The Key to Your Future is an MBA Degree 2019

Do you feel that you are being held back in your career, even though you know more, perform better and are constantly innovative in your approach to getting things done at your company? Are there other people who are passing you by who dont seem as proficient at their jobs as you are? Maybe what you lack is something that company executives hold in great esteem A Master of Business Degree. Tuck School of Business, part of Dartmouth College, conferred the first MBA Degree in 1900. Since then the degree has come to represent a high degree of skill level for successful candidates who are sought after for high level company positions, and wooed by every type of company around the world. MBA programs expose students to a variety of subjects, including economics, organizational behavior, marketing, accounting, finance, strategy, operations management, international business, information technology management and government policy. .u80b7605cd8fddb3f436d9c80a561158f { padding:0px; margin: 0; padding-top:1em!important; padding-bottom:1em!important; width:100%; display: block; font-weight:bold; background-color:#eaeaea; border:0!important; border-left:4px solid #34495E!important; box-shadow: 0 1px 2px rgba(0, 0, 0, 0.17); -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.17); -o-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.17); -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.17); text-decoration:none; } .u80b7605cd8fddb3f436d9c80a561158f:active, .u80b7605cd8fddb3f436d9c80a561158f:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; text-decoration:none; } .u80b7605cd8fddb3f436d9c80a561158f { transition: background-color 250ms; webkit-transition: background-color 250ms; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; } .u80b7605cd8fddb3f436d9c80a561158f .ctaText { font-weight:bold; color:inherit; text-decoration:none; font-size: 16px; } .u80b7605cd8fddb3f436d9c80a561158f .post Title { color:#000000; text-decoration: underline!important; font-size: 16px; } .u80b7605cd8fddb3f436d9c80a561158f:hover .postTitle { text-decoration: underline!important; } READ Find Art and Humanities Online Degree ProgramsMany programs allow students to specialize in particular areas, such as organizational behavior, marketing, accounting, finance, operations management, technology management, insurance management, strategy or international business. Business schools and leading media announce on a regular basis the recruitment of MBAs by leading management consulting firms. The constantly evolving global economy dictates that candidates for international positions have an MBA because of the experience garnered during the degree program. There are international MBA programs around the world, and programs that can be accessed online by distance learning or e-learning. One of those is the Open University Business School of the UK, which enrolls worldwide students. The European MBA programs are typically one year shorter than those found in the United States. In the United States, by one estimate, the average cost of earning an MBA through an accredited full-time program (excluding room and board) rose from $124,000 in 1993 to $162,000 in 2017. The bulk of the cost shown is in the form of foregone earnings ($109,000 in 1993 and $124,000) in 2017). This same report shows that when accounting for the decrease in expected unemployment as well as the increase in expected wages and wage growth, the financial benefits to holding an MBA degree are the equivalent of an 18% rate of return on the cost of the degree. .uf610fcc7f412ad47a71f7bba3000a800 { padding:0px; margin: 0; padding-top:1em!important; padding-bottom:1em!important; width:100%; display: block; font-weight:bold; background-color:#eaeaea; border:0!important; border-left:4px solid #34495E!important; box-shadow: 0 1px 2px rgba(0, 0, 0, 0.17); -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.17); -o-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.17); -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.17); text-decoration:none; } .uf610fcc7f412ad47a71f7bba3000a800:active, .uf610fcc7f412ad47a71f7bba3000a800:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; text-decoration:none; } .uf610fcc7f412ad47a71f7bba3000a800 { transition: background-color 250ms; webkit-transition: background-color 250ms; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; } .uf610fcc7f412ad47a71f7bba3000a800 .ctaText { font-weight:bold; color:inherit; text-decoration:none; font-size: 16px; } .uf610fcc7f412ad47a71f7bba3000a800 .post Title { color:#000000; text-decoration: underline!important; font-size: 16px; } .uf610fcc7f412ad47a71f7bba3000a800:hover .postTitle { text-decoration: underline!important; } READ Colleges and Universities in Alberta, Canada Pursuing Online and Campus-based Education in Alberta, CanadaFurther statistics demonstrate that a starting salary for an MBA degree holder with no corporate experience is $75,000. And the salary of a jobholder who ventures out to obtain an MBA degree will increase 50%-100% when the degree program is complete. Those statistics alone show the importance of a Master of Business Administration Degree, and its place in securing your financial future. Perhaps it is time for you to consider taking the first step to finding the perfect MBA program for you. It could be you sitting in the Executive Boardroom. Related ArticlesAn Executive MBA Is The Leadership DegreeBusiness Administration Careers You Should ConsiderGetting Started With a Career in BusinessStudents of Business AdministrationAdvanced Degrees in Health CareSoftware for Human Resources Information Management

Comparing Elder Care Between The West And The East

Abstract: As the aging population is increasing in the world very rapidly it is interesting to examine how different countries and cultures treat as well as take care of their vulnerable citizens. This essay will make an attempt to look at the differences in elder care between the west and the east. A test of people is how it behaves toward the old. It is easy to love children. Even tyrants and dictators make a point of being fond of children. However, the affection and care for the old, the incurable, the helpless are the true gold mines of a culture. ― Abraham Joshua Heschel It is the intention of this paper to compare how elders are being treated both socially and economically in the west as opposed to the eastern part of the world.†¦show more content†¦In eastern societies, traditional families tend to take care of their elders by giving them personal care at home. Eastern cultures like China still adhere to traditions lie filial piety, which gives family units their highest priority and values elders with the utmost respect. Today even that seems to be on a downward trend as China s rapid industrialization is driving young families to the cities to work while the older family members tend to stay back in rural areas. Jared Diamond, a well-known expert on aging and elder care in the United States notes the following: Cultural values that emphasize respect for the elderly contrast with the lower status of the elderly in the U.S. Older Americans are at a significant disadvantage in job applications. They also face tremendous disadvantages in hospitals. Our hospitals have an explicit policy called age-based allocation of healthcare resources . Even though developed countries like the United States have well-defined laws protecting their elderly. It is also common knowledge that senior citizens are in fact mistreated financially and socially. Assisted living facilities are an expensive affair and in many cases the elderly are confined to institutions that match with their financial situations which in turn leads to inconsistent forms of care. A recent study COMPARATIVE STUDY OF ELDER CARE BETWEEN THE EAST AND THE WEST 3 published by MetLife Mature Market Institute estimates

Sterling Marking Products Case Study Free Essays

I recommend that Sterling should consider a fully owned subsidiary as an entry mode into the U. K. market. We will write a custom essay sample on Sterling Marking Products Case Study or any similar topic only for you Order Now However, we need to ensure U. K. laws permits 100 percent ownership and understand tax incentives applicability. In addition, as an organization we would need to internally develop a strategic road map in terms of our approach to international markets. The objective of the roadmap is to provide Sterling with some guidance and a broad approach to how we conduct business on a global scale, considering recent interest in our product from firms in other countries and possibility of pursuing those opportunities. As an organization, this is much needed to prevent some of the issues we experienced domestically while establishing our branches in Toronto and Windsor, as well as our recent challenges in the U. S. market with Julius Blumberg Inc. My recommendation for a fully owned subsidiary in the U. K. is based on the following: In Europe, U. K. is the only European country where seals are legally required for corporations, and the most populous country in that region (exhibit 1), this continues to make U. K.  the most attractive market in Europe for sales, regardless of whether seals might no longer be required in the future. Also, establishing a presence in the U. K. will place Sterling in a position to easily penetrate other European market for future expansion. Based on a qualitative cost benefit analysis (exhibit 2), a wholly owned subsidiary provides the most advantage to Sterling. Although this requires the most capital and management commitment, the benefits it offers offsets such costs including full profitability as opposed to a shared profit in case of a joint venture (exhibit 3). Also, in terms of the goals, strategy, resources and organizational structure of Sterling, a subsidiary best enables the firm to reach its objectives (exhibit 4). Options open to Sterling with a subsidiary is either to purchase a U. K. seal producer (Jordan) or build a branch as a Greenfield project. Buying out a local producer will allow a speedy market entry and access to local workers. This will also give Sterling access to current customers of the local seal producer. For this reasons, a â€Å"buy-out’’ subsidiary will be preferred over building a new branch. The U.S. market is also one that is in need of a ‘turn around’ in terms of sales and profitability. Once our seven-month contract with Julius Blumberg Inc. is completed, I will suggest we change our method of entry into the U. S. Market. Our trial with Bloomberg sales force shows that a direct sales approach dramatically increases sales in this market, therefore we should continue to export and invest in a sales and distribution team locally in the U. S. to drive sales. This will also allow us to penetrate the market faster and minimize any additional capital cost. In terms of interest shown in our product by other countries, I will suggest we research into sales opportunities in Japan for the reasons that Japan has a high population and number of lawyers compared to most of the other countries, geographically Japan also allows us to establish a hub in Asia so that we can establish a footprint in this region. However, deciding on a method of entry into this market will require gathering special information and understanding the Japan market. This research will need to be done prior to deciding a similar method of entry as was suggested for the U. K. market. How to cite Sterling Marking Products Case Study, Free Case study samples

Music in the Roaring Twenties free essay sample

The sass known as the Roaring Twenties were a time of great change, economic growth, mass production, arbitration (farmers moved to larger industrial cities), cars, telephone, radio, record players and prohibition. It was a period of a new freedom for women. It was for Americans and western Europeans, a break period from the first world, a time for happiness and peace. Finally the Wall Street Crash of 1929, ended this period as the Great economic depression set In worldwide. The Roaring Twenties were the first golden age of the American music and often known as The Jazz Age. This movement in which Jazz music grew in popularity, also influenced other parts of the world. However prior to the Jazz, dance was to dominate all forms of music. America export Music to the world When the American dancer Josephine Baker vaulted Berlin In 1 925, at the time when Francis Scott Fitzgerald published the Great Gatsby in the US, she performed at the Theater Des Western and found it dazzling. We will write a custom essay sample on Music in the Roaring Twenties or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page The city had a jewel-like sparkle, she said, the vast cafes reminded me of ocean liners powered by the rhythms of their orchestras. There was music everywhere. Eager to look ahead after the crushing defeat of world war l. The music played In Berlin, Amsterdam, London, or Pans, mostly originated from small towns in America. Orleans of music In the roaring twenties Following World War l, around 500,000 African Americans in search of better employment opportunities moved to the northern part of the United States.They left their home towns of New Orleans, (Louisianan or Saint Louis (Missouri Kansas City (Missouri) With them. They brought their culture to the North In places Like Chicago Illinois), Detroit (Michigan), Cincinnati (Ohio), Pittsburgh (Pennsylvania), and York City (NY) which became the place for the Harlem Renaissance During this period of time, the works of African Americans in fields such as writing and music escalated. Styles of music Including Dixieland and blues became popular as well. Throughout the 1 sass many people took an interest in music and in dance.They owned pianos, trumpets, saxophones, drums, bass, guitars, clarinets, trombones and played sheet music, listened to records and visited theatres, and dance clubs. With the help of audio broadcasting, new artists become famous all over the united States and for some around the world. FIFO Dance clubs became enormously popular in the sass. Dance music came to dominate all forms of popular music by the late sass. Classical pieces, operettas, folk music, etc. Were all transformed into dance music in order to please young people much as the disco phenomena would later do in the late sass.For example, many of the songs from the 1929 Technically musical operetta The Rogue Song (starring the Metropolitan Opera star Lawrence Tibet) were rearranged and leased as dance music and became popular club hits in 1929. Dance clubs across the U. S. Sponsored dance contests, where dancers invented, tried, and competed with new moves. Professionals began to perform in tap dance and other dances across the United States. With the advent of talking pictures (sound film) musicals became the main attraction. Film studios flooded the box office with new musical films, many of which were filmed in Technically en of the most popular of these musicals, Gold Diggers of Broadway became the most known film of the decade. Harlem played a key role in the development of dance styles. With several entertainment venues, people from all walks of life, all races, and all classes came together. The Cotton Club featured black performers and catered to a white clientele, while the Savoy Ballroom catered to a mostly black clientele.Popular dances Musicians The most popular dances throughout the decade were the: foxtrot, waltz, and American tango. From the early sass, however, a variety of eccentric novelty dances were developed. The first of these were the Breakaway and Charleston. Both were eased on African-American musical styles and beats, including the widely popular blues. The Charleston dance became popular after appearing along with the song, The Charleston, by James P. Johnson in the Broadway musical Running Wild in 1923.Although the origins of the dance are obscure, the dance has been traced back to blacks who lived on an island off the coast of Charleston, South Carolina (which is why the dance is called Charleston). A brief Black Bottom dance, originating from the Apollo Theatre in Harlem (NY), swept dance halls from 1926 to 1927, replacing he Charleston in popularity. By 1927, the Lindy Hop, a dance based on Breakaway and Charleston and integrating elements of tap, became the dominant social dance. Developed in the Savoy Ballroom, it was set to stride piano ragtime Jazz. The Lindy Hop would later evolve into Swing dance.These dances, nonetheless, were danced by small groups of people. The majority of people continued to dance the foxtrot, waltz, and tango. On the singing side, top singers were Nick Lucas, Scrappy Lambert, Frank Menu, Lewis James , Gene Austin, Frankly Barr, Johnny Marvin, and Ruth Tenting. Leading orchestra leaders included Bob Haring, Harry Horologic, Louis Eastman, Leo Irishman, Victor Arden, Phil Oman, George Olsen, Ted Lewis, Abe Lyman, Ben Kelvin, All that Jazz in the sasss However, despite all these trends and forms of music, the most known would remain the Jazz.Jazz is a musical style that originated at the beginning of the 20th century in black communities in the Southern United States. It was born out of a mix of African and European music traditions. One name, one of the most famous Jazz musicians of all time, is worth mentioning. Louis Daniel Armstrong (1901 1971), from New Orleans, Louisiana, displayed his amazing talents as a trumpeter, cornet player, and singer during the Jazz Age. He studied and played with a famed cornet player named Joseph King Oliver Oliver (1885 1938).In 1925, Catches, (his nickname) who had learned to play cornet at the age of twelve, started The Hot Fives. The band would later gain two more musicians and was appropriately renamed The Hot Sevens. He did not restrict his talents to Just music, however. He also starred in films such as Pennies from Heaven. He continued working in the last three years of his life, most of which was spent in hospitals. He died at home on July 6, 1971. Some of the many artists of that time also included Duke Longtime (1899 1974), Joseph King Oliver Oliver (1885 1938), Bessie smith (1894? 1937), Benny Goodman (1909 1986), and Ma Rained. Conclusion: The Roaring Twenties: a golden age for American Music and dance The Roaring Twenties period has long been considered a golden era of American society; the standard of living was rising, morality was being re-defined, innovation and business was soaring, and the general public perceived that times were good. It as been considered also as a golden age for the music and entertainment industry such as dance, theatre and film industry.

Principles of Marketing Essays - Marketing, Business Economics

Principles of Marketing Dr. Pavone Andrew Lett October 20th, 2017 Chapter 11: Product mix breadth is the products being sold by a brand or company, that can include multiple items in various product lines. Smaller retailers have smaller breadth than the larger retailers. Product mix breadth would be the variety of products in a product line which is various different types of products. Chapter 12: The knowledge gap is the difference between the consumer's expectations and the company's view of the expectations. Businesses can understand consumer expectations and determine service quality. The standards gap is the difference between the company's view of consumer's expectations and the service standards it sets. Companies can set service standards and measure service performance. The delivery gap is the difference between the company's service standards and the service it provides to it's consumers. This gap can be closed by employees meeting or exceeding service standards in result of being given incentives. The communication gap is the difference between the service provided to consumers and the service that the company's promotion program promises. If companies are more realistic about the services they can provide, they usually can close this gap. Chapter 13: C ost , because you cannot begin to price an item until you figure the cost. C ustomers , because are the judge of how good the pricing is. C hannels of distribution, because if you use a "middle man" to sell your product you have to make the margin large enough. C ompetition , because you have to be careful with competing on price. C ompatibility, because the price must work with every other factor involved.

Ginkogo Biloba essays

Ginkogo Biloba essays Ginkgo Biloba is versatile herb that can be used to treat many conditions. Ginkgo Biloba shows to be very promising to people with Alzheimers disease. The disease that affects the brain by the degeneration of nerve endings. Numerous studies have shown benefits of using ginkgo biloba extract to improve the mental sharpness of geriatric patients. For example, W.V. Weitbrecht and W. Jansen, of Nuremberg, Germany, conducted a double-blind study involving 40 patients, ages 60 to 80, who had been diagnosed with primary degenerative dementia(Weitbrecht 91). During the 3-month study, one group of 20 received either Ginkgo biloba extract(120 mg/day), while the other 20 was given a placebo(Weitbrech 91). The researchers reported that those receiving the ginkgo extract were more alert, scored higher on psychometric tests and had a more positive outlook than the controls(Weitbrech 92). The ginkgo biloba extract group experienced a significant improvement, compared with no gain for the placebo group. At the Whittington Hospital in London, researchers examined the benefits of ginkgo biloba extract on the 31 patients over the age of 50 with signs of memory impairment, reported Donald J. Brown, N.D., in the May 1992 issue of Lets Live(Brown 62). In the double-blind study, half the volunteers were given 40 milligrams of ginkgo biloba extract three times daily, while the other half remained on a placebo(Brown 62). Psychometric tests were evaluated at the beginning of the study and after 12 and 24 weeks of treatments(Brown 62). The results were encouraging, Dr. Brown said: The patients who received ginkgo biloba extract showed significantly superior improvement compared to those given a placebo. Besides demonstrating that the ginkgo extract has a beneficial effect on mild to moderate memory loss of organic origin, the study revealed that electroencephalogram measurements in the ginkgo biloba extract ...

An HMO-Based Prospective Pilot Study of Energy Medicine for Chronic Research Paper

An HMO-Based Prospective Pilot Study of Energy Medicine for Chronic Headaches - Research Paper Example The title of the research is appropriate because it provides an understanding of the reported research study. The title includes the research design (HMO-Based Prospective Pilot Study), concept studies (Energy Medicine for Chronic Headaches), and research problem (Whole-Person Outcomes Point and need for New Instrumentation). The inclusion of these elements creates the interest to read the research (Burns and Grove, 2007). Quality of the AbstractThe abstract is also of good quality because it clearly distinguishes the major and most important elements of the research including purpose, design, sample (13 patients), intervention (energy healing treatment), primary results, and implications for clinical practice and future research.Problem of the StudyThe problem of the study is clearly indicated. Background of the problem is stated by suggesting that approximately 50 million people in America are enduring chronic pain, and approximately 45% of the total population seeks medical attent ion for pain in their lives. Only 40% of the patients with moderate f\to severe pain report relief. The significance of the problem is also provided – that the success of treatment for chronic pain is significant for clinic management.The purpose of the study is also provided clearly and concisely. The authors state that the purpose of the study is to determine the success of using energy healing treatment in clinic therapy for patients with chronic pain. In fact, the purpose states clearly where the study will be carried out - KPNW Pain Clinic.

Analysis of POLITICAL CARTOONS Essay Example | Topics and Well Written Essays - 500 words

Analysis of POLITICAL CARTOONS - Essay Example t, Steve Breen, I realize that he has presented a very weighty issue of wage hike in contemporary societies, and the mechanisms that are either set in motion in its anticipation or brought about by its occurrence. The stable man withstanding the weight of an equally bulky man on top portrays small businesses in the economy of nations that more often than not, bear the weight of the pay hikes which despite their minimal status, bear huge weight on the small businesses. Despite the massive burden of the pay hike, the small businesses are seen to be resilient and persevere to sustain themselves and the weight altogether. The cartoon also displays some unethical practices occasioned by the introduction of the hike. Physically, the cartoon, shows the bulky individual-the weight- mercilessly down treading on rather clean and well pressed shirt of the man bearing the weight, introducing dirty marks on the shirt. Moreover, upon reaching the top, the carried man steps right in the nose of the one below, thereby suffocating him. Furthermore, the carried individual mercilessly strikes the eye of the one below and by that blinding him. In trying to decode this last range of observations, these acts could indicate the confusion that come with such issues of pay hike. The dirtying, blinding and the suffocation in the process of bearing the weight is suggestive of the corrupt practices and all other forms of unethical practices that the small businesses suffer from. The level of grooming of the man on the top is also suggestive of a golfer; a game conventionally associated with the wealthy. This can only suggest that those who go about corrupting the systems to their advantage are by majority, the wealthy. Comparably, the cartoon text seems to compute with more impact than the plainly written text about the same issue. This is because the visual impact of a cartoon is more enhanced than that of the written text. It is also agreeable that the use of different colors at

U.S. intellectual history since 1877 Essay Example | Topics and Well Written Essays - 1250 words

U.S. intellectual history since 1877 - Essay Example Reinhold Niebuhr suggests there is a persistent flaw in modern American thought that underestimates the power of evil and predatory self-interest. In this way he finds that American liberalism is limited. Dr. Martin Luther King and Allen Ginsburg show how American liberal and progressive thought was challenged, renewed, and expanded as understood through the insights of Reinhold Niebuhr. Yet Malcolm X was almost defeated by the human flaws of which Niebuhr writes, and the writers of the Port Huron Declaration went too far in accepting methods of the children of the darkness as explained by Niebuhr. In his Letter from a Birmingham Jail which he wrote April 16, 1963, Dr. Martin Luther King rooted his thoughts to a tradition of philosophers and theologians, including Niebuhr. King expressed how difficult it was to get privileged groups to change. He wrote, â€Å". . . as Reinhold Niebuhr has reminded us, groups tend to be more immoral than individuals.†Niebuhr felt that liberalis m essentially lied to itself. Dr. King could see this. Bourgeoisie society, in the south had advanced because of those lies. Niebuhr identifies the ugly powers of self-interest as pulling the chords of individuals outside any real beliefs in community. The morality that the racist South put forward was a cynical one. It was one that could not stand true from the way it dealt with black people. But the point is that this was not merely a feature of the South. As long as the segregation policies existed it was also a feature of the entire country. Hence, from Niebuhr's view, democracy did not have any adequate cultural base. It had one that was built on a house of hate. This is why Dr. King's letter was important. Building on a principle of progressive liberalism in action, King's letter extended the cultural base of the country with some honest truths. One of these truths reflects the human flaw that Niebuhr saw in man. In this letter Dr. King noted this as the inner conflict of man. He explained that he had been disappointed with his Christian and Jewish brothers. He pointed out how they allowed a "negative peace" to exist in the absence of justice. In a way this is similar to Niebuhr's thought of 'the children of light' who, in this case, were somehow led to believe that the progress of black people, according to Southern standards, was okay. Drawing further from Niebuhr, it is possible to say that Southern racism reflected an order that was cynical on the top, and laid upon Niebuhr's "perils of chaos". Dr. King pointed to this chaos. He pointed to it in the white church and its leadership. He made some exceptions. But what stood out were the members of the white religious establishment that opposed the civil rights movement Dr. King led. Dr. King was actually forging the cultural revolution that exemplified an expression of Niebuhr's ideas. It was a revolution that pursued unity while expressing a freedom and participation of formally denied people into a sy stem of democracy. In the active outplay of the Civil Rights Movement, Dr. King led black and white forces to demonstrate how it was possible for America to reflect a real culture of community. That was what King sought and what, while he was living, did. Dr. King stood as the leader who influenced thought and action. There is also a way in which an artist, who has freed his or herself from the limiting confines of human prejudice and self-interest, may also illustrate some of the themes of Niebuhr. Allen Ginsberg is one of these artists. Allen Ginsberg was one of the main poets during the beat generation. He was also a public homosexual during the 1950s when homosexuality was illegal. Ginsberg was at the extreme end of the poets in that he criticized a lot about American society that Niebuhr criticized. Niebuhr, being a Christian, would probably not accept Ginsberg extreme view of homosexuality. But maybe he could have. The important thing is that Ginsberg in his poetry, especially 'Howl', attempted to turn America upside down and look into her. In order to do this all the

Security Incident Handling Service

Security Incident Handling Service EXECUTIVE SUMMARY 1 INTRODUCTION Expect the unexpected. As soon as a crisis erupts, it should be immediately handled to reduce its potential impact on critical business operations. Such undesirable incidents occur unanticipated and when they do take place, damage or harm is the result. In most aspects of life, it is better to stop something disastrous happening than it is to deal with it after it has happened and IT security is no exception. If possible, security incidents should be dealt accordingly from occurring in the first place. Yet, it is unachievable to prevent security incidents. When an incident does happen, its impact needs to be brought down to adequate recommended level. Security incident handling outlines the actions to follow in an event that an electronic information system is compromised. An event is declared an incident when the confidentiality, integrity or availability (CIA) elements of a system is compromised. Significant commodities such as information and knowledge must be safeguarded at all c osts. Communications within an organization and its interactions to its customer base are regarded as the life blood in this IT intensive fast paced world. If an organization is inoperative for any period of time, it may cost millions in lost business or loss of reputation. Size of an organization does not matter. Unexpected downtime influences organizations of all sizes impacting revenue, customer satisfaction and overall production. It is vital that they quickly recover from such downtime and restore operation and re-establish their presence to ensure survival. Consequently, many firms have realized the importance of setting up incident handling procedures. One of the drawbacks is that many organizations learn how to respond to security incidents only after suffering from them. In the course of time, incidents often become much more costly. Proper incident response should be an integral part of the overall security policy and risk mitigation strategy. Incident handling procedures that are in place in an organization improves to maintain the business continuity of critical operations. In todays competitive economy, a company cant afford to cease critical business operations and remain idle for long period of time because of lack of incident handing procedures. Thus, an organization needs to be well prepared for continuity or recovery of systems. This typically requires a considerable investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event. The goal of setting up incident handling procedures is to know exactly what to do when an incident breaks out. This means anticipating scenarios before they occur and making appropriate decisions about them in advance. Those assessments typically demand consultation and senior management support, hence these people are needed early immediately after an incident has been confirmed. For example, just deciding who to tell when an incident occurs can be hard to determine. Manageme nt needs to provide input to respond quickly and this embarks into issues like after hours support and mixed project/support roles. External support may also be sought, resulting in additional cost, time and effort to select partners. 1.1 PURPOSE OF THE DOCUMENT This document provides guidance to identify and record the nature and scope of a computer security incident handling service. This paper discusses the functions that support the service, how those functions interrelate and the tools, procedures and roles necessary to implement the service. It also concentrates on incident analysis. For example, we can make a comparison between a fire that broke off in an apartment and a computer security incident that happened in an organization. Similarly as a fire department will investigate a fire to know where it originated from, a Computer Security Incident Response Team (CSIRT) tries to figure out how the security incident occurred. Both the fire department and CSIRT operate in the same approach. A fire department needs to get along with other fire departments on it can depend on for additional support in peak times or to tackle a serious catastrophe. It must cooperate with other emergency units to react promptly and provide law enforcement. Th is document will discuss how CSIRTs interact with other organizations, such as the department that reported the security incident to it, other CSIRTs, law enforcement and the media. Both fire department and CSIRT need to properly handle information, some of which is sensitive and relevant to the individual held responsible for the crime. Information handling is considered to be an indispensable discussion subject in this paper. CSIRTs propose client confidentiality in the same manner that many emergency units do, safeguarding reporters and victims from public disclosure. CSIRT survival depends on handling confidential information appropriately, because if it cant be trusted, nobody will report to it, thus making it almost useless. CSIRTs have committed permanent staff as well as part-time, volunteer staff and reliable security experts to handle an unexpected security emergency. Its staff is at the frontline in event of a crisis, CSIRT achievement depends on their interaction with th e outside world and the image that they project by the way of performing their duties and the service quality that they provide. To attain such high level of success, recruiting suitably competent staff seems to be a complicated process. People in charge of appointing CSIRT staff mistakenly look for unsuitable set of talent and ability in prospective employees. For that reason, this paper discusses staffing and hiring concerns and actions to guarantee that CSIRT staff offer reliable, pleasant and specialized service. Other services besides the incident handling service, such as the supply of intrusion detection assistance and vulnerability handling are also provided by CSIRT. The information in this paper is understandable in such a manner that is basic to the reader to put it into operation to any type of CSIRT setting, from in-house team for a company to an international coordination center. This document is intended to present a valuable foundation to both recently created teams and existing teams where there is a lack of clearly defined or documented services, policies and procedures. This paper is more appropriate to use during the early stages when a company has acquired management support and funding to set up a CSIRT, before the team becomes operational. Moreover, this paper can be still a valuable reference document for already operational teams. 1.2 INTENDED AUDIENCE The general CSIRT community who may require a better knowledge of the composition and objectives of their existing teams will benefit from this document. It also targets individuals and organizations who are likely to join the CSIRT community in the near future. It is precisely aimed at managers and other personnel who take part in the process of setting up and leading a CSIRT or managing incident crisis. The list may include Chief Information Officers, Chief Security Officers and Information Systems SecurityOfficers Project leaders and members in charge of creating the team CSIRT managers CSIRT staff IT managers [1] Higher management levels and all CSIRT staff can use this paper as a useful reference. This document can also be utilized by other individuals who work together with CSIRTs. This may include members of the CSIRT constituency law enforcement community systems and network administrator community CSIRT parent organization or other departments within the parent organization such as legal, media or public relations, human resources, audits and risk management investigations and crisis management [2] 2 MAIN CONTENT Definition of Security Incident The Information Security Management Handbook defines an incident as any unexpected action that has an immediate or potential effect on the organization [3]. Whenever the safety and stability of an information system is compromised, such instance can be referred to as a security incident. There are several different definitions of security incidents; one is A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices [4], another definition describes the security incident as any event that may threaten or compromise the security, operation or integrity of computing resources [5]. In other words, a security incident is a state of violation of security policy in an organization and the security of their information system. Security incident refers to a common term that encompasses any type of security breach regardless of location, the level of the threat or the magnitude of it. The commonly known factors of security incidents are events and actions that expose one or more basic elements of information security: confidentiality, integrity and availability (CIA) of information systems. An incident can be caused by authorized or unauthorized personnel, process, hardware or software. It can be an accident as well as a planned malicious action. Handling security incidents In the course of a crisis, time runs short in terms of about what to do, who will do it or how it will get done, therefore it is vital to arrange for a response in advance. The better prepared you are for an incident, the more likely you are to respond correctly. Proper set-up of an incident handling procedure can help to lessen impact of undesirable incidents. The objective of such procedure in place is to provide a framework for an orderly, coordinated response by appropriate resources within the organization. It is in a companys own benefit that it establishes a Computer Security Response Capability, a process that provides centralized response and reporting functions for security incidents. According to (Computer Security Incident Handling Guide, National Institute of Standards and Technology, March 2008), establishing an incident response capability should include the following actions: Creating an incident response policy plan Developing procedures for performing incident handling and reporting, based on the incident response policy Setting guidelines for communicating with outside parties regarding incidents Selecting a team structure and staffing model Establishing relationships between the incident response team and other groups, Determining what services the incident response team should provide Staffing and training the incident response team The â€Å"Cyberthreat Response and Reporting Guidelines† report, jointly approved by the FBI and US Secret Service recommends that the better equipped a company is in the event of a security event, the better probability it has to reduce the impact of the crisis. This recommendation is actually one of the chief responsibilities of a CSIRT, to be well organized to successfully cope with an incident when they happen and to help prevent incidents from occurring in the first place. As a starting point, the team should have a strategy plan for incident handling. This plan should be supported with documented policies and procedures. According to (State of the Practice of Computer Security Incident Response Teams, October 2003), the incident response plan identifies the mission and goals of the team, the team roles and responsibilities; the services provided; and policies, procedures, processes, and guidelines related to incident handling. The incident response plan is not only inten ded for CSIRT employees, but also for community that they serve. From that viewpoint, both parties should be proficient about what to report, how to report it and to whom it should be reported. The plan should also describe the expected level of service that is reasonable. Staff who is accustomed with computer security incidents recognize the fact that these incidents vary in shape and size. Some are quite uncomplicated, easy to cope with and mitigate while other are extremely severe and very complicated or can have harsh impact on IT systems and necessitate proper authority to respond to effectively. In the event of a crisis, adhering to the plan in place will facilitate the organization to promptly isolate disruption cropping up on IT systems or networks as well as to assist to counteract to such events. It may alleviate potential risk such as loss of company reputation, trust or financial status. For existing CSIRTs who dont have a robust plan, they can still manage with some bas ic guidelines. They can make use of their current incident handling procedures as a guideline, in the meantime they can revise their existing documentation. They can rely on those basic guidelines namely the plan to handle incidents, areas of responsibility, general and specific procedures. Other typical guidelines can include an incident response checklist as well as procedures for what type of activity to report and how that information should be reported. A company needs to take into consideration several factors prior to planning an incident response capability. They include introducing a point of contact for reporting incidents pinpointing the aims and objectives of the team distinguishing and selecting the staff and necessary expertise offering direction for reporting and handling incident reports allocating proper security awareness and incident response training for CSIRT staff launching and promoting specific incident handling and security policies and procedures for the CSIRT exposing lessons learned with other colleagues designing a benchmark to monitor the effectiveness of the CSIRT devising strategy to allow coordination between the CSIRT and internal and external parties Organizations or the team typically approve policies and record them. It is crucial to know what these policies consist of and to ensure that they are properly implementable, enforceable in the workplace. Like the mission statement, senior management approves and enforces policies. The policies need to be openly expressed and well understood by each team member, technical, management or administrative. It will be a difficult task for the staff to appropriately execute and carry out their duties without a clear understanding of the policy. In order to write a clear policy, it is best to avoid excessive jargon. Whenever possible, consult someone who is not in security or IT to examine the policies. Rephrase the policies if not understood. Use very short sentences. A good policy is a short one. A security policy should be concise, well segregated between the management aspect (the policy) and the operational aspect (the procedures). Moreover, a policy must be both implementable and enfo rceable, or else it doesnt have any purpose. It is easier to implement a policy if it is well designed and relevant to the needs and goals of the CSIRT. Truly effective policies address genuine needs within a business, making the staff willing and even eager to implement them because they make operations smoother and give the business added reliability. Top management should execute appropriate actions or steps to enforce a policy. Policies must be enforceable; otherwise they are of little or no value. Usually when a policy ismplementable, it is normally also enforceable unless it contradicts itself. Concrete measures are needed to assess the usage of the policy. Example: An example of a contradictory policy is the security policy that ranks internal information security as priority number 1 but at the same time ensures absolute privacy for its staff; the latter makes it hard or even impossible to enforce security in case of an insider threat. To successfully develop and implement s ecurity policies, top management needs to be involved in and strongly support the project (Lam, 2005). A proposal with a report of external and internal requirements and a draft assessing budget can easily persuade managers to support the development and implementation of a security project. Having management support and authorization can resolve money and time issues. These managers can allocate the required budget and allow sufficient time for development and implementation. In addition, top management has power to affect processes by requiring employees to participate (Kearns Sabherwal, 2006). How to Implement Security Policies Successfully The implementation phase probably is the hardest phase in the life cycle of developing and maintaining security policies. Many organizations fail in this phase. To effectively and efficiently implementing security policies, teams first need to resolve many issues. Lack of strong management support (Fedor et al., 2003; Lam, 2005), lack of budget (Kearns Sabherwal, 2006; Martin, Pearson, Furumo, 2007), lack of implementation time (Walker Cavanaugh, 1998), lack of strong leadership (Fedor et al., 2003), lack of awareness of benefits of implementing security policies—â€Å"why for† (Hansche, Berti, Hare, 2004)—, or ineffective communication with users (Jackson, Chow, Leitch, 1997; Walker Cavanaugh, 1998) may cause problems. Resolving all of the above issues can help in successfully implementing security policies. Computer Security Incident Response Team (CSIRT) A team is a focal component of incident response plan, policy and procedure creation so that incident response is dealt effectively, efficiently and consistently. The team should cooperate with other teams within the organization towards a central goal which encompasses the plan, policies and procedures. Outside parties such as law enforcement, the media and other incident response organizations can also be contacted. Computer Security Incident Response Team is regarded as the nerve center of an incident response plan. It is normally composed of a team manager, a management advisory board and other permanent and temporary team members. The temporary staff provides advice on technical, business, legal or administrative issues, depending on the nature and scope of the incident. The team assists the organization to identify and document the nature and scope of a computer security incident handling service. The team manager supervises labour of the team members, presents ongoing status i nformation to the Chief Information Officer (CIO) and other senior management and requests assistance on expert advice outside of IT department when needed. This role leader should be accustomed with computer security issues, the function of IT areas and staff, general company operations as well as the duty of other employees in the institution who may serve as resources for the CSIRT. Under challenging situations, the team manager must be able to coordinate teamwork with other staff and to deal properly with circumstances that necessitate discretion or confidentiality. The technical leaders role is to assess the characteristics and severity of an incident, propose recommendations on security control and recovery issues to the team manager and requests on additional technical resources if needed. This role should possess a broad understanding of operational and systems security. Other employees can join the team on a spontaneous basis and remain team members until closure of inciden t. Additional resources may be required to serve areas such as: law enforcement, legal, audit, human resources, public relations, facilities management or IT technical specialties. The table below shows a list of members who should be included in the CSIRT and their roles in the team. Table 1: Team members in IRT Source: table from page 4-2 of Incident Response Procedure for Account Compromise Version 1.2 2004 by Visa International Besides their technical expertise, CSIRT staff distinctive quality is their motivation and talent to stick to procedures and to present a professional image to customers and other parties working together with them. In other works, it is more convenient to appoint staff with less technical expertise and excellent interpersonal and communication skills and subsequently train them in a CSIRT-specific environment than vice versa. Communication of a team member who is a technical expert but has poor communication skills may brutally ruin the teams reputation while interactions that are dealt with competently will assist to improve the teams standing as a valued service provider. Possessing a broad range of interpersonal skills is significant since team members are frequently in contact with each other and other parties such as law enforcement, legal, human resources. T hus, these professional interactions that CSIRT employees adopt will influence the reputation of the team and special concern to an individuals interpersonal skills matters. Some interpersonal skills, required for incident handling staff, are listed below: logical judgment to formulate effective and suitable decisions in time of crisis or under pressure or strict time constraints effective oral and written communication skills for interaction with other parties discretion when dealing with the media aptitude to follow policies and procedures enthusiasm to learn new things challenge to work under pressure teamwork reliability to maintain teams reputation and status readiness to accept ones own mistakes problem solving skills to efficiently handle incidents time management skills for high priority tasks Apart from interpersonal skills, CSIRT staff should possess fundamental understanding of technology and issues on which they base their expertise. The following technical know-how is crucial for CSIRT staff: public data networks (telephone, ISDN, X.25, PBX, ATM, frame relay) the Internet (aspects ranging from architecture and history to future and philosophy) network protocols (IP, ICMP, TCP, UDP) network infrastructure elements (router, DNS, mail server) network applications, services and related protocols (SMTP, HTTP, HTTPS, FTP, TELNET, SSH, IMAP, POP3) basic security principles risks and threats to computers and networks security vulnerabilities/weakness and related attacks (IP spoofing, Internet sniffers, denial of service attacks and computer viruses) network security issues (firewalls and virtual private networks) encryption technologies (TripleDES, AES, IDEA), digital signatures (RSA, DSA, DH), cryptographic hash algorithms (MD5, SHA-1) host system security issues, from both a user and system administration perspective (backups, patches) [6] It is crucial that one division of the team possess a thorough understanding of the full range of technologies and issues used by the team. This contributes to expand and intensify the technical resource and capability of the team and train other team members through education and documentation. It also makes sure that the team can provide a full range of services. Besides an in-depth understanding of the technical skills listed above, the following specialist skills are required: technical skills such as programming, administration of networking components (e.g. routers, switches) and computer systems (UNIX, Linux, Windows, etc) interpersonal skills such as human communication, experience in presenting at conferences or managing a group work organization skills Obviously, a team will be unable to employ individuals who possess all the necessary interpersonal and technical skills. But there are opportunities to address such deficiency in those skills, such as training of staff to develop and retain such skills and support continuous progress. Hiring CSIRT Staff For any staff vacancy, the hiring process to select the most talented applicant is a complicated task. Even a candidate who appears on the surface to possess the right skill set might not be able to work within CSIRT setting. It is true when a crisis has been declared where the candidate may not be able to cope with the situation and inefficiently carry out their duties. Therefore, it is recommended to present the applicant to a hiring process, specifically designed to reveal the applicant strengths and weaknesses. Based upon the findings of the hiring process, the team will make up their mind to train the applicant in the specific skills that the candidate may require or decide not to employ the candidate. Compared to a regular hiring process, additional steps should be included in any CSIRT hiring process and they are: pre-interview document check pre-interview telephone screening interviews that cover topics from technical abilities to interpersonal skills candidate technical presentation reference checks, including criminal records The complete hiring process should be devised to detect potential employees who possess appropriate interpersonal skills and technical skills. Such candidates can undergo further training to acquire more competence. Before calling the applicant for a personal interview, the pre-interview document check and telephone screening determines in the first instance whether the candidate is an ideal match for the selection process. At this stage, more information is gathered about the applicants broad level of interest in computer security and other more specific details on items covered in his or her resume. The telephone screening will give a good impression of the candidates oral communication skills. Before CSIRT staff begin to interview potential candidates, its better to decide in advance what particular issues ranging from technical issues and ethical issues to social skills are most likely to be discussed during the interview process and select which existing staff are most suitable to talk about those issues with the candidate. Thus separate topic areas are covered by each of the various interviewers, saving any duplication of effort. Each interviewer will be in a position to review and consolidate feedback on the issues covered. Another strategy may be carried out where similar topics may be discussed by other team members involved in the interview process to agree on the candidates faculty about a particular topic and identify any weaknesses. To ensure proper recruitment, the applicant should have the opportunity to meet up with CSIRT team members through a lunch meeting or at the candidates technical presentation. A candidate, required to give a technical presentation, offers CSIRT an opportunity to measure other technical and interpersonal skills of the candidate. It also gives an idea how much common sense the candidate has and whether the applicant will be able to cope under stressful situations. Other qualities such as overall presentation skills, an ey e for detail, technical accuracy and ability to answer questions on the fly are also taken into account. After an individual has been appointed, there is also an enormous task to make them adapt to CSIRT. The new staff will need to undergo training for some period of time to get used to the CSIRT working environment as well as specific policies and procedures for the team. Some new recruits may be given access to limited information until relevant certificates or clearances such as government or military clearances are obtained. Staff training is compulsory in order to make the new recruits acquire the necessary skill level to take on their new responsibilities. Secondly, training is necessary to expand existing staff skills for personal career growth and overall team progress. Staff training also helps overall CSIRT skill set updated with emerging technologies and intruder trends. When considering the overall training needs of the team, it is necessary to spot out the overall skill s needed for each individual, as well as the common skill set required for the whole team. Obviously, new staff member should acquire immediate training in any deficient skills to perform effectively quickly. From a general viewpoint, the whole team should be assessed to determine any training that needs more attention to enlarge skill set exposure in the team. At the same time, this assessment focuses on an individuals skill set. Policies and procedures are a necessity and should be enforceable to support initial training of new team member and to guarantee ongoing training as policies and procedures get amended. Besides the interpersonal and technical skills discussed earlier, each team member should be trained in areas specific to the incident handling functions in a normal CSIRT work environment. Training should cover up the following issues: new technical developments CSIRT team policies and procedures incident analysis maintenance of incident records understanding and identifying intruder techniques work load distribution and organizational techniques Initial training is conducted through on-the-job training. Since incident handling profession is different in work nature from other professions, there is no formal educational path for CSIRT staff and limited documentation in the literature. Most printed materi Security Incident Handling Service Security Incident Handling Service EXECUTIVE SUMMARY 1 INTRODUCTION Expect the unexpected. As soon as a crisis erupts, it should be immediately handled to reduce its potential impact on critical business operations. Such undesirable incidents occur unanticipated and when they do take place, damage or harm is the result. In most aspects of life, it is better to stop something disastrous happening than it is to deal with it after it has happened and IT security is no exception. If possible, security incidents should be dealt accordingly from occurring in the first place. Yet, it is unachievable to prevent security incidents. When an incident does happen, its impact needs to be brought down to adequate recommended level. Security incident handling outlines the actions to follow in an event that an electronic information system is compromised. An event is declared an incident when the confidentiality, integrity or availability (CIA) elements of a system is compromised. Significant commodities such as information and knowledge must be safeguarded at all c osts. Communications within an organization and its interactions to its customer base are regarded as the life blood in this IT intensive fast paced world. If an organization is inoperative for any period of time, it may cost millions in lost business or loss of reputation. Size of an organization does not matter. Unexpected downtime influences organizations of all sizes impacting revenue, customer satisfaction and overall production. It is vital that they quickly recover from such downtime and restore operation and re-establish their presence to ensure survival. Consequently, many firms have realized the importance of setting up incident handling procedures. One of the drawbacks is that many organizations learn how to respond to security incidents only after suffering from them. In the course of time, incidents often become much more costly. Proper incident response should be an integral part of the overall security policy and risk mitigation strategy. Incident handling procedures that are in place in an organization improves to maintain the business continuity of critical operations. In todays competitive economy, a company cant afford to cease critical business operations and remain idle for long period of time because of lack of incident handing procedures. Thus, an organization needs to be well prepared for continuity or recovery of systems. This typically requires a considerable investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event. The goal of setting up incident handling procedures is to know exactly what to do when an incident breaks out. This means anticipating scenarios before they occur and making appropriate decisions about them in advance. Those assessments typically demand consultation and senior management support, hence these people are needed early immediately after an incident has been confirmed. For example, just deciding who to tell when an incident occurs can be hard to determine. Manageme nt needs to provide input to respond quickly and this embarks into issues like after hours support and mixed project/support roles. External support may also be sought, resulting in additional cost, time and effort to select partners. 1.1 PURPOSE OF THE DOCUMENT This document provides guidance to identify and record the nature and scope of a computer security incident handling service. This paper discusses the functions that support the service, how those functions interrelate and the tools, procedures and roles necessary to implement the service. It also concentrates on incident analysis. For example, we can make a comparison between a fire that broke off in an apartment and a computer security incident that happened in an organization. Similarly as a fire department will investigate a fire to know where it originated from, a Computer Security Incident Response Team (CSIRT) tries to figure out how the security incident occurred. Both the fire department and CSIRT operate in the same approach. A fire department needs to get along with other fire departments on it can depend on for additional support in peak times or to tackle a serious catastrophe. It must cooperate with other emergency units to react promptly and provide law enforcement. Th is document will discuss how CSIRTs interact with other organizations, such as the department that reported the security incident to it, other CSIRTs, law enforcement and the media. Both fire department and CSIRT need to properly handle information, some of which is sensitive and relevant to the individual held responsible for the crime. Information handling is considered to be an indispensable discussion subject in this paper. CSIRTs propose client confidentiality in the same manner that many emergency units do, safeguarding reporters and victims from public disclosure. CSIRT survival depends on handling confidential information appropriately, because if it cant be trusted, nobody will report to it, thus making it almost useless. CSIRTs have committed permanent staff as well as part-time, volunteer staff and reliable security experts to handle an unexpected security emergency. Its staff is at the frontline in event of a crisis, CSIRT achievement depends on their interaction with th e outside world and the image that they project by the way of performing their duties and the service quality that they provide. To attain such high level of success, recruiting suitably competent staff seems to be a complicated process. People in charge of appointing CSIRT staff mistakenly look for unsuitable set of talent and ability in prospective employees. For that reason, this paper discusses staffing and hiring concerns and actions to guarantee that CSIRT staff offer reliable, pleasant and specialized service. Other services besides the incident handling service, such as the supply of intrusion detection assistance and vulnerability handling are also provided by CSIRT. The information in this paper is understandable in such a manner that is basic to the reader to put it into operation to any type of CSIRT setting, from in-house team for a company to an international coordination center. This document is intended to present a valuable foundation to both recently created teams and existing teams where there is a lack of clearly defined or documented services, policies and procedures. This paper is more appropriate to use during the early stages when a company has acquired management support and funding to set up a CSIRT, before the team becomes operational. Moreover, this paper can be still a valuable reference document for already operational teams. 1.2 INTENDED AUDIENCE The general CSIRT community who may require a better knowledge of the composition and objectives of their existing teams will benefit from this document. It also targets individuals and organizations who are likely to join the CSIRT community in the near future. It is precisely aimed at managers and other personnel who take part in the process of setting up and leading a CSIRT or managing incident crisis. The list may include Chief Information Officers, Chief Security Officers and Information Systems SecurityOfficers Project leaders and members in charge of creating the team CSIRT managers CSIRT staff IT managers [1] Higher management levels and all CSIRT staff can use this paper as a useful reference. This document can also be utilized by other individuals who work together with CSIRTs. This may include members of the CSIRT constituency law enforcement community systems and network administrator community CSIRT parent organization or other departments within the parent organization such as legal, media or public relations, human resources, audits and risk management investigations and crisis management [2] 2 MAIN CONTENT Definition of Security Incident The Information Security Management Handbook defines an incident as any unexpected action that has an immediate or potential effect on the organization [3]. Whenever the safety and stability of an information system is compromised, such instance can be referred to as a security incident. There are several different definitions of security incidents; one is A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices [4], another definition describes the security incident as any event that may threaten or compromise the security, operation or integrity of computing resources [5]. In other words, a security incident is a state of violation of security policy in an organization and the security of their information system. Security incident refers to a common term that encompasses any type of security breach regardless of location, the level of the threat or the magnitude of it. The commonly known factors of security incidents are events and actions that expose one or more basic elements of information security: confidentiality, integrity and availability (CIA) of information systems. An incident can be caused by authorized or unauthorized personnel, process, hardware or software. It can be an accident as well as a planned malicious action. Handling security incidents In the course of a crisis, time runs short in terms of about what to do, who will do it or how it will get done, therefore it is vital to arrange for a response in advance. The better prepared you are for an incident, the more likely you are to respond correctly. Proper set-up of an incident handling procedure can help to lessen impact of undesirable incidents. The objective of such procedure in place is to provide a framework for an orderly, coordinated response by appropriate resources within the organization. It is in a companys own benefit that it establishes a Computer Security Response Capability, a process that provides centralized response and reporting functions for security incidents. According to (Computer Security Incident Handling Guide, National Institute of Standards and Technology, March 2008), establishing an incident response capability should include the following actions: Creating an incident response policy plan Developing procedures for performing incident handling and reporting, based on the incident response policy Setting guidelines for communicating with outside parties regarding incidents Selecting a team structure and staffing model Establishing relationships between the incident response team and other groups, Determining what services the incident response team should provide Staffing and training the incident response team The â€Å"Cyberthreat Response and Reporting Guidelines† report, jointly approved by the FBI and US Secret Service recommends that the better equipped a company is in the event of a security event, the better probability it has to reduce the impact of the crisis. This recommendation is actually one of the chief responsibilities of a CSIRT, to be well organized to successfully cope with an incident when they happen and to help prevent incidents from occurring in the first place. As a starting point, the team should have a strategy plan for incident handling. This plan should be supported with documented policies and procedures. According to (State of the Practice of Computer Security Incident Response Teams, October 2003), the incident response plan identifies the mission and goals of the team, the team roles and responsibilities; the services provided; and policies, procedures, processes, and guidelines related to incident handling. The incident response plan is not only inten ded for CSIRT employees, but also for community that they serve. From that viewpoint, both parties should be proficient about what to report, how to report it and to whom it should be reported. The plan should also describe the expected level of service that is reasonable. Staff who is accustomed with computer security incidents recognize the fact that these incidents vary in shape and size. Some are quite uncomplicated, easy to cope with and mitigate while other are extremely severe and very complicated or can have harsh impact on IT systems and necessitate proper authority to respond to effectively. In the event of a crisis, adhering to the plan in place will facilitate the organization to promptly isolate disruption cropping up on IT systems or networks as well as to assist to counteract to such events. It may alleviate potential risk such as loss of company reputation, trust or financial status. For existing CSIRTs who dont have a robust plan, they can still manage with some bas ic guidelines. They can make use of their current incident handling procedures as a guideline, in the meantime they can revise their existing documentation. They can rely on those basic guidelines namely the plan to handle incidents, areas of responsibility, general and specific procedures. Other typical guidelines can include an incident response checklist as well as procedures for what type of activity to report and how that information should be reported. A company needs to take into consideration several factors prior to planning an incident response capability. They include introducing a point of contact for reporting incidents pinpointing the aims and objectives of the team distinguishing and selecting the staff and necessary expertise offering direction for reporting and handling incident reports allocating proper security awareness and incident response training for CSIRT staff launching and promoting specific incident handling and security policies and procedures for the CSIRT exposing lessons learned with other colleagues designing a benchmark to monitor the effectiveness of the CSIRT devising strategy to allow coordination between the CSIRT and internal and external parties Organizations or the team typically approve policies and record them. It is crucial to know what these policies consist of and to ensure that they are properly implementable, enforceable in the workplace. Like the mission statement, senior management approves and enforces policies. The policies need to be openly expressed and well understood by each team member, technical, management or administrative. It will be a difficult task for the staff to appropriately execute and carry out their duties without a clear understanding of the policy. In order to write a clear policy, it is best to avoid excessive jargon. Whenever possible, consult someone who is not in security or IT to examine the policies. Rephrase the policies if not understood. Use very short sentences. A good policy is a short one. A security policy should be concise, well segregated between the management aspect (the policy) and the operational aspect (the procedures). Moreover, a policy must be both implementable and enfo rceable, or else it doesnt have any purpose. It is easier to implement a policy if it is well designed and relevant to the needs and goals of the CSIRT. Truly effective policies address genuine needs within a business, making the staff willing and even eager to implement them because they make operations smoother and give the business added reliability. Top management should execute appropriate actions or steps to enforce a policy. Policies must be enforceable; otherwise they are of little or no value. Usually when a policy ismplementable, it is normally also enforceable unless it contradicts itself. Concrete measures are needed to assess the usage of the policy. Example: An example of a contradictory policy is the security policy that ranks internal information security as priority number 1 but at the same time ensures absolute privacy for its staff; the latter makes it hard or even impossible to enforce security in case of an insider threat. To successfully develop and implement s ecurity policies, top management needs to be involved in and strongly support the project (Lam, 2005). A proposal with a report of external and internal requirements and a draft assessing budget can easily persuade managers to support the development and implementation of a security project. Having management support and authorization can resolve money and time issues. These managers can allocate the required budget and allow sufficient time for development and implementation. In addition, top management has power to affect processes by requiring employees to participate (Kearns Sabherwal, 2006). How to Implement Security Policies Successfully The implementation phase probably is the hardest phase in the life cycle of developing and maintaining security policies. Many organizations fail in this phase. To effectively and efficiently implementing security policies, teams first need to resolve many issues. Lack of strong management support (Fedor et al., 2003; Lam, 2005), lack of budget (Kearns Sabherwal, 2006; Martin, Pearson, Furumo, 2007), lack of implementation time (Walker Cavanaugh, 1998), lack of strong leadership (Fedor et al., 2003), lack of awareness of benefits of implementing security policies—â€Å"why for† (Hansche, Berti, Hare, 2004)—, or ineffective communication with users (Jackson, Chow, Leitch, 1997; Walker Cavanaugh, 1998) may cause problems. Resolving all of the above issues can help in successfully implementing security policies. Computer Security Incident Response Team (CSIRT) A team is a focal component of incident response plan, policy and procedure creation so that incident response is dealt effectively, efficiently and consistently. The team should cooperate with other teams within the organization towards a central goal which encompasses the plan, policies and procedures. Outside parties such as law enforcement, the media and other incident response organizations can also be contacted. Computer Security Incident Response Team is regarded as the nerve center of an incident response plan. It is normally composed of a team manager, a management advisory board and other permanent and temporary team members. The temporary staff provides advice on technical, business, legal or administrative issues, depending on the nature and scope of the incident. The team assists the organization to identify and document the nature and scope of a computer security incident handling service. The team manager supervises labour of the team members, presents ongoing status i nformation to the Chief Information Officer (CIO) and other senior management and requests assistance on expert advice outside of IT department when needed. This role leader should be accustomed with computer security issues, the function of IT areas and staff, general company operations as well as the duty of other employees in the institution who may serve as resources for the CSIRT. Under challenging situations, the team manager must be able to coordinate teamwork with other staff and to deal properly with circumstances that necessitate discretion or confidentiality. The technical leaders role is to assess the characteristics and severity of an incident, propose recommendations on security control and recovery issues to the team manager and requests on additional technical resources if needed. This role should possess a broad understanding of operational and systems security. Other employees can join the team on a spontaneous basis and remain team members until closure of inciden t. Additional resources may be required to serve areas such as: law enforcement, legal, audit, human resources, public relations, facilities management or IT technical specialties. The table below shows a list of members who should be included in the CSIRT and their roles in the team. Table 1: Team members in IRT Source: table from page 4-2 of Incident Response Procedure for Account Compromise Version 1.2 2004 by Visa International Besides their technical expertise, CSIRT staff distinctive quality is their motivation and talent to stick to procedures and to present a professional image to customers and other parties working together with them. In other works, it is more convenient to appoint staff with less technical expertise and excellent interpersonal and communication skills and subsequently train them in a CSIRT-specific environment than vice versa. Communication of a team member who is a technical expert but has poor communication skills may brutally ruin the teams reputation while interactions that are dealt with competently will assist to improve the teams standing as a valued service provider. Possessing a broad range of interpersonal skills is significant since team members are frequently in contact with each other and other parties such as law enforcement, legal, human resources. T hus, these professional interactions that CSIRT employees adopt will influence the reputation of the team and special concern to an individuals interpersonal skills matters. Some interpersonal skills, required for incident handling staff, are listed below: logical judgment to formulate effective and suitable decisions in time of crisis or under pressure or strict time constraints effective oral and written communication skills for interaction with other parties discretion when dealing with the media aptitude to follow policies and procedures enthusiasm to learn new things challenge to work under pressure teamwork reliability to maintain teams reputation and status readiness to accept ones own mistakes problem solving skills to efficiently handle incidents time management skills for high priority tasks Apart from interpersonal skills, CSIRT staff should possess fundamental understanding of technology and issues on which they base their expertise. The following technical know-how is crucial for CSIRT staff: public data networks (telephone, ISDN, X.25, PBX, ATM, frame relay) the Internet (aspects ranging from architecture and history to future and philosophy) network protocols (IP, ICMP, TCP, UDP) network infrastructure elements (router, DNS, mail server) network applications, services and related protocols (SMTP, HTTP, HTTPS, FTP, TELNET, SSH, IMAP, POP3) basic security principles risks and threats to computers and networks security vulnerabilities/weakness and related attacks (IP spoofing, Internet sniffers, denial of service attacks and computer viruses) network security issues (firewalls and virtual private networks) encryption technologies (TripleDES, AES, IDEA), digital signatures (RSA, DSA, DH), cryptographic hash algorithms (MD5, SHA-1) host system security issues, from both a user and system administration perspective (backups, patches) [6] It is crucial that one division of the team possess a thorough understanding of the full range of technologies and issues used by the team. This contributes to expand and intensify the technical resource and capability of the team and train other team members through education and documentation. It also makes sure that the team can provide a full range of services. Besides an in-depth understanding of the technical skills listed above, the following specialist skills are required: technical skills such as programming, administration of networking components (e.g. routers, switches) and computer systems (UNIX, Linux, Windows, etc) interpersonal skills such as human communication, experience in presenting at conferences or managing a group work organization skills Obviously, a team will be unable to employ individuals who possess all the necessary interpersonal and technical skills. But there are opportunities to address such deficiency in those skills, such as training of staff to develop and retain such skills and support continuous progress. Hiring CSIRT Staff For any staff vacancy, the hiring process to select the most talented applicant is a complicated task. Even a candidate who appears on the surface to possess the right skill set might not be able to work within CSIRT setting. It is true when a crisis has been declared where the candidate may not be able to cope with the situation and inefficiently carry out their duties. Therefore, it is recommended to present the applicant to a hiring process, specifically designed to reveal the applicant strengths and weaknesses. Based upon the findings of the hiring process, the team will make up their mind to train the applicant in the specific skills that the candidate may require or decide not to employ the candidate. Compared to a regular hiring process, additional steps should be included in any CSIRT hiring process and they are: pre-interview document check pre-interview telephone screening interviews that cover topics from technical abilities to interpersonal skills candidate technical presentation reference checks, including criminal records The complete hiring process should be devised to detect potential employees who possess appropriate interpersonal skills and technical skills. Such candidates can undergo further training to acquire more competence. Before calling the applicant for a personal interview, the pre-interview document check and telephone screening determines in the first instance whether the candidate is an ideal match for the selection process. At this stage, more information is gathered about the applicants broad level of interest in computer security and other more specific details on items covered in his or her resume. The telephone screening will give a good impression of the candidates oral communication skills. Before CSIRT staff begin to interview potential candidates, its better to decide in advance what particular issues ranging from technical issues and ethical issues to social skills are most likely to be discussed during the interview process and select which existing staff are most suitable to talk about those issues with the candidate. Thus separate topic areas are covered by each of the various interviewers, saving any duplication of effort. Each interviewer will be in a position to review and consolidate feedback on the issues covered. Another strategy may be carried out where similar topics may be discussed by other team members involved in the interview process to agree on the candidates faculty about a particular topic and identify any weaknesses. To ensure proper recruitment, the applicant should have the opportunity to meet up with CSIRT team members through a lunch meeting or at the candidates technical presentation. A candidate, required to give a technical presentation, offers CSIRT an opportunity to measure other technical and interpersonal skills of the candidate. It also gives an idea how much common sense the candidate has and whether the applicant will be able to cope under stressful situations. Other qualities such as overall presentation skills, an ey e for detail, technical accuracy and ability to answer questions on the fly are also taken into account. After an individual has been appointed, there is also an enormous task to make them adapt to CSIRT. The new staff will need to undergo training for some period of time to get used to the CSIRT working environment as well as specific policies and procedures for the team. Some new recruits may be given access to limited information until relevant certificates or clearances such as government or military clearances are obtained. Staff training is compulsory in order to make the new recruits acquire the necessary skill level to take on their new responsibilities. Secondly, training is necessary to expand existing staff skills for personal career growth and overall team progress. Staff training also helps overall CSIRT skill set updated with emerging technologies and intruder trends. When considering the overall training needs of the team, it is necessary to spot out the overall skill s needed for each individual, as well as the common skill set required for the whole team. Obviously, new staff member should acquire immediate training in any deficient skills to perform effectively quickly. From a general viewpoint, the whole team should be assessed to determine any training that needs more attention to enlarge skill set exposure in the team. At the same time, this assessment focuses on an individuals skill set. Policies and procedures are a necessity and should be enforceable to support initial training of new team member and to guarantee ongoing training as policies and procedures get amended. Besides the interpersonal and technical skills discussed earlier, each team member should be trained in areas specific to the incident handling functions in a normal CSIRT work environment. Training should cover up the following issues: new technical developments CSIRT team policies and procedures incident analysis maintenance of incident records understanding and identifying intruder techniques work load distribution and organizational techniques Initial training is conducted through on-the-job training. Since incident handling profession is different in work nature from other professions, there is no formal educational path for CSIRT staff and limited documentation in the literature. Most printed materi

Supply and Demand Essay -- Economy Economics Supply Demand Essays

Supply and Demand Every organisation which provides goods or services to fee paying customers must, by its very nature, charge price for that good or service, to pay for its costs, have retained profits for investments and to keep its shareholders happy. In theory, the market price of any good or service is determined by the interaction of forces of demand and supply. There is an old saying, that ?if you can teach a parrot to say ?demand? and ?supply? you have created a trained economist.?1 There is some truth to this saying as most problems in the economics can be examined by applying the rules of demand and supply. Therefore, the concepts of demand and supply can be claimed to be among the most important in economics. In order to understand either of them it is necessary to examine the factors that determine them. Although, a good?s price relative to other goods is probably the most important factor influencing demand for most goods most of the time, there are other factors as well. These are disposable income, the price of complimentary goods and substitutes, tastes and preferences, expectations, size of population, advertising. Suppliers on the other hand are interested in making profits, and thus anything that affects profitability affects the supply. These include the price of other products, costs, technology and goals of firms. a) The price of any product is determined by the interaction of the forces of demand and supply. The market price is set at the point, where demand equals supply, equilibrium. This can be seen from figure 1. For the purpose of this essay we will look at the prices of beer. We can see that, the price is set at 1.65, where D intersects S. Fig. 1 The Penguin dictionary of economics defines demand as ?the desire for a particular good or service supported by the possession of the necessary means of exchange to effect ownership?, while supply is defined as:? the quantity of a good or service available for sale at any given price?2. When an economist refers to the demand for a product he means effective demand, which may be defined as ?the quantity of the commodity, which will be demanded at any given price over some given period of time.?3 However, the price of the good or service varies according to the changes in either demand or supply. In order to show that it is necessary to... ...ng under?, if their shareholders are not satisfied they will sell shares and the company will be vulnerable to take-over bids. In conclusion, it can be seen that the principles of demand and supply have a theoretical influence on price determination. The theory provides a useful and simple tool in determining the price of a product by the means of demand and supply, an equilibrium price. However, the theoretic approach, uses many assumptions, which limit the application of theory to the real business environment. It is useful for academic purposes, while it is difficult to imagine that actual businesses will follow it in the business planning process. It is also difficult to use it as the theory assumes the perfect market, which does not exist, with few exceptions, newsagents being one of these. In other forms of competition firms would base pricing decisions on expected decisions of their rivals (oligopoly), or would decide by themselves taking into account only their needs (monopoly). Thus, it can be concluded that companies would adopt their pricing policy on the environment they operate in, probably without even using the theory of demand and supply.