Online writing essay
Research Paper Topics For Business Intelligence
Wednesday, August 26, 2020
The Low Cost Airline Air Arabia Tourism Essay Example
The Low Cost Airline Air Arabia Tourism Essay Air Arabia is one of the ease air hoses of UAE, situated in Sharjah. It before long is runing in more than 45 finishs comprising of major metropoliss in south-east Asia, Middle-East and not many pieces of cardinal Asia and Africa. Air Arabia is other than enlisted in AACO or Arab Air Carriers Organization In the ongoing mature ages the threat because of its substitution rivals was about invalidated. They stood no place in forepart of Air Arabia however there had been an unchanging danger from the moving toward new adversaries. In spite of the fact that the new adversaries were non bounty to question Air Arabia, there was still a type of hazard in light of the fact that the Numberss of such opponents were expanding twenty-four hours by twenty-four hours. In UAE abdominal muscle initio there were many air administration providers, yet in the ongoing occasions Air Arabia has end up being the most strong one contrasted with its old opponents. With the expanding oil fiscal qualities the opponents of Air Arabia expanded their money related qualities, yet Air Arabia kept its low spending menus so as to determine increasingly more open help at the expense of ephemeral misfortune or little fringy expansion. We will compose a custom article test on The Low Cost Airline Air Arabia Tourism explicitly for you for just $16.38 $13.9/page Request now We will compose a custom article test on The Low Cost Airline Air Arabia Tourism explicitly for you FOR ONLY $16.38 $13.9/page Recruit Writer We will compose a custom exposition test on The Low Cost Airline Air Arabia Tourism explicitly for you FOR ONLY $16.38 $13.9/page Recruit Writer The minimal effort bearers are viable to such an extent that they helped Air Arabia win Merit Award for CAPA Low Cost Airline of the Year 2006 and the World Airline Award for Best Low-cost Airline in the Middle East in 2007. The greatest hazard that Air Arabia has is from its adversaries. The ground for the equivalent is that one time an organization gets a remark of disappointing its customers by non making as promoted, the opponents exploit. Key plans include: Entering in new areas and in this manner taking reliance on singe segment ( ease conveyor ) . Masterminding financess to buy more financess. Adjusting between expanding rising costs and directing the fiscal estimations of the tickets. Geting new and little air hoses for quicker development. Geting recorded at new airdromes and get bringing down activity in new topographic focuses. Supporting specialists s Emiritization plan to secure progressively government support. Discussing the execution of plans, for expanding its selling measurement, the organization has put over DH one million in footings of Ads, both on the web and print media. This would result in a drawn out total compensation for the organization, however it s rather a substantial total on the balance of organization s current situation. More incorporates: Global flight connecting Abu Dhabi to in excess of 45 worldwide finishs in USA, Indian subcontinent and so forth. Air Arabia extended 4.6 million riders, an expand of about 65.8 % over in 2006. ( Lowcostairlinesworld, 2009 ) Alongside this, it other than complained 175,000 dozenss of load in 2007, which is an expansion of more than 75 % than the twelvemonth 2006. Presentation: Air Arabia is one of the ease air hoses of UAE, situated in Sharjah. It before long is runing in more than 45 finishs comprising of major metropoliss in south-east Asia, Middle-East and not many pieces of cardinal Asia and Africa. Air Arabia is other than enrolled in AACO or Arab Air Carriers Organization . It was the main low-admission association in the Middle-East, began on third February in the twelvemonth 2003. It offers around 40 % less money related an incentive than the other air hoses. The central base of the air hose is Sharjah. In 2007 it was the first to offer open 55 % of its stock. It on a very basic level targets pulling the individuals. After its establishment it continued dispersing in administrations. For the clasp in 2008 it needed to embrace out from the Nepal part because of some uncertain political and monetary issues. It has teamed up with numerous other air hoses in numerous pieces of the universe. Vision: A definitive finish of the organization is to put itself at the highest point of all the Low-toll air hoses in UAE and in Gulf. The cardinal qualities of Vision of the organization are as per the following: aëâ ? Growing its airplane scope aëâ ? To flexibly support on more figure of ways aëâ ? To uplift effectiveness of activities aëâ ? Furthermore, to expand its gross keeping a low and straightforward development of low air-charge industry. Strategic: The organization s strategic structure and making multi-utilitarian crew, expansion gross and offering an incentive for cash benefits in the part. A definitive strategic to pass on an upheaval in the dread business by new and progressed corporate rules. Industry foundation: The air hoses industry of UAE is immense in the event that we take a gander at the figure of administration providers. There are figure of minimal effort air hoses. National air hoses of UAE other than air Arabia incorporate Gulf Air, Emirates and Etihad. Bay air was begun quite a while in the past in 1950. It gives a figure of establishments to its clients. First it has given numerous locally available establishments to kids underneath the age of 12. For the worry related individuals it gives the BBC universe knowledge. It other than gives separate dinning to the riders. It is treated as a standard national trip for the majority of the purposes. Emirates air hoses were presented after Gulf Air in 1985. It is other than considered as a national flight. It has won a few honors for its administrations. This air hose comprises of many planes both for open and private issues. Etihad is the latest one and was presented after air Arabia in a similar twelvemonth. It had other than gotten ra ther mainstream however could non strive with Air Arabia on minimal effort. A Kam air menu is other than considered as one of the minimal effort air hoses in UAE. Among all the bing national air hoses stone earth day of the month Air Arabia is viewed as the least expensive 1. It is non viewed as a trip with the best establishment ready yet of class it offers a modest menu t its customers. The establishments gave by these national air hoses to their customers fluctuate from one another. All these air hoses incredibly add to the national financial arrangement of UAE. Explanation of occupation: In this investigation, we will talk about the cardinal plans of Air Arabia, proxy plans accessible, execution, and SWOT, PEST and adversary examination of Air Arabia. For this worry, a meeting with a chief of the organization is sorted out. The Manager expressed that Air Arabia is making great acceptable in its circle which is before long thought to minimal effort air hose segment. For long haul position, the organization is taking to come in a greater number of segments than this by itself. There are figure of vital occupations the organization is standing up to. These are: Entering in new segments and in this way taking reliance on burn segment ( minimal effort carrier ) . Orchestrating financess to buy more financess. Adjusting between expanding rising costs and ordering the financial estimations of the tickets. Geting new and little air hoses for quicker expansion. Geting recorded at new airdromes and get bringing down activity in new topographic focuses. Supporting specialists s Emiritization plan to get progressively government support. Investigation: Ecological or Industrial Analysis: Air Arabia puts stock in providing a predominant and cost effective life emotionally supportive network by introducing propelled establishments and more handiness to determine customer fulfillment. It intends to be an organization that has worth and significance dependent on kind of administrations it gives. The association has certain moral intentions with regards to staffing and crew work, keeping customer relationship, honestness, honesty, and flexibleness are that fulfill the confirmations. The customers of the Air business are in all signifiers. The airplanes are utilized for the security of states thus travel to the specialists. At that point shippers and exporters of the market that import merchandise from each piece little as veggies to automobiles. So in twist we other than are using these administrations. They are utilized for the individuals to go. The airplanes are the mass signifier of travel in the ongoing occasions. Watchman s five powers investigation The danger of utility opponents: In the ongoing mature ages the danger because of its substitution rivals was about invalidated. They stood no place in forepart of Air Arabia. Different substitutions stayed with on intensifying and the Air Arabia continued bettering talking in footings of net gain in the market. Different organizations could non offer such a low menus when contrasted with Air Arabia whose menus were solitary. The threat of the section of new adversaries There had been an unchanging hazard from the moving toward new adversaries. Each now thus numerous new organizations were propelled alongside the bing 1s. They all attempted to fit up to the level of Air Arabia however at last neglected to go on a long count. They met with gigantic misfortune lastly wound up in expanding the expense. Every one of these opponents attempted to duplicate Air Arabia dependent on administration it gives, yet they neglected to tweak them on a customary balance dependent on open fulfillment and request. The quality of competitory rivalry Despite the fact that Air Arabia kept on administering the market in the ongoing mature ages, it had non been a simple occupation. It at any point needed to keep up itself vigilant and modifying. Despite the fact that the new opponents were non bounty to contest Air Arabia, there was still a type of danger in light of the fact that the Numberss of such adversaries were expanding twenty-four hours by twenty-four hours. Air Arabia needed to keep up an investigation of the prevailing economic situations and take safe conclusions to look after voyaging. Promoting feature of the organization got significant in keeping the commercial center. The bartering intensity of customers Sing the bartering power in occurrence of Air Arabia is a simple thing on the off chance that we contrast it and the establishments it gives and the insufficiency of capable adversaries. People groups were non much into haggling since Air Arabia had been the best accessible among all the others.
Saturday, August 22, 2020
Cost-effective means
There are numerous points of interest of doing both protection and saving money with a similar organization. In the first place, it is a savvy methods for overseeing resources and protection concerns, empowering shoppers to spare time, vitality, and cash spent on exchanges. Second, coordinated protection and banking makes it simpler for the purchaser to impart their requirements regarding protection asserts and suitable installment changes as for crisis and emergency conditions. Finally, it empowers a person to manufacture a more profound relationship with the bank and to all the more likely become acquainted with its services.On the drawback, doing both protection and managing an account with a similar organization builds the dangers of losing protection installments and different resources when the organization loses cash from its speculations or is influenced by crimes. In spite of the fact that cash and different stores in a banking or insurance agency are safeguarded by the Fede ral Deposit Insurance Corporation, it just repays up to a foreordained sum which may be not exactly a consumerââ¬â¢s genuine bank or protection deposits.2. ) I am not as alright with doing my financial exchanges online likewise with an agent in a physical bank because of security and protection concerns. The web stays a dangerous stage for directing touchy exchanges as crooks are creating strategies to catch appropriate buyer and monetary information nearly as quick as web based financial security specialists are attempting to grow increasingly modern methods for making sure about web banking services.In a similar way, I would not be as open to working with a protection operator for my financial needs as I would be with a financial agent since I would stress over an individual having an excessive amount of data about my money related status and assets. 3) Among the administrations that a buyer gets from a physical bank that probably won't be as effortlessly gave by an online bank are mechanized teller machines for helpful store and withdrawals, and individual, top to bottom meetings about financial administrations that could be practiced just by strolling into a bank or its branch.
Physical Anthropology-Free-Samples for Students-Myassignmenthelp
Question: Examine about the Anatomical changes that are required for the progress to Bipedalism. Answer: Bipedalism is where it clarifies the attributes of current people that have experienced the procedure of development throughout the years. It attempts to distinguish the proof of the procedure in the fossil that assists with deciding the weight that the individuals have confronted that has constrained them to achieve the procedure of advancement. There can be number of components that affect the procedure of advancement of individual. These elements are being broke down by bipedalism (White et al., 2015). Bipedalism alludes to development, among different quantities of species there are not very many who can stroll on two legs. There are some particular varieties who practice this procedure which will be which is known as facultative bipedalism. There are times when octopus strolls on their hands or practice bipedalism which is brief in nature. In this procedure they put their six legs over their head and stroll on rest of the two. They utilize this procedure so as to disguise themselves (Barrett Maidment, 2017). Constant bipedalism which is otherwise called commit bipedalism is an uncommon qualities methods for transportation. There are not many species that are available at the present time who practice constant bipedalism. The species that training routine bipedalism incorporates individuals and kangaroos. This species show attributes where the species have utilized bipedalism yet at the same time they hold the arboreal conduct. Around a huge number of long stretches of back there was an enormous change in the climatic state of earth where there was a huge drop in temperature. During this period there was a huge decrease in ocean level, which brought about difference in ocean level. There was a shortage of water which brought about decrease of backwoods which evaporated soon thusly there was a development of forest and plain domain (Dunbar et al., 2014). Broad examination has made an inference that the progenitors of people used to live in a territory which was comprised of wood. The investigation have likewise indicated that there were some early bipedal highlights which were held by people, for example, long arms which were utilized by our predecessors to climb trees while living in the forest. The DNA proof shows the confirmation that the individuals and the primates share a similar DNA attributes. This comprehension has and will help later on during the time spent investigation of the advancement in the people (Granatosky, Tripp Schmitt, 2016). Conduct changes may go with these physical changes In spite of the fact that bipedalism isn't viewed as the best or the best structure for the situation of type of running just as strolling however it carries a various positive alternatives, which can contribute monstrously towards strolling. It is as yet not extremely obvious from the investigation why our progenitors experienced and advancement and why they embraced bipedalism type of strolling (Zeininger, Shapiro Raichlen, 2017). Theory shows that the bipedalism can convey the food and different things to a more drawn out separation which is the liberating of forelimbs for scrounging, apparatus use, or insurance; moving more vitality productively than different types of primate quadrupedalism; and the advancement of significant distance running (Ingham et al., 2017). Bipedalism can without much of a stretch cool their internal heat level which is known as thermoregulation. Regardless of an absence of accord about the starting points of bipedalism, numerous if not the vast majority of these proposed theories are not totally unrelated. A blend of various determination weights may have been answerable for driving bipedal advancement (Langdon, 2016). The physical changes that happens because of the progress from Quadrupedalism to Bipedalism. Feet In this progress of bipedalism, the human feet have enormous and extended feet. The feet being enormous assistance to hold up under the measure of weight of the human body. The feet of the human assists with going about as a stage in supporting the whole body weight .The people currently have legitimate toes and feet which are littler than their bipedal precursors. This incorporates a non-opposablehallux, which is migrated in accordance with different toes (Machnicki et al., 2016). When the non-human primates walk upstanding, the heaviness of the impact point is transmitted to the foot and afterward along the outside of the foot lastly it is reached to the large toe. Appendages There is an expansion in the length of the leg when there was a change from quadrupedalism to bipedalism and there has been a transformation and it has been seen that the leg muscles is worked in upstanding stride. In people the push for strolling originates from the leg muscles which are acting at the lower leg. The more drawn out the leg, which permits the use of the leg and the muscle of the appendage have normal swing while at the same time strolling. The aftereffect of which is that the human forelimb are not required for the velocity and it is utilized for holding or conveying or controlling articles with incredible accuracy (Osborn,2013). The chimps which used to exist numerous years prior could remain on the rear appendages however they can't be do it for a more drawn out timeframe. The femurs are not adjusted for the bipedalism.The gorillas have the vertical femurs yet the people have the femurs are calculated in the medium situation from the hip to the knee. The knees are held nearer together and under the bodys focal point of gravity. Skull The human skull is that part of the body which is adjusted and it has a vertebral coloumn.The foramen magnum which is supposed to be poorly situated under the skull. This causes the human body to stand upstanding; this puts the entire load of the head behind the spinal rope. The human face helps in the keeping up of the occipital condyles (Pontzer, 2017). The muscles of the human brow, helps the human in their appearance. The size of the mind is likewise noteworthy and assists with expanding the cerebrum size. The progress occurred around 2.4 million years where present day level of the mind size couldn't be achieved till 500000 years. The life systems in human shows that the minds are very bigger than that of the typical size(Pontzer, Raichlen Rodman, 2014). Spinal Column It is imperative to keep up the parity in the middle of two legs.The vertebral or the spinal segments of the human is twist in the forward or the lumbar area or a retrogressive curve in the thoracic (upper) district. The lumbar spine causes the body to be straight and it necessitates that the more the strong exertion for bipedal creatures. The human body inclines forward and they utilize less solid endeavors, in order to stand or walk straight and upstanding. Along these lines it is crafted by both the lumbar and the thoracic bends which carries the bends of the body to the focal point of gravity legitimately over the feet. The body of the people is slanted in such a manner the body erection is altogether littler with the goal that it can ration the vitality Pelvis Today in the quadruped, the focal point of the gravity in people is situated close to the middle. Accordingly it is close to the focal point of which the pelvis is found. At the point when the person is strolling then it gravity shifts from one side of the pelvis to the opposite side. The biepedalism needs extraordinary adaption and the gluteal muscle is diverse in bipedal human and quad gorillas. Today the people have exceptionally enormous hips and which have bigger pelvic joints (Tardieu, Hasegawa Haeusler, 2017) References Barrett, P. M., Maidment, S. C. (2017). The advancement of ornithischian quadrupedality.Journal of Iberian Geology, 1-15. Dunbar, R. I. M., Lehmann, J., Korstjens, A. J., Gowlett, J. A. J. (2014). The way to present day people: time spending plans, parting combination sociality, family relationship and the division of work in hominin evolution.Lucy to language: The benchmark papers, 333-355. Granatosky, M. C., Tripp, C. H., Schmitt, D. (2016). Walk energy of above-and beneath branch quadrupedal headway in lemurid primates.Journal of Experimental Biology,219(1), 53-63. Ingham, S. J. M., de Carvalho, R. T., Abdalla, R. J., Fu, F. H., Lovejoy, C. O. (2017). Hard Morphology: Comparative Anatomy and its Importance for the Anterior Cruciate Ligament.Operative Techniques in Orthopedics. Langdon, J. H. (2016). Contextual investigation 9. Perusing the Bones (1): Recognizing Bipedalism. InThe Science of Human Evolution(pp. 67-73). Springer International Publishing. Machnicki, A. L., Spurlock, L. B., Strier, K. B., Reno, P. L., Lovejoy, C. O. (2016). First steps of bipedality in quite a while: proof from the atelid and proconsulid pelvis.PeerJ,4, e1521. Osborn, M. L. (2013).The Shoulder suspension of bipedal people and the head suspension of quadrupedal felines: a recreation of macroevolutionary changes of complex frameworks dependent on normal examinations, similar life systems, and biomechanical investigations of surviving organisms(Doctoral exposition). Pontzer, H. (2017). Economy and Endurance in Human Evolution.Current Biology,27(12), R613-R621. Pontzer, H., Raichlen, D. A., Rodman, P. S. (2014). Bipedal and quadrupedal headway in chimpanzees.Journal of human evolution,66, 64-82. Tardieu, C., Hasegawa, K., Haeusler, M. (2017). How Did the Pelvis and Vertebral Column Become a Functional Unit during the Transition from Occasional to Permanent Bipedalism?.The Anatomical Record,300(5), 912-931. White, T. D., Lovejoy, C. O., Asfaw, B., Carlson, J. P., Suwa, G. (2015). Neither chimpanzee nor human, Ardipithecus uncovers the astonishing parentage of both.Proceedings of the National Academy of Sciences,112(16), 4877-4884. Zeininger, A., Shapiro, L. J., Raichlen, D. A. (2017). Ontogenetic changes in appendage stances and their effect on compelling appendage length in primates (Papio cynocephalus).American Journal of Physical Anthropology,163(2), 231-241.
Friday, August 21, 2020
Case Study: When Radiation Therapy Kills.
Section 4: Case Study: When radiation treatment slaughters. The ideas of morals are outlined in this section. Morals is a worry of people who have opportunity of decision. Duty, responsibility and risk are issues that are raised by radiation innovation. For this situation we see that the imprudence or sluggishness of the clinical expert, the absence of preparing in the treatment of the gear (programming), likewise of the support of the updates of the product can cause the existence an individual. These blunders cause by people or machines can be forestalled: if programming had some sort of protections that control the measure of radiation that they can convey, if the expert or machine administrators were increasingly mindful of the message mistakes, that show up on the screen, and if the emergency clinics had given the correct preparing to their staff. Specialists, emergency clinic and the product producer all need to worked together with one another to make a typical arrangement of security methods, programming highlights so as to forestall this to occur, every one of them are mindful. Every one of them had the ability to forestall this sort of things to occur and they all choose to accuse each other for their own errors. The utilization of a focal detailing office could lessen the quantities of radiation treatment mistakes later on in light of the fact that this empowers the state to recognize patterns and exposures that may make wellbeing concerns. If I somehow happened to structure electronic programming for a direct increasing speed, I will surely put some kind of shields that control the measure of radiation that they can convey, by along these lines attempting to forestall the overdose of radiation. Polytechnic University of Puerto Rico Graduate Program in Management Chapter 4: Case Study: When radiation treatment executes. Jayline Benitez Hernandez #46654 MGM 6560 â⬠Management of Information Systems September 1, 2011
MIT Regular Action Decisions Now (Actually) Available Online
MIT Regular Action Decisions Now (Actually) Available Online Update: the once-in-a-century alignment of Super Pi Day appears to have fired a cosmic EMP directly into the heart of our server farm. Working to restore flux capacitorsplease stand by. Update 2: rotors rotating, spanners spanning, you should be able to check your decisions again. MIT Regular Action admissions decisions for the Class of 2019 are now available at decisions.mit.edu You can log in using the same username and password that you use to log in to your MyMIT account. There are no interim screens, so you should be sure you are ready to receive your decision online before logging in to decisions.mit.edu. 18,306 students applied to the MIT Class of 2019. As of today, and inclusive of Early Action, we have offered admission to 1467. These 1467 students are truly exceptional. The admitted Class of 2019 includes makers and marksmen, eidetics and entrepreneurs, Georgians (as in Atlanta) and Georgians (as in Tbilisi). Individually they represent 67 countries and more than 1000 high schools; together, they constitute an incredible community, each contributing a set of rare skills and perspectives while holding in common the highest caliber of character, conscientiousness, and, of course, remarkable intelligence. We often say we dont admit numbers to MIT, we admit people. Yet this isnt quite true either: we admit classes, cohorts which have been curated with care, each contributor collected to create the best possible team to climb the mountain that is MIT. There are also those students who may be climbing other mountains, with other people, next fall. Of the students to whom we do not offer admission today, we have placed a small number on our waitlist and informed the balance that we will not be able to admit them to the Class of 2019. Turning away so many kind, generous, super-smart students has been more than difficult: it has been truly painful. If you are among them, then all I can say is that MIT is just another place. If it is amazing, it is amazing not because of some occult magick emanating from beneath the Great Dome, but because the people here are amazing. And if you are an amazing person, then you can be amazing wherever you go, if you choose to be. Im closing comments on this blog post to concentrate conversation in the open threads for admitted, waitlisted, and not admitted students. Congratulations to the Class of 2019. I wish all of our applicants well. No matter where you enroll next fall, please make it a better place. I know you can. I hope you will. Post Tagged #Early Action #Pi Day #Regular Action
Friday, June 26, 2020
Adverbs and commas splices
At first glance, it might seem that adverbs and comma splices dont have all that much to do with one another. On both the SAT Writing section and the ACT English section, however, theyre actually quite connected, even if the relationship isnt particular obvious. For those of you who need a quick review, comma splices are created when aà comma is placed between two full sentences, and they can be fixed by replacing the comma with a semicolon or by adding a FANBOYS conjunction (for, and, nor, but, or, yet, so) after the comma. For example: Comma Splice: Gandhi rejected violence as a means of political revolt, he advocated peaceful protest instead. Correct: Gandhi rejected violence as a means of political revolt; he advocated peaceful protest instead. An adverb is a word that modifies a verb. You may be familiar with them from the infamous adjective vs. adverb error that appears in the Error-Identification section (e.g. John and Bob pulled the sled slow up hill, pausing only occasionally to catch their breath). For that section of the test, its usually enough to know that most adverbs end in -ly. Now, most adverbs do in fact end in -ly, but not all of them do. And its the ones that dont that tend to cause a lot of trouble when it comes to Fixing Sentences. In order to recognize when a comma is being incorrectly placed between two sentences, you have to first be able to recognize when something is a sentence and when it isnt. For a lot of test-takers, though, this is much harder than it sounds. Most people have no problem recognizing that this is a sentence: Sentence:à Gandhi advocated peaceful protest. But stick in an adverb (underlined below), and all of the sudden some people arent quite so sure: Still a sentence:à Gandhi advocated peaceful protest instead. At this point, a lot of people will look at the sentence and say, instead of what? Because the sentence suddenly doesnt make complete sense on its own, they mistakenly believe it cant be a sentence anymore. Actually, though, it can and it is. It even gets worse: move the adverb to the beginning of the clause, and a lot of people will simply have no idea whatsoever whether or not theyre dealing with a sentence: Instead, Gandhi advocated peaceful protest. This is still a sentence. It doesnt matter whether it makes any sense out of context, OR whether the adverb comes at the beginning or the end; its still a stand-alone, grammatically correct sentence. And that means that it cant have a comma before it only a semicolon or a period. Both the SAT and the ACT play with this concept a lot. They know that lots of high school students get confused by syntax and lose their ability to distinguish between sentences and fragments when adverbs are placed at the beginning of a sentences. Furthermore, if my own observations are any indication of things, they also know that this one of the top errors that high school students make in their own writing. (Actually, its something I see adults do in their writing sometimes too, and that looks really bad). In this case, learning that placing an adverb at the beginning of a sentence doesnt make it any less of a sentence can go a very long way toward making writing sound clearer and more polished and, well, more like something produced by someone not in high school.
Sunday, May 24, 2020
Security forensics and risk management - Free Essay Example
Sample details Pages: 24 Words: 7218 Downloads: 4 Date added: 2017/06/26 Category Management Essay Type Research paper Did you like this example? Acknowledgement Foremost I would like say thanks to god for all support in all my life and secondly University of Greenwich to give this my life aim to complete my masters. Next my supervisor Professor Kevin Parrott to the supports he gave because without his support I wouldnt be able to complete my project with this quality. Especially the suggestions and appreciation given my supervisor make me feel better and gave positive thinking. Finally need to thank my family and friends for unbelievable supports and encouragements. Abstract As we are in the information era the world is changing to use electronic means for day to day use. The paper documents is gone and most of them are paper free because of so many reasons such as pollution, easy, fast, etc At the same time this digital media has availability, scalability, confidentiality and integrity which are required behaviour for secure communication. The risk is increased with the increase of computer and digital means usage and the single security lack may cause huge losses. There are some surveys says most of the crimes are happening through electronic means and the target is computer or computer peripherals. If the attacker found a single security lack that is enough to start and break the whole system and the security lack could be configuration mistake, firewall issue and basically problems in the protection mechanism. Because of these reasons testing become very important and this process called as Auditing. There are so many types in the auditing an d this auditing requires technical knowledge to make these tests perfect and to give an audit report including suggestions. The auditing falls into two main categories such as Automatic and manual. The test will be efficient if it is automated using testing tools which are called as automated or computerised test. Even though there are some tests cannot be automated and need to test manually. This auditing covers network security test, physical or environment security test, computer security test which includes software and hardware tests. The computerised test will carry on with some security tools and the manual will use questioner to minimise human made errors mainly forgetting. Security audit is the technical assessment of the application or system. The assessment may be manual or systematic or both. In most case the auditing process uses manual and systematic/ automatic methods because there are some tests cannot be automatic such as review of the security policy, asset m anagement, etc This auditing has different types such as internal or external. This type is depends on the company size and the resource availability. Usually big companies have their own security auditor so they will perform the audit internally and the small and medium size companies mostly hire auditor form outside. Both types got pros and cons in security and financial manor. Donââ¬â¢t waste time! Our writers will create an original "Security forensics and risk management" essay for you Create order Chapter 1 Introduction This chapter largely contains non-technical information to give the understanding of high level objectives. Also describe the techniques and technologies used in the project and research to accomplish the project Objective Audit The audit is a systematic or manual security assessment of the network, infrastructure, system, etc The complete audit should be the combination of manual and automatic assessment because in every test target there will be some test cannot be automatic. The audit has so many categories and the following paragraph will explain about the categories and the functions or techniques behind that. There are 3 controls in the auditing process which are Preventive control The preventive controls are controls may in the form of software or hardware or ant configuration to prevent the error or vulnerabilities. This is an active type control always monitor the interface for any vulnerabilities and block such vulnerabilities or errors before it enter into the system or infrastructure. This is most effective control mechanism because not allows the vulnerabilities. Detective control The detectives are in placed to monitor the vulnerabilities in the form of software or hardware but the different between preventive and detective is the preventive wont allow the vulnerabilities into the system where detective allows entering everything and correcting the vulnerabilities after enter. The best example is for this control is fire alarm because fire alarm wont prevent the fire before but if any fire it will work. Corrective controls The corrective controls are the controls to correct the error or issue before it make any harm. This is very important control for all places even if they have other controls because there are some issues or vulnerabilities cannot detect by the controls if they will come and attack so there should be some control to correct those before loss occur. Addition to that the controls should up to date such as latest firmware or latest definition. Type of auditors There are two basic types of auditors in the information era the internal and external auditors. This selection of the auditor will be done by the management with the use of financial status of the organisation. Size of the organisation and the policies defined in the company. Internal auditors Internal auditors are auditors belong to that particular company which is going to perform the audit. That means the auditor is an employee of the company. So the auditor is always available to do the auditing and data or information will keep within the organisation. This is the main advantage of having the internal auditor and the same time and the employee purposely recruited for auditing then is cost a lot for the company. So it is only possible for the big level companies because they have huge investments and revenue. The disadvantage of the internal auditor is they may be up-to-date and dont have current market or audit status such as new techniques and tools. External auditors The auditor recruited from other auditing firm for the auditing so it is very hard to find professional auditor because of the availability and as the auditor recruited from outside the company information may go out. At the same time the auditor needs some time to get and understand the company process. But the advantage of recruiting the external auditor is their knowledge and it is suitable for middle and small level companies. Types of Audit: Traditional Audit It is just like a manual auditing. It is useful when working with a large amount of data in a large company. Here auditor took some sample data from different place then provide a report. Advantage: Easy Cheaper Disadvantage: Always do not provide correct information. In IT sector it is not useful. Software audit: Software audit is a wide popular for any educational institute or organization. It is just like a review of the software and the system that can find all information of the system such as operating system, application software, processor, drives, controllers, bus adapters, multimedia, virus protection, system model, main circuit board, memory models, local drive volumes, network drives, printers information etc.. There are so many auditing tools in the market such as Belarc Advisor, E-Z audit that are very power full. KW116 is the main Lab for school of computing and mathematical science in University of Greenwich. CMS installed lots of software for students to continue study or research. According to Copy right, Design and Patents Act 1988, all Software must have a valid licences to continue the process. As Lab uses large amount of software and different software expire on different time so it is very difficult for Lab administrator to keep up to date all licence by manually check s. Only auditing by software can possible to give details report to administrator to keep up safe the system. Advantages: Correct Information: Machine always provide the correct information so it has less chance to provide the incorrect information. Save time: Software very quickly provides a report of the system so it saves time. Details description: It provide a details description of system including any warning or licences issues etc Minimise the cost: By implementing the software audit two peoples work may possible with one people so it reduce the extra cost. Disadvantages: Investment Costly: Software is very expensive so university need extra money to buy this software. Risk: Auditor knows the details information of the system. Work flow: Auditor needs part of the lab to check the system. So it discontinues the student workflow. The approach The typical audit has different approach to collect the data. The single audit will use multiple techniques to gather full information and it is necessary to use different technique for different level of people. These are common techniques here. Interview This technique uses to collect the information from outside people or top level people and the number should be limited. During the interview the auditor or interviewer will ask questions from other people and collect the information. So the person will be well prepared for the interview. This is very robust method because it will allow people to express fully and the method also simple as it is talking which is natural way to communicate. Another advantage is this bi directional communication, means both parties allows to ask questions for clarification or gather information. Observation This method uses in the place where real time process monitoring or behavioural change is required. This is a powerful way of do the changes throughout the audit because other techniques exist in currently not possible to get real time information. Inspection The technique required to do some action with collected data to collect audit related information. This is the form of observation with advance criteria expected. This is extended version of observation because if the auditor apply any advance criteria to gather the data which is necessary to the auditing. After collecting the data the next step is to identify the weakness and process it. The identifying is the key work in the audit and after that categorising. The identifying uses some techniques to make that easy, preface and professional. The techniques used here are Root cause analysis General technique for analyse and get the better solution for the vulnerability or weakness. Because this technique drilldowns to the issue and finds the root and fix the weakness. The basic technique behind this is if the root is fixed automatically it will fix all other problems related to that. So simply close all related issues at once. As mention the easy and robust way to stop the issues exist and the issues may come in the future. After root cause analysis the next step is to get the solution for the root of the issue. The important thing here is choosing better and effective solution for the issue. The selection depends on some external and internal restrictions. Organisation policy Cost per benefit Legal restrictions Availability Compatibility Vendor and citification Advantage of having Auditing: Satisfaction: It brings the confidence of the Lab administrator of the University of Greenwich to continue the business process. Owner always thinks is there any lack that breaks down the continuity of the business. Detection and prevention of errors: Human can made error in any times .on one can say there is no error in there company. By auditing people can find the error and suggestion to recover the error. Detection and prevention of fraud: It also just likes errors. Sometimes user intentionally or unintentionally does this thing. So after audit we can find out the fraud. Verification of the Licences: KW116 Lab installs lots of software for student. Here some software for 1 year some software for more than one year and some software has limitation (No. Of user can use) for use. So auditor can find all kind of licence issues. Independent opinion: Audit always done by the independent people .so this report always accepted by everyone. Safety form exploitation: Health and safety always is a big issue for any organization. KW116 Lab got lots of equipment that are connected with electricity. So always chances for short circuit or exploitation. Audit identifies the all lack point and advice for prevention. Disadvantage of having Auditing: It is expensive Sometimes slow or stop the work flow External people know the company information. Encryption Encryption is the simple technique in the different for to send the date securely through shared place like internet. The form of encryption may vary from each other but they all commonly use digital certificate to encrypt and decrypt the data. Encryption use keys to make cipher text from actual message. The cipher text is not readable and it is the encrypted version of the massage using some algorithm. Security roles/user roles The security roles are very important technique to make network administration easy. This is basically creating some groups with different permissions according to the organisation operation or policy. A user or staff can have multiple security roles according to their need. This roles use to authorise the user permission. Security policy Security policy is a document which has all rules and regulations documented and approved by management and align with laws and legislation. This policy is used to define all activities and this is used to make some decision. Business Continuity: There are three things always we have to mind to continue the business Essential: to running the business any customer order cannot be delay more than seven days. Tolerate delay: some application may delay to continue the business such as management pay. It is a midterm i.e. one to four weeks. Discretionary: some application is useful for business but it is not affected to continue the business operation such as management report. It is a long term i.e. 3 to 6 months. Business continuity planning Business continuity planning (BCP) is the most important for any organization to continue the business. BCP engages with only different kind of risk to continue the business process that might occur in the organization and it also creates the policies, plan and procedures to reduce the risk. BCP can continue the business process in disaster situation as well. The main goal of the BCP is to combine together all policies, procedures and process so that any disruptive situation business process can continue or it may impact very little. Here main important function of BCP is Maintaining the business operation Continue the business in emergency situation Reduce the risk If any situation BCP cannot take over then Disaster recovery planning (DRP) takes over. British Auditing Standard BS7799: It is a British standard called as BS7799 that developed by British standard institution where describes the security policy and standard procedures.BS7799 become the ISO IEC 17799 after accepting the ISO IEC technical committee for international use. Now a days information is a valuable asset for organization .So it is very important to protect the information like other corporate asset. Here BS7799 introduces how to protect the information from threats and suggest the three points to secure the information such as Integrity: it is assurance the completeness and accuracy of the information. Confidentiality: Information can only access by the authorise people Availability: Authorise people can access the information when needed. Attacks and prevention for the attacks Errors and Omissions: Errors and Omission is one of the most common and toughest vulnerabilities .It is a human made error because human interact with programming, controlling and enter data for computer. There are no countermeasures to protect the errors and omission. Fraud and theft: It is a one kind of criminal activities that may occur in the KW116 Lab. It includes computer component such as mouse, keyboard, router, switch, cables, CPU box etc. It was observed that security person always not in the access point. So it is harm to secure the lab from fraud and theft. By protecting the access control we can reduce the fraud and theft. Both internal and external people are responsible for that kind of activities. Prevention of Fraud and theft: Regular auditing and monitoring program will help to identify all kind of fraud and theft. Deploy all of the access control. CCTV in proper place. Virus: Virus is a malicious code that has ability to reproduce his code itself and spread one system to another system via e-mail, downloading, storage devices (CD, DVD, memory stick, removal hard drive) and destroy the computer system. It was observed that removal memory stick all most every user are using and it is the most change to spread the virus in the Lab computer system and also observed user are using their own laptop and connected to the university wireless network. If user laptop effected with virus then it also change to spread the lab network that can affect the internal network and attack the server and crash the hard drive. Prevention: Install the latest antivirus software. Regular update the antivirus software. Follow the backup procedures regularly. Scan the device when transfer data. Installing the NIDS (Network Intrusion detection system) and firewall Minimise the download from internet. Download only repudiated site web site. Scan before the download. Care full to open unknown e-mail attach. Scan all incoming file from the remote site. Aware the user about danger of the virus. Trap-doors: It is an undocumented command that might user can create to speed up the work flow. Unfortunately sometimes student might leave these trap-doors. Prevention of Trap-doors: Use latest antivirus software. Give permission to develop the code only authorise people. Check properly all coding before use it. Logic bombs: It work s like time bombs and affect the system in a particular event or day such as program launch, website logon. It changes the data and deletes the data from the system. Here student are accessing the lots software to do the course work or project. So they are strong enough to build the logic bombs. It is normally happen in company if employee leaves the job. Prevention: Audit regularly and monitoring Always back up the necessary file Allow authorise people to develop the code Need record of all modification or changes Trojan Horses: It is a software programming that contains the malicious code. Normally students are interested to download the music, free software from internet. It is the most change to affect the lab computer and destroy the data stored on lab computer system. Prevention: Avoid unwanted software and music download from internet. Aware the user about Trojan Horses. Worm: Warm also is a malicious code that can spread itself without any human involvement from one system to another system .It works only computer network system and does not need any devices to transport. Prevention: Use firewall Use update antivirus software Spyware: It is an unwanted software interface that monitors the activity of the user and transfers the important information like log in details or account details to the remote system that monitor the user activities. Adware: It is also similar to spyware but it does not intent to transfer the user details to a remote system. It works like advertisements on the internet. Some adware monitor the searching behaviour of the user and then redirect the related websites. Prevention of Adware /Spyware: Close the pop up window. Aware about the spyware/adware. Click only reputed link. Social Engineering: Most of the users are getting unknown mail and they are also chatting with unknown people. Social engineering is one of the most popular techniques that attackers use to access the system by sending the mail or chatting with people to know the password. So it is a major risk to the security of the password. Prevention: Not response the unknown mail. Not chatting with unknown people. Dont give any one personal information or login id. Proper training or aware the new user about social engineering. Ping of death: we have only permission to send the largest packet (65,536 bytes) on the server. Attackers know this amount of bytes from ICMP specification. So they try to send the packets more than 65,536 bytes (at least 65,537). If the server does not check the size of the packet and try to process then it hung or crashed the operating system. Dumpster diving: Every day Lab user printing there necessary document but sometimes by mistake they are printing unnecessary document and end of the day through all document in the bin. Hacker is very intelligence. They always look at the bin and find the necessary document to access the network. Prevention: Destroy all documents before put in a bin Natural disasters: If anything happen that is not under control of human it is called natural dusters such as earthquakes, volcano, floods, fires, storms, hurricanes etc It may occur in any time but most risk is the fire for KW116 lab. It may cause from heater, power supply, over heating the power box, short circuit etc. Natural disaster is less chance for lab but it affect is more than any threat .It may destroy the part of the building, loses the all information. Prevention: Follow the health and safety procedures. Clear the fire exit. Aware the user about possible disaster. Man-Made Disasters: If anything happen intentionally to destroy the business process or destroy the part of the business and it is control of human then it is called the Man-Made Disaster such as Fire, Act of Terrorism, Bombings/Explosions, and Power Outages etc. Prevention: Check always ID card Allow only authorise people Use metal detector CCTV Equipment failure: Students are always busy with their course work and other course related work so equipment failure may loss the all data. Prevention: Use extra UPS Back up all data Auditing Stages/Steps Scope and Pre-Audit survey Planning Field work Analysis Reporting Scope and Pre-Auditing The first step or stage of the audit is to understand the purpose of the audit and the areas need to cover during the audit. Understanding the audit purpose is basically get the idea why this audit needs to perform; means any special risk assessment or annual audit. If it is special risk assessment audit this will be more specific and the scope will be narrow and deep otherwise if it is annual audit it will be the general audit to cover as much as possible area. Pre-Auditing survey is to verify the audit areas using risk management techniques and some general techniques such are reading previous audit report, web browsing, background reading, etc This will reduce the chance of failure by correcting the plan by lesson learned. Planning and Preparation In this stage the scope is going to break into small areas to make auditing easier and clear. So the clarity will be more and purpose will be easy to understand. Usually this stage will involve the work breakdown plan and risk control matrix. The risk control matrix is just a check list contains questions to carry out during the audit. Field work Actual auditing will perform during this stage by different techniques or methods. Simply it starts with interviewing staff or students using questioner or oral interview to system or network test by auditing software tools. The result of this stage will be the evidence of the audit to get a conclusion or submit to the management with audit report. So this will be the most important stage in the audit process. This step may use several testing software tools depend on the scope of the audit and the software selection is another key event of the audit process because there are so many fake software applications available in the market. Actually those are virus and the reason of making virus in the form of auditing tools. The reason of spreading the virus in the form of auditing or testing tool is very easy and hart to detect. Analysis Using the evidences or any results collected in the previous stage are the input of this stage. This stage is fully analysis and decision making so it needs a lots of time to investigation and assessment. The most sensitive area of the audit process is analysis because this is the place going to take the decision to submit to the board so that should be perfect otherwise the audit is useless and it will lead to make some wrong decision. Reporting The stage is to present all audit findings in the form of report. This is the document contains all evidences, analysis results, suggestions recommendations, conclusion, etc This document will pass to the management or the higher level people to review approve and take necessary action if necessary. The report should be clearly written and easy to understand because this document need for future also to give some information to start next auditing or to take some strategic decision. Problem Domain Because of the increased use of university of Greenwich KW116 lab the chances of threats or issues are high and this is the responsibility of the student and the staff to make the lab secure in all aspects. The reason of this project based on KW116 is that is the lab used by the students largely and usually network related or any other lab sessions and happening in this lab so if the lab got any security hole or lack that may affect the student and the staffs. Easiest way to ensure the security level of the lab is auditing. This auditing needs to cover all areas from physical security to network security. Then only this will the perfect audit and the audit can use some standard checklist to make more efficient and to eliminate human made errors such as forgotten, typing mistakes, etc There are so many ways to make sure the security level such as penetration testing and vulnerability testing. These are more specific with attacks and threats and for the general purpose security audit is the suitable one as it will cover all areas of the security. According the reasons given above the general security audit is the most suitable technique to verify the security level of the lab. So the auditing will cover most of the areas of the lab with the aid of standard checklist which is approved by British Standard Institute. Test behind the auditing Physical test Network test Software Test Security Policy test Hardware/Peripherals test Access control test Objectives To evaluate the actual level of security that exists at The University of Greenwich Maritime campus KW116 Lab. Activities plan and schedule the audit Auditing with software tools Analysis audit result Deliverable Detailed audit report with suggestions and recommendation This is the main objective of the project and this will carry on with several tools like packet sniffer, port scanner software, etc There are three different tests using these tools to identify internal and external vulnerabilities. To evaluate various methods of implementing the security policy, determine the security weaknesses and implement risk management for the existing security weaknesses. University lab security policy review Analysis Deliverable Detailed security policy analysis report with changes/suggestions/recommendation. The reason of this objective is to stop the holes from policy level because this is the easy way to implement. Learn Audit and Audit process and practice auditing and Research auditing products available in the market and select appropriate. This task is fully learning about audit and audit related stuffs. This objective is the key or starter of this project because if project start without proper knowledge that will mislead to somewhere else not to project aim. To draft a new security policy that addresses the existing weakness to the management. According to the analysis draft a security policy to fix or overcome all existing security holes. Deliverable Draft security policy How the objectives will be achieved Third and fourth objectives will be achieved with books and internet. This objective will give the idea about auditing the outcome of this objective will be a documentation which contains all requirements which need to cover in this project. The research will give the details about tools which requires to perform the auditing the methods/process for the auditing. Internet is the main and basic mean for this research as it is easy to access and with wide range of data. Tools which identified from the research will used to perform the security auditing and this audit result will monitor in real-time and document instantly. Mostly these tools will be freeware and from well-known vendor. The auditing will perform in three different views to make sure the area is secured fully. The views are inside computer local network, outside computer local network, outside computer different network. Audit Methodology This project uses two different methodologies to accomplish the task such as checklist and questioner. The check list is an aid for the auditor to perform the audit and it is a manual to the audit. So the checklist will contains all tests need to perform during the auditing where questioner is to get the opinion or feedback for the staffs and students (generally this will be feedback from stockholders). The analysis also will carry in two different way using questioner and the checklist and finally compare both and get the conclusion. The questioner and checklist covers most of the areas and those are grouped separately to make the auditors life easy and more understandable. The areas coved in the documents are Physical Security/ Environment Security control This section mainly covers the physical security issues and the recommendation. Mainly it covers all natural disasters, actual control and recommendation. Access control This section is all about permit or deny to the access to KW building using several ways. The questions used to get the actual control, status of the control implemented, recommended control need to implement. Software and hardware The hardware and software related testing and verifying is the main job of this area. When talk about testing it will start from licence to the current status of the hardware or software. Servers and network All about network related testing from cabling to server level security. This is the key test of the security assessment/auditing because network in the hard of most of the organisations. Security policy The area is to review the existing security policies and make sure they are valid with the current limitations and technology improvement. This is because there is a necessary to keep the security policy up-to-date as well. Personal security This is all about personal security when user or staff made mistake or for any human made errors such as how the system behave if a user forgot to log off the computer when he leave and analysis the actual control implemented. This will use to give the status of the current implementation and propose enhancement if necessary. Virus/Threats This area covers the security vulnerabilities through virus or any other similar threats. So mostly this questions or the test task will relate virus and antivirus or antispyware controls. Especially this area will talk about the up-to-date definitions of the antivirus because this is the important task will make sure the status of the security level. That means it is no use if u have antivirus or any anti-threats software without proper update or latest update. Remote connection / external connection Very important area which should verify before authorise because once access given they can do anything from outside. So there should be a software use to validate the user and the place of login and important point is the software should be from well-known vendor and properly tested. Non Achieved Objectives It was mention in the objective to use auditing softwares for scanning all of computer and the network system to gather information about expire date of Licence, list of software and hardware details, network risk and warning but because of security and licensing reason university did not allow to use the softwares proposed for this project. Even though Belarc Advisor software runs from outside laptop with university network for the sample analysis and the result documented in the report for the analysis. It would easier to make conclusion if auditing uses the software to gather information. But instead of software the audit uses a standard checklist to carry on. Summary The chapter 01 assisted in clearing and understanding the problem domain. This is mostly non-technical or less-technical have as much as possible general and basic ideas which covered in this project. Final Report University of Greenwich The checklist analysis methods used for this project made audit wider and deeper because it follows mostly BS7799 standard. The checklist clearly describes that there are some places got weakness and some of them are in the level of acceptable. The concern of the audit is the place security is lacking because these are the vulnerabilities for the KW116 lab. The checklist clearly mentions the findings and recommendation. Here finding is the actual control implemented and the recommendations are the expert suggestions. These expert suggestions made with experiences and some other means such as internet, books, etc The expert rating for the security level of the lab in chart is bellow. The chart description makes auditors decision very clearly with recommendation result. The chart above Describes the Security deference between actual control and the security level after recommendation is made. The reason for the non 100% achievement is organisation restriction such as budget, po licy and it is not practical to achieve 100 % security. The requirement for the security is to meet acceptable level. The level of acceptable is a keyword in security as it is not possible to secure the system 100 % if it is connected to external world. As mention above the lab KW116 is very weak in access control but if the university implements the recommendation it may achieve 100%. Analysis Checklist Access Control There is no proper control to access KW and no consistence in the rules and regulations because only some time security staff checks the resource card. In general anyone can enter into university KW building which is big issue here. Because even CCTV fined any issues with the person entered when they check the CCTV later they cant do anything because university dont have any clue about that person entered into the lab. Remote/ virtual connection The virtual connection is still using which is well-known and trustable software and the system is using windows authentication. So the login is validated at the place of active directory. Active directory authentication is very strong because it is using complex encryption method with non-reversible method. But the server needs more resources to increase the performance because the virtual desktop is really slow. The lag of the security audit is Security policy The university have own policy security for the lab but those are not in the well-known place to read or there is no instruction from where student can get those information 2.1.4 Environmental and Physical security The lab is almost safe in environment manner such as wind, rain and sunlight. In addition to that if any mechanism to monitor the window covers against sunlight that would improve the security level. The audit flag for this is Network and Equipment Security User Responsibility This is another huge security hole in the lab and this looks simple issue but it may cause any kind of issues. There are so many things will come under this. For an example following images are simple and good evidence for how users are behaving in the lab. The mobile phone usage, foods chatting, etc The audit status flag for this area is Chapter 3 Recommendation Access control The staffs in the entrance should verify the student before enter into the KW premises. University can use two different methods to here. Staff in the entrance should check the university resource card always This is power technique because the staff can verify the student with the card image. In this method illegal use of the resource card will be eliminate. But this technique requires CCTV for the evidence if anything goes wrong and the staff working in the entrance should work Entrance should have at least one security staff always and they have to be well trained. The second option is electronic access contrail which uses access card, finger print or code to open the entrance. But as it is an academic intuition there is no need for more security like this. So the best and cheaper way to control this is the first option. This is the first and primary level of control KW building. But another issue here is there is no control to say the student has entered to the lab other than CCTV. Because the access control in the entrance will make the student or staff has entered to KW not to KW116. Remote/ virtual connection The system should upgrade with more resource because there are possibilities for huge number of remote connection. So if the system works very slowly it is useless to implement this facility. The system may split into multiple virtual clusters and the clusters will increase the performance. User Responsibility The responsibility of the user are not known even it is well-defined which is useless of having riles and regulation. So there should be a way to introduce all these responsibilities to the user such are notice board, labelling with rules or small sessions to pass these rules to users. Notice board This method can carry big set of information on it but there is no proof those users checking the notice board which again come as not effective way of communication. Ladling A strong way of communication can put these in the physical stuffs as sticker or in software as message box or software label with different colour. But the disadvantage here is it can carry small and that particular area or situation rules and regulation. Meeting The suitable way of communication because talking is the easy way of communication and two way interaction also possible in this method. But the requirement here is to make this meeting as compulsory for all users and penalise if anyone miss. But punishment should be related to pass these to user. Entry Control (Web) This covers all possible web based application with 1st level security. There are two places which users usually use for their day to day work through web and lab computer login. This password strength is strong enough for academic based industry but suggesting reducing the password expire period which is simple technique to improve the security level. Portal University of Greenwich The login configuration of the portal is strong enough for the academic industry and the session out time is very good. Intranet University of Greenwich The login control is acceptable in intranet but the session maintaining is very poor and logout mechanism also poor. Simply there is no session controlling and logout is not working properly. The main issue with logout is logged is allowing the user to access previously visited pages which is wrong and it requires internet explorer shutdown to complete the action. Suggestion to implement session control because this session control will eliminate these two issues. Computer Login. Again the lignin mechanism is acceptable here but idle time control such user timeout because of idle timeout is not proper here so need to improve here because this is a security risk. But this is also users responsible too but the system it should handle as much as human errors. Chapter 4 Audit Report -Draft Version Scope The project covers only KW116 lab and in the lab it will assess network, physical, policy, etc There are many limitations to do the testing because auditing done with student user credentials which got less privileges. Objective of the engagement Find out status of the lab in security point of view Recommendations for the weaknesses. Audit Report submission to the board Coverage period 4/3/2010 to 30/4/2010 Brief description of the work performed The audit assessments processed all areas with students credentials. Background information N/A Overall audit conclusion The conclusion of this audit is the KW116 is protected in network or network related stuffs such as attacks and vulnerabilities are almost safe. But the access control and some of the process mentioned above needs to change or enhance. When it comes to overall audit conclusion the level of security is average. Chapter 5 Conclusion and Future Improvement The audit to KW116 is to find the status of the security level and existing security issues. The auditing covers most of the security areas including physical security. This audit uses checklist method as auditing technique because this checklist method will eliminate some issues even the technology is software based because human made errors or mistakes such as typing mistakes, forgotten, etc and the same time the check list used in this auditing mostly satisfy BS7799 and ISO12007 which are basic and powerful standard. This check split in to sever categories to make the auditing process easy and understandable. This audit process uses one software to validate the system. Basically this software scans the system and the network to retrieve security related and system related information. The output of this software is all-in-one report with details. The report also split into several categories. Even though the main advantages of this software is validation of software licences, network scanning and security updates. addition to there was a survey using questioner created for this project with general and basic questions and the survey limited to 100 students. The result of the questioners is summarised and analysed. The basic reason of this survey is to get the students opinion. According to the analysis the student allows some security weakness because of their easy such as password expires period. The standard checklist analysis is the major part of the project and according to the audit there are so many weakness in the KW116 and related process especially access control mechanism. The access control mechanism should change or enhance. This should be the first consideration of the board or authorities. At the same time students are not very keen to follow these regulations because following the rules and regulations are not easy and the policies are not available or not visible to the student or appropriate users. This is the second concern of th e audit. Because if the student needs to obey they rule they should know the rules and regulations. The final conclusion of this audit is the KW116 is protected in network or network related views such as attacks and vulnerabilities are almost safe. But the access control and some of the process mentioned above needs to change or enhance. Future improvement The audit needs to add some more software to the testing this will be effective if project apply some simple penetration testing. The penetration test will give the level of the security or security lacks which will allow attackers to some inn or attack. The checklist can go more deeply to get the root cause of the problem easily. Chapter 6 Appendix A Security Audit for KW116 Lab, University Greenwich Security Assessment questioner I am Manik Saker doing my masters in University of Greenwich in Computer Security forensics and risk management. For partial fulfil of my masters I am caring out this auditing for KW116 lab and this questioner is to get the feedback from students and analyse the security level or security acceptance level of the lab. The questioner is split into several parts to make this to easy and effective. The responses from the students are confidential and cannot be linked back to you. Please fill this and return to me on completion
Subscribe to:
Posts (Atom)