College Is It Worth It

? College – Is it Worth it? Right now in our society university education is no longer an option or privilege, but rather a necessity. We are practically raised and conditioned to believe that one needs higher education in order to succeed in life. There is a saying that says â€Å"if you think education is expensive, try ignorance. † But as technology is constantly advancing and computers are running almost anything, is a college education really necessary? There are people who have never set foot in a college and are doing better than people who have their master's degree. There are views from both sides that contain a valid argument. The main reason why people go to college is not because they want to but because they have to. Most 11th and 12th graders are pressured by their parents to go to college because it is â€Å"the right thing to do. â€Å"† In the essay that Caroline Bird wrote â€Å"College is a Waste of Time and Money†, she states that students go to college because † . . . Mother wanted them to go, or some other reason entirely irrelevant to the course of studies for which college is supposedly organized. The student may have different ideas about what he or she wants to do in life, but because they think that their parents know what is best for them, they probably end up doing something they do not want to do, resulting in being miserable and resentful. Let's face it, going to college is socially prestigious. Most people go to college only for the title of being called a college student. For some young people, it is a graceful way to get away from home and become independent without losing the financial support of their parents. They do not want to be looked down upon so they do what would look â€Å"best in the eyes of society†. It is practically beat into our heads that in order to be a respectable citizen of society, you should have some sort of university education. Being a college student is perhaps a more respectable role than being, for example, a clerk or a garbage man because of the negative connotations such jobs receive. Going to college and getting a degree does not necessarily guarantee that an individual is going to get a job right after graduation. It is hard out there for recent graduates to find a good job since there is so much competition due to the insanely increasing numbers of our population and a wildrace for the lions share in every field. Even if they do get a job, it is usually not in what they got their degree for. Many college students would feel that college is a waste of money because they do not learn what they want to. Instead they have to take classes that have close to nothing to do with their major but are only taking these classes in order to fulfill a general educational requirement. Upon graduation, some feel that they are at a disadvantage because more time could have been spent on learning more within their field of study and less on irrelevant materials. Now for the pros of having a professional college education. The major reason of going to college is, of course, to get a good job. College prepares us with academic knowledge in order to succeed in the future. According to Ernest Boyner higher education is essential for preparation for one's future. He states that: In spatial terms, teaching and learning may begin in a classroom, but course work also spills over into the life of the campus and the community. Students engage in experimential learning and co-curricular activities that take abstract ideas and anchor them in real-life problems. As the competition to get a decent job is increasing, it is close to impossible to obtain a high paying job without at least a bachelor's degree. Many jobs that only used to want their workers to have a high school diploma now require some college education due to their extremely complicated nature. Another way college is worth the money, however, is because it is one of the few institutions that often contains people of different ethnic and racial backgrounds. Such a situation allows one to develop their social and communicative skills because they are exposed to unfamiliar cultures. This is necessary for the fact that a person does not want to come across as ignorant towards a certain culture. This only, however, comes in handy when you are being educated abroad. College is like a stepping stone to becoming a responsible adult because for the first time most people are practically on their own (that would definitely include me). It is completely different from high school in that not only that school has to be dealt with, but you have to juggle your personal time and financial state as well. They go away to college and face circumstances that they would most likely come across when they finally do go on their own. Bills have to be paid, time has to be managed efficiently, and deadlines have to be met, just like in the â€Å"real world. † College is not only about getting a good job ‘but about acquiring knowledge and broadening one's horizon. A lot of courses that are at school are not needed for a certain major but are just there for interested people who want to learn more about a certain subject. Bowen explains this by breaking it down into three aspects: †¦ the specific goals for the education function are derived. This function†¦ is intended to help students develop as persons in three respects: cognitive learning, by expanding their knowledge and intellectual powers; affective development, by enhancing their moral, religious, and emotional interests and sensibilities; and practical competence, by improving their performance in citizenship, work, family life, consumer choice, health, and other practical affairs. It is sometimes just as good to be an intelligent person and know about a lot of things instead of being someone who makes a lot of money. My admission into an arts college after a lifetime of struggle of being an a-grade science student, had led me to seriously consider the complexity of this topic and what i have learned is that college definitely has its pros and cons. But I think that college is what you make of it. It can be the best time of your life, but only if you want it to. You can take the pessimistic view about it and think that college is a waste of money, or it can be looked at as a challenging and exciting new frontier that basically will set the precedent for the rest of your life. No matter what i learn in this environment that has been setup on an organised platform to produce strong and self assured individuls that will help make this deteriorating world a better place to live in ,even if we do'nt do it conciously, what I know for sure is that the education I recieve in this college will always be of invaluable worth once i step out in the ruthless fish-eat-fish world.

Fireweed Case Study Essay

Introduction Fireweed is a short story written by Skye Brannon about a special day in Baluta’s life. Baluta is an uneducated carpenter in U.S.A, and lives with his brother Jato and the brother’s wife Sama. Baluta has had a rough background, he was witness to his father and sisters death, and had to flee to America, from Libya from war and hate. Main Theme There are several themes in the story, such as, culture difference, racism and poverty, but all these, are sub-themes. The overall main theme of this short story must be to cherish the present, and take nothing for granted. The fact that Baluta saw his dad getting killed and his sister raped and killed, is a view into an absurd world of violence and hate, described without many feelings. â€Å"He saw his father, swinging from a tree, on a rope†[1], and â€Å"He saw little Alonso’s ten-year old body, limp, naked in the sun, being passed from one soldier to another, his pants mingling with the dust.†[2] This is a matter of course that he will never take anything for granted, because he has learned that he will never know when it’s going to stop. A more positive sign on the main them, of this short story, is that he is actually having a better life now, in America. And he won’t take that for granted even though, there are a lot of other people with muc h better conditions, like Tiffany. The way the story is structured Fireweed is written with a third person narrator who is omniscient. All the actions are seen from Baluta’s point of view. â€Å"Cold like Kpatawee Falls back home, Baluta thought. Yes, today would be a remembering day† page 9, line 9. In this quote it’s clear that the narrator is omniscient since he knows what Baluta thinks. The story is told in the past tense, except for the quotes which are in present. The short story is simple to read, because of the uncomplicated language that is being used. It also makes it easier to read when something in the text that catches your attention, like the dialogs between the two brothers, Baluta and Jato, because they speak with an African accent. â€Å"†Dese Americans,† Jato said, â€Å"if you tell dem your mandika name, dey look loke you’ve given dem a riddle†Ã¢â‚¬ .[3] The story also contains a few flashbacks which might get a bit confusing. It is not possible to figure out the story before the end, because a lot of important details are revealed that you won’t be able to guess. It keeps the author’s attention, and helps out to keep the story exciting and interesting. A Characterization of Baluta/Joel Baluta/Joel is a person that doesn’t seek conflicts or controversies with other people which you can see on page 9, line 17 â€Å"Baluta felt awful for this, but he had to work to get a car, and needed a car to get to work† and again at page 10 when Tiffany asks Baluta to smash down some dirt which in the theory isn’t his job, but he just says â€Å"Sure, miss† because he is a nice person. â€Å"Could you please smash down that pile of dirt?† Another example of Baluta trying to fit into the new society that he is in, is shown by him changing his name from Baluta to Joel, just so he won’t be a victim of racism. The fact that Baluta fled from Liberia to a country where he has all these opportunities, that U.S.A provides, makes him not take anything for granted, and I think that Skye Brannon took Tiffany into the story on purpose because she is the exact opposite of Baluta, a rich, white, lady. â€Å"†This has got to be fixed.† She looked at Baluta for confirmation. Baluta nodded, but saw nothing wrong. The cabinet was of beautiful hardwood.†[4] This quote helps to characterize both Baluta and Tiffany. The Setting The story is built up around three environments; the first one is in America, where Baluta lives with his brother and the sister in law. They live very poorly, with cold water in the shower and a car in bad condition, which they don’t have enough money to fix. â€Å"When he was several numbers away, he took his foot off the gas. He hoped he could glide to a stop in front of the correct house, otherwise, the Swiss Chevy would let out a loud squeal when he hit the brake.†[5] This quote shows that they have to take a lot of alternative methods in use, to make it through the day, like saving money on the car. The next environment is even poorer, we hear about his life in Libya. â€Å"When they would get back to their hut, a square in the shanty-town quilt shadowed by a mountain, Alonso would always tell Grandma Awa that Baluta had caught some fish.†[6] Even though Baluta lives in the lower economic class in the U.S, it’s still far better than what he would have obtained in Libya. The last environment is at Tiffany’s house, where Baluta has a job to do. She is a rich woman with a big house, big lawn, and apparently also big signs of prejudices against African people. â€Å"When he got out of the car, he noticed a frightened look on her face and that she clutched a phone in her hand†.[7]In this quote it is easy to see that, because she belongs to the upper-class, she feels that poorer people might only be here to steal. This is important because it proves the point of one of the story’s theme, racism.

Language Skills Essay

I started the Celta  course in September 2011; therefore my only Teaching Practice has been to a group of 16 Level 1 students. This particular group is lively, engaged and eager to learn. It was clear that if after a session they had not learnt new vocabulary or mastered a tricky grammar rule they were disappointed. For the purpose of this assignment I have chosen an article from the Reader’s Digest January 2012 entitled ‘If I ruled the World’ by Dr Simon Thurley, Chief Executive of English Heritage. I think this text has several advantages; it is suitable for all cultural backgrounds and also gives students descriptions and insight into British culture. The language I think is appropriate for Level 1, neither too easy nor too difficult. With the chosen text students will be able to practice reading skills such as skimming for gist, reading for comprehension and scanning for information. The text can also be used to give students practice in the productive language skills – speaking and writing, discussion in class about what students would do if they ruled the world and for homework they could research for example the history of Stonehenge. Although not a specific requirement of this assignment students may learn new vocabulary and it reinforces the unreal conditional, which we covered during one of the Teaching Practices in November. I would introduce the topic of discussion for the day’s lesson by asking students to talk about heritage sites in the UK giving Stonehenge (show a picture) as an example Ask if any of them had visited Stonehenge or any heritage sites. I would also test students’ knowledge of the vocabulary needed to answer the comprehension questions i.e. deciduous species, parochial, etc. First Reading In the first exercise I would give the students a sheet with the gist questions and ask them to read through them. Then, I would ask the students to skim the text individually in about 5 minutes and ask them to work in pairs to answer the following questions: 1. Who wrote the article? Dr Simon Thurley, Chief Executive of English Heritage 2. What do you think the article is about? What Dr Thurley would do if he ruled the world? Second Reading Now I would ask the students to look over the detailed task questions, then scan and read the text again and answer the questions in pairs: 1. Simon Thurley would plant a trillion trees, which would be good for climate change. What else would it be good for and what do trees represent in the world? Because they make the world more beautiful as they are always moving and growing and mark the change of the seasons. Trees are the lungs of the world. 2. How would Simon Thurley made sure that every child in the world had a sense of history, identity and belonging? By teaching children the history of the place they live in to give them roots. Everyone needs a sense of belonging and a knowledge of historical background can make a big difference in attitude. 3. Why would Simon Thurley open all our old canals and train lines? We could put freight back on barges and reinstate train halts in villages across the country so as to decrease the number of lorries and cars using the roads causing pollution and traffic jams. 4. Why would Simon Thurley impose a tax on all businesses that put up Christmas decorations before 10 December? He would do this as he believes that Christmas is a time that should be short and special. Also there are many people who cannot afford to spend a great deal at Christmas and they feel alienated by the commercial frenzy. He would then use the revenue from the taxes to help less fortunate families over the Christmas period. 5. Why does Simon Thurley think that although a tunnel under Stonehenge would be expensive it is a priority and should be undertaken in the near future? Because having the main road so close, 25 yards, means that the monument is subject to fumes and noise. 6. Does Simon Thurley believe that the money donated to charities is used or purpose that it was intended? No he thinks that a lot of the money goes towards administrative costs and donors need to be confident that their money will make a difference. 7. How would Simon Thurley make it easier for everyone to get on with their lives? By making it illegal to ban things that people do in the privacy of their own homes. He would repeal five banned things a year and have less interference. 8. Does he think it is a good thing for anyone person to rule the world and why? No he does not because absolute power corrupts absolutely. Whilst the students are working in pairs I would monitor and help if necessary. After they have completed the task I would ask individual students to give their answers. I could at this stage reinforce the grammar of the unreal conditional â€Å"If I ruled the world I would†¦.† and then open up the discussion and ask students to discuss in pairs what they would do if they ruled the world and then open the discussion to the whole group with an exchange of ideas. As homework I would ask students to look up The English Heritage Internet site and pick a monument or building of historical importance in this country and describe it.

Beehive extract potential prostate cancer treatment Essay

Beehive extract potential prostate cancer treatment - Essay Example As a means of determining the side effects of the propolis on the cells, researchers did various experiments by using the traditional and the modern ways. Their aim was to discover the effects of the beehive extract on the initial stages of the prostrate malignancy. As a means of proving that CAPE can stop the spread of cancer, the researchers at the university used mice infected with tumors. They discovered that when CAPE is given to the mice, it inhibits the growth of tumors. Control experiments were also conducted since the researchers ceased giving the compound to the mice. The outcome showed the tumor continued growing after they had stopped giving CAPE to the mice. They also discovered that, the beehive extracts can only stop the growing of tumor, but they do not eliminate the cancer (Jones, Kokontis & Chuu). More studies were carried out to confirm that CAPE is effective. One of these studies was done at the National Research Institutes based in Taiwan. In the research, many l ines of cancer were used, and the beehive compound successfully slowed the growth. Even if, the lowest concentration of CAPE was used, it was still be useful in inhibiting the enlargement tumor. The research outcomes also showed that the compound could also hinder the prostrate tumors growth in human beings. If a mice grafted with the human prostrated tumor is given CAPE for six weeks, the amount of prostrate tumor can decrease by half. When the mice stop taking the component, the tumor grows like before. In order to know how CAPE works on the cells to slow them down, the researchers at Taiwan invented a way of measuring the alterations of proteins under certain conditions using the Western blots. They found out that CAPE stops tumor growth by suppressing the protein actions on p70s6 kinase and Akt tracks, which can activate cell growth. Even though, human beings were the focus of the study, mice are mammals and all mammals’ cells have the same characteristics. Hence, the com pound can also work on human beings (Jones, Kokontis & Chuu). For effective treatment of prostrate cancer, CAPE together with other treatments is instrumental. For instance, since the compound cannot kill the tumor cells, it works with chemotherapy, which can kill the cells, while CAPE stops further growth of the cells. However, a need arises to conduct more studies concerning the use of the beehive extracts before using it on human beings. Many people have used the compound to treat other diseases, but they dot not know how they work and hence, before bringing it into pharmacies, researchers have to approve it (Jones, Kokontis & Chuu). The beehive extract prevents prostrate cancer by triggering the apoptosis process. The treatment of prostrate cancer through chemotherapy and radiotherapy is widely known. Nevertheless, these methods are not very effective since they kill cells resulting into damaging of the body immune system. Experimental outcomes show that propolis inhibit mutatio ns that are caused by chemical carcinogen. Propolis on Hep-2 cells hinders the proliferation of cells. This can induce cells apoptosis to certain extends (Farooqui & Farooqui 248). Additionally, propolis affects cycle of cells at a phase called G1 to S phase transition. Its effects are equally apparent at the transition phase of S phase to the

Implementation of Balance Score Card (BSC) Essay

Implementation of Balance Score Card (BSC) - Essay Example Balance Score Card (BSC) is a framework for measuring performance on strategic level and accounts both financial and non financial measures (Banker, Chang, and Pizzini. 2011). BSC, since introduced by Kaplan and Norton in the early 1990s, has been adopted by large number of organizations. It is called BSC as it attempts to balance between short and long term goals while maintaining balance between financial and non financial variable (Kalpan, 2010). Proponents of BSC claim that it has many beneficial features that makes it preferred choice; such as connecting vision with strategy and activities down the hierarchy; cause and effect relationship of performance drivers with outcome etc (Chavan, 2009). Other feature that makes it most advocated is the fact of providing performance measurement and goal oriented guidance by combining variables or perspectives (2GC Limited, 2011). With agreement on benefits BSC offers to organization, fact remains that due benefit from BSC can only be avail ed based on appropriate and well thought implementation and there has been considerable debate on the implementation of BSC. This paper is also aimed to investigate and analyze success or failure of BSC that can be attributed to the appropriate implementation. Followed by introduction is the literature review of past academic studies done in the selected domain. Research methodology contains information related to method adopted to address the selected question. Analysis section provides analysis of the case studies selected to address the aim of this research. Finally, conclusion provides response to the question based on evidence collected in analysis section. LITERATURE REVIEW There is immense literature available on the BSC from various perspectives. This section will draw some relevant literature to BSC, its implementation with its proponents and critics. The section will also draw references related to implementation phase and cause implementation failure. Variation in studies are present that discussed increase in the adoption BSC due to the benefits it offers while others revealed firm’s decision of not adopting BSC due to less benefit it offers in proportion to the efforts required to implement it (Cardinaels, Paula, and Veen-Dirks. 2010). BSC has also undergone critical evaluation of assumptions on which it is built; such as managers’ capacity to link strategy to operational matrices in different departments and levels and issues related to designing BSC related to the respective organization etc (Geuser, Mooraj, and Oyon. 2009). Hence, discussion from various perspectives to explore possible deviation (Neely, 2005) while each aspect, directly or indirectly, referred to the factors that lead or hamper successful implementation of BSC. PEA, for instance, suggested complete procedure to develop balance score card to meet the challenges posed by other performance measurement in procurement organizations. It provided detailed guidance for a ll four perspectives including customer, financial, internal business processes and learning and growth perspective. It was also aimed to develop a model that allows comparability among various organizations along with providing a comprehensive performance measurement system (as given in image below (Procurement Executives’ Association, 2000). Hence, BSC shall be devised with adaptability to the nature and size of the firm (Rompho, 2011). Richardson (2004) provided six elements to be employed for the successful implementation of balance score card. These six elements include: first, development of strategy; second, involvement of strategic management and feedback from other management level of the new strategy; third, development of balance score card and its vision while both being aligned with vision of organization; fourth, implementation of balance score card performance measurement systems all around the organization and each level; fifth, communicating and educating the objective of BSC to employees and lastly

Self-awareness Personal Statement Example | Topics and Well Written Essays - 1500 words

Self-awareness - Personal Statement Example This exposure to different countries, cultures and languages made me appreciate the diversity that the world has to offer. As a result I am able to speak, although not as fluently as English, a number of influential languages for example French, Spanish, Chinese, Arabic and a bit of Zulu. In travelling one comes across other people’s beliefs and traditions some of which seem primitive to the western world standards while others seem quite sophisticated. At times one is led to question their own beliefs on whether they are strong enough or even superior to others. As a Christian, meeting strong believers in Islam always felt like we were in completely different worlds based on the outlook that these religions give to followers regarding the world around us. It is also through travelling and interacting with different people that one best notices their biases and fears. Before the family started going on international vacations, it was hard to comprehend the fact that other coun tries especially in the third and second worlds could be beautiful or enjoyable to live in. It was a big shock to realise that some African countries and others in Asia are quite beautiful and people there treat visitors with utmost respect and dignity. I would be biased on products manufactured from these countries but I realised that theirs are not as chemically produced as ours are. Agricultural products for example from Asia and Africa tend to be sweeter and more natural as farmers use minimum technology and few chemicals like fertilizers and pesticides. Some of my fears are centred on a variety of animals. Coming into contact with anything that has wings or scales can make me have a heart attack. It is ironical that I love turkey and chicken meat more than I do beef or pork. I also love to watch birds fly but I would flee if one came near while the same case applies to reptiles mostly snakes and African crocodiles. Above all fears is the fear to wrong others intentionally. I ha ve grown in a family where respect for one another was highly valued. Fearing to hurt others automatically leads to respect to people and humanity in general. I believe in Santa which is one myth that I have held on since childhood. Morality is another key aspect that my family instilled in us. Due to the strong attachment with the church, I have maintained high moral values. I have also come to appreciate that material wealth or ones socioeconomic status is not as important as self respect and respect for others. Being an American I have strong affiliation to American culture which revolves around respect for our country and, although not in line with the former, occasionally dropping at a fast food restaurant for a burger. As a result of the realisation that happiness does not emanate from material wealth I now cherish more the impact of my actions on others than on myself. In this regard money earned takes a backseat and at the end of the day the issue is always how positive and beneficial my actions were. Turning the world into a better place to live in for all humanity is my lifelong goal. I believe that to make the world a better place everyone must first of all make responsible choices in their lives and take full consequences for their actions. Although some issues like abortion are controversial it is good to have a definite stance on them from a morality standpoint. The world is a harsh place to live in and no one gets away with wrongs committed

Career Plan Essay Example | Topics and Well Written Essays - 1750 words

Career Plan - Essay Example The self-assessment exercise determines my suitability in pursuing the career. This process is crucial because it enhances the best utilization my tangible and intangible resources. I had the blue-print of establishing my business in the supply chain management. The process will enable me to have a clear understanding of the requirements of my vision. The process protects me from skill obsolescence. This notwithstanding, the process of career planning requires a comprehensive career plan framework. Different perceptions regarding career planning exist, but the bottom line is that the plan must be subjected to my strengths and weaknesses, and objectivity. Sometimes career planning is influenced by my parents, tutors and peers. The influence is healthy because new ideas are factored into the decision making process with a career plan. Moreover, the process is influenced by self-efficacy. The objectives of my career are to establish a sole-proprietorship in the supply chain management. The plan will enable me to achieve the best scores in academic contests. The plan also enables me to streamline his activities towards getting the best-paying job in the future. A career plan also enhances the utilization of scarce resources like finance and education. The plan makes me to be focuses and result-oriented. Objectivity enhances creativity and innovativeness among the career planers. My success in life is determined by the career choice adopted. The aspect of success in life is relative given that success implies different things for different people. My self-assessment entails the reflection on my personal strengths and weaknesses. The evaluation enhances better decision making pertaining to career choice. The process entails consideration of my values, tastes and preferences. These are matched with the available learning opportunities. According to Rothwell (2010), the circumstances surrounding me are also

CPS Conservatorship Worker Personal Statement Example | Topics and Well Written Essays - 250 words

CPS Conservatorship Worker - Personal Statement Example The author of the paper states that the ability to change the society and protect the rights of the children is essential and fits adequately with his moral and professional requirements. The researcher ‘s Bachelor Degree of Social Science in Criminology has prepared him to deal analytically with complex issues and to approach various problems in different methods. The author’s studies equipped him with excellent investigative skills and communication skills due to numerous group works and class participation. His previous employment as an Office Assistant prepared him professionally on how to deal with demanding schedules while maintaining healthy working relationships. Additionally, the author worked as a teller where his computer skills were improved significantly. The researcher will increase efficiency by dedicating resources to the intended course of the agency. The author’s investigative skills will enable him to close numerous cases at the stipulated time while his interpersonal skills will be aimed at developing more intimate employee relationships so that they can work on a common agenda. The researcher also seeks to develop a successful career with DFPS while achieving excellent children care and changing society by ensuring that children are socialized in favorable environments.

Failing Public Education in America Research Paper

Failing Public Education in America - Research Paper Example However, the movement was hit and brought down by the Supreme Court in United States before the First World War. Instead of the parochial education, the public education was made compulsory in the United States after the Second World War. The need for public education against the parochial education was given priority and the public schools gained importance. The public education was made mandatory for all the citizens of the country. The progressive ideas of the society have led to the popularization of public education in America. The public education in America has evolved over the years (Smith 59). At present, there are not one but two systems of public education in America. The first system is considered to be present in the suburbs and in some wealthy areas of the society. The second system is considered to be present more in the rural areas of the country. While the first system could be much better and could be termed as mediocre with the international neighbors, the public e ducation system in the rural areas is in dire crisis. These public schools are in a situation where they require some sort of restructuring and planning. Majority of the students of public schools in the rural areas drop out before attaining the high school degree or diploma. This leaves the students unprepared to get jobs in the current economic scenario. Also the students do not have the base to go for advanced or higher studies. The students are also left isolated from the technical courses that require basis education in the public schools. The policymakers have identified the fall and deterioration of the quality level of education and consider it... According to the paper the public education system in America was established in the early part of the 1920s. The public education was made mandatory and access to public schools was mandated and the private schools were dissolved. A systematic methodology has been adopted for this research on the public education system of America and its current status. The reasons behind the failure of the public education system in America, its consequences and strategies for revival from the situation of crisis have been explored with the help of this research. The ethnic distinction between the public schools in the rural and urban areas should be lowered in order to achieve overall development of the public education system. This essay approves that the public education system in America has a long heritage and was established to make public education for the citizens mandatory as compared to the parochial education. The public education system in America has evolved over the years. The public educators have been teaching students in the same education system which has lacked infrastructure due to the incompetency of the teachers and the weakness in the course curriculum. Apart from this funding of the public education system in America has lacked earnest efforts. This has resulted in drop out of nearly half of the American students from the schools before the attainment of basic high school education. The situation of crisis and failure in public education of America has recent raised concerns among the heads of the state who view this as a source of threat to national security.

Investing in stocks and bonds Term Paper Example | Topics and Well Written Essays - 750 words

Investing in stocks and bonds - Term Paper Example Consequently, the value of stock for that corporation tend to reflect the corporation’s earnings and experiences, going up when it is profitable and down when the company is experiencing losses. In essence, the higher the return potential, the higher the amount of risk associated with the stock. For example, investors in stock expect a high rate of return since they do not have a set schedule for repayment or fixed rate of return such as those in fixed-income securities. Even within this world of stocks, variations do exist in reward and return (Tyson, 2011). Blue chip stocks refer to stocks issued by corporations, which are firmly established within their given industries and possess a long history of paying dividends and producing earnings. Small capitalization stocks refer to shares from companies that are not that well established but have tremendous potential for growth. This can translate into a significant return for the investor. However, this comes with an increased potential for a greater decrease in value than would be expected from, say, a more established company. Bonds, on the other hand, involve making loans to corporations and other entities by investors (Wyckoff, 2009). Other entities normally involve various branches of the government that issue bonds to attract injection of capital without giving the investor managing control. In effect, the holder of the bond holds an IOU. If we were to invest in bonds, we would not expect any share in profits and would get a fixed investment return. This return is an interest rate on the bond and is also referred to as the coupon rate. It is calculated as the total percentage of the initial offering price of the bond. Bonds, just like common stocks, have a fluctuating market value, and if they are sold before their maturity date, they could produce a loss or gain in principle value (Wyckoff, 2009). If we were to invest

Hunted House Essay Example for Free

Hunted House Essay Nobodydared to go in empty house in an isolated part of the village . Eventually, the landscape of the empty house was shady,lush and green, no one is brave enough to hunt for wildfigs. The beautiful and evergreen nature surrounding the empty house was damp and soggy always. After the F.Sc examinations, my peers and I decided to go for camping the empty house since we had enough of studying books and would like to investigate about the mystery of that house. It was supposed to be a two days camping trip. We equipped ourselves with the necessary camping gear and enough food to last for the two days. We walked deep inside the village and reached at a huge and old empty house. As soon as we arrived there, Hammad approaches all of us to enter the house since the journey was quite difficult and tiring. We stepped in the house to fill our empty stomachs with the food that we had brought but we realized that the condition of the house was incredibly dirty and dusty. The ceiling was fully covered with spider webs whereas the floor was covered with dried leaves. Hence, we managed to clear up the place before start eating our meal.Then, we went walking around the house and suddenly Hammad started screaming â€Å"Aww!!!†. He saw a human skull inside a drawer. All of us were astonished with the discovery of human skull in the mystery house. At that moment, we could feel our blood stream was flushing and cold. All of us quickly rushed out of the house and decided to go back home. It was our badluck because it was raining and falling snow heavily outside. We had no choice but to wait until the rain stops. Fear was written on all our face, especially since we had discovered a human skull! All of us were in low spirits. Even Hammad was silent and nervous who is actually a noisy maker in our group. The hours dragged past but the rain continued. Instead we had no choice but to spend the night in the mysterious house. Although we were exhausted, we could not rest our tired minds and bodies with the demand of sleep.At midnight, Ali woke up to go to toilet and asked me to accompany him till the door. While I was waiting for him, I saw a â€Å"fully white dressed creature without head holding an axe† was hunting for food in the middle of night at the balcony of the house. I could not believe my own eyes and started reciting prayer according to our religion Islam. Then, I quietly went back to sleep after Ali was back. The next morning, we decided to make our way back to home and quickly packed all our goods. On the way heading back, I told them about the horrifying creature that I saw last night. All of them were nervous and frighten.On our way back, we met with a group of villagers who normallywashes their clothes at a bank of canal, which is situated about 2km away from the empty house. Therefore, we took that opportunity to ask them about the mystery of the empty house and the ‘human skull’. According to them, beforethis there was a young lady who got murdered by the communist soldiers in the empty house. One of them tried to rape her but she managed to fight him back using an axe. Unfortunately, she lost her head in that battle. Hence, the human skull belongs to the young lady and the white creature is her spirit who is hunting people for her revenge.After that incident, no one dared to go the house. Then, my friends and I thank the villagers and made our way for home. We decided not to go to the empty house anymore after this.

Best Practices Manual for Supervisors Essay Example for Free

Best Practices Manual for Supervisors Essay There are no magic bullets to solve daily problems and the road to reform will be rough, however the solution could be easy when any organization (or even an individual) decide to take advantage of some best practices. â€Å"Supervisors form the backbone of a strong organization because supervisors are the front-line leaders who ensure that the strategy is being achieved on a daily basis. (United Services, Inc. , p. 7)†. Also, according to Hays, S. W. (2004), â€Å"a significant investment in front-line supervisory development is a key aspect of a successful program† (p. 271). Because, â€Å"time and research has shown that poor supervision is a primary source of worker dissatisfaction, attrition, and failure of merit pay plans. † (Hays, S. W, 2004, p. 272) Also, â€Å"a reform’s success depends on leadership† (Hays, S. W, 2004, p. 274). After realizing the importance of the supervisors’ role and how crucial could knowledge and training be for them, the aim of this manual is to provide our supervisors with the necessary knowledge that enables them to succeed in their job. In another word, this manual is considered to be a guide for supervisors to ease their responsibilities. II. Best Practices This section of the manual presents some of the best practices that could help our supervisors in their different responsibilities such as: demonstrating communication skills, determining effective orientation and training methods, improving productivity for teams, conducting performance appraisals, resolving conflict, and improving employee relations. 1. Demonstrating Communication Skills Communication with employees will guarantee alignment with the organization’s overall strategy (mission- vision- goals). Supervisors could use internal communication to provide a supportive working environment with a clear set of expectations for all staff. As a result employees will have a better understanding of the decisions made by the organizations, so supervisors could avoid miss expectations by developing and maintaining communication channels with employees. Figure (1) shows some channels to communicate strategic information 1. 1 Efficient Intranet â€Å"The intranet is one of the best and most valuable tools available for employee communication. A company intranet can help employees and HR save time by giving employees instant access to contact lists, company policies, announcements, training opportunities, and benefits information. † (Business Legal Reports, 2007a1, p. 1). However, â€Å"the company should take some steps to achieve this communication channel such as: update frequently, make it simple and easy, provide a search feature, track the usage, organize locally according to departments ad teams, provide a starting page for each department, include files, documents, policies, and procedures, list phone extensions and contact lists, allow for feedback forms, use a content management. † (Business Legal Reports, 2007a1, p. 1-2) 1. 2 Open Book Management Style or Dissemination of strategic information Rubin, L. and Merripen, C. (2003) presented this practice which includes sharing information with employees for better understanding of management decisions. Employees became better informed about the business and feel more inclusive and entrepreneurial about their contribution and impact. Then employees moved their focus from just their job to looking at the company as a whole. † (p. 4) Collins, R. and Druten, K. V. (2003) â€Å"found a strong link between organizational performance over the past three years and the emphasis placed on communicating information to all members about the organization’s purpose, aspirations, strategy and performance. † Figure (1) shows some communication channels that managers and supervisors could use to communicate strategic information with employees. Figure (1): Channels to communicate strategic information Source: Collins, R. and Druten, K. V. (2003). Human Resources Management Practices 2. Determining Effective Orientation and Training Methods 2. 1 Best practices for effective orientation New employees orientation is important to facilitate the integration of new employees in the organization with understanding the organization’s culture, mission, vision and values. Orsini, B. (2000) presented some best practices for new employees orientation such as: â€Å"sessions for new employees to introduce them to the organization and provide them with an overview of the organizational mandate and structure, mentoring new employees by a staff member, profile of employee new to group by within a local newsletter or e-mail, and office tours as an opportunity to meet staff face-to-face and get a sense of what they do†. 2. 2 Best practices for effective training methods Training nowadays is not a luxury anymore. Due to the competitive marketplace and the complexity of jobs, training became a necessity for surviving and competing for both organizations and employees. Recently. There is â€Å"much greater emphasis on training as a means to cultivate, motivate, and retain quality workers†. (Hays, S. W. , 2004, p. 261) â€Å"Operationally, supervisors and managers are responsible for ensuring their employees get the training they need and/or the opportunity to attend the training classes. † (Bjomberg, L. , 2002) 2. 2. 1 Learning for life Program To show how could such practice help the organization, it’s useful to mention a real case study. For example, â€Å"Honeywell Limited’s Scarborough factory developed a learning for life program to improve productivity and quality and reduce costs in an effort to remain competitive in the global economy. Eighty percent of the factory participated in this program and Honeywell has increased its factory throughput by 180% and improved the quality of its products by 92%†. (The Conference Board of Canada, 1998, p. 5) This innovative program â€Å"developed more productive employees, increased productivity, improved quality, effective collaborative decision-making, improved communication skills. † (The Conference Board of Canada, 1998, p. 5) 2. 2. 2 Other best practices The Conference Board of Canada (1998) presented many other best practices in training or workplace literacy such as: ? Empowering adult learners ? Excellence in workplace literacy ? Skills for a stable workplace ? Literacy through e-learning ? Establishing a baseline for training ? Peer tutoring: employee helping employees Such practices has resulted in increased productivity, reduced staff turnover, enhanced performance, improved quality, effective collaborative decision-making, improved communication skills, in another word, it helped in creating a positive environment for both the employer and employees because benefits was achieved for both of them. 3. Improving Productivity for Teams Improving productivity for teams and for employees in general is the ultimate goal for all organizations to maximize the overall performance. And because we are talking about humans or employees, improving productivity should include creating a convenient environment that could help them to work productively. 3. 1 Work life balance (developing a family-friendly work environment) â€Å"Don’t be fired by your family† Best practice has shown that â€Å"both employees and employers can benefit when staff are able to adapt flexible work practices thereby enabling them to better manage their work and family responsibilities† (UQ, 2007, p. 1). In the end result this could increase employees productivity. â€Å"Supervisors have an important role in developing and maintaining a family-friendly work environment† (UQ, 2007, p. 1). â€Å"A supervisor could help creating this environment by flexibly organizing work arrangements and workloads taking into consideration certain factors such as night lecturing, summer schools, acting as a role model demonstrating understanding and acceptance of work family balance, and take a positive approach to negotiating flexible arrangements† (UQ, 2007, p. 1-2). 3. 2 Teleworking is good for business and employees Teleworking is another practice resulted in improving productivity. According to Business Legal Reports (2006), †teleworking has some benefits such as: relocation cost savings, increased productivity by reducing employees absentee, reduced costs for office space, and employee satisfaction† (p. 7). So, when supervisors consider benefiting from telework, they won’t only provide an improved work-life balance for the employee, but also they will get improved business performance for the employer. 3. 3 Other best practices 3. 3. 1 Concern for employee community (Employee Care Program and Employee Relations Program) This practice proved that it could reduce employees’ turnover. This kind of program â€Å"monitors how people are doing in their jobs and in their lives, offers rewards, gifts, annual picnic and holiday, flexible scheduling and telecommuting, and medical coverage. † 3. 3. 2 Encourage employees to take their vacations This practice is important to enable employees to relax enough to avoid stress, anxiety, emotional problems, job burnout in order to let employees perform at their optimum level. 3. 3. 3 Consumer-driven health care Textron, Inc is an example company that adopted this practice. The company â€Å"consolidated employee healthcare options and shifted to consumer-driven healthcare. This resulted in increased productivity, a significant decline in healthcare costs, and decrease in the casual absentee rates and the incidence of disability leave. † (Business Legal Reports, 2007b, p. 3) 4. Conducting Performance appraisals â€Å"Monitoring staff performance is a key for any supervisor. It should be part of on-going discussions with staff and volunteers about their work and the results obtained. † (Mathew, M. , 2007) According to Hays, S. W. (2004), â€Å"an immense amount of energy has recently been devoted to upgrading the quality of performance appraisals by tying them to organizational missions and goals. † (p. 262) 4. 1 Best practices for evaluation? According to Hays, S. W. (2004), best practices concerning evaluation showed that â€Å"HR experts agree that evaluations ought to (a) be based on objective and observable criteria, (b) involve mutual goal setting, (c) avoid the tendency to assess irrelevant worker traits, and (d) be tailored to each individual job and worker (rather than using one form for every employee). † 4. 2 360-Degree performance management feedback system According to Business Legal Reports (2006), â€Å"this system, which solicits feedback from boss, peers and direct reports if there are any, has been increasingly embraced as the best of all available methods for collecting performance feedback. † (p. 4) â€Å"The 360 process allows for multiple points of view to be given on any given individual. It neutralizes what might otherwise be one rater’s bias (either positive or negative) and helps to paint a more comprehensive picture of that individual’s performance. † (p. 4) 4. 3 Other best practices Hays, S. W. (2004) also mentioned other best practices in conducting performance appraisals such as: â€Å"Employee Performance Management System (EPMS), 360-degree evaluation, Team-based evaluations, and Gainsharing. † (p. 262) 5 Resolving Conflict According to Vogel, A. (2007), â€Å"unproductive workplace conflict arises when appropriate communication breaks down. The result is wasted work time; a drop in motivation, productivity and quality of service; employee attrition; loss of authority; a stressful work environment; and even direct damage to the company. † 5. 1 The best approach to avoid â€Å"The best approach to workplace conflict is to avoid unproductive quarreling altogether. And suggested four strategies –mentioned by Daniel Dana- for eliminating strife: (1) address conflict early, (2) avoid a one-sided solution, (3) take risks such as apologizing, (4) respect others’ peace-making gestures. † (Vogel, A. , 2007) 5. 2 Guidelines for managing the situation Vogel, A, (2007) mentioned some guidelines to help managing scuffles before they escalate into real crisis such as: mediating conflict between two employees, decide to mediate, hold preliminary meetings, conduct a three-way meeting, work out a deal, self-mediation, step outside your office, listen first, and finally manage diverging viewpoints. † 6 Improving Employee Relations 6. 1 Create a newsletter One practice to improve employee relations is to create a newsletter that works for employee communications either a printed one or an electronic one (by e-mail or on the website). 6. 2 Build a forum on your website or intranet This forum will provide an informal communication channel for employees to share their ideas, events or even their problems 6. 3 Create shared events Being a supervisor you could make some events shared even if you turn the routine group tasks into fun shared events. For example CMP Technology made the spring-cleaning records become an event. â€Å"Employees worked together in teams and competed to win a dinner for the team and discarded 12 tons of unnecessary paper in the process. † (Business Legal Reports, 2007a2) III. Conclusion The main conclusion is that best practices can -for sure- help supervisors and enhance the way they deal with their responsibilities with employees by adopting approaches, techniques, and policies to create a positive, creative, and supportive work environment. Another conclusion is that information technology has an important role in providing effective HR practices. Finally, supervisors should be a model themselves for their employees in order to make a real change. References Bjomberg, L. (2002). Training and development: Best practices. Public Personnel Management. Winter 2002. International Public Management Association for Human Resources Survey. Retrieved April 16, 2008 from http://www. entrepreneur. com/tradejournals/article/160542388_1. html Business Legal Reports, Inc. (2006). Top 10 Best Practices in HR Management for 2008. United States of America: Business Legal Reports, Inc. Business Legal Reports (2007a1). 10 Tips for HR to Boost Intranet Efficiency. Best Practices in HR. (838), pp. 1-2 Business Legal Reports (2007a2). ‘Bin There, Dump That’-Spring Cleaning Recors Becomes Event at CMP Technology. Best Practices in HR. (838), pp. 3 Business Legal Reports (2007b). Case study: Move to consumer-driven healthcare decreases costs, improves employee health. Best Practices in Compensation Benefits. (734), pp. 3 Collins, R. Druten, K. V. (2003). Survey of Australian and New Zealand Human Resource Practices, CCH and AGSM. Retrieved April 16, 2008 from http://www2. agsm. edu. au/agsm/web. nsf/AttachmentsByTitle/CCHREPORT2003/$FILE/CCH+Final+2003. pdf Hays, S. W. (2004). Trends and Best Practices in State and Local Human Resource Management: Lessons to be learned? Review of Public Administration, 24(3), pp. 256-275, SAGE Publications. Retrieved April 16, 2008 from http://rop. sagepub. com/cgi/content/abstract/24/3/256 Mathew, M. (2007). Best Practices Module: Human resources management. British Columbia Museum Association. Retrieved April 16, 2008 from http://www. museumsassn. bc. ca/Images/Best%20Practices%20Modules%202/Human%20Resource%20Management%20FINAL. pdf Orsini, B. (2000). Improving Internal Communications. Internal Auditor. December 2000. Retrieved April 16, 2008 from http://findarticles. com/p/articles/mi_m4153/is_6_57/ai_69759744/pg_1 Rubin, L. Merripen, C. (2003). IGDA Business Committee: Best practices in Human Resources. IGDA. Retrieved April 16, 2008 from http://www. igda. org/hr/IGDA_Best_Practices_HR. pdf The Conference Board of Canada (1998). Workplace Literacy Best Practices Reader. The Conference Board of Canada . Retrieved April 16, 2008 from http://www. conferenceboard. ca/education/pdf/Awards/litread. pdf United Services, Inc.. Best Practices for Supervisor Training. Retrieved April 16, 2008 from http://www. mhrrg. com/images/UnitedServices02. PDF UQ: University of Queensland (2007). Balancing Work and Family/Life Responsibilities: Guidelines for supervisors. April 2007. Retrieved April 16, 2008 from http://www. uq. edu. au/equity/docs/bwfl_super_guide. pdf Vogel, A, (2007). Resolving Workplace Conflict. Body-Mind-Spirit Review. June 2007 Retrieved April 16, 2008 from http://www. inneridea. com/library/balanced-business-resolving-workplace-conflict

Computer Network Security within Organisations

Computer Network Security within Organisations Networking and Management Introduction A computer network is a connection of two or more computers in order to share resources and data. These shared resources can include devices like printers and other resources like electronic mail, internet access, and file sharing. A computer network can also be seen as a collection of Personal computers and other related devices which are connected together, either with cables or wirelessly, so that they can share information and communicate with one another. Computer networks vary in size. Some networks are needed for areas within a single office, while others are vast or even span the globe. Network management has grown as a career that requires specialized training, and comes with management of important responsibilities, thus creating future opportunities for employment. The resulting expected increase in opportunities should be a determining and persuasive factor for graduates to consider going into network management. Computer networking is a discipline of engineering that involves communication between various computer devices and systems. In computer networking, protocols, routers, routing, and networking across the public internet have specifications that are defined in RFC documents. Computer networking can be seen as a sub-category of computer science, telecommunications, IT and/or computer engineering. Computer networks also depend largely upon the practical and theoretical applications of these engineering and scientific disciplines. In the vastly technological environment of today, most organisations have some kind of network that is used every day. It is essential that the day-to-day operations in such a company or organisation are carried out on a network that runs smoothly. Most companies employ a network administrator or manager to oversee this very important aspect of the company’s business. This is a significant position, as it comes with great responsibilities because an organisation will experience significant operational losses if problems arise within its network. Computer networking also involves the setting up of any set of computers or computer devices and enabling them to exchange information and data. Some examples of computer networks include: Local area networks (LANs) that are made up of small networks which are constrained to a relatively small geographic area. Wide area networks (WANs) which are usually bigger than local area networks, and cover a large geographic area. Wireless LANs and WANs (WLAN WWAN). These represent the wireless equivalent of the Local Area Network and Wide Area Networks Networks involve interconnection to allow communication with a variety of different kinds of media, including twisted-pair copper wire cable, coaxial cable, optical fiber, and various wireless technologies. The devices can be separated by a few meters (e.g. via Bluetooth) or nearly unlimited distances (e.g. via the interconnections of the Internet. (http://en.wikipedia.org/wiki/Computer_networking) TASK 1 TCP connection congestion control Every application, whether it is a small or large application, should perform adaptive congestion control because applications that perform congestion control use a network more efficiently and are generally of better performance. Congestion control algorithms prevent the network from entering Congestive Collapse. Congestive Collapse is a situation where, although the network links are being heavily utilized, very little useful work is being done. The network will soon begin to require applications to perform congestion control, and those applications which do not perform congestion control will be harshly penalized by the network, probably in the form of preferentially dropping their packets during times of congestion (http://www.psc.edu/networking/projects/tcpfriendly/) Principles of Congestion Control Informally, congestion entails that too many sources are sending too much data, and sending them too fast for the network to handle. TCP Congestion Control is not the same as flow control, as there are several differences between TCP Congestion Control and flow control. Other principles of congestion control include Global versus point-2-point, and orthogonal issues. Congestion manifests itself by causing loss of packets (buffer overflow at routers), and long delays (queuing in router buffers). Also, during congestion, there is no explicit feedback from network routers, and there is congestion inferred from end-system observed loss. In network-assisted congestion control, routers provide feedback to end systems, and the explicit rate sender sends at –Choke Packet. Below are some other characteristics and principles of congestion control: When CongWin is below Threshold, sender in slow-start phase, window grows exponentially. When CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold. When timeout occurs, Threshold set to CongWin/2 and CongWin is set to 1 MSS. Avoidance of Congestion It is necessary for the TCP sender to use congestion avoidance and slow start algorithms in controlling the amount of outstanding data that is injected into a network. In order to implement these algorithms, two variables are added to the TCP per-connection state. The congestion window (cwnd) is a sender-side limit on the amount of data the sender can transmit into the network before receiving an acknowledgment (ACK), while the receivers advertised window (rwnd) is a receiver-side limit on the amount of outstanding data. The minimum of cwnd and rwnd governs data transmission. (Stevens, W. and Allman, M. 1998) TCP Flow Control In TCP flow control, the receiving side of the TCP connection possesses a receive buffer, and a speed-matching service which matches the send rate to the receiving application’s drain rate. During flow control, Rcvr advertises any spare room by including value of RcvWindow in segments, and the sender limits unACKed data to RcvWindow. TCP flow control also ensures that there is no overflow of the receive buffer. Round-trip Time Estimation and Timeout TCP Round Trip Time and Timeout are usually longer than RTT, but RTT varies, and has a slow reaction to segment loss. SampleRTT is measured time from segment transmission until ACK receipt, ignore retransmissions, and will vary, want estimated RTT â€Å"smoother† Round-trip time samples arrive with new ACKs. The RTT sample is computed as the difference between the current time and a time echo field in the ACK packet. When the first sample is taken, its value is used as the initial value for srtt. Half the first sample is used as the initial value for rttvar. (Round-Trip Time Estimation and RTO Timeout Selection) There are often problems due to timeouts, including the restriction of the sender that is compelled to wait until a timeout, and is able to do nothing during this period. Also, the first segment in the sliding window is often not acked, and retransmission becomes necessary, waiting again one RTT before the segment flow continues. It should be noted that on receiving the later segments, the receiver sends back ACKs. Estimated RTT EstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTT DevRTT DevRTT = (1 0.25) * DevRTT + | SampleRTT – EstimatedRTT Timeout interval TimeoutInterval = EstimatedRTT + 4 * DevRTT The integrated services (IntServ) and DiffServ (Differentiated Services) architecture are two architectures that have been proposed for the provision of and guaranteeing of quality of service (QoS) over the internet. Whereas the Intserv framework is developed within the IETF to provide individualized QoS guarantees to individual application sessions, Diffserv is geared towards enabling the handling of different classes of traffic in various ways on the internet. These two architectures represent the IETF’s current standards for provision of QoS guarantees, although neither Intserv nor Diffserv have taken off or found widespread acceptance on the web. (a) Integrated Service Architecture In computer networking, the integrated services (IntServ) architecture is an architecture that specifies the elements for the guaranteeing of quality of service (QoS) on the network. For instance, IntServ can be used to allow sound and video to be sent over a network to the receiver without getting interrupted. IntServ specifies a fine-grained Quality of service system, in contrast to DiffServs coarse-grained system of control. In the IntServ architecture, the idea is that each router inside a system implements IntServ, and applications which require various types of guarantees have to make individual reservations. Flow Specs are used to describe the purpose of the reservation, and the underlying mechanism that signals it across the network is called RSVP. TSPECs include token bucket algorithm parameters. The idea is that there is a token bucket which slowly fills up with tokens, arriving at a constant rate. Every packet which is sent requires a token, and if there are no tokens, then it cannot be sent. Thus, the rate at which tokens arrive dictates the average rate of traffic flow, while the depth of the bucket dictates how large the traffic is allowed to be. TSPECs typically just specify the token rate and the bucket depth. For example, a video with a refresh rate of 75 frames per second, with each frame taking 10 packets, might specify a token rate of 750Hz, and a bucket depth of only 10. The bucket depth would be sufficient to accommodate the burst associated with sending an entire frame all at once. On the other hand, a conversation would need a lower token rate, but a much higher bucket depth. This is because there are often pauses in conversations, so they can make do with fewer tokens by not sending the gaps between words and sentences. However, this means the bucket depth needs to be increased to compensate for the traffic being larger. (http://en.wikipedia.org/wiki/Integrated_services) (b) Differentiated Service Architecture The RFC 2475 (An Architecture for Differentiated Services) was published In 1998, by the IETF. Presently, DiffServ has widely replaced other Layer 3 Quality of Service mechanisms (such as IntServ), as the basic protocol that routers use to provide different service levels. DiffServ (Differentiated Services) architecture is a computer networking architecture which specifies a scalable, less complex, coarse-grained mechanism for the classification, management of network traffic and for provision of QoS (Quality of Service) guarantees on modern IP networks. For instance, DiffServ can be used for providing low-latency, guaranteed service (GS) to video, voice or other critical network traffic, while ensuring simple best-effort traffic guarantees to non-critical network services like file transfers and web traffic. Most of the proposed Quality of Service mechanisms which allowed these services to co-exist were complicated and did not adequately meet the demands Internet users because modern data networks carry various kinds of services like streaming music, video, voice, email and also web pages. It would probably be difficult to implement Intserv in the core of the internet because most of the communication between computers connected to the Internet is based on a client/server structural design. This Client/server describes a structure involving the connection of one computer to another for the purpose of giving work instructions or asking it questions. In an arrangement like this, the particular computer that questions and gives out instructions is the client, while the computer that provides answers to the asked questions and responds to the work instructions is the server. The same terms are used to describe the software programs that facilitate the asking and answering. A client application, for instance, presents an on-screen interface for the user to work with at the client computer; the server application welcomes the client and knows how to respond correctly to the clients commands. Any file server or PC can be adapted for use as an Internet server, however a dedicated computer should be chosen. Anyone with a computer and modem can join this network by using a standard phone. Dedicating the server that is, using a computer as a server only helps avoid some security and basic problems that result from sharing the functions of the server. To gain access to the Internet you will require an engineer to install the broadband modem. Then you will be able to use the server to network the Internet on all machines on a network. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) TASK 5 Network security These days, computers are used for everything from shopping and communication to banking and investment. Intruders into a network system (or hackers) do not care about the privacy or identity of network users. Their aim is to gain control of computers on the network so that they can use these systems to launch attacks on other computer systems. Therefore people who use the network for these purposes must be protected from unknown strangers who try to read their sensitive documents, or use their computer to attack other systems, and send forged email, or access their personal information (such as their bank or other financial statements) Security Clauses The International Organisation for Standardizations (ISOs) 17799: 2005 Standard is a code of practice for information security management which provides a broad, non-technical framework for establishing efficient IT controls. The ISO 17799 Standard consists of 11 clauses that are divided into one or more security categories for a total of 39 security categories The security clauses of the ISO standard 17799:2005- code of practice for Information Security Management include: The security Policy clause Organizing Information Security Asset Management. Human Resources Security. Physical and Environmental Security. Communications and Operations. Access Control. Information Systems Acquisition, Development, and Maintenance. Information Security Incident Management. Business Continuity Management. Compliance. (http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209) Here is a brief description of the more recent version of these security clauses: Security Policy: Security policies are the foundation of the security framework and provide direction and information on the companys security posture. This clause states that support for information security should be done in accordance with the companys security policy. Organizing Information Security: This clause addresses the establishment and organizational structure of the security program, including the appropriate management framework for security policy, how information assets should be secured from third parties, and how information security is maintained when processing is outsourced. Asset Management: This clause describes best practices for classifying and protecting assets, including data, software, hardware, and utilities. The clause also provides information on how to classify data, how data should be handled, and how to protect data assets adequately. Human Resources Security: This clause describes best practices for personnel management, including hiring practices, termination procedures, employee training on security controls, dissemination of security policies, and use of incident response procedures. Physical and Environmental Security: As the name implies, this clause addresses the different physical and environmental aspects of security, including best practices organizations can use to mitigate service interruptions, prevent unauthorized physical access, or minimize theft of corporate resources. Communications and Operations: This clause discusses the requirements pertaining to the management and operation of systems and electronic information. Examples of controls to audit in this area include system planning, network management, and e-mail and e-commerce security. Access Control: This security clause describes how access to corporate assets should be managed, including access to digital and nondigital information, as well as network resources. Information Systems Acquisitions, Development, and Maintenance: This section discusses the development of IT systems, including applications created by third-parties, and how security should be incorporated during the development phase. Information Security Incident Management: This clause identifies best practices for communicating information security issues and weaknesses, such as reporting and escalation procedures. Once established, auditors can review existing controls to determine if the company has adequate procedures in place to handle security incidents. Business Continuity Management: The 10th security clause provides information on disaster recovery and business continuity planning. Actions auditors should review include how plans are developed, maintained, tested, and validated, and whether or not the plans address critical business operation components. Compliance: The final clause provides valuable information auditors can use when identifying the compliance level of systems and controls with internal security policies, industry-specific regulations, and government legislation. (Edmead, M. T. 2006 retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) The standard, which was updated in June 2005 to reflect changes in the field of information security, provides a high-level view of information security from different angles and a comprehensive set of information security best practices. More specifically, ISO 17799 is designed for companies that wish to develop effective information security management practices and enhance their IT security efforts. Control Objectives The ISO 17799 Standard contains 11 clauses which are split into security categories, with each category having a clear control objective. There are a total of 39 security categories in the standard. The control objectives in the clauses are designed to meet the risk assessment requirements and they can serve as a practical guideline or common basis for development of effective security management practices and organisational security standards. Therefore, if a company is compliant with the ISO/IEC 17799 Standard, it will most likely meet IT management requirements found in other laws and regulations. However, because different standards strive for different overall objectives, auditors should point out that compliance with 17799 alone will not meet all of the requirements needed for compliance with other laws and regulations. Establishing an ISO/IEC 17799 compliance program could enhance a companys information security controls and IT environment greatly. Conducting an audit evaluation of the standard provides organizations with a quick snapshot of the security infrastructure. Based on this snapshot, senior managers can obtain a high-level view of how well information security is being implemented across the IT environment. In fact, the evaluation can highlight gaps present in security controls and identify areas for improvement. In addition, organizations looking to enhance their IT and security controls could keep in mind other ISO standards, especially current and future standards from the 27000 series, which the ISO has set aside for guidance on security best practices. (Edmead, M. T. 2006 retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) Tree Topology Tree topologies bind multiple star topologies together onto a bus. In its most simple form, only hub devices are directly connected to the tree bus and the hubs function as the root of the device tree. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub ports) alone. Topologies remain an important part of network design theory. It is very simple to build a home or small business network without understanding the difference between a bus design and a star design, but understanding the concepts behind these gives you a deeper understanding of important elements like hubs, broadcasts, ports, and routes. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Use of the ring topology should be considered for use in medium sized companies, and the ring topology would also be the best topology for small companies because it is ensures ease of data transfer. Ring Topology In a ring network, there are two neighbors for each device, so as to enable communication. Messages are passed in the same direction, through a ring which is effectively either counterclockwise or clockwise. If any cable or device fails, this will break the loop and could disable the entire network. Bus Topology Bus networks utilize a common backbone to connect various devices. This backbone, which is a single cable, functions as a shared medium of communication which the devices tap into or attach to, with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Star Topology The star topology is used in a lot of home networks. A star network consists of a central connection point or hub that can be in the form of an actual hub, or a switch. Usually, devices will connect to the switch or hub by an Unshielded Twisted Pair (UTP) Ethernet. Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computers network access and not the entire LAN. If the hub fails, however, the entire network also fails. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Relating the security clauses and control objectives to an organisation In an organisation like the Nurht’s Institute of Information Technology (NIIT), the above mentioned security clauses and control objectives provide a high-level view of information security from different angles and a comprehensive set of information best security practices. Also, the ISO 17799 is designed for companies like NIIT, which aim to enhance their IT security, and to develop effective information security management practices. At NIIT, the local network relies to a considerable degree, on the correct implementation of these security practices and other algorithms so as to avoid congestion collapse, and preserve network stability. An attacker or hacker on the network can cause TCP endpoints to react in a more aggressive way in the face of congestion, by the forging of excessive data acknowledgments, or excess duplicate acknowledgments. Such an attack could possibly cause a portion of the network to go into congestion collapse. The Security Policy clause states that â€Å"support for information security should be done in accordance with the companys security policy.† (Edmead, M. T. 2006). This provides a foundation of the security framework at NIIT, and also provides information and direction on the organisation’s security posture. For instance, this clause helps the company auditors to determine whether the security policy of the company is properly maintained, and also if indeed it is to be disseminated to every employee. The Organizing Information Security clause stipulates that there should be appropriate management framework for the organisation’s security policy. This takes care of the organizational structure of NIIT’s security program, including the right security policy management framework, the securing of information assets from third parties, and the maintenance of information security during outsourced processing. At NIIT, the Security clauses and control objectives define the company’s stand on security and also help to identify the vital areas considered when implementing IT controls. The ISO/IEC 17799s 11 security clauses enable NIIT to accomplish its security objectives by providing a comprehensive set of information security best practices for the company to utilize for enhancement of its IT infrastructure. Conclusion Different businesses require different computer networks, because the type of network utilized in an organisation must be suitable for the organisation. It is advisable for smaller businesses to use the LAN type of network because it is more reliable. The WAN and MAN would be ideal for larger companies, but if an organisation decides to expand, they can then change the type of network they have in use. If an organisation decides to go international, then a Wireless Area Network can be very useful Also, small companies should endeavor to set up their network by using a client/server approach. This would help the company to be more secure and enable them to keep in touch with the activities of others are doing. The client/server would be much better than a peer-to-peer network, it would be more cost-effective. On the average, most organisations have to spend a good amount of money and resources to procure and maintain a reliable and successful network that will be and easy to maintain in the long run. For TCP Congestion Control, when CongWin is below Threshold, sender in slow-start phase, window grows exponentially. If CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold, and threshold set to CongWin/2 and CongWin is set to 1 MSS when a timeout occurs. For a Small Office/Home Office (SOHO), networks such as wireless networks are very suitable. In such a network, there won’t be any need to run wires through walls and under carpets for connectivity. The SOHO user need not worry about plugging their laptop into docking stations every time they come into the office or fumble for clumsy and unattractive network cabling. Wireless networking provides connectivity without the hassle and cost of wiring and expensive docking stations. Also, as the business or home office grows or shrinks, the need for wiring new computers to the network is nonexistent. If the business moves, the network is ready for use as soon as the computers are moved. For the wired impossible networks such as those that might be found in warehouses, wireless will always be the only attractive alternative. As wireless speeds increase, these users have only brighter days in their future. (http://www.nextstep.ir/network.shtml) It is essential to note that the computer network installed in an organisation represents more than just a simple change in the method by which employees communicate. The impact of a particular computer network may dramatically affect the way employees in an organisation work and also affect the way they think. Bibliography Business Editors High-Tech Writers. (2003, July 22). International VoIP Council Launches Fax-Over-IP Working Group. Business Wire. Retrieved July 28, 2003 from ProQuest database. Career Directions (2001 October). Tech Directions, 61(3), 28 Retrieved July 21, 2003 from EBSCOhost database Edmead, M. T. (2006) Are You Familiar with the Most Recent ISO/IEC 17799 Changes? (Retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) FitzGerald, J. (1999), Business Data Communications And Networking Pub: John Wiley Sons Forouzan, B. (1998), Introduction To Data Communications And Networking Pub: Mc- Graw Hill http://www.theiia.org/itaudit http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209 http://www.psc.edu/networking/projects/tcpfriendly/ ISO/IEC 17799:2000 – Code of practice for information security management Published by ISO and the British Standards Institute [http://www.iso.org/] ISO/IEC 17799:2005, Information technology – Security techniques – Code of practice for information security management. Published by ISO [http://www.iso.org/iso/en/prods-services/popstds/informationsecurity.html] Kurose, J. F. Ross, K. W. 2002. Computer Networking A Top-Down Approach Featuring the Internet, 2nd Edition, ISBN: 0-321-17644-8 (the international edition), ISBN: 0-201-97699-4, published by Addison-Wesley, 2002 www.awl.com/cs Ming, D. R. Sudama (1992) NETWORK MONITORING EXPLAINED: DESIGN AND APPLICATION Pub: Ellis Horwood Rigney, S. (1995) NETWORK PLANNING AND MANAGMENT YOUR PERSONAL CONSALTANT Round-Trip Time Estimation and RTO Timeout Selection (retrieved from http://netlab.cse.yzu.edu.tw/ns2/html/doc/node368.html) Shafer, M. (2001, June 11). Careers not so secure? Network Computing, 12(12), 130- Retrieved July 22, 2003 from EBSCOhost database Stevens, W. and Allman, M. (1998) TCP Implementation Working Group (retrieved from http://www.ietf.org/proceedings/98aug/I-D/draft-ietf-tcpimpl-cong-control-00.txt) Watson, S (2002). The Network Troubleshooters. Computerworld 36(38), 54. (Retrieved July 21, 2003 from EBSCOhost database) Wesley, A. (2000), Internet Users Guide to Network Resource Tools 1st Ed, Pub: Netskils www.microsoft.co.uk www.apple.com www.apple.co.uk www.bized.com http://www.nextstep.ir/network.shtml www.novell.com www.apple.com/business www.microsoft.com/networking/e-mails www.engin.umich.edu www.microsoft.com Computer Network Security within Organisations Computer Network Security within Organisations Networking and Management Introduction A computer network is a connection of two or more computers in order to share resources and data. These shared resources can include devices like printers and other resources like electronic mail, internet access, and file sharing. A computer network can also be seen as a collection of Personal computers and other related devices which are connected together, either with cables or wirelessly, so that they can share information and communicate with one another. Computer networks vary in size. Some networks are needed for areas within a single office, while others are vast or even span the globe. Network management has grown as a career that requires specialized training, and comes with management of important responsibilities, thus creating future opportunities for employment. The resulting expected increase in opportunities should be a determining and persuasive factor for graduates to consider going into network management. Computer networking is a discipline of engineering that involves communication between various computer devices and systems. In computer networking, protocols, routers, routing, and networking across the public internet have specifications that are defined in RFC documents. Computer networking can be seen as a sub-category of computer science, telecommunications, IT and/or computer engineering. Computer networks also depend largely upon the practical and theoretical applications of these engineering and scientific disciplines. In the vastly technological environment of today, most organisations have some kind of network that is used every day. It is essential that the day-to-day operations in such a company or organisation are carried out on a network that runs smoothly. Most companies employ a network administrator or manager to oversee this very important aspect of the company’s business. This is a significant position, as it comes with great responsibilities because an organisation will experience significant operational losses if problems arise within its network. Computer networking also involves the setting up of any set of computers or computer devices and enabling them to exchange information and data. Some examples of computer networks include: Local area networks (LANs) that are made up of small networks which are constrained to a relatively small geographic area. Wide area networks (WANs) which are usually bigger than local area networks, and cover a large geographic area. Wireless LANs and WANs (WLAN WWAN). These represent the wireless equivalent of the Local Area Network and Wide Area Networks Networks involve interconnection to allow communication with a variety of different kinds of media, including twisted-pair copper wire cable, coaxial cable, optical fiber, and various wireless technologies. The devices can be separated by a few meters (e.g. via Bluetooth) or nearly unlimited distances (e.g. via the interconnections of the Internet. (http://en.wikipedia.org/wiki/Computer_networking) TASK 1 TCP connection congestion control Every application, whether it is a small or large application, should perform adaptive congestion control because applications that perform congestion control use a network more efficiently and are generally of better performance. Congestion control algorithms prevent the network from entering Congestive Collapse. Congestive Collapse is a situation where, although the network links are being heavily utilized, very little useful work is being done. The network will soon begin to require applications to perform congestion control, and those applications which do not perform congestion control will be harshly penalized by the network, probably in the form of preferentially dropping their packets during times of congestion (http://www.psc.edu/networking/projects/tcpfriendly/) Principles of Congestion Control Informally, congestion entails that too many sources are sending too much data, and sending them too fast for the network to handle. TCP Congestion Control is not the same as flow control, as there are several differences between TCP Congestion Control and flow control. Other principles of congestion control include Global versus point-2-point, and orthogonal issues. Congestion manifests itself by causing loss of packets (buffer overflow at routers), and long delays (queuing in router buffers). Also, during congestion, there is no explicit feedback from network routers, and there is congestion inferred from end-system observed loss. In network-assisted congestion control, routers provide feedback to end systems, and the explicit rate sender sends at –Choke Packet. Below are some other characteristics and principles of congestion control: When CongWin is below Threshold, sender in slow-start phase, window grows exponentially. When CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold. When timeout occurs, Threshold set to CongWin/2 and CongWin is set to 1 MSS. Avoidance of Congestion It is necessary for the TCP sender to use congestion avoidance and slow start algorithms in controlling the amount of outstanding data that is injected into a network. In order to implement these algorithms, two variables are added to the TCP per-connection state. The congestion window (cwnd) is a sender-side limit on the amount of data the sender can transmit into the network before receiving an acknowledgment (ACK), while the receivers advertised window (rwnd) is a receiver-side limit on the amount of outstanding data. The minimum of cwnd and rwnd governs data transmission. (Stevens, W. and Allman, M. 1998) TCP Flow Control In TCP flow control, the receiving side of the TCP connection possesses a receive buffer, and a speed-matching service which matches the send rate to the receiving application’s drain rate. During flow control, Rcvr advertises any spare room by including value of RcvWindow in segments, and the sender limits unACKed data to RcvWindow. TCP flow control also ensures that there is no overflow of the receive buffer. Round-trip Time Estimation and Timeout TCP Round Trip Time and Timeout are usually longer than RTT, but RTT varies, and has a slow reaction to segment loss. SampleRTT is measured time from segment transmission until ACK receipt, ignore retransmissions, and will vary, want estimated RTT â€Å"smoother† Round-trip time samples arrive with new ACKs. The RTT sample is computed as the difference between the current time and a time echo field in the ACK packet. When the first sample is taken, its value is used as the initial value for srtt. Half the first sample is used as the initial value for rttvar. (Round-Trip Time Estimation and RTO Timeout Selection) There are often problems due to timeouts, including the restriction of the sender that is compelled to wait until a timeout, and is able to do nothing during this period. Also, the first segment in the sliding window is often not acked, and retransmission becomes necessary, waiting again one RTT before the segment flow continues. It should be noted that on receiving the later segments, the receiver sends back ACKs. Estimated RTT EstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTT DevRTT DevRTT = (1 0.25) * DevRTT + | SampleRTT – EstimatedRTT Timeout interval TimeoutInterval = EstimatedRTT + 4 * DevRTT The integrated services (IntServ) and DiffServ (Differentiated Services) architecture are two architectures that have been proposed for the provision of and guaranteeing of quality of service (QoS) over the internet. Whereas the Intserv framework is developed within the IETF to provide individualized QoS guarantees to individual application sessions, Diffserv is geared towards enabling the handling of different classes of traffic in various ways on the internet. These two architectures represent the IETF’s current standards for provision of QoS guarantees, although neither Intserv nor Diffserv have taken off or found widespread acceptance on the web. (a) Integrated Service Architecture In computer networking, the integrated services (IntServ) architecture is an architecture that specifies the elements for the guaranteeing of quality of service (QoS) on the network. For instance, IntServ can be used to allow sound and video to be sent over a network to the receiver without getting interrupted. IntServ specifies a fine-grained Quality of service system, in contrast to DiffServs coarse-grained system of control. In the IntServ architecture, the idea is that each router inside a system implements IntServ, and applications which require various types of guarantees have to make individual reservations. Flow Specs are used to describe the purpose of the reservation, and the underlying mechanism that signals it across the network is called RSVP. TSPECs include token bucket algorithm parameters. The idea is that there is a token bucket which slowly fills up with tokens, arriving at a constant rate. Every packet which is sent requires a token, and if there are no tokens, then it cannot be sent. Thus, the rate at which tokens arrive dictates the average rate of traffic flow, while the depth of the bucket dictates how large the traffic is allowed to be. TSPECs typically just specify the token rate and the bucket depth. For example, a video with a refresh rate of 75 frames per second, with each frame taking 10 packets, might specify a token rate of 750Hz, and a bucket depth of only 10. The bucket depth would be sufficient to accommodate the burst associated with sending an entire frame all at once. On the other hand, a conversation would need a lower token rate, but a much higher bucket depth. This is because there are often pauses in conversations, so they can make do with fewer tokens by not sending the gaps between words and sentences. However, this means the bucket depth needs to be increased to compensate for the traffic being larger. (http://en.wikipedia.org/wiki/Integrated_services) (b) Differentiated Service Architecture The RFC 2475 (An Architecture for Differentiated Services) was published In 1998, by the IETF. Presently, DiffServ has widely replaced other Layer 3 Quality of Service mechanisms (such as IntServ), as the basic protocol that routers use to provide different service levels. DiffServ (Differentiated Services) architecture is a computer networking architecture which specifies a scalable, less complex, coarse-grained mechanism for the classification, management of network traffic and for provision of QoS (Quality of Service) guarantees on modern IP networks. For instance, DiffServ can be used for providing low-latency, guaranteed service (GS) to video, voice or other critical network traffic, while ensuring simple best-effort traffic guarantees to non-critical network services like file transfers and web traffic. Most of the proposed Quality of Service mechanisms which allowed these services to co-exist were complicated and did not adequately meet the demands Internet users because modern data networks carry various kinds of services like streaming music, video, voice, email and also web pages. It would probably be difficult to implement Intserv in the core of the internet because most of the communication between computers connected to the Internet is based on a client/server structural design. This Client/server describes a structure involving the connection of one computer to another for the purpose of giving work instructions or asking it questions. In an arrangement like this, the particular computer that questions and gives out instructions is the client, while the computer that provides answers to the asked questions and responds to the work instructions is the server. The same terms are used to describe the software programs that facilitate the asking and answering. A client application, for instance, presents an on-screen interface for the user to work with at the client computer; the server application welcomes the client and knows how to respond correctly to the clients commands. Any file server or PC can be adapted for use as an Internet server, however a dedicated computer should be chosen. Anyone with a computer and modem can join this network by using a standard phone. Dedicating the server that is, using a computer as a server only helps avoid some security and basic problems that result from sharing the functions of the server. To gain access to the Internet you will require an engineer to install the broadband modem. Then you will be able to use the server to network the Internet on all machines on a network. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) TASK 5 Network security These days, computers are used for everything from shopping and communication to banking and investment. Intruders into a network system (or hackers) do not care about the privacy or identity of network users. Their aim is to gain control of computers on the network so that they can use these systems to launch attacks on other computer systems. Therefore people who use the network for these purposes must be protected from unknown strangers who try to read their sensitive documents, or use their computer to attack other systems, and send forged email, or access their personal information (such as their bank or other financial statements) Security Clauses The International Organisation for Standardizations (ISOs) 17799: 2005 Standard is a code of practice for information security management which provides a broad, non-technical framework for establishing efficient IT controls. The ISO 17799 Standard consists of 11 clauses that are divided into one or more security categories for a total of 39 security categories The security clauses of the ISO standard 17799:2005- code of practice for Information Security Management include: The security Policy clause Organizing Information Security Asset Management. Human Resources Security. Physical and Environmental Security. Communications and Operations. Access Control. Information Systems Acquisition, Development, and Maintenance. Information Security Incident Management. Business Continuity Management. Compliance. (http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209) Here is a brief description of the more recent version of these security clauses: Security Policy: Security policies are the foundation of the security framework and provide direction and information on the companys security posture. This clause states that support for information security should be done in accordance with the companys security policy. Organizing Information Security: This clause addresses the establishment and organizational structure of the security program, including the appropriate management framework for security policy, how information assets should be secured from third parties, and how information security is maintained when processing is outsourced. Asset Management: This clause describes best practices for classifying and protecting assets, including data, software, hardware, and utilities. The clause also provides information on how to classify data, how data should be handled, and how to protect data assets adequately. Human Resources Security: This clause describes best practices for personnel management, including hiring practices, termination procedures, employee training on security controls, dissemination of security policies, and use of incident response procedures. Physical and Environmental Security: As the name implies, this clause addresses the different physical and environmental aspects of security, including best practices organizations can use to mitigate service interruptions, prevent unauthorized physical access, or minimize theft of corporate resources. Communications and Operations: This clause discusses the requirements pertaining to the management and operation of systems and electronic information. Examples of controls to audit in this area include system planning, network management, and e-mail and e-commerce security. Access Control: This security clause describes how access to corporate assets should be managed, including access to digital and nondigital information, as well as network resources. Information Systems Acquisitions, Development, and Maintenance: This section discusses the development of IT systems, including applications created by third-parties, and how security should be incorporated during the development phase. Information Security Incident Management: This clause identifies best practices for communicating information security issues and weaknesses, such as reporting and escalation procedures. Once established, auditors can review existing controls to determine if the company has adequate procedures in place to handle security incidents. Business Continuity Management: The 10th security clause provides information on disaster recovery and business continuity planning. Actions auditors should review include how plans are developed, maintained, tested, and validated, and whether or not the plans address critical business operation components. Compliance: The final clause provides valuable information auditors can use when identifying the compliance level of systems and controls with internal security policies, industry-specific regulations, and government legislation. (Edmead, M. T. 2006 retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) The standard, which was updated in June 2005 to reflect changes in the field of information security, provides a high-level view of information security from different angles and a comprehensive set of information security best practices. More specifically, ISO 17799 is designed for companies that wish to develop effective information security management practices and enhance their IT security efforts. Control Objectives The ISO 17799 Standard contains 11 clauses which are split into security categories, with each category having a clear control objective. There are a total of 39 security categories in the standard. The control objectives in the clauses are designed to meet the risk assessment requirements and they can serve as a practical guideline or common basis for development of effective security management practices and organisational security standards. Therefore, if a company is compliant with the ISO/IEC 17799 Standard, it will most likely meet IT management requirements found in other laws and regulations. However, because different standards strive for different overall objectives, auditors should point out that compliance with 17799 alone will not meet all of the requirements needed for compliance with other laws and regulations. Establishing an ISO/IEC 17799 compliance program could enhance a companys information security controls and IT environment greatly. Conducting an audit evaluation of the standard provides organizations with a quick snapshot of the security infrastructure. Based on this snapshot, senior managers can obtain a high-level view of how well information security is being implemented across the IT environment. In fact, the evaluation can highlight gaps present in security controls and identify areas for improvement. In addition, organizations looking to enhance their IT and security controls could keep in mind other ISO standards, especially current and future standards from the 27000 series, which the ISO has set aside for guidance on security best practices. (Edmead, M. T. 2006 retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) Tree Topology Tree topologies bind multiple star topologies together onto a bus. In its most simple form, only hub devices are directly connected to the tree bus and the hubs function as the root of the device tree. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub ports) alone. Topologies remain an important part of network design theory. It is very simple to build a home or small business network without understanding the difference between a bus design and a star design, but understanding the concepts behind these gives you a deeper understanding of important elements like hubs, broadcasts, ports, and routes. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Use of the ring topology should be considered for use in medium sized companies, and the ring topology would also be the best topology for small companies because it is ensures ease of data transfer. Ring Topology In a ring network, there are two neighbors for each device, so as to enable communication. Messages are passed in the same direction, through a ring which is effectively either counterclockwise or clockwise. If any cable or device fails, this will break the loop and could disable the entire network. Bus Topology Bus networks utilize a common backbone to connect various devices. This backbone, which is a single cable, functions as a shared medium of communication which the devices tap into or attach to, with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Star Topology The star topology is used in a lot of home networks. A star network consists of a central connection point or hub that can be in the form of an actual hub, or a switch. Usually, devices will connect to the switch or hub by an Unshielded Twisted Pair (UTP) Ethernet. Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computers network access and not the entire LAN. If the hub fails, however, the entire network also fails. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Relating the security clauses and control objectives to an organisation In an organisation like the Nurht’s Institute of Information Technology (NIIT), the above mentioned security clauses and control objectives provide a high-level view of information security from different angles and a comprehensive set of information best security practices. Also, the ISO 17799 is designed for companies like NIIT, which aim to enhance their IT security, and to develop effective information security management practices. At NIIT, the local network relies to a considerable degree, on the correct implementation of these security practices and other algorithms so as to avoid congestion collapse, and preserve network stability. An attacker or hacker on the network can cause TCP endpoints to react in a more aggressive way in the face of congestion, by the forging of excessive data acknowledgments, or excess duplicate acknowledgments. Such an attack could possibly cause a portion of the network to go into congestion collapse. The Security Policy clause states that â€Å"support for information security should be done in accordance with the companys security policy.† (Edmead, M. T. 2006). This provides a foundation of the security framework at NIIT, and also provides information and direction on the organisation’s security posture. For instance, this clause helps the company auditors to determine whether the security policy of the company is properly maintained, and also if indeed it is to be disseminated to every employee. The Organizing Information Security clause stipulates that there should be appropriate management framework for the organisation’s security policy. This takes care of the organizational structure of NIIT’s security program, including the right security policy management framework, the securing of information assets from third parties, and the maintenance of information security during outsourced processing. At NIIT, the Security clauses and control objectives define the company’s stand on security and also help to identify the vital areas considered when implementing IT controls. The ISO/IEC 17799s 11 security clauses enable NIIT to accomplish its security objectives by providing a comprehensive set of information security best practices for the company to utilize for enhancement of its IT infrastructure. Conclusion Different businesses require different computer networks, because the type of network utilized in an organisation must be suitable for the organisation. It is advisable for smaller businesses to use the LAN type of network because it is more reliable. The WAN and MAN would be ideal for larger companies, but if an organisation decides to expand, they can then change the type of network they have in use. If an organisation decides to go international, then a Wireless Area Network can be very useful Also, small companies should endeavor to set up their network by using a client/server approach. This would help the company to be more secure and enable them to keep in touch with the activities of others are doing. The client/server would be much better than a peer-to-peer network, it would be more cost-effective. On the average, most organisations have to spend a good amount of money and resources to procure and maintain a reliable and successful network that will be and easy to maintain in the long run. For TCP Congestion Control, when CongWin is below Threshold, sender in slow-start phase, window grows exponentially. If CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold, and threshold set to CongWin/2 and CongWin is set to 1 MSS when a timeout occurs. For a Small Office/Home Office (SOHO), networks such as wireless networks are very suitable. In such a network, there won’t be any need to run wires through walls and under carpets for connectivity. The SOHO user need not worry about plugging their laptop into docking stations every time they come into the office or fumble for clumsy and unattractive network cabling. Wireless networking provides connectivity without the hassle and cost of wiring and expensive docking stations. Also, as the business or home office grows or shrinks, the need for wiring new computers to the network is nonexistent. If the business moves, the network is ready for use as soon as the computers are moved. For the wired impossible networks such as those that might be found in warehouses, wireless will always be the only attractive alternative. As wireless speeds increase, these users have only brighter days in their future. (http://www.nextstep.ir/network.shtml) It is essential to note that the computer network installed in an organisation represents more than just a simple change in the method by which employees communicate. The impact of a particular computer network may dramatically affect the way employees in an organisation work and also affect the way they think. Bibliography Business Editors High-Tech Writers. (2003, July 22). International VoIP Council Launches Fax-Over-IP Working Group. Business Wire. Retrieved July 28, 2003 from ProQuest database. Career Directions (2001 October). Tech Directions, 61(3), 28 Retrieved July 21, 2003 from EBSCOhost database Edmead, M. T. (2006) Are You Familiar with the Most Recent ISO/IEC 17799 Changes? (Retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) FitzGerald, J. (1999), Business Data Communications And Networking Pub: John Wiley Sons Forouzan, B. (1998), Introduction To Data Communications And Networking Pub: Mc- Graw Hill http://www.theiia.org/itaudit http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209 http://www.psc.edu/networking/projects/tcpfriendly/ ISO/IEC 17799:2000 – Code of practice for information security management Published by ISO and the British Standards Institute [http://www.iso.org/] ISO/IEC 17799:2005, Information technology – Security techniques – Code of practice for information security management. Published by ISO [http://www.iso.org/iso/en/prods-services/popstds/informationsecurity.html] Kurose, J. F. Ross, K. W. 2002. Computer Networking A Top-Down Approach Featuring the Internet, 2nd Edition, ISBN: 0-321-17644-8 (the international edition), ISBN: 0-201-97699-4, published by Addison-Wesley, 2002 www.awl.com/cs Ming, D. R. Sudama (1992) NETWORK MONITORING EXPLAINED: DESIGN AND APPLICATION Pub: Ellis Horwood Rigney, S. (1995) NETWORK PLANNING AND MANAGMENT YOUR PERSONAL CONSALTANT Round-Trip Time Estimation and RTO Timeout Selection (retrieved from http://netlab.cse.yzu.edu.tw/ns2/html/doc/node368.html) Shafer, M. (2001, June 11). Careers not so secure? Network Computing, 12(12), 130- Retrieved July 22, 2003 from EBSCOhost database Stevens, W. and Allman, M. (1998) TCP Implementation Working Group (retrieved from http://www.ietf.org/proceedings/98aug/I-D/draft-ietf-tcpimpl-cong-control-00.txt) Watson, S (2002). The Network Troubleshooters. Computerworld 36(38), 54. (Retrieved July 21, 2003 from EBSCOhost database) Wesley, A. (2000), Internet Users Guide to Network Resource Tools 1st Ed, Pub: Netskils www.microsoft.co.uk www.apple.com www.apple.co.uk www.bized.com http://www.nextstep.ir/network.shtml www.novell.com www.apple.com/business www.microsoft.com/networking/e-mails www.engin.umich.edu www.microsoft.com