Art Essay Example | Topics and Well Written Essays - 750 words - 15

Art - Essay Example Thus, even if they might have been made for different purposes, at least they had similar essences because it is the same Egyptians who were using it as an important sculpture in their society. Khafre Enthroned refers to funerary statue of Pharaoh Khafre who is believed to have ruled Egypt between the years 2520 and 2570. Currently, it is exhibited in the Museum in Cairo, Egypt. It was made using gneiss rock which is closely related to diorite rocks, a valuable, dark extremely hard material that was mined 4000 miles at the royal quarries along the River Nile. The use of such a precious material in the production of this statue was necessary because it equated Khafre’s influences and authority as an Ancient Egyptian Pharaoh. This statue played a very significant role in Egypt: acting as Pharaoh Ka’s sub statue; and as a sign of peace. This explains why it still plays a significant role in the life of the Egyptians today. Great Sphinx of Giza (Sphinx) which can be literally translated as the father of the dead or a terrifying one is a statue located in Giza Plateau, at the banks of River Nile, Egypt. It was made between the years c. 2558–2532Â  BC during the time when Egypt was under the leadership of Pharaoh Khafra. Just like Khafre Enthroned, this statue has a significant role to play in the lives of the Egyptians. However, the 241Â  ft long, 63Â  ft wide, and 66.34Â  ft high statue depicts an image of a mystical creature which has got a human head and a lion’s body. Thus, it stands as the largest monolithic statue in the entire globe. For this reason, it has had different interpretations especially in the contemporary society. Whereas the London Imperial College’s Surgeon Huan Ashrafian associates it to a depiction of a person suffering from a disease in disease with lion-like conditions, it has been linked to the solar worship that was so prominent amongst the Ancient Egy ptians. This is so because the image of lion has been synonymous with the

Reflecting reality in film documentaries Essay Example for Free

Reflecting reality in film documentaries Essay The paradox of reality stems from the fact that it is a combination of abstract and concrete concepts. Abstract since different kinds of reality can be subjectively formed and understood. It cannot be quantified from a single perspective alone. In the meantime, reality is concrete since it is something that each and every individual must readily confront. Reality is part of mankind’s constant struggle. The puzzling complexity that embodies the notion of reality is even more felt on how it is depicted, presented or articulated in other forms. Literature exploits the power of words to explain reality, singers capitalize on music. But the task becomes even harder as for the case of film makers who are expected to utilize both visual and musical elements to represent reality. In film-making, it cannot be denied that the use of different technologies somehow affect how reality is shown. For every filmmaker, there is the challenge to make their works of art convincing—convincing, in the sense that a film seems to devoid of any technological mediation and corporeal interest—and at the same time retaining the subject matter in its pure and organic form. With this pursuit, the emergence of film documentaries came into life. Kibborn once noted that film documentaries aim to offer a â€Å"window of the world (p. 53). † This would not come as a surprise since films, whether they are created for commercial purposes are indeed reflections of a much wider world view. Some filmmakers have fared well, while some, unfortunately, failed. On the other hand, there are others, who have seen film documentaries as a tool to immortalize not only their works but also their names. The film industry owes it all to the Lumiere Brothers. This generation would not experience the beauty and artistry of films if not for these two. Since early film tools and equipments are not that sophisticated during that time, silent films tend to dominate the (big screen). However, what is even more amazing in this context is the manner in which the Lumiere Brothers have managed to present reality with pure visual images alone. Films do communicate and try to reach to their respective audiences. But then again, the absence of sounds seems to make the presentation a bit complicated and difficult. However, if one would stick to the principle in which reality is comprised of events that are experienced in everyday lives, situations that are commonly confronted by ordinary people, it can be fairly said that the Lumiere Brothers stand out. If one has to take a closer look at Arrival of a Train (Nichols 83), such event is commonly encountered. The camera focuses on the train and the people that arrive in the station. A close shot is chosen as if trying to tell every intricate sequence and details of the said event. Unaware and unscripted, the actors are seen in their most natural ways and manners. Such technique is also used in Nanook of the North by Robert Flaherty. However, Flaherty incorporated some texts. Perhaps it can be argued that the Flaherty wants to make the a more vivid and descriptive storytelling approach. There is the intention to relate to the audience what is actually happening rather than to interpret the stories on their own. There is a scene in the film wherein the boat is being covered with a piece of cloth before going down the river. In this case, a close shot was again used, in order to show how intricate the processes are. Yet, during the part wherein the actual trek is going on, a long shot was utilized, thus readily evoking a feeling that the group is on their journey. The characters looked small during that shot and the notion of space and distance were further highlighted. From documenting everyday routines to inserting texts in the film, documentaries are also flavored with the directors’ political perspective as for the case of Dziga Vertov. Hicks even described Vertov as the so-called â€Å"genie† of propaganda films primarily because of its strong Marxist beliefs and visions (8). Taylor described that Vertov depicted reality through the montage technique (74). In this manner, Vertov, since he is also into propaganda reflects life beyond what is â€Å"ordinarily seen,† but rather it is on â€Å"how it should be seen (Taylor 74). † In the film, Three Songs of Lenin, different scenes are patched together. There is the part wherein a group of marching men were shown and followed by a scene that focuses on three statues. Another group of marching people is presented but this time, women, with holding high powered guns are also shown, then it goes back to the three statues. Vertov, as a propagandist who wanted to tell the people what life should be seem to purport that equality between men and women must be readily observed. At the same time, the three statues that are constantly shown is reflective of an ideology or school of thought that must be readily followed and practiced. In the meantime, John Grierson is a film critic who is one of those who laid down the foundations of realism theories in films (Aitken 162). Elis and Mclane noted that Grierson readily influenced many film makers (73). He is also responsible for proliferating such film genre in â€Å"English-speaking nations (Ellis Mclane 73). Grierson firmly believes that in order to depict reality properly, reality should be free from all forms of manipulation—that it should be captured in its raw form rather than mastered in artificial environments (Aitken 167). Works Cited Aitken, Ian. European Film Theory and Cinema: A Critical Introduction. Scotland: Edinburgh Press, 2001 Ellis, Jack and Betsy McLane. A New History of Film Documentary. London: Continuum International Publishing, 2005 Hicks, Jeremy. Dziga Vertov: Defining Documentary Film. London: I. B Tauris Publishers, 2007 Kibborn, Richard. Staging the Real: Factual TV Programming in the Age of Big Brother. Oxford, UK: Manchester University Press, 2003 Nichols, Bill. Introduction to Documentary. Bloomington:Indiana University Press, 2001 Taylor, Richard. Film Propaganda: Soviet Russia and Nazi Germany. London: I. B Tauris Publishers, 1998

Essay --

In 1931, Samuel Kistler created aerogel, the least dense solid in the world. Known for its ultra lightweight and incredible insulating ability, recent developments have shown aerogel’s potential in a wide variety of areas. Recently NASA for has used it to insulate Mars rovers and space suits. In addition to this, its extremely low density was utilized to catch dust particles in space, which would otherwise vaporize if they came in contact with solids at high speeds. Its insulating ability combined with its hygroscopic nature allow it to be very useful in both spacecraft and aircraft maintenance, as they keep ice from forming on the wings of the vehicle. Due to its incredible versatility and ultra lightweight, aerogel is a material of the future that will be utilized heavily in years to come. In the 1930’s Samuel Kistler removed all liquid from a silicon gel to produce an ultra-light material that functioned as an extremely efficient insulator, and named his discovery aerogel. It was initially marketed as an insulator, but due to developments in efficient insulation not being of priority in the 30’s, Aerogel development stalled. In the 1980’s, Aerogel development resumed as energy efficiency became a salient issue in America. (Aerogel Crystal Structure, 2005) Although it was deemed too costly for domestic use as insulation, the development of aerogels for commercial and military use has since taken off. Aerogel is produced by making a gel out of a desired material such as silicon, and replacing the liquid in a gel with a pure solvent. Then, the liquid in the gel is heated and pressurized so that it enters a supercritical state, where it can expand and compress like a gas, but has the density and thermal conductivity of a liquid. (H... ... greatly reduce the weight of planes and other military equipment. (DARPA Awards Aspen Aerogels, 2004) Due to their relatively high cost, the main consumers of aerogels are government agencies and large companies. The incredible capabilities and extreme versatility of aerogels provide a bright future for this technologically advanced material. As space exploration expands, lightweight insulation will be at a premium, and demand for aerogels will grow exponentially. In addition, its applications in the military and environmental uses will keep this material relevant for years to come. I believe that as research and development of aerogels continues, the cost of this material will decline to the point that it will become accessible to the average consumer, and could be used in protective gear or as originally conceived, as a cost efficient insulator for domestic uses.

Issues with Revenue Recognition Within the Software Industry

Issues With Revenue Recognition within the Software Industry The Isoft Example Financial Controller-SoftWarehouse Ltd This report has been prepared for the Board of Directors of SoftWarehouse Ltd for elucidation about the contentious issues that have given rise to the publication of the article concerning Isoft’s issues with revenue recognition. Finally, it will also assess whether or not these issues are likely to affect SoftWarehouse Ltd. TABLE OF CONTENTS Executive Summary:3 Introduction:5Part 1- Examining the Isoft Ltd example:5 PART 2 – The issues faced by software companies in relation to revenue recognition:6 Part 3- Issues raised that may impact SoftWarehouse Ltd:7 Part 4 – Future changes in revenue recognition standard:8 Conclusion:9 Reference List:10 Executive Summary: This report has been prepared for the Board of Directors of SoftWarehouse Ltd for elucidation about the contentious issues that have given rise to the publication of the article concernin g Isoft’s issues with revenue recognition.Finally, it will also assess whether or not these issues are likely to affect SoftWarehouse Ltd. In January 2006, Isoft, a Manchester based supplier of software applications for the healthcare sector, announced that its profit would be below market expectations due to a required change in its accounting policy for revenue recognition. Isoft was forced to reverse revenue of approximately ? 70m in 2005 and ? 55m in 2004 – when Deloitte found that Isoft was recognizing revenue sooner than it should have been.The underlying principle of Isoft’s historic revenue recognition policy had been that the value of the product licenses was recognised at the time of delivery, while the value of support and servicers was recognised as they were performed. Moreover, the value of licences was identifiable and separable form the implementation and support services provided. This is not aligned with what the AASB Revenue states. Consequent ly, Isoft engaged in controversial accounting practices. The company recognised revenue at the start of long-term contracts instead of recognising revenue over the life of the contract.Isoft was recognising revenues from contracts even though actual payments for some projects were due over an extended period (for example: one project it recognized revenue even though actual payments were to be paid over a two-year period). The accounting practice of recognising revenue in this method lead to an overstatement of its income, and therefore had the effect of misleading the stock market and Isoft’s overall credibility. After realigning its revenues to the current period (in 2006) to reflect a fair value of its performance, 40% was taken off its share values and the company was forced to lay off 10% of its staff.Isoft adopted a new revenue recognition policy, which more appropriately reflects the changing nature of the business as the group is involved with more complex and long-te rm product supply projects. In the new policy, licence revenues will be recognised over the same period as the implementation of revenues, which may range from a few months to a number of years from contract signature. This will increase visibility and predictability of earnings. At SoftWarehouse Ltd, our contracts with our customers involve the sale of customised software as well as its implementation and maintenance services.We recognise revenue in accordance to AASB 118. The revenue therefore, is recognised over the length of the contract. Due to the fact that our selling prices include an identifiable amount for the subsequent services, that amount is deferred and recognised as revenue over the period during which the service is performed. We recognise revenue by reference to the stage of completion of the transaction at the end of the reporting period. Therefore, I am confident that we will not encounter similar issues, which were faced by Isoft.However, due to the lack of guid ance from the IFRS and GAAP standards on revenue recognition, it is foreseeable that interpretations could become misguided or unaligned with these standards in the future. The issues raised by Isoft elucidate the importance of recording an accurate picture of its earnings. The joint project of the FASB and the IASB is trying to converge the two sets of standards and offer a single revenue recognition model that can be applied consistently to various transactions – which would address these issues of lack of guidance.Introduction: In January 2006, Isoft Ltd, a Manchester based supplier of software applications for the healthcare sector, announced that its profit would be below market expectations due to a change in its accounting policy for revenue recognition, when it announced its results for the year ended April 2006. This situation is not unusual within the software industry and reflects the issues that software companies face when it comes to accounting for revenues.As t he financial controller of SoftWarehouse Ltd, my goal is to clarify and explain the main issues faced by Isoft Ltd; the consequences of those issues on the business and finally; to determine if those practices could also impact the financial reporting within SoftWarehouse Ltd. Part 1- Examining the Isoft Ltd example: The underlying principle of Isoft Ltd’s historic revenue recognition policy had been that the value of product licences was recognised at the time of delivery, while the value of support and services was recognised as they were performed (Isoft 2006).Moreover, under this policy, the value of licences was identifiable and separable from the implementation and support services provided (Isoft 2006). AASB 118- Revenue (AASB 2010), gives some guidance on how to recognise revenue: â€Å"When the selling price of a product includes an identifiable amount for subsequent servicing, that amount is deferred and recognised as revenue over the period, which the service is p erformed. AASB (2010) illustrates that statement by giving an example which can be applied to Isoft Ltd’s situation: â€Å"When the selling price of a product includes an identifiable amount for subsequent services (for example, after sales support and product enhancement on the sale of software), that amount is deferred and recognised as revenue over the period during which the service is performed. The amount deferred is that which will cover the expected costs of the services under the agreement, together with a reasonable profit on those services. † Therefore, it seems that Isoft Ltd’s traditional policy is acceptable under AASB 118- Revenue.Isoft Ltd had to change its revenue recognition after Deloitte had found that some revenues had been recognised earlier than they should have been (Stafford 2006), which lead to an overstatement of its income and therefore had the effect of misleading the stock market (Griffiths and Bowers 2006), and thus affect Isoftâ⠂¬â„¢s credibility. When the company was obliged to realign its revenues to the current period in 2006 to reflect a fair value of its performance, its revenues got wiped out and it knocked 40% off its share values. The company also announced that at 10% of its staff would be laid off (Meyer 2006).Under Isoft Ltd’s new revenue recognition policy, licence revenues will be recognised over the same period as implementation revenues, which may range from a few months to a number of years from contract signature, and over the full duration of the contract in the case of managed services (Isoft Ltd 2006). The group stated that a change of accounting policy for revenue recognition is needed to more appropriately reflect the changing nature of the business as the group is involved with more complex and long-term product supply projects (Isoft Ltd 2006).Isoft Ltd also mentioned that its new revenue recognition policy would increase visibility and predictability of earnings (RNS 2006). PART 2 – The issues faced by software companies in relation to revenue recognition: Isoft Ltd was accused of being engaged in controversial accounting practices. The main issue with Isoft Ltd’s accounting practices is that it was recognising revenue sooner than it should have been. The company recognised revenue at the start of long-term contracts instead of recognising revenue over the life of the contract (Moulds 2006).Indeed, during the year 2004-2005, Isoft Ltd accounted in full for the revenue raised as part of long-term contracts at the time of receiving part prepayments. Analysts had found that Isoft Ltd, the main software supplier for the NHS’s ? 6. 2bn IT project, was recognising revenues from contracts even though actual payments for projects were only due over two years time (Neveling 2006). For the year ending April 2004, Isoft Ltd recognised ? 30m of payments from Accenture and CSC who were implementing the NHS’s technology overhaul (UK Parli ament 2007).One of the main issues in accounting is about revenue recognition, especially in our IT industry. As KPMG (2009) stated, IFRS does not provide any specific guidance on revenue recognition for software related transactions. The IFRS standard and the Australian GAAP standard on revenue recognition lack guidance when a transaction involves both a good and services related to that good (IASB 2008) – which is often the case for software companies. The difficulty for software companies resides in the fact that due to this vagueness, it is hard to distinguish the revenue from the software and the revenue from the services offered.As Stafford (2006) mentioned, Isoft Ltd is not the first software company to have had issues with revenue recognition. Part 3- Issues raised that may impact SoftWarehouse Ltd: At Softwarehouse Ltd, we are providing customised software to our customers in the mining industry. Our contracts with our customers involve the sale of customised softwar e as well as its implementation and maintenance services. We recognise revenue according to AASB 118, which we previously mentioned in detail in part 1.AASB (2010) adds an interesting point for guidance: â€Å"fees from the development of customised software are recognised as revenue by reference to the stage of completion of the development, including completion of services provided for post delivery service support. † The revenue is therefore, recognised over the length of the contract. Due to the fact that our selling prices include an identifiable amount for the subsequent services we deliver, that amount is deferred and recognised as revenue over the period during which the service is performed.We recognise revenue by reference to the stage of completion of the transaction at the end of the reporting period. We are confident that we will not encounter a similar situation than the one Isoft Ltd went through. However, I have to admit that the AASB is not giving clear guida nce regarding revenue recognition, which leaves us with our own interpretation. Due to this lack of guidance, it could be foreseeable that our interpretation could become misguided or unaligned with the AASB. We should always be aware that even though our policy is acceptable under the Australian GAAP, it doesn’t mean that we are protected from making mistakes.Indeed, Isoft Ltd’s traditional policy was acceptable under the Australian GAAP. However, as their contracts changed, Isoft Ltd did not update its policy, which led to misalignment. At Softwarehouse Ltd, we have to bear in mind that if the type of contracts or transactions that we offer change, then we will have to update our policy to accurately reflect our financial position. Ultimately, we must ensure that we do not recognise revenue too early and overstate our income. Part 4 – Future changes in revenue recognition standard:We are still keeping a close eye on the project regarding the new revenue recogn ition model: the Contract- based revenue recognition model. This is a joint project of the FASB and the IASB whose goal is to converge the two sets of standards (Henry & Holzmann 2009) and to offer single revenue recognition model that can be applied consistently to various transactions (IASB 2008). If adopted the proposed standard will replace existing standards AASB 118- Revenue. The core principle of this model is that an entity would recognise revenue from contracts with customers when it transfers promised goods or services to the customer.The amount of revenue recognised would be the amount of consideration promised by the customer in exchange for the transferred goods or services (RSM Bird Cameron 2011). Under this new revenue recognition model, it is stated that the â€Å"entity should recognise revenue when its net position in a contract with a customer increases as a result of satisfying a performance obligation. An entity satisfies a performance obligation when it transf ers goods and services to a customer. † (IFRS 2008). The last exposure draft (IFRS 2011) indicates â€Å"if a romised good or service is not distinct, an entity would combine that good or service with other promised goods or services until the entity identifies a bundle of goods or services that is distinct. Therefore, the entity would account for the bundle as a single performance obligation†. The revenue for that performance obligation would then be recognised over time by selecting an appropriate measure of progress towards complete satisfaction of the performance obligation (IFRS 2011). Conclusion: One of the main issues in accounting concerns revenue recognition, especially within the software/IT industry.The IFRS and the Australian GAAP standards on revenue recognition lack guidance when it comes to multiple element transactions. Due to this lack of guidance, it is foreseeable that interpretations could become misguided or unaligned with the IFRS or Australian GAA P standards. The issues raised by Isoft Ltd, elucidate the importance of recording an accurate picture of its earnings. Indeed, Isoft had to change its revenue recognition after it was exposed that some revenues had been recognised earlier than they should have been, which lead to an overstatement of its income and therefore had the effect of misleading the stock market.The joint project of the FASB and the IASB is trying to address these issues of lack of guidance. Reference List: Australian Accounting Standards Board 2010, AASB 118 Revenue. Available from: www. aasb. gov. au. [20 March 2012]. Griffiths, I & Bowers, S 2006, ‘Revealed: Isoft’s U-turn on accounts problems’, The Guardian 2 November. Available from: . [8 April 2012]. Henry, E & Holzmann, OJ 2009, ‘Contract-Based Revenue Recognition’, The Journal of Corporate Accounting & Finance, pp. 77-81. Available from: Proquest [28 March 2011].House of Commons, Committee of Public Accounts 2007, Dep artment of Health: the national programme for IT in the NHS, The Stationary Office, London. International Accounting Standards Board 2008, Discussion Paper Preliminary views on revenue recognition in contracts with customers. Available from: . [20 March 2012]. IFRS 2011, Exposure draft revenue from contracts with customers. Available from: . [5 April 2012]. KPMG 2009, Impact of IFRS on the Information Technology and Business Process Outsourcing Industries. Available from: < https://www. in. kpmg. com/securedata/ifrs_Institute/Files/IFRS_IT. df>. [ 10 April 2012]. Meyer, D 2006, ‘NHS IT timescale questioned as Isoft CEO resigns’, Zdnet 15 June. Available from: . [7 April 2012]. Moulds, J 2006, ‘Isoft directors and ex- auditors face questioning in new inquiry’, The Telegraph 26 October 2006. Available from: . [5 April 2012]. Neveling, N 2006, ‘What’s going on at Isoft’, Financial Director 31 August 2006. Available from: . [7 April 2012]. R NS 2006, Isoft Change in Accounting Policy. Available from: . [5 April 2012]. RSM Bird Cameron Chartered Accountants, 2011, Revenue Recognition- New and Revised Proposal, Available from: http://www. rsmi. com. au/rsbcwr/_assets/main/lib90034/111220_financial%20insight_revenue%20recognition%20web. pdf>. [28 March 2012]. Stafford, P 2006, ‘Revenue Recognition is Isoft’s Curse’, Financial Times 9 August. Available from: http://www. ft. com. [5 April 2012]. Uk Parliament 2007, Memorandum submitted by Ian Griffiths and Simon Bowers. Available from: . [8 April 2012].

Case Summary: Owens & Minor, Inc.

Minor did not want to pass up. This case explains the strategy Balderdash and his team approached to attain the bold with Ideal. The year prior to the bid, O&M was struggling to contain Its costs while trying to understand the profitability of their customers and services. By the end of 1995 the company had encountered an $1 1 knew that he needed to reevaluate the company's costing and pricing methods If they wanted to even be considered in winning the Ideal contract. Palavered and the team were concerned with their current cost-plus pricing method.Cost-plus signified that the customer paid a base manufacturer price plus a mark-up added on by the distributor. This allowed for drawbacks like customers engaging in â€Å"cherry-picking† and only enabling the distributors to manage low-margin, inexpensive products. This method also tied O's fee to the value of the product rather than the value of the service. The complexity of the pricing structure made it difficult for purchasing manager to track actual product costs or compare quotes from competing manufacturers and distributors.The company did more than what was being paid for. Their tasks included: Own and manage the inventory for the manufacturer Take on the financial risk associated with the function of managing the inventory flow to the hospitals Care for product returns Carry the receivables (cash flow issues due to long payment terms of customers) Carry and manage most of the inventory for the hospitals (stockpiles at times) Track and verify â€Å"customer prices for contracted product purchases† and â€Å"monitor agreements between end-users and manufacturers†.Owens & Minor creates a clear value-add for both manufacturers and suppliers. O&M takes the full responsibility for all parts of selling a product. On the other hand customers don't want to buy and own products before they are ready to use It. Thus O also enables them to achieve more efficient structures, while reducing addition al costs related to managing efficiently. The best decision for this company Is to follow activity based costing and develop that Into activity based pricing.Customers were requesting efferent types of services such as products to be packaged In smaller units and having stockpiles programs. Valves and his tea hoped that activity-based pricing system would align fees with services, reliving O of the burden of unprofitable customers. Using the BBC method would enable the company to evaluate their cost drivers and make efficient decisions based on that data. Although, Palavered and his team submitted a flexible plan where they offered to use both pricing methods, it method proving that they can be leaders in changing the market.

Employment Benefits Comparison

Employment Benefits Comparison Introduction Employment benefits are the advantages which employees get from various organizations. These benefits act as incentives for workers to perform better for their own benefit and for the benefit of the organization.Advertising We will write a custom research paper sample on Employment Benefits Comparison specifically for you for only $16.05 $11/page Learn More Employments benefits differ from organization to organization and they change with time. Most of the benefits offered to workers in 1980’s and 1990’s  ­ are not the same as those offered today. Some of the benefits offered to workers by their employers from the year 2000 up to now are almost the same or have not changed much. Most benefits offered to employees by 1980’s have been completely eliminated by most governments and only few employment benefits offered over two decades ago are still being offered to workers today. Various bills have been passed to protect the w elfare of workers to make sure that organizations offer various benefits to workers. These legislations include: The medical bill of 2003, Employee Retirement Income Security Act, Employees Retirement Income Security Act and Family and Medical Leave Act. Some of the employment benefits include: Health care and welfare benefits, Retirement and retrenchment benefits, family benefits, financial benefits, leave benefits, family benefits, flexible working benefits, housing and relocation benefits, employee service benefits and business travel benefits besides others. Most of these benefits have been introduced recently and in 1980’s they were non-existent. Organizations in majority of countries offer these benefits to their workers and indeed the Organization for Economic Co-corporation and Development (OECD) countries are leading in ensuring that workers get their employment benefits.Advertising Looking for research paper on business economics? Let's see if we can help y ou! Get your first paper with 15% OFF Learn More Healthcare and welfare benefits Healthcare and welfare benefits were offered by organizations in the 1980’s to help employee manage their healthcare and that of their dependents. Most organizations today cover the full cost of healthcare of the employee while in some organizations the cost is shared between the organization and the employee. Currently many healthcare benefits have emerged, for instance some organizations today offer healthcare and welfare benefits which focus on child wellbeing and fertility such as contraceptive coverage, infertility treatment and in-vitro fertilization and this could not happen in the 1980’s and 1990’s (2011 Employment Benefits, 2011). In the1980’s, limited benefit indemnity medical plan and free of service plans were offered to employees. This allowed each employee to compare various providers of healthcare services and then choose the one they liked most . But now very few organizations offer this kind of healthcare benefits to their workers. Currently, firms with high staff turnover or those with high number of part time workers are likely to offer mini-med-health plans to reduce the cost they are likely to incur in case an employee falls sick (2011 Employment Benefits, 2011). Most employers these days offer benefits such as mental health coverage, accidental death insurance, long term care insurance, hospital insurance and intensive insurance to their employees. A good employee-employer relationship is needed to attract and retain employee talent. Some of the benefits particularly these healthcare and welfare benefits are made to nurture such a productive relationship between employers and employees (2010 Employment Benefits, 2009).Advertising We will write a custom research paper sample on Employment Benefits Comparison specifically for you for only $16.05 $11/page Learn More In 2003, Medicare bill was e nacted which led to the creation of Health Savings Accounts (OECD Employment Outlook, 2003).This bill helps employees to save money on a tax free basis for future qualified medical and retirement healthcare cost. About one third of institutions, firms and companies offer these accounts to their workers. Contribution to these accounts is maybe by the employee, employer or both of them. In addition 20% organizations today offer health reimbursement arrangements to their employees. This is aimed at contributing money to the health saving accounts so that the employees can use the money to pay for their health care services. Retirement savings and planning benefits Every organization has its own retirement benefits which cover certain amount of years which are offered to help workers plan for their future lives. Retirement and retrenchment benefits became a common object in the 1980’s and up to now these benefits are offered by organizations across the globe. There are various ty pes of retirement plans offered to employees. Some of them include: Defined contribution retirement plans and Roth 401(K) retirement plan which are two common plans nowadays (2010 Employment Benefits, 2010). Other retirement plans are the traditional defined benefit retirement pension plan and cash balance pension plans which were prevalent in the 1980’s and 1990’s (OECD Employment outlook, 1994).These two are not common in many organization these days. Supplement executive retirement plans (SERPs) are non-qualified plans that offer benefits above those covered in other retirement plans. These SERPs are authorized under the Employees Retirement Income Security Act (ERISA).Advertising Looking for research paper on business economics? Let's see if we can help you! Get your first paper with 15% OFF Learn More About ten years ago organizations offered financial planning benefits such as individual investment advices and retirement preparation advice. Although these programs do not contribute to employee’s income, they can help employees plan their retirement benefits wisely. However few organizations offer these programs today. On the other hand, phase retirement program is currently offered to employees which involve reduction of schedule or responsibilities for workers who are about to retire. This retirement plan helps employees to ease into retirement while passing on their valuable knowledge which they have accumulated over the years to other employees. Although retirement savings, planning benefit and defined benefit pension plans are old retirement plans they are still offered today. Most of these retirement benefits have not changed very much since the year 2000(OECD Employment outlook, 1998). Financial and compensation benefits Certain group of employees get financial and compensation benefits which help them deal with monetary transactions conveniently. Most of these benefits were non-existent in 1980’s but are common in many organizations today. These benefits include: Membership in credit unions which offer low interest rates on loans, which offer loans for emergency and disaster assistance while others offer no-interest loans for non-emergency situations. Provision of life insurance for dependents, accident insurance, accelerated death benefits, and assistance in case of terminal disease such as cancer are other benefits workers enjoy nowadays especially those in OECD countries (OECD Employment Outlook, 2003). Commuter benefits are offered to offset the cost workers incur as they move from one play to other while carrying out operations of their companies. These include transport allowances, on-site parking, parking subsidies, carpool subsidies. Other recent developments include some organization offering spending accounts, auto-insurance programs and company –owned vehicles to their employees. Education assistance to employees such as career development benefits are important as they both benefit the employee and the employer since the employees have a chance to expound their knowledge and this leads to creation of a better workforce which is a benefit to the employer. Undergraduate and graduate education assistance as well as education assistance to members of employees families are other benefits offered to workers (2010 Employment Benefits, 2010). Most organizations offer monetary bonuses through various ways. Some lay out a criteria which when met by the employees, they will receive more compensation, incentive bonuses, promotions and this leads to high performance. Other incentives include: sign-on bonuses for new workers, retentions bonus for workers who stay in the organization for a considerable period and lastly referral bonuses which are offered to workers who refer and encourage new members to be p art of the organization. In addition some organization recently have been able offer technology services and discounts to their employees such as business cell phones, personal computers, iPads and internet connections and these benefits helps employees cut down the associated costs of such services (2011 Employment Benefits, 2011). Leave benefits Leave benefits include paid time off plan which includes traditional vacation time, sick leave or personal days. Paid vacation plans these days are offered by most organizations to full-time employees which can be inform of cash-out option or a paid vacation leave donation program. Other leave benefits include paid personal leaves and floating holidays whereby employees receive payment on their leaves (2010 Employment Benefits, 2010). Personal days may be used as birthdays, for religion purposes or as mental health days. Most companies now offer these leave benefits because they recognize that there is need for employees to have time-off w ork for purposes other than vacation and illness. Floating holidays are recent development in the employee’s benefit list whereby workers are given certain amount of days of their choice during the year to use for holidays. Other leaves include paid sick leave whereby employees who are sick are paid and this protects the employees from loss of income when they are sick. Some organizations offer stand-alone sick leave plan while others provide a paid sick leave donation program to their employees. Family and Medical leave act of 1993 ensures that every employee has a 12 weeks unpaid job-protected leave for a year if the employee, his/her spouse or child has a serious medical condition. Although the act doesn’t require the various public and private organizations to pay for the leave some organization pay for the leave (OECD Employment outlook, 1999) Military leaves, leave for new parents, paid paternity and maternity leaves are other leaves which have been offered by va rious organizations since 1980’s. Indeed maternity and parental benefits were introduced in the 1980’s and the companies offering them have increased greatly since then. However long-term parental benefits nowadays are restricted to the OECD countries (OECD Employment outlook, 2003). A few organizations today are even able to offer paid adoption leaves to their employees, paid time-off to serve on board of a community group, paid time off for volunteering, paid and unpaid sabbatical program and paid time off for group vacation. Other employment benefits Other employment benefits include family friendly benefits, flexible working benefits, employee service benefits, housing and relocation benefits and business travel benefits. Under family friendly benefits, most organization nowadays are able to provide dependent care flexible accounts to their employees where money is set aside which can be used later to care for the employee’s dependants. In addition some orga nizations offer child care benefits to their employees such as child care emergency, adoption or foster care assistance and child care referral services whereby a portion of companies today allow their workers to bring their babies to work on regular basis. This reduces the cost which is incurred by employees when they access services such as non-subsidized child care or back up child care services. Dependent care flexible account can be used by employees to offset cost of elder care. Other family friendly benefits include back up elder care benefits, geriatric counselling, assisted living assessments and elder care in-home assessment (2011 Employment Benefits, 2011). Employee service benefits offered by companies include provision of language skills and work/life balance benefits. Globalization is happening fast in today’s world and has prompted people of diverse cultures to move from one part of the globe to another. As a result workforce and customers of many organizations consist of people with various levels of language proficiency. Due to this many organization organize for foreign language classes for specific group of employees. On the other hand work/life balance benefits are also offered by organizations today in many OECD countries. Many organizations provide quick access to food and beverages by having automatic vending machines near work place. Banks and Post offices are likewise near workplace and this reduces time workers spend moving to use various services and this optimizes their performance for the benefit of the organization (2011 Employment Benefits, 2011). Housing and relocation employment benefits have existed since time immemorial but recently they have been modified to suit the needs of workforce in many organizations today. Most organizations offer one-time permanent relocation whereby companies offer one time simple relocation lump sum payment. Others offer local visit assistance or house hunting trips to employees, spouse rel ocation assistance, down payment assistance and temporary relocation assistance. However housing and relocation assistance have declined over the last few years. Business travel benefits offered by companies today include travel expenses and additional pay to the employees involved in the travelling (2010 Employment Benefits, 2010). Conclusion Employment benefits have changed over the years since 1980’s through 1990’s to the present day. Various employment benefits have declined and in some countries they have been completely eliminated. For instance labour market leaves existed in some countries in the 1980’s such as Belgium but they declined in the following years and in Denmark they were eliminated by 1999 (OECD Employment Outlook,1999). In most countries, employment benefits allocation in Human Resource budget is fixed or marginally flexible hence job seekers are selective in choosing their employers and are likely to work in those organizations which offer fringe employment benefits. Employment benefits are meant to improve employee’s performance, attract new personnel to an organization and improve employer-employee relation for the benefit of any organization. Governments of various states have passed various bills which act in favour of employees in both private and public organizations to make sure they get various employment benefits. Almost all organizations offer some kind benefit to their employees with big organizations offering more benefits to their employees. The kind of employment benefits offered by organizations depends on their size and workforce. For example a company with high proportion of part-time workers will chose to offer benefits which are suitable for such kind of workforce to cut down the cost spend on employment benefits. References 2010 Employee Benefits. (2010).Examining Employee Benefits in the midst of a recovering economy.pp.1-92.Retrieved from: https://www.shrm.org/ 2011 Employee Benefits. (201 1). Examining Employee Benefits Amidst Uncertainty, society for human resource management. pp.1-92, Retrieved from: https://www.shrm.org/ OECD Employment outlook. (1994).Work-force ageing in OECD countries. Retrieved from: oecd.org/ OECD Employment outlook. (1998). Displacement and Job Loss: The workers concerned, pp.1-34, Retrieved from: oecd.org/ OECD Employment outlook. (1999).Recent labour market developments and prospects, Special focus on the quality of part-time jobs, pp.1-33, Retrieved from: oecd.org/ OECD Employment outlook. (2003). Towards More and Better Jobs Benefits and Employment, Friend or Foe? Interactions Between Passive and Active Social Programmes, pp.1-65, Retrieved from: oecd.org/ OECD Employment Outlook. (2009).Is work the best antidote for poverty?. pp.1-46. Retrieved from: oecd.org/

How to Format an NLM Reference List

How to Format an NLM Reference List How to Format an NLM Reference List NLM referencing is used by many medical schools and journals. Thus, if you are studying medicine, you may need to use NLM referencing in your written work. And in this post, we’ll look at the basics of how to format an NLM reference list. Read on to find out more. NLM Reference List Rules In NLM referencing, as well as citing sources in the main text, you need to list each cited source at the end of your document. This list can be titled â€Å"References,† â€Å"End References,† â€Å"Literature Cited,† or â€Å"Bibliography† (check your school’s style guide if you are not sure which to use). Beyond this, there are some rules that apply to reference lists in NLM referencing: Write author and editor names surname first. Use initials in place of first and middle names. List all named authors for each source, regardless of how many there are. Use a comma to separate author names in each entry. Capitalize only the first word of book and article titles, along with proper nouns, proper adjectives, acronyms, and initialisms in titles and subtitles. Reproduce other titles (e.g., web pages) as they were originally published. Abbreviate significant words in journal titles (and omit other terms). Use a colon followed by a space to separate titles from subtitles. For online sources, include a citation date in square brackets after the date of publication; you should also give a URL at the end of the reference after the words â€Å"Available from.† Beyond this, how you organize a reference list will depend on the citation style used in the document. In the rest of this post, then, we will look at how to format an NLM reference list when using the citation-sequence, citation-name, and name-year versions of this system. NLM Refence List: Citation-Sequence In the citation-sequence system, you cite sources with superscript numbers in the main text. These numbers point to entries in the reference list, with sources listed in the order they are first cited. As such, the first source you cite becomes the first entry in your reference list, the second source you cite would become the second entry, etc. For instance: 1. Hopper D, Farrow A. Medical bibliographies. J Med Writ. 2008 June 15; 4(1): 128-130. 2. Aaronson A. A history of English alphabetization. New York, NY: Penguin; 1998. 480 p. 3. Zedwick Z. Understanding NLM [Internet]. Bethesda, MD: National Library of Medicine; 2011 Jan 5 [cited 2018 Nov 11]. Available from: nlm.nih.gov/NLM-referencing. Here, for example, the fact that â€Å"Medical bibliographies† by Hopper and Farrow is the first source in the list would mean that it is also the first source cited in the document. We would then know that any citation with a superscript â€Å"1† in the text points to this entry in the reference list. NLM Refence List: Citation-Name The citation-name system is similar to the citation-sequence version in that you cite sources with numbers in the main text, with each number indicating a source in the reference list. However, with this version of NLM referencing, you order sources in the reference list itself alphabetically by author surname. With this version of the system, then, our NLM reference list would look like this: 1. Aaronson A. A history of English alphabetization. New York, NY: Penguin; 1998. 480 p. 2. Hopper D, Farrow A. Medical bibliographies. J Med Writ. 2008 June 15; 4(1): 128-130. 3. Zedwick Z. Understanding NLM [Internet]. Bethesda, MD: National Library of Medicine; 2011 Jan 5 [cited 2018 Nov 11]. Available from: nlm.nih.gov/NLM-referencing. The â€Å"Aaronson† source is first here because â€Å"A† comes before â€Å"H† and â€Å"Z† in the alphabet. We would then cite each source with the number of its position in the reference list. NLM Refence List: Name-Year Things are a little different in the name-year citation system. In this version of NLM referencing, you cite sources by giving the author’s surname and a year of publication in brackets. In the references at the end of the document, meanwhile, you list all sources alphabetically by author surname: Aaronson A. 1998. A history of English alphabetization. New York, NY: Penguin. 480 p. Hopper D, Farrow A. 2008. Medical bibliographies. J Med Writ. 4(1): 128-130. Zedwick Z. 2011. Understanding NLM [Internet]. Bethesda, MD: National Library of Medicine; [cited 2018 Nov 11]. Available from: nlm.nih.gov/NLM-referencing. The list here is, then, in the same order as with the citation-name system. However, there are two major differences: We do not number sources as there are no numbered citations. Because we use the year of publication for sources in citations, we give this detail immediately after the author’s name in the reference list. Otherwise, though, this version of NLM referencing is the same as the versions above when it comes to formatting a reference list.

Aftermath and Effects of the Hundred Years War

Aftermath and Effects of the Hundred Years War The Hundred Years War Between England and France lasted for more than a hundred years (1337–1453) of off and on conflict  before England appeared to have been defeated. Any conflict lasting this long would cause changes, and the aftermath of the wars affected both nations. The Uncertain End While we now recognize that a distinctive phase of Anglo-French conflict ended in 1453, there was no peace settlement in the Hundred Years War, and the French remained prepared for the English to return for some time. For their part, the English crown didn’t give up its claim on the French throne. Englands continued invasions werent so much an effort at recovering their lost territory, but because Henry VI had gone mad, and competing noble factions couldnt agree on past and future policy. This contributed greatly to England’s own struggle for power, known as the  Ã¢â‚¬â€¹Wars of the Roses between the houses of Lancaster and York for control of Henry VI during his mental illness. The conflict was partly fought by battle-hardened veterans of the Hundred Years War. The Wars of the Roses tore at the elites of Britain  and killed many others as well. A watershed had been reached, however, and the French south was now permanently out of English hands. Calais remained under English control until 1558, and the claim on the French throne was only dropped in 1801.​ Effects on England and France France had been severely damaged during the fighting. This was partly caused by official armies conducting bloody raids designed to undermine the opposition ruler by killing civilians, burning buildings, and crops and stealing whatever riches they could find. It was also frequently caused by ‘routiers,’ brigands- frequently soldiers - serving no lord and just pillaging to survive and get richer. Areas became depleted, populations fled or were massacred, the economy was damaged and disrupted, and ever greater expenditure was sucked into the army, raising taxes. Historian Guy Blois called the effects of the 1430s and 1440s a ‘Hiroshima in Normandy. Of course, some people benefitted from the extra military expenditure. On the other hand, while tax in pre-war France had been occasional, in the post-war era it was regular and established. This extension of government was able to fund a standing army- which was built around the new technology of gunpowder- increasing both royal power and revenue, and the size of the armed forces they could field. France had begun the journey to an absolutist monarchy which would characterize  later centuries. In addition, the damaged economy soon began to recover. England, in contrast, had begun the war with more organized tax structures than France, and much greater accountability to a parliament, but royal revenues fell greatly over the war, including the substantial losses incurred by losing wealthy French regions such as Normandy and Aquitaine. For a while, however, some Englishmen got very rich from the plunder taken from France, building houses and churches back in England. The Sense of Identity Perhaps the most lasting impact of the war, especially in England, was the emergence of a much greater sense of patriotism and national identity. This was in part due to publicity spread to gather taxes for the fighting, and partly due to generations of people, both English and French, knowing no situation other than war in France. The French crown benefited from triumphing, not just over England, but over other dissident French nobles, binding France closer as a single body.

In property valuation,how important is covenant strength and how is it Essay

In property valuation,how important is covenant strength and how is it reflected in valuation - Essay Example Determining the financial capabilities of tenants is important since it gives clear details about potential or existing tenant who can be an individual or a corporate. The credit worthiness of existing and potential tenants contributes to the value of a property. It is therefore an important factor in yield adjustments. Firstly determining the strength has great importance to property owners. According to Fishers model, return on investment is a reward for liquidity loss, risk assumed, and expected inflation (Norman, 2008). Property owners also consider covenant strength to be an important aspect of the housing industry. Property owners are investors in the housing industry and therefore they assume risks. In addition, the value of rent is subject to inflation considering the appreciation and depreciation of property value. The variable enables property owners to determine the possible income from their investment for a given period. Determining tenant’s financial abilities also enables the property owners to determine their expected income or possible losses. The proprietors also need to determine the value of their property at a given time. The strength therefore enables property owners to determine their yield with a high degree of accuracy. Properties are common form of security for loans due to their low liquidity. Lenders also consider covenant strength as an important factor on their business. The factor gives the reward of liquidity on a property (Norman, Alastair, & Nicky, 2011). It also gives the possible risks in constant inflation. These variables are important to lenders since they enable them to determine the credit worthiness of a property owner. The factors also enable lenders to determine the optimum capital that a given property can secure. Finally, lenders also need to determine the return on liquidity in case they need to recover their cash from a defaulter. In such cases, tenant’s financial position proves to be of

Law and Legal Obligations Case Study Example | Topics and Well Written Essays - 2000 words

Law and Legal Obligations - Case Study Example The endorsing of the food by the celebrities, prominent personalities in visual media, The audio advertisements that tell about the taste and goodness of the junk food, The baseless topics that are publicised by the advertisements which do not have experimental proof, The instigating the children to eat junk food either by audio, visual, print media Can be considered as advertising the junk food under the criminalising of the sale of junk food to children and the ban of junk food vending machines in the schools and hostels Junk Food: The food that lacks nutrients and has more calories, The food that lack fibre and develops acidity The foods that have sugar content more than the prescribed level The foods that have less protein, fibre and that was replaced by starch and fats, The foods that have more fats than carbohydrates, The foods that have fat, carbohydrate, protein and fibre in disproportionate composition. (proportion is defined in the next section) The foods, which are not prescribed for good health of children. (health is defined in the next section) Vending Machines: The machine that supplies junk food without knowing to whom it is supplying. The machine which delivers junk food by taking the input of prescribed coins in to it. The machine which delivers junk food by taking the input of prescribed currency in to it. The vending machines which contain all the above three features and are installed in schools, hostels and the places where children buy the junk food directly without the consent of the adults. Section II In this section 'disproportion composition of the fats, carbohydrates, proteins, fibre, health of the children were defined. Disproportionate composition: the composition of fats, carbohydrates, proteins, fibre in a food substance was... In this paper a law about banning the junk food for children will be drafted and various terms will be defined. The definitions will be given according to the spirit of the law and the explanations for offences and defences will be incorporated. The sale of junk food to children will be considered as a crime. The sale of the same food for the adults is not in the purview of this act. For this purpose the sale of junk food, where children will buy directly from the vendors will be banned and prominently the sale of junk food in schools and hostels was prohibited. This will be considered crime against the children and the society if it was observed to be done and the individuals or the organisations who are responsible for those acts will be prosecuted according to the clauses and provisions in the act. Disproportionate composition: the composition of fats, carbohydrates, proteins, fibre in a food substance was considered as disproportionate if they do not match with the composition of the food substances prescribed by Health department for the sake of health of children. The health of children can be defined according to the weight of them proportionate to their height, the extra fat they accumulate under their skin, the hip waist ratio of them, the good sight regarding their eyes, the accumul

IS MODERN SOCIETY RATIONAL Essay Example | Topics and Well Written Essays - 2500 words

IS MODERN SOCIETY RATIONAL - Essay Example Evidence of their influence may be found in many features of modernization theory: the frequent use of dichotomous type constructions and concepts such as "social differentiation" and "social system"; an emphasis upon the ability to adapt to gradual, "continual change as the normal condition of stability; the attribution of causal priority to immanent sources of change; and the analysis of social change as a directional" process (Tipps, 1973, p 199-226). Tipps also notes that modernization has been employed mainly as an inclusive rather than discriminating concept. It is used to summarize a great many phenomena rather than to discriminate what is modern from other conditions. The level of analysis which is of crucial theoretical significance is that of society and culture--the national state is normally the focus of interest. Finally, Tipps classified modernization theories into two types, the "critical variable" and the "dichotomous" theories. The first type in volves a single kind of change, such as rationalization or industrialization, and the term modernization becomes virtually synonymous with the critical variable. The second type is more common, and involves the process of transformation of traditional societies into modern ones. The process, then, is defined in terms of the end goal, and the end goal is "often a nation very similar to those in the contemporary West" (Lauer, 1977, pp 304-310). The empirical critique argues that modernization theory contains empirical errors or lacunae. Thus, Tipps points out that the theories tend to ignore the impact of forces external to the changing society; to stereotype the meaning of "traditional"; to ignore the diverse kinds and diverse experiences of so-called traditional societies; and to overemphasize the dichotomous nature of tradition and modernity. Parkin states: "a recent critical shift has been away from explanation to description, while this is a matter of degree, the movement away from functionalism has lessened our preparedness to explain how the 'other' works in favor of describing it." (1982, pg. xiii). Finally, the metatheoretical critique offered by Tipps involves the choices made by the theorists in building their systems of thought. We have already noted the tendency to make modernization an inclusive rather than a discriminating concept. This choice toward inclusiveness, argues Tipps, has led the theorists to make the concept "unparsimonious and vague." The concept has lost contact with the empirical reality to which it supposedly refers, and at the same time it is used to refer to "an incredible number of changes at virtually all levels of social reality" (Lauer, 1977, pp 304-310). Thus, Tipps call for a redirection of modernization theory. There are, of course, some efforts in that direction. Frank himself, along with a number of other scholars, is viewing the process of modernization in Marxist terms. There have been other efforts to look at modernization at the individual level in terms of cognitive transformation. No theory has yet been

Topic of the paper will focus on a criminal case that has been Essay

Topic of the paper will focus on a criminal case that has been adjudicated by the United States Supreme Court and has implicatio - Essay Example There are a number of cases that have been handled by the supreme high court that have in one way or another set precedence over future rulings that may occur on similar matters and one of these is the Gonzalez Vs Raich case which occurred in the year 2005 (Find law). This case dealt with the issue of home grown marijuana in relation to its use for medicinal purposes, and whether an individual who was doing this had the right to do so without any interference from law enforcement authorities. The ruling that was made was based on the Commerce Clause of the U.S Constitution . Congress has the ability to criminalize the use and production of Cannabis that is home grown even when states have allowed its use for medicinal purposes. About the case Angel Raich and Diane Monson were the two defendants of this case which occurred after law enforcement agencies destroyed Diane’s Marijuana plants claiming that they were illegal under federal law. This was despite the fact that Diane res ided in California, a state that had allowed the use of homegrown marijuana for medicinal purposes (Find law). ... her doctor who testified under oath claiming that she needed the marijuana for the excruciating pain that she was going through and her allergic reaction to the other forms of alternative medication that she had tried before. The two defendants sued the government for declaratory as well as injunctive relief in a bid to stop them from interfering in their growing and use of marijuana for medicinal purposes. They argued that the interference of the government under the Controlled Substances Act was unconstitutional in reference to their activities and reasons behind those activities (that is, the growing and use of homegrown marijuana for medicinal purposes) and thus the government should not have a right to run interference. Both Angel and Diane Used marijuana to relieve themselves of pain that their bodies suffered and thus it could not be said that their handling of the drug was for recreational purposes (Find law). The government on the other hand argued that the Controlled Substa nce Act did not recognize nor accept the use of marijuana for medical or recreational purposes and thus the law had a right to put a stop to any form of drug cultivation among individuals despite the circumstances. The acts against Angel and Diana were as a result of the Drug Enforcement Administration (DEA) who had been given instructions to break up the various co operations that dealt with medicinal marijuana within California and seize the assets belonging to those co-operatives (Find law). Though as mentioned earlier, California had made legal the use of marijuana for medicinal purposes, this act was done in the belief that Federal law trumped that of California and thus the law enforcement agencies were within their rights to act on these orders (Find law). The government further

The silent language in Overseas Business Essay Example | Topics and Well Written Essays - 750 words

The silent language in Overseas Business - Essay Example However, owing to its versatility, silent language is often found to be a challenging task for managers acting as a barrier in business negotiations, especially those held in overseas market. In this context, Hall explains five points which can be analyzed to understand the foreign cultures for overseas business from a more in-depth perspective (Hall, â€Å"Language of Time†). Time is regarded to be quite vital for every business where different communities or cultures depict differing views towards adherence to time schedules which also replicate a dimension of silent languages. Globally, it is used as a common channel to communicate during overseas business negotiation. For instance, in the US culture, a delay in replying a communication within the stipulated time would generally indicate a matter of low priority or lack of interest for the allied parties and thereby cause serious disruptions in the negotiation process. While in Arab, time does not usually include fixed sche dules like Americans. Time required for the accomplishment of a particular task depends entirely on the relationships between the parties engaged. Again, in Ethiopia, time required in making a decision is directly related to its importance to that person and thus is based on mutual understanding (Hall, â€Å"Language of Time†). Like time, language of space also has its own importance in different business cultures. Where on one hand, larger space may signify the authoritative position of the person; on the other hand, in another culture, it might signify the individualistic perspective of the person. For instance, in America, the top level employees have the perception that being in middle of an overcrowded place (office among the subordinates) would generally mean that there would be various kind of people around them trying to create close associations and obtain bias benefits from them and hence, they prefer greater space in their working environment where only their peers and higher authority will be allowed. On the other hand, the top executives in France intend to maintain a higher degree of coordination with lower level employees in order to preserve greater confidence among their subordinates and also to maintain a better control over the team performances. On the contrary, in case of the Arabian business culture, the location of the office and its dimension has minimal relation with the importance of the person occupying it (Hall, â€Å"Language of Space†). In this dimension, Hall elaborated the notion of ‘things’ as the significance rendered to material possessions. Illustratively, the Americans believe that if a place is decorated with attractive materials and a large space accumulated with proper surrounding would signify that the people who are living in that premise are dependable as well as successful in their working environment. Contradictorily the French, Germans and the English have their own way of utilizing mater ial possessions. In most instances, these cultures are observed to follow a traditional way of judging dependability and respectability of people rather than referring to their material possessions. Again, the Middle Eastern businessmen are quite likely to look for personal connections and friendships when assessing the most dependable person rather than taking into account the furnishings. Contextually, Japanese

Topic of the paper will focus on a criminal case that has been Essay

Topic of the paper will focus on a criminal case that has been adjudicated by the United States Supreme Court and has implicatio - Essay Example There are a number of cases that have been handled by the supreme high court that have in one way or another set precedence over future rulings that may occur on similar matters and one of these is the Gonzalez Vs Raich case which occurred in the year 2005 (Find law). This case dealt with the issue of home grown marijuana in relation to its use for medicinal purposes, and whether an individual who was doing this had the right to do so without any interference from law enforcement authorities. The ruling that was made was based on the Commerce Clause of the U.S Constitution . Congress has the ability to criminalize the use and production of Cannabis that is home grown even when states have allowed its use for medicinal purposes. About the case Angel Raich and Diane Monson were the two defendants of this case which occurred after law enforcement agencies destroyed Diane’s Marijuana plants claiming that they were illegal under federal law. This was despite the fact that Diane res ided in California, a state that had allowed the use of homegrown marijuana for medicinal purposes (Find law). ... her doctor who testified under oath claiming that she needed the marijuana for the excruciating pain that she was going through and her allergic reaction to the other forms of alternative medication that she had tried before. The two defendants sued the government for declaratory as well as injunctive relief in a bid to stop them from interfering in their growing and use of marijuana for medicinal purposes. They argued that the interference of the government under the Controlled Substances Act was unconstitutional in reference to their activities and reasons behind those activities (that is, the growing and use of homegrown marijuana for medicinal purposes) and thus the government should not have a right to run interference. Both Angel and Diane Used marijuana to relieve themselves of pain that their bodies suffered and thus it could not be said that their handling of the drug was for recreational purposes (Find law). The government on the other hand argued that the Controlled Substa nce Act did not recognize nor accept the use of marijuana for medical or recreational purposes and thus the law had a right to put a stop to any form of drug cultivation among individuals despite the circumstances. The acts against Angel and Diana were as a result of the Drug Enforcement Administration (DEA) who had been given instructions to break up the various co operations that dealt with medicinal marijuana within California and seize the assets belonging to those co-operatives (Find law). Though as mentioned earlier, California had made legal the use of marijuana for medicinal purposes, this act was done in the belief that Federal law trumped that of California and thus the law enforcement agencies were within their rights to act on these orders (Find law). The government further

Social Determinants of behaviour Essay Example | Topics and Well Written Essays - 1500 words

Social Determinants of behaviour - Essay Example Social Determinants of behaviour This paper focuses on the psychological approach to explaining the reasoning behind prejudiced behavior still occurring in society today despite social sanctions that have been put in place against it. Negative behavior involving prejudice has been punished over the past several decades due to social sanctions being put into place. These sanctions have resulted in many individuals who would otherwise display prejudice behavior to change their stance or to at least keep their opinions to themselves and not act out in public. However, quite a bit of prejudice behavior still appears in society despite these social sanctions being put into place. There is a social psychological reason for this prejudice behavior continuing in society today. Among the things contributing to this fact are social cognitive processes such as stereotypes and categorization, as well as psychological theories, concepts, and research. According to Kanlouh, Koh, and Mil, "In culturally diverse and immigrant receiving societies, immigrant youth can be subject to prejudice and discrimination. Such experiences can impact on immigrant youth's cultural identity and influence their psychosocial outcomes. Four main themes emerged on participants' experiences of prejudice and discrimination: (a) societal factors influencing prejudice; (b) personal experiences of discrimination; (c) fear of disclosure and silenced cultural identity; and (d) resiliency and strength of cultural identity.† " Policies and practices that are inclusive in nature need to be put into place in order to counteract the disintegration of youth. The problem is not limited to just general culture. A big problem occurs in school systems throughout the world as well. According to Valeo (2009, pg. 1), "Ontario's current education system is struggling with the task of fully including children with disabilities in the regular classrooms of their neighbourhood school. While many educators understand that it is wrong to deny admission to publicly funded schools because the child may be Black or female, they nonetheless feel that segregation of students with disabilities is warranted and not discriminatory. An examination of their experiences using a narrative format seems to suggest that the institution of education has never welcomed difference in any form and at issue is not whether education can ever welcome students with disabilities, but whether it was created to be anything but an exclusive enterprise." Some people believe that prejudice occurs naturally, as in people are born with it, and that it does not develop as a result of society. Others disagree. They claim that it occurs because of how a person is raised, the situations that occur around him or her, or the like. In arguing the latter point of view, prejudice may occur as a result of the establishment of institutions, the status of a particular individual compared with those around him or her, a person's role in society, laws, belief systems, the overall distribution of the population, social currents, the experiences of groups, emotions, and urbanization (Valeo, 2009). There are both formal and informal social sanctions. An example of formal sanctions includes the law of the land. Examples of informal sanctions i

Visiting Forces Agreement Essay Example for Free

Visiting Forces Agreement Essay Thesis Statement: The Philippines should consider terminating its Visiting Forces Agreement (VFA) with the United States before it’s too late for the government to overcome its unexpected dilemma. I.What is the RP–US Visiting Forces Agreement? a.A bilateral agreement between the between the Philippines and the United States consisting of two separate agreement documents. a.Balikatan as VFA-1 b.Balikatan as VFA-2 or the Counterpart Agreement II.There are several negative effects of â€Å"Balikatan† in the country. 1.Balikatan exercises threatened our environment and ecological resources. a.In the past Balikatan exercises, war and combat simulations which involved maneuverings and live fire exercises have caused coral reef destruction and ecological pollution. b.Dumping of toxic wastes and nuclear-powered submarines are very dangerous to the health. 2.Balikatan exercises can affect the peace and order situation in the country. a.Danger to life, honor, safety, and peace of the citizens, like what happened to Nicole (Subic Bay rape victim) and to the other Filipinos threatened since the VFA was signed. 3.Balikatan exercises can affect the industrial and agricultural sector. a.During the dangerous exercises, farmers, fisher folk and indigenous people are banned from attending crops or fishing at the seas, thus, does it affect their livelihood. III.What are other alternatives aside from recent visiting forces agreement? a.Improved the facilities and human forces by setting the international standard in military tactics. b.A new refined and version of visiting forces agreement with the US or other countries that protects the Philippine and international laws on the protection and preservation of the environment.

Penetration Testing Of General Hospital Information Technology Essay

Penetration Testing Of General Hospital Information Technology Essay Penetration testing PeT appendix B has always been an important first-step in any security life cycle. By doing penetration testing, the Hospitals IT team can obtain many invaluable information about the Hospitals newly developed security system. Basically the process of penetration testing will be involved with gathering information. Using these information to identity and then try to exploit the security vulnerabilities. 1/ Why do we need to perform penetration testing: Penetration testing is one of the oldest and effective method to evaluate the security of a computer system. Nowadays many organizations are using penetration testing in order to discover and fix security weakness before the get exposed. And for General Hospital after the process of creating a new security system, it is important that we do penetration testing, not only to find out about any potential vulnerability, but also to demonstrate the effectiveness of the new system, these are just a few points on why General Hospital should do penetration testing: The main purpose still for greater understanding of the current security system and finding any gap in security. This help the Hospitals IT team to have proper action plans to minimize the threat of attack or misuse. The penetration test will be documented carefully (more information on this bellow), and these well documented results will help the managers in making a strong business case to the Hospital board, explaining, justifying all the budget had been use for creating this new security system. Security is not a one-time solution, its actually a long process of maintaining and upgrading along the way, as new threads are being discovered. This pen-test maybe the first that SGH have, but itll definitely not be the last. By doing a proper pen-test, the result will act as a good foundation for future testing. 2/ Quality of the test: Like any big project, before we actually committed to complete the task, we have to have a very clear picture of the final product as well as the strategy, and every steps of the way, committing without planning is one way to ensure to achieve failure (more information on planning in the next part). As we go on later in this document, well see that the Hospital will cooperate with a security partner in order to carry the testing, the more reason for two party to sit down and agreed on the standard quality of this test. So, what makes a good penetration testing? Scope of the test: defying a clear scope, that will be most suitable for the Hospital that will be the first and most important task, for a good scope will help to prevent wasting of resource at the same time able to cover every potential vulnerability (the scope defying will be in the next section, the planning stage). Reliable partner : after the planning, sketch out a good strategy, its the security partner job to implement, launch the test, thats why we have to chose a skilled and experienced partner, the one who know what they are doing, in the fourth section, we will chose a partner that: Legally capable. Technically capable Can abide the non disclosure agreement, and this is especially important, for we a hospital, working with highly sensitive information. Choosing correct and adequate series of test, this depends heavily on the scope that we decide on. Also the executing of the test must follow strict methodology, every test must be planned carefully, followed the plan, and the well documented. This is very important because if we treat the test just like a guessing game, to see where the weaknesses are, its very likely that we are going to miss something, and that alone make the purpose of doing penetration testing completely voided. Result oriented: the only thing we care for its the result of the test, thats why the results should be well documented, the team should pay attention also to make the result understandable, so that the Hospital board can easily understand the problems, the consultant of the security partner company should also be ready to present and explain the results. With that set of quality in mind, we are going to proceed to the planning and further steps accordingly. However, because we are not going to actually perform the test, so we are only going through: planning, defying scope, chose a strategy, choosing the tests, and lastly defying methodology and standard for these series of test, we are going to explain what do we chose and why, as for the definition and how to execute please refer to the appendix. II/ The planning stage: In this part, we will cover the planning, defying scope, that lead to a strategy plant, which will be the back bone guide line for any further tests to follow. The security priorities of different target are different, for a service net work it is important to have a high stability, availability, or in case of an e-business network, it requires high authenticity. However none of that can be apply to SGH, for a hospital the utmost priority are confidentiality, data integrity, we are dealing with patients data here, there is no point in taking the Hippocratic Oath to keep the patients information confidential while on the other hand slacking off In putting effort to protect those information. Not only that we are dealing with much higher stake game here, which involve humans lives. This is no longer just protecting data for data mean money. When I were young, I remember a movie where a patient with a broken jaw put back together by metallic platting, years latter he has cancer, and his doctor without knowing about the platting still send him to the MRI machine (highly magnetic), and lead to his gruesome death. All of which cause by lack of de ntal documentation in his medical history. So in a nut shell, SGH highest priority is data Integrity and confidentiality, but in the mean time we still have to do minimum checking on every other aspect, leave out nothing. The second as part of SGH network system is the personnel, which in this case are doctors and nurses mostly. They are among the most highly trained employees, however not in IT. Nowadays almost every hospital in Singapore has been completely digitalized, dealing with database instead of paper files, also with many medical devices are being monitored by computer programs. The combination of high tech with unexperienced user leads to a very high chance of application misuse, data input wrongly. That put application security testing (appendix B application security testing) priority a bit higher than normal. So as a conclusion for the strategy of this penetration test: we are going to do a penetration test follow Blind Testing strategy (Bind testing strategy Appendix B) to stimulate the action like a real hacking attempt by hacker to obtain confidential data, or to modify, deleteà ¢Ã¢â€š ¬Ã‚ ¦etc. In the same time we will combine with certain Internal testing (Internal testing strategy), mostly focus on application security, misuse..etc, and of course a few basic test again common threat however we are not going to deep in that. After decided on a plan and testing strategy, the next step will be vulnerability assessment III Vulnerability assessment (VA): Why should we do VA (VA appendix B)? In fact there are some confusion between VA and pen-test, sometime people lable them as the same. Pen-test mostly consis of VA, but then take one step futher, find out the weak spot then attack it. So basically before we do pen-test, the first step would be VA. For the detail of how to do VA please refer to VA Appendix A . But basically we are going to series of techniques that can be considered as research before attack. Passive research: learn as much as we can about SGH, from out site point of view. Open source monitoring: utilizes Internet meta-searches focus on specific keywords, or sensitive information to see if there are any leaking. Network mapping and OS fingerprinting: from out side view, figuring out the structure of the network, even able to draw out a network diagram from the information gatherd through different tools Spoofing: trick the targeted computer in side the Hospital, sending out packets pretending that they are from trusted source. Network sniffing: capture data as it travel in and out the network, especially we have the different site between Clinics and Hospital, this can be a good check to see if our VPN is working properly. Trojan attack: and yes the traditional, butter and bread Trojan attack, Even though its basic, but because its so popular, itll be a mistake to think that our fire wall can do all the job, when Trojans combine with social engineering can be devastating. Brute force attack: this can be optional as we mention before the availability of the network may not be our highest priority, however if the resource allow, we can still do it, as a better safe than sorry. Vulnerability scanning: finally we can use automated tools to scan the whole database looking for potential vulnerability (the how, and what tool can be found in VA appendix A) After all those test, its very likely that we may able to discover a few holes in our security system. However in order to make sure that in all those vulnerabilities weve just discover none are false positive we will go to the next step is exploit testing, meaning actually attack to see if any got through. IV penetration testing, different types of test: Exploit testing (exploit testing appendix B) normally is the final stage in the whole process of penetration testing. There are many type of test, each with different level of commitment. We have to chose which test, and how far do we want to push. This decision is based on two aspects. One is the predefined scope that everybody agreed on earlier, we will conduct the test accordingly to that scope, to the strategy. The second is based on the result of VA, attack on every potential vulnerability that weve just found. In this scenario, because we have not actually performed the test, so we are going to chose based on the scope only. 1/ Database Integrity: As we discussed in the previous section, the integrity and confidentiality of SGH database is our highest priority. The fact that in the process of VA, we have done many test and checking, sniffing, mapping, Trojan, brute force, those are not only VA testing but actually a part of testing the confidentiality and integrity level of the data base also. Thats the fine line between VA and penetration testing as many of the assessment can actually be consider as exploitive. In the same manner in this stage of exploitive testing there still are test that could be done that may very well have been a part of VA like: War dialling: (war dialling appendix B): by calling a wide range number of telephone inside SGH, we may catch a modem, remote access devices, and maintenance connection that may leave an open on the hospital network. Why do we even consider this method? The fact that nowadays not only user, but even IT staff have very high ignorance when considering the phone network, while in fact they are the very primate assess point that possible for hacker to exploit, you dont actually need to be ignorance, just careless is enough, like leaving an open modem on a critical node of the network is enough to create an opening. There are many tools we can use for war dialling: ToneLoc from Minor Threat and Mucho Maas, or its alternative ModemScan , they both can be use for Microsoft window platform. TeleSweep for Microsoft also, and its free. For Macintosh use Assault Dialer. Unix try PAWS, THC-SCAN NG, Telescan, IWAR (intelligent war dialler), or ShokDial (from: http://www.tech-faq.com). 2/ Social engineering testing: Social engineering test (appendix B SE) is part of the blind strategy testing. The environment we are working on is SGH, where most of the employee dont have in-depth training in IT, an other point is the helpful nature, answering question is kind of comes with the job description, all in one word: gullible nurses. For any cunning hacker, this is a big fat moving target for social engineering attack. For that reason, basic training in social attack is required, in the same time several test can be conduct, mainly in two forms: Non face-to-face: the test can be done over mail, or phone, pretending to be somebody who have authority, or who needs help to tricks the user to use account, password, or giving out sensitive information. Face-to-face: this is a more advance kind of social engineering, by posting as an employee of authorized personnel , gaining physical access to restricted areas getting information, from intercepting mail to dumpster divingà ¢Ã¢â€š ¬Ã‚ ¦etc Social engineering maybe no as technical as other test, but it has equal importance if not more, for the fact that there are actually no fool proof method to prevent social engineering attack other than out smart the attacker, which Is ironically we dont usually put the smartest people of the organization to the reception desk , the only thing we can do is to raise the level of awareness of the employee (there are books on this matter like: the art of deception, the art of intrusion both by Mitnick Simon ) . 3/ Application security testing: The second point from the scope as we discussed earlier is Application security: there are a series of test for application security (technical detail on appendix A AppT): Code view, Authorization testing, Input validation, cookie security, Lockout testing, there are also some test for the functionality of the application as well like: input validation, Transaction testingà ¢Ã¢â€š ¬Ã‚ ¦etc For why we need application testing we have discussed above, but then again, do we really need to do all those test? Yes, we do. The objective of doing so many test on Application alone is to fully evaluate the control we have over our application (medical application, network applicationà ¢Ã¢â€š ¬Ã‚ ¦). The focus of those test still focus mainly on protecting the confidentiality and integrity of information, how to authenticate user, and also on the using of cookies (appendix B cookies) 4/ other test: There are some other test like: denial of service testing, resource..etc but as we mention above, these are not compulsory, not that they are not important, but there are higher priority test that need to be done. But since these are common attack and easy to carry out, its recommended that if the resources allow, we should go ahead and perform the tests, even at basic level. (the detail of the test can be found at DoS testing appendix A). V Other detail of a penetration test: 1/ methodology and standards: Methodology actually is a very important factor of a penetration test. A test that acts without a formal methodology has no real meaning, just poking around. But on the other hand, methodology should only acts as a framework, a discipline guideline to follow, we should not restrict the tester rather than let him/her fully explore his/her intuitions, while acting accordingly to the guideline. There are several methodology and standards, as for their technical detail, please refer to appendix A Metho 2/ Security partner: The reason why we needs to pay money for a third party to perform the test for us is : Un unbiased point of view: like a beta tester, sometime the programmer, or in this case the SGH IT team, cannot see ones own mistake clearly, so we need to hire trained professional to look for us. Highly experienced and highly trained: for the member of the IT team, some may have done a penetration test before, some may not. But for a company that specialize in penetration testing. They have done it hundreds of time, even done it for some big organization, thats why with the experience and the training, its more likely that they can discover things that the IT team cannot. Certified result: a Certified penetration testing company will have to satisfies certain level of standards (refer to appendix A Metho). If a test done by a Certified party, it can become a potential strong legal argument for future conflicts (for example: Insurance conflicts). With all those reason weve decided to hire a security partner to perform the test for us. In Singapore there are many company that have the certification and standards to perform such test, most trustworthy must be: Cisco IBM (with the express penetration testing service) Obtechs Certified penetration testing specialist 3/ Risks in doing penetration testing: While doing penetration testing, there are certain risks that we should consider and be careful for: Risk of exposure: there are many sensitive data in the hospital, sometime these data can be expose during a pen-test it can be unintentionally or intentionally, we have to have strong agreement of the conditions and responsibility of the security partner. Time delay: Pen-test take time, and for Hospital environment we cannot simply lock down our data base for testing, thats why a strict time-frame. For the size of our Hospital system, the testing should not take more than a month. VI Conclusion: As we all know security is continuum, no absolute. Through the penetration tests we should be able to not only find out there are flaws in the security system, but we have to go further to understand the process failures that lead to those flaws. Through the test, we can see that even a brand new developed security system can have many vulnerability, its a reminder to us so that we never have a false sense of security!. Appendix A: 1/ VA (Vulnerability assessment): As documented by SANS, Vulnerabilities are the gateways by which threats are manifested. In other words, a system compromise can occur through a weakness found in a system. A vulnerability assessment is a search for these weaknesses/exposures in order to apply a patch or fix to prevent a compromise. How do these weaknesses occur? There are two points to consider:  · This newly developed security system for SGH were born with it, means while underdeveloping by mistake the developing team creat the weakness.  · Many vulnerabilities occur as a result of misconfigurations by system administrators. Misuse by user, all can lead to the result of making a hole in the security system. There are many ways to search for vulnerability, however in our scenario, it is best to do it as a out side hacker would do it, before attacking a system, the hacker also have to perform a vulnerability assessment test on the system, only different would be we are going to do it on full scale, not only from outside looking in but also from the insider view. There are however certain number of technique that could effectively point out the weaknesses if the system have one. Passive research: As the name suggests, a passive research is a method used to gather as much information about an organizations systems configuration from public domain sources such as: o DNS (domain name service) o RIPE (Rà ©seaux IP Europà ©ens) o USENET (newsgroups) o ARIN (American Registry for Internet Numbers) Passive research is generally performed at the beginning of an external penetration test. Open source monitoring: This service is an associated technique that utilizes Internet meta-searches (multiple searches of Web sites, newswires, newsgroups and other sources) targeted on keyword that are important to the organization. The data is collected and discoveries are highlighted to the organization. This helps identify whether organizations confidential information has been leaked or whether an electronic conversation involving them has taken place. This enables an organization to take necessary measures to ensure confidentiality and integrity. Network mapping and OS fingerprinting: Visualization of network configuration is an important part of penetration testing. Network mapping is used to create a picture of the configuration of the network being tested. A network diagram can be created which infers the logical locations and IP addresses of routers, firewalls, Web servers and other border devices. Additionally, this examination can assist in identifying or fingerprinting operating systems. A combination of results from passive research and tools such as ping, traceroute and nmap, can help create a reasonably accurate network map. An extension of network mapping is Port Scanning. This technique is aimed at identifying the type of services available on the target machine. The scan result reveals important information such as function of a computer (whether it is a Web server, mail server etc) as well as revealing ports that may be serious security risks such as telnet. Port scans should include number of individual tests, including: o TCP (Transmission Control Protocol) scan o Connect scan o SYN (or half open) scan o RST (or Xmas-tree) scan o UDP (User Datagram Protocol) and ICMP (Internet Control Message Protocol) scans. Tools such as nmap can perform this type of scan. o Dynamic ports used by RPC (Remote Procedure Call) should be scanned using tool such as RPCinfo. Spoofing: Spoofing involves creation of TCP/IP packets using somebody elses Internet addresses and then sending the same to the targeted computer making it believe that it came from a trusted source. It is the act of using one machine to impersonate another. Routers use the destination IP address in order to forward packets through the Internet, but ignore the source IP address. The destination machine only uses that source IP address when it responds back to the source. This technique is used in internal and external penetration testing to access computers that have been instructed to only reply to specific computers. This can result in sensitive information be released to unauthorised systems. IP spoofing is also an integral part of many network attacks that do not need to see responses (blind spoofing). Network sniffing: Sniffing is technique used to capture data as it travels across a network. Sniffing is an important information gathering technique that enables capturing of specific information, such as passwords and also an entire conversation between specific computers, if required. To perform sniffing, the network card of computer needs to be put in promiscuous mode, so that it captures all data being sent across the network. Sniffing is extensively used in internal testing where the sniffer or the computer in promiscuous mode is directly attached to the network enabling capturing of a great deal of information. Sniffing can be performed by a number of commercial tools such as Ethereal, Network Associates SnifferPro and Network Instruments Observer. Trojan attack: Trojans are malicious programs that are typically sent into network as e-mail attachments or transferred via IM chat rooms. These programs run in stealth mode and get installed on the client computer without the users knowledge. Once installed, they can open remote control channels to attackers or capture information. A penetration test aims at attempting to send specially prepared Trojans into a network. Brute force attack: A brute force attack involves trying a huge number of alphanumeric combinations and exhaustive trial and error methods in order find legitimate authentication credentials. The objective behind this time consuming exercise is to gain access to the target system. Brute force attacks can overload a system and can possibly stop it from responding to legitimate requests. Additionally, if account lockout is being used, brute force attacks may close the account to legitimate users. Vulnerability scanning/analysis: Vulnerability scanning/analysis is an exhaustive examination of targeted areas of an organizations network infrastructure aimed at determining their current state. The targets range from a single system or only critical systems to scanning the entire network. It is usually performed using automated tools that test for a multitude of potential weaknesses in a system against a database of known vulnerabilities and report potential security holes. And although they dont actively prevent attacks, many scanners provide additional tools to help fix found vulnerabilities. Some of the commonly used vulnerability scanners include: the open-source Nessus Projects Nessus, ISS Internet Scanner, GFI Softwares GFI LANguard Network Security Scanner, eEye Digital Securitys Retina Network Security Scanner, the BindView RMS vulnerability-management solutions and Network Associates CyberCop. 2/ application testing ( AppT ) For the purpose of application testing there are several test that can be done: * Code review: Code reviews involve analysing all the application-based code to ensure that it does not contain any sensitive information that an intruder might use to exploit an application. For example: Publicly available application code may include test comments, names or clear text passwords that will give an intruder a great deal of information about the application. * Authorization testing: Involves testing the systems responsible for the initiation and maintenance of user sessions. This will require testing: o Input validation of login fields bad characters or overlong inputs can produce unpredictable results; o Cookie security cookies can be stolen and legitimate sessions can be used by an unauthorised individual; and o Lockout testing testing the timeout and intrusion lockout parameters set in the application, to ensure legitimate sessions cannot be hijacked. This is performed to discover whether the login system can be forced into permitting unauthorised access. The testing will also reveal whether the system is susceptible to denial of service attacks using the same techniques. * Functionality testing: This involves testing the systems responsible for the applications functionality as presented to a user. This will require testing: o Input validation bad characters, specific URLs or overlong inputs can produce unpredictable results; and o Transaction testing ensuring that the application performs to specification and does not permit the user to abuse the system. 3/ DoS testing: Denial of service testing involves attempting to exploit specific weaknesses on a system by exhausting the targets resources that will cause it to stop responding to legitimate requests. This testing can be performed using automated tools or manually. The different types of DoS can be broadly classified into software exploits and flooding attacks. Decisions regarding the extent of Denial of Service testing to be incorporated into a penetration testing exercise depend on the relative importance of ongoing, continued availability of the information systems and related processing activities. Denial of service can take a number of formats; those that are important to test for are listed below: * Resource overload these attacks intend to overload the resources (i.e. memory) of a target so that it no longer responds. * Flood attacks this involves sending a large amount of network requests with the intention of overloading the target. This can be performed via: ICMP (Internet Control Message Protocol), known as smurf attacks UDP (User Datagram Protocol), known as fraggle attacks * Half open SYN attack this involves partially opening numerous TCP connections on the target, so that legitimate connections could not be started. * Out-of-band attacks these attempt to crash targets by breaking IP header standards: o Oversized packets (ping of death) the packet header indicates that there is more data in the packet than there actually is. o Fragmentation (teardrop attack) sends overlapping fragmented packets (pieces of packets) which are under length. o IP source address spoofing (land attack) causes a computer to create a TCP connection to itself. o Malformed UDP packet header (UDP bomb) UDP headers indicate an incorrect length. 4/ Methodology and standards (Metho): The Open Source Security Testing Methodology Manual (OSSTMM) by Pete Herzog has become a de-facto methodology for performing penetration testing and obtaining security metrics. According to Pete Herzog, The primary goal of the OSSTMM is to provide transparency. It provides transparency of those who have inadequate security configurations and policies. It provides transparency of those who perform inadequate security and penetration tests. It provides transparency of the unscrupulous security vendors vying to sponge up every last cent of their preys already meager security budget; those who would side-step business values with over-hyped threats of legal compliancy, cyber-terrorism, and hackers. The OSSTMM covers the whole process of risk assessment involved in a penetration test, from initial requirements analysis to report generation. The six areas of testing methodology covered are: * Information security * Process security * Internet technology security * Communications security * Wireless security * Physical security The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated. The National Institute of Standards and Technology (NIST) discusses penetration testing in Special Publication 800-42, Guideline on Network Security Testing. NISTs methodology is less comprehensive than the OSSTMM however it is more likely to be accepted by regulatory agencies. Standards in penetration testing Lets take a look at some of the standards and guidelines available: Standards for Information Systems Auditing (ISACA): ISACA was established in 1967 and has become a pace-setting global organization for information governance, control, security and audit professionals. Its IS auditing and IS control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACAs cornerstone certification. CHECK: The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. CHECK consultants are only required when the assessment for HMG or related parties, and meets the requirements above. In the absence of other standards, CHECK became the de-facto standard for penetration tests and penetration testing in the UK. Companies belonging to CHECK must have employees that are security cleared and have passed the CESG Hacking Assault Course. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. OSSTMM: The aim of The Open Source Security Testing Methodology Manual is to se