Effective Management Essay Example | Topics and Well Written Essays - 1000 words

Effective Management - Essay Example In this essay, the most important characteristics of an effective manager are discussed. According to Whetton and Cameron, (2005) the most important personal; qualities essential for a manager are the awareness of one's own self, ability to manage stress and ability to solve problems analytically and creatively. First and foremost quality that builds clarity in the thought process is the self awareness. Cox(1994) in his work mentions that, self awareness is very essential to have a concept of self regard and worthiness to define the persons' emotional intelligence . More awareness of the person's personal values gives direction when decisions have to be made. When a person is aware of the inner self, then they can appreciate the differences between individuals when working in a group. An effective manager feels comfortable in welcoming different viewpoints and can create a shared sense of commitment in a team. The next personal quality that is very essential is the person's anility to manage stress constructively. The manager may have this ability by nature or should acquire this ability to manage stress. Stress cannot be avoided in today's competitive business environment. But the manager should not let the stress to hamper the judgments made. Effective management of stress can be achieved though time management, team building and work redesign. Managing the stress is very essential to develop resilience in the individual who can steer the organization through the odds to success. The other personal skill that has to be possessed by a manager is the ability to solve problems analytically and creatively. A manager should be able to think beyond the traditional boundaries of thought. If the manager has the ability to do so, he can create alternative solutions which are far beyond the traditional options available. He should be able to combine unrelated alternatives to create an alternative solution for a problem which can create a platform for innovation. Interpersonal skills Managers are supposed to have a range of interpersonal skills like coaching, counseling, offering supportive communication, exercising influence, motivating others and managing conflicts. Of all these interpersonal skills the ability to offer supportive communication is very essential. According to Losada and Heaphy(2004), supportive communication is the communication that seeks to preserve a positive relationship between the communications while still addressing the problem at hand. It allows you to provide negative feedback or to resolve a difficult issue with another person and as a result can strengthen the relationship. Next important aspect of interpersonal skill is the leadership skill. Leadership expert McFadden(2007) comments that, "the leader should have passion for the people which means that the leader regards the people more than himself. In order to fulfill this requirement, the success of the leader will be heavily contingent upon whether he has accomplished the first "P" - passion for purpose". A leader of any group is like the leader of an expedition; people are trusting in his guidance because they believe that his expertise is the result of him having already made

Luxury Market in China Essay Example for Free

Luxury Market in China Essay China is positioned to become the world’s largest luxury market in five years and a study by Datamonitor reported China’s luxury goods market was worth $9. 4billion by the end of 2009, which accounted for 27. 5% of the world’s luxury goods market. [1] They also predict that by 2015, China’s market will be valued at $14. 6billion. The main driver of this growth in the luxury gods market is the extreme wealth creation that China has experiences in the past ten years as its GDP has grown 10% annually on average, which is three times more than the global GDP. Investment Week quotes a recent World Wealth Report by Merrill Lynch Cap Gemini stating that there are 477,000 Chinese millionaires and China is also leading the world with the number of billionaires (Investment week. [2]) The combination of the staggering growth of the Chinese economy creating such great private wealth and the political and social evolution China has gone through over the last 30 years has created a tidal wave of opportunity for luxury retailers. Politically, China has gone through many changes over the last thirty years that has primed the economy and citizens for a surge in individualism and the pride in the ability to afford and purchase luxury goods. In 1976 Mao Zedong passed away and in 1979 the One Child Policy was introduced and applied by China’s new leader, Deng Xiaoping. China’s population was growing at an alarming rate and in order to curb this growth rate, Chinese were limited to having one child per household. Fast-forward thirty years and these only children, who have been raised by 6 parents, has created a â€Å"little emperor† mentality where their every desire it met, and is recently being satiated by Western goods. They now have buying power and they are spending it on high priced goods. The choices and options available today are a stark contrast to the limitations their parents experienced thirty years prior in a vastly different political time. Socially, China has always been a country deeply embedded in traditions such as gift giving, saving face and the respect for the hierarchal society. These traditions all stem from â€Å"guanxi,† the all-important notion of relationships, which is what drives business and social status. The culture of relationships is paramount for being successful in China so the combination of mass wealth and the traditions all surrounding Guanxi has attributed to the exponential growth of the luxury market in China. Although the Chinese have been known to be a culture of saving, the tides have shifted and the 20-30 something’s have created a society of excessive spending due to extravagant purchases to support their new tastes as well as these traditions. The new breed of buyers are young and are embracing their freedom to purchase in their capitalistic society, which is a far cry from their parents socialist upbringing. Therefore both social and political changes have created this perfect storm of excess, which is fueling the luxury good market in China and for many years to come. Mao Zedong, the leader of China from 1949 until his death in 1976 is still regarded as a controversial figure but his rule and communist policies molded the beliefs of many parents and grandparents living in China today. Under Mao’s rule there was no individualism and consumption was controlled. Mao is regarded as a great leader in China as he is thought to have laid the groundwork for China becoming the great power that it is today as a result of his leadership of the Great Leap Forward and Cultural Revolution. While he did create the building blocks for present day China, he has been compared to communist leaders like Hitler and Stalin. He urged citizens to reject capitalism and even at one point â€Å"proposed the Socialist Education Movement (SEM) in an attempt to educate the peasants to resist the temptations of feudalism and the sprouts of capitalism that he saw re-emerging in the countryside. †[3] The citizens living in these times are now parents and while their lifestyles are very conservative, they are raising children in a very different political environment. Their children didn’t have a communist ruler and therefore have different views on modesty and consumption. While there is still a strict focus on studying and discipline, the focus on success and showing that you are successful has been morphed into an obsession with Western brands showing pride in ones accomplishments. Even as young children the Western culture is quite alluring, with children asking to be rewarded for good grades by going to McDonalds as we were told by one of the speakers. Today in China, people are who they wear. Even as Nicole from LVMH mentioned, the Chinese are obsessed with showing that they are wearing designer brands that you will see some wearing clothes and sunglasses with the tags still on them to show who the designer is. These â€Å"nouveau riche† are the products of parents who didn’t have any choices and now they are embarrassing their freedom to chose. Forbes reported â€Å"the average Chinese luxury consumer will spend roughly 11% of her income on luxury handbags along. †[4] They also go on to say that these consumers are â€Å"highly educated and highly motivated to identify products that will complement his or her individuality and rising power. †4 Parents of these kids weren’t allowed to have individuality, but now their children are not only wanting it but also seeking it with huge spending power. Spending 11% of your income on a luxury bag shows the emotional and mental bond to these luxury items. In the US simply to qualify for a loan for a mortgage, your total debt can’t be more than 45% of your income. To think that a quarter of that goes towards handbags alone not even included likely purchases like luxury cars, wines etc makes me think if this type of spending is going to be sustainable for the Chinese market. In China, there were many nice cars, but I didn’t think that perhaps these people are driving cars they can’t afford. I am used to the United States where living on credit is a way of life, but this takes it to a whole new level. The millionaires are able to afford this, but if a middle class person is spending such a high percentage of her income on something like handbags, its going to create an economy where nobody can afford to buy a house and retirement is never attainable. One of the Bentley students that sat with us at lunch mentioned that she wanted to buy a house but that she couldn’t without her parent’s financial support due to the 50%-70% down payment required. She and most young people are lucky that their parents have saved and will be able to help them, but for those in the younger generation who aren’t saving won’t be able to help their kids and there might be a whole future generation who can never afford to own property. These younger generations parents grew up in a communist and socialist society, where there isn’t the ability to care about status, but status and luxury has now become the currency in China. The millionaires in China are younger with an average age of 39. [5] These young millionaires enjoy showing their status with nice things from great bottles of wine, cars to handbags. They are achieving success and are looking to reward themselves with nice things, which also shows status among their peers. A report on the watch market, mentioned that men â€Å"need a watch of a certain quality to be part of the social circle. †[6] The need to show status and create a sense of belonging in a social group has become so apparent that retailers are taking notice and even creating products specifically for the Chinese buyer. Mercedes Benz is even making a car with a longer wheelbase for the Chinese businessmen who are chauffeured around and need to have more room in the back which is a big difference from the rest of the world where carmakers are creating smaller cars that consume less energy and are more economical. [7] The retailers and manufacturers of world are taking note that the new Chinese buyer is very different from their parents given all of the political changes of the past few decades. While the political changes are one factor in the shift of buying trends, policy has also been a great factor and one specifically is the One Child Policy, which was introduced in 1979. This policy has created what many call, the â€Å"Little Emperor† society as a result of one child being raised by 6 parents (on immediate and two sets of grandparents. ) These children have grown up being catered to and supported by six people and now their wants and needs are changing, as they get older. Where as their parents likely gave them the best they could afford, these 20 and 30 something’s are becoming obsessed with Western brands, which cost a premium. Even with a 30% import tax, individuals who grew up getting what they wanted are buying these Western luxury brands, at times spending their entire months salary on a handbag. Although their parents had a culture of saving, this new generation tastes for highly taxed Western goods to show status has greatly changed this cultural norm. For this generation to keep up with their friend, they have forgone the notion of saving in replacement of a life full of luxury goods with no savings. I spoke to Mico about this on the bus and she mentioned that her friends spend all of their money on luxury goods and there’s now a saying in Chinese that means that you spend all of your money that you make that month. She mentioned that buying fakes is a faux pas and that they only buy the real things, which is what leads to them spending all of their money. She noted that this was very different from the upbringing of her parents who were brought up saving almost 40% of their money. In the popular market that we went to in Shanghai, there were almost no Chinese in there and when we asked Mico if she went to the market to get knockoffs, she said that knockoffs’ were â€Å"so three years ago. † It quickly became apparent why That is there where Chinese people in the markets; they are in the real stores buying the real thing. In the streets it was quite apparent that everyone had designer bags and clothing on, but this was mainly in Shanghai, Beijing and Hangzhou. In Xi’an there was still a feeling of communism, everything was still grey and there weren’t many people sporting their designer clothes. The opportunity right now is in the 1s tier cities and many retailers are trying to expand to the 2nd and 3rd tier cities. The opportunity in China purely based on the enormous populations in these cities. The first focus for the retailers were the tier 1 cities and now the 2nd and 3rd tier cities will be paramount for companies to sustain this continued growth. While political changes have made way for the change in buying and spending trends of young Chinese buyers, tradition has maintained an important part of the culture across all generations of Chinese and the luxury market surge has been fueled by these traditions. Guanxi, the focus on relationships as part of the Chinese culture has many components, one of which is the value of gift giving as a sign of respect. Gift giving is a huge part of Chinese culture, most prominent around the Chinese New Year, but a very large part of life socially and professionally year round. According to the authors of the book â€Å"The Cult of the Luxury Brand,† â€Å"quanxi†¦is the single biggest factor spurring the growth of luxe in China. †[8] When you give a gift to someone in China, it means you are thanking him or her for helping you but also solidifies your â€Å"guanxi† with them and continues the future relationship. Luxury items are now raising the bar in gift giving as recipients truly appreciate the luxury gifts and merchants have reported â€Å"frantic levels of spending† 8 all at once by shoppers who are looking to purchase gifts for their business partners and friends. The culture of saving face plays into this as well since the more luxurious the gift, the better. If you are looking to show great gratitude and â€Å"save face† then you will purchase a luxury item as a gift. In business face is extremely important so even Western brands are also learning this culture of gift giving, as they know the importance of partners in their business so they are making sure to take care of them by giving great gifts. In addition to the culture of gift giving that has fueled the luxury market growth, the culture of hierarchal respect has also attributed to this. Many Chinese of the younger generation believe that luxury products â€Å"mark where you have traveled up to but they also give you permission to continue succeeding. †[9] In a culture where you are competing with so many people and success is so important, it’s easy to see how luxury products represent achieving a certain social status and also denotes the fact that you will stay in that status. As Nicole from LVMH was speaking to us she noted that there are usually 40-50 students in each classroom. Students from an early age learn to be one in a large crowd, but as they get older and look to prove to the world what they have accomplished, and they use designer goods to reflect their status. The irony of this is that one would think that after growing up being one in a crowd, one would think that they would want to show status and individuality, but the items they purchase to show their status is exactly what their peers have chosen, which is likely a Louis Vuitton handbag. For instance, although it was quite conducive to the weather, when we were in China, every single person had Ugg boots on. In the US while Ugg is a popular brand, there are many more brands being worn, as there are many more tastes expressed by individuals. It was very interesting to see that there was a proliferation of a small number of brands, namely Louis Vuitton, as I came to quickly realize that the Chinese want to wear brands that are recognizable. While they are moving towards a more individualistic society, their tendency to be one of a group is still quite prominent. They do value the luxury brands to show status, but their need to be part of a group, albeit a high status group, is still quite unmistakable in the sea of Gucci and Louis Vuitton purses that were worn like a badge of honor by the women of China. The trip to China was quite eye-opening form the perspective of a Westerner who is used to a more modest lifestyle with an abundance of variety. The flashy cars and purses were immediately apparent from Beijing through Shanghai, but as I sit here thinking about the political and social changes that China has gone through in the past few decades, I only with I was smart enough to somehow capitalize on this. China is a fascinating country to visit given its great history and culture that is evident today, but it’s also great to have visited a country that is still going through many changes and evolving at such a rapid rate. While the rest of the world is clearly evolving, China is doing so at an exponentially quicker rate than most and that was quite clear with the sea of cranes in every city putting up buildings everywhere. I do believe that culture will always be a part of the Chinese people and lifestyle, but it will be interesting to see when this locomotive of luxury obsession begins to ebb or if China will meet its own credit crunch in the coming years given the drastic change in spending habits that the younger generations have adopted. [1] Chinese appetite for premium products growing despite slowing economic activity. Datamonitor July 20010, English ed. : 16. Print. [2] Andrea Gerst and Scilla Huang Sun, â€Å"China’s passion for luxury goods increases,† Investment Week, September 6, 2010. [3] â€Å"Cultural China,†http://history. cultural-china. com/en/46H9449H13452. html [4] Evelyn Rusli, â€Å"What Chinese Shoppers Want,† Forbes, March 8, 2010. [5] Andrea Gerst and Scilla Huang Sun, â€Å"China’s passion for luxury goods increases,† Investment Week, September 6, 2010. [6] Florent Bondoux, â€Å"Luxury watches find booming market in China,† Media, September 10, 2009, 17. [7] â€Å"Lengthened Mercedes-Benz E-Class to hit Chinese shores† http://www. benzinsider. com/2010/04/lengthened-mercedes-benz-e-class-to-hit-chinese-shores/ [8] â€Å"China Luxury,† http://app1. hkicpa. org. hk/APLUS/0710/p24_29. pdf [9] â€Å"Is Chinas Luxury Goods Market a Pot of Gold for Marketers? † Knowledge at Wharton, assessed July 27, 2007, http://english. cri. cn/2946/2007/07/27/[emailprotected] htm.

Donnes Convincing Techniques In His Argumentative Poems English Language Essay

Donnes Convincing Techniques In His Argumentative Poems English Language Essay After John Donnes poetry became prominent again in the 20th century, many critics have tried to identify the source of Donnes persuasiveness throughout his poems. Some related this to his masculine expression. Some others related it to the manly culture of the speakers. Others still believed in the idea that Donne has reached to this level of persuasiveness through manipulation of language. But it seems that Donnes convincing power cannot be attributed to these techniques alone. This paper will briefly introduce three major techniques which can be considered as the source of his persuasiveness. If we want to categorize Donnes poetry into some groups, two groups surely will constitute his argumentative and seductive poems. In the first one, the speaker tries to persuade someone to take a specific action or to adopt a certain point of view or at least has an appreciation for the speakers argumentative skill. The speakers in the argumentative poems have different aims: one tries to stop people from criticizing his love, while another tries to get the sun to stop shining into his room. The convincing power of an argumentative poem is determined by whether or not the reader side with the speaker at the end of the poem rather than the speakers opponent. The listeners can be referred to as witnesses than a participant in this debate and in this position they can evaluate the persuasiveness of the poem by determining the effect of the poem on them. In the other group which is seductive poems, the speaker shares a common purpose in making his arguments: to get a woman to sleep with him. The approach that Donne is using here to persuade his loves is to construct logical arguments. So the seductive poems can also be considered as pieces of persuasion because the speakers success is based on the strength of the argument. Analyzing Donnes argumentative and seductive poems makes it clear that there are some repeated techniques at work in these poems. These techniques help the speakers create powerful arguments that persuade the readers. One technique that is found in almost all of Donnes persuasive poems is that his speakers systematically prove each claim. This is clearly achieved by his great ability in using wit and reason even in his most sensuous poems that is called the association sensibility. Even his most passionate poems work by reason and logic. This logic can be seen when Donnes speakers give examples and evidence to support their claims. The other persuasive technique found in many of Donnes poems is using vivid metaphors and similes to ground the arguments in a pleasing and convincing way. Donnes speakers use these poetic devices not for decoration but to help explain abstract concepts of love. This practical use of literary devices can be seen clearly in the fact that many of Donnes metaphors come from ordinary objects that are familiar. Many of Donnes images come from business or are objects that can be found in urban settings. This familiarity makes the metaphors easy to understand, which is useful in persuading a reader. And the last repeated technique used in most of Donnes argumentative and seductive poems is that his speakers use a bold and direct manner of expression. In this delivery technique, Donne includes lines that contain especially loaded words delivered in a straightforward manner which in turn gives it a tremendous force. This force helps persuade the readers by adding emotional power to the logic of the argument. This paper attempts to show the application of aforementioned techniques, through a detailed analysis, in three of Donnes most famous persuasive poems: The Apparition, Sun Rising, and The Flea. The Apparition In The Apparition, Donnes speaker employs very unconventional methods to seduce a woman. Instead of using flattery or romantic lines, the speaker uses frightening words in order to get the woman to be with him. This method is so unconventional that many readers do not read The Apparition as a seductive poem. While the majority of readers do not consider The Apparition to be a seductive poem, there is textual evidence to the contrary. Early in the poem, the speaker alludes to past attempts to seduce the woman when he says, And that thou thinkst thee free/From all solicitation from mee (1-2). The word solicitation indicates that the speaker has been romantically interested in the woman. This interest introduces the idea that the speakers ultimate goal may be to seduce the woman. The idea that the speakers aim is seduction is confirmed at the poems conclusion when the speaker says, I had rather thou shouldst painfully repent,/Than by my threatnings rest still innocent (16-17). The crime the woman needs to repent for is revealed earlier in the poem when the speaker says the woman is killing him by refusing his advances. The woman can be innocent if she accepts the speakers solicitations and thus ceases to kill him. This conclusion shows that the speakers aim all along has been for the woman to sleep with him. This intent characterizes The Apparition as a seductive poem. The technique the speaker uses to seduce the woman is to frighten her into being with him. The speaker hopes that if he scares the woman enough, she will choose to be with him to avoid facing the grim future that awaits her if she rejects him. While this approach is unconventional, the speaker has tried seducing the woman through conventional approaches that have failed. Frightening the woman is a way for the speaker to try a new technique since his old techniques are not working. The first fear technique employed by the speaker is a strong line at the beginning of the poem. The speaker opens by saying, When by thy scorne, O murdresse, I am dead (1). This line is strongly worded in that it uses words loaded with negative connotations like murdresse and dead. By accusing the woman of murder at the beginning, the speaker is establishing an aggressive tone that carries an emotional force throughout the rest of the poem. This emotional force puts the woman in a vulnerable position, and sets her up to be persuaded. The predominant fear strategy employed by the speaker is to threaten the woman. The threat takes the form of a ghost that will haunt her as the speaker reveals when saying, Then shall my ghost come to thy bed (4). This threat is consistent with the claim that the woman is killing the speaker since ghosts are thought to avenge undeserved deaths. Being haunted by a ghost is a frightening prospect that the woman would want to avoid. If the ghosts presence is not intimidating enough, the speaker claims that the ghost will issue a frightening proclamation. The speaker says, What I will say, I will not tell thee now,/Lest that preserve thee' (14-15). The I the speaker refers to is his ghost. There are many painful utterances the ghost can make, such as cursing the woman or damning her, but the speaker does not reveal what will be said. Not revealing what the ghost will say is another way in which the speaker further frightens the woman. The final way in which the speaker frightens the woman into being with him is by negatively depicting the alternative. The speaker gives a grim portrait of the man she will be with if she does not accept him when he says: And he, whose thou art then, being tyrd before, Will, if you stirre, or pinch to wake him, thinke Thou callst for more, And in false sleepe will from thee shrinke, And then poore Aspen wretch, neglected thou Bathd in a cold quicksilver sweat wilt lye (7-12). The womans future lover is presented as pathetic. He does not have much ability in bed since he pretends to be sleeping to avoid having sex. He also is not protective since he does not come to the womans aid when she is confronted by the ghost. With this description, the speaker tries to convince the woman into thinking that she would be better off had she accepted him. This is a type of threat since the speake r presents a scene of future misery if she does not accept him. By threatening, the speaker tries to get the woman to be with him out of fear of the alternatives. Through using strongly worded lines, threatening the woman, and negatively depicting the competition, Donnes speaker makes the unusual attempt at seducing the woman through fear. It is safe to say that the speaker is very effective in frightening the woman, but it is unknown whether this approach will cause the lady to accept him. This approach certainly has the advantage of novelty, and since standard seduction techniques were not working on the woman, maybe a novel approach will. The Sun Rising The Sunne Rising is one of Donnes most popular poems. It is unique among Donnes argumentative poems in that the speaker addresses an inanimate object, the Sun. In the poem, the speaker is lying in bed with his lover and is upset that sunlight is shining through the window. The speaker makes an argument to try to get the Sun to leave so he and his lover can stay in bed. The poem is not truly argumentative, however, because in the middle of the poem the speaker turns from arguing with the Sun to praising the woman he is with. Until the focus shifts, the persuasive technique found in the poem is a personal attack through insulting the Sun, challenging its power, and giving it commands. These techniques give force to the speakers delivery and lower the audiences impression of the Sun. The persuasive force of the poem comes from the angry tone the speaker uses when talking to the Sun. From the start of the poem, the speaker establishes his angry tone by insulting the Sun. Busie old foole, unruly Sunne, Why dost thou thus, Through windowes, and through curtaines call on us? Must to thy motions lovers seasons run (1-4). In a formal argument, it would be unmannerly to insult an opponent. By insulting the Sun, the speaker shows that he is so overcome with anger that he is unable to restrain himself. This emotion carries over through the rest of the poem and gives the speakers words additional force. Additionally, insults diminish the power and the importance of the Sun by generating the idea that the Sunne does not need to be respected. In arguments, if one person, or the Sun, is well respected, they have credibility with the audience. By insulting the Sun, the speaker eliminates this advantage. The speaker further diminishes the importance of the Sun by questioning the power it possesses. At one point, the speaker challenges the Suns brightness by saying: Thy beames, so reverend, and strong Why shouldst thou thinke? I could eclipse and cloud them with a winke, But that I would not lose her sight so long (11-14). The speaker is not impressed by the Suns brightness since he can close his eyes if he chooses. This attack severely challenges the Suns power since brightness is the most important attribute of the Sun. If the Suns brightness is not respected, then there is no reason to respect the Sun. Another way the speaker diminishes the importance of the Sunne is by giving it orders. The speaker suggests that the Sun take alternative actions: Sawcy pedantique wretch, goe chide Late schoole boyes and sowre prentices, Goe tell Court-huntsmen, that the King will ride, Call countrey ants to harvest offices (5-8). These suggestions take the form of direct commands. By giving orders to the Sun, the speaker asserts that he has the power. The unconcerned content of the orders reinforces the speakers power by portraying the Sun as merely a nuisance the speaker wants to be rid of. By diminishing the Sun and establishing that he is the one with power, the speaker gains credibility with the audience. While argumentative elements and persuasive techniques are present in the first part of the poem, they are absent later on. Instead of arguing with the Sun, the speaker turns his attention to praising the woman that he is with. Romantic lines abound as when the speaker says Sheis all States, and all Princes, I,/Nothing else is (21-22). The speaker is consumed by the woman. This change of purpose is characterized when the speaker tells the Sun to stay in the room and just to shine on them: Thine age askes ease, and since thy duties bee To warme the world, thats done in warming us. Shine here to us, and thou art every where; this bed thy center is, these walls, thy spheare (27-30). Telling the Sun to stay in the room is the complete opposite of what the speaker wanted in the first half of the poem. The speaker becomes so focused on his love that he forgets his initial argument. While parts of the poem are extremely argumentative, The Sun Rising is not a complete argumentative poem since the argument does not carry through till the end. While the poem may not truly be argumentative, it certainly is persuasive. By personally attacking the Sun through insults, challenging its power, and giving orders, the speaker crafts a forceful delivery and causes the audience to transfer any importance and reverence for the Sun to himself. The speaker possesses influence with readers, which causes them to side with him. Noticeably, the speaker does not rely on logic to make his argument. The Sun Rising shows how a speaker can craft a persuasive argument solely with a forceful delivery and personal attacks. The Flea The persuasive techniques Donne includes in his persuasion poems culminate in The Flea. In addition to being Donnes most popular poem, The Flea is the ultimate seductive poem. No matter how little success he has, Donnes speaker refuses to give up and keeps trying to win over the woman. Many persuasive techniques are found in The Flea, including the use of a common metaphor, vigorously presenting the argument of the speaker, and adapting the arguments logic to fit the situation. By basing the argument on a flea, Donnes speaker uses the persuasive technique of employing a common metaphor. The speaker establishes the metaphor at the beginning of the poem by saying, Marke but this flea, and marke in this,/How little that which thou denyst me is (1-2). By examining the flea, the speaker intends to show the woman that having sex is not a big deal. The flea is significant because it sucks blood. The speaker says, It suckd me first, and now sucks thee,/And in this flea, our two bloods mingled bee (3-4). In Donnes time, sex was thought to involve the mixing of blood, so the flea biting the man and woman is a metaphor for sex. Although this is the reason the flea was chosen as a metaphor, it has other persuasive benefits. A flea is an ordinary object that is familiar. This familiarity makes it a good choice as a metaphor, since it is able to be understood to the connections that Donne draws. The metaphor is also a good choice because the flea is a natural object. Metaphors drawn from natural occurrences are the most credible. They represent an ideal state because they are free from human intervention. People are more willing to apply the lessons of such metaphors to their own lives. For these reasons, using the flea as a metaphor is a good persuasive strategy. A second persuasive technique employed by the speaker is to vigorously present the speakers argument at the expense of the womans. The Flea is a dramatic argument in that both sides argue their point of view. The womans reactions, however, are not revealed in the lines, but rather take place in the stanza breaks. The reader learns about the womans response in the opening lines of the second and third stanzas. In the second stanza, the reader learns that the woman is getting ready to smash the flea when the speaker says, Oh stay, three lives in one flea spare ( 10). In the third stanza, the reader learns that the woman has killed the flea when the speaker says, Cruell and sodaine, hast thou since/Purpled thy naile, in blood of innocence (19- 20). With these lines, the speaker makes the woman seem cruel for taking such harsh actions against the flea. Since these actions represent the womans response, this characterization articulates the womans argument. The only reference to the womans argument comes near the end of the poem when the speaker says, Yet thou triumphst, and saist that thou/Findst not thy selfe, nor mee the weaker now (23-24). The speakers prior coloring makes the act seem like needless aggression rather than a triumph. Her claim similarly lacks the argument. The disparity in presenting the two arguments causes the speaker to have the persuasive advantage over the woman. In The Flea, the speakers most noteworthy technique is adjusting his arguments in response to the situation. The speaker goes through a variety of logical approaches in attempting to win over the woman. Initially, the speaker tries to argue that having sex is not a big deal. He uses a proof by definition to show that the flea sucking blood from the two of them is the equivalent of sex. If sex consists of the mixing of blood, then the flea biting both of them can be thought of as sex. This approach is persuasive since proofs by definitions are logically sound. Once the speaker establishes that the flea bite resembles sex, the speaker minimizes the scale of the act by saying, Thou knowst that this cannot be said/A sinne, nor shame, nor losse of maidenhead (5-6). The flea bite does not carry all of the negative ramifications associated with sex. The speaker implies that since the acts are equal, then sex similarly should not carry with it all of the negative connotations. Those ramifica tions are presumably why the woman does not want to have sex with the speaker. The speaker uses the metaphor of a flea to alleviate the womans fears. Ultimately, this approach does not work; the woman not only denies sex with the speaker, but she also makes a move to smash the flea. When the speakers initial approach fails, he adjusts his argument. The second stanza is not as much about getting the woman to have sex as it is stopping her from killing the flea. The speaker attempts to prevent her from killing the flea by giving much greater importance to the flea bite, such as when he says, where we almost, yea more than married are./This flea is you and I, and this/Our mariage bed, and mariage temple is (11-13). Since parts of themselves share such close quarters in the flea, the speaker equates that to marriage. While in the first stanza downplays the significance of the flea bite, the second stanza builds up the importance of the act. Since the first approach failed, the speaker attempts a different strategy. This argument is not as strong as the first. Comparing the meaning of their blood in the flea to marriage is a stretch, but the situation meets some of the requirements that define marriage. The speaker additionally tries to convince the woman not to kill the flea by raising moral issues. The speaker says, Though use make you apt to kill mee,/Let not to that, selfe murder added bee,/And sacrilege, three sins in killing three (16-18). The three sins the woman would commit if she killed the flea would be murdering the speaker, suicide, and committing disrespect against their marriage temple. Appealing to the womans morality is a good tactic because she is concerned with sin, since that is one of her fears regarding sex. This line of reasoning is another example of the speaker fitting his argument to the situation. The speakers persuasive techniques once again fail as, despite his efforts, the woman kills the flea. This occurs in the break between stanzas two and three. Killing the flea is the womans way of refuting the notion that the flea has the importance that the speaker gives it in stanza two. By killing the flea, the woman also communicates that the speakers plan to use the metaphor of the flea to persuade her into having sex will not work. The speaker responds to the woman by once again changing his argument. First, he calls the woman cruel for killing the flea. Claiming that the violence is unnecessary, he says, Wherein could this flea guilty bee,/Except in that drop which it suckt from thee?. (21-22). The speaker tries to get the woman to recognize that she was wrong in her actions and, by extension, in her argument. The speaker then tries to minimize the significance of her killing the flea and uses it to convince her to have sex with him. The speaker says, Tis true, then learne how false, feares bee;/Just so much honor, when thou yeeldst to mee,/Will wast, as this fleas death tooke life from thee (25-27). The speaker reverses the argument he made in stanza two to once again show the importance of the flea. He argues that as much honor will be lost in having sex as life was lost by being bitten by the flea. This is the weakest argument in the poem, since the connection between blood loss and honor does not make much sense. With this argument, the speaker is making one last attempt at seducing the woman. The speaker adapts his argument a great deal in The Flea. When his initial plan of minimizing the flea to subsequently showing the magnitude of sex fails, he completely reverses his approach to elevating the importance of the flea. His attention also shifts from trying to get the woman to sleep with him to trying to stop her from killing the flea. When the woman kills the flea, the speaker shifts his argument again. He shows the significance of the flea to minimize the womans response. He also returns his focus to trying to get the woman to sleep with him. Ultimately the speakers seduction efforts probably fail. His logic gets progressively weaker as the poem progresses. Since the woman rejects his initial arguments, it is unlikely that she will be swayed by the inferior arguments he makes later. Although the speaker fails to seduce the woman, his effort is admirable. His techniques of basing his argume nt on a common, natural object and vigorously presenting his own arguments give him a persuasive advantage. He then shows great skill and persistence in molding his arguments throughout the poem. The speakers failure cannot be blamed on his approach or his amount of effort. Conclusion In examining these poems, it is clear that more than any other factor, the persuasive techniques that Donnes speakers employ make the arguments in his poems convincing. Donne uses a variety of techniques to help his speakers either win an argument or seduce a woman. The techniques found most often in Donnes persuasive poems are 1) systematically proving each claim, 2) employing vivid metaphors and similes to ground the arguments in a pleasing and convincing fashion, and 3) using a bold and direct manner of expression. There are also numerous techniques specific to individual poems that aid in convincing an audience. These persuasive techniques are not exclusive to Donnes poems, and can be found in many pieces of writing in which the speaker attempts to persuade his audience. Studying a master of rhetoric like Donne provides persuasive skills that can be used in everyday life.

Howard Robard Hughes Essays -- Biography

Howard Robard Hughes (December 24, 1905 – April 5, 1976), a pilot, movie producer, playboy, and one of the wealthiest people in the world during his lifetime, was well-known for his eccentricity. His eccentric behavior is theorized to have been the result of obsessive-compulsive behavior. The intent of this review is to illustrate Mr. Hughes’s abnormalities, arrive at a clinical diagnosis using all five axes of the Diagnostic and Statistical Manual of Mental Disorders IV-TR (DSM-IV-TR), explain his behavior from the biological theoretical perspective, and finally to arrive at a hypothetical treatment plan. Behavior: To begin, what constitutes abnormal behavior in Mr. Hughes’s case? As early as the 1930s, Hughes demonstrated signs of obsessive-compulsive disorder. Obsessive compulsive disorder is identified by DSM as having recurrent obsessions (persistent thoughts, ideas, impulses or images that seem to invade a person’s consciousness) or compulsions (repeated and rigid behaviors or mental acts that people feel like they must perform in order to prevent or reduce anxiety) (Cormer, 2008). Close friends reported that Hughes was obsessed with the size of peas, one of his favorite foods, and used a special fork to sort them by size. Those who interacted with him as a director comment of his obsessions. While directing a movie, Hughes became fixated on a minor flaw in an actress’s top, claiming that the fabric bunched up along a seam and gave the appearance of two nipples on each breast. He was reportedly so upset by the matter that he wrote a detailed memorandum to the crew on how to fix the problem (Hack, 2002). An executive producer who worked with Hughes wrote in his autobiography about the difficulty of dealing with the t... ...h has shown that exercise, outdoor activity and socialization lead to increased serotonin levels and overall health (Young, 2007). Although the biological treatment of drug therapy, physical therapy, and nutrition therapy will begin to produce desired results towards a cure, the prognosis for recovery from this disorder would be greatly enhanced by a combination of behavioral, cognitive, and drug therapies. Patients who receive a combination of such therapies yield greater relief from their symptoms than do singular approaches alone (Kordon et al., 2005). It is unfortunate that Mr. Hughes was not able to receive adequate help for his disorder during his lifetime. Given the aforementioned treatment plan, along with the benefit of current research, and Mr. Hughes affluence to receive the best care, his prognosis during current times would have been quite good.

Living on Campus or Living Off Campus

Living on campus Living on campus Living off campus Living off campus VS. VS. Live on campus or live off campus Recently, one of the most popular issues that students are talking about is where to live in the next academic year. Some students believe that live on campus is a better choice because living in resident halls on campus is convenient and safe. Some other students think that live off campus is better, because it will have fewer restrictions and a better accommodation. Each choice has its own advantages and disadvantages. That’s why I was struggling for this issue for a long time.After careful consideration, I believe that live on campus is a better choice and I have a lot of reasons to support it. First of all, live on campus is safer. Living on campus will dramatically reduce the potential possibilities of accidents on the roads like car accident, robbery and sexual assault. There is a famous murder case, which generated international attention earlier this year. Wu and Qu, two 23-year-old electrical engineering graduate students of University of Southern California who come from China, were shot when they were driving home in a BMW sedan from the library around 1 a. m. on April 11. (nbclosangeles. om) The criminal’s motive of murder is robbery. Just because they lived off campus and had to drive back home, the two young lives stops suddenly in the most beautiful period of their life and left endless sadness to their friends and families. According to a survey from Trinity College, 60. 2% of students indicated that they felt safe on campus and 28. 4% felt unsafe. (Grace Kim). There is another accident just happened around us. A friend of my parents lost his son in a car accident in America. He was a student of Indiana University and at one day he drove home, his car crashed into a big tree and caused a fire.He was burned to death in the car. Safety is always the most important thing for college students, especially for international stu dents, since their parents are thousands miles away and worries about them all the time. Because of safety, living on campus is better choice than living off campus. Besides the reason of safety, resident halls also create a perfect environment to live and study. Taking the example of Michigan State University First, the resident halls supply various kinds of services, which are all very useful and necessary.When you have any troubles and questions, you can go to the front desk to ask for help; When people are ill, they can go to the health center, the nurses and doctors there will give people prescriptions and suggestions for health in time; When you miss lunches or even hungry at midnight, small cafeterias, like the Sparty’s will offer warm food, drink and snacks for you. The staffs in resident halls are always friendly and patient, which make us feel warm. Second, there are a lot of resources in resident halls. Since I don’t know them very well, I interviewed the re sident assistant in our floor.Her name is Doneisha Parker and she is a sophomore in accounting major. She briefly introduced the 23 resources of resident halls on campus and focused on 3 most useful ones. Math Learning center (MLC), which can give you math tuition on every Monday, Tuesday and Wednesday. Writing center, which can give you suggestions for the papers you are working on by appointment. Yoga and Zumba classes three times a week are good for your health and beauty. All of these resources are very helpful and they are free. Third, people can have their individual place for rest and study between classes.In college study, there is always a large amount of time between classes. People live on campus can go back to their dorms for rest, study, or entertainment. People live off campus, however, have to stay in libraries or some other places during these breaks. According to a study, which investigated the relationship of loneliness, social support, and living arrangements with academic persistence decisions of 401 college freshmen, freshmen living on campus had higher GPAs (M= 2. 85, SD = . 73) than those living off campus (M = 2. 59, SD = . 2)(Nicpon 345-358) Another reason that makes me believe that live on campus is a better choice than live off campus is that we can meet more people and have more friends. There are so many chances to meet new friends if you live on campus. First of all, you will know the people live on the same floor with you since you meet with each other everyday. Also, you will know a lot of people from the activities and clubs in resident halls if you participate in actively. For example, the Hubbard hall in Michigan State University has an international Club.This club organizes activities and meetings every week and creates a perfect environment for communication between students from different countries. What’s more, having meals in cafeteria, studying in public area are also the chances to meet people and make new frien ds. If living off campus, however, most of these will be impossible. Because of the safety, the great environment and more chances to make friend, I prefer to live on campus when I become a sophomore. I hope that I can have a great time on campus. Works Cited Grace Kim, Safety and Education at Trinity College, 20 December 2004Nicpon, Megan Foley, et al. â€Å"The relationship of loneliness and social support with college freshmen’s academic performance and persistence. † Journal of College Student Retention: Research, Theory and Practice 8. 3 (2006): 345-358 Doneisha Parker, Personal Interview, 22 October 2012 Nbclosanglas. com: Police: Forensic Evidence Tied USC Murder Suspects to Earlier Crimes, by Melissa Pamer and Samantha Tata, May 19, 2012 http://www. nbclosangeles. com/news/local/Police-Forensic-Evidence-Tied-USC-Murder-Suspects-to-Earlier-Crimes-152147955. html

Principles of Information Security, 4th Ed. – Michael E. Whitman Chap 01

Licensed to: CengageBrain User Licensed to: CengageBrain User Principles of Information Security, Fourth Edition Michael E. Whitman and Herbert J. Mattord Vice President Editorial, Career Education & Training Solutions: Dave Garza Director of Learning Solutions: Matthew Kane Executive Editor: Steve Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Development Editor: Lynne Raughley Editorial Assistant: Jennifer Wheaton Vice President Marketing, Career Education & Training Solutions: Jennifer Ann Baker Marketing Director: Deborah S.Yarnell Senior Marketing Manager: Erin Coffin Associate Marketing Manager: Shanna Gibbs Production Manager: Andrew Crouth Content Project Manager: Brooke Greenhouse Senior Art Director: Jack Pendleton Manufacturing Coordinator: Amy Rogers Technical Edit/Quality Assurance: Green Pen Quality Assurance  © 2012 Course Technology, Cengage Learning For more information, contact or find us on the World Wide Web at: www. course. com ALL R IGHTS RESERVED.No part of this work covered by the copyright herein may be reproduced, transmitted, stored or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher.For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or product, submit all requests online at cengage. com/permissions Further permission questions can be emailed to [email  protected] comLibrary of Congress Control Number: 2010940654 ISBN-13: 978-1-111-13821-9 ISBN-10: 1-111-13821-4 Course Technology 20 Channel Center Boston, MA 02210 USA Cengage Learning is a leading provider of custo mized learning solutions with office locations around the globe, including Singapore, the United Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at: international. cengage. com/region. Cengage Learning products are represented in Canada by Nelson Education, Ltd. For your lifelong learning solutions, visit course. cengage. com Purchase any of our products at your local college store or at our preferred online store www. engagebrain. com. Printed in the United States of America 1 2 3 4 5 6 7 8 9 14 13 12 11 10 Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it . Licensed to: CengageBrain User hapter 1 Introduction to Information Security Do not figure on opponents not attacking; worry about your own lack of preparation. BOOK OF THE FIVE RINGS For Amy, the day began like any other at the Sequential Label and Supply Company (SLS) help desk. Taking calls and helping office workers with computer problems was not glamorous, but she enjoyed the work; it was challenging and paid well. Some of her friends in the industry worked at bigger companies, some at cutting-edge tech companies, but they all agreed that jobs in information technology were a good way to pay the bills.The phone rang, as it did on average about four times an hour and about 28 times a day. The first call of the day, from a worried user hoping Amy could help him out of a jam, seemed typical. The call display on her monitor gave some of the facts: the user’s name, his phone number, the department in which he worked, where his office was on the company campus, and a list of all the calls he’d made in the past. â€Å"Hi, Bob,† she said. â€Å"Did you get that document formatting problem squared away? † â€Å"Sure did, Amy. Hope we can figure out what’s going on this time. † â€Å"We’ll try, Bob. Tell me about it. † â€Å"Well, my PC is acting weird,† Bob said. When I go to the screen that has my e-mail program running, it doesn’t respond to the mouse or the keyboard. † â€Å"Did you try a reboot yet? † 1 Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageB rain User Chapter 1 â€Å"Sure did. But the window wouldn’t close, and I had to turn it off. After it restarted, I opened the e-mail program, and it’s just like it was before—no response at all. The other stuff is working OK, but really, really slowly. Even my Internet browser is sluggish. † â€Å"OK, Bob. We’ve tried the usual stuff we can do over the phone. Let me open a case, and I’ll dispatch a tech over as soon as possible. † Amy looked up at the LED tally board on the wall at the end of the room. She saw that there were only two technicians dispatched to deskside support at the moment, and since it was the day shift, there were four available. Shouldn’t be long at all, Bob. † She hung up and typed her notes into ISIS, the company’s Information Status and Issues System. She assigned the newly generated case to the deskside dispatch queue, which would page the roving deskside team with the details in just a few minutes. A moment later, Amy looked up to see Charlie Moody, the senior manager of the server administration team, walking briskly down the hall. He was being trailed by three of his senior technicians as he made a beeline from his office to the door of the server room where the company servers were kept in a controlled environment. They all looked worried.Just then, Amy’s screen beeped to alert her of a new e-mail. She glanced down. It beeped again—and again. It started beeping constantly. She clicked on the envelope icon and, after a short delay, the mail window opened. She had 47 new e-mails in her inbox. She opened one from Davey Martinez, an acquaintance from the Accounting Department. The subject line said, â€Å"Wait till you see this. † The message body read, â€Å"Look what this has to say about our managers’ salaries†¦Ã¢â‚¬  Davey often sent her interesting and funny e-mails, and she failed to notice that the file attachment icon was unu sual before she clicked it.Her PC showed the hourglass pointer icon for a second and then the normal pointer reappeared. Nothing happened. She clicked the next e-mail message in the queue. Nothing happened. Her phone rang again. She clicked the ISIS icon on her computer desktop to activate the call management software and activated her headset. â€Å"Hello, Tech Support, how can I help you? † She couldn’t greet the caller by name because ISIS had not responded. â€Å"Hello, this is Erin Williams in receiving. † Amy glanced down at her screen. Still no ISIS.She glanced up to the tally board and was surprised to see the inbound-call-counter tallying up waiting calls like digits on a stopwatch. Amy had never seen so many calls come in at one time. â€Å"Hi, Erin,† Amy said. â€Å"What’s up? † â€Å"Nothing,† Erin answered. â€Å"That’s the problem. † The rest of the call was a replay of Bob’s, except that Amy had to jot notes down on a legal pad. She couldn’t dispatch the deskside support team either. She looked at the tally board. It had gone dark. No numbers at all. Then she saw Charlie running down the hall from the server room. He didn’t look worried anymore. He looked frantic. Amy picked up the phone again.She wanted to check with her supervisor about what to do now. There was no dial tone. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 3LEARNING OBJECTIVES: Upon completion of this material, you should be able to: †¢ †¢ †¢ †¢ †¢ Define information security Recount the history of computer security, and explain how it evolved into information security Define key terms and critical concepts of information security Enumerate the phases of the security systems development life cycle Describe the information security roles of professionals within an organization 1 Introduction James Anderson, executive consultant at Emagined Security, Inc. , believes information security in an enterprise is a â€Å"well-informed sense of assurance that the information risks and controls are in balance. He is not alone in his perspective. Many information security practitioners recognize that aligning information security needs with business objectives must be the top priority. This chapter’s opening scenario illustrates that the information risks and controls are not in balance at Sequential Label and Supply. Though Amy works in a technical support role and her job is to solve technical problems, it does not occur to her that a malicious software program, like a worm or virus, might be the agent of the company’s current ills.Management also shows signs of confusion and seems to have no idea how to contain this kind of incident. If you were in Amy’s place and were faced with a similar situation, what would you do? How would you react? Would it occur to you that something far more insidious than a technical malfunction was happening at your company? As you explore the chapters of this book and learn more about information security, you will become better able to answer these questions. But before you can begin studying the details of the discipline of information security, you must first know the history and evolution of the field.The History of Information Security The history of information security begins with computer security. The need for computer security—that is, the need to secure physical locations, hardware, and softwa re from threats— arose during World War II when the first mainframes, developed to aid computations for communication code breaking (see Figure 1-1), were put to use. Multiple levels of security were implemented to protect these mainframes and maintain the integrity of their data.Access to sensitive military locations, for example, was controlled by means of badges, keys, and the facial recognition of authorized personnel by security guards. The growing need to maintain national security eventually led to more complex and more technologically sophisticated computer security safeguards. During these early years, information security was a straightforward process composed predominantly of physical security and simple document classification schemes. The primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.One of the first documented security problems that fell outside these categories occurred in the early 196 0s, when a systems administrator was working on an MOTD Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Licensed to: CengageBrain User 4 Chapter 1 Earlier versions of the German code machine Enigma were ? rst broken by the Poles in the 1930s. The British and Americans managed to break later, more complex versions during World War II. The increasingly complex versions of the Enigma, especially the submarine or Unterseeboot version of the Enigma, caused considerable anguish to Allied forces before ? nally being cracked. The information gained from decrypted transmissions was used to anticipate the actions of German armed forces. Some ask why, if we were reading the Enigma, we did not win the war earlier. One might ask, instead, when, if ever, we would have won the war if we hadn’t read it. †1 Figure 1-1 The Enigma Source: Courtesy of National Security Agency (message of the day) file, and another administrator was editing the password file. A software glitch mixed the two files, and the entire password file was printed on every output file. 2 The 1960s During the Cold War, many more mainframes were brought online to accomplish more complex and sophisticated tasks.It became necessary to enable these mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers. In response to this need, the Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant, networked communications system to support the military’s exchange of information. Larr y Roberts, known as the founder of the Internet, developed the project—which was called ARPANET—from its inception. ARPANET is the predecessor to the Internet (see Figure 1-2 for an excerpt from the ARPANET Program Plan).The 1970s and 80s During the next decade, ARPANET became popular and more widely used, and the potential for its misuse grew. In December of 1973, Robert M. â€Å"Bob† Metcalfe, who is credited Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 5 1 Figure 1-2 Development of the ARPANET Program Plan3 Source: Courtesy of Dr. Lawrence Roberts with the development of Ethernet, one of the most popular networking protocols, identified fundamental problems with ARPANET security. Individual remote sites did not have sufficient controls and safeguards to protect data from unauthorized remote users.Other problems abounded: vulnerability of password structure and formats; lack of safety procedures for dial-up connections; and nonexistent user identification and authorization to the system. Phone numbers were widely distributed and openly publicized on the walls of phone booths, giving hackers easy access to ARPANET. Because of the range and frequency of computer security violations and the explosion in the numbers of hosts and users on ARPANET, network security was referred to as network insecurity. In 1978, a famous study entitled â€Å"Protection Analysis: Final Report† was published. It focused on a project undertaken by ARPA to discover the vulnerabilitie s of operating system security. For a timeline that includes this and other seminal studies of computer security, see Table 1-1. The movement toward security that went beyond protecting physical locations began with a single paper sponsored by the Department of Defense, the Rand Report R-609, which attempted to define the multiple controls and mechanisms necessary for the protection of a multilevel computer system.The document was classified for almost ten years, and is now considered to be the paper that started the study of computer security. The security—or lack thereof—of the systems sharing resources inside the Department of Defense was brought to the attention of researchers in the spring and summer of 1967. At that time, systems were being acquired at a rapid rate and securing them was a pressing concern for both the military and defense contractors. Copyright 2011 Cengage Learning. All Rights Reserved.May not be copied, scanned, or duplicated, in whole or in pa rt. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 6 Chapter 1 Date 1968 1973 1975 1978 Documents Maurice Wilkes discusses password security in Time-Sharing Computer Systems.Schell, Downey, and Popek examine the need for additional security in military systems in â€Å"Preliminary Notes on the Design of Secure Military Computer Systems. †5 The Federal Information Processing Standards (FIPS) examines Digital Encryption Standard (DES) in the Federal Register. Bisbey and Hollingworth publish their study â€Å"Protection Analysis: Final Report,† discussing the Protection Analysis project created by ARPA to better understand the vulnerabilities of opera ting system security and examine the possibility of automated vulnerability detection techniques in existing system software. Morris and Thompson author â€Å"Password Security: A Case History,† published in the Communications of the Association for Computing Machinery (ACM). The paper examines the history of a design for a password security scheme on a remotely accessed, time-sharing system. Dennis Ritchie publishes â€Å"On the Security of UNIX† and â€Å"Protection of Data File Contents,† discussing secure user IDs and secure group IDs, and the problems inherent in the systems. Grampp and Morris write â€Å"UNIX Operating System Security. In this report, the authors examine four â€Å"important handles to computer security†: physical control of premises and computer facilities, management commitment to security objectives, education of employees, and administrative procedures aimed at increased security. 7 Reeds and Weinberger publish â€Å"File Secu rity and the UNIX System Crypt Command. † Their premise was: â€Å"No technique can be secure against wiretapping or its equivalent on the computer. Therefore no technique can be secure against the systems administrator or other privileged users †¦ the naive user has no chance. 8 1979 1979 1984 1984 Table 1-1 Key Dates for Seminal Works in Early Computer Security In June of 1967, the Advanced Research Projects Agency formed a task force to study the process of securing classified information systems. The Task Force was assembled in October of 1967 and met regularly to formulate recommendations, which ultimately became the contents of the Rand Report R-609. 9 The Rand Report R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security.It noted that the wide utilization of networking components in information systems in the military introduced security risks that could not be mitigated by the routine pra ctices then used to secure these systems. 10 This paper signaled a pivotal moment in computer security history—when the scope of computer security expanded significantly from the safety of physical locations and hardware to include the following: Securing the data Limiting random and unauthorized access to that data Involving personnel from multiple levels of the organization in matters pertaining to information securityMULTICS Much of the early research on computer security centered on a system called Multiplexed Information and Computing Service (MULTICS). Although it is now obsolete, MULTICS is noteworthy because it was the first operating system to integrate security into Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 7 its core functions. It was a mainframe, time-sharing operating system developed in the mid1960s by a consortium of General Electric (GE), Bell Labs, and the Massachusetts Institute of Technology (MIT). In mid-1969, not long after the restructuring of the MULTICS project, several of its developers (Ken Thompson, Dennis Ritchie, Rudd Canaday, and Doug McIlro) created a new operating system called UNIX.While the MULTICS system implemented multiple security levels and passwords, the UNIX system did not. Its primary function, text processing, did not require the same level of security as that of its predecessor. In fact, it was not until the early 1970s that even the simplest component of security, the password function, became a component of UNIX. In the late 1970s, the microprocessor brought the personal computer and a new age of computing. The PC became the workhorse of modern computing, thereby moving it out of the data center.This decentralization of data processing systems in the 1980s gave rise to networking—that is, the interconnecting of personal computers and mainframe computers, which enabled the entire computing community to make all their resources work together. 1 The 1990s At the close of the twentieth century, networks of computers became more common, as did the need to connect these networks to each other. This gave rise to the Internet, the first global network of networks. The Internet was made available to the general public in the 1990s, having previously been the domain of government, academia, and dedicated industry professionals.The Internet brought connectivity to virtually all computers that could reach a phone line or an Internet-connected local area network (LAN). After the Internet was commercialized, the tec hnology became pervasive, reaching almost every corner of the globe with an expanding array of uses. Since its inception as a tool for sharing Defense Department information, the Internet has become an interconnection of millions of networks. At first, these connections were based on de facto standards, because industry standards for interconnection of networks did not exist at that time.These de facto standards did little to ensure the security of information though as these precursor technologies were widely adopted and became industry standards, some degree of security was introduced. However, early Internet deployment treated security as a low priority. In fact, many of the problems that plague e-mail on the Internet today are the result of this early lack of security. At that time, when all Internet and e-mail users were (presumably trustworthy) computer scientists, mail server authentication and e-mail encryption did not seem necessary.Early computing approaches relied on secu rity that was built into the physical environment of the data center that housed the computers. As networked computers became the dominant style of computing, the ability to physically secure a networked computer was lost, and the stored information became more exposed to security threats. 2000 to Present Today, the Internet brings millions of unsecured computer networks into continuous communication with each other. The security of each computer’s stored information is now contingent on the level of security of every other computer to which it is connected.Recent years have seen a growing awareness of the need to improve information security, as well as a realization that information security is important to national defense. The growing threat of Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 8 Chapter 1 cyber attacks have made governments and companies more aware of the need to defend the computer-controlled control systems of utilities and other critical infrastructure. There is also growing concern about nation-states engaging in information warfare, and the possibility that business and personal information systems could become casualties if they are undefended.What Is Security? In general, security is â€Å"the quality or state of being secure—to be free from danger. †11 In other words, protection against adversaries—from those who would do harm, intentionally or otherwise—is the objective. National security, for example, is a multilayered system that protects the sovereignty of a st ate, its assets, its resources, and its people. Achieving the appropriate level of security for an organization also requires a multifaceted system.A successful organization should have the following multiple layers of security in place to protect its operations: Physical security, to protect physical items, objects, or areas from unauthorized access and misuse Personnel security, to protect the individual or group of individuals who are authorized to access the organization and its operations Operations security, to protect the details of a particular operation or series of activities Communications security, to protect communications media, technology, and content Network security, to protect networking components, connections, and contents Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing, or transmission. It is achieved via the application of policy, education, training and awareness, and techno logy.The Committee on National Security Systems (CNSS) defines information security as the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. 12 Figure 1-3 shows that information security includes the broad areas of information security management, computer and data security, and network security. The CNSS model of information security evolved from a concept developed by the computer security industry called the C. I. A. triangle. The C. I. A. triangle has been the industry standard for computer security since the development of the mainframe. It is based on the three characteristics of information that give it value to organizations: confidentiality, integrity, and availability.The security of these three characteristics of information is as important today as it has always been, but the C. I. A. triangle model no longer adequately addresses the constantly changing environment. The threats to the c onfidentiality, integrity, and availability of information have evolved into a vast collection of events, including accidental or intentional damage, destruction, theft, unintended or unauthorized modification, or other misuse from human or nonhuman threats. This new environment of many constantly evolving threats has prompted the development of a more robust model that addresses the complexities of the current information security environment.The expanded model consists of a list of critical characteristics of information, which are described in the next Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 9 1 Information security Figure 1-3 Components of Information SecuritySource: Course Technology/Cengage Learning section. C. I. A. triangle terminology is used in this chapter because of the breadth of material that is based on it. Key Information Security Concepts This book uses a number of terms and concepts that are essential to any discussion of information security. Some of these terms are illustrated in Figure 1-4; all are covered in greater detail in subsequent chapters. Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or object. Authorized users have legal access to a system, whereas hackers have illegal access to a system. Access controls regulate this ability.Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site, information, or data; or an asset can be physical, such as a person, c omputer system, or other tangible object. Assets, and particularly information assets, are the focus of security efforts; they are what those efforts are attempting to protect. Attack: An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. Someone casually reading sensitive information not intended for his or her use is a passive attack.A hacker attempting to break into an information system is an intentional attack. A lightning strike that causes a fire in a building is an unintentional attack. A direct attack is a hacker using a personal computer to break into a system. An indirect attack is a hacker compromising a system and using it to attack other systems, for example, as part of a botnet (slang for robot network). This group of compromised computers, running software of the attacker’s choosing, can operate autonomously or under the attacker’s direct control to attack systems and steal user information or conduct distributed denial-of-service attacks. Direct attacks originate from the threat itself.Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 10 Chapter 1 Vulnerability: Buffer overflow in online database Web interfaceThreat: Theft Threat agent: Ima Hacker Exploit: Script from MadHackz Web site Attack: Ima Hacker downloads an exploit from MadHackz web site and then accesses buybay’s Web site. Ima then applies the script which runs and compromises buybay's security controls and steals customer data. These actions cause buybay to experience a loss. Asset: buybay’s customer database Figure 1-4 Information Security Terms Source: Course Technology/Cengage Learning Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.The various levels and types of controls are discussed more fully in the following chapters. Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain. Or, an exploit can be a documented process to take advantage of a vulnerability or exposure, usually in software, that is either inherent in the software or is created by the attacker. Exploits make use of existing software tools or custom-made software components. Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present.Loss: A single instance of an information asset suffering damage or unintended or unauthorized modification or disclosure. When an organization’s information is stolen, it has suffered a loss. Protection profile or security posture: The entire set of controls and safeguards, including policy, education, training and awareness, and technology, that the Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cen gage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 11 organization implements (or fails to implement) to protect the asset. The terms are sometimes used interchangeably with the term security program, although the security program often comprises managerial aspects of security, including planning, personnel, and subordinate programs. Risk: The probability that something unwanted will happen. Organizations must minimize risk to match their risk appetite—the quantity and nature of risk the organization is willing to accept.Subjects and objects: A computer can be either the subject of an attack—an agent entity used to conduct the attack—or the object of an attack—the target entity, as shown in Figure 1-5. A computer can be both the subject and object of an attack, when, for example, it is compromised by an attack (object), and is then used to attack other systems (subject). Threat: A category of objects, persons, or other entities that presents a danger to an asset. Threats are always present and can be purposeful or undirected. For example, hackers purposefully threaten unprotected information systems, while severe storms incidentally threaten buildings and their contents. Threat agent: The specific instance or a component of a threat.For example, all hackers in the world present a collective threat, while Kevin Mitnick, who was convicted for hacking into phone systems, is a specific threat agent. Likewise, a lightning strike, hailstorm, or tornado is a threat agent that is part of the threat of severe storms. Vulnerability: A weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Some examples of vulnerabilities are a flaw in a software package, an unprotected system port, and an unlocked door. Some well-known vulnerabilities have been examined, documented, and pu blished; others remain latent (or undiscovered). 1 Critical Characteristics of InformationThe value of information comes from the characteristics it possesses. When a characteristic of information changes, the value of that information either increases, or, more commonly, decreases. Some characteristics affect information’s value to users more than others do. This can depend on circumstances; for example, timeliness of information can be a critical factor, because information loses much or all of its value when it is delivered too late. Though information security professionals and end users share an understanding of the characteristics of subject object Figure 1-5 Computer as the Subject and Object of an Attack Source: Course Technology/Cengage LearningCopyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Edit orial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 12 Chapter 1 information, tensions can arise when the need to secure the information from threats conflicts with the end users’ need for unhindered access to the information.For instance, end users may perceive a tenth-of-a-second delay in the computation of data to be an unnecessary annoyance. Information security professionals, however, may perceive that tenth of a second as a minor delay that enables an important task, like data encryption. Each critical characteristic of information—that is, the expanded C. I. A. triangle—is defined in the sections below. Availability Availability enables authorized users—persons or computer systems—to access information without interference or obstr uction and to receive it in the required format. Consider, for example, research libraries that require identification before entrance.Librarians protect the contents of the library so that they are available only to authorized patrons. The librarian must accept a patron’s identification before that patron has free access to the book stacks. Once authorized patrons have access to the contents of the stacks, they expect to find the information they need available in a useable format and familiar language, which in this case typically means bound in a book and written in English. Accuracy Information has accuracy when it is free from mistakes or errors and it has the value that the end user expects. If information has been intentionally or unintentionally modified, it is no longer accurate. Consider, for example, a checking account.You assume that the information contained in your checking account is an accurate representation of your finances. Incorrect information in your che cking account can result from external or internal errors. If a bank teller, for instance, mistakenly adds or subtracts too much from your account, the value of the information is changed. Or, you may accidentally enter an incorrect amount into your account register. Either way, an inaccurate bank balance could cause you to make mistakes, such as bouncing a check. Authenticity Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.Information is authentic when it is in the same state in which it was created, placed, stored, or transferred. Consider for a moment some common assumptions about e-mail. When you receive e-mail, you assume that a specific individual or group created and transmitted the e-mail—you assume you know the origin of the e-mail. This is not always the case. E-mail spoofing, the act of sending an e-mail message with a modified field, is a problem for many people today, because often the mo dified field is the address of the originator. Spoofing the sender’s address can fool e-mail recipients into thinking that messages are legitimate traffic, thus inducing them to open e-mail they otherwise might not have.Spoofing can also alter data being transmitted across a network, as in the case of user data protocol (UDP) packet spoofing, which can enable the attacker to get access to data stored on computing systems. Another variation on spoofing is phishing, when an attacker attempts to obtain personal or financial information using fraudulent means, most often by posing as another individual or organization. Pretending to be someone you are not is sometimes called pretexting when it is undertaken by law enforcement agents or private investigators. When used in a phishing attack, e-mail spoofing lures victims to a Web server that does not represent the organization it purports to, in an attempt to steal their private data such as account numbers and passwords.The most c ommon variants include posing as a bank or brokerage company, e-commerce organization, or Internet service provider. Even when authorized, pretexting does not always lead to a satisfactory outcome. In 2006, the CEO of Hewlett-Packard Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Licensed to: CengageBrain User Introduction to Information Security 13 Corporation, Patricia Dunn, authorized contract investigators to use pretexting to â€Å"smokeout† a corporate director suspected of leaking confidential information. The resulting firestorm of negative publicity led to Ms. D unn’s eventual departure from the company. 13 1 Confidentiality Information has confidentiality when it is protected from disclosure or exposure to unauthorized individuals or systems. Confidentiality ensures that only those with the rights and privileges to access information are able to do so. When unauthorized individuals or systems can view information, confidentiality is breached.To protect the confidentiality of information, you can use a number of measures, including the following: Information classification Secure document storage Application of general security policies Education of information custodians and end users Confidentiality, like most of the characteristics of information, is interdependent with other characteristics and is most closely related to the characteristic known as privacy. The relationship between these two characteristics is covered in more detail in Chapter 3, â€Å"Legal and Ethical Issues in Security. † The value of confidentiality of information is especially high when it is personal information about employees, customers, or patients. Individuals who transact with an organization expect that their personal information will remain confidential, whether the organization is a federal agency, such as the Internal Revenue Service, or a business. Problems arise when companies disclose confidential information.Sometimes this disclosure is intentional, but there are times when disclosure of confidential information happens by mistake—for example, when confidential information is mistakenly e-mailed to someone outside the organization rather than to someone inside the organization. Several cases of privacy violation are outlined in Offline: Unintentional Disclosures. Other examples of confidentiality breaches are an employee throwing away a document containing critical information without shredding it, or a hacker who successfully breaks into an internal database of a Web-based organization and steals sensitive information about the clients, such as names, addresses, and credit card numbers.As a consumer, you give up pieces of confidential information in exchange for convenience or value almost daily. By using a â€Å"members only† card at a grocery store, you disclose some of your spending habits. When you fill out an online survey, you exchange pieces of your personal history for access to online privileges. The bits and pieces of your information that you disclose are copied, sold, replicated, distributed, and eventually coalesced into profiles and even complete dossiers of yourself and your life. A similar technique is used in a criminal enterprise called salami theft. A deli worker knows he or she cannot steal an entire salami, but a few slices here or there can be taken home without notice.Eventually the deli worker has stolen a whole salami. In information security, salami theft occurs when an employee steals a few pieces of information at a time, knowing that taking more wou ld be noticed—but eventually the employee gets something complete or useable. Integrity Information has integrity when it is whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 14 Chapter 1 Offline Unintentional Disclosures In February 2005, the data aggregation and brokerage firm ChoicePoint revealed that it had been duped into releasing personal information about 145,000 people to identity thieves during 2004. The perpetr ators used stolen identities to create obstensibly legitimate business entities, which then subscribed to ChoicePoint to acquire the data fraudulently.The company reported that the criminals opened many accounts and recorded personal information on individuals, including names, addresses, and identification numbers. They did so without using any network or computer-based attacks; it was simple fraud. 14 While the the amount of damage has yet to be compiled, the fraud is feared to have allowed the perpetrators to arrange many hundreds of instances of identity theft. The giant pharmaceutical organization Eli Lilly and Co. released the e-mail addresses of 600 patients to one another in 2001. The American Civil Liberties Union (ACLU) denounced this breach of privacy, and information technology industry analysts noted that it was likely to influence the public debate on privacy legislation.The company claimed that the mishap was caused by a programming error that occurred when patients w ho used a specific drug produced by the company signed up for an e-mail service to access support materials provided by the company. About 600 patient addresses were exposed in the mass e-mail. 15 In another incident, the intellectual property of Jerome Stevens Pharmaceuticals, a small prescription drug manufacturer from New York, was compromised when the FDA released documents the company had filed with the agency. It remains unclear whether this was a deliberate act by the FDA or a simple error; but either way, the company’s secrets were posted to a public Web site for several months before being removed. 16 damage, destruction, or other disruption of its authentic state. Corruption can occur while information is being stored or transmitted.Many computer viruses and worms are designed with the explicit purpose of corrupting data. For this reason, a key method for detecting a virus or worm is to look for changes in file integrity as shown by the size of the file. Another key method of assuring information integrity is file hashing, in which a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value. The hash value for any combination of bits is unique. If a computer system performs the same hashing algorithm on a file and obtains a different number than the recorded hash value for that file, the file has been compromised and the integrity of the information is lost.Information integrity is the cornerstone of information systems, because information is of no value or use if users cannot verify its integrity. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 15File corruption is not necessarily the result of external forces, such as hackers. Noise in the transmission media, for instance, can also cause data to lose its integrity. Transmitting data on a circuit with a low voltage level can alter and corrupt the data. Redundancy bits and check bits can compensate for internal and external threats to the integrity of information. During each transmission, algorithms, hash values, and the error-correcting codes ensure the integrity of the information. Data whose integrity has been compromised is retransmitted. 1 Utility The utility of information is the quality or state of having value for some purpose or end.Information has value when it can serve a purpose. If information is available, but is not in a format meaningful to the end user, it is not useful. For example, to a private citizen U. S. Census data can quickly become overwhelming and difficult to interpret; however, for a politician, U. S. Census data reveals information about the residents in a district, such as their race, gender, and age. This information can help form a politician’s next campaign strategy. Possession The possession of information is the quality or state of ownership or control. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics.While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality. For example, assume a company stores its critical customer data using an encrypted file system. An employee who has quit decides to take a copy of the tape backups to sell the customer records to the competition. The removal of the tapes from their secure environment is a breach of possession. But, because the data is encrypted, neither the e mployee nor anyone else can read it without the proper decryption methods; therefore, there is no breach of confidentiality. Today, people caught selling company secrets face increasingly stiff fines with the likelihood of jail time.Also, companies are growing more and more reluctant to hire individuals who have demonstrated dishonesty in their past. CNSS Security Model The definition of information security presented in this text is based in part on the CNSS document called the National Training Standard for Information Systems Security Professionals NSTISSI No. 4011. (See www. cnss. gov/Assets/pdf/nstissi_4011. pdf. Since this document was written, the NSTISSC was renamed the Committee on National Security Systems (CNSS)— see www. cnss. gov. The library of documents is being renamed as the documents are rewritten. ) This document presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.T he model, created by John McCumber in 1991, provides a graphical representation of the architectural approach widely used in computer and information security; it is now known as the McCumber Cube. 17 The McCumber Cube in Figure 1-6, shows three dimensions. If extrapolated, the three dimensions of each axis become a 3 3 3 cube with 27 cells representing areas that must be addressed to secure today’s information systems. To ensure system security, each of the 27 areas must be properly addressed during the security process. For example, the intersection between technology, integrity, and storage requires a control or safeguard that addresses the need to use technology to protect the integrity of information while in storage.One such control might be a system for detecting host intrusion that protects the integrity of Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party co ntent may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 16 Chapter 1 Figure 1-6 The McCumber Cube18 Source: Course Technology/Cengage Learning information by alerting the security administrators to the potential modification of a critical file.What is commonly left out of such a model is the need for guidelines and policies that provide direction for the practices and implementations of technologies. The need for policy is discussed in subsequent chapters of this book. Components of an Information System As shown in Figure 1-7, an information system (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information r esources in the organization. These six critical components enable information to be input, processed, output, and stored. Each of these IS components has its own strengths and weaknesses, as well as its own characteristics and uses.Each component of the information system also has its own security requirements. Software The software component of the IS comprises applications, operating systems, and assorted command utilities. Software is perhaps the most difficult IS component to secure. The exploitation of errors in software programming accounts for a substantial portion of the attacks on information. The information technology industry is rife with reports warning of holes, bugs, weaknesses, or other fundamental problems in software. In fact, many facets of daily life are affected by buggy software, from smartphones that crash to flawed automotive control computers that lead to recalls.Software carries the lifeblood of information through an organization. Unfortunately, software programs are often created under the constraints of project management, which limit time, cost, and manpower. Information security is all too often implemented as an afterthought, rather than developed as an integral component from the beginning. In this way, software programs become an easy target of accidental or intentional attacks. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 17 1 Figure 1-7 Components of an Information System Source: Course Technology/Cengage Learning Hardware Hardware is the physical te chnology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets from harm or theft.Applying the traditional tools of physical security, such as locks and keys, restricts access to and interaction with the hardware components of an information system. Securing the physical location of computers and the computers themselves is important because a breach of physical security can result in a loss of information. Unfortunately, most information systems are built on hardware platforms that cannot guarantee any level of information security if unrestricted access to the hardware is possible. Before September 11, 2001, laptop thefts in airports were common. A two-person team worked to steal a computer as its owner passed it through the conveyor scanning devices.The first perpetrator ente red the security area ahead of an unsuspecting target and quickly went through. Then, the second perpetrator waited behind the target until the target placed his/her computer on the baggage scanner. As the computer was whisked through, the second agent slipped ahead of the victim and entered the metal detector with a substantial collection of keys, coins, and the like, thereby slowing the detection process and allowing the first perpetrator to grab the computer and disappear in a crowded walkway. While the security response to September 11, 2001 did tighten the security process at airports, hardware can still be stolen in airports and other public places.Although laptops and notebook computers are worth a few thousand dollars, the information contained in them can be worth a great deal more to organizations and individuals. Data Data stored, processed, and transmitted by a computer system must be protected. Data is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Systems developed in recent years are likely to make use of database Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 18 Chapter 1 management systems. When done properly, this should improve the security of the data and the application. Unfortunately, many system development projects do not make full use of the database management system’s security capabilities, and in some cases the database is implemented in ways that are less secure than traditional file systems. People Though often overlooked in co mputer security considerations, people have always been a threat to information security.Legend has it that around 200 B. C. a great army threatened the security and stability of the Chinese empire. So ferocious were the invaders that the Chinese emperor commanded the construction of a great wall that would defend against the Hun invaders. Around 1275 A. D. , Kublai Khan finally achieved what the Huns had been trying for thousands of years. Initially, the Khan’s army tried to climb over, dig under, and break through the wall. In the end, the Khan simply bribed the gatekeeper—and the rest is history. Whether this event actually occurred or not, the moral of the story is that people can be the weakest link in an organization’s information security program.And unless policy, education and training, awareness, and technology are properly employed to prevent people from accidentally or intentionally damaging or losing information, they will remain the weakest link. S ocial engineering can prey on the tendency to cut corners and the commonplace nature of human error. It can be used to manipulate the actions of people to obtain access information about a system. This topic is discussed in more detail in Chapter 2, â€Å"The Need for Security. † Procedures Another frequently overlooked component of an IS is procedures. Procedures are written instructions for accomplishing a specific task. When an unauthorized user obtains an organization’s procedures, this poses a threat to the integrity of the information.For example, a consultant to a bank learned how to wire funds by using the computer center’s procedures, which were readily available. By taking advantage of a security weakness (lack of authentication), this bank consultant ordered millions of dollars to be transferred by wire to his own account. Lax security procedures caused the loss of over ten million dollars before the situation was corrected. Most organizations distrib ute procedures to their legitimate employees so they can access the information system, but many of these companies often fail to provide proper education on the protection of the procedures. Educating employees about safeguarding procedures is as important as physically securing the information system.After all, procedures are information in their own right. Therefore, knowledge of procedures, as with all critical information, should be disseminated among members of the organization only on a need-to-know basis. Networks The IS component that created much of the need for increased computer and information security is networking. When information systems are connected to each other to form local area networks (LANs), and these LANs are connected to other networks such as the Internet, new security challenges rapidly emerge. The physical technology that enables network functions is becoming more and more accessible to organizations of every size.Applying the traditional tools of phys ical security, such as locks and keys, to restrict access to and interaction with the hardware components of an information system are still important; but when computer systems are networked, this approach is no longer enough. Steps to provide network Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 19 security are essential, as is the implementation of alarm and intrusion ystems to make system owners aware of ongoing compromises. 1 Balancing Information Security and Access Even with the best planning and imple mentation, it is impossible to obtain perfect information security. Recall James Anderson