.Information is authentic when it is in the same state in which it was created, placed, stored, or transferred. Consider for a moment some common assumptions about e-mail. When you receive e-mail, you assume that a specific individual or group created and transmitted the e-mail—you assume you know the origin of the e-mail. This is not always the case. E-mail spoofing, the act of sending an e-mail message with a modified field, is a problem for many people today, because often the mo dified field is the address of the originator. Spoofing the sender’s address can fool e-mail recipients into thinking that messages are legitimate traffic, thus inducing them to open e-mail they otherwise might not have.Spoofing can also alter data being transmitted across a network, as in the case of user data protocol (UDP) packet spoofing, which can enable the attacker to get access to data stored on computing systems. Another variation on spoofing is phishing, when an attacker attempts to obtain personal or financial information using fraudulent means, most often by posing as another individual or organization. Pretending to be someone you are not is sometimes called pretexting when it is undertaken by law enforcement agents or private investigators. When used in a phishing attack, e-mail spoofing lures victims to a Web server that does not represent the organization it purports to, in an attempt to steal their private data such as account numbers and passwords.The most c ommon variants include posing as a bank or brokerage company, e-commerce organization, or Internet service provider. Even when authorized, pretexting does not always lead to a satisfactory outcome. In 2006, the CEO of Hewlett-Packard Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Licensed to: CengageBrain User Introduction to Information Security 13 Corporation, Patricia Dunn, authorized contract investigators to use pretexting to â€Å"smokeout† a corporate director suspected of leaking confidential information. The resulting firestorm of negative publicity led to Ms. D unn’s eventual departure from the company. 13 1 Confidentiality Information has confidentiality when it is protected from disclosure or exposure to unauthorized individuals or systems. Confidentiality ensures that only those with the rights and privileges to access information are able to do so. When unauthorized individuals or systems can view information, confidentiality is breached.To protect the confidentiality of information, you can use a number of measures, including the following: Information classification Secure document storage Application of general security policies Education of information custodians and end users Confidentiality, like most of the characteristics of information, is interdependent with other characteristics and is most closely related to the characteristic known as privacy. The relationship between these two characteristics is covered in more detail in Chapter 3, â€Å"Legal and Ethical Issues in Security. † The value of confidentiality of information is especially high when it is personal information about employees, customers, or patients. Individuals who transact with an organization expect that their personal information will remain confidential, whether the organization is a federal agency, such as the Internal Revenue Service, or a business. Problems arise when companies disclose confidential information.Sometimes this disclosure is intentional, but there are times when disclosure of confidential information happens by mistake—for example, when confidential information is mistakenly e-mailed to someone outside the organization rather than to someone inside the organization. Several cases of privacy violation are outlined in Offline: Unintentional Disclosures. Other examples of confidentiality breaches are an employee throwing away a document containing critical information without shredding it, or a hacker who successfully breaks into an internal database of a Web-based organization and steals sensitive information about the clients, such as names, addresses, and credit card numbers.As a consumer, you give up pieces of confidential information in exchange for convenience or value almost daily. By using a â€Å"members only† card at a grocery store, you disclose some of your spending habits. When you fill out an online survey, you exchange pieces of your personal history for access to online privileges. The bits and pieces of your information that you disclose are copied, sold, replicated, distributed, and eventually coalesced into profiles and even complete dossiers of yourself and your life. A similar technique is used in a criminal enterprise called salami theft. A deli worker knows he or she cannot steal an entire salami, but a few slices here or there can be taken home without notice.Eventually the deli worker has stolen a whole salami. In information security, salami theft occurs when an employee steals a few pieces of information at a time, knowing that taking more wou ld be noticed—but eventually the employee gets something complete or useable. Integrity Information has integrity when it is whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 14 Chapter 1 Offline Unintentional Disclosures In February 2005, the data aggregation and brokerage firm ChoicePoint revealed that it had been duped into releasing personal information about 145,000 people to identity thieves during 2004. The perpetr ators used stolen identities to create obstensibly legitimate business entities, which then subscribed to ChoicePoint to acquire the data fraudulently.The company reported that the criminals opened many accounts and recorded personal information on individuals, including names, addresses, and identification numbers. They did so without using any network or computer-based attacks; it was simple fraud. 14 While the the amount of damage has yet to be compiled, the fraud is feared to have allowed the perpetrators to arrange many hundreds of instances of identity theft. The giant pharmaceutical organization Eli Lilly and Co. released the e-mail addresses of 600 patients to one another in 2001. The American Civil Liberties Union (ACLU) denounced this breach of privacy, and information technology industry analysts noted that it was likely to influence the public debate on privacy legislation.The company claimed that the mishap was caused by a programming error that occurred when patients w ho used a specific drug produced by the company signed up for an e-mail service to access support materials provided by the company. About 600 patient addresses were exposed in the mass e-mail. 15 In another incident, the intellectual property of Jerome Stevens Pharmaceuticals, a small prescription drug manufacturer from New York, was compromised when the FDA released documents the company had filed with the agency. It remains unclear whether this was a deliberate act by the FDA or a simple error; but either way, the company’s secrets were posted to a public Web site for several months before being removed. 16 damage, destruction, or other disruption of its authentic state. Corruption can occur while information is being stored or transmitted.Many computer viruses and worms are designed with the explicit purpose of corrupting data. For this reason, a key method for detecting a virus or worm is to look for changes in file integrity as shown by the size of the file. Another key method of assuring information integrity is file hashing, in which a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value. The hash value for any combination of bits is unique. If a computer system performs the same hashing algorithm on a file and obtains a different number than the recorded hash value for that file, the file has been compromised and the integrity of the information is lost.Information integrity is the cornerstone of information systems, because information is of no value or use if users cannot verify its integrity. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 15File corruption is not necessarily the result of external forces, such as hackers. Noise in the transmission media, for instance, can also cause data to lose its integrity. Transmitting data on a circuit with a low voltage level can alter and corrupt the data. Redundancy bits and check bits can compensate for internal and external threats to the integrity of information. During each transmission, algorithms, hash values, and the error-correcting codes ensure the integrity of the information. Data whose integrity has been compromised is retransmitted. 1 Utility The utility of information is the quality or state of having value for some purpose or end.Information has value when it can serve a purpose. If information is available, but is not in a format meaningful to the end user, it is not useful. For example, to a private citizen U. S. Census data can quickly become overwhelming and difficult to interpret; however, for a politician, U. S. Census data reveals information about the residents in a district, such as their race, gender, and age. This information can help form a politician’s next campaign strategy. Possession The possession of information is the quality or state of ownership or control. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics.While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality. For example, assume a company stores its critical customer data using an encrypted file system. An employee who has quit decides to take a copy of the tape backups to sell the customer records to the competition. The removal of the tapes from their secure environment is a breach of possession. But, because the data is encrypted, neither the e mployee nor anyone else can read it without the proper decryption methods; therefore, there is no breach of confidentiality. Today, people caught selling company secrets face increasingly stiff fines with the likelihood of jail time.Also, companies are growing more and more reluctant to hire individuals who have demonstrated dishonesty in their past. CNSS Security Model The definition of information security presented in this text is based in part on the CNSS document called the National Training Standard for Information Systems Security Professionals NSTISSI No. 4011. (See www. cnss. gov/Assets/pdf/nstissi_4011. pdf. Since this document was written, the NSTISSC was renamed the Committee on National Security Systems (CNSS)— see www. cnss. gov. The library of documents is being renamed as the documents are rewritten. ) This document presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.T he model, created by John McCumber in 1991, provides a graphical representation of the architectural approach widely used in computer and information security; it is now known as the McCumber Cube. 17 The McCumber Cube in Figure 1-6, shows three dimensions. If extrapolated, the three dimensions of each axis become a 3 3 3 cube with 27 cells representing areas that must be addressed to secure today’s information systems. To ensure system security, each of the 27 areas must be properly addressed during the security process. For example, the intersection between technology, integrity, and storage requires a control or safeguard that addresses the need to use technology to protect the integrity of information while in storage.One such control might be a system for detecting host intrusion that protects the integrity of Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party co ntent may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 16 Chapter 1 Figure 1-6 The McCumber Cube18 Source: Course Technology/Cengage Learning information by alerting the security administrators to the potential modification of a critical file.What is commonly left out of such a model is the need for guidelines and policies that provide direction for the practices and implementations of technologies. The need for policy is discussed in subsequent chapters of this book. Components of an Information System As shown in Figure 1-7, an information system (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information r esources in the organization. These six critical components enable information to be input, processed, output, and stored. Each of these IS components has its own strengths and weaknesses, as well as its own characteristics and uses.Each component of the information system also has its own security requirements. Software The software component of the IS comprises applications, operating systems, and assorted command utilities. Software is perhaps the most difficult IS component to secure. The exploitation of errors in software programming accounts for a substantial portion of the attacks on information. The information technology industry is rife with reports warning of holes, bugs, weaknesses, or other fundamental problems in software. In fact, many facets of daily life are affected by buggy software, from smartphones that crash to flawed automotive control computers that lead to recalls.Software carries the lifeblood of information through an organization. Unfortunately, software programs are often created under the constraints of project management, which limit time, cost, and manpower. Information security is all too often implemented as an afterthought, rather than developed as an integral component from the beginning. In this way, software programs become an easy target of accidental or intentional attacks. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 17 1 Figure 1-7 Components of an Information System Source: Course Technology/Cengage Learning Hardware Hardware is the physical te chnology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets from harm or theft.Applying the traditional tools of physical security, such as locks and keys, restricts access to and interaction with the hardware components of an information system. Securing the physical location of computers and the computers themselves is important because a breach of physical security can result in a loss of information. Unfortunately, most information systems are built on hardware platforms that cannot guarantee any level of information security if unrestricted access to the hardware is possible. Before September 11, 2001, laptop thefts in airports were common. A two-person team worked to steal a computer as its owner passed it through the conveyor scanning devices.The first perpetrator ente red the security area ahead of an unsuspecting target and quickly went through. Then, the second perpetrator waited behind the target until the target placed his/her computer on the baggage scanner. As the computer was whisked through, the second agent slipped ahead of the victim and entered the metal detector with a substantial collection of keys, coins, and the like, thereby slowing the detection process and allowing the first perpetrator to grab the computer and disappear in a crowded walkway. While the security response to September 11, 2001 did tighten the security process at airports, hardware can still be stolen in airports and other public places.Although laptops and notebook computers are worth a few thousand dollars, the information contained in them can be worth a great deal more to organizations and individuals. Data Data stored, processed, and transmitted by a computer system must be protected. Data is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Systems developed in recent years are likely to make use of database Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 18 Chapter 1 management systems. When done properly, this should improve the security of the data and the application. Unfortunately, many system development projects do not make full use of the database management system’s security capabilities, and in some cases the database is implemented in ways that are less secure than traditional file systems. People Though often overlooked in co mputer security considerations, people have always been a threat to information security.Legend has it that around 200 B. C. a great army threatened the security and stability of the Chinese empire. So ferocious were the invaders that the Chinese emperor commanded the construction of a great wall that would defend against the Hun invaders. Around 1275 A. D. , Kublai Khan finally achieved what the Huns had been trying for thousands of years. Initially, the Khan’s army tried to climb over, dig under, and break through the wall. In the end, the Khan simply bribed the gatekeeper—and the rest is history. Whether this event actually occurred or not, the moral of the story is that people can be the weakest link in an organization’s information security program.And unless policy, education and training, awareness, and technology are properly employed to prevent people from accidentally or intentionally damaging or losing information, they will remain the weakest link. S ocial engineering can prey on the tendency to cut corners and the commonplace nature of human error. It can be used to manipulate the actions of people to obtain access information about a system. This topic is discussed in more detail in Chapter 2, â€Å"The Need for Security. † Procedures Another frequently overlooked component of an IS is procedures. Procedures are written instructions for accomplishing a specific task. When an unauthorized user obtains an organization’s procedures, this poses a threat to the integrity of the information.For example, a consultant to a bank learned how to wire funds by using the computer center’s procedures, which were readily available. By taking advantage of a security weakness (lack of authentication), this bank consultant ordered millions of dollars to be transferred by wire to his own account. Lax security procedures caused the loss of over ten million dollars before the situation was corrected. Most organizations distrib ute procedures to their legitimate employees so they can access the information system, but many of these companies often fail to provide proper education on the protection of the procedures. Educating employees about safeguarding procedures is as important as physically securing the information system.After all, procedures are information in their own right. Therefore, knowledge of procedures, as with all critical information, should be disseminated among members of the organization only on a need-to-know basis. Networks The IS component that created much of the need for increased computer and information security is networking. When information systems are connected to each other to form local area networks (LANs), and these LANs are connected to other networks such as the Internet, new security challenges rapidly emerge. The physical technology that enables network functions is becoming more and more accessible to organizations of every size.Applying the traditional tools of phys ical security, such as locks and keys, to restrict access to and interaction with the hardware components of an information system are still important; but when computer systems are networked, this approach is no longer enough. Steps to provide network Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 19 security are essential, as is the implementation of alarm and intrusion ystems to make system owners aware of ongoing compromises. 1 Balancing Information Security and Access Even with the best planning and imple mentation, it is impossible to obtain perfect information security. Recall James Anderson