Environmental Impacts of Aviation Essay Example for Free

Environmental Impacts of Aviation Essay Noise is said to have a variety of definitions. For people who are inclined towards acoustics, noise is identified as a complex form of sound waves that have irregular vibrations and has no known pitch. In the field of engineering, noise is considered as a signal that interferes with the detection and quality identification of another signal. However, for psychoacoustic studies which are focused on the study of human response to sound, noise is deemed as an unwanted form of sound (American Speech-Language-Hearing Association [ASHA], 2008). According to K. D. Kryter (1996), noise is an enhanced form of sound signals that post a negative effect in the physiological and psychological aspect of an individual (Kryter, 1996 cited in ASHA, 2008). For the most part, noise is something that could be identified as an unwanted sound which is a pollutant and a hazard to the health of human beings (ASHA, 2008). Noise can be derived from a variety of contributors, and such noises have their own levels that are detrimental to the hearing of an individual. Noise levels are measured in decibels. Sounds that are louder than 80 decibels are considered to be hazardous. One of the leading sources of potentially hazardous noise is the airport. Noises from airports could come from constructions and operating machines. However, the major contributor for airport noise is caused by the aircrafts. There are two ways on how aircraft noises are generated. First, airframe noise appears whenever air passes through the fuselage or body and wings of the plane. The activity causes friction and turbulence which often result in the production of unwanted sound. Gliders which are planes without engines produce noise during its flights. Second, engine noise is derived from the action of the moving parts of the aircraft’s engine. Such noise is also produced whenever the sound of air passes through the engines during high speed. Engine noise mainly comes from the plane’s exhaust or the jet situated behind the engine whenever the air sound from the engine combines with the air surrounding it (Wellington Airport, 2008). Based from the study carried out by Daniel Nunez (1998), airplane noise poses disturbance in the human sleep more than any other forms of noises. It was also indicated that more than 50% of the people residing near airports are awakened by airplane noise (Holland-Wegman, 1967 cited in Nunez, 1998). The onset of aircraft noise as a major problem began during the time when there is an upsurge in the need of air transportation after World War Two. By the end of 1950’s, the introduction of jet planes became widely known which later on catapulted the â€Å"aviation revolution† where commercial air passengers were also introduced (Nunez, 1998). The augmentation in the aircraft use also resulted in the increase in the noise level produced by air transportations. Because of the outstanding length of service and success of aircraft operations, airports gradually become larger and noisier. The attractive activities of airports also began to grab the attention of people, wherein surrounding communities started to spread all throughout the nearby areas. The more airports become bigger and nosier, the more residential structures, churches, and schools come closer to the area. Eventually, conflicting issues arise. Aside from the land expansion of airports which often cause nearby residents to act defensively, noise is also regarded as an issue that is very much integrated with airport operations (Bachman, 2003). As such, the painful sound from aircraft take offs and landings were viewed as the primary reasons of annoyance by the residents living near the area. From then on, airport noise has become a complex psychophysiological and economic issue (Nunez, 1998). The issues regarding aircraft noise are said to be complicated because of the aviation industry’s significance in the economy of developing countries. Without the presence of the aviation industry various economic industries would be gravely affected, some of which include the tourism business and mail transportation (Nunez, 1998). Many airports have spent large amounts of money in order to provide sound insulation for residential buildings and community owned structures to reduce aircraft noise (Bachman, 2003). One of the airports that have reached an agreement regarding their noise issue with the people in the surrounding community is the Wellington International Airport Limited (WIAL) situated in New Zealand. WIAL was constituted as a legal corporation on October 16, 1990. The aviation company is partly owned by the Wellington City Council which shares 34% of the total stocks, while the other 66% are owned by Infratil Limited. Wellington International Airport is known as the third largest airport in New Zealand and is classified as a regional hub that extends its international flight service not only in New Zealand but also to the Eastern part of Australia and the neighboring island countries in the south-west Pacific. Almost 90% of the passengers of WIAL travel domestically and majority of whom are business people (Ministry of Economic Development [MED], 2005). As it was said, no other cities in the world have an airport location that could be compared to Wellington International Airport. WIAL is situated on a narrow strip of land in the center of the residential areas. The airport is just minutes away towards the capital’s centre. It is also accessible through a short coastal scenic drive or passing through the tunnel at Mount Victoria. Although the location of the airport is said to be unique, the airport is faced with substantial challenges in terms of its environmental impact, specifically the aircraft noise. The location of Wellington International Airport which is close to the residential area became a ground for the residents to organize the Residents Airport Noise Action Group, the noise abatement requirement, as well as different actions from the internal operations of the airport in order to decrease the noise pollution (Wellington Airport, 2008). Residents Airport Noise Action Group In 1963, Maxine Harris first moved into her home at Strathmore which is near Wellington International Airport. Five years after, Harris reported that the jet noise began. According to documents, Harris and her neighbors were not at all bothered by the jet noise. However by 1980’s, Harris and her neighbors started hearing the night-time acceleration of the airplane engines of National Airways. Harris even noted that they heard the revving of the airplane engines that sounded like a high-pitched whining that would wake her up in the middle of the night and would not allow her to get back to sleep. Harris complained about the noise issue, but an airport official told her that no other individual complained about the noise. Harris talked to her other neighbor about the issue and her neighbor told her that he had also complained, yet the airport official also told him that no other person called the airport to complain. Both Harris and her neighbor responded to the issue by putting leaflets in the mailboxes of their neighbors. The leaflet called for the other residents to phone the airport whenever they were disturbed by the aircraft noise (Samson, 1997a). Because of this, the neighbors responded well, and in 1986, the Residents Airport Noise Action Group was established. The group was focused on performing two tasks: to halt the engine testing at night and to lessen the noise produced by the 737’s. It was in 1986 when the group had their first meeting with the city council. During that time, they have voiced their complaints regarding the noise issue. Their first attempt became successful after the city passed the first by-law which is focused on the engine-testing. The by-law limits the testing times of the National Airways Friendship fleet. However, subsequent efforts of the group were not as successful as their first attempt. The noise problem of the Boeing 737’s still remains (Samson, 1997a). In 1987, the Ansett Airlines became a part of the internal air service market. In return, Air New Zealand has to expand their operations. It was stated that the residents regarded 1987 as the year of â€Å"big explosion† because of the noise produced by the aircrafts. In response to the growing issue of the airport noise, the residents put forward a proposal, stating that all the 737’s should be phased out in 1997. Three months after the proposal was passed, Ansett acknowledged the residents’ plea by replacing the fleets with whisper jets that are much quieter compared to the 737’s. On the other hand, the city council framed a proposed by-law that would have ordered the Air New Zealand to reduce its fleet on a stage by stage process. However, the propose by-law did not take in effect (Samson, 1997a). By 1992, Air New Zealand promised that by the following year seven of their Boeing 737-200’s would have devices that would reduce noise known as hush kits and other fleets would be phased out and will be replaced by 737-300’s. However, the residents did not agree with this. Arguments were once again raised that have even reached the select committees of the parliament, yet the resolutions were unidentifiable (Samson, 1997, p. 19a). As a response to the noise issue that has been gaining public interest, the city council put forth a proposed district plan, but the residents opposed to it. However, in order to resolve the issue, environment court judge Shonagh Kenderdine ruled out in August of 1997 that the airport and the airlines should adhere to the strict rules as proposed by the district plan regarding the air noise boundary wherein a specific maximum noise level will be set. Furthermore, the noise boundary would later on be dissolved if there is an improvement with the airport and airlines noise management. Other regulations that were included in the ruling involve the night curfew, engine-testing, ground noise control, and land-use. The first three issues being disputed were already progressive after the issues were ruled out. The last dispute which was focused on the land use was not settled until November of 1997 (Samson, 1997a). As a follow up to the court ruling done on August of 1997, in order to end the ten-year fight regarding the acceptable noise level in Wellington area, and to finally conclude the last remaining area of dispute which was focused on the land use, Judge Shonagh Kenderdine ended the noise issue on November 20, 1997. The major players during the court case involved the Residents airport noise action group, the board of airline representatives, the Wellington city council, and the Wellington international airport. It was stipulated in the ruling that: â€Å"All new housing developments within the airport’s air-noise boundary would be deemed unrestricted discretionary activity† (Samson, 1997b, p. 3). Under the said ruling, any individuals who are interested to build residential structures within the surrounding airport area and all the application permits have to be approved by the Wellington City Council. Therefore, the council has the right to refuse or consent the details of the application depending on the criteria that are still to be set by the district plan (Samson, 1997b). Despite the criteria being on the process of completion, the interested party should be governed by the assessments set in the ruling wherein new homes that will be built within the airports air-noise boundary should use construction materials that could pass the standards of noise reductions. Such materials include: thicker gib boarding, double or thicker window glazing, and the installation of noise insulations. The ruling also required the city council to implement stricter rules regarding the development of new housings compared to the original proposition of the district plan (Samson, 1997b).

Abu Sayyaf Group Essay Example for Free

Abu Sayyaf Group Essay Abdurajak Janjalani’s religious and political thoughts provided the basis for ASG’s original ideology.23 The initial premise for creating the group was for a Muslim Mujahideen that would be committed to â€Å"a struggle in the cause of Allah† or â€Å"fighting and dying for the cause of Islam.†24 To his ASG followers Janjalani was more than a leader, he provided their ideological path and enlightenment. Janjalani was well educated and knowledgeable of various areas that impacted the Muslim population in the Philippines. These included the historical, religious, economic, political, and social conditions that existed at the time25 and it was his aim to build his idea of an Islamic state in the southern Philippines to improve those conditions.26 Funding to initiate and support the movement in the beginning was supposedly supplied by Mohammed Jamal Khalifa, Osama bin Laden’s brother-in-law.27 This was the first reported link to Al Qaeda. Later, in 1992, Janjalani and his group established an official headquarters in Isabela, Basilan naming the Camp Al-Madinah Mujahideen, but the camp was captured by the Philippine Marines in 1993 forcing ASG to relocate and establish a new base in Patikul, Sulu. This fostered greater cooperation and alliance with Ghalib Andang who led the Sulu-based unit of the ASG.28 Working together the combined ASG forces began an aggressive recruiting effort to expand their manpower, acquire arms and munitions, and began the lucrative series of fund-raising activities in kidnappings and demanding high ransoms.29 Before his death in 1998, Janjalani delivered eight radical ideological messages called Khutbahs. These Khutbahs are regarded as primary sources of his radical Islamic thought and depicted the depth of his Abu Sayyaf . . .5 understanding of Wahabi Islam. One of the Khutbahs exposed an intense resentment of Christian missionaries in Mindanao, especially those regarded as criticizing Islam. His interpretation was that â€Å"aggressive preaching of Christian missionaries in Mindanao thus insulted Islam and provoked Muslims to respond violently. As a result, the bombing of the Christian missionary ship M/V Doulos in 1991 was retaliation against Christian missionaries who used derogatory words against Islam and called Allah a false God.†

Outline of the clinical characteristics of depression

Outline of the clinical characteristics of depression The formal diagnosis of major depression requires five of the following symptoms and evidence of serious distress or failure to function in everyday life. The following symptoms must be present for most of the time over a minimum period of two weeks. Symptoms of depression Sad depressed mood and feeling or behaving sad and empty Loss of interest and pleasure in usual activities Difficulty in sleeping ( insomnia or hypersomnia ) Lethargic or agitated Appetite ( loss so weight loss or increased so weight gain ) Loss of energy or great fatigue Negative self concept feeling of worthlessness and guilt. Difficulty in concentrating ( slowed thinking or indecisiveness ) Recurrent thoughts of death or suicide. Give two or more psychological causes of depression Cognitive Views about the worldPsychologist Aaron Beck suggested depression is the result of negative thinking and catastrophising which he called cognitive errors. (Beck 1991) maintained there are three components to depression which he called the cognitive triad. The cognitive triad. Views about oneself Views about the future As the cognitive triad components interact they interfere with normal cognitive processing which then leads to impairments in perception, memory and problem solving, the person then becomes obsessed with negative thoughts. In addition to the cognitive triad beck believed that depression prone individuals develop a negative self schema which means they possess a set of beliefs and expectations about themselves that are negative and pessimistic, which leads on to feeling and symptoms of depression. Negative self schemas can be acquired in childhood as a result of a traumatic event such as the death of a parent or sibling, parental rejection, bulling at home or school for example. People with negative self schemas become prone to making logical errors in their thinking and they tend to focus selectively on certain aspects of a situation while ignoring equally relevant information this is called cognitive distortions. An example of a cognitive distortion is someone believing that someone is whispering about them and they automatically assume it must be bad, ignoring the fact they could be whispering something good. Cognitive distortions include the following Arbitrary interference: drawing conclusions on the basis of sufficient or irrelevant evidence for example thinking you are worthless because a show you were going too was cancelled. Selective abstraction : focusing on a single aspect of a situation and ignoring others for example you feel responsible for your netball team losing a game even though your just one player on the team. Over generalisation: making a sweeping conclusion on the basis of a single event. Failing an exam, this means you will fail all exams and that you are stupid. Magnification and minimisation: exaggerating or underplaying the significant of an event for example you scratch the paint work on your car and therefore see yourself as a terrible driver. Personalisation: This is attributing the negative feelings of others to yourself for example your friend enters the room looking upset; you believe you must have upset her. Beck also suggested that that there individual differences that determine the type of event that can trigger depression for example sociotrapic personalities base their self esteem on the approval of others where as an autonomous person would react badly to their independence being challenged. The cognitive theory is one of the most influential models that explain negative thought processes. It explains that our emotional reaction seems to come from how we interpret and predict the world around us. The main problem with the cognitive approach to depression is that the theory is correlational, and that the argument is a circular one. Does depression cause negative thinking, or does negative thinking cause depression? Also it is a theory which is hard to test and research people seeking help for depression already have negative emotions and so it is not possible to access their cognitive process prior to the onset of the disorder. Secondly when participants are tested in research they are often already on drugs to manage the depression which could affect the result of the study. Finally thoughts are subjective experiences that are hard to test and measure which make proving the theory extremely difficult. A positive of the cognitive approach to depression is that it has many useful applications and has contributed to our understanding of human phenomenon and it has integrated well with other approaches. The psychodynamic explanation of the causes of depression The psychodynamic approach to understanding depression focuses on how the unconscious motives drive our behaviours and experiences. Freud explanation of depression lies in the early relationships with are parents, he noted that there is a similarity between grieving for a loved one and the symptoms of depression. Freud described depression as an excessive and irrational grief which occurs as a reaction to a loss, this loss evokes feelings associated with real or imagined affection from the person on whom the person was most dependants as a child. Both actual and symbolic losses lead us to re experience parts of our childhood, thus people with depression become clingy, dependant and can even regress to a child like state. Evaluate psychodynamic therapy in the treatment of depression In support of the psychodynamic theory people with depression do show dependant like behaviours as they often feel that they cannot manage everyday activities and rely heavily on others. In support of Freud theory on depression and understanding depression from the psychodynamic approach is Harlows research on privation conducted on rhesus monkeys separated from their mothers at birth, using surrogate mothers, a wire mother and a cloth mother he demonstrated that a mothers love was essential for a persons mental health. The experiment showed that infant monkeys separated from their mothers displayed signs of depression. In support of the psychodynamic approach to depression and frauds theories this approach is idiographic and so focuses on the individual. This means that the individuals problems are taken into account and they are not just diagnosed on the bias of others. A negative point on the psychodynamic theory is there is little experimental evidence for Frauds theories as most of his work was based upon case studies, this makes the approach highly subjective and un-testable as his finding were often biased to fit his theories, second to this frauds theory is often characterised as unscientific as it is difficult to observe and measure concepts such as actual and symbolic losses and regression. Also the case studies used to test Freuds psychodynamic theory were mainly middle aged, upper class, Austrian women. This means that his findings cannot be generalised to the wider population. This is also a problem as he developed his ideas on childhood from adults talking retrospectively of their pasts which is a problem because people recall information differently and memory and feelings fade. The ethical implications of psychodynamic therapy Directive therapy- due to the unconscious cause of the psychological problems and the resistance patients put up to the unconscious truths, the patient must trust the therapists interpretation and instructions. However psychoanalysis does occur under voluntary conditions. Psychoanalysis can be quite anxiety provoking as it can reveal disturbing repressed experiences. It is a humane form of treatment as it does not blame or judge the patient, who is not responsible for their problems. Outline the clinical characteristics of schizophrenia There are positive and negative symptoms of schizophrenia Positive symptoms are things additional to expected behaviour and include delusions, hallucinations, agitation and talkativeness. Negative symptoms which are things missing from expected behaviour, negative symptoms include a lack of motivation , social withdrawal , flattened affect, cognitive disturbances, poor personal hygiene and poor speech. Other characteristics of schizophrenia include- Auditory or visual hallucinations Flat emotions Delusions Disorganised speech Catatonic or disorganised behaviour Give two or more psychological explanations of schizophrenia Cognitive explanation for schizophrenia Cognitive explanations for schizophrenia acknowledge the role of biological factors such as genetic causes and a change of brain activity for the cause of initial sensory experiences of schizophrenia. However further features of the disorder appear as the individual attempts to understand them. The cognitive approach also suggests that schizophrenia is characterised by profound thought disturbance, this could be down to cognitive defects which can impair areas such as perception and memory. This could form cognitive biases and explain misconceptions and the way schizophrenia sufferers interpret there world. Schizophrenics normally first discover symptoms of voices and abnormal sensory experiences , this normally leads them to a friend or family member to confirm the experience when the experience is not confirmed this can lead to rejection of support. This leads to a belief that people around them are hiding the truth and the person with schizophrenia believes they are being manipula ted and persecuted. This shows the basis of schizophrenia is biology based however other symptoms such as hallucinations and delusions are formed after the failure to not except there reality these of which are cognitive. In support of the cognitive approach to schizophrenia Firth (1979) proposes that disruption to an attention filter mechanism could result in the thought disturbances of schizophrenia, as the sufferer is overloaded with sensory information. Studies on continuous performance and eye tracking tasks indicate schizophrenics do show more attentional problems than non schizophrenics. This means that perhaps reduced short term memory capacity could account for some schizophrenics cognitive distractibility. Hemsley (1993) suggested schizophrenics cannot distinguish between information that is already stored and new incoming information. As a result, schizophrenics are subject to sensory overload and do not know which aspect of a situation to attended to and which to ignore. One strength of the cognitive explanation when describing schizophrenia is that there is further support for this theory provided by Myer-Lindenberg ( 2002) they found a link between poor working memory ( which is typical of schizophrenics ) and reduced activity in the prefrontal cortex. Furthermore Schielke (2002) studied a patient who developed continuous auditory hallucinations as a consequence of an abscess in the dorsal pons. This suggests that there is wider academic credibility for the link between biological and cognitive factors causing schizophrenia. A second strength of the cognitive explanation of schizophrenia is that it takes on board the nurture approach to the development of schizophrenia. For example it suggests that schizophrenic behaviour is the cause of environmental factors such as cognitive factors. A weakness of the cognitive explanation is that there are problems with cause and effect. Cognitive approaches do not explain the causes of cognitive defects -where they come from in the first place. Is it the cognitive defects which cause schizophrenia behaviour or is it the schizophrenia that causes cognitive defects. A second weakness of the cognitive model is that it is reductionist the approach does not consider other factors such as genes. This suggests that the cognitive approach over simplifies the explanation of schizophrenia. The behavioural explanation of schizophrenia. The behavioural explanation suggests that schizophrenia is a consequence of faulty learning children who do not receive small amounts of reinforcement early in their lives will put larger attention into irrelevant environmental cues, for example: Taking attention to the sound of a word rather than its actual meaning. This behaviour will eventually appear weird or strange to others so will generally be avoided. Strange behaviours may be rewarded by attention and sympathy and so they are reinforced. This can continue until the behaviour becomes so strange that the person is then labelled as schizophrenic. Eventually the behaviour and psychological state deteriorates into a psychotic state. Evaluate cognitive behavioural therapies in the treatment of schizophrenia in terms of its strengths and weaknesses. The misinterpretation of events in the world is common in schizophrenia. Using cognitive therapy with schizophrenia requires the psychologist to accept that the cognitive distortions and disorganized thinking of schizophrenia are produced, at least in part, by a biological problem that will not cease simply because the correct interpretation of reality is explained to the client. Cognitive therapy can only be successful if the psychologist accepts the clients perception of reality, and determines how to use this misperception to assist the client in correctly managing life problems.   The goal is to help the client use information from the world (other people, perceptions of events, etc.) to make adaptive coping decisions. The treatment goal, for the cognitive therapist, is not to cure schizophrenia, but to improve the clients ability to manage life problems, to function independently, and to be free of extreme distress and other psychological symptoms. Advantages It directly challenges the problem and attempts a cure of the under lying symptoms. It gives the person some control over their own illness. Research has shown cognitive behavioural therapy can be as effective as medication Due to its highly structured nature cognitive behavioural therapy can be provided in a number of formats such as soft ware and self help books. Disadvantages In order to benefit from cognitive behavioural therapy you need to ensure you give a considerable amount of commitment which people with schizophrenia can lack. It could be argued that because cognitive behavioural therapy only addresses current problems it does not address underlying causes of the condition. Discuss the ethics of cognitive behavioural therapy Directive therapy due to the environmental determinism of behavioural problems, patients need to be re programmed with adaptive behaviour. Stressful can be painful and disturbing e.g. flooding and aversion therapy Humane specific maladaptive behaviours are targeted the whole person is not labelled. Outline the characteristics of anorexia Refusal to maintain body weight at or above a minimally normal weight for age and height. Intense fear of gaining weight Disturbance in the way in which ones body weight or shape is experienced, denial of the seriousness of the current low body weight. Absents of three consecutive periods. Socially withdrawn Refusal to eat despite hunger Give two or more psychological explanations of eating disorders Cognitive explanation of anorexia Cognitive psychologist has suggested that irrational attitudes and beliefs and distorted perception are involved in eating disorders. These beliefs normally concern unrealistic ideals or perception of body shape or irrational attitudes towards eating habits and dieting. For example: the disinhibition hypothesis once a diet has been broken one might as well break it completely by bingeing. Cognitive researchers have also proposed that suffers of anorexia are seeking to assert control over their life to an excessive idealistic extent. Bemis- Vitousek and Orimoto (1993) pointed out the kind of faulty cognitions that are typical in people with anorexia. For example: a common cognition is that dieting is a means of self control, but at the same time most people with anorexia are aware they are out of control because they cant stop dieting, even when it is threatening there life. These are faulty cognitions and maladaptive ways of thinking. The main problem with the cognitive explanation is that the theory is correlational and the argument is a circular one does negative thinking cause the eating disorder or does the eating disorder cause the negative thinking. Secondly the thoughts that are related to having an eating disorder are subjective experiences that are hard to test and measure, Also people seeking help for an eating disorder are already have negative emotions so it is not possible to test their cognitive processes prior to the onset of the disorder. Psychodynamic explanation of anorexia One view of the psychodynamic model of anorexia proposes that anorexia reflects an unconscious desire by a girl to stay pre-pubescent. Over dependence on parents may result in the adolescent fearing sexual maturity and independence. Bruch (1974) regarded anorectics as being in a struggle for control and their own identity, the pursuit of thinness was seen as a critical part of such a struggle. Bruch considered that there were two main characteristics of parents that made the development of anorexia more likely in their children. Firstly an over concern with food and secondly family relationships that did not assist the child in developing their own sense of identity particularly important was considered to be girls feeling that their needs were secondary to their mothers. The psychodynamic approach in relation to eating disorders is idiographic and so it focuses on the individual. This means the individuals problems are taken into account and they are not just diagnosed on the basis of others. There is little evidence for Freuds theories on eating disorders it is all based on feeling rather than hard evidence. All his case studies were a mainly middle aged, Austrian woman which means his findings cannot be generalised to the wider population. However Freuds idea that the anorexics refusal to eat was an unconscious denial of the adult role and they wished to remain a child. The timing of onset in anorexia and the loss of menstruation supports this idea. Evaluate behavioural therapy in the treatment of eating disorders. Cognitive behavioral therapy (CBT) is a common type of treatment for eating disorders. This branch of psychotherapy aims to help break large problems or situations into smaller more manageable parts and treats eating disorders in this same way. Cognitive behavioral therapy is a branch of psychotherapy that is based on the idea that all thoughts (cognition) and actions (behaviors) are related. This may not always be clear, so CBT aims to help individuals break down problems or situations into more manageable parts and examine the ways in which thoughts, emotions and actions were related in each other. Cognitive behavioral therapy allows individuals to examine the relationships between their thoughts, feelings and actions and in doing so allows individuals to understand that if they change the way that they think and feel, they will change the way that they act. For individuals suffering from eating disorders, understanding the relationships between thoughts, emotions and actions is highly important. Once these relationships are understood, the individual suffering from an eating disorder can replace the negative thoughts and emotions which have led to abnormal food and eating behaviors and with more positive thoughts and emotions that will lead back towards a healthy lifestyle. However, in order for these relationships to be clear, it may take several weeks of tracking tho ughts, feelings and food and eating behaviors before the individual will accept this proof. Often therapists will ask individuals to keep a journal or food diary in order to more accurately record their thoughts, feelings and actions towards food and eating during a given period of time. Discuss the ethics of behavioural therapy Behavioural therapy can induce a high level of anxiety which could be considered unethical Directive therapy due to the environmental determinism of behavioural problems; patients need to be re programmed with adaptive behaviour. Stressful can be painful and disturbing e.g. flooding and aversion therapy Humane specific maladaptive behaviours are targeted the whole person is not labelled.

The Shichi Go San and the Marimo Matsuri Festivals Essay -- pray, autum

Fall is the time for letting go of the old ways and bringing in the new life. Autumn is also the period where one harvests their desire to learn. Autumn is the time for departure but having already fulfilled in wisdom and maturity. Fall is also the time to be thankful for all the things that occurred in your life. In Japan, the fall festivals are a way for the people to pray and be thankful for the harvests. Some festivals that occur in Japan during this time of the year are: Marimo Matsuri, Nada no Kenka Matsuri, Sichi-Go-San, Tori no Ichi, and the Kawagoe Matsuri. To begin with, the Kawagoe Matsuri in the Saitama prefecture occurs on the third Saturday and Sunday in October. The main attraction of this festival is the floats that are pulled around the city. The largest highlight of this festival is the Hikkawase. This is a musical competition between different festival floats. The people perform a hayasi performance, which is a traditional Japanese orchestra of different instruments, such as the flute and drums. The floats that you might observe at this festival are called Edo-kei Kawagoe-gata, and they were usually built by the craftsmen in Edo and Kawagoe. These floats are about two stories high with a doll place on top. The Kawagoe Festival usually takes root from the Jinkosai festival, where elaborately decorated shrines are carried throughout the neighborhood. Next, the Marimo Matsuri occurs in Hokkaido around early October. This festival’s intention is to provide others with knowledge about the spherical algae and other creatures of the sea. Also, you can also learn about the history of the Ainu and their traditions. Marimo Matsuri was initially developed to shelter the endangered species of the marimo algae. The marimo... ...a. 3 Mar. 2014. . "Shichi-go-san." Go Japan Go. 2013. 3 Mar. 2014. . "Tori no Ichi (The Festival of the Rooster)." Kids Web Japan. 2014. 3 Mar. 2014. . "Tori no Ichi." ASAKUSA Torinoichi. 2002. 3 Mar. 2014. . "Tori-no-Ichi (Day of the Rooster): a guide to Tokyo's lucky festival." Lonely Planet. 2014. 3 Mar. 2014. . "Tori-no-Ichi." Japan: The Official Guide. 2014. 3 Mar. 2014. . â€Å"Tori no Ichi Fair.†Photograph. 2014. Tori-no-Ichi (Day of the Rooster): a guide to Tokyo’s lucky festival. Lonely Planet. Web. 03 Mar. 2014.

Profound Secret and Mystery in A Tale of Two Cities Essay -- Tale Two

Profound Secret and Mystery in A Tale of Two Cities The twists and turns of Charles Dickens's classic novel, A Tale of Two Cities, lead the reader from a quiet beginning to a violently shocking climax, after introducing dozens of complex characters and two very different plots that converge with a sickening crash of La Guillotine. Many of the characters in the story appear to be one-sided in the beginning, but as the plot continues, it reveals that "every human creature is constituted to be that profound secret and mystery to every other," as Dickens stated. His characters change and develop over the course of the book as Dickens contrasts what they appear to be and what they really are, revealing that no one can ever be completely understood - maybe not even by himself. Almost everyone has heard that you shouldn't judge a book by its cover, but one of Dickens's characters in A Tale of Two Cities had obviously never received this advice. When Madame Defarge came after Lucie, little Lucie and Doctor Manette in their temporary home in Paris, she probably expected to get what she wanted easily and quickly. She definitely didn't expect to be met with a great resistance from a single Englishwoman. When Miss Pross stopped Madame Defarge from entering Lucie's room, Madame Defarge discovered that "this was a courage that [she] so little comprehended as to mistake for weakness." Pross was a complete enigma to Madame Defarge - and this proved to be Defarge's downfall. Even though Madame Defarge had been in dozens of bloody skirmishes in the streets of Paris, her life was ironically ended when she underestimated a single desperate and determined English... ...ave Lucie, and finally his true nature shows itself when he says, "It is a far, far better thing that I do, than I have ever done; it is a far, far better rest that I go to than I have ever known." Sydney gave up his life for the happiness of someone he loved, after a lifetime of caring for nobody and living in self-contempt. Madame Defarge reveals herself as a ruthless killer, after being portrayed as a silent, harmless knitting-woman. And Miss Pross proves herself an unconquerable force after being introduced as a silly, comic character. These three characters show that nobody can truly be completely understood by another, and sometimes the strongest character traits are brought out under extreme circumstances, whether it is the best of times, the worst of times, the season of Light, or the season of Darkness.

Descriptive Language and The Lady of Shallot Essay -- The Lady of Shall

Descriptive Language and The Lady of Shallot In any piece of lyrical poetry, authors must masterfully use the language of the poem to covey the intended meaning. In order to ensure the meaning is not lost, it is imperative that the author incorporates various aspects of the narrative to escalate the poem past its face value. Alfred Tennyson’s poem â€Å"The Lady of Shallot† is no exception to the rule. From lines like â€Å"blue unclouded weather† and â€Å"the gemmy bridle glitter’d free†, one can draw that descriptive language is Tennyson’s tool to revealing the underlying meaning (Griffith 334). In each of the four parts of â€Å"The Lady of Shallot†, Tennyson uses descriptive language to convey his intended meaning to the audience. Tennyson uses Part I to show the setting of the poem, and introduces the Lady of Shallot to the audience. Part I starts off with a description of â€Å"Long fields of barley and†¦rye that clothe the wold (hilly, open country)† (Griffith 332). From this line in the opening stanza, the reader already gets a sense of where the poem takes place, a gently rolling countryside of utmost beauty. In the second stanza, lines like â€Å"Willows whiten, aspens quiver, little breezes dusk and shiver† further our mental picture of the setting (Griffith 332). Later in the stanza, we learn of â€Å"four gray walls, and four gray towers† and that â€Å"the silent isle imbowers the Lady of Shallot† (Griffith 332). Tennyson’s description in the last couple of lines of this stanza introduces the Lady of Shallot and gives a feeling of her isolation (which is quite important toward the poem’s meaning, and will be built on later in the piece). The final stanza in Part I tells how early morning workers â€Å"hear a song that echoes cheerly ... ...tiful and powerful. As soon as the Lady of Shallot decides to leave the tower, she knows her fate. And after she dies, the people of Camelot finally learn of the â€Å"fairy Lady of Shallot† (Griffith 332). Tennyson’s descriptive language in â€Å"The Lady of Shallot† is beautiful, and drastically enhances the meaning of the poem. The description of everything in the outside world is so vivid that it brings the Lady of Shallot to loose everything she has ever known. She is willing to give up her life to experience the brilliant things seen in her mirror†¦even if it is only for a few moments. Without Tennyson’s eloquent descriptiveness, â€Å"The Lady of Shallot† is much more than mere words. Bibliography: Work Cited Griffith, Kelley. â€Å"The Lady of Shallot† Narrative Fiction. Ed. Ted Buchholz. Fort Worth: Harcourt Brace College Publishers. 1994. 332-336.

Kudler Security Report

Kudler Fine Foods IT Security Report and Presentation Security Considerations CMGT/400 Kudler Fine Foods IT Security Report and Presentation Security Considerations According to Whitman and Mattord  (2010),  The ISO 27000 series is one of the most widely referenced security models.Referencing ISO/IEC 27002 (17799:2005), the major process steps include: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development, and maintenance, information security incident management, business continuity management, and compliance (Chapter 10, Security Management Models). 1.Risk assessment and treatment 2. Security policy: Focuses mainly on information security policy 3. Organization of information security: For both the internal organization and external parties 4. Asset management: Incl udes responsibility for assets and information classification 5. Human resources security: Ranges from controls prior to employment and during employment to termination or change of employment 6. Physical and environmental security: Includes secure areas and equipment security 7.Communications and operations management: Incorporates operational procedures and responsibilities, third-party service delivery management, systems palnning and acceptance, protection against malicious and mobile code, backup, network security management, media handling, exchange of information, electronic commerce services and monitoring 8. Access control: Focuses on business requirement for access control, user access management, user responsibilities, network access control, operating system access control, application and information access control, and mobile computing and teleworking 9.Information systems acquisition, development, and maintenance: Includes security requirements of information systems, correct processing in applications, cryptographic controls, security of system files, security in development and support processes, and technical vulnerability management 10. Information security incident management: Addresses reporting information security events and weaknesses and management of information security incidents and improvements 11.Business continuity management: Information security aspects of business continuity management 12. Compliance: Includes compliance with legal requirements, compliance with security policies and standards, and technical compliance and information systems audit considerations The â€Å"SANS: SCORE† (2012) website provides a free audit checklist for organizations to verify if they comply with the ISO 27002. The following table represents the SANS audit checklist as it relates to Kudler Fine Food’s frequent buyer program. Security policy: Focuses mainly on information security policy | |Section |Audit Question |Security Consider ations |Security concern if |Mitigation | | | | |removed | | |Information security policy|Whether there exists an Information |A security policy is |Without a security policy |Define what needs to be | |document |security policy, which is approved by the |necessary to guide all |in place the restriction |protected in order to | | |management, published and communicated as |access or to block |of information would be |develop a security policy. | | |appropriate to all employees. |access to information. |lost.Uncontrolled access|The importance of the | | | | |will result in the loss of|information should | | |Whether the policy states management | |company information. |determine the severity of | | |commitment and sets out the organizational| | |the security. | | |approach to managing information security. | | | | |Review of Informational |Whether theInformation Security Policy is|The security policy |Without the review of |Each policy should be | |Security Policy |reviewed at planne d intervals, or if |should be reviewed as |security policies they |reviewed periodically to | | |significant changes occur to ensure its |business practices, |will most likely become |ensure its effectiveness. | | |continuing suitability, adequacy and |hardware, software, and |out dated and lose | | | |effectiveness. |the way in which |usefulness. Each policy owner will be | | | |information is shared | |responsible for the review | | |Whether the Information Security policy |change. |Without giving each |of the policy. | | |has an owner, who has approved management | |section of the policy an | | | |responsibility for development, review and|Each part of the policy |owner the policy will have|Each change will be brought| | |evaluation of the security policy. should have an owner who|no one responsible for its|before management before | | | |is responsible for |maintenance. |being brought into action. | | |Whether any defined Information Security |keeping it up to date. | | | | |Pol icy review procedures exist and do they| |A policy to review new | | | |include requirements for the management |A review procedure |policies or changes made | | | |review. should be in place, each|to current policies should| | | | |change made should be |be in place to discourage | | | |Whether the results of the management |reviewed by management. |unauthorized changes. | | | |review are | | | | | |taken into account. | | | | | |Whether management approval is obtained | | | | | |for the revised policy. | | | |Organization of Information Security | |Section |Audit Question |Security |Security concern if |Mitigation | | | |Considerations |removed | | |Management commitment to|Whether management demonstrates active support for |An active role |Without the active support|A definition of the role | |information security |security measures within the organization.This can be|by management |of management the security|management should play in | | |done via clear direction, demonstrated commitment, |is needed to |policy will lose its |the commitment to the | | |explicit assignment and acknowledgement of information|ensure the |effectiveness. |security policy should be | | |security responsibilities. |effectiveness | |stated in the security | | | |of the security| |policy. | | | |policy. | | |Information security |Whether information security activities are |Security |Information security |Ensure that the owner of | |coordination |coordinated by representatives from diverse parts of |activities need|activities need to be |each policy is responsible | | |the organization, with pertinent roles and |to be |organized by employees |for all activities | | |responsibilities. |coordinated by |with higher roles and |associated with the | | | |representatives|responsibilities. The |policies. | | |that carry |security policies protect | | | | |pertinent roles|the information and all | | | | |and |activities associated with| | | | |responsibilitie|the security policy should| | | | |s. |be made by responsible | | | | | |parties. | |Allocation of |Whether responsibilities for the protection of |The business |Without a clear set of |A clear set of instructions| |information security |individual assets, and for carrying out specific |will suffer a |rules governing the |will be provided to ensure | |responsibilities |security processes, were clearly identified and |great many |protection of individual |that each individual asset | | |defined. |losses due to |assets and security |and each security process | | | |unclear |processes the business |is clearly defined. | | |detentions of |will surely suffer a loss. | | | | |procedures. | | | |Authorization process |Whether management authorization process is defined |Authorization |Without the use of an |Any and all information | |for information |and implemented for any new information processing |processes need |authorization system a new|processing facilities need | |processing facilities |facility within the org anization. to be clearly |information processing |to be given ownership to a | | | |stated in the |facility would be left |member of management. This| | | |security |vulnerable for attack. |member needs to ensure the | | | |policy. Any | |security policy is | | | |new information| |followed.Using the proper| | | |processing | |authorization system is | | | |facility needs | |critical to securing the | | | |to have an | |information contained | | | |authorization | |within. | | | |process | | | | | |implemented. | | |Confidentiality |Whether the organization’s need for Confidentiality or|The NDA should |Without the use of an NDA |The NDA needs to be | |agreements |Non-Disclosure Agreement (NDA) for protection of |be clearly |the legal ramifications |reviewed periodically to | | |information is clearly defined and regularly reviewed. |defined. This |are greatly lessened. A |ensure that any changes in | | | |will help to |business needs to protect |the business are reflected | | |Does this address the requirement to protect the |ensure the |its data to the fullest |in it. | | |confidential information using legal enforceable terms|information is |extent of the law. | | | |not | | | | | |compromised. | | | |Contact with authorities|Whether there exists a procedure that describes when, |This is |The time it takes to act |A plan must be in place for| | |and by whom: relevant authorities such as Law |important to |in an emergency is crucial|different types of | | |enforcement, fire department etc. should be |the physical |to keeping employees and |emergencies involving any | | |contacted, and how the incident should be reported. |security of the|the business safe. A plan|outside authorities. This | | | |business and |must be in place to avoid |can help to prevent | | | |the employee |potential losses due to |injuries and harm done to | | | |within. |unforeseen events. |employees and the business. |Contact with special |Whether appropriate contacts with special interest |Contacts with |Allowing a third party |A policy needs to define | |interest groups |groups or other specialist security forums, and |third party |group access to any |the steps needed to apply | | |professional associations are maintained |groups need to |information can be a risk |for special interest groups| | | |be approved my |to the business. All |and how the relationship is| | | |management. third party associations |maintained. | | | | |should be approved in | | | | | |advance by management. | | |Independent review of |Whether the organization’s approach to managing |Security |The loss of strength to |To ensure the highest level| |information security |information security, and its implementation, is |management |the security of |of security a review should| |reviewed independently at planned intervals, or when |should be |information can occur |be implemented periodically| | |major changes to security implementation occur. |reviewed at |through time (small |and whenever a major change| | | |planned |changes) or when a major |takes place. | | | |intervals and |change has taken place. | | | | |when major | | | | | |changes occur. | | |Identification of risks |Whether risks to the organization’s information and |Allowing third |Allowing third parties |Strict rules and an access | |related to external |information processing facility, from a process |parties access |access to the business |policy must be implemented | |parties |involving external party access, is identified and |to the network |network and the contents |to allow a third party | | |appropriate control measures implemented before |poses serious |of the business systems |access to any information | | |granting access. |risks to the |poses a serious threat to |in the business. | | | |integrity of |the integrity of the | | | | |the |system. | | | |information. | | | |Addressing security when|Whether all identified security requirements are |Allowing |Allowing customers access |Access to information by | |dealing with customers |fulfilled before granting customer access to the |customers with |to information in the |customers should be stated | | |organization’s information or assets. |the access to |business system poses a |in the security policy. | | | |certain |threat. Customers should only be | | | |information can| |allowed access to minimal | | | |help to | |information, a separate | | | |increase | |website or informational | | | |customer base | |address. | | | |and customer | | | | | |awareness. | | |Addressing Security in |Whether the agreement with third parties, involving |All third party|Agreeing with a third |Any third party contract | |third party agreements |accessing, processing, communicating or managing the |agreements |party contract can hold |should be reviewed by the | | |organization’s information or information processing |should be |some legal ramifications. |legal department to ensure | | |facility, or introd ucing products or services to |reviewed before| |the contract agrees with | | |information processing facility, complies with all |implementation. | |all of the businesses | | |appropriate security requirements | | |security requirements. |Asset Management | | | |Section |Audit Question |Security Considerations |Security concern if |Mitigation | | | | |removed | | |Inventory of Assets |Whether all assets are identified and an |The businesses assets |Without a clear definition|Each new asset will be | | |inventory or register is maintained with |need to be registered to|of assets the business |registered and assigned an | | |all the important assets. |ensure their safety. |could suffer a loss or |owner. | | | |theft of assets. | | |Ownership of Assets |Whether each asset identified has an |The security policy must|The business could suffer |Each new asset should have | | |owner, a defined and agreed-upon security |include clearly defined |a loss without giving the |an owner and restr ictions | | |classification, and access restrictions |parameters for |asset an owner and |to its access. | | |that are periodically reviewed. |registering assets. defining access | | | | | |restrictions. | | |Acceptable use of Assets |Whether regulations for acceptable use of |Legal issues and profits|Without regulations on the|Defineing all acceptable | | |information and assets associated with an |losses could occur from |use of assets the company |uses of business assets is | | |information processing facility were |the misuse of assets. |could suffer losses and |crucial. | | |identified, documented and implemented | |legal issues. | |Classification guidelines |Whether the information is classified in |Classification of |By classifying information|All information should be | | |terms of its value, legal requirements, |information is crucial |is can be easier to |classified in terms of its | | |sensitivity and criticality to the |to the business. This |determine who has access |va lue, legal requirements, | | |organization. |will determine who has |to it. |and sensitivity to ensure | | | |access to the | |it is only accessible to | | | |information. |authorized users. | |Information Labeling and |Whether an appropriate set of procedures |A set of organizational |Unorganized information |All information should be | |handling |are defined for information labeling and |parameters should be |can result in the loss of |organized within a set of | | |handling, in accordance with the |devised to create a |the information. |parameters defined in the | | |classification scheme adopted by the |classification scheme. | |classification scheme. | | |organization. | | | |Human Resources Security | |Section |Audit Question |Security Considerations |Security concern if |Mitigation | | | | |removed | | |Roles and responsibilities |Whether employee security roles and |All personnel authorized|Unauthorized access of |All confidential | | |responsibilities, contractors and third |to access confidential |this information could |information should be | | |party users were defined and documented in|information needs to be |result in identity theft. |handled by authorized | | |accordance with the organization’s |identified by management| |personnel only. | |information security policy. |team. | | | | | | | | | | |Were the roles and responsibilities | | | | | |defined and clearly communicated to job | | | | | |candidates during the pre-employment | | | | |process | | | | |Screening |Whether background verification checks for|All applicants |If not performed, persons |All employees should be | | |all candidates for employment, |considered for |with a history of theft |free of any criminal | | |contractors, and third party users were |employment have to |could be hired. |history that may cause | | |carried out in accordance to the relevant |undergo a criminal | |concern to the company. | | |regulations. |background check prior | | | | | |to a job offer bei ng | | | | |Does the check include character |made. | | | |reference, confirmation of claimed | | | | | |academic and professional qualifications | | | | | |and independent identity checks | | | | |Terms and conditions of |Whether employee, contractors and third |Management must define |Unauthorized access of |To prevent confidential | |employment |party users are asked to sign |what information is |this information could be |information to be disclosed| | |confidentiality or non-disclosure |confidential in |used for personal use. |to unauthorized persons. | | |agreement as a part of their initial terms|accordance to existing | | | | |and conditions of the employment contract. |laws and company policy. | | | | | | | | | | |Whether this agreement overs the | | | | | |information security responsibility of the| | | | | |organization and the employee, third party| | | | | |users and contractors. | | | | |Management responsibilities|Whether the management requires employees,|Management must define |Unauthorized access could |To prevent confidential | | |contractors and third party users to apply|which users have to have|be used for personal gain. |information to be disclosed| | |security in accordance with the |this access. | |to unauthorized persons. | |established policies and procedures of the| | | | | |organization. | | | | |Information security |Whether all employees in the organization,|Management and Loss |Private information could |To educate all personal | |awareness, education and |and where relevant, contractors and third |Prevention must develop |be disclosed to |about privacy policy. | |training |party users, receive appropriate security |a training program and |unauthorized persons for | | | |awareness training and regular updates in |establish how often it |personal use. | | |organizational policies and procedures as |needs to be | | | | |it pertains to their job function. |administered. | | | |Disciplinary process |Whether there is a formal discipl inary |Management must |Private information could |To advise employees what | | |process for the employees who have |establish corrective |be disclosed to |recourse their actions will| | |committed a security breach. |action measures if there|unauthorized persons for |have. | | | |is a security breach. |personal use. | |Termination |Whether responsibilities for performing |Management must advise |If an employee was not |To define the procedures of| |responsibilities |employment termination, or change of |what actions will |properly terminated could |terminating employment. | | |employment, are clearly defined and |terminate employment and|result in a lawsuit. | | | |assigned |what procedures are | | | | | |involved in the | | | | | |termination process. | | |Return of assets |Whether there is a process in place that |Management must define |If not returned, certain |To ensure that all | | |ensures all employees, contractors and |what materials employees|company items could be |appro priate company | | |third party users surrender all of the |must return upon |used for personal use. |materials are returned. | | |organization’s assets in their possession |employment. | | | | |upon termination of their employment, | | | | | |contract or agreement. | | | |Removal of access rights |Whether access rights of all employees, |Management will define a|If not defined, it is |To prevent unauthorized | | |contractors and third party users, to |timeframe in which a |possible that a terminated|personnel from accessing | | |information and information processing |terminate employee |employee could still |company information. | | |facilities, will be removed upon |access is removed |access company | | | |termination of their employment, contract | |information. | | | |or agreement, or will be adjusted upon | | | | | |change. | | | |Physical and Environmental Security | |Section |Audit Question |Security Considerations |Security concern if |Mitigation | | | | |removed | | |Physical security perimeter|Whether a physical border security | | | | | |facility has been implemented to protect | | | | | |the information processing service. | | | | | | | | | | | |Some examples of such security facilities | | | | | |are card control entry gates, walls, | | | | | |manned reception, etc. | | | |Physical entry controls |Whether entry controls are in place to |Physical access to |potential for security |server room should be | | |allow only authorized personnel into |system |breach through |locked with access | | |various areas within the organization. | |unauthorized access to |restricted to authorized | | | | |physical equipment. |personnel.Sophistication | | | | | |of restraint would be | | | | | |dependent upon importance | | | | | |of information and budget. | |Securing offices, rooms, |Whether the rooms, which have the | | | | |and facilities |information processing service, are locked| | | | | |or have lockable cabinets or safes. | | | |Protecting against external|Whether the physical protection against |corruption and/or loss |loss of critical data. |Data and system redundancy,| |and environmental threats |damage from fire, flood, earthquake, |of information due to | |off-site storage and/or | | |explosion, civil unrest and other forms of|environmental conditions| |multiple servers at | | |natural or man-made disaster should be | | |different locations. | | |designed and applied. | | | | | | | | | | |Whether there is any potential threat from| | | | | |neighboring premises. | | | | |Working in secure areas |Whether physical protection and guidelines| | | | | |for working in secure areas is designed | | | | | |and implemented. | | | | |Public access delivery and Whether the delivery, loading, and other | | | | |loading areas |areas where unauthorized persons may enter| | | | | |the premises are controlled, and | | | | | |information processing facilities are | | | | | |isolated, to avoid unauthorized access | | | | |Equipment sittin g |Whether the equipment is protected to | | | | |protection |reduce the risks from environmental | | | | | |threats and hazards, and opportunities for| | | | | |unauthorized access | | | | |Supporting utilities |Whether the equipment is protected from | | | | | |power failures and other disruptions | | | | | |caused by failures in supporting | | | | | |utilities. | | | | | | | | | | |Whether permanence of power supplies, such| | | | | |as a multiple feed, an Uninterruptible | | | | | |Power Supply (ups), a backup generator, | | | | | |etc. are being utilized. | | | | |Cabling security |Whether the power and telecommunications | | | | | |cable, carrying data or supporting | | | | | |information services, is protected from | | | | | |interception or damage. | | | | | | | | | | |Whether there are any additional security | | | | | |controls in place for sensitive or | | | | | |critical information. | | | | |Equipment Maintenance |Whether the equipment is correctly | | | | | |maintained to ensure its continued | | | | | |availability and integrity. | | | | | | | | | | |Whether the equipment is maintained, as | | | | | |per the supplier’s recommended service | | | | | |intervals and specifications. | | | | | | | | | | | |Whether the maintenance is carried out | | | | | |only by authorized personnel. | | | | | | | | | | |Whether logs are maintained with all | | | | | |suspected or actual faults and all | | | | | |preventive and corrective measures. | | | | | | | | | | | |Whether appropriate controls are | | | | | |implemented while sending equipment off | | | | | |premises. | | | | | | | | | | |Are the equipment covered by insurance and| | | | | |the insurance requirements satisfied | | | | |Securing of equipment |Whether risks were assessed with regards |off-site data storage |off-site data may be |proper security measures in| |off-premises |to any equipment usage outside an |centers provide a level |compromised or otherwise |place to ensure integrity | | |o rganization’s premises, and mitigation |of redundancy to |corrupted due to |of data. | | |controls implemented. maintain integrity in |insufficient security | | | | |the event of a local |measures | | | |Whether the usage of an information |breach | | | | |processing facility outside the | | | | | |organization has been authorized by the | | | | | |management. | | | |Secure disposal or re-use |Whether all equipment, containing storage | | | | |of equipment |media, is checked to ensure that any | | | | | |sensitive information or licensed software| | | | | |is physically destroyed, or securely | | | | | |over-written, prior to disposal or reuse. | | | | |Removal of property |Whether any controls are in place so that | | | | | |equipment, information and software is not| | | | | |taken off-site without prior | | | | | |authorization. | | | |Communications and Operations Management | |Section |Audit Question |Security Considerations |Security concern if |Mitigation | | | | |rem oved | | |Documented Operation |Whether the operating procedure is |Management should set |Without direction, |To establish how the | |Procedures |documented, maintained and available to |guideline about how each|employees would not know |company is to operate on a | | |all users who need it. |function should operate |what to do throughout the |daily basis. | | | |in the company. |day. | | |Whether such procedures are treated as | | | | | |formal documents, and therefore any | | | | | |changes made need management | | | | | |authorization. | | | | |Change Management |Whether all changes to information | | | | | |processing facilities and systems are | | | | | |controlled. | | | |Segregation of duties |Whether duties and areas of responsibility|Management is |No one would be |To establish accountability| | |are separated, in order to reduce |responsible for |responsible for ensuring |for task performed in each | | |opportunities for unauthorized |assigning area of |tasks are complete d. |area. | | |modification or misuse of information, or |responsibility. | | | | |services. | | | |Separation of development, |Whether the development and testing |Management needs to |Incorrect information |To prevent incorrect | |test, and operational |facilities are isolated from operational |establish a separate |could cause a delay in |information is not given to| |facilities |facilities. For example, development and |network. |production or development. |incorrect personnel. | | |production software should be run on | | | | | |different computers.Where necessary, | | | | | |development and production networks should| | | | | |be kept separate from each other. | | | | |Service delivery |Whether measures are taken to ensure that |Define what measures are|Goods and services will |To ensure that service | | |the security controls, service definitions|needed and establish who|not be done in a timely |level is established and | | |and delivery levels, included in the third|to monit or. |manner. |maintained. | |party service delivery agreement, are | | | | | |implemented, operated and maintained by a | | | | | |third party | | | | |Monitoring and review of |Whether the services, reports and records |Define what measures are|Goods and services will |To ensure that service | |third party services |provided by third party are regularly |needed and establish who|not be done in a timely |level is established and | | |monitored and reviewed. |to monitor. |manner. |maintained. | | | | | | | |Whether audits are conducted on the above | | | | | |third party services, reports and records,| | | | | |on regular interval. | | | | |Managing changes to third |Whether changes to provision of services, |Define what measures are|Goods and services will |To ensure that service | |party services |including maintaining and improving |needed and establish who|not be done in a timely |level is established and | | |existing information security policies, |to monitor. |manner. |maintai ned. | | |procedures and controls, are managed. | | | | | | | | | | |Does this take into account criticality of| | | | | |business systems, processes involved and | | | | | |re-assessment of risks | | | | |Capacity management |Whether the capacity demands are monitored|Management must decide |Systems will not be able |To establish who will | | |and projections of future capacity |if a third party will be|to process information |monitor computer systems. | | |requirements are made, to ensure that |needed to assist with |needed in a timely manner. | | | |adequate processing power and storage are |their IT needs. | | | | |available. | | | | | | | | | | |Example: Monitoring hard disk space, RAM | | | | | |and CPU on critical servers. | | | | |System acceptance |Whether system acceptance criteria are |Management must decide |Systems will not be able |To establish who will | | |established for new information systems, |if a third party will be|to process information |monitor computer syst ems. | | |upgrades and new versions. |needed to assist with |needed in a timely manner. | | | | |their IT needs. | | | |Whether suitable tests were carried out | | | | | |prior to acceptance | | | | |Controls against malicious |Whether detection, prevention and recovery|IT personnel must ensure|Unauthorized access could |Establish measures to | |code |controls, to protect against malicious |proper measures are in |lead to system shut down. |protect from virus and | | |code and appropriate user awareness |place. | |malware. | | |procedures, were developed and | | | | | |implemented. | | | | |Controls against mobile |Whether only authorized mobile code is | | | | |code |used. | | | | | | | | | | |Whether the configuration ensures that | | | | | |authorized mobile code operates according | | | | | |to security policy. | | | | | | | | | | | |Whether execution of unauthorized mobile | | | | | |code is prevented. | | | | | | | | | | |(Mobile code is software code that | | | | | |transfers from one computer to another | | | | | |computer and then executes automatically. | | | | | |It performs a specific function with | | | | | |little or no user intervention. Mobile | | | | | |code is associated with a number of | | | | | |middleware services. | | | | |Information backup |Whether back-ups of information and |IT personnel will ensure|If not properly manage |To establish back up and | | |software is taken and tested regularly in |that system is properly |could result in loss of |recover of data procedures. | | |accordance with the agreed backup policy. |working. |data. | | | | | | | | | |Whether all essential information and | | | | | |software can be recovered following a | | | | | |disaster or media failure. | | | |Network Controls |Whether the network is adequately managed |IT personnel must ensure|Unauthorized access could |Establish measures to | | |and controlled, to protect from threats, |proper measures are in |lead to system shut down. |protect from virus and | | |and to maintain security for the systems |place. | |malware. | | |and applications using the network, | | | | | |including the information in transit. | | | | | | | | | | |Whether controls were implemented to | | | | | |ensure the security of the information in | | | | | |networks, and the protection of the | | | | | |connected services from threats, such as | | | | | |unauthorized access. | | | |Security of network |Whether security features, service levels |IT/Third party will |The company may not be |To establish what security | |services |and management requirements, of all |advise management the |aware of what is needed to|features of needed to | | |network services, are identified and |necessary requirements |secure the network and the|maintain the network. | | |included in any network services |needed for the network. |system is broken into | | | |agreement. | |compromising information. | | | | | | | | |Whether the ability of the network service|