Police Ethics Essay

For every profession, there is an associated code of ethics, which dictate the norms for the practice of that particular profession. Thus we have business ethics and medical ethics to guide professional in the relevant fields. These guidelines are ethical codes, based on moral reasoning, formed to deliver the good (product or service) through proper means. Sometimes the codes of ethics are formed and evaluated with respect to relevant laws and sometimes with respect to moral laws. Police ethics is applying the above principles to policing. It should be noted here that police ethics is considerably under developed compared to medical or business ethics. This is mainly because of the misunderstanding of the need of police ethics. Law and ethics are different perspectives that are relevant for professions. The lifeline of law and order for any society is obviously its police force. Only when the police are seen to be righteous, the people would have respect and confidence on them. The public would be willing to cooperate and help police personnel, only when they remain trust worthy. It is therefore very important for the police personnel to command the respect and goodwill of the people, to function effectively. The public-police relationship is vital, for maintaining law and order, and this relationship can be strengthened only when police conduct themselves in appropriate manner. Every police officer must realize that they need to be law-abiding citizens too, and serve the society with an unbargained commitment and desire (Proctor, 1997). Members of the police department have to adhere to a code of morality or ethics, if they have to win and retain the trust and respect of the society they serve. It is only when they act in an unfair or inappropriate manner, compromising on their responsibilities and values, that they fall low, in public esteem. High ranking officers in police department have powers and privileges given to them, to help them to perform better in their duty of service to the public. When these are misused, used with bias, or unused for reasons of personal interest; then they defeat the purpose for which they were established. In doing so, the relevant officers have used their power and privileges to harm the society, instead of using it to help society. Police department personnel should avoid relationships that can be interpreted as being unfair or partial. They should realize that accepting gifts and favors are not too far from direct bribes, as these too must carry a sense of gratitude and obliging. Favors particularly, keep flowing out for any police staff, either on duty or off duty. Small time favors that don’t look bad include free transport, low pricing, meals and refreshments, and home-based delivery/services. Even if the officer accepts these with a mindset of not going to oblige, or go out of the way to repay the favor, the provider of the favor expects one. It is unethical if such a gesture is not repaid. If these are unconsciously accepted at the initial stages, an urge to receive more, gradually develops, which soon gets transformed as a right to receive. The community and police service expect law enforcement personnel to lead a honorable and decent life. Inappropriate conduct in private life, disrespecting the law or seeking special privileges reflect appropriately, not only on the officer but the police service as a whole. Police officers need to refrain from accepting such favors in the course of executing their duty. Most department members do not hesitate to seek favors directed towards cutting departmental expenses; on most occasions. This looks normal to the police higher officials too, as they are under instruction to reduce expenditures. Sometimes they may have received administrative orders too, saying that repair or replacement would take time, or cannot be done till the close of the financial year. Such policies only encourage the relevant police staff to look to external free sources. These include repair and maintenance of their premises, small stationary requirements, convict needs etc. It is unfortunate that no one within the government machinery is either aware or realize the negative consequences of such policies. These officers need to realize the extent of public participation in law enforcement, in accordance with binding ethics. Even in their interaction with their own suppliers, the department can be benefited with higher quality and lower costs, when the officers concerned stand up to the same without accepting favors. There are several ways to benefit, directly or indirectly, from unethical conduct. A twisted officer can develop opportunities of benefit from any and every situation. It requires a honest and duty bound officer to turn down benefit aspects and execute the job. Honest and straightforward officers carry with them the credibility of their department. It requires self-commitment and voluntary adoption of ethics to perform in a manner worthy of public respect. It is indeed sad that many police officers have preferred to amass wealth through their disrespect of integrity. As these officers are mostly part of the law enforcement machinery, they often get away unchecked. The only way such tainted officers can be reformed is by self-judgment and choice, rather than external enforcement. Although there are several such dishonest and corrupt policemen, it is only those few, who uphold values and ethics against all adversities, that the department still commands respect and trust. The code of ethics helps police officers to make decisions in dilemma situations, on a day-to-day basis. The ethics toolkit issued by the International Association of Chiefs of Police, emphasizes on the do’s and don’ts of the police, with regard to legal and ethical conduct. It identifies accountability as â€Å"the duty of all officers to truthfully acknowledge and explain their actions and decisions when requested to do so by an authorized member of this agency without deception or subterfuge†. Although the toolkit does not bar police officials from receiving gifts and other items of value, it emphasizes that those receiving unsolicited gifts and items should report the receipt of such things. If required, they should also provide a detailed report of the circumstances under which they were received. Officers should also not buy or keep articles or properties found, impounded, recovered or abandoned. Police officers, through their position in law enforcement, gain access to information; which again should not be used for financial gains or benefits. An important misuse of police power is when they use their powers to resolve personal problems (i.e. problems and issues of the police officer or his friends and relatives). Officers should not involve themselves in ordinary roles like arresting, booking traffic violations, etc., when they are not traveling in a marked police vehicle. The duty of a law enforcement officer is primarily to be in self-compliance with the law, himself. The officer should be aware of law enforcements upon himself, when he is on duty, enforcing it. The officer should realize that his presence in the force and the force itself has been established in line with the community welfare aspirations. Whether the officer is engaged at the local, state or federal level, he plays a role in enforcing the community or public will, a will of safety, security and equality of all. Through all his actions, the officer should defend this system and be careful not to encroach upon it. The law enforcement officer should use his powers to arrest offenders, only in accord with all existing laws (IIT, 2008). At time of arresting, the officer should respect the rights of the offender. In executing the arrest, the officer should only use the minimum physical force necessary. The officer needs to conduct himself with respect to self-compliance, to uphold the law, when dealing with both, law abiders and law violators. It is evident that police officers, who are properly educated and trained, are able to respond better to ethical and moral situations demanded by their professions. It is very important for police officers to be able to overcome their moral and ethical dilemmas, for them to perform their duties and obligations in a professional way (Pagon, 2003). The police officer should be familiar with the principles of police ethics and needs to be trained in moral reasoning and ethics based decision-making. Supervisors have an important role in establishing and promoting the spirit of the code of ethics. They should be role models in the community’s effort of delivering impartial, effective and professional policing service. The supervisors should ensure that individuals under their guidance and responsibility develop their professional performance. They should question and address behaviors which violate conduct codes, apart from reporting wherever appropriate (NIPB, 2007). The supervisor’s responsibility of maintaining professional standards and integrity can be facilitated by advice, corrective or appropriate action. When complaints of misconducts are brought by public, the supervisor must investigate and take appropriate actions. He should send a message that there would be no compromise on any actions by any staff that are directed to personal interests. The police officers of today face a tough challenge of maintaining law and order in the society like never before. The enforcement officers of today combat crimes, law and order situations and risks that were not relevant ever before. Life style changes, technological developments and international relevance for all happenings, have made the job tougher. There is no doubt that for the compromising officer, such situations open up newer avenues of quick money and wealth. But for the honest officer, he would be without all such illegal benefits. Tainted officers may go free, enjoy their ill-gotten wealth; but it is the money earned by honest means that give the satisfaction and peace of mind. Apart from satisfaction, there is an immense sense of self-value, that one would cherish forever. Living on legitimate earnings, is in several ways, a pride to the family and the community, to which the officer belongs. An honest officer needs no certificate. He is easily identified and respected by the public and his very own colleagues. The most capable and respectful officer is perhaps one, who can say each day to himself â€Å"I don’t fall for money or favors†. REFERENCES Proctor S.T. 1997. Metropolitan Police Department Ethics and Integrity. [Electronic Version] retrieved on 24th March 2008 from http://www.dcwatch.com/police/971215.htm International Association of Chiefs of Police (2002) Ethics Toolkit [Electronic Version] retrieved on 25th March 2008 from http://www.theiacp.org/profassist/ethics/model_policy.htm Illinois Institute of Technology CSEP (2008) Canons of police ethics [Electronic Version] retrieved on 25th March 2008 from http://ethics.iit.edu/codes/coe/int.assoc.chiefs.police.canons.html Pagon M. (2003) Police ethics and integrity [Electronic Version] retrieved on 26th March 2008 from http://www.police-studies.com/papers/police-ethics-integrity.pdf Northern Ireland Policing Board (2007) Code of ethics for the police service of Northern Ireland integrity [Electronic Version] retrieved on 26th March 2008 from http://www.nipolicingboard.org.uk/nipb_ethics.pdf

Numerous poems Essay

Numerous poems tackle the theme of loneliness using invented or any of the variety of available poetic forms. Most often, the feeling is expressed through either a single and extended metaphor or through a number of interconnected imageries with the purpose of creating a tight and unified construction that would arouse the reader’s empathy towards the poem’s meaning. In poems like these, the focus is the metaphors used to put the theme across. The form is also important, but secondary to content. However, for other poets meaning can be conveyed equally by both content and form. For e. e. cumming, the form can even dictate the metaphor. His post-modernist poem â€Å"leaf falls on loneliness† illustrates how structure can be used to communicate the meaning of a poem even more that its metaphor, thus evoking varied and more vast experiences with the reading. The nine-line poem consists of one to five letters per line. Seven lines are made up of two letters each, one line has three letters, while the longest final line has five. The entire poem spells out the word â€Å"loneliness†. The word is interrupted, however, by a phrase written inside a parenthesis: â€Å"a leaf falls†. The interruption occurs after the first letter, cutting off the letter â€Å"l† from the rest of the word. The irregularity in the grouping of letters is not arbitrary. The form of the poem obviously seeks to approximate the fall of a leaf. One could imagine the leaf as it sways from side to side, then twirls in space looking like a narrow spinning band, until it eventually rests flat on the ground during the poem’s longest final line. The visual fall makes the reader understand the poem’s metaphor: loneliness, like a falling leaf, is a sinking feeling. The image of a falling leaf is a cliche but e. e. cummings makes his poem different not only by employing a unique structure scheme but also by putting both the metaphorical image and the theme stated plainly together in the poem. A greeting card or an amateur exposition would attempt to define the word â€Å"loneliness†. An inferior poet would only focus on the â€Å"falling leaf† metaphor and wax poetic about the possible meanings behind the image. Cummings put both together and in the process does not only call the reader’s attention to the connection of the words with the image but, because of the placement of the letters, raises other points of discussion. For instance, the detachment of the letter â€Å"l† from the word â€Å"loneliness† only means that to be lonely means to be detached from the rest of humanity as much as a falling leaf gets detached from the rest of the leaves in a branch. This is further emphasized with the parenthesis, another symbol of breaking-off one part from the whole where it came from. Still another interpretation for the interruption may be that the feeling of loneliness occurs when one’s life is interrupted by the sight of a falling leaf, which is a metaphor for many sad things in life. Also, the letter â€Å"l† in the first line, which reappears on the eighth line, may also be read as the number one, a solitary figure. A lonely person feels alone. Finally, the poem’s form and metaphors bring upon the reader’s mind other images of loneliness. The metaphor of the falling leaf recalls autumn with its falling leaves, people at the brink of death or snow on a bleak winter’s night falling on a desolate landscape. All these pictures are used in many poems expounding on the same theme and all these associations will be awakened within the reader because while the poem is sparse, it has the ability to involve the reader to deep thought. Meanwhile, the slimness of the poem evokes the briefness of life. At the same time, it could mean the fluid downward movement of life, after one has passed the prime of life, the individual slows down to old age until he dies, and nothing would remain eventually. At first glance, the disinterested reader may think that e. e. cummings has employed gimmickry with â€Å"leaf falls on loneliness. † Closer inspection and repeated readings would prove, however, that unlike most poems whose beauty rests on the metaphors used in the lines, the form of a poem can also be exploited to be the metaphor itself. It can elicit so many associations, making the reading more profound as when one tries to make meanings out of words in another poem. Cumming’s poem is a great example of how form can also dictate the beauty of a poem.

Cypop 5 Task 6

Task 6 Maintaining a good relationship needs a lot of information for it to work, it is essential for the parents to be involved as they are the MOST important person in the child’s life. Without communication and information a small problem can quickly turn into a large problem which will be more difficult to solve. The parents are the ones that know their child the best and also hold the key to all their little ways. We as childminders help the children to develop to their best potential, by involving the parents we can all work together on the same page to give the child the consistency they need to develop.Good communication is a vital part of the relationship between parents, children and childminders; this will make sure that the child and parents know how they are getting on and what has been happening whilst the child is in your setting. This can be maintained by regular meetings to discuss the child’s progress and also any problems that may be occurring. These discussions may reveal changes in the child’s home/social life so will have to be handled sensitively.When the parents have decided to use my service I will give them a copy of my contract and ask them to take it away to read and to sign it. In the first meeting the parents will be given all the information needed to make a decision whether or not to send their child to me. This information could include availability and costing, I will also give a tour of my facilities and an explanation of the activities that I will provide. Routines are important in a child’s life, where possible I will endeavour to work with them. Every child’s needs are different, from nap times to special diets etc.From the first session with the child/parents I will work with them both to find out their needs and have them planned into the days activities. An agreement will be made between myself and the parents to provide what the child needs to develop and anything that the child is or is not allowed, e. g. sweets, TV, toys etc. Where possible the children will be involved in decision making, for example what activities they would like to do, what to eat for lunch etc providing these decisions are practicable and fall within the agreed guidelines.It is important to let the children take part in the day to day running of the setting wherever it is safe to do so, this will give them a sense of responsibility and achievement. Routines change and differ from child to child; a child of 12 months would have a different routine to a child of 5 years. As a child grows I will make sure that the routine is changed to suit the needs of the child. For example they may need a shorter nap time or if they are an older child then make sure their homework is done. Dinner times etc may need to be changed to reflect the changing routines.As a child grows the need for things like nappy changing, 1:1 feeding and nap time decrease and the time for playing and interacting increases. Onc e the child reaches school they may need to have increased relaxation time so that they can adjust to a school routine, and more quiet time so that any homework can be completed. The way in which I will welcome a new child to my setting would be to introduce myself and the others in My household to the child and maybe â€Å"buddy† them up with another child-if possible of a similar age to themselves.The new child will then have someone they can turn to for any help if they do not want to come to me. I will make sure that any special comforters are identified before hand and brought with the child on the first day so that there is something familiar they can be comfortable with. From the outset the child will be involved in some of the decision making, and I will be there if they have any problems or if they just need a cuddle. I could help them settle in by knowing any information that might help, i. . any siblings, pets, favourite family members/toys etc. I could use this in formation to help them in the transition from home to childminder; this may be the first time they have been away from their parents. All the children in my care will be treated equally and with respect, but I will also take into account different cultural differences. The children in my care will be encouraged to learn about other people’s cultures, history and backgrounds, this could include food, religious festivals, music etc.

Principles of Information Security, 4th Ed. – Michael E. Whitman Chap 01

Licensed to: CengageBrain User Licensed to: CengageBrain User Principles of Information Security, Fourth Edition Michael E. Whitman and Herbert J. Mattord Vice President Editorial, Career Education & Training Solutions: Dave Garza Director of Learning Solutions: Matthew Kane Executive Editor: Steve Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Development Editor: Lynne Raughley Editorial Assistant: Jennifer Wheaton Vice President Marketing, Career Education & Training Solutions: Jennifer Ann Baker Marketing Director: Deborah S.Yarnell Senior Marketing Manager: Erin Coffin Associate Marketing Manager: Shanna Gibbs Production Manager: Andrew Crouth Content Project Manager: Brooke Greenhouse Senior Art Director: Jack Pendleton Manufacturing Coordinator: Amy Rogers Technical Edit/Quality Assurance: Green Pen Quality Assurance  © 2012 Course Technology, Cengage Learning For more information, contact or find us on the World Wide Web at: www. course. com ALL R IGHTS RESERVED.No part of this work covered by the copyright herein may be reproduced, transmitted, stored or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher.For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or product, submit all requests online at cengage. com/permissions Further permission questions can be emailed to [email  protected] comLibrary of Congress Control Number: 2010940654 ISBN-13: 978-1-111-13821-9 ISBN-10: 1-111-13821-4 Course Technology 20 Channel Center Boston, MA 02210 USA Cengage Learning is a leading provider of custo mized learning solutions with office locations around the globe, including Singapore, the United Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at: international. cengage. com/region. Cengage Learning products are represented in Canada by Nelson Education, Ltd. For your lifelong learning solutions, visit course. cengage. com Purchase any of our products at your local college store or at our preferred online store www. engagebrain. com. Printed in the United States of America 1 2 3 4 5 6 7 8 9 14 13 12 11 10 Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it . Licensed to: CengageBrain User hapter 1 Introduction to Information Security Do not figure on opponents not attacking; worry about your own lack of preparation. BOOK OF THE FIVE RINGS For Amy, the day began like any other at the Sequential Label and Supply Company (SLS) help desk. Taking calls and helping office workers with computer problems was not glamorous, but she enjoyed the work; it was challenging and paid well. Some of her friends in the industry worked at bigger companies, some at cutting-edge tech companies, but they all agreed that jobs in information technology were a good way to pay the bills.The phone rang, as it did on average about four times an hour and about 28 times a day. The first call of the day, from a worried user hoping Amy could help him out of a jam, seemed typical. The call display on her monitor gave some of the facts: the user’s name, his phone number, the department in which he worked, where his office was on the company campus, and a list of all the calls he’d made in the past. â€Å"Hi, Bob,† she said. â€Å"Did you get that document formatting problem squared away? † â€Å"Sure did, Amy. Hope we can figure out what’s going on this time. † â€Å"We’ll try, Bob. Tell me about it. † â€Å"Well, my PC is acting weird,† Bob said. When I go to the screen that has my e-mail program running, it doesn’t respond to the mouse or the keyboard. † â€Å"Did you try a reboot yet? † 1 Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageB rain User Chapter 1 â€Å"Sure did. But the window wouldn’t close, and I had to turn it off. After it restarted, I opened the e-mail program, and it’s just like it was before—no response at all. The other stuff is working OK, but really, really slowly. Even my Internet browser is sluggish. † â€Å"OK, Bob. We’ve tried the usual stuff we can do over the phone. Let me open a case, and I’ll dispatch a tech over as soon as possible. † Amy looked up at the LED tally board on the wall at the end of the room. She saw that there were only two technicians dispatched to deskside support at the moment, and since it was the day shift, there were four available. Shouldn’t be long at all, Bob. † She hung up and typed her notes into ISIS, the company’s Information Status and Issues System. She assigned the newly generated case to the deskside dispatch queue, which would page the roving deskside team with the details in just a few minutes. A moment later, Amy looked up to see Charlie Moody, the senior manager of the server administration team, walking briskly down the hall. He was being trailed by three of his senior technicians as he made a beeline from his office to the door of the server room where the company servers were kept in a controlled environment. They all looked worried.Just then, Amy’s screen beeped to alert her of a new e-mail. She glanced down. It beeped again—and again. It started beeping constantly. She clicked on the envelope icon and, after a short delay, the mail window opened. She had 47 new e-mails in her inbox. She opened one from Davey Martinez, an acquaintance from the Accounting Department. The subject line said, â€Å"Wait till you see this. † The message body read, â€Å"Look what this has to say about our managers’ salaries†¦Ã¢â‚¬  Davey often sent her interesting and funny e-mails, and she failed to notice that the file attachment icon was unu sual before she clicked it.Her PC showed the hourglass pointer icon for a second and then the normal pointer reappeared. Nothing happened. She clicked the next e-mail message in the queue. Nothing happened. Her phone rang again. She clicked the ISIS icon on her computer desktop to activate the call management software and activated her headset. â€Å"Hello, Tech Support, how can I help you? † She couldn’t greet the caller by name because ISIS had not responded. â€Å"Hello, this is Erin Williams in receiving. † Amy glanced down at her screen. Still no ISIS.She glanced up to the tally board and was surprised to see the inbound-call-counter tallying up waiting calls like digits on a stopwatch. Amy had never seen so many calls come in at one time. â€Å"Hi, Erin,† Amy said. â€Å"What’s up? † â€Å"Nothing,† Erin answered. â€Å"That’s the problem. † The rest of the call was a replay of Bob’s, except that Amy had to jot notes down on a legal pad. She couldn’t dispatch the deskside support team either. She looked at the tally board. It had gone dark. No numbers at all. Then she saw Charlie running down the hall from the server room. He didn’t look worried anymore. He looked frantic. Amy picked up the phone again.She wanted to check with her supervisor about what to do now. There was no dial tone. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 3LEARNING OBJECTIVES: Upon completion of this material, you should be able to: †¢ †¢ †¢ †¢ †¢ Define information security Recount the history of computer security, and explain how it evolved into information security Define key terms and critical concepts of information security Enumerate the phases of the security systems development life cycle Describe the information security roles of professionals within an organization 1 Introduction James Anderson, executive consultant at Emagined Security, Inc. , believes information security in an enterprise is a â€Å"well-informed sense of assurance that the information risks and controls are in balance. He is not alone in his perspective. Many information security practitioners recognize that aligning information security needs with business objectives must be the top priority. This chapter’s opening scenario illustrates that the information risks and controls are not in balance at Sequential Label and Supply. Though Amy works in a technical support role and her job is to solve technical problems, it does not occur to her that a malicious software program, like a worm or virus, might be the agent of the company’s current ills.Management also shows signs of confusion and seems to have no idea how to contain this kind of incident. If you were in Amy’s place and were faced with a similar situation, what would you do? How would you react? Would it occur to you that something far more insidious than a technical malfunction was happening at your company? As you explore the chapters of this book and learn more about information security, you will become better able to answer these questions. But before you can begin studying the details of the discipline of information security, you must first know the history and evolution of the field.The History of Information Security The history of information security begins with computer security. The need for computer security—that is, the need to secure physical locations, hardware, and softwa re from threats— arose during World War II when the first mainframes, developed to aid computations for communication code breaking (see Figure 1-1), were put to use. Multiple levels of security were implemented to protect these mainframes and maintain the integrity of their data.Access to sensitive military locations, for example, was controlled by means of badges, keys, and the facial recognition of authorized personnel by security guards. The growing need to maintain national security eventually led to more complex and more technologically sophisticated computer security safeguards. During these early years, information security was a straightforward process composed predominantly of physical security and simple document classification schemes. The primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.One of the first documented security problems that fell outside these categories occurred in the early 196 0s, when a systems administrator was working on an MOTD Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Licensed to: CengageBrain User 4 Chapter 1 Earlier versions of the German code machine Enigma were ? rst broken by the Poles in the 1930s. The British and Americans managed to break later, more complex versions during World War II. The increasingly complex versions of the Enigma, especially the submarine or Unterseeboot version of the Enigma, caused considerable anguish to Allied forces before ? nally being cracked. The information gained from decrypted transmissions was used to anticipate the actions of German armed forces. Some ask why, if we were reading the Enigma, we did not win the war earlier. One might ask, instead, when, if ever, we would have won the war if we hadn’t read it. †1 Figure 1-1 The Enigma Source: Courtesy of National Security Agency (message of the day) file, and another administrator was editing the password file. A software glitch mixed the two files, and the entire password file was printed on every output file. 2 The 1960s During the Cold War, many more mainframes were brought online to accomplish more complex and sophisticated tasks.It became necessary to enable these mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers. In response to this need, the Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant, networked communications system to support the military’s exchange of information. Larr y Roberts, known as the founder of the Internet, developed the project—which was called ARPANET—from its inception. ARPANET is the predecessor to the Internet (see Figure 1-2 for an excerpt from the ARPANET Program Plan).The 1970s and 80s During the next decade, ARPANET became popular and more widely used, and the potential for its misuse grew. In December of 1973, Robert M. â€Å"Bob† Metcalfe, who is credited Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 5 1 Figure 1-2 Development of the ARPANET Program Plan3 Source: Courtesy of Dr. Lawrence Roberts with the development of Ethernet, one of the most popular networking protocols, identified fundamental problems with ARPANET security. Individual remote sites did not have sufficient controls and safeguards to protect data from unauthorized remote users.Other problems abounded: vulnerability of password structure and formats; lack of safety procedures for dial-up connections; and nonexistent user identification and authorization to the system. Phone numbers were widely distributed and openly publicized on the walls of phone booths, giving hackers easy access to ARPANET. Because of the range and frequency of computer security violations and the explosion in the numbers of hosts and users on ARPANET, network security was referred to as network insecurity. In 1978, a famous study entitled â€Å"Protection Analysis: Final Report† was published. It focused on a project undertaken by ARPA to discover the vulnerabilitie s of operating system security. For a timeline that includes this and other seminal studies of computer security, see Table 1-1. The movement toward security that went beyond protecting physical locations began with a single paper sponsored by the Department of Defense, the Rand Report R-609, which attempted to define the multiple controls and mechanisms necessary for the protection of a multilevel computer system.The document was classified for almost ten years, and is now considered to be the paper that started the study of computer security. The security—or lack thereof—of the systems sharing resources inside the Department of Defense was brought to the attention of researchers in the spring and summer of 1967. At that time, systems were being acquired at a rapid rate and securing them was a pressing concern for both the military and defense contractors. Copyright 2011 Cengage Learning. All Rights Reserved.May not be copied, scanned, or duplicated, in whole or in pa rt. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 6 Chapter 1 Date 1968 1973 1975 1978 Documents Maurice Wilkes discusses password security in Time-Sharing Computer Systems.Schell, Downey, and Popek examine the need for additional security in military systems in â€Å"Preliminary Notes on the Design of Secure Military Computer Systems. †5 The Federal Information Processing Standards (FIPS) examines Digital Encryption Standard (DES) in the Federal Register. Bisbey and Hollingworth publish their study â€Å"Protection Analysis: Final Report,† discussing the Protection Analysis project created by ARPA to better understand the vulnerabilities of opera ting system security and examine the possibility of automated vulnerability detection techniques in existing system software. Morris and Thompson author â€Å"Password Security: A Case History,† published in the Communications of the Association for Computing Machinery (ACM). The paper examines the history of a design for a password security scheme on a remotely accessed, time-sharing system. Dennis Ritchie publishes â€Å"On the Security of UNIX† and â€Å"Protection of Data File Contents,† discussing secure user IDs and secure group IDs, and the problems inherent in the systems. Grampp and Morris write â€Å"UNIX Operating System Security. In this report, the authors examine four â€Å"important handles to computer security†: physical control of premises and computer facilities, management commitment to security objectives, education of employees, and administrative procedures aimed at increased security. 7 Reeds and Weinberger publish â€Å"File Secu rity and the UNIX System Crypt Command. † Their premise was: â€Å"No technique can be secure against wiretapping or its equivalent on the computer. Therefore no technique can be secure against the systems administrator or other privileged users †¦ the naive user has no chance. 8 1979 1979 1984 1984 Table 1-1 Key Dates for Seminal Works in Early Computer Security In June of 1967, the Advanced Research Projects Agency formed a task force to study the process of securing classified information systems. The Task Force was assembled in October of 1967 and met regularly to formulate recommendations, which ultimately became the contents of the Rand Report R-609. 9 The Rand Report R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security.It noted that the wide utilization of networking components in information systems in the military introduced security risks that could not be mitigated by the routine pra ctices then used to secure these systems. 10 This paper signaled a pivotal moment in computer security history—when the scope of computer security expanded significantly from the safety of physical locations and hardware to include the following: Securing the data Limiting random and unauthorized access to that data Involving personnel from multiple levels of the organization in matters pertaining to information securityMULTICS Much of the early research on computer security centered on a system called Multiplexed Information and Computing Service (MULTICS). Although it is now obsolete, MULTICS is noteworthy because it was the first operating system to integrate security into Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 7 its core functions. It was a mainframe, time-sharing operating system developed in the mid1960s by a consortium of General Electric (GE), Bell Labs, and the Massachusetts Institute of Technology (MIT). In mid-1969, not long after the restructuring of the MULTICS project, several of its developers (Ken Thompson, Dennis Ritchie, Rudd Canaday, and Doug McIlro) created a new operating system called UNIX.While the MULTICS system implemented multiple security levels and passwords, the UNIX system did not. Its primary function, text processing, did not require the same level of security as that of its predecessor. In fact, it was not until the early 1970s that even the simplest component of security, the password function, became a component of UNIX. In the late 1970s, the microprocessor brought the personal computer and a new age of computing. The PC became the workhorse of modern computing, thereby moving it out of the data center.This decentralization of data processing systems in the 1980s gave rise to networking—that is, the interconnecting of personal computers and mainframe computers, which enabled the entire computing community to make all their resources work together. 1 The 1990s At the close of the twentieth century, networks of computers became more common, as did the need to connect these networks to each other. This gave rise to the Internet, the first global network of networks. The Internet was made available to the general public in the 1990s, having previously been the domain of government, academia, and dedicated industry professionals.The Internet brought connectivity to virtually all computers that could reach a phone line or an Internet-connected local area network (LAN). After the Internet was commercialized, the tec hnology became pervasive, reaching almost every corner of the globe with an expanding array of uses. Since its inception as a tool for sharing Defense Department information, the Internet has become an interconnection of millions of networks. At first, these connections were based on de facto standards, because industry standards for interconnection of networks did not exist at that time.These de facto standards did little to ensure the security of information though as these precursor technologies were widely adopted and became industry standards, some degree of security was introduced. However, early Internet deployment treated security as a low priority. In fact, many of the problems that plague e-mail on the Internet today are the result of this early lack of security. At that time, when all Internet and e-mail users were (presumably trustworthy) computer scientists, mail server authentication and e-mail encryption did not seem necessary.Early computing approaches relied on secu rity that was built into the physical environment of the data center that housed the computers. As networked computers became the dominant style of computing, the ability to physically secure a networked computer was lost, and the stored information became more exposed to security threats. 2000 to Present Today, the Internet brings millions of unsecured computer networks into continuous communication with each other. The security of each computer’s stored information is now contingent on the level of security of every other computer to which it is connected.Recent years have seen a growing awareness of the need to improve information security, as well as a realization that information security is important to national defense. The growing threat of Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 8 Chapter 1 cyber attacks have made governments and companies more aware of the need to defend the computer-controlled control systems of utilities and other critical infrastructure. There is also growing concern about nation-states engaging in information warfare, and the possibility that business and personal information systems could become casualties if they are undefended.What Is Security? In general, security is â€Å"the quality or state of being secure—to be free from danger. †11 In other words, protection against adversaries—from those who would do harm, intentionally or otherwise—is the objective. National security, for example, is a multilayered system that protects the sovereignty of a st ate, its assets, its resources, and its people. Achieving the appropriate level of security for an organization also requires a multifaceted system.A successful organization should have the following multiple layers of security in place to protect its operations: Physical security, to protect physical items, objects, or areas from unauthorized access and misuse Personnel security, to protect the individual or group of individuals who are authorized to access the organization and its operations Operations security, to protect the details of a particular operation or series of activities Communications security, to protect communications media, technology, and content Network security, to protect networking components, connections, and contents Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing, or transmission. It is achieved via the application of policy, education, training and awareness, and techno logy.The Committee on National Security Systems (CNSS) defines information security as the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. 12 Figure 1-3 shows that information security includes the broad areas of information security management, computer and data security, and network security. The CNSS model of information security evolved from a concept developed by the computer security industry called the C. I. A. triangle. The C. I. A. triangle has been the industry standard for computer security since the development of the mainframe. It is based on the three characteristics of information that give it value to organizations: confidentiality, integrity, and availability.The security of these three characteristics of information is as important today as it has always been, but the C. I. A. triangle model no longer adequately addresses the constantly changing environment. The threats to the c onfidentiality, integrity, and availability of information have evolved into a vast collection of events, including accidental or intentional damage, destruction, theft, unintended or unauthorized modification, or other misuse from human or nonhuman threats. This new environment of many constantly evolving threats has prompted the development of a more robust model that addresses the complexities of the current information security environment.The expanded model consists of a list of critical characteristics of information, which are described in the next Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 9 1 Information security Figure 1-3 Components of Information SecuritySource: Course Technology/Cengage Learning section. C. I. A. triangle terminology is used in this chapter because of the breadth of material that is based on it. Key Information Security Concepts This book uses a number of terms and concepts that are essential to any discussion of information security. Some of these terms are illustrated in Figure 1-4; all are covered in greater detail in subsequent chapters. Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or object. Authorized users have legal access to a system, whereas hackers have illegal access to a system. Access controls regulate this ability.Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site, information, or data; or an asset can be physical, such as a person, c omputer system, or other tangible object. Assets, and particularly information assets, are the focus of security efforts; they are what those efforts are attempting to protect. Attack: An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. Someone casually reading sensitive information not intended for his or her use is a passive attack.A hacker attempting to break into an information system is an intentional attack. A lightning strike that causes a fire in a building is an unintentional attack. A direct attack is a hacker using a personal computer to break into a system. An indirect attack is a hacker compromising a system and using it to attack other systems, for example, as part of a botnet (slang for robot network). This group of compromised computers, running software of the attacker’s choosing, can operate autonomously or under the attacker’s direct control to attack systems and steal user information or conduct distributed denial-of-service attacks. Direct attacks originate from the threat itself.Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 10 Chapter 1 Vulnerability: Buffer overflow in online database Web interfaceThreat: Theft Threat agent: Ima Hacker Exploit: Script from MadHackz Web site Attack: Ima Hacker downloads an exploit from MadHackz web site and then accesses buybay’s Web site. Ima then applies the script which runs and compromises buybay's security controls and steals customer data. These actions cause buybay to experience a loss. Asset: buybay’s customer database Figure 1-4 Information Security Terms Source: Course Technology/Cengage Learning Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.The various levels and types of controls are discussed more fully in the following chapters. Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain. Or, an exploit can be a documented process to take advantage of a vulnerability or exposure, usually in software, that is either inherent in the software or is created by the attacker. Exploits make use of existing software tools or custom-made software components. Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present.Loss: A single instance of an information asset suffering damage or unintended or unauthorized modification or disclosure. When an organization’s information is stolen, it has suffered a loss. Protection profile or security posture: The entire set of controls and safeguards, including policy, education, training and awareness, and technology, that the Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cen gage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 11 organization implements (or fails to implement) to protect the asset. The terms are sometimes used interchangeably with the term security program, although the security program often comprises managerial aspects of security, including planning, personnel, and subordinate programs. Risk: The probability that something unwanted will happen. Organizations must minimize risk to match their risk appetite—the quantity and nature of risk the organization is willing to accept.Subjects and objects: A computer can be either the subject of an attack—an agent entity used to conduct the attack—or the object of an attack—the target entity, as shown in Figure 1-5. A computer can be both the subject and object of an attack, when, for example, it is compromised by an attack (object), and is then used to attack other systems (subject). Threat: A category of objects, persons, or other entities that presents a danger to an asset. Threats are always present and can be purposeful or undirected. For example, hackers purposefully threaten unprotected information systems, while severe storms incidentally threaten buildings and their contents. Threat agent: The specific instance or a component of a threat.For example, all hackers in the world present a collective threat, while Kevin Mitnick, who was convicted for hacking into phone systems, is a specific threat agent. Likewise, a lightning strike, hailstorm, or tornado is a threat agent that is part of the threat of severe storms. Vulnerability: A weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Some examples of vulnerabilities are a flaw in a software package, an unprotected system port, and an unlocked door. Some well-known vulnerabilities have been examined, documented, and pu blished; others remain latent (or undiscovered). 1 Critical Characteristics of InformationThe value of information comes from the characteristics it possesses. When a characteristic of information changes, the value of that information either increases, or, more commonly, decreases. Some characteristics affect information’s value to users more than others do. This can depend on circumstances; for example, timeliness of information can be a critical factor, because information loses much or all of its value when it is delivered too late. Though information security professionals and end users share an understanding of the characteristics of subject object Figure 1-5 Computer as the Subject and Object of an Attack Source: Course Technology/Cengage LearningCopyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Edit orial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 12 Chapter 1 information, tensions can arise when the need to secure the information from threats conflicts with the end users’ need for unhindered access to the information.For instance, end users may perceive a tenth-of-a-second delay in the computation of data to be an unnecessary annoyance. Information security professionals, however, may perceive that tenth of a second as a minor delay that enables an important task, like data encryption. Each critical characteristic of information—that is, the expanded C. I. A. triangle—is defined in the sections below. Availability Availability enables authorized users—persons or computer systems—to access information without interference or obstr uction and to receive it in the required format. Consider, for example, research libraries that require identification before entrance.Librarians protect the contents of the library so that they are available only to authorized patrons. The librarian must accept a patron’s identification before that patron has free access to the book stacks. Once authorized patrons have access to the contents of the stacks, they expect to find the information they need available in a useable format and familiar language, which in this case typically means bound in a book and written in English. Accuracy Information has accuracy when it is free from mistakes or errors and it has the value that the end user expects. If information has been intentionally or unintentionally modified, it is no longer accurate. Consider, for example, a checking account.You assume that the information contained in your checking account is an accurate representation of your finances. Incorrect information in your che cking account can result from external or internal errors. If a bank teller, for instance, mistakenly adds or subtracts too much from your account, the value of the information is changed. Or, you may accidentally enter an incorrect amount into your account register. Either way, an inaccurate bank balance could cause you to make mistakes, such as bouncing a check. Authenticity Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.Information is authentic when it is in the same state in which it was created, placed, stored, or transferred. Consider for a moment some common assumptions about e-mail. When you receive e-mail, you assume that a specific individual or group created and transmitted the e-mail—you assume you know the origin of the e-mail. This is not always the case. E-mail spoofing, the act of sending an e-mail message with a modified field, is a problem for many people today, because often the mo dified field is the address of the originator. Spoofing the sender’s address can fool e-mail recipients into thinking that messages are legitimate traffic, thus inducing them to open e-mail they otherwise might not have.Spoofing can also alter data being transmitted across a network, as in the case of user data protocol (UDP) packet spoofing, which can enable the attacker to get access to data stored on computing systems. Another variation on spoofing is phishing, when an attacker attempts to obtain personal or financial information using fraudulent means, most often by posing as another individual or organization. Pretending to be someone you are not is sometimes called pretexting when it is undertaken by law enforcement agents or private investigators. When used in a phishing attack, e-mail spoofing lures victims to a Web server that does not represent the organization it purports to, in an attempt to steal their private data such as account numbers and passwords.The most c ommon variants include posing as a bank or brokerage company, e-commerce organization, or Internet service provider. Even when authorized, pretexting does not always lead to a satisfactory outcome. In 2006, the CEO of Hewlett-Packard Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Licensed to: CengageBrain User Introduction to Information Security 13 Corporation, Patricia Dunn, authorized contract investigators to use pretexting to â€Å"smokeout† a corporate director suspected of leaking confidential information. The resulting firestorm of negative publicity led to Ms. D unn’s eventual departure from the company. 13 1 Confidentiality Information has confidentiality when it is protected from disclosure or exposure to unauthorized individuals or systems. Confidentiality ensures that only those with the rights and privileges to access information are able to do so. When unauthorized individuals or systems can view information, confidentiality is breached.To protect the confidentiality of information, you can use a number of measures, including the following: Information classification Secure document storage Application of general security policies Education of information custodians and end users Confidentiality, like most of the characteristics of information, is interdependent with other characteristics and is most closely related to the characteristic known as privacy. The relationship between these two characteristics is covered in more detail in Chapter 3, â€Å"Legal and Ethical Issues in Security. † The value of confidentiality of information is especially high when it is personal information about employees, customers, or patients. Individuals who transact with an organization expect that their personal information will remain confidential, whether the organization is a federal agency, such as the Internal Revenue Service, or a business. Problems arise when companies disclose confidential information.Sometimes this disclosure is intentional, but there are times when disclosure of confidential information happens by mistake—for example, when confidential information is mistakenly e-mailed to someone outside the organization rather than to someone inside the organization. Several cases of privacy violation are outlined in Offline: Unintentional Disclosures. Other examples of confidentiality breaches are an employee throwing away a document containing critical information without shredding it, or a hacker who successfully breaks into an internal database of a Web-based organization and steals sensitive information about the clients, such as names, addresses, and credit card numbers.As a consumer, you give up pieces of confidential information in exchange for convenience or value almost daily. By using a â€Å"members only† card at a grocery store, you disclose some of your spending habits. When you fill out an online survey, you exchange pieces of your personal history for access to online privileges. The bits and pieces of your information that you disclose are copied, sold, replicated, distributed, and eventually coalesced into profiles and even complete dossiers of yourself and your life. A similar technique is used in a criminal enterprise called salami theft. A deli worker knows he or she cannot steal an entire salami, but a few slices here or there can be taken home without notice.Eventually the deli worker has stolen a whole salami. In information security, salami theft occurs when an employee steals a few pieces of information at a time, knowing that taking more wou ld be noticed—but eventually the employee gets something complete or useable. Integrity Information has integrity when it is whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 14 Chapter 1 Offline Unintentional Disclosures In February 2005, the data aggregation and brokerage firm ChoicePoint revealed that it had been duped into releasing personal information about 145,000 people to identity thieves during 2004. The perpetr ators used stolen identities to create obstensibly legitimate business entities, which then subscribed to ChoicePoint to acquire the data fraudulently.The company reported that the criminals opened many accounts and recorded personal information on individuals, including names, addresses, and identification numbers. They did so without using any network or computer-based attacks; it was simple fraud. 14 While the the amount of damage has yet to be compiled, the fraud is feared to have allowed the perpetrators to arrange many hundreds of instances of identity theft. The giant pharmaceutical organization Eli Lilly and Co. released the e-mail addresses of 600 patients to one another in 2001. The American Civil Liberties Union (ACLU) denounced this breach of privacy, and information technology industry analysts noted that it was likely to influence the public debate on privacy legislation.The company claimed that the mishap was caused by a programming error that occurred when patients w ho used a specific drug produced by the company signed up for an e-mail service to access support materials provided by the company. About 600 patient addresses were exposed in the mass e-mail. 15 In another incident, the intellectual property of Jerome Stevens Pharmaceuticals, a small prescription drug manufacturer from New York, was compromised when the FDA released documents the company had filed with the agency. It remains unclear whether this was a deliberate act by the FDA or a simple error; but either way, the company’s secrets were posted to a public Web site for several months before being removed. 16 damage, destruction, or other disruption of its authentic state. Corruption can occur while information is being stored or transmitted.Many computer viruses and worms are designed with the explicit purpose of corrupting data. For this reason, a key method for detecting a virus or worm is to look for changes in file integrity as shown by the size of the file. Another key method of assuring information integrity is file hashing, in which a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value. The hash value for any combination of bits is unique. If a computer system performs the same hashing algorithm on a file and obtains a different number than the recorded hash value for that file, the file has been compromised and the integrity of the information is lost.Information integrity is the cornerstone of information systems, because information is of no value or use if users cannot verify its integrity. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 15File corruption is not necessarily the result of external forces, such as hackers. Noise in the transmission media, for instance, can also cause data to lose its integrity. Transmitting data on a circuit with a low voltage level can alter and corrupt the data. Redundancy bits and check bits can compensate for internal and external threats to the integrity of information. During each transmission, algorithms, hash values, and the error-correcting codes ensure the integrity of the information. Data whose integrity has been compromised is retransmitted. 1 Utility The utility of information is the quality or state of having value for some purpose or end.Information has value when it can serve a purpose. If information is available, but is not in a format meaningful to the end user, it is not useful. For example, to a private citizen U. S. Census data can quickly become overwhelming and difficult to interpret; however, for a politician, U. S. Census data reveals information about the residents in a district, such as their race, gender, and age. This information can help form a politician’s next campaign strategy. Possession The possession of information is the quality or state of ownership or control. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics.While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality. For example, assume a company stores its critical customer data using an encrypted file system. An employee who has quit decides to take a copy of the tape backups to sell the customer records to the competition. The removal of the tapes from their secure environment is a breach of possession. But, because the data is encrypted, neither the e mployee nor anyone else can read it without the proper decryption methods; therefore, there is no breach of confidentiality. Today, people caught selling company secrets face increasingly stiff fines with the likelihood of jail time.Also, companies are growing more and more reluctant to hire individuals who have demonstrated dishonesty in their past. CNSS Security Model The definition of information security presented in this text is based in part on the CNSS document called the National Training Standard for Information Systems Security Professionals NSTISSI No. 4011. (See www. cnss. gov/Assets/pdf/nstissi_4011. pdf. Since this document was written, the NSTISSC was renamed the Committee on National Security Systems (CNSS)— see www. cnss. gov. The library of documents is being renamed as the documents are rewritten. ) This document presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.T he model, created by John McCumber in 1991, provides a graphical representation of the architectural approach widely used in computer and information security; it is now known as the McCumber Cube. 17 The McCumber Cube in Figure 1-6, shows three dimensions. If extrapolated, the three dimensions of each axis become a 3 3 3 cube with 27 cells representing areas that must be addressed to secure today’s information systems. To ensure system security, each of the 27 areas must be properly addressed during the security process. For example, the intersection between technology, integrity, and storage requires a control or safeguard that addresses the need to use technology to protect the integrity of information while in storage.One such control might be a system for detecting host intrusion that protects the integrity of Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party co ntent may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 16 Chapter 1 Figure 1-6 The McCumber Cube18 Source: Course Technology/Cengage Learning information by alerting the security administrators to the potential modification of a critical file.What is commonly left out of such a model is the need for guidelines and policies that provide direction for the practices and implementations of technologies. The need for policy is discussed in subsequent chapters of this book. Components of an Information System As shown in Figure 1-7, an information system (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information r esources in the organization. These six critical components enable information to be input, processed, output, and stored. Each of these IS components has its own strengths and weaknesses, as well as its own characteristics and uses.Each component of the information system also has its own security requirements. Software The software component of the IS comprises applications, operating systems, and assorted command utilities. Software is perhaps the most difficult IS component to secure. The exploitation of errors in software programming accounts for a substantial portion of the attacks on information. The information technology industry is rife with reports warning of holes, bugs, weaknesses, or other fundamental problems in software. In fact, many facets of daily life are affected by buggy software, from smartphones that crash to flawed automotive control computers that lead to recalls.Software carries the lifeblood of information through an organization. Unfortunately, software programs are often created under the constraints of project management, which limit time, cost, and manpower. Information security is all too often implemented as an afterthought, rather than developed as an integral component from the beginning. In this way, software programs become an easy target of accidental or intentional attacks. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 17 1 Figure 1-7 Components of an Information System Source: Course Technology/Cengage Learning Hardware Hardware is the physical te chnology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets from harm or theft.Applying the traditional tools of physical security, such as locks and keys, restricts access to and interaction with the hardware components of an information system. Securing the physical location of computers and the computers themselves is important because a breach of physical security can result in a loss of information. Unfortunately, most information systems are built on hardware platforms that cannot guarantee any level of information security if unrestricted access to the hardware is possible. Before September 11, 2001, laptop thefts in airports were common. A two-person team worked to steal a computer as its owner passed it through the conveyor scanning devices.The first perpetrator ente red the security area ahead of an unsuspecting target and quickly went through. Then, the second perpetrator waited behind the target until the target placed his/her computer on the baggage scanner. As the computer was whisked through, the second agent slipped ahead of the victim and entered the metal detector with a substantial collection of keys, coins, and the like, thereby slowing the detection process and allowing the first perpetrator to grab the computer and disappear in a crowded walkway. While the security response to September 11, 2001 did tighten the security process at airports, hardware can still be stolen in airports and other public places.Although laptops and notebook computers are worth a few thousand dollars, the information contained in them can be worth a great deal more to organizations and individuals. Data Data stored, processed, and transmitted by a computer system must be protected. Data is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Systems developed in recent years are likely to make use of database Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 18 Chapter 1 management systems. When done properly, this should improve the security of the data and the application. Unfortunately, many system development projects do not make full use of the database management system’s security capabilities, and in some cases the database is implemented in ways that are less secure than traditional file systems. People Though often overlooked in co mputer security considerations, people have always been a threat to information security.Legend has it that around 200 B. C. a great army threatened the security and stability of the Chinese empire. So ferocious were the invaders that the Chinese emperor commanded the construction of a great wall that would defend against the Hun invaders. Around 1275 A. D. , Kublai Khan finally achieved what the Huns had been trying for thousands of years. Initially, the Khan’s army tried to climb over, dig under, and break through the wall. In the end, the Khan simply bribed the gatekeeper—and the rest is history. Whether this event actually occurred or not, the moral of the story is that people can be the weakest link in an organization’s information security program.And unless policy, education and training, awareness, and technology are properly employed to prevent people from accidentally or intentionally damaging or losing information, they will remain the weakest link. S ocial engineering can prey on the tendency to cut corners and the commonplace nature of human error. It can be used to manipulate the actions of people to obtain access information about a system. This topic is discussed in more detail in Chapter 2, â€Å"The Need for Security. † Procedures Another frequently overlooked component of an IS is procedures. Procedures are written instructions for accomplishing a specific task. When an unauthorized user obtains an organization’s procedures, this poses a threat to the integrity of the information.For example, a consultant to a bank learned how to wire funds by using the computer center’s procedures, which were readily available. By taking advantage of a security weakness (lack of authentication), this bank consultant ordered millions of dollars to be transferred by wire to his own account. Lax security procedures caused the loss of over ten million dollars before the situation was corrected. Most organizations distrib ute procedures to their legitimate employees so they can access the information system, but many of these companies often fail to provide proper education on the protection of the procedures. Educating employees about safeguarding procedures is as important as physically securing the information system.After all, procedures are information in their own right. Therefore, knowledge of procedures, as with all critical information, should be disseminated among members of the organization only on a need-to-know basis. Networks The IS component that created much of the need for increased computer and information security is networking. When information systems are connected to each other to form local area networks (LANs), and these LANs are connected to other networks such as the Internet, new security challenges rapidly emerge. The physical technology that enables network functions is becoming more and more accessible to organizations of every size.Applying the traditional tools of phys ical security, such as locks and keys, to restrict access to and interaction with the hardware components of an information system are still important; but when computer systems are networked, this approach is no longer enough. Steps to provide network Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 19 security are essential, as is the implementation of alarm and intrusion ystems to make system owners aware of ongoing compromises. 1 Balancing Information Security and Access Even with the best planning and imple mentation, it is impossible to obtain perfect information security. Recall James Anderson

Communiction Theories Essay Example | Topics and Well Written Essays - 250 words - 5

Communiction Theories - Essay Example Production of communication is on different levels with different kinds of individuals. When strangers meet for the first time, they do not know a lot about each other, they converse so that they can know each other better (Littlejohn & Foss 246). The individuals go through definite steps as well as checkpoints so that uncertainty can be diminished about one other and shape a thought of whether one individual likes or detests the other. Whatever one of the individuals says cannot ultimately be true and may leave the other individual with uncertainty. As individuals communicate they make plans to achieve their goals. These plans may include passive strategies by observing the individual, active strategies by asking other individuals about the personality or looking up information, and interactive strategies by making inquiries and self-disclosure. At extremely uncertain time’s individuals become more cautious and depend more on data presented in diverse circumstances, which they find truthful. When individuals do not have a lot of certainty they lose self-assurance, in their individual plans and put together contingency plans (Littlejohn & Foss 287). Elevated heights of uncertainty builds distance among individuals and non-verbal self-expression have a propensity to assist in the trim down of this uncertainty. Berger generates theorems by combining axioms to capitulate a predictable conclusion. For instance, if connection reduces uncertainty and diminished uncertainty elevates liking, then it is obvious that connection and liking are optimistically interconnected. This can be proved because this correlation exists in extensively reputable findings in studies on interpersonal

Ancident and Medieval Cities History Question 2 Essay

Ancident and Medieval Cities History Question 2 - Essay Example For example, figure 3.4 shows a boat being towed across a river which means river traffic is being controlled by the administrators on land. This certainly shows that the city had grown to a point where traffic on the river could cause confusion and even traffic jams which had to be avoided in order to keep Rome running efficiently. Just as the Romans had created pathways for clean water coming into the city and pathways for removing dirty water out of the city, their river transport systems allowed more to be done in less time. Of course the input of more goods coming from around the empire meant that the Romans needed specific ways and better methods for storing the goods that were coming to them. To handle this, they created granaries like the ones shown in figure 3.5 which allowed food and grain to remain fresh for longer periods of time than before. As reported by Dunn et. al. (2006), technological innovations allow cities to build more and grow at a faster rate than other cities and the expansion of Rome not only created the requirement for improved technology, it also answered the requirements with improvements in technology. In fact, such innovations are just a few of the total innovations which the Romans called on to help them in growing their city in a stable manner. For example, the presence of social services such as a city wide fire management system and the ability of their engineers to build multistory houses and apartment buildings only helped in expanding the city (Wikipedia, 2007). At the same time, their engineers and technologists also helped in expanding the overall size of the Roman Empire with the creation of empire wide systems of management that were greatly helped by the Roman development of paved roads and tracks. These roads allowed not only the fast movement of troops and legions but also of goods

Assignment #7 PKG 381 Example | Topics and Well Written Essays - 250 words

#7 PKG 381 - Assignment Example st part of sustainability is based on reducing the wastes that a company produces to the environment and at the same time changing the company to become completely sustainable in the future. Industries that would have the most positive environmental impact when they are engaged into sustainable practices include oil and gas industries, fertilizer, paper, motor vehicle and other industries that uses chemicals and release chemical wastes to the environment. These industries would have the most positive impact to the environment in case they engage on sustainable practices since through such practices, they will reduce lot of pollution they cause to the environment. At the same time, such industries are known for releasing some of the most harmful gases as well as minerals to the atmosphere. Such gases like carbon monoxide, sulphur dioxide and others are very harmful when inhaled by humans. At the same time, they form part of the ozone gases that cause the greenhouse effect to our environment, leading to global warming. Heavy metal such as Lead are also released by industries such as fertilizer industries, to the nearby drainages that empty their waters to the water stream s used by humans. Such metals are harmful to human lie as they cause cancerous conditions in