Introduction of British Airways Essay Example

Presentation of British Airways Essay English Airways has become the universes second biggest carrier conveying in excess of 28 million travelers starting with one nation then onto the next. Fundamental point of British Airways is to offer extraordinary support to its clients at a moderate cost. In spite of intense rivalry from different carriers, for example, Virgin Atlantic Airways, United Airlines and other European aircrafts, British Airways despite everything holds the significant piece of the pie. BA boost on their work power by guaranteeing they utilize the most noteworthy gifted staff for the specific occupation, a few times they will just utilize staff who are knowledgeable. English Airways are presently battling with staff deficiencies as the degree of truancy for the companys representatives are high over the normal and satisfactory figures for the business. Workers are supposed to be unmotivated and confidence is low as salary raise is low and the rebuilding of the organization have prompted 13000 employment misfortunes. Entryway Gourmet is a world driving carrier cooking organization. Entryway Gourmet offers its assistance around the world. They produce: 624000 dinners for each day or 228 million suppers for every year all things considered. I will utilize several headings, which were given on the errand sheet, to depict the highlights of manager and representative relations in this British aviation routes chosen case. Trough In flight provides food Establishing worker relations Contracts of business Gate gourmet representatives are for the most part on an impermanent or low maintenance contract. We will compose a custom article test on Introduction of British Airways explicitly for you for just $16.38 $13.9/page Request now We will compose a custom exposition test on Introduction of British Airways explicitly for you FOR ONLY $16.38 $13.9/page Recruit Writer We will compose a custom exposition test on Introduction of British Airways explicitly for you FOR ONLY $16.38 $13.9/page Recruit Writer Transitory provisional laborers are qualified for 15 days occasion including bank occasions and Boxing Day, every year from their manager. Paying more than the law at British aviation routes it develops faithfulness. Door Gourmet laborers are paid over the lowest pay permitted by law. Most door gourmet representatives work for the BA in flight provides food. A BA Part-time specialist has commonly a lower nonattendance than all day laborers, and is less inclined to be individuals from the association, and is generally excellent for the business. Breaks are given to in flight provides food at British aviation routes. Model on a plane they would stop at an air terminal midway, if the flight is certainly not a single direction flight. Installment by result installment as per execution: an arrangement of installment where the compensation paid relies upon how well a BA worker carries out a responsibility. Reward income rely upon estimated characteristics or estimations of yield for people or gatherings of BA representatives, typically dependent on work examined time units; this covers a wide scope of extra plans which despite everything structure the principle technique for execution pay for BA in flight laborers. Commitment that representatives make to British aviation routes is a key issue for the business. BA has conceived pay strategies that interface individual or group execution to a compensation framework that remunerates this. Then again, pay has been utilized to perceive such factors as individual turn of events, obligation, hazard taking and dedication or experience. To get reward BA laborers need to have the information abilities and demeanor that an individual needs to do their activity successfully. At the point when utilized in a compensation framework, they give a premise to singular evaluation to remunerate people who can decidedly add to the general qualities and goals of BA. BA laborers are additionally identified with their presentation pay plans, which spread a wide assortment of strategies for connecting pay to a proportion of individual or a gathering of in flight cooks. They all offer the possibility that where a laborer can fluctuate yield as indicated by exertion and this can be unmistakably identified with profit, the possibility of expanded compensation will prompt more prominent execution.

From Traditional Marketplace to Tomorrow’s Marketspace Free Essays

Concentrating on past mergers that were ineffective, we will research the major social issues these organizations confronted that were the greatest impediments imperiling their prosperity. We will at that point have the option to distinguish which social issues are generally significant for mergers of things to come to succeed. The second piece of our paper will discuss virtual conferencing, and the enormous position it will play in tomorrow’s groups. We will compose a custom exposition test on From Traditional Marketplace to Tomorrow’s Marketspace or then again any comparable subject just for you Request Now Uniting this, our conversation will concentrate on the positive and negative impacts virtual groups can have on a consolidating company’s culture. In the wake of introducing the two sides, our definitive objective will be to refer to the more significant jobs the virtual groups of tomorrow should play, in endeavors to make and keep up a solid and effective normal culture among combining organizations. The expansion of Internet utilization, joined with the most recent web based business rage has changed the manner in which most organizations are working together today (Knox 26). Organizations that are not in the website area currently want to participate in the online business world. Numerous ventures are moving their business from the conventional commercial center to the exceptionally refined marketspace; the AOL/Time Warner merger is a case of this. Today, consolidating has become the response to how organizations are going to increment and hold their upper hand. When an organization blends it turns into a considerably greater powerhouse. This raises one company’s piece of the pie colossally, permitting it to stand tall against contending firms (Fairlamb 20). Presently, different organizations in a similar industry need to look through harder to restore their serious specialty. This is done more often than not through extra acquisitions of comparable contending firms inside the business. Shockingly a great deal of mergers are destined for disappointment. While marketing projections and primary concerns have a major impact in the execution of an effective merger, they are just one bit of the riddle (qtd. in Pacific). Alongside calculating comes culture, the genuine heart of the organization. Each company’s culture is interesting. Various characters, methods of getting things done, desires, and methods of characterizing achievement are a few models. Indeed, even the data innovation an organization has is as much a piece of a company’s culture, as the individuals utilizing it. Uniting at least two organizations that may have completely extraordinary corporate culture frames a procurement. With advances most recent progression, organizations can be united on a completely new level. Virtual conferencing is rethinking the manner in which individuals can cooperate (Seanet). Through virtual groups individuals can essentially collaborate electronically. There are a few motivations to make virtual groups. In particular, groups might be circulated as a result of the new real factors confronting associations, for example, association wide undertakings or activities, and partnerships with various associations, some of which might be in different nations. There are likewise mergers and acquisitions, which we will give close consideration to, just as the longing of numerous individuals and government associations for working from home. These are a couple of the numerous reasons why individuals will hope to make virtual groups as their essential method of leading business. Practical joining groups accused of sewing together a few prior capacities as a rule prompts turf insurance, infighting, and uncommon enthusiasm arguing. Getting ready for progress, a ton of organizations utilize a creation approach. Making an exhaustive future-focused vision and technique that characterizes the new association. Together another arrangement of social practices and standards will be build up that are steady with the achievement of the key objectives, just as making a workforce energetically dedicated to the new organization’s values, vision, goals and extreme achievement. There are numerous reasons why we picked virtual conferencing and how it will impact the significant parts of culture inside combining organizations. As future businessmen of America this is an issue that we will be confronted with. In when professional stability is by all accounts moving toward an untouched low, it is imperative to recognize what we will be facing. Having a superior thought of what's going on around us will be helpful as we troop forward in endeavors to make our own specialty in this incredibly serious world. While this is a necessary task for us, we feel that we should take it for everything that it is worth, bettering ourselves thus. Step by step instructions to refer to From Traditional Marketplace to Tomorrow’s Marketspace, Essay models

How to Build a Swimming Pool

How to Build a Swimming Pool How to Build a Swimming Pool Home›Descriptive Posts›How to Build a Swimming Pool Descriptive PostsA swimming pool can be defined as container, which has been filled with water for the intention of swimming or other water-based recreation activities. Some may refer to it as a wading pool, while others prefer a swimming bath. It can also be just called a pool. Pools exist in many standard sizes; the deepest and largest being those used in Olympic games.Pools can be built above or in the ground. Materials needed include concrete (also known as gunite), plastic, metal, or fiberglass, vinyl, polymer, steel and plaster. Swimming pool construction prices may range from $17 to $39. This depends on the kind of materials used. It is crucial to mention that these prices do not include other costs like building decks, putting up fences, heaters, and other personalized modifications. The advance of a composite construction of fibreglass, which has an epoxy coating with porcelain-ceramic tile s, has given rise to the modern types with major advantages over past methods (Swimming pool.com N. p).Public pools are used by many people or by the public, while those used solely by a few people or in a private home are referred to as private. Public pools are to be found in fitness centers, health club, and many private clubs. These are mostly for relaxation and exercises. It is important to mention hot tubs and spas. These are pools in homes, clubs, hotels and massage parlors containing hot water and either used for relaxation or therapy. Water sports such as diving can also be done in swimming pools including the training of astronauts and lifeguards (NASA N. p). To save on expenditure, one may wisely decide to oversee the construction of his/her dream swimming pool instead of buying a readymade one. Below is a process of how to build a swimming pool, whether private or public, from the scratch.Choosing a Place for the Swimming PoolThe south side of the lawn is ideally recomme nded. The area should be near to water and electricity connections and away from trees (Beegel, Shillinglaw and Tiffney 21). However, to give the swimming pool enough space, one must not only consider adjusting to the surroundings but also compromise with the pool construction. In my case, I have decided to put the washbasin in a slope below, to prevent it from being bulky behind my house. This is purely for aesthetic reasons for it will not behold a beautiful site if the roofing of the pool prevents the view of the rest of my lawn. In addition, dark green roofing (or any dark color you prefer) would be preffered so as to avoid the roof being excessively striking to the eye (Krammer, 1).In designing the swimming pool, we should also consider the wash basin. Various types exist; for instance, the steel wash basins, polyester washbasins, iso-stones, concrete pool completely from formwork, and swimming pool with scarf stones (Krammer, 1).  A choice depends on the price, the easiness o f construction and how good the finish is preferred. I settle on scarf stones for my pool construction because it is relatively cheap (50×20×23v costs 1.10$). In addition, it saves concrete.Pool SizeThe size is decided upon by practical terms. For example, my foil width l is 2.10, which is a bit narrow for a pool. It has 4.05 pools, which is an interior measure. Because it will need roofing, this should be concise with the outer wall. For my case, it has 4.50 meters outside. This fits perfectly. The outer-rail is 21 cm.Designs of the Length of the In- ground PoolOne should ensure that the length of end walls and the roofing on the pool walls end. As a result, one can drive the roofing above the technology shaft. Given the front end can be removed or opened, it is rather good. I choose to leave out half of the patio, so that through wintry weather, no differences in colour on the terrace can appear (Sahatchai, N.p).Swimming Pool’s Technology ShaftLengthwise measurement for the te chnology shaft in the pool should arise from the pool width. I have decided to fix 1.50 meters as my inside measure. This should be able to move in it. Furthermore, the technology space is put nearly 50 cm deeper for one to be able to reach it directly.Stair in the Swimming PoolFor my design, I decided to put concreted roman steps in the swimming pool. This is because it looks better than only one entrance leader and that one can sit on it comfortably. Also, this can again be realised with scarf stones. The roofing dictates that the stairs will be inside.Planning and Preparation for the Base Plate in the PoolFor pipe dimensions with the pool construction, I decided on DA 63 for all the inlets and derivatives. Inlets up to the first piece are DA 63, and then continued with DA 50. Because I want to hold my inlet to the installation parts as curtly as possible, all tubes will run by the base plate. I also have four nozzles for ground finish and two others for wall finish for the surfac e cleaning.Installation Parts in the In-ground Swimming PoolThese are 4x ground finish, 2x finish nozzles in the Roman stair, 1x ground expiry in the pool2x Skimmer (including 20 cm of neck for technology shaft) and 2x underwater floodlight, which is a must have.Creating the Base plate for the poolTo ensure strength of the base plate you can use a 25 cm drainpipe and a 15 cm steel mat. This is okay in lowlands with serene climate. A rough rule of the thumb is that a good base plate should be 50 cm. Given the swimming-pool will be filled with water (in winter).   The draining is to be laid out more thinly. For that matter, I have a frost casing of approximately. This is plus 20 cm of concrete, in addition to two positions of Q80 of steel mats.Marking out the Base Plate PoolTo get a precise picture, one marks the base plate before looking at it from a distance. If it is seen that everything fits, one should mark half a meter around the base plate in order to allow working in the pit. The calculations of the depth of my swimming pool are 20-30 cm (from the ground). These should be able to resist rainwater.The Pool Base Plate ExcavationAfter accurate levelling, the bottom is then dug up with an excavator.   The technology shaft will be dug 50 cm before, and 50 cm of step deeper. A shaft from the house to the swimming pool will be laid with a light slope so as to empty the tubes during winter.Technology Shaft ShutterThe technology shaft to the pool should be 50 cm deep. It should ensure that one is able to stand upright. In my case, in the 100th pipe I will lay the tube for nozzles. This will ensure they remain movable when the valves are to be exchanged later.Putting the Base Plate ConcreteOne will need approximately 11.5 ms ³ concrete for the base plate. Thus, two Truck loads are sufficient. The process to concrete the step together with the technology shaft involves filling only the step with the concrete, followed by concreting the base plate on top. Then allo w the concrete to condense. Later, smooth it with a balance mass. From excavation to the last step it can last an average of 2 ½ days.Building Pool WallsThe pool walls are preferably bricked with scarf stones. This also includes walls at the technique pit. Then reinforcing steel bars into every scarf stone rows are put. Let us now look at some special fittings for the swimming pool.Installation of Swimming Pool AccessoryInsert the skimmer into the walls of the pool in order for water to be partly discharged (in the winter). The Skimmer will be concreted with borders of 4cm into the pool. The revision cover will precisely match with the edge (U.S Department of Energy, N.p). A counter current plant and intake nozzles will lie above the water. This plant should be put 30 cm under water to ensure that, in winter, the water level will not sink the headlights. Underwater headlights should be put 10 cm underwater taking into consideration possible ice. The headlights will be in-peeled 4cm into the pool. The distributor box will stand in the water. The box will be concreted above the pond edge.ConclusionThe above discussion is an elaborate description of how to build a swimming pool from the scratch. Following these steps will give one his/her dream swimming poll. It is important to mention that one should also consider using alternative local materials to minimise costs. In addition, one should consult the local authorities for any available regulations on swimming pool construction. Some jargon used in this discussion may scare off a beginner, but just a slight interest and effort will enable one to build a swimming pool.

Politics and Stem Cell Research Essay examples - 850 Words

Politics and Stem Cell Research The President’s Council on Bioethics published â€Å"Monitoring Stem Cell Research† in 2004. This report was written in response to President Bush’s comments regarding research of human stem cells on August 9, 2001. President Bush announced that he was going to make federal funding available for research that involved existing lines of stem cells that came from embryos. He is the first president to provide any type of financial support for the research of human stem cells. A Council was created with people who are educated in the field of stem cells to help monitor the research and to recommend guidelines and consider the ethical consequences that this research could create. This report is an â€Å"update† given†¦show more content†¦Stem cell derivatives may be a beneficial source of transplantable cells that may be able to repair and regenerate certain tissues. If this could be accomplished, the medical benefits would be enormous, such as helpin g Parkinson disease, MS, diabetes, and muscular dystrophies. Although, this could be an extremely important advancement in the field of medicine, there exist many ethical and religious issues that look down upon destroying embryos for research. The stem cells that are focused on in this report are embryonic stem cells. However, adult stem cells may also be used to give rise to lineages of cells that are more specialized than themselves. They are more differentiated than embryonic stem cells. Research using adult stem cells is much less controversial since they can be obtained without destroying an embryo. There is also a strong political aspect that has been brought up in recent discussions regarding groups who try to push adult stem cell research over embryonic stem cell research since they consider it a more permissible option. In contrast, people in favor of embryonic stem cell research try to discredit the potential of adult stem cell studies. This report describes how ethics involving embryos has been ongoing for 25 years but has significantly increased with the stem cell controversy. Another issue brought up by this report is whether or not federal funds should be spent on an issue that is so ethicallyShow MoreRelatedStem Cell Research in America: A Perfect Storm of Ideology, Politics, Science, and Religion1818 Words   |  7 Pagesï » ¿Stem Cell Research in America: A Perfect Storm of Ideology, Politics, Science, and Religion By: Me March 30, 2012 Abstract This paper discusses the recent history of stem cell research in the United States, tracking the controversies, politics, and promise of new technology that comes with a moral price. Starting in August of 2001, with President Bushs request that Stem Cell Research not be paid for with federal funding, the battle of science against religion began. (Rosenburg, 2001) DespiteRead MoreStem Cell Research Controversy Essay681 Words   |  3 Pagesover stem cell research’s use in the medical field is almost two decades old. So why the sudden intense return of fierce political debates over an old issue? It’s because President Obama recently revoked the ban on stem cell research, as he believes it holds the potential to revolutionize the medical industry in the years to come. As USA Today quoted him saying in March, after he stopped restricting federal funding for stem cell research, At this moment, the full promise of stem cell research remainsRead MoreA Research On Stem Cells15 60 Words   |  7 PagesRose Hercilla Mr. Hoffman Biology Viewpoint: Political Stem Cells Stem cells are cells that are undifferentiated and can develop into any kind of cell needed in the body. The most common stem cells used for research and referred to are human embryonic stem cells. They are formed in embryos to help establish the body and organs for the fetus. Scientists can now fertilize eggs in a lab, which is a process frequently used for people who have difficulties becoming pregnant naturally, also known asRead More2017. Stem Cells. Many People Around The World Like The1133 Words   |  5 Pages 2017 Stem Cells Many people around the world like the idea of stem cells, but are they really a good thing? Stem cell research is debatably the worst way of solving problems with the human body. In fact Scientists have been researching stem cells for a very long time, since 1956 when the first successful bone marrow transplant was made by Dr. E Donnall Thomas. There are not many cons to not use stem cells but they are very important to consider. Stem cells should not be used in the medical fieldRead MoreThe Revolution or De-evolution of Stem Cell Research1728 Words   |  7 PagesRevolution or De-evolution of Stem Cell Research Many people in the around the world have first or second hand encounters with deadly diseases that can lead the person who is afflicted to a lifestyle of medication and therapy. Scientists today have the potential to find cures for these diseases with stem cell research. Stem cells have the potential on making cures for these people. Stem cell research is hindered by the opposing side’s belief that stem cell research is murder since they believe thatRead MoreControversy in the Use of Embryonic Stem Cells Essay1030 Words   |  5 Pagescan the use of stem cells be so controversial?†, one may ask. If the stem cells are donated out of free will or were going to be destroyed anyway, how can putting them to better use be controversial? Sure, a potential life must be destroyed to save a life, but only before one can tell that it is a human. Should the use of stem cells for medical research and use be regulated? These questions and more will be discussed and pondered througho ut this paper. A stem cell is defined as a cell that can changeRead MoreStem Cell Research has the Potential to Alleviate Much Suffering1425 Words   |  6 PagesLady Nancy Reagan: â€Å"Embryonic stem cell research has the potential to alleviate so much suffering. Surely, by working together we can harness its life-giving potential.† Stem cell research shows so much promise to help people by treating diseases and other problems through therapy. While it seems as though the clear answer is that we should study stem cells as soon as possible, this is sadly not the case. Stem cell research is an ongoing controversy within politics and the courts because of the processRead MoreEssay about Embryonic Stem Cell Research1357 Words   |  6 PagesHuman Embryonic Stem Cell Research Embryonic stem cell research is a highly controversial topic in todays society, this kind of stem cell commits to regenerate any type of tissue. Unfortunately, Embryonic Stem Cell Research has a dark side. To obtain these cells will kill the embryo automatically. In other words, the acquirement of the Human Embryonic Stem Cell includes performing an abortion. To obtain these cells, it would kill the embryo. This has created controversy since abortion is suchRead MoreThe Debate Over Embryonic Stem Cell Research1652 Words   |  7 PagesEmbryonic stem cell research could one day hold the key to many new scientific discoveries if it is continuously funded in the years to come. I chose to base my research around the question, Should embryonic stem cell research be government funded? When I finish highschool I hope to pursue a career in the medical field. Although I wish to become a doctor and may not be directly researching stem cells, they may one day be a treatment that I will have to administer to patients. To answer this questionRead MoreEssay about Pros and Cons of Embryonic Stem Cell Research1261 Words   |  6 PagesEmbryonic Stem Cell research mainly because they consider it unethical to use aborted fetuses for research. The two main issues concerning the research are the ethics (Cons) and the benefits (Pros). In any scientific case, ethics must always be considered. But the use of fetuses is something that is of the utmost importance. The costs are generally measured based off of people’s feelings, morals, and knowledge about the subject up for debate. The use of aborted fetuses for stem cell research may have

The History of the Invention of the Telegraph

When British officials wished to communicate between London and the naval base at Portsmouth in the early 1800s, they utilized a system called a semaphore chain. A series of towers built on high points of land held contraptions with shutters, and men working the shutters could flash signals from tower to tower. A semaphore message could be relayed the 85 miles between Portsmouth and London in about 15 minutes. Clever as the system was, it was really just an improvement on signal fires, which had been used since ancient times. There was a need for much faster communication. And by the middle of the century, Britain’s semaphore chain was obsolete. The Invention of the Telegraph An American professor, Samuel F.B. Morse, began experimenting with sending communications via electromagnetic signal in the early 1830s. In 1838 he was able to demonstrate the device by sending a message across two miles of wire in Morristown, New Jersey. Morse eventually received funds from Congress to install a line for demonstration between Washington, D.C., and Baltimore. After an abortive effort to bury wires, it was decided to hang them from poles, and wire was strung between the two cities. On May 24, 1844, Morse, stationed in the Supreme Court chambers, which were then in the US Capitol, sent a message to his assistant Alfred Vail in Baltimore. The famous first message: â€Å"What hath God wrought.† News Traveled Quickly After the Invention of the Telegraph The practical importance of the telegraph was obvious, and in 1846 a new business, the Associated Press, began using the rapidly spreading telegraph lines to send dispatches to newspaper offices. Election results were gathered via telegraph by the AP for the first time for the 1848 presidential election, won by Zachary Taylor. In the following year AP workers stationed in Halifax, Nova Scotia, begin intercepting news arriving on boats from Europe and telegraphing it to New York, where it could appear in print days before the boats reached New York harbor. Abraham Lincoln Was a Technological President By the time Abraham Lincoln became president the telegraph had become an accepted part of American life. Lincolns first State of the Union message was transmitted over the telegraph wires, as the New York Times reported on December 4, 1861:​ The message of President Lincoln was telegraphed yesterday to all parts of the loyal states. The message contained 7, 578 words, and was all received in this city in one hour and 32 minutes, a feat of telegraphing unparalleled in the Old or New World. Lincolns own fascination with the technology led him to spend many hours during the Civil War in the telegraph room of the War Department building near the White House. The young men who manned the telegraph equipment later recalled him sometimes staying overnight, awaiting messages from his military commanders. The president would generally write his messages in longhand, and telegraph operators would relay them, in military cipher, to the front. Some of Lincolns messages are examples of emphatic brevity, such as when he advised General Ulysses S. Grant, at City Point, Virginia in August 1864: â€Å"Hold on with a bulldog grip, and chew and choke as much as possible. A. Lincoln.† A Telegraph Cable Reached Under the Atlantic Ocean During the Civil War construction of telegraph lines to the west proceeded, and news from the distant territories could be sent to the eastern cities almost instantly. But the biggest challenge, which seemed utterly impossible, would be to lay a telegraph cable under the ocean from North America to Europe. In 1851 a functional telegraph cable had been laid across the English Channel. Not only could news travel between Paris and London, but the technological feat seemed to symbolize the peace between Britain and France just a few decades after the Napoleonic Wars. Soon telegraph companies began surveying the coast of Nova Scotia to prepare for laying cable. An American businessman, Cyrus Field, became involved in the plan to put a cable across the Atlantic in 1854. Field raised money from his wealthy neighbors in New York City’s Gramercy Park neighborhood, and a new company was formed, the New York, Newfoundland, and London Telegraph Company. In 1857, two ships chartered by Fields company began laying the 2,500 miles of cable, setting off from Irelands Dingle Peninsula. The initial effort soon failed, and another attempt was put off until the following year. Telegraph Messages Crossed the Ocean By Undersea Cable The effort to lay the cable in 1858 met with problems, but they were overcome and on August 5, 1858, Cyrus Field was able to send a message from Newfoundland to Ireland via the cable. On August 16 Queen Victoria sent a congratulatory message to President James Buchanan. Cyrus Field was treated as a hero upon arrival in New York City, but soon the cable went dead. Field resolved to perfect the cable, and by the end of the Civil War he was able to arrange more financing. An attempt to lay cable in 1865 failed when the cable snapped just 600 miles from Newfoundland. An improved cable was finally put in place in 1866. Messages were soon flowing between the United States and Europe. And the cable which snapped the previous year was located and repaired, so two functional cables were operating. The Telegraph Was Depicted In the Capitol Dome Constantino Brumidi, the Italian-born artist who was painting inside the newly expanded US Capitol, incorporated the transatlantic cable into two beautiful paintings. The artist was an optimist, as his lofty depictions were completed a few years before the cable was finally proven successful. In the oil painting Telegraph, Europe is portrayed as clasping hands with America while a cherub offers a telegraph wire. The spectacular fresco inside the top of the Capitols dome, Apotheosis of Washington has a panel titled Marine showing Venus helping to lay the transatlantic cable. In the Late 1800s Telegraph Wires Covered the World In the years following Fields success, underwater cables connected the Middle East with India, and Singapore with Australia. By the end of the 19th century, much of the globe was wired for communication.

How Can an Individual’s Sense of Identity be Communicated Through Their Choice of Music Free Essays

In today’s society individuality can be expressed in many different ways. The use of physical adornments such as clothes and makeup are the first things that spring to mind when discussing ways and methods of identification. However, with the mass media having such a huge influence on the young people of today, it is becoming very easy to determine one’s identity through the music they enjoy listening to. We will write a custom essay sample on How Can an Individual’s Sense of Identity be Communicated Through Their Choice of Music? or any similar topic only for you Order Now This essay seeks to determine how an individual identity can be clearly communicated through choices of music. To a certain extent, music has had an interesting effect on the way individuals express their sense of identity. The 1960’s Mods and Rockers are a good example of this. Two different types of people existing in the same society, who were easily distinguished to the type of clothing they wore and their social activities- it could be argued that this has certain relevance to tastes in music. The Mods were, of course, happy to settle for the newly released music of the time. Whereas the Rockers weren’t satisfied with the new renditions and so preferred to stick with classic rock music. This eventuated in the two groups leading wholly different ways of life, and the appearances and attitudes of both groups became a likeness of the particular ‘identities’ which are recognizable in society today. Today, there is a greater variety of music available to the mass public, and this has inevitably resulted in many different identities being formed. The 1980’s trance scene along with the new input of R ‘n’ B and Hip Hop (Black rap style music) has influenced a number of new music acts to recreate versions of the biggest hits. This has helped in creating a new identity that many nightclubs cater for. What is known as the ‘Kev’, ‘Townie’ or ‘Shaz’ has been formed! These short names are used to describe people of a certain identity. Usually people of these youth subgroups are fans of hard dance music which they listen to on a regular basis on their personal CD players in public places and are also well known for their up to date flashy mobile phones, sports clothing and tacky jewellery, as well as the occasional baseball cap. There is a rather large congregation of ‘Kevs/Townies’ on Saturday nights when they drive their flashy cars around the town centre. ‘Moshers’, ‘Goths’, ‘Metallers’ or ‘Grungers’ all form another subgroup which relies almost completely on music taste which is quite the opposite to the group discussed in the last paragraph. ‘Grungers’ are people who usually prefer to listen to music such as Nirvana and Red Hot Chili Peppers, and just generally most forms of rock and metal music. Their sense of dress is relatively easy to identify, as a certain identity has been created by the huge mass of youngsters turning to the ‘Grunger’ image in the last few years. The ‘hoodie’ has become a highly symbolic item of clothing, which many of the group members will wear when congregating. This can be teamed with baggy jeans and trousers, multiple piercings, dyed hair, visible tattoos and other common objects such as various bracelets and jewellery, although hardly ever gold or silver. The two groups previously discussed are the two huge societies in which the members’ behaviour is almost completely influenced by popular music. As it is possible to see from the descriptions above, an individuals’ sense of identity can be relatively easy to configure when using popular music as the determining factor. Due to this, increasing amounts of youth subgroups are being formed purely by musical taste. How to cite How Can an Individual’s Sense of Identity be Communicated Through Their Choice of Music?, Papers

Physics Practical; Comparing and improving two rainfall gauge experiments Essay Example Essay Example

Physics Practical; Comparing and improving two rainfall gauge experiments Essay Example Paper Physics Practical; Comparing and improving two rainfall gauge experiments Essay Introduction The aim of this experiment is to test and improve an existing rainfall measuring experiment using a potential divider. I have done this by modifying the equipment I use; this has given me a better resolution and more linear results. Apparatus For the first unimproved experiment 5 volt Dc power supply Physics Practical; Comparing and improving two rainfall gauge experiments Essay Body Paragraphs Rotary potentiometer Float Voltmeter Beaker Metal rods Blue tack Clamp stand Ruler For the second experiment; 5 volt DC power supply Rotary potentiometer Clamp stand Arm with joint Volt meter Beaker Float Ruler Safety If the water is spilt then it must be mopped up. The beaker might break if it falls on the floor therefore all equipment must be kept away from the edge of the table. The rotary potential divider must be secured in a clamp stand. This must be held tightly so that it will not fall on the table as this would damage both he table and the rotary potential divider. Diagram of Experiment 1 Diagram of Experiment 2 Theory A rotary potentiometer has a primary use in fuel gauges in cars however it is also useful in rain detectors or robot arm sensors. It works because, when a 5 volt current is passed through the two potential divider connections and the rotary arm if fully opened up the full current will pass through. However if the arm closes slightly a different output voltage is given. Therefore to measure an amount of liquid in and area the voltage is measured by a voltmeter. The voltmeter must be set across the rotary potentiometer to gain clear results. Method For the first experiment, the rotary potentiometer was connected to the power supply. After this, I connected a voltmeter to measure the voltage across the rotary potentiometer. The rotary potentiometer is then firmly attached to a clamp and stand so as not to fall out on to the table. Then I fixed a metal rod to a right angle of the potential divider from the moving spindle at the centre of the rotary potentiometer, as this moved the out put voltage changed. From this right-angled rod, another rod was attached at an angle of 90à ¯Ã‚ ¿Ã‚ ½ downwards. The rods where joined together by blue tack. This downwards rod was connected to a float, which was a ping-pong ball. Assembled it is the immersed into a beaker where the water was added and the out put voltage is to be measured. Fo r the second experiment, I did the same this made my experiment fair. However, I altered the arm, this enabled the arm to rotate more smoothly also I used a larger container for the experiment. Therefore, the float would not constantly hit the sides. In addition, I used a polystyrene float this floated better than a ping-pong ball. All output voltage will be measured in à ¯Ã‚ ¿Ã‚ ½m on the voltmeter. Also not only as I add a set increasing ml of water must I measure the output voltage I must measure how much the water level for each addition of 100ml of water has increased. Once I have this result I can calculate the average resolution for my sensor Problems For the second experiment there where minimal errors, due to the fact the aim of the second experiment was to eliminate errors from the first experiment. For the first experiment, the beaker was the wrong shape for the task. This meant that as the arm was elevated when the water started to fill the beaker the float encountered the sides and therefore giving anomalous results. To stop this from happening in the second experiment I used a larger beaker. This stopped the arm and float from hitting the side. The change in beaker shape would have affected the results for the two experiments; therefore, I used a beaker that gave enough clearance however, it was very similar to the first beaker this meant my results would not be affected by a large amount. I measured this out put voltage difference between the two beakers and compensated for it in the results from my second experiment therefore giving accurate results. Also in the first experiment the rods where joined by using two rods at 90à ¯Ã‚ ¿Ã‚ ½ through the rotary potentiometers spindle. Alternatively, though this measured the level of water accurately, it gave no give in the joint between the two arms, this allowed the float to hit the sides and give me anomalous results. To stop this from happening in the second experiment I used an arm that had been professionally made this meant that it gave accurate results because it would be at a constant angle of 70à ¯Ã‚ ¿Ã‚ ½, and did not twist or hit the side. The two arms where attached between the 70à ¯Ã‚ ¿Ã‚ ½ angle with two plastic disks these where on a pivot to allow the arms freedom to move from left to right of each other however it would not spin in the opposite direction. This spin would give the anomalous results. For the first experiment, the ping-pong ball also caused problems. When water was added to the container the ball did not rise this was because it had holes in the surface and therefore filled with water. To stop this occurring I changed the ball. In the second experiment, I changed the ball to a polystyrene ball, I did this because polystyrene floats better than a PVC ball, and this gave my results for the second experiment an extra degree of accuracy. The second experiment also had fewer problems as it was an improved experiment. At first when I set, the second e xperiment up the potential divider was faulty therefore; I had to change this for a different rotary potential divider. In addition, my first selected beaker for the second experiment also made the float hit the side and gave me faulty readings this meant I had to change for a slightly larger beaker. Results Results for the first unmodified experiment; voltage output/à ¯Ã‚ ¿Ã‚ ½m (+/-0.001V) Rainfall/ml v-out v-out v-out Average output 0 119.5 135.6 124.2 126.4 400 115.2 110.6 120.5 115.4 500 105.6 95.6 103.0 101.4 600 78.0 85.4 83.2 82.2 700 56.2 54.2 51.3 53.9 800 28.1 34.2 31.9 31.3 900 7.9 6.2 9.7 7.9 1000 2.0 0.5 1.1 1.2 Resolution 3mm Results for the second (modified) experiment; voltage output/à ¯Ã‚ ¿Ã‚ ½m (+/-0.001V) Rainfall/ml v-out v-out v-out v-out v-out Average output 0 129.4 130.0 132.0 130.8 130.3 130.0 400 117.9 121.7 122.0 120.5 119.6 120.0 500 115.3 110.7 111.9 113.2 114.3 113.4 600 82.5 83.1 81.9 83.1 83.0 82.5 700 60.0 57.5 58.6 59.7 60.7 59.6 800 30.1 29.7 32. 1 30.22 27.9 30.8 900 10.5 8.9 9.5 9.6 10.1 9.8 1000 0.9 1.01 0.8 1.03 1.01 1.01 Resolution 2.5mmThese results provide me with the evidence I need to compose graphs and to draw a conclusion. Analysis of my results The second experiment also had fewer errors as it was an improved experiment. At first when I set, the second experiment up the potential divider was faulty therefore; I had to change this for a different rotary potential divider. In addition, my first selected beaker for the second experiment also made the float hit the side and gave me faulty readings this meant I had to change for a slightly larger beaker and recalculate the difference in volt output per measure meant taken. The resolution of the second experiment was around about 3mm this was adequate for measuring rainwater as it normal rains more than 3mm in 1 day. However, I increased the resolution of the rainfall detector by 0.5mm. This shows that these small changes have improved my experiment. The graph for the first experiment is linear, despite this there are some anomalous results for example 900mm, which gave an average volt output, of 0.00079v. This could have been down to a number factor such as parallax error of measuring the water level or taking the reading during a fluctuation of the voltmeter. The results for my second experiment are obviously more accurate when plotted on a graph. This is because on the first graph there are five results that do not fit onto the trend line, however my improved experiments graphical results show that the results are more closely suited to a linear trend line. This is because of the improvements in equipment that was used also more accuracy which means less parallax error. Parallax error is human error of measurement. Evaluation The aim of the experiment was to improve an existing experiment to measure the rainfall by using a rotary potentiometer. The results that I have collected and displayed on the graph show that I have increased the accuracy of the results. The new results form an increased correlation on a trend line. In addition, the resolution of my experiment has increased by 0.5mm of water this is very impressive as I thought at the start of this experiment that the resolution would of remained the same. Also if this was to be made into a really rain measuring gauge it would be easier to keep outside and not have to monitor constantly. This is because of the alterations I have made. Before if the first experiment were left for 24 hours the float would have hit the side if it floated at all, and there would have had to be 3mm of rain for a clear reading to be taken. With the improved experiment, it could now be left outside, because the new arm joint allows the arm movement and to measure at a constant angle however, it will not hit the side of the beaker, only 2.5mm of rain would have to fall for a reading to be taken and the ball is assured to float. If I was to improve the experiment further, I would use a resis tance box, and a power supply that gave a constant 5 volts instead of a power supply that gave a fluctuating 5 volts, I would also use a more sensitive voltmeter. A resistance box would not increase the resolution however; it would increase the strength of the signal to the voltmeter and therefore giving a better reading. If I were to use a fixed 5 volt, power supply it would give me a constant 5 volts instead of fluctuating around 5 volts this would also improve my voltmeter readings and linearity of my graph. If I was to use a more sensitive voltmeter I could increase the accuracy of my results by 1 decimal place this although would not improve my results it would make them easier to anomalies and then I would be able to find a more affective way of stopping the anomalous results. We will write a custom essay sample on Physics Practical; Comparing and improving two rainfall gauge experiments Essay Example specifically for you for only $16.38 $13.9/page Order now We will write a custom essay sample on Physics Practical; Comparing and improving two rainfall gauge experiments Essay Example specifically for you FOR ONLY $16.38 $13.9/page Hire Writer We will write a custom essay sample on Physics Practical; Comparing and improving two rainfall gauge experiments Essay Example specifically for you FOR ONLY $16.38 $13.9/page Hire Writer

Female Employee Files Lawsuit against Bank of America Essays

Female Employee Files Lawsuit against Bank of America Essays Female Employee Files Lawsuit against Bank of America Essay Female Employee Files Lawsuit against Bank of America Essay Female Employees File Lawsuit Against Bank of America March 31 2010, three female Financial Adviser filed a national class action lawsuit against Bank of America and Merrill Lynch alleging sex discrimination. The New York Times reports that the lawsuit, which was filed in New York, claims that the companies have violated several federal and New York state laws, including Title VII of the Civil Rights Act of 1964 and  the New York State Human Rights Law. Employment lawyer Kelly M. Dermody says that While Merrill Lynch and Bank of America have favored male Financial Advisers to receive lucrative client opportunities, they have penalized female Financial Advisers financially for not being chosen for those advantages they created. The plaintiffs with this case include Judy Calibuso, Julie Moss, and Dianne Goedtel, who are seeking back pay and unspecified damages. In addition, theyre asking the court for a class-action status. The suit states that Bank of America and Merrill Lynch have company wide policies and practices that results with an unchecked gender bias in the workplace. Bank of America acquired Merrill Lynch in December 2008, making it the largest financial company in the nation. In Texas, thousands of people are employed with the company and with a class-action lawsuit, many residents of the Houston might be able to join the suit without hiring a Houston employment lawyer. : Yet Bank of Amercia representatives have denied the gender discrimination allegations, and say that the company plans to defend itself against the claims. In a statement, representatives even said that the company has been recognized for its success in creating and supporting a diverse and inclusive work force Institute Of business and management UET, Lahore. Submitted by Chemical Engineer Adnan Khalid, MBA-Operations and Management.

Retail Management Your complete guide to starting your career

Retail Management Your complete guide to starting your career If you’re thinking about a career in retail management, either because you’ve put in your time in the entry-level retail trenches and want to move up in the field or you’re considering a career change, you probably have a general idea of what to expect. After all, retail is not for the faint of heart. However, there’s a difference between working in retail and making it your career, so if you’re considering taking that step to level up, we have the info you’ll need to help make that decision. How will you know if it’s a good fit?If you’ve gotten this far, it’s likely you’ve already found retail to be a good fit for you, on paper. But what are the qualities you’ll need to have as a retail manager?Good personality counts for a lot here. Some common traits found in successful retail managers include:Strong customer focus. The customers may or may not always be right, but they will always be your priority. Manag ers who care about providing excellent customer service, even under stressful circumstances, do well.Leadership skills. The manager will be in charge of other employees as well as store operations, so it’s important to be someone who can step up and lead rather than melting into the crowd.The ability to make peace. Whether it’s dealing with employee drama or customer issues, at some point the manager will have to be the one who fights off irritation or frustration and placates different kinds of personalities to make sure things are resolved well.If you struggle in any of these areas, it doesn’t mean you can’t be a good retail manager, but it might mean putting in extra work to create a successful professional persona. Being part of retail management means being able to navigate the challenges of keeping everything running smoothly while also accommodating corporate/business goals and customer needs.What is the day-to-day like?Retail managers are typicall y responsible for the daily operations of a brick-and-mortar store- whether it’s a big box giant like Walmart or your Mom and Pop hardware store down the street. Basically, every store needs someone to ensure that sales goals are being met, staff are being managed, the store is operating well, and that customer needs are being met. A retail manager’s tasks may include:Opening and closing the storeHiring and managing staff membersManaging the daily employee scheduleAnalyzing sales and setting sales goals for the storeCreating and maintaining store budgetsAnalyzing and coordinating inventoryCreating store displaysWorking with and reporting to senior management in the company (for example, a head office or a store owner)Communicating financial informationWorking with vendors and suppliersEnsuring that the store is clean, organized, and well-maintainedMonitoring expenses and store losses (security)Handling escalated customer service issuesRetail managers are responsible fo r making sure everything gets done in a store, and that it’s done well. Retail managers can also expect to work long weeks (potentially more than 40 hours), on varied schedules. After all, stores are open all week long, and increasingly on holidays. This is not your standard 9-to-5 in a cubicle gig.What types of retail management jobs are out there?Some of the most common retail management job opportunities include:Store ManagerRetail Operations ManagerTeam LeaderStore General ManagerAlthough most retail management positions are still in what we would think of as â€Å"normal† stores, the retail landscape is definitely changing. So in addition to the traditional store manager roles (showing up at a specific store and making sure that physical operations are going according to plan), there will be increasing opportunities to manage digital retail as well. Managers who are well-versed in supply chain logistics or online sales have versatile skill sets that could help the m advance in our increasingly digital economy.What education will you need?One of the best things about getting started retail is that you don’t need to get an extensive education before you jump in. The retail path often starts with a high school degree and on-the-job training, and then growing experience as you take on more responsibility. Hands-on experience is often more valuable in this field than a specific education credential. To become a retail manager, however, an associate’s degree, bachelor’s degree, or course in sales, business, or management can help you get to the management level faster.If you don’t have a degree, don’t worry- there’s still a path to retail management. You can take your existing experience and use that to create longer-term goals. You can also stay and grow within a certain company, using the promotion ladder to get where you want to be. At every level of your retail career, make sure you’re learning e verything you possibly can about how your store (and retail in general) works, because this is an education you can’t get elsewhere- and you never know when that information can help boost you to the next level.What skills will you need?As mentioned before, retail managers have to be able to juggle many different obligations and tasks. These core skills will serve you very well in a retail management career.Communication skillsManagers have to be able to communicate clearly and effectively with all sorts of different people: employees, upper management, suppliers or vendors, and employees. That means being able to adapt a message to the right audience and strike the right tone as necessary. Listening skills are also essential, so that potential problems can be understood and addressed as quickly and efficiently as possible.Problem solvingEvery retail manager is going to deal with problems- problems with employees, problems with customers, problems in getting the right merchan dise, problems with security, you name it. If your solution to a direct challenge is to pull inward, turtle-style, and hope it goes away, this job might not be for you. Instead, retail managers should be able to see a problem clearly, and be able to come up with a workable solution- even if it’s not a perfect one.Results focusIt’s not enough to keep a store going- managers will also be responsible for performing well according to different metrics, whether it’s a store’s financial performance, sales goals, employee goals, customer feedback, etc. It’s crucial to understand what these criteria are that you’ll need to meet and focus your attention on hitting them.ProfessionalismAs mentioned before, the retail manager will often need to step in and be the grownup in cases of conflict or customer complaints. A professional demeanor at all times is very necessary.Math skillsRetail managers are often responsible for extensive reporting and analysis when it comes to a store’s finances and budgets, so being able to do the math efficiently and accurately is important.Negotiation skillsWhether it’s trying to create an employee schedule without causing a revolt or trying to get a better deal from vendors, knowing how to negotiate your way out of any situation is a powerful tool for a retail manager to have.Engaging people skillsRetail managers are not solo acts, so they have to be able to inspire their teams to do work together for the common good of the store. Fear and anger are not the best motivational tools around, so it’s essential to have the skills to be able to get people to want to do their best work- and to motivate them when they don’t necessarily want to do it.What is the potential career path? â€Å"Retail management† can seem like an end goal in and of itself, so if you haven’t thought much yet about the nuances of what you can do once you get to that point, you’re not alone. Once you get a certain level of management experience, those skills are very transferable all over the retail landscape. You may decide to specialize in a particular area, like one of the following:MerchandisingMarketingPersonnel managementCustomer serviceTrainingOperationsWarehousingOnce you have skills and experience, you may find that different management opportunities may open up even within the same company.What kind of salary can you expect?According to salary.com, retail managers can make a pretty wide range of salaries, with a median between $48,091 and $65,734. Specific salary depends on factors like experience and location.What is the outlook for retail management?Retail itself may be changing with the times, but the need for retail isn’t. Companies will always be selling goods, products, and services, and will always need qualified leaders to help them do that in the most efficient and profitable ways possible. Retail management is a career with solid opera tional foundations, and will continue to be an in-demand career path for those with the experience, leadership skills, and the commitment to customer service.If you’re looking for help with your resume,  you can also download free templates from our Resume Library to get started.

Role of Leadership in Managing Quality Research Paper

Role of Leadership in Managing Quality - Research Paper Example Moreover leaders establish a particular direction for their followers which allow them in managing the internal environment of the organization, business, school, institute, nation etc. Once the adherents follow guidance provided by their leader efficiently they can ultimately achieve their targeted goals, aims and objectives in an organized manner. Hence it is clearly evident that quality can easily be maintained with good leadership on any stage or medium as it is the excellence of leaders who are able to set objectives efficiently and assist their followers in implementing those objectives within specified time limits (tribehr.com, 2012). In Big Organization Considering the role of leaders in big organization it is found that leaders are proactive and lead their employees through providing example. The employees follow such instances after being inspired by the charismatic leadership of their leader rather than having a sense of dictatorship. A good leader is one who leads in a ma nner which is depicted through implementation and then leading through actions as opposed to simply dictating their rules and actions without exemplifying any real instances. Leaders recognize and act in response to the variation of the external environment and completely understand the ups and downs of the changing external environment. They are then able to communicate the right direction to their followers for attaining quality in work. The role of leadership in a big organization is to comprehend the requirements of every stakeholder such as clients, owners, suppliers, working staff, general public and any other concerned associate of the business. Every stakeholder formulates the significant part of the quality management process hence they all combine to have an effect on organization’s success. It is the quality of good leadership to induce ethical values throughout their organization which can be achieved through organization’s mission statement or they can the mselves become role models for inspiring their employees for becoming a strategic part of quality management initiative (lennoxhill.co.uk, 2011). True leadership has the ability to equip their employees with the essential resources and struggle to fulfil their duty with sincerity and accountability. The entire organization can be motivated by true leaders for fulfilling their duties and get everyone involved in the process of quality management. It is essential at this stage that leaders must inspire and recognize the contributions and efforts made by employees at all levels which will further instigate a sense of accountability amongst employees and will inspire them in attaining more results and they will voluntarily involve more in quality management procedures. This entire process is dependent on the inputs from both sides whether it is the leader or it is the company’s workforce (Ovretveit, 2005). In Educational Institution The educational field has also changed consider ably in a manner that education administration is now treated more towards the scope of educational management which is now further improvised and transformed into educational leadership. This example is clearly evident from the ceremony held in 2000 having the inauguration of the National College for School Leadership in England. The expression ‘instructional leadership’ is basically derived from North America and it has been superseded in England and all around the world by the concept of ‘learning centred leadership’. It has become a requirement for educational leaders and managers to focus all their efforts more towards the quality management of their educational institution for competing with the other leading

Recommendation for reducing substance dependence disorder from Essay

Recommendation for reducing substance dependence disorder from alcoholism - Essay Example Last year, there were 500 new cases of substance abuse mental disorder related to excess regular alcohol consumption. In this report, I give an explanation on better solutions identified by the state welfare committee and present our findings after comparison of substance abuse mental disorder cases in the state. Together with the social welfare committee, we have considered the following solutions: - law enforcement on bar attendants and the owners who sell alcohol to drunken patrons and extending drinking time limits. - increase the punishment of drunkenness and violation of regulations, which controls the selling and alcohol drinking - Social workers to create forums to educate the public on dangers of excessive alcohol drinking. There has been a big increase of substance mental disorder cases over the past couple of years. Excessive drinking of alcohol has been one of the major causes. This increase is attributed to ignorance, violation of rules controlling sale and drinking of alcohol not having effective public sensitization programs on dangers of abusing alcohol and lineament punishment to the offenders. Substance abuse disorder statistics compared The following statistics represents the total cases of diagnosed substance abuse mental disorder in 2010 and 2012 the percentage of the diagnosed cases related to alcoholism (Newton 183). The enforcement of laws that govern alcohol sale and consumption is a major step. This can be enhanced by employing more officers and giving them relevant patrol facilities. This will deter the law breakers from going against the regulations that control alcohol sale and consumption.

Types of Security Threats and Protection Against Them

Types of Security Threats and Protection Against Them Introduction While attacks on computers by outside intruders are more publicized, attacks perpetrated by insiders are very common and often more damaging. Insiders represent the greatest threat to computer security because they understand their organizations business and how their computer systems work. They have both the confidentiality and access to perform these attacks. An inside attacker will have a higher probability of successfully breaking into the system and extracting critical information. The insiders also represent the greatest challenge to securing the company network because they are authorized a level of access to the file system and granted a degree of trust. A system administrator angered by his diminished role in a thriving defense manufacturing firm whose computer network he alone had developed and managed, centralized the software that supported the company’s manufacturing processes on a single server, and then intimidated a coworker into giving him the only backup tapes for that software. Following the system administrator’s termination for inappropriate and abusive treatment of his coworkers, a logic bomb previously planted by the insider detonated, deleting the only remaining copy of the critical software from the company’s server. The company estimated the cost of damage in excess of $10 million, which led to the layoff of some 80 employees. An application developer, who lost his IT sector job as a result of company downsizing, expressed his displeasure at being laid off just prior to the Christmas holidays by launching a systematic attack on his former employer’s computer network. Three weeks following his termination, the insider used the username and password of one of his former coworkers to gain remote access to the network and modify several of the company’s web pages, changing text and inserting pornographic images. He also sent each of the company’s customers an email message advising that the website had been hacked. Each email message also contained that customer’s usernames and passwords for the website. An investigation was initiated, but it failed to identify the insider as the perpetrator. A month and a half later, he again remotely accessed the network, executed a script to reset all network passwords and changed 4,000 pricing records to reflect bogus information. This former employee ultimately was identified as the perpetrator and prosecuted. He was sentenced to serve five months in prison and two years on supervised probation, and ordered to pay $48,600 restitution to his former employer. A city government employee who was passed over for promotion to finance director retaliated by deleting files from his and a coworker’s computers the day before the new finance director took office. An investigation identified the disgruntled employee as the perpetrator of the incident. City government officials disagreed with the primary police detective on the case as to whether all of the deleted files were recovered. No criminal charges were filed, and, under an agreement with city officials, the employee was allowed to resign. These incidents of sabotage were all committed by â€Å"insiders:† individuals who were, or previously had been, authorized to use the information systems they eventually employed to perpetrate harm. Insiders pose a substantial threat by virtue of their knowledge of, and access to, employer systems and/or databases. Keeney, M., et al (2005) The Nature of Security Threats The greatest threat to computer systems and information comes from humans, through actions that are either malicious or ignorant 3 . Attackers, trying to do harm, exploit vulnerabilities in a system or security policy employing various methods and tools to achieve their aims. Attackers usually have a motive to disrupt normal business operations or to steal information. The above diagram is depicts the types of security threats that exist. The diagram depicts the all threats to the computer systems but main emphasis will be on malicious â€Å"insiders†. The greatest threat of attacks against computer systems are from â€Å"insiders† who know the codes and security measures that are in place 45. With very specific objectives, an insider attack can affect all components of security. As employees with legitimate access to systems, they are familiar with an organization’s computer systems and applications. They are likely to know what actions cause the most damage and how to get away with it undetected. Considered members of the family, they are often above suspicion and the last to be considered when systems malfunction or fail. Disgruntled employees create mischief and sabotage against systems. Organizational downsizing in both public and private sectors has created a group of individuals with significant knowledge and capabilities for malicious activities 6 and revenge. Contract professionals and foreign nationals either brought into the U.S. on work visas to meet labor shortages or from offshore outsourcing projects are also included in this category of knowledgeable insiders. Common Insider Threat Common cases of computer-related employee sabotage include: changing data; deleting data; destroying data or programs with logic bombs; crashing systems; holding data hostage; destroying hardware or facilities; entering data incorrectly, exposing sensitive and embarrassing proprietary data to public view such as the salaries of top executives. Insiders can plant viruses, Trojan horses or worms, browse through file systems or program malicious code with little chance of detection and with almost total impunity. A 1998 FBI Survey 7 investigating computer crime found that of the 520 companies consulted, 64% had reported security breaches for a total quantifiable financial loss of $136 millions. (See chart) The survey also found that the largest number of breaches were by unauthorized insider access and concluded that these figures were very conservative as most companies were unaware of malicious activities or reluctant to report breaches for fear of negative press. The survey reported that the average cost of an attack by an outsider (hacker) at $56,000, while the average insider attack cost a company excess $2.7 million. It found that hidden costs associated with the loss in staff hours, legal liability, loss of proprietary information, decrease in productivity and the potential loss of credibility were impossible to quantify accurately. Employees who have caused damage have used their knowledge and access to information resources for a range of motives, including greed, revenge for perceived grievances, ego gratification, resolution of personal or professional problems, to protect or advance their careers, to challenge their skill, express anger, impress others, or some combination of these concerns. Insider Characteristics The majority of the insiders were former employees. At the time of the incident, 59% of the insiders were former employees or contractors of the affected organizations and 41% were current employees or contractors. The former employees or contractors left their positions for a variety of reasons. These included the insiders being fired (48%), resigning (38%), and being laid off (7%). Most insiders were either previously or currently employed full-time in a technical position within the organization. Most of the insiders (77%) were full-time employees of the affected organizations, either before or during the incidents. Eight percent of the insiders worked part-time, and an additional 8% had been hired as contractors or consultants. Two (4%) of the insiders worked as temporary employees, and one (2%) was hired as a subcontractor. Eighty-six percent of the insiders were employed in technical positions, which included system administrators (38%), programmers (21%), engineers (14%), and IT specialists (14%). Of the insiders not holding technical positions, 10% were employed in a professional position, which included, among others, insiders employed as editors, managers, and auditors. An additional two insiders (4%) worked in service positions, both of whom worked as customer service representatives. Insiders were demographically varied with regard to age, racial and ethnic background, gender, and marital status. The insiders ranged in age from 17 to 60 years (mean age = 32 years)17 and represented a variety of racial and ethnic backgrounds. Ninety-six percent of the insiders were male. Forty-nine percent of the insiders were married at the time of the incident, while 45% were single, having never married, and 4% were divorced. Just under one-third of the insiders had an arrest history. Thirty percent of the insiders had been arrested previously, including arrests for violent offenses (18%), alcohol or drug related offenses (11%), and nonfinancial/ fraud related theft offenses (11%). Organization Characteristics The incidents affected organizations in the following critical infrastructure sectors: Banking and finance (8%) Continuity of government (16%) Defense industrial base (2%) Food (4%) Information and telecommunications (63%) Postal and shipping (2%) Public health (4%) In all, 82% of the affected organizations were in private industry, while 16% were government entities. Sixty-three percent of the organizations engaged in domestic activity only, 2% engaged in international activity only, and 35% engaged in activity both domestically and internationally. What motivate insiders? Internal attackers attempt to break into computer networks for many reasons. The subject has been fruitfully studied and internal attackers are used to be motivated with the following reasons [BSB03]: Challenge Many internal attackers initially attempt to break into networks for the challenge. A challenge combines strategic and tactical thinking, patience, and mental strength. However, internal attackers motivated by the challenge of breaking into networks often do not often think about their actions as criminal. For example, an internal attack can be the challenge to break into the mail server in order to get access to different emails of any employee. Revenge Internal attackers motivated by revenge have often ill feelings toward employees of the same company. These attackers can be particularly dangerous, because they generally focus on a single target, and they generally have patience. In the case of revenge, attackers can also be former employees that feel that they have been wrongfully fired. For example, a former employee may be motivated to launch an attack to the company in order to cause financial losses. Espionage Internal attackers motivated by espionage, steal confidential information for a third party. In general, two types of espionage exists: Industrial espionage Industrial espionage means that a company may pay its own employees in order to break into the networks of its competitors or business partners. The company may also hire someone else to do this. International espionage International espionage means that attackers work for governments and steal confidential information for other governments. Definitions of insider threat 1) The definition of insider threat should encompass two main threat actor categories and five general categories of activities. The first actor category, the â€Å"true insider,† is defined as any entity (person, system, or code) authorized by command and control elements to access network, system, or data. The second actor category, the â€Å"pseudo-insider,† is someone who, by policy, is not authorized the accesses, roles, and/or permissions they currently have but may have gotten them inadvertently or through malicious activities. The activities of both fall into five general categories: Exceeds given network, system or data permissions; Conducts malicious activity against or across the network, system or data; Provided unapproved access to the network, system or data; Circumvents security controls or exploits security weaknesses to exceed authorized permitted activity or disguise identify; or Non-maliciously or unintentionally damages resources (network, system or data) by destruction, corruption, denial of access, or disclosure. (Presented at the University of Louisville Cyber Securitys Day, October 2006) 2) Insiders — employees, contractors, consultants, and vendors — pose as great a threat to an organization’s security posture as outsiders, including hackers. Few organizations have implemented the policies, procedures, tools, or strategies to effectively address their insider threats. An insider threat assessment is a recommended first step for many organizations, followed by policy review, and employee awareness training. (Insider Threat Management Presented by infoLock Technologies) 3) Employees are an organization’s most important asset. Unfortunately, they also present the greatest security risks. Working and communicating remotely, storing sensitive data on portable devices such as laptops, PDAs, thumb drives, and even iPods employees have extended the security perimeter beyond safe limits. While convenient access to data is required for operational efficiency, the actions of trusted insiders not just employees, but consultants, contactors, vendors, and partners must be actively managed, audited, and monitored in order to protect sensitive data. (Presented by infoLock Technologies) 4) The diversity of cyber threat has grown over time from network-level attacks and password cracking to include newer classes such as insider attacks, email worms and social engineering, which are currently recognized as serious security problems. However, attack modeling and threat analysis tools have not evolved at the same rate. Known formal models such as attack graphs perform action-centric vulnerability modeling and analysis. All possible atomic user actions are represented as states, and sequences which lead to the violation of a specie safety property are extracted to indicate possible exploits. (Ramkumar Chinchani, Anusha Iyer, Hung Ngo, Shambhu Upadhyaya) 5) The Insider Threat Study, conducted by the U.S. Secret Service and Carnegie Mellon University’s Software Engineering Institute CERT Program, analyzed insider cyber crimes across U.S. critical infrastructure sectors. The study indicates that management decisions related to organizational and employee performance sometimes yield unintended consequences magnifying risk of insider attack. Lack of tools for understanding insider threat, analyzing risk mitigation alternatives, and communicating results exacerbates the problem. (Dawn M. Cappelli, Akash G. Desai) 6) The insider threat or insider problem is cited as the most serious security problem in many studies. It is also considered the most difficult problem to deal with, because an insider has information and capabilities not known to other, external attackers. But the studies rarely define what the insider threat is, or define it nebulously. The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? (Matt Bishop 2005) Five common insider threat Exploiting information via remote access software A considerable amount of insider abuse is performed offsite via remote access software such as Terminal Services, Citrix and GoToMyPC. Simply put, users are less likely to be caught stealing sensitive information when they can it do offsite. Also, inadequately protected remote computers may turn up in the hands of a third-party if the computer is left unattended, lost or stolen. 2.) Sending out information via e-mail and instant messaging Sensitive information can simply be included in or attached to an e-mail or IM. Although this is a serious threat, its also one of the easiest to eliminate. 3.) Sharing sensitive files on P2P networks Whether or not you allow peer-to-peer file sharing software such as Kazaa or IM on your network, odds are its there and waiting to be abused. The inanimate software in and of itself is not the problem – its how its used that causes trouble. All it takes is a simple misconfiguration to serve up your networks local and network drives to the world. 4.) Careless use of wireless networks Perhaps the most unintentional insider threat is that of insecure wireless network usage. Whether its at a coffee shop, airport or hotel, unsecured airwaves can easily put sensitive information in jeopardy. All it takes is a peek into e-mail communications or file transfers for valuable data to be stolen. Wi-Fi networks are most susceptible to these attacks, but dont overlook Bluetooth on smartphones and PDAs. Also, if you have WLANs inside your organization, employees could use it to exploit the network after hours. 5.) Posting information to discussion boards and blogs Quite often users post support requests, blogs or other work-related messages on the Internet. Whether intentional or not, this can include sensitive information and file attachments that put your organization at risk. Views of different authors about insider threat 1) Although insiders in this report tended to be former technical employees, there is no demographic â€Å"profile† of a malicious insider. Ages of perpetrators ranged from late teens to retirement. Both men and women were malicious insiders. Their positions included programmers, graphic artists, system and network administrators, managers, and executives. They were currently employed and recently terminated employees, contractors, and temporary employees. As such, security awareness training needs to encourage employees to identify malicious insiders by behavior, not by stereotypical characteristics. For example, behaviors that should be a source of concern include making threats against the organization, bragging about the damage one could do to the organization, or discussing plans to work against the organization. Also of concern are attempts to gain other employees’ passwords and to fraudulently obtain access through trickery or exploitation of a trusted relationsh ip. Insiders can be stopped, but stopping them is a complex problem. Insider attacks can only be prevented through a layered defense strategy consisting of policies, procedures, and technical controls. Therefore, management must pay close attention to many aspects of its organization, including its business policies and procedures, organizational culture, and technical environment. Organizations must look beyond information technology to the organization’s overall business processes and the interplay between those processes and the technologies used. (Michelle Keeney, J.D., Ph.D. atal 2005) 2) While attacks on computers by outside intruders are more publicized, attacks perpetrated by insiders are very common and often more damaging. Insiders represent the greatest threat to computer security because they understand their organizations business and how their computer systems work. They have both the confidentiality and access to perform these attacks. An inside attacker will have a higher probability of successfully breaking into the system and extracting critical information. The insiders also represent the greatest challenge to securing the company network because they are authorized a level of access to the file system and granted a degree of trust. (Nam Nguyen and Peter Reiher, Geoffrey H. Kuenning) 3) Geographically distributed information systems achieve high availability that is crucial to their usefulness by replicating their state. Providing instant access at time of need regardless of current network connectivity requires the state to be replicated in every geographical site so that it is locally available. As network environments become increasingly hostile, we have to assume that part of the distributed information system will be compromised at some point. The problem of maintaining a replicated state in such a system is magnified when insider (or Byzantine) attacks are taken into account. (Yair Amir Cristina Nita-Rotaru) 4) In 2006, over 60% of information security breaches were attributable to insider behavior, yet more than 80% of corporate IT security budgets were spent on securing perimeter defenses against outside attack. Protecting against insider threats means managing policy, process, technology, and most importantly, people. Protecting against insider threats means managing policy, process, technology, and most importantly, people.The Insider Threat Assessment security awareness training, infrastructure reconfiguration, or third party solutions, you can take comfort in knowing that you have made the right choice to improve your security posture, and you will achieve your expected Return on Security Investment. (Presented by infoLock Technologies) 5) The threat of attack from insiders is real and substantial. The 2004 ECrime Watch Survey TM conducted by the United States Secret Service, CERT  ® Coordination Center (CERT/CC), and CSO Magazine, 1 found that in cases where respondents could identify the perpetrator of an electronic crime, 29 percent were committed by insiders. The impact from insider attacks can be devastating. One complex case of financial fraud committed by an insider in a financial institution resulted in losses of over $600 million. 2 Another case involving a logic bomb written by a technical employee working for a defense contractor resulted in $10 million in losses and the layoff of 80 employees. (Dawn Cappelli, Andrew Moore, Timothy Shimeall,2005) 6) Insiders, by virtue of legitimate access to their organizations’ information, systems, and networks, pose a significant risk to employers. Employees experiencing financial problems have found it easy to use the systems they use at work everyday to commit fraud. Other employees, motivated by financial problems, greed, or the wish to impress a new employer, have stolen confidential data, proprietary information, or intellectual property from their employer. Lastly, technical employees, possibly the most dangerous because of their intimate knowledge of an organization’s vulnerabilities, have used their technical ability to sabotage their employer’s system or network in revenge for some negative work-related event. (Dawn M. Cappelli, Akash G. Desai ,at al 2004) 7) The insider problem is considered the most difficult and critical problem in computer security. But studies that survey the seriousness of the problem, and research that analyzes the problem, rarely define the problem precisely. Implicit definitions vary in meaning. Different definitions imply different countermeasures, as well as different assumptions. (Matt Bishop 2005) Solution: User monitoring Insiders have two things that external attackers don’t: privileged access and trust. This allows them to bypass preventative measures, access mission-critical assets, and conduct malicious acts all while flying under the radar unless a strong incident detection solution is in place. A number of variables motivate insiders, but the end result is that they can more easily perpetrate their crimes than an outsider who has limited access. Insiders can directly damage your business resulting in lost revenue, lost customers, reduced shareholder faith, a tarnished reputation, regulatory fines and legal fees. With such an expansive threat, organizations need an automated solution to help detect and analyze Malicious Insider Activity These are some points which could be helpful in monitoring and minimizing the insider threats: Detecting insider activity starts with an expanded log and event collection. Firewalls, routers and intrusion detection systems are important, but they are not enough. Organizations need to look deeper to include mission critical applications such as email applications, databases, operating systems, mainframes, access control solutions, physical security systems as well as identity and content management products. Correlation: identifying known types of suspicious and malicious behavior Anomaly detection: recognizing deviations from norms and baselines. Pattern discovery: uncovering seemingly unrelated events that show a pattern of suspicious activity From case management, event annotation and escalation to reporting, auditing and access to insider-relevant information, the technical solution must be in line with the organization’s procedures. This will ensure that insiders are addressed consistently, efficiently and effectively regardless of who they are. Identify suspicious user activity patterns and identify anomalies. Visually track and create business-level reports on user’s activity. Automatically escalate the threat levels of suspicious and malicious individuals. Respond according to your specific and unique corporate governing guidelines. Early detection of insider activity based on early warning indicators of suspicious behavior, such as: Stale or terminated accounts Excessive file printing, unusual printing times and keywords printed Traffic to suspicious destinations Unauthorized peripheral device access Bypassing security controls Attempts to alter or delete system logs Installation of malicious software The Insider Threat Study? The global acceptance, business adoption and growth of the Internet, and of Internetworking technologies in general, in response to customer requests for online access to business information systems, has ushered in an extraordinary expansion of electronic business transactions. In moving from internal (closed) business systems to open systems, the risk of malicious attacks and fraudulent activity has increased enormously, thereby requiring high levels of information security. Prior to the requirement for online, open access, the information security budget of a typical company was less then their tea and coffee expenses. Securing cyberspace has become a national priority. In The National Strategy to Secure Cyberspace, the President’s Critical Infrastructure Protection Board identified several critical infrastructure sectors10: banking and finance information and telecommunications transportation postal and shipping emergency services continuity of government public health Universities chemical industry, textile industry and hazardous materials agriculture defense industrial base The cases examined in the Insider Threat Study are incidents perpetrated by insiders (current or former employees or contractors) who intentionally exceeded or misused an authorized level of network, system, or data access in a manner that affected the security of the organizations’ data, systems, or daily business operations. Incidents included any compromise, manipulation of, unauthorized access to, exceeding authorized access to, tampering with, or disabling of any information system, network, or data. The cases examined also included any in which there was an unauthorized or illegal attempt to view, disclose, retrieve, delete, change, or add information. A completely secure, zero risk system is one which has zero functionality. Latest technology high-performance automated systems bring with them new risks in the shape of new attacks, new viruses and new software bugs, etc. IT Security, therefore, is an ongoing process. Proper risk management keeps the IT Security plans, policies and procedures up to date as per new requirements and changes in the computing environment. To implement controls to counter risks requires policies, and policy can only be implemented successfully if the top management is committed. And policy’s effective implementation is not possible without the training and awareness of staff. The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical role of financial institutions for a country and the extreme sensitivity of their information assets, the seriousness of IT Security and the ever-increasing threats it faces in today’s open world cannot be overstated. As more and more of our Banking Operations and products services become technology driven and dependent, consequently our reliance on these technology assets increases, and so does the need to protect and safeguard these resources to ensure smooth functioning of the financial industry. Here are different area in which we can work and check insider threat, but I chose textile industry as in textile industry there is less awareness of the insider threat. If an insider attack in an industry then industrialist try to cover up this news as these types of news about an industry can damage the reputation of the industry. Chapter 2 Review of Literature S, Axelsson. ,(2000) Anonymous 2001 Continuity of operations and correct functioning of information systems is important to most businesses. Threats to computerised information and process are threats to business quality and effectiveness. The objective of IT security is to put measures in place which eliminate or reduce significant threats to an acceptable level. Security and risk management are tightly coupled with quality management. Security measures should be implemented based on risk analysis and in harmony with Quality structures, processes and checklists. What needs to be protected, against whom and how? Security is the protection of information, systems and services against disasters, mistakes and manipulation so that the likelihood and impact of security incidents is minimised. IT security is comprised of: Confidentiality: Sensitive business objects (information processes) are disclosed only to authorised persons. ==> Controls are required to restrict access to objects. Integrity: The business need to control modification to objects (information and processes). ==> Controls are required to ensure objects are accurate and complete. Availability: The need to have business objects (information and services) available when needed. ==> Controls are required to ensure reliability of services. Legal Compliance: Information/data that is collected, processed, used, passed on or destroyed must be handled in line with current legislation of the relevant countries. A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage. Stoneburner et al (2002) In this paper the author described a the risks which are Types of Security Threats and Protection Against Them Types of Security Threats and Protection Against Them Introduction While attacks on computers by outside intruders are more publicized, attacks perpetrated by insiders are very common and often more damaging. Insiders represent the greatest threat to computer security because they understand their organizations business and how their computer systems work. They have both the confidentiality and access to perform these attacks. An inside attacker will have a higher probability of successfully breaking into the system and extracting critical information. The insiders also represent the greatest challenge to securing the company network because they are authorized a level of access to the file system and granted a degree of trust. A system administrator angered by his diminished role in a thriving defense manufacturing firm whose computer network he alone had developed and managed, centralized the software that supported the company’s manufacturing processes on a single server, and then intimidated a coworker into giving him the only backup tapes for that software. Following the system administrator’s termination for inappropriate and abusive treatment of his coworkers, a logic bomb previously planted by the insider detonated, deleting the only remaining copy of the critical software from the company’s server. The company estimated the cost of damage in excess of $10 million, which led to the layoff of some 80 employees. An application developer, who lost his IT sector job as a result of company downsizing, expressed his displeasure at being laid off just prior to the Christmas holidays by launching a systematic attack on his former employer’s computer network. Three weeks following his termination, the insider used the username and password of one of his former coworkers to gain remote access to the network and modify several of the company’s web pages, changing text and inserting pornographic images. He also sent each of the company’s customers an email message advising that the website had been hacked. Each email message also contained that customer’s usernames and passwords for the website. An investigation was initiated, but it failed to identify the insider as the perpetrator. A month and a half later, he again remotely accessed the network, executed a script to reset all network passwords and changed 4,000 pricing records to reflect bogus information. This former employee ultimately was identified as the perpetrator and prosecuted. He was sentenced to serve five months in prison and two years on supervised probation, and ordered to pay $48,600 restitution to his former employer. A city government employee who was passed over for promotion to finance director retaliated by deleting files from his and a coworker’s computers the day before the new finance director took office. An investigation identified the disgruntled employee as the perpetrator of the incident. City government officials disagreed with the primary police detective on the case as to whether all of the deleted files were recovered. No criminal charges were filed, and, under an agreement with city officials, the employee was allowed to resign. These incidents of sabotage were all committed by â€Å"insiders:† individuals who were, or previously had been, authorized to use the information systems they eventually employed to perpetrate harm. Insiders pose a substantial threat by virtue of their knowledge of, and access to, employer systems and/or databases. Keeney, M., et al (2005) The Nature of Security Threats The greatest threat to computer systems and information comes from humans, through actions that are either malicious or ignorant 3 . Attackers, trying to do harm, exploit vulnerabilities in a system or security policy employing various methods and tools to achieve their aims. Attackers usually have a motive to disrupt normal business operations or to steal information. The above diagram is depicts the types of security threats that exist. The diagram depicts the all threats to the computer systems but main emphasis will be on malicious â€Å"insiders†. The greatest threat of attacks against computer systems are from â€Å"insiders† who know the codes and security measures that are in place 45. With very specific objectives, an insider attack can affect all components of security. As employees with legitimate access to systems, they are familiar with an organization’s computer systems and applications. They are likely to know what actions cause the most damage and how to get away with it undetected. Considered members of the family, they are often above suspicion and the last to be considered when systems malfunction or fail. Disgruntled employees create mischief and sabotage against systems. Organizational downsizing in both public and private sectors has created a group of individuals with significant knowledge and capabilities for malicious activities 6 and revenge. Contract professionals and foreign nationals either brought into the U.S. on work visas to meet labor shortages or from offshore outsourcing projects are also included in this category of knowledgeable insiders. Common Insider Threat Common cases of computer-related employee sabotage include: changing data; deleting data; destroying data or programs with logic bombs; crashing systems; holding data hostage; destroying hardware or facilities; entering data incorrectly, exposing sensitive and embarrassing proprietary data to public view such as the salaries of top executives. Insiders can plant viruses, Trojan horses or worms, browse through file systems or program malicious code with little chance of detection and with almost total impunity. A 1998 FBI Survey 7 investigating computer crime found that of the 520 companies consulted, 64% had reported security breaches for a total quantifiable financial loss of $136 millions. (See chart) The survey also found that the largest number of breaches were by unauthorized insider access and concluded that these figures were very conservative as most companies were unaware of malicious activities or reluctant to report breaches for fear of negative press. The survey reported that the average cost of an attack by an outsider (hacker) at $56,000, while the average insider attack cost a company excess $2.7 million. It found that hidden costs associated with the loss in staff hours, legal liability, loss of proprietary information, decrease in productivity and the potential loss of credibility were impossible to quantify accurately. Employees who have caused damage have used their knowledge and access to information resources for a range of motives, including greed, revenge for perceived grievances, ego gratification, resolution of personal or professional problems, to protect or advance their careers, to challenge their skill, express anger, impress others, or some combination of these concerns. Insider Characteristics The majority of the insiders were former employees. At the time of the incident, 59% of the insiders were former employees or contractors of the affected organizations and 41% were current employees or contractors. The former employees or contractors left their positions for a variety of reasons. These included the insiders being fired (48%), resigning (38%), and being laid off (7%). Most insiders were either previously or currently employed full-time in a technical position within the organization. Most of the insiders (77%) were full-time employees of the affected organizations, either before or during the incidents. Eight percent of the insiders worked part-time, and an additional 8% had been hired as contractors or consultants. Two (4%) of the insiders worked as temporary employees, and one (2%) was hired as a subcontractor. Eighty-six percent of the insiders were employed in technical positions, which included system administrators (38%), programmers (21%), engineers (14%), and IT specialists (14%). Of the insiders not holding technical positions, 10% were employed in a professional position, which included, among others, insiders employed as editors, managers, and auditors. An additional two insiders (4%) worked in service positions, both of whom worked as customer service representatives. Insiders were demographically varied with regard to age, racial and ethnic background, gender, and marital status. The insiders ranged in age from 17 to 60 years (mean age = 32 years)17 and represented a variety of racial and ethnic backgrounds. Ninety-six percent of the insiders were male. Forty-nine percent of the insiders were married at the time of the incident, while 45% were single, having never married, and 4% were divorced. Just under one-third of the insiders had an arrest history. Thirty percent of the insiders had been arrested previously, including arrests for violent offenses (18%), alcohol or drug related offenses (11%), and nonfinancial/ fraud related theft offenses (11%). Organization Characteristics The incidents affected organizations in the following critical infrastructure sectors: Banking and finance (8%) Continuity of government (16%) Defense industrial base (2%) Food (4%) Information and telecommunications (63%) Postal and shipping (2%) Public health (4%) In all, 82% of the affected organizations were in private industry, while 16% were government entities. Sixty-three percent of the organizations engaged in domestic activity only, 2% engaged in international activity only, and 35% engaged in activity both domestically and internationally. What motivate insiders? Internal attackers attempt to break into computer networks for many reasons. The subject has been fruitfully studied and internal attackers are used to be motivated with the following reasons [BSB03]: Challenge Many internal attackers initially attempt to break into networks for the challenge. A challenge combines strategic and tactical thinking, patience, and mental strength. However, internal attackers motivated by the challenge of breaking into networks often do not often think about their actions as criminal. For example, an internal attack can be the challenge to break into the mail server in order to get access to different emails of any employee. Revenge Internal attackers motivated by revenge have often ill feelings toward employees of the same company. These attackers can be particularly dangerous, because they generally focus on a single target, and they generally have patience. In the case of revenge, attackers can also be former employees that feel that they have been wrongfully fired. For example, a former employee may be motivated to launch an attack to the company in order to cause financial losses. Espionage Internal attackers motivated by espionage, steal confidential information for a third party. In general, two types of espionage exists: Industrial espionage Industrial espionage means that a company may pay its own employees in order to break into the networks of its competitors or business partners. The company may also hire someone else to do this. International espionage International espionage means that attackers work for governments and steal confidential information for other governments. Definitions of insider threat 1) The definition of insider threat should encompass two main threat actor categories and five general categories of activities. The first actor category, the â€Å"true insider,† is defined as any entity (person, system, or code) authorized by command and control elements to access network, system, or data. The second actor category, the â€Å"pseudo-insider,† is someone who, by policy, is not authorized the accesses, roles, and/or permissions they currently have but may have gotten them inadvertently or through malicious activities. The activities of both fall into five general categories: Exceeds given network, system or data permissions; Conducts malicious activity against or across the network, system or data; Provided unapproved access to the network, system or data; Circumvents security controls or exploits security weaknesses to exceed authorized permitted activity or disguise identify; or Non-maliciously or unintentionally damages resources (network, system or data) by destruction, corruption, denial of access, or disclosure. (Presented at the University of Louisville Cyber Securitys Day, October 2006) 2) Insiders — employees, contractors, consultants, and vendors — pose as great a threat to an organization’s security posture as outsiders, including hackers. Few organizations have implemented the policies, procedures, tools, or strategies to effectively address their insider threats. An insider threat assessment is a recommended first step for many organizations, followed by policy review, and employee awareness training. (Insider Threat Management Presented by infoLock Technologies) 3) Employees are an organization’s most important asset. Unfortunately, they also present the greatest security risks. Working and communicating remotely, storing sensitive data on portable devices such as laptops, PDAs, thumb drives, and even iPods employees have extended the security perimeter beyond safe limits. While convenient access to data is required for operational efficiency, the actions of trusted insiders not just employees, but consultants, contactors, vendors, and partners must be actively managed, audited, and monitored in order to protect sensitive data. (Presented by infoLock Technologies) 4) The diversity of cyber threat has grown over time from network-level attacks and password cracking to include newer classes such as insider attacks, email worms and social engineering, which are currently recognized as serious security problems. However, attack modeling and threat analysis tools have not evolved at the same rate. Known formal models such as attack graphs perform action-centric vulnerability modeling and analysis. All possible atomic user actions are represented as states, and sequences which lead to the violation of a specie safety property are extracted to indicate possible exploits. (Ramkumar Chinchani, Anusha Iyer, Hung Ngo, Shambhu Upadhyaya) 5) The Insider Threat Study, conducted by the U.S. Secret Service and Carnegie Mellon University’s Software Engineering Institute CERT Program, analyzed insider cyber crimes across U.S. critical infrastructure sectors. The study indicates that management decisions related to organizational and employee performance sometimes yield unintended consequences magnifying risk of insider attack. Lack of tools for understanding insider threat, analyzing risk mitigation alternatives, and communicating results exacerbates the problem. (Dawn M. Cappelli, Akash G. Desai) 6) The insider threat or insider problem is cited as the most serious security problem in many studies. It is also considered the most difficult problem to deal with, because an insider has information and capabilities not known to other, external attackers. But the studies rarely define what the insider threat is, or define it nebulously. The difficulty in handling the insider threat is reasonable under those circumstances; if one cannot define a problem precisely, how can one approach a solution, let alone know when the problem is solved? (Matt Bishop 2005) Five common insider threat Exploiting information via remote access software A considerable amount of insider abuse is performed offsite via remote access software such as Terminal Services, Citrix and GoToMyPC. Simply put, users are less likely to be caught stealing sensitive information when they can it do offsite. Also, inadequately protected remote computers may turn up in the hands of a third-party if the computer is left unattended, lost or stolen. 2.) Sending out information via e-mail and instant messaging Sensitive information can simply be included in or attached to an e-mail or IM. Although this is a serious threat, its also one of the easiest to eliminate. 3.) Sharing sensitive files on P2P networks Whether or not you allow peer-to-peer file sharing software such as Kazaa or IM on your network, odds are its there and waiting to be abused. The inanimate software in and of itself is not the problem – its how its used that causes trouble. All it takes is a simple misconfiguration to serve up your networks local and network drives to the world. 4.) Careless use of wireless networks Perhaps the most unintentional insider threat is that of insecure wireless network usage. Whether its at a coffee shop, airport or hotel, unsecured airwaves can easily put sensitive information in jeopardy. All it takes is a peek into e-mail communications or file transfers for valuable data to be stolen. Wi-Fi networks are most susceptible to these attacks, but dont overlook Bluetooth on smartphones and PDAs. Also, if you have WLANs inside your organization, employees could use it to exploit the network after hours. 5.) Posting information to discussion boards and blogs Quite often users post support requests, blogs or other work-related messages on the Internet. Whether intentional or not, this can include sensitive information and file attachments that put your organization at risk. Views of different authors about insider threat 1) Although insiders in this report tended to be former technical employees, there is no demographic â€Å"profile† of a malicious insider. Ages of perpetrators ranged from late teens to retirement. Both men and women were malicious insiders. Their positions included programmers, graphic artists, system and network administrators, managers, and executives. They were currently employed and recently terminated employees, contractors, and temporary employees. As such, security awareness training needs to encourage employees to identify malicious insiders by behavior, not by stereotypical characteristics. For example, behaviors that should be a source of concern include making threats against the organization, bragging about the damage one could do to the organization, or discussing plans to work against the organization. Also of concern are attempts to gain other employees’ passwords and to fraudulently obtain access through trickery or exploitation of a trusted relationsh ip. Insiders can be stopped, but stopping them is a complex problem. Insider attacks can only be prevented through a layered defense strategy consisting of policies, procedures, and technical controls. Therefore, management must pay close attention to many aspects of its organization, including its business policies and procedures, organizational culture, and technical environment. Organizations must look beyond information technology to the organization’s overall business processes and the interplay between those processes and the technologies used. (Michelle Keeney, J.D., Ph.D. atal 2005) 2) While attacks on computers by outside intruders are more publicized, attacks perpetrated by insiders are very common and often more damaging. Insiders represent the greatest threat to computer security because they understand their organizations business and how their computer systems work. They have both the confidentiality and access to perform these attacks. An inside attacker will have a higher probability of successfully breaking into the system and extracting critical information. The insiders also represent the greatest challenge to securing the company network because they are authorized a level of access to the file system and granted a degree of trust. (Nam Nguyen and Peter Reiher, Geoffrey H. Kuenning) 3) Geographically distributed information systems achieve high availability that is crucial to their usefulness by replicating their state. Providing instant access at time of need regardless of current network connectivity requires the state to be replicated in every geographical site so that it is locally available. As network environments become increasingly hostile, we have to assume that part of the distributed information system will be compromised at some point. The problem of maintaining a replicated state in such a system is magnified when insider (or Byzantine) attacks are taken into account. (Yair Amir Cristina Nita-Rotaru) 4) In 2006, over 60% of information security breaches were attributable to insider behavior, yet more than 80% of corporate IT security budgets were spent on securing perimeter defenses against outside attack. Protecting against insider threats means managing policy, process, technology, and most importantly, people. Protecting against insider threats means managing policy, process, technology, and most importantly, people.The Insider Threat Assessment security awareness training, infrastructure reconfiguration, or third party solutions, you can take comfort in knowing that you have made the right choice to improve your security posture, and you will achieve your expected Return on Security Investment. (Presented by infoLock Technologies) 5) The threat of attack from insiders is real and substantial. The 2004 ECrime Watch Survey TM conducted by the United States Secret Service, CERT  ® Coordination Center (CERT/CC), and CSO Magazine, 1 found that in cases where respondents could identify the perpetrator of an electronic crime, 29 percent were committed by insiders. The impact from insider attacks can be devastating. One complex case of financial fraud committed by an insider in a financial institution resulted in losses of over $600 million. 2 Another case involving a logic bomb written by a technical employee working for a defense contractor resulted in $10 million in losses and the layoff of 80 employees. (Dawn Cappelli, Andrew Moore, Timothy Shimeall,2005) 6) Insiders, by virtue of legitimate access to their organizations’ information, systems, and networks, pose a significant risk to employers. Employees experiencing financial problems have found it easy to use the systems they use at work everyday to commit fraud. Other employees, motivated by financial problems, greed, or the wish to impress a new employer, have stolen confidential data, proprietary information, or intellectual property from their employer. Lastly, technical employees, possibly the most dangerous because of their intimate knowledge of an organization’s vulnerabilities, have used their technical ability to sabotage their employer’s system or network in revenge for some negative work-related event. (Dawn M. Cappelli, Akash G. Desai ,at al 2004) 7) The insider problem is considered the most difficult and critical problem in computer security. But studies that survey the seriousness of the problem, and research that analyzes the problem, rarely define the problem precisely. Implicit definitions vary in meaning. Different definitions imply different countermeasures, as well as different assumptions. (Matt Bishop 2005) Solution: User monitoring Insiders have two things that external attackers don’t: privileged access and trust. This allows them to bypass preventative measures, access mission-critical assets, and conduct malicious acts all while flying under the radar unless a strong incident detection solution is in place. A number of variables motivate insiders, but the end result is that they can more easily perpetrate their crimes than an outsider who has limited access. Insiders can directly damage your business resulting in lost revenue, lost customers, reduced shareholder faith, a tarnished reputation, regulatory fines and legal fees. With such an expansive threat, organizations need an automated solution to help detect and analyze Malicious Insider Activity These are some points which could be helpful in monitoring and minimizing the insider threats: Detecting insider activity starts with an expanded log and event collection. Firewalls, routers and intrusion detection systems are important, but they are not enough. Organizations need to look deeper to include mission critical applications such as email applications, databases, operating systems, mainframes, access control solutions, physical security systems as well as identity and content management products. Correlation: identifying known types of suspicious and malicious behavior Anomaly detection: recognizing deviations from norms and baselines. Pattern discovery: uncovering seemingly unrelated events that show a pattern of suspicious activity From case management, event annotation and escalation to reporting, auditing and access to insider-relevant information, the technical solution must be in line with the organization’s procedures. This will ensure that insiders are addressed consistently, efficiently and effectively regardless of who they are. Identify suspicious user activity patterns and identify anomalies. Visually track and create business-level reports on user’s activity. Automatically escalate the threat levels of suspicious and malicious individuals. Respond according to your specific and unique corporate governing guidelines. Early detection of insider activity based on early warning indicators of suspicious behavior, such as: Stale or terminated accounts Excessive file printing, unusual printing times and keywords printed Traffic to suspicious destinations Unauthorized peripheral device access Bypassing security controls Attempts to alter or delete system logs Installation of malicious software The Insider Threat Study? The global acceptance, business adoption and growth of the Internet, and of Internetworking technologies in general, in response to customer requests for online access to business information systems, has ushered in an extraordinary expansion of electronic business transactions. In moving from internal (closed) business systems to open systems, the risk of malicious attacks and fraudulent activity has increased enormously, thereby requiring high levels of information security. Prior to the requirement for online, open access, the information security budget of a typical company was less then their tea and coffee expenses. Securing cyberspace has become a national priority. In The National Strategy to Secure Cyberspace, the President’s Critical Infrastructure Protection Board identified several critical infrastructure sectors10: banking and finance information and telecommunications transportation postal and shipping emergency services continuity of government public health Universities chemical industry, textile industry and hazardous materials agriculture defense industrial base The cases examined in the Insider Threat Study are incidents perpetrated by insiders (current or former employees or contractors) who intentionally exceeded or misused an authorized level of network, system, or data access in a manner that affected the security of the organizations’ data, systems, or daily business operations. Incidents included any compromise, manipulation of, unauthorized access to, exceeding authorized access to, tampering with, or disabling of any information system, network, or data. The cases examined also included any in which there was an unauthorized or illegal attempt to view, disclose, retrieve, delete, change, or add information. A completely secure, zero risk system is one which has zero functionality. Latest technology high-performance automated systems bring with them new risks in the shape of new attacks, new viruses and new software bugs, etc. IT Security, therefore, is an ongoing process. Proper risk management keeps the IT Security plans, policies and procedures up to date as per new requirements and changes in the computing environment. To implement controls to counter risks requires policies, and policy can only be implemented successfully if the top management is committed. And policy’s effective implementation is not possible without the training and awareness of staff. The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical role of financial institutions for a country and the extreme sensitivity of their information assets, the seriousness of IT Security and the ever-increasing threats it faces in today’s open world cannot be overstated. As more and more of our Banking Operations and products services become technology driven and dependent, consequently our reliance on these technology assets increases, and so does the need to protect and safeguard these resources to ensure smooth functioning of the financial industry. Here are different area in which we can work and check insider threat, but I chose textile industry as in textile industry there is less awareness of the insider threat. If an insider attack in an industry then industrialist try to cover up this news as these types of news about an industry can damage the reputation of the industry. Chapter 2 Review of Literature S, Axelsson. ,(2000) Anonymous 2001 Continuity of operations and correct functioning of information systems is important to most businesses. Threats to computerised information and process are threats to business quality and effectiveness. The objective of IT security is to put measures in place which eliminate or reduce significant threats to an acceptable level. Security and risk management are tightly coupled with quality management. Security measures should be implemented based on risk analysis and in harmony with Quality structures, processes and checklists. What needs to be protected, against whom and how? Security is the protection of information, systems and services against disasters, mistakes and manipulation so that the likelihood and impact of security incidents is minimised. IT security is comprised of: Confidentiality: Sensitive business objects (information processes) are disclosed only to authorised persons. ==> Controls are required to restrict access to objects. Integrity: The business need to control modification to objects (information and processes). ==> Controls are required to ensure objects are accurate and complete. Availability: The need to have business objects (information and services) available when needed. ==> Controls are required to ensure reliability of services. Legal Compliance: Information/data that is collected, processed, used, passed on or destroyed must be handled in line with current legislation of the relevant countries. A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage. Stoneburner et al (2002) In this paper the author described a the risks which are