Island of the Sequined Love Nun Chapter 44~45

44 Revealed: The Perfect Couple Back at his bungalow, an argument went on in the still-sober brain of Tucker Case. I am scum. I should have told them to shove it. But they might have killed you. Yeah, but I would have at least had my integrity. Your what? Get real. But I'm scum. Big deal. You've been scum before. You've never owned a Learjet before. You actually think they'll give me the jet? It could happen. Stranger things have happened. But I should do something about this. Why? You've never done anything before. Well, maybe it's time. No way. Take the jet. I'm scum. Well, yes, you are. But you're rich scum. I can live with that. The dog tags and Jefferson Pardee's notebook lay on the coffee table, threatening to set off another fusillade of doubt and condemnation. Tuck lay back on the rattan couch and turned on the television to escape the noise in his mind. Skinny Asian guys were beating the snot out of each other in a kickboxing match from the Philippines. The Malaysian channel was showing how to fillet a schnauzer. The cooking show reminded him of surgery, and surgery reminded him that there was a beautiful island girl lying in the clinic, recovering from an unnecessary major surgery that he could have prevented. Definitely kickboxing. He was just getting into the rhythm of the violence when the bat came through the window and made an awkward swinging landing on one of the bungalow's open rafters. Tuck lost his breath for a minute, thinking there might just be a wild animal in his house. Then he saw the sunglasses. Roberto steadied himself into a slightly swinging upside-down hang. Tuck sighed. â€Å"Please just be a bat in sunglasses tonight. Please.† Thankfully, the bat said nothing. The sunglasses were sliding off his nose. â€Å"How do you fly in those things?† Tuck said, thinking out loud. â€Å"They're aviators.† â€Å"Of course,† Tuck said. The bat had indeed changed from rhinestone glasses to aviators, but once you accept a talking bat, the leap to a talking bat with an eyewear wardrobe is a short one. Roberto dropped from the rafter and took wing just before he hit the floor. Two beats of his wings and he was on the coffee table, as awkward in his spiderlike crawl as he was graceful in the air. With his wing claw, he raked at Jefferson Pardee's notebook until it was open to the middle, then he launched himself and flew out the window. Tuck picked up the notebook and read what Pardee had written. Tuck had missed this page when he had looked at the notebook before. This page had been stuck to the one before it; the bat's clawing had revealed it. It was a list of leads that Pardee had made for the story he had been working on. The second item read: â€Å"What happened to the first pilot, James Sommers? Call immigration in Yap and Guam.† Tuck flipped through the notebook to see if he had missed something else. Had Pardee found out? Of course he had. He'd found out and he'd followed Sommers to the last place anyone had seen him. But where was Pardee? His notebook hadn't come to the island without him. Tuck went through the notebook three more times. There were some foreign names and phone numbers. Something that looked like a packing list for a trip. Some notes on the background of Sebastian Curtis. Notes to check up on Japanese with guns. The word â€Å"Learjet† underlined three times. And nothing else. There didn't seem to be any organizational form to the notes. Just random facts, names, places, and dates. Dates? Tuck went through it once more. On the third page in, all by itself, was printed: â€Å"Alualu, Sept. 9.† Tuck ran to the nightstand drawer, where the Curtises had left him a calendar. He counted back the days to the ninth and tried to put events to days. The ship had arrived on the ninth, and the morning of the tenth he had made his first flight. Jefferson Pardee could be lying in the clinic right now, wondering where in the hell his kidney was. If he was, Tuck needed to see him. Tuck looked in the closet for something dark to wear. This was going to be different than sneaking out to the village. There were no buildings between the guards' quarters and the clinic, no trees, nothing but seventy-five yards of open compound. Darkness would be his only cover. It was a tropical-weight wet suit – two-mil neoprene – and it was two sizes two big, but it was the only thing in the closet that wasn't khaki or white. In the 80-degree heat and 90-percent humidity, Tuck was reeling from the heat before he got the hood on. He stepped into the shower and soaked himself with cold water, then peeled the hood over his head and made his escape through the shower floor, dropping onto the wet gravel below. In the movies the spies – the Navy SEALS, the Special Forces, the demolition experts – always sneak through the night in their wet suits. Why, Tuck wondered, don't they squish and slosh and make squeaking raspberry noises when they creep? Must be special training. You never hear James Bond say, â€Å"Frankly, Q, I'll trade the laser-guided cufflink missiles for a wet suit that doesn't make me feel like a bloody bag of catsick.† Which is how Tuck felt as he sloshed around the side of the clinic and peeked across the compound at the guard on duty, who seemed to be looking right at him. Tuck pulled back around the corner. He needed a diversion if he was going to make it to the clinic door unseen. The moon was bright, the sky clear, and the compound of white coral gravel reflected enough light to read by. He heard the guard shout, and he was sure he'd been spotted. He flattened against the wall and held his breath. Then there were more Japa-nese from across the compound, but no footsteps. He ventured a peek. The guard was gesturing toward the sky and brushing his head. Two other guards had joined him and were laughing at the guard on duty. He seemed to get angrier, cursing at the sky and wiping his hand on his uniform. The other guards led him inside to calm him down and clean him up. Tuck heard a bark from the sky and looked up to see the silhouette of a huge bat against the moon. Roberto had delivered a guano air strike. Tuck had his diversion. He slipped around the front of the building, grabbed the doorknob, and turned. It was unlocked. Given Beth Curtis's irritation at being buzzed and the amount of wine she'd consumed, Tuck had guessed that she'd get tired locking and unlocking the door. What did Mary Jean always say? â€Å"Ladies, if you do your job and assume that everyone else is incompetent, you will seldom be disappointed.† Amen, Tuck thought. He squished into the outer room of the clinic, which was dark except for the red-eyed stare of a half-dozen machines and the dancing glow of a computer screen running a screen saver. He'd try to get into that later, but now he was interested in what, or who, lay in the small hospital ward, two rooms back. He sloshed into the examination/operating room by the light of more LED eyes and pushed through the curtain to the four-bed ward. Only one bed held a patient – or what looked like a patient. The only light was a green glow from a heart monitor that blipped away silently, the sound turned off. Whoever was in the bed was certainly large enough to be Jeffer-son Pardee. There were a couple of IVs hanging above the patient. Probably painkillers after such major surgery, Tuck thought. He moved closer and ventured a whisper. â€Å"Pst, Pardee.† The lump under the covers moved and moaned in a distinctly unmasculine voice. â€Å"Pardee, it's Tucker Case. Remember?† The sheet was thrown back and Tuck saw a thin male face in the green glow. â€Å"Kimi?† â€Å"Hi, Tucker.† Kimi looked down at the other person under the covers. â€Å"You remember Tucker? He all better now.† The pretty island girl said, â€Å"I take care of you when you sick. You stink very much.† Tuck backed off a step. â€Å"Kimi, what are you doing here?† â€Å"Well, she like pretty thing, and I like pretty thing. She tired of having many means and so am I. We have a lot in common.† â€Å"He the best,† Sepie added with an adoring smile at Kimi. Kimi handed the smile off to Tuck. â€Å"Once you be a woman, you know how to make a woman happy.† Tuck was getting over the initial surprise and began to smell the smoke of his beautiful island girl fantasy as it caught fire and burned to ash. He hadn't realized how much time he'd spent thinking about this girl. She, after all, was the one who had revived his manhood. Sort of. â€Å"You right,† Kimi said. â€Å"Women are better. I am lesbian now.† â€Å"You shouldn't be doing this. This girl just had major surgery.† â€Å"Oh, we not doing nothing but kissing. She very hurt. But this make it better.† Kimi held his arm up, displaying an IV line. â€Å"You want to try? Put in you arm and push button. It make you feel very very nice.† â€Å"That's for her, Kimi. You shouldn't be using it.† â€Å"We share,† Sepie said. â€Å"Yes, we share,† Kimi said. â€Å"I'm very happy for you. How in the hell did you get in here?† â€Å"Like you get out. I swim around mimes and come here to see Sepie. No problem.† â€Å"You don't want to let them catch you. You've got to go. Now.† â€Å"One more push.† Sepie held the button, ready to administer another dose of morphine to Kimi. Tuck grabbed it from her hand. â€Å"No. Go now. How did you know about the mines?† â€Å"I have other friend. Sarapul. I teach him how to be a navigator. He know a lot of things too. He a cannibal.† â€Å"You're a cannibal lesbian?† â€Å"Just learning. How come you have rubber suit? You kinky?† â€Å"Sneaky. Look, Kimi, have you seen a fat white guy, an American?† â€Å"No, but Sarapul see him. He see the guards take him from the beach. He not here?† â€Å"No. I found his notebook. I met him on Truk.† â€Å"Sarapul say he see the guards bring him to the Sorcerer. He say it very funny, the white man wear pigs with wings.† Tuck felt his face go numb. All that was left of Pardee was a pelvic bone wedged in the reef, stripped of flesh and wrapped in flying piggy shorts. Oh, there might be the odd kidney left alive in someone in Japan, a kidney that he had delivered. Had the fat man died on the operating table during the operation, the surgery too much for his heart? Or was he put under and never meant to wake up? Tuck suddenly felt that getting into the doctor's computer was more important than ever. He grabbed Kimi's arm and pulled the IV needle out of his vein. The navigator didn't resist, and he didn't seem to feel it. â€Å"Kimi, see if you can get that back in Sepie's arm and come with me.† â€Å"Okay boss.† Tuck looked down at the girl, who had evidently picked up on the panic in his voice. Her eyes were wide, despite the morphine glaze. â€Å"Don't buzz the doctor until after we're gone. This button will let you have only so much morphine, and Kimi's used some of yours. But if it hurts, you still have to wait, okay?† She nodded. Kimi crawled out of the bed and nearly fell. Tuck caught him by the arm and steadied him. â€Å"I am chosen,† Sepie said. â€Å"When Vincent comes, he will give me many pretty things.† Tuck brushed back her hair with his fingers. â€Å"Yes, he will. You sleep now. And thank you for taking care of me when I was sick.† Kimi kissed the girl and after a minute Tuck pulled him away and led him through the operating room to the office section of the clinic. In the glow of the computer screen, Tuck said, â€Å"Kimi, the doctor and his wife are killing people.† â€Å"No, they not. They sent by Vincent. Sepie say Vincent come from Heaven to bring people many good things. They very poor.† â€Å"No, Kimi, they are bad people. Like Malcolme. They are taking advantage of Sepie's people. They are just pretending to be working for a god.† â€Å"How you know? You no believe in God.† Tuck took the boy by the shoulders. He was no longer angry or even irritated, he was afraid, and for the first time ever, not just for himself. â€Å"Kimi, can you swim back around the mines?† â€Å"I think.† â€Å"You've got to go to the other side of the island and you can't come back. If the guards find you I'm pretty sure you'll be killed.† â€Å"You just want Sepie for yourself. She tell me you follow her.† â€Å"I'll check on her and I'll meet you at the drinking circle tomorrow night – tell you how she's doing. I won't touch her, I promise. Okay?† â€Å"Okay.† Kimi leaned against the wall by the door. Tuck studied him for a moment to try and determine just how fucked up he was. It wasn't a difficult swim. Tuck had done it stone drunk, but he'd been wearing fins and a mask and snorkel. â€Å"You're sure you can swim?† Kimi nodded and Tuck cracked the door. The moon had moved across the sky throwing the front of the clinic in shadow. The guard across the compound was reading a magazine by flashlight. â€Å"When you get outside, go left and get behind the building.† The navigator stepped out, slid down the side of the building and around the corner. Tuck heard him trip and fall and swear softly in Filipino. â€Å"Shit,† Tuck said to himself. He glanced at the computer. It would have to wait. He slid out the door, palming it shut behind him, then followed the navigator around the building. He heard the guard shout from across the compound, and for once in his life, Tuck made a definitive decision. He grabbed the navigator under the arms and ran. 45 Confessions Over Tee Tucker Case dreamed of machine-gun fire and jerked as the bullets ripped into his back. He tossed forward into the dirt, mouth filling with sand, smothering him as the life drained out of a thousand ragged wounds, and still the guns kept firing, the rhythmic reports pounding like a violet storm of timpanis, like a persistent fist on a rickety door. â€Å"Just let me die!† Tuck screamed, most of the sound caught by his pillow. It was a persistent fist on a rickety door. â€Å"Mr. Case, rise and shine,† said a cheery Sebastian Curtis. â€Å"Ten minutes to tee time.† Tuck rolled into the mosquito netting, became entangled, and ripped it from the ceiling. He was still wearing his wet suit and the fragile netting clung to it like cobwebs. He arrived at the door looking like a tattered ghost fresh out of Davy Jones's locker. â€Å"What? I can't fly. I can't even fucking walk. Go away.† Tuck was not a morning person. Sebastian Curtis stood in the doorway beaming. â€Å"It's Wednesday,† he said. â€Å"I thought you might want to play a few holes.† Tuck looked at the doctor through bloodshot eyes and several layers of torn mosquito netting. Behind Curtis stood one of the guards, sans machine gun, with a golf bag slung over his shoulder. â€Å"Golf?† Tuck said. â€Å"You want to play golf?† â€Å"It's a different game here on Alualu, Mr. Case. Quite challenging. But then, you've been practicing, haven't you?† â€Å"Look, Doc, I didn't sleep well last night†¦Ã¢â‚¬  â€Å"Could be the wet suit, if you don't mind my saying. Here in the tropics, you want fabrics that breathe. Cotton is best.† Tuck was beginning to come around, and as he did, he found he was focusing an intense hatred on the doctor. â€Å"I guess we know who got laid last night.† Curtis looked down and smiled coyly. He was actually embarrassed. Tuck couldn't quite put it together. The doc didn't seem to have any problem with killing people or taking their organs – or both – but he was blushing at the mention of sex with his wife. Tuck glared at him. Curtis said, â€Å"You'd better change. The first tee is out in front of the hangar. I'll go down and practice a few drives while you get dressed.† â€Å"You do that,† Tuck said. He slammed the door. Twenty minutes later Tuck, his hair still wet from the shower, joined Curtis and the guard in front of the hangar. He was feeling the weight of three nights with almost no sleep, and his back ached from dragging Kimi across the compound, then towing him in the water to the far side of the minefield. The guard had never caught up to them, but he had come to the edge of the water and shouted, waving his machine gun until Tuck and Kimi were out of sight. â€Å"We'll have to share a set of clubs,† Curtis said. â€Å"But perhaps now that you've decided to stay, we can order you a set.† â€Å"Swell,† Tuck said. He couldn't be sure, but he thought the guard might be the same one that had chased them to the beach. Tuck sneered at him and he looked away. Yep, he was the one. â€Å"This is Mato. He'll be caddying for us today.† The guard bowed slightly. Tuck saluted him with a middle finger. If the doctor saw the gesture, he didn't comment. He was lining the ball up on a small square of Astro Turf with a rubberized pad on the bottom. â€Å"We have to hit off of this. At least until someone invents a gravel wedge.† He laughed at his own joke. Tuck forced a smile. â€Å"The Shark People covered this entire island with gravel hundreds of years ago. Keeps the topsoil from being washed away in typhoons. This first hole is a dogleg to the left. The pin is behind the staff's quarters about a hundred yards.† â€Å"Doc, now that we've come clean, why don't we call them the guards?† â€Å"Very well, Mr. Case. Would you like honors?† â€Å"Call me Tuck. No, you go ahead.† Curtis hit a long bad hook that arced around the guards' quar ters and landed out of sight in a stand of palm trees behind the building. â€Å"I have to admit that I may have a bit of an advantage. I've laid out the course to accommodate my stroke. Most of the holes are doglegs to the left.† Tuck nodded as if he understood what Curtis was talking about, then took the driver from the doctor and hit his own shot, a grounder that skipped across the gravel to stop fifty yards in front of them. â€Å"Oh, bad luck. Would you like to take a McGuffin?† â€Å"Blow me, Doc,† Tuck said as he walked away toward his ball. â€Å"I guess not, then.† The pins were bamboo shafts driven into the compound, the holes were lined with old Coke cans with the tops cut off. The best part about it was that Tuck was able to deliver several vicious high-velocity putts into the shins of Mato, who was tending the pins. The worst part was that now that Curtis considered Tuck a confidant, he decided to open up. â€Å"Beth is quite a woman, isn't she? Did I tell you how we met?† â€Å"Yeah.† â€Å"I was at a transplant symposium in San Francisco. Beth is quite the nurse, the best I've ever seen in an operating room, but she wasn't working as a nurse when I met her.† â€Å"Oh, good,† Tuck said. Curtis seemed to be waiting for Tucker to ask. Tucker was waiting for the guard to rat him out for sneaking out of the compound last night. â€Å"She was a dancer in North Beach. An exotic dancer.† â€Å"No shit.† Tuck said. â€Å"Are you shocked?† Curtis obviously wanted him to be shocked. â€Å"No.† â€Å"She was incredible. The most incredible woman I had ever seen. She still is.† â€Å"But then, you've been a missionary on a remote island for twenty-eight years,† Tuck said. Curtis picked his club for the next shot: the seven iron. â€Å"What's this?† â€Å"Looks like blood and feathers,† Tuck said. Curtis handed the club to Mato for him to clean it. â€Å"Beth did a dance with surgical tubing and a stethoscope that took my breath away.† â€Å"Pretty common,† Tuck said. â€Å"Choke you with the surgical tubing and use the stethoscope to make sure you haven't done the twitching fish.† â€Å"Really?† Curtis said. â€Å"You've seen a woman do that?† Tuck put on his earnest young man face. â€Å"Seen? You didn't notice the ligature marks on my neck when you examined me?† â€Å"Oh, I see,† Curtis said. â€Å"Still, I, at least, had never seen anything like it. She†¦Ã¢â‚¬  Curtis couldn't seem to return to his story. â€Å"The wet suit this morning. Was that a sexual thing? I mean, most people would find it uncomfortable.† â€Å"No, I'm just trying to lose a little weight.† Curtis looked serious now. â€Å"I don't know if that's such a good idea. You're still very thin from your ordeal in getting here.† â€Å"I'd like to get down to about eight pounds,† Tuck said. â€Å"There's a big Gandhi revival thing going on back in the States. Guys who look like they're starving have to beat the babes off with a stick. Started with female fashion models, but now it's moved to the men.† Curtis look embarrassed. â€Å"I guess I'm a bit out of touch. Beth tries to keep up with what's going on in the States, but it, well, seems irrelevant out here. I guess I'll be glad when this is all over and we can leave the island.† â€Å"Then why don't you just leave? You're a physician. You could open up a practice in the States and pull down a fortune without all this.† Curtis glanced at the guard, then looked back to Tuck. â€Å"A fortune maybe, but not a fortune like we're accumulating now. I'm too old to start over at the bottom.† â€Å"You've got twenty-eight years' experience. You said yourself that the people you take care of are the healthiest in the Pacific. You wouldn't be starting over.† â€Å"Yes, I would. Mr. Case – Tuck – I'm a doctor, but I'm not a very good one.† Tuck had met a number of doctors in his life, but he had never met one who could bear to admit that he was incompetent at anything. It was a running joke among flight instructors that doctors made the worst students. â€Å"They think they're gods. It's our job to teach them that they're mortal. Only pilots are gods.† This guy seemed so pathetic that Tuck had to remind himself that the good doctor was at least a double murderer. He watched Curtis hit a nice hundred-yard bloodstained seven iron to within ten feet of the pin, which was set up on a small patch of grass near the beach. Tuck chased down his own skidding thwack of a nine iron that had landed between the roots of a walking tree, an arboreal oddity that sat atop a three-foot teepee of tangled roots and gave the impression that it might move off on its own power at any moment. Tuck was hoping that it would. The caddie followed Tuck, and when they were out of earshot of the doctor, he turned to face the stoic Japanese. â€Å"You can't tell him, can you?† The guard pretended not to understand, but Tuck saw that he was getting it, even if only by inflection. â€Å"You can't tell him and you can't fucking shoot me, can you? You killed the last pilot and that got you in a world of trouble, didn't it? That's why you guys follow me like a bunch of baby ducks, isn't it?† Tuck was guessing, but it was the only logical explanation. Mato glanced toward the doctor. â€Å"No,† Tuck said. â€Å"He doesn't know that I know. And we're not going to tell him, are we? Just shake your head if you're getting this.† The guard shook his head. â€Å"Okay, then, here's the deal. I'll let you guys look like you're doing your job, but when I wave you off, you're gone. You hear me? I want you guys off my ass. You tell your buddies, okay?† The guard nodded. â€Å"Can you speak any English at all?† â€Å"Hai. A rittle.† â€Å"You guys killed the pilot, didn't you?† â€Å"He tly to take prane.† Mato looked as if the words were painful for him to form. Tuck nodded, feeling heat rise in his face. He wanted to smash the guard's face, knock him to the ground, and kick him into a glob of goo. â€Å"And you killed Pardee, the fat American man.† Mato shook his head. â€Å"No. We don't.† â€Å"Bullshit!† â€Å"No, we†¦we†¦Ã¢â‚¬  He was searching for the English word. â€Å"What?† â€Å"We take him, but not shoot.† â€Å"Take him where? To the clinic?† The guard shook his head violently. Not saying no, but trying to say that he couldn't say. â€Å"What happened to the fat man?† â€Å"He die. Hospital. We put him water.† â€Å"You took his body to the edge of the reef, where the sharks would find it?† The guard nodded. â€Å"And the pilot? You put him in the same place?† Again the nod. â€Å"What's going on. Are you going to hit or not?† Tuck and the guard looked up like two boys caught trading curses in the schoolyard. Curtis had come back down the fairway to within fifty feet of them. Tuck pointed to his ball. â€Å"Kato here won't let me move that out for a shot. I'll take the penalty stroke, Doc. But hell, we don't have mutant trees like that in Texas. It's unnatural.† Curtis looked sideways at Tuck's ball, then at Mato. â€Å"He can move it. No penalty. You're a guest here, Mr. Case. We can let you bend a few rules.† Curtis did not smile. Suddenly he seemed very serious about his golf. â€Å"We're partners now, Doc,† Tuck said. â€Å"Call me Tuck.†

Legalizing Recreational Drugs

A recreational drug is categorized as any substance with pharmacologic effects that is either taken voluntarily for personal pleasure, or for satisfaction rather than for medicinal purposes such as cocaine, marijuana, or ecstasy. These types of drugs are easily found and are used by more than 22 million Americans ages 12 and older; nearly nine percent of the U. S. population. If these types of drugs were to be made legal, a positive change in the economy would be the ultimate outcome.In 1961, the United Nations implemented an international treaty that limited drug roduction and trafficking. The â€Å"war on drugs†, a term that was created by Richard Nixon a decade later, in reference to said treaty, has been going on for over fifty years now. The original objective of the â€Å"war on drugs† was to expel all recreational drugs from the country; making all of them illegal. However Just like prohibition in 1920, the establishment of these laws were to save the nation from the problems the substance(s) created.However, also like the prohibition of 1920, the laws only served o create and support organized crime and has done little to effect the public's usage of the substance(s). The U. S. currently has the highest incarceration rate in the world. The bulk of those imprisoned are due to drug-related crimes. The illegal drug trade has been introducing children and teens toa life of crime. They notice that the minimum wages they would legally receive from their unskilled labor at the local Burger King, is far from what they could earn buying and selling illegal drugs.By the time children nd teenagers leave high school, most of these students have committed a criminal act by using recreational drugs. These drugs are used every day and widely available, people see â€Å"breaking the law' as nothing more than playful mischief; therefore, undermining our laws authority. In contrast to the spiraling ineffectiveness of the U. S. government's original approac h to controlling the issue of recreational drugs, other countries like New Zealand and Ireland have taken on a new outlook on the matter.Instead of outlawing he use of recreational drugs, they have decided to do extensive research on these drugs, in effect making sure that they are safe for the public's consumption. They are conducting clinical tests to prove that their products are safe; Just like new medicine would be tested in the market. If our government would go along with this new radical movement and legalized recreational drugs, like these other countries, they would no longer have a â€Å"war on drugs†. The money spent on inmates in Jails would be greatly reduced since we are not arresting people for drug use.Police can use the time currently monopolized on getting drugs off the street for other, more pressing crimes. Schools could teach their students about wise drug usage instead of implementing scare tactics. Tactics such as videos and statistics about drug abuse and its consequences that will only tell you to never purchase or use them are simply in effective; that Just leads to ignorant abuse in the future. All legalized drugs can be sold by trust worthy companies instead of fellow schoolmates or sketchy street dealers.These drugs can be bought legally, by someone of government consented age, in proper packages witn appropriate warning labels; similar to the way that cigarettes and alcohol are. In conclusion, legalizing recreational drugs goes far beyond â€Å"right and wrong† if you look at the issue in a practical manner. The problem of illegal recreational drugs has only been increasing with time. The current policies in place are Just not working. A new, radical approach could be the ultimate solution to the U. S. government's uphill battle. After all, the legalizing has already begun, hasn't it?

Principles of Information Security, 4th Ed. – Michael E. Whitman Chap 01

Licensed to: CengageBrain User Licensed to: CengageBrain User Principles of Information Security, Fourth Edition Michael E. Whitman and Herbert J. Mattord Vice President Editorial, Career Education & Training Solutions: Dave Garza Director of Learning Solutions: Matthew Kane Executive Editor: Steve Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Development Editor: Lynne Raughley Editorial Assistant: Jennifer Wheaton Vice President Marketing, Career Education & Training Solutions: Jennifer Ann Baker Marketing Director: Deborah S.Yarnell Senior Marketing Manager: Erin Coffin Associate Marketing Manager: Shanna Gibbs Production Manager: Andrew Crouth Content Project Manager: Brooke Greenhouse Senior Art Director: Jack Pendleton Manufacturing Coordinator: Amy Rogers Technical Edit/Quality Assurance: Green Pen Quality Assurance  © 2012 Course Technology, Cengage Learning For more information, contact or find us on the World Wide Web at: www. course. com ALL R IGHTS RESERVED.No part of this work covered by the copyright herein may be reproduced, transmitted, stored or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher.For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or product, submit all requests online at cengage. com/permissions Further permission questions can be emailed to [email  protected] comLibrary of Congress Control Number: 2010940654 ISBN-13: 978-1-111-13821-9 ISBN-10: 1-111-13821-4 Course Technology 20 Channel Center Boston, MA 02210 USA Cengage Learning is a leading provider of custo mized learning solutions with office locations around the globe, including Singapore, the United Kingdom, Australia, Mexico, Brazil, and Japan. Locate your local office at: international. cengage. com/region. Cengage Learning products are represented in Canada by Nelson Education, Ltd. For your lifelong learning solutions, visit course. cengage. com Purchase any of our products at your local college store or at our preferred online store www. engagebrain. com. Printed in the United States of America 1 2 3 4 5 6 7 8 9 14 13 12 11 10 Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it . Licensed to: CengageBrain User hapter 1 Introduction to Information Security Do not figure on opponents not attacking; worry about your own lack of preparation. BOOK OF THE FIVE RINGS For Amy, the day began like any other at the Sequential Label and Supply Company (SLS) help desk. Taking calls and helping office workers with computer problems was not glamorous, but she enjoyed the work; it was challenging and paid well. Some of her friends in the industry worked at bigger companies, some at cutting-edge tech companies, but they all agreed that jobs in information technology were a good way to pay the bills.The phone rang, as it did on average about four times an hour and about 28 times a day. The first call of the day, from a worried user hoping Amy could help him out of a jam, seemed typical. The call display on her monitor gave some of the facts: the user’s name, his phone number, the department in which he worked, where his office was on the company campus, and a list of all the calls he’d made in the past. â€Å"Hi, Bob,† she said. â€Å"Did you get that document formatting problem squared away? † â€Å"Sure did, Amy. Hope we can figure out what’s going on this time. † â€Å"We’ll try, Bob. Tell me about it. † â€Å"Well, my PC is acting weird,† Bob said. When I go to the screen that has my e-mail program running, it doesn’t respond to the mouse or the keyboard. † â€Å"Did you try a reboot yet? † 1 Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageB rain User Chapter 1 â€Å"Sure did. But the window wouldn’t close, and I had to turn it off. After it restarted, I opened the e-mail program, and it’s just like it was before—no response at all. The other stuff is working OK, but really, really slowly. Even my Internet browser is sluggish. † â€Å"OK, Bob. We’ve tried the usual stuff we can do over the phone. Let me open a case, and I’ll dispatch a tech over as soon as possible. † Amy looked up at the LED tally board on the wall at the end of the room. She saw that there were only two technicians dispatched to deskside support at the moment, and since it was the day shift, there were four available. Shouldn’t be long at all, Bob. † She hung up and typed her notes into ISIS, the company’s Information Status and Issues System. She assigned the newly generated case to the deskside dispatch queue, which would page the roving deskside team with the details in just a few minutes. A moment later, Amy looked up to see Charlie Moody, the senior manager of the server administration team, walking briskly down the hall. He was being trailed by three of his senior technicians as he made a beeline from his office to the door of the server room where the company servers were kept in a controlled environment. They all looked worried.Just then, Amy’s screen beeped to alert her of a new e-mail. She glanced down. It beeped again—and again. It started beeping constantly. She clicked on the envelope icon and, after a short delay, the mail window opened. She had 47 new e-mails in her inbox. She opened one from Davey Martinez, an acquaintance from the Accounting Department. The subject line said, â€Å"Wait till you see this. † The message body read, â€Å"Look what this has to say about our managers’ salaries†¦Ã¢â‚¬  Davey often sent her interesting and funny e-mails, and she failed to notice that the file attachment icon was unu sual before she clicked it.Her PC showed the hourglass pointer icon for a second and then the normal pointer reappeared. Nothing happened. She clicked the next e-mail message in the queue. Nothing happened. Her phone rang again. She clicked the ISIS icon on her computer desktop to activate the call management software and activated her headset. â€Å"Hello, Tech Support, how can I help you? † She couldn’t greet the caller by name because ISIS had not responded. â€Å"Hello, this is Erin Williams in receiving. † Amy glanced down at her screen. Still no ISIS.She glanced up to the tally board and was surprised to see the inbound-call-counter tallying up waiting calls like digits on a stopwatch. Amy had never seen so many calls come in at one time. â€Å"Hi, Erin,† Amy said. â€Å"What’s up? † â€Å"Nothing,† Erin answered. â€Å"That’s the problem. † The rest of the call was a replay of Bob’s, except that Amy had to jot notes down on a legal pad. She couldn’t dispatch the deskside support team either. She looked at the tally board. It had gone dark. No numbers at all. Then she saw Charlie running down the hall from the server room. He didn’t look worried anymore. He looked frantic. Amy picked up the phone again.She wanted to check with her supervisor about what to do now. There was no dial tone. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 3LEARNING OBJECTIVES: Upon completion of this material, you should be able to: †¢ †¢ †¢ †¢ †¢ Define information security Recount the history of computer security, and explain how it evolved into information security Define key terms and critical concepts of information security Enumerate the phases of the security systems development life cycle Describe the information security roles of professionals within an organization 1 Introduction James Anderson, executive consultant at Emagined Security, Inc. , believes information security in an enterprise is a â€Å"well-informed sense of assurance that the information risks and controls are in balance. He is not alone in his perspective. Many information security practitioners recognize that aligning information security needs with business objectives must be the top priority. This chapter’s opening scenario illustrates that the information risks and controls are not in balance at Sequential Label and Supply. Though Amy works in a technical support role and her job is to solve technical problems, it does not occur to her that a malicious software program, like a worm or virus, might be the agent of the company’s current ills.Management also shows signs of confusion and seems to have no idea how to contain this kind of incident. If you were in Amy’s place and were faced with a similar situation, what would you do? How would you react? Would it occur to you that something far more insidious than a technical malfunction was happening at your company? As you explore the chapters of this book and learn more about information security, you will become better able to answer these questions. But before you can begin studying the details of the discipline of information security, you must first know the history and evolution of the field.The History of Information Security The history of information security begins with computer security. The need for computer security—that is, the need to secure physical locations, hardware, and softwa re from threats— arose during World War II when the first mainframes, developed to aid computations for communication code breaking (see Figure 1-1), were put to use. Multiple levels of security were implemented to protect these mainframes and maintain the integrity of their data.Access to sensitive military locations, for example, was controlled by means of badges, keys, and the facial recognition of authorized personnel by security guards. The growing need to maintain national security eventually led to more complex and more technologically sophisticated computer security safeguards. During these early years, information security was a straightforward process composed predominantly of physical security and simple document classification schemes. The primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.One of the first documented security problems that fell outside these categories occurred in the early 196 0s, when a systems administrator was working on an MOTD Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Licensed to: CengageBrain User 4 Chapter 1 Earlier versions of the German code machine Enigma were ? rst broken by the Poles in the 1930s. The British and Americans managed to break later, more complex versions during World War II. The increasingly complex versions of the Enigma, especially the submarine or Unterseeboot version of the Enigma, caused considerable anguish to Allied forces before ? nally being cracked. The information gained from decrypted transmissions was used to anticipate the actions of German armed forces. Some ask why, if we were reading the Enigma, we did not win the war earlier. One might ask, instead, when, if ever, we would have won the war if we hadn’t read it. †1 Figure 1-1 The Enigma Source: Courtesy of National Security Agency (message of the day) file, and another administrator was editing the password file. A software glitch mixed the two files, and the entire password file was printed on every output file. 2 The 1960s During the Cold War, many more mainframes were brought online to accomplish more complex and sophisticated tasks.It became necessary to enable these mainframes to communicate via a less cumbersome process than mailing magnetic tapes between computer centers. In response to this need, the Department of Defense’s Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant, networked communications system to support the military’s exchange of information. Larr y Roberts, known as the founder of the Internet, developed the project—which was called ARPANET—from its inception. ARPANET is the predecessor to the Internet (see Figure 1-2 for an excerpt from the ARPANET Program Plan).The 1970s and 80s During the next decade, ARPANET became popular and more widely used, and the potential for its misuse grew. In December of 1973, Robert M. â€Å"Bob† Metcalfe, who is credited Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 5 1 Figure 1-2 Development of the ARPANET Program Plan3 Source: Courtesy of Dr. Lawrence Roberts with the development of Ethernet, one of the most popular networking protocols, identified fundamental problems with ARPANET security. Individual remote sites did not have sufficient controls and safeguards to protect data from unauthorized remote users.Other problems abounded: vulnerability of password structure and formats; lack of safety procedures for dial-up connections; and nonexistent user identification and authorization to the system. Phone numbers were widely distributed and openly publicized on the walls of phone booths, giving hackers easy access to ARPANET. Because of the range and frequency of computer security violations and the explosion in the numbers of hosts and users on ARPANET, network security was referred to as network insecurity. In 1978, a famous study entitled â€Å"Protection Analysis: Final Report† was published. It focused on a project undertaken by ARPA to discover the vulnerabilitie s of operating system security. For a timeline that includes this and other seminal studies of computer security, see Table 1-1. The movement toward security that went beyond protecting physical locations began with a single paper sponsored by the Department of Defense, the Rand Report R-609, which attempted to define the multiple controls and mechanisms necessary for the protection of a multilevel computer system.The document was classified for almost ten years, and is now considered to be the paper that started the study of computer security. The security—or lack thereof—of the systems sharing resources inside the Department of Defense was brought to the attention of researchers in the spring and summer of 1967. At that time, systems were being acquired at a rapid rate and securing them was a pressing concern for both the military and defense contractors. Copyright 2011 Cengage Learning. All Rights Reserved.May not be copied, scanned, or duplicated, in whole or in pa rt. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 6 Chapter 1 Date 1968 1973 1975 1978 Documents Maurice Wilkes discusses password security in Time-Sharing Computer Systems.Schell, Downey, and Popek examine the need for additional security in military systems in â€Å"Preliminary Notes on the Design of Secure Military Computer Systems. †5 The Federal Information Processing Standards (FIPS) examines Digital Encryption Standard (DES) in the Federal Register. Bisbey and Hollingworth publish their study â€Å"Protection Analysis: Final Report,† discussing the Protection Analysis project created by ARPA to better understand the vulnerabilities of opera ting system security and examine the possibility of automated vulnerability detection techniques in existing system software. Morris and Thompson author â€Å"Password Security: A Case History,† published in the Communications of the Association for Computing Machinery (ACM). The paper examines the history of a design for a password security scheme on a remotely accessed, time-sharing system. Dennis Ritchie publishes â€Å"On the Security of UNIX† and â€Å"Protection of Data File Contents,† discussing secure user IDs and secure group IDs, and the problems inherent in the systems. Grampp and Morris write â€Å"UNIX Operating System Security. In this report, the authors examine four â€Å"important handles to computer security†: physical control of premises and computer facilities, management commitment to security objectives, education of employees, and administrative procedures aimed at increased security. 7 Reeds and Weinberger publish â€Å"File Secu rity and the UNIX System Crypt Command. † Their premise was: â€Å"No technique can be secure against wiretapping or its equivalent on the computer. Therefore no technique can be secure against the systems administrator or other privileged users †¦ the naive user has no chance. 8 1979 1979 1984 1984 Table 1-1 Key Dates for Seminal Works in Early Computer Security In June of 1967, the Advanced Research Projects Agency formed a task force to study the process of securing classified information systems. The Task Force was assembled in October of 1967 and met regularly to formulate recommendations, which ultimately became the contents of the Rand Report R-609. 9 The Rand Report R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security.It noted that the wide utilization of networking components in information systems in the military introduced security risks that could not be mitigated by the routine pra ctices then used to secure these systems. 10 This paper signaled a pivotal moment in computer security history—when the scope of computer security expanded significantly from the safety of physical locations and hardware to include the following: Securing the data Limiting random and unauthorized access to that data Involving personnel from multiple levels of the organization in matters pertaining to information securityMULTICS Much of the early research on computer security centered on a system called Multiplexed Information and Computing Service (MULTICS). Although it is now obsolete, MULTICS is noteworthy because it was the first operating system to integrate security into Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 7 its core functions. It was a mainframe, time-sharing operating system developed in the mid1960s by a consortium of General Electric (GE), Bell Labs, and the Massachusetts Institute of Technology (MIT). In mid-1969, not long after the restructuring of the MULTICS project, several of its developers (Ken Thompson, Dennis Ritchie, Rudd Canaday, and Doug McIlro) created a new operating system called UNIX.While the MULTICS system implemented multiple security levels and passwords, the UNIX system did not. Its primary function, text processing, did not require the same level of security as that of its predecessor. In fact, it was not until the early 1970s that even the simplest component of security, the password function, became a component of UNIX. In the late 1970s, the microprocessor brought the personal computer and a new age of computing. The PC became the workhorse of modern computing, thereby moving it out of the data center.This decentralization of data processing systems in the 1980s gave rise to networking—that is, the interconnecting of personal computers and mainframe computers, which enabled the entire computing community to make all their resources work together. 1 The 1990s At the close of the twentieth century, networks of computers became more common, as did the need to connect these networks to each other. This gave rise to the Internet, the first global network of networks. The Internet was made available to the general public in the 1990s, having previously been the domain of government, academia, and dedicated industry professionals.The Internet brought connectivity to virtually all computers that could reach a phone line or an Internet-connected local area network (LAN). After the Internet was commercialized, the tec hnology became pervasive, reaching almost every corner of the globe with an expanding array of uses. Since its inception as a tool for sharing Defense Department information, the Internet has become an interconnection of millions of networks. At first, these connections were based on de facto standards, because industry standards for interconnection of networks did not exist at that time.These de facto standards did little to ensure the security of information though as these precursor technologies were widely adopted and became industry standards, some degree of security was introduced. However, early Internet deployment treated security as a low priority. In fact, many of the problems that plague e-mail on the Internet today are the result of this early lack of security. At that time, when all Internet and e-mail users were (presumably trustworthy) computer scientists, mail server authentication and e-mail encryption did not seem necessary.Early computing approaches relied on secu rity that was built into the physical environment of the data center that housed the computers. As networked computers became the dominant style of computing, the ability to physically secure a networked computer was lost, and the stored information became more exposed to security threats. 2000 to Present Today, the Internet brings millions of unsecured computer networks into continuous communication with each other. The security of each computer’s stored information is now contingent on the level of security of every other computer to which it is connected.Recent years have seen a growing awareness of the need to improve information security, as well as a realization that information security is important to national defense. The growing threat of Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 8 Chapter 1 cyber attacks have made governments and companies more aware of the need to defend the computer-controlled control systems of utilities and other critical infrastructure. There is also growing concern about nation-states engaging in information warfare, and the possibility that business and personal information systems could become casualties if they are undefended.What Is Security? In general, security is â€Å"the quality or state of being secure—to be free from danger. †11 In other words, protection against adversaries—from those who would do harm, intentionally or otherwise—is the objective. National security, for example, is a multilayered system that protects the sovereignty of a st ate, its assets, its resources, and its people. Achieving the appropriate level of security for an organization also requires a multifaceted system.A successful organization should have the following multiple layers of security in place to protect its operations: Physical security, to protect physical items, objects, or areas from unauthorized access and misuse Personnel security, to protect the individual or group of individuals who are authorized to access the organization and its operations Operations security, to protect the details of a particular operation or series of activities Communications security, to protect communications media, technology, and content Network security, to protect networking components, connections, and contents Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing, or transmission. It is achieved via the application of policy, education, training and awareness, and techno logy.The Committee on National Security Systems (CNSS) defines information security as the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information. 12 Figure 1-3 shows that information security includes the broad areas of information security management, computer and data security, and network security. The CNSS model of information security evolved from a concept developed by the computer security industry called the C. I. A. triangle. The C. I. A. triangle has been the industry standard for computer security since the development of the mainframe. It is based on the three characteristics of information that give it value to organizations: confidentiality, integrity, and availability.The security of these three characteristics of information is as important today as it has always been, but the C. I. A. triangle model no longer adequately addresses the constantly changing environment. The threats to the c onfidentiality, integrity, and availability of information have evolved into a vast collection of events, including accidental or intentional damage, destruction, theft, unintended or unauthorized modification, or other misuse from human or nonhuman threats. This new environment of many constantly evolving threats has prompted the development of a more robust model that addresses the complexities of the current information security environment.The expanded model consists of a list of critical characteristics of information, which are described in the next Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 9 1 Information security Figure 1-3 Components of Information SecuritySource: Course Technology/Cengage Learning section. C. I. A. triangle terminology is used in this chapter because of the breadth of material that is based on it. Key Information Security Concepts This book uses a number of terms and concepts that are essential to any discussion of information security. Some of these terms are illustrated in Figure 1-4; all are covered in greater detail in subsequent chapters. Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or object. Authorized users have legal access to a system, whereas hackers have illegal access to a system. Access controls regulate this ability.Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site, information, or data; or an asset can be physical, such as a person, c omputer system, or other tangible object. Assets, and particularly information assets, are the focus of security efforts; they are what those efforts are attempting to protect. Attack: An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or indirect. Someone casually reading sensitive information not intended for his or her use is a passive attack.A hacker attempting to break into an information system is an intentional attack. A lightning strike that causes a fire in a building is an unintentional attack. A direct attack is a hacker using a personal computer to break into a system. An indirect attack is a hacker compromising a system and using it to attack other systems, for example, as part of a botnet (slang for robot network). This group of compromised computers, running software of the attacker’s choosing, can operate autonomously or under the attacker’s direct control to attack systems and steal user information or conduct distributed denial-of-service attacks. Direct attacks originate from the threat itself.Indirect attacks originate from a compromised system or resource that is malfunctioning or working under the control of a threat. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 10 Chapter 1 Vulnerability: Buffer overflow in online database Web interfaceThreat: Theft Threat agent: Ima Hacker Exploit: Script from MadHackz Web site Attack: Ima Hacker downloads an exploit from MadHackz web site and then accesses buybay’s Web site. Ima then applies the script which runs and compromises buybay's security controls and steals customer data. These actions cause buybay to experience a loss. Asset: buybay’s customer database Figure 1-4 Information Security Terms Source: Course Technology/Cengage Learning Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.The various levels and types of controls are discussed more fully in the following chapters. Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain. Or, an exploit can be a documented process to take advantage of a vulnerability or exposure, usually in software, that is either inherent in the software or is created by the attacker. Exploits make use of existing software tools or custom-made software components. Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present.Loss: A single instance of an information asset suffering damage or unintended or unauthorized modification or disclosure. When an organization’s information is stolen, it has suffered a loss. Protection profile or security posture: The entire set of controls and safeguards, including policy, education, training and awareness, and technology, that the Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience.Cen gage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 11 organization implements (or fails to implement) to protect the asset. The terms are sometimes used interchangeably with the term security program, although the security program often comprises managerial aspects of security, including planning, personnel, and subordinate programs. Risk: The probability that something unwanted will happen. Organizations must minimize risk to match their risk appetite—the quantity and nature of risk the organization is willing to accept.Subjects and objects: A computer can be either the subject of an attack—an agent entity used to conduct the attack—or the object of an attack—the target entity, as shown in Figure 1-5. A computer can be both the subject and object of an attack, when, for example, it is compromised by an attack (object), and is then used to attack other systems (subject). Threat: A category of objects, persons, or other entities that presents a danger to an asset. Threats are always present and can be purposeful or undirected. For example, hackers purposefully threaten unprotected information systems, while severe storms incidentally threaten buildings and their contents. Threat agent: The specific instance or a component of a threat.For example, all hackers in the world present a collective threat, while Kevin Mitnick, who was convicted for hacking into phone systems, is a specific threat agent. Likewise, a lightning strike, hailstorm, or tornado is a threat agent that is part of the threat of severe storms. Vulnerability: A weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Some examples of vulnerabilities are a flaw in a software package, an unprotected system port, and an unlocked door. Some well-known vulnerabilities have been examined, documented, and pu blished; others remain latent (or undiscovered). 1 Critical Characteristics of InformationThe value of information comes from the characteristics it possesses. When a characteristic of information changes, the value of that information either increases, or, more commonly, decreases. Some characteristics affect information’s value to users more than others do. This can depend on circumstances; for example, timeliness of information can be a critical factor, because information loses much or all of its value when it is delivered too late. Though information security professionals and end users share an understanding of the characteristics of subject object Figure 1-5 Computer as the Subject and Object of an Attack Source: Course Technology/Cengage LearningCopyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Edit orial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 12 Chapter 1 information, tensions can arise when the need to secure the information from threats conflicts with the end users’ need for unhindered access to the information.For instance, end users may perceive a tenth-of-a-second delay in the computation of data to be an unnecessary annoyance. Information security professionals, however, may perceive that tenth of a second as a minor delay that enables an important task, like data encryption. Each critical characteristic of information—that is, the expanded C. I. A. triangle—is defined in the sections below. Availability Availability enables authorized users—persons or computer systems—to access information without interference or obstr uction and to receive it in the required format. Consider, for example, research libraries that require identification before entrance.Librarians protect the contents of the library so that they are available only to authorized patrons. The librarian must accept a patron’s identification before that patron has free access to the book stacks. Once authorized patrons have access to the contents of the stacks, they expect to find the information they need available in a useable format and familiar language, which in this case typically means bound in a book and written in English. Accuracy Information has accuracy when it is free from mistakes or errors and it has the value that the end user expects. If information has been intentionally or unintentionally modified, it is no longer accurate. Consider, for example, a checking account.You assume that the information contained in your checking account is an accurate representation of your finances. Incorrect information in your che cking account can result from external or internal errors. If a bank teller, for instance, mistakenly adds or subtracts too much from your account, the value of the information is changed. Or, you may accidentally enter an incorrect amount into your account register. Either way, an inaccurate bank balance could cause you to make mistakes, such as bouncing a check. Authenticity Authenticity of information is the quality or state of being genuine or original, rather than a reproduction or fabrication.Information is authentic when it is in the same state in which it was created, placed, stored, or transferred. Consider for a moment some common assumptions about e-mail. When you receive e-mail, you assume that a specific individual or group created and transmitted the e-mail—you assume you know the origin of the e-mail. This is not always the case. E-mail spoofing, the act of sending an e-mail message with a modified field, is a problem for many people today, because often the mo dified field is the address of the originator. Spoofing the sender’s address can fool e-mail recipients into thinking that messages are legitimate traffic, thus inducing them to open e-mail they otherwise might not have.Spoofing can also alter data being transmitted across a network, as in the case of user data protocol (UDP) packet spoofing, which can enable the attacker to get access to data stored on computing systems. Another variation on spoofing is phishing, when an attacker attempts to obtain personal or financial information using fraudulent means, most often by posing as another individual or organization. Pretending to be someone you are not is sometimes called pretexting when it is undertaken by law enforcement agents or private investigators. When used in a phishing attack, e-mail spoofing lures victims to a Web server that does not represent the organization it purports to, in an attempt to steal their private data such as account numbers and passwords.The most c ommon variants include posing as a bank or brokerage company, e-commerce organization, or Internet service provider. Even when authorized, pretexting does not always lead to a satisfactory outcome. In 2006, the CEO of Hewlett-Packard Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it.Licensed to: CengageBrain User Introduction to Information Security 13 Corporation, Patricia Dunn, authorized contract investigators to use pretexting to â€Å"smokeout† a corporate director suspected of leaking confidential information. The resulting firestorm of negative publicity led to Ms. D unn’s eventual departure from the company. 13 1 Confidentiality Information has confidentiality when it is protected from disclosure or exposure to unauthorized individuals or systems. Confidentiality ensures that only those with the rights and privileges to access information are able to do so. When unauthorized individuals or systems can view information, confidentiality is breached.To protect the confidentiality of information, you can use a number of measures, including the following: Information classification Secure document storage Application of general security policies Education of information custodians and end users Confidentiality, like most of the characteristics of information, is interdependent with other characteristics and is most closely related to the characteristic known as privacy. The relationship between these two characteristics is covered in more detail in Chapter 3, â€Å"Legal and Ethical Issues in Security. † The value of confidentiality of information is especially high when it is personal information about employees, customers, or patients. Individuals who transact with an organization expect that their personal information will remain confidential, whether the organization is a federal agency, such as the Internal Revenue Service, or a business. Problems arise when companies disclose confidential information.Sometimes this disclosure is intentional, but there are times when disclosure of confidential information happens by mistake—for example, when confidential information is mistakenly e-mailed to someone outside the organization rather than to someone inside the organization. Several cases of privacy violation are outlined in Offline: Unintentional Disclosures. Other examples of confidentiality breaches are an employee throwing away a document containing critical information without shredding it, or a hacker who successfully breaks into an internal database of a Web-based organization and steals sensitive information about the clients, such as names, addresses, and credit card numbers.As a consumer, you give up pieces of confidential information in exchange for convenience or value almost daily. By using a â€Å"members only† card at a grocery store, you disclose some of your spending habits. When you fill out an online survey, you exchange pieces of your personal history for access to online privileges. The bits and pieces of your information that you disclose are copied, sold, replicated, distributed, and eventually coalesced into profiles and even complete dossiers of yourself and your life. A similar technique is used in a criminal enterprise called salami theft. A deli worker knows he or she cannot steal an entire salami, but a few slices here or there can be taken home without notice.Eventually the deli worker has stolen a whole salami. In information security, salami theft occurs when an employee steals a few pieces of information at a time, knowing that taking more wou ld be noticed—but eventually the employee gets something complete or useable. Integrity Information has integrity when it is whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 14 Chapter 1 Offline Unintentional Disclosures In February 2005, the data aggregation and brokerage firm ChoicePoint revealed that it had been duped into releasing personal information about 145,000 people to identity thieves during 2004. The perpetr ators used stolen identities to create obstensibly legitimate business entities, which then subscribed to ChoicePoint to acquire the data fraudulently.The company reported that the criminals opened many accounts and recorded personal information on individuals, including names, addresses, and identification numbers. They did so without using any network or computer-based attacks; it was simple fraud. 14 While the the amount of damage has yet to be compiled, the fraud is feared to have allowed the perpetrators to arrange many hundreds of instances of identity theft. The giant pharmaceutical organization Eli Lilly and Co. released the e-mail addresses of 600 patients to one another in 2001. The American Civil Liberties Union (ACLU) denounced this breach of privacy, and information technology industry analysts noted that it was likely to influence the public debate on privacy legislation.The company claimed that the mishap was caused by a programming error that occurred when patients w ho used a specific drug produced by the company signed up for an e-mail service to access support materials provided by the company. About 600 patient addresses were exposed in the mass e-mail. 15 In another incident, the intellectual property of Jerome Stevens Pharmaceuticals, a small prescription drug manufacturer from New York, was compromised when the FDA released documents the company had filed with the agency. It remains unclear whether this was a deliberate act by the FDA or a simple error; but either way, the company’s secrets were posted to a public Web site for several months before being removed. 16 damage, destruction, or other disruption of its authentic state. Corruption can occur while information is being stored or transmitted.Many computer viruses and worms are designed with the explicit purpose of corrupting data. For this reason, a key method for detecting a virus or worm is to look for changes in file integrity as shown by the size of the file. Another key method of assuring information integrity is file hashing, in which a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value. The hash value for any combination of bits is unique. If a computer system performs the same hashing algorithm on a file and obtains a different number than the recorded hash value for that file, the file has been compromised and the integrity of the information is lost.Information integrity is the cornerstone of information systems, because information is of no value or use if users cannot verify its integrity. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 15File corruption is not necessarily the result of external forces, such as hackers. Noise in the transmission media, for instance, can also cause data to lose its integrity. Transmitting data on a circuit with a low voltage level can alter and corrupt the data. Redundancy bits and check bits can compensate for internal and external threats to the integrity of information. During each transmission, algorithms, hash values, and the error-correcting codes ensure the integrity of the information. Data whose integrity has been compromised is retransmitted. 1 Utility The utility of information is the quality or state of having value for some purpose or end.Information has value when it can serve a purpose. If information is available, but is not in a format meaningful to the end user, it is not useful. For example, to a private citizen U. S. Census data can quickly become overwhelming and difficult to interpret; however, for a politician, U. S. Census data reveals information about the residents in a district, such as their race, gender, and age. This information can help form a politician’s next campaign strategy. Possession The possession of information is the quality or state of ownership or control. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics.While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality. For example, assume a company stores its critical customer data using an encrypted file system. An employee who has quit decides to take a copy of the tape backups to sell the customer records to the competition. The removal of the tapes from their secure environment is a breach of possession. But, because the data is encrypted, neither the e mployee nor anyone else can read it without the proper decryption methods; therefore, there is no breach of confidentiality. Today, people caught selling company secrets face increasingly stiff fines with the likelihood of jail time.Also, companies are growing more and more reluctant to hire individuals who have demonstrated dishonesty in their past. CNSS Security Model The definition of information security presented in this text is based in part on the CNSS document called the National Training Standard for Information Systems Security Professionals NSTISSI No. 4011. (See www. cnss. gov/Assets/pdf/nstissi_4011. pdf. Since this document was written, the NSTISSC was renamed the Committee on National Security Systems (CNSS)— see www. cnss. gov. The library of documents is being renamed as the documents are rewritten. ) This document presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.T he model, created by John McCumber in 1991, provides a graphical representation of the architectural approach widely used in computer and information security; it is now known as the McCumber Cube. 17 The McCumber Cube in Figure 1-6, shows three dimensions. If extrapolated, the three dimensions of each axis become a 3 3 3 cube with 27 cells representing areas that must be addressed to secure today’s information systems. To ensure system security, each of the 27 areas must be properly addressed during the security process. For example, the intersection between technology, integrity, and storage requires a control or safeguard that addresses the need to use technology to protect the integrity of information while in storage.One such control might be a system for detecting host intrusion that protects the integrity of Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party co ntent may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 16 Chapter 1 Figure 1-6 The McCumber Cube18 Source: Course Technology/Cengage Learning information by alerting the security administrators to the potential modification of a critical file.What is commonly left out of such a model is the need for guidelines and policies that provide direction for the practices and implementations of technologies. The need for policy is discussed in subsequent chapters of this book. Components of an Information System As shown in Figure 1-7, an information system (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information r esources in the organization. These six critical components enable information to be input, processed, output, and stored. Each of these IS components has its own strengths and weaknesses, as well as its own characteristics and uses.Each component of the information system also has its own security requirements. Software The software component of the IS comprises applications, operating systems, and assorted command utilities. Software is perhaps the most difficult IS component to secure. The exploitation of errors in software programming accounts for a substantial portion of the attacks on information. The information technology industry is rife with reports warning of holes, bugs, weaknesses, or other fundamental problems in software. In fact, many facets of daily life are affected by buggy software, from smartphones that crash to flawed automotive control computers that lead to recalls.Software carries the lifeblood of information through an organization. Unfortunately, software programs are often created under the constraints of project management, which limit time, cost, and manpower. Information security is all too often implemented as an afterthought, rather than developed as an integral component from the beginning. In this way, software programs become an easy target of accidental or intentional attacks. Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 17 1 Figure 1-7 Components of an Information System Source: Course Technology/Cengage Learning Hardware Hardware is the physical te chnology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets from harm or theft.Applying the traditional tools of physical security, such as locks and keys, restricts access to and interaction with the hardware components of an information system. Securing the physical location of computers and the computers themselves is important because a breach of physical security can result in a loss of information. Unfortunately, most information systems are built on hardware platforms that cannot guarantee any level of information security if unrestricted access to the hardware is possible. Before September 11, 2001, laptop thefts in airports were common. A two-person team worked to steal a computer as its owner passed it through the conveyor scanning devices.The first perpetrator ente red the security area ahead of an unsuspecting target and quickly went through. Then, the second perpetrator waited behind the target until the target placed his/her computer on the baggage scanner. As the computer was whisked through, the second agent slipped ahead of the victim and entered the metal detector with a substantial collection of keys, coins, and the like, thereby slowing the detection process and allowing the first perpetrator to grab the computer and disappear in a crowded walkway. While the security response to September 11, 2001 did tighten the security process at airports, hardware can still be stolen in airports and other public places.Although laptops and notebook computers are worth a few thousand dollars, the information contained in them can be worth a great deal more to organizations and individuals. Data Data stored, processed, and transmitted by a computer system must be protected. Data is often the most valuable asset possessed by an organization and it is the main target of intentional attacks. Systems developed in recent years are likely to make use of database Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s).Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User 18 Chapter 1 management systems. When done properly, this should improve the security of the data and the application. Unfortunately, many system development projects do not make full use of the database management system’s security capabilities, and in some cases the database is implemented in ways that are less secure than traditional file systems. People Though often overlooked in co mputer security considerations, people have always been a threat to information security.Legend has it that around 200 B. C. a great army threatened the security and stability of the Chinese empire. So ferocious were the invaders that the Chinese emperor commanded the construction of a great wall that would defend against the Hun invaders. Around 1275 A. D. , Kublai Khan finally achieved what the Huns had been trying for thousands of years. Initially, the Khan’s army tried to climb over, dig under, and break through the wall. In the end, the Khan simply bribed the gatekeeper—and the rest is history. Whether this event actually occurred or not, the moral of the story is that people can be the weakest link in an organization’s information security program.And unless policy, education and training, awareness, and technology are properly employed to prevent people from accidentally or intentionally damaging or losing information, they will remain the weakest link. S ocial engineering can prey on the tendency to cut corners and the commonplace nature of human error. It can be used to manipulate the actions of people to obtain access information about a system. This topic is discussed in more detail in Chapter 2, â€Å"The Need for Security. † Procedures Another frequently overlooked component of an IS is procedures. Procedures are written instructions for accomplishing a specific task. When an unauthorized user obtains an organization’s procedures, this poses a threat to the integrity of the information.For example, a consultant to a bank learned how to wire funds by using the computer center’s procedures, which were readily available. By taking advantage of a security weakness (lack of authentication), this bank consultant ordered millions of dollars to be transferred by wire to his own account. Lax security procedures caused the loss of over ten million dollars before the situation was corrected. Most organizations distrib ute procedures to their legitimate employees so they can access the information system, but many of these companies often fail to provide proper education on the protection of the procedures. Educating employees about safeguarding procedures is as important as physically securing the information system.After all, procedures are information in their own right. Therefore, knowledge of procedures, as with all critical information, should be disseminated among members of the organization only on a need-to-know basis. Networks The IS component that created much of the need for increased computer and information security is networking. When information systems are connected to each other to form local area networks (LANs), and these LANs are connected to other networks such as the Internet, new security challenges rapidly emerge. The physical technology that enables network functions is becoming more and more accessible to organizations of every size.Applying the traditional tools of phys ical security, such as locks and keys, to restrict access to and interaction with the hardware components of an information system are still important; but when computer systems are networked, this approach is no longer enough. Steps to provide network Copyright 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. Licensed to: CengageBrain User Introduction to Information Security 19 security are essential, as is the implementation of alarm and intrusion ystems to make system owners aware of ongoing compromises. 1 Balancing Information Security and Access Even with the best planning and imple mentation, it is impossible to obtain perfect information security. Recall James Anderson

Pick any topic from the instruction Essay Example | Topics and Well Written Essays - 1250 words

Pick any topic from the instruction - Essay Example If free will is a gift from God, then it is part of that same open system that God set in motion to follow its own course. There is the possibility that what atheistic existentialists take to be an accident is actually the seeming chaos of a free system, created by an entity, animated - not governed - by free will. The idea that theism can be compatible with non-theological concepts has gained currency in recent years. The Episcopal Church, for example, has adopted the idea that the rational can help aid one’s understanding of what God is because reason itself is a gift from God. Name 2 One need not cancel out the possibility of the other. Faith doesn’t have to be the only resource because man has other gifts, other intrinsic capabilities that he can use in concert with others. The theistic philosopher Henry Rogers wrote, â€Å"The truth is, that both Reason and Faith are coeval with the nature of man, and were designed to dwell in his heart together. They are†¦re ciprocally complementary; - neither can exclude the other† (Rogers, 339). ... ng answers, to looking beyond the suppositions of existentialism, Kierkegaard’s tendency was to fall back on his Lutheran background, Pascal from an Augustinian system of belief and Sartre and Nietzsche from the humanist school, of which they were to a large extent the product (Tillich, 25). For Kierkegaard, the search for answers was a striving for transcendence, which resulted from the realization that one is responsible for one’s own condition. Personal freedom lies at the heart of this position. One has the freedom to choose despair or strive for self-actualization. â€Å"Either possibility requires that the self moves toward transcendence, reliance on God’s help, according to Kierkegaard† (Gray, 279). As such, the subject engages in a kind of selection, a choosing of salvation or of a personal fall. The subject â€Å"comes to renounce its Name 3 immediate self and choose its eternal self. It accepts the paradox of the God-man, and through this qualit ative leap free itself from despair and reach salvation† (Stewart, 138). For Kierkegaard, theism is the vehicle through which the individual arrives, subjectively, at the fullness of his meaning as a human being. The individual works through this alone as the sole possessor of his own ethical and aesthetic reality, ultimately leading him to a state of grace. Kierkegaard and many of those who followed his precepts believed that Christianity, and other monotheistic religions, were expressions of hypocrisy that taught pure love but practiced a creed that seemed to believe this purity was the special reserve of a privileged few; specifically, of the wealthy and powerful. The Christianity they observed around them drew from a shallow moral well, one that provided dubious spiritual sustenance from its manifesto (the

Article Analysis Essay Example | Topics and Well Written Essays - 500 words - 4

Article Analysis - Essay Example Likewise, the author proceeded with the discourse by expounding on accountability in organizations and emphasizing that it starts on the very top of the hierarchy. Building a framework of accountability was disclosed to require knowing one’s people well and encouraging open communication. Finally, Morris cited author and business thought-leader John Spence’s guidelines and principles for accountability in organization where a culture of accountability must be established to maximize the organization’s full potentials. Conclusions: Morris concluded that there is a need to upgrade the potentials of the organization’s human resources to maximize their strengths and facilitate the achievement of organizational goals. Through the enforcement of cultural norms and harnessing the competencies of people, accountability would be improved. As noted, â€Å"just like people, admired organizations are those that keep their promises- promises to customers, suppliers, employees and shareholders† (Morris, 2012, p. 73). Analysis: The article’s strength lies in the manner by which the author effectively structured his line of thinking and relayed the message intended for the audience. By using simple and straightforward language, Morris was able to assist in enhancing the understanding of readers from various backgrounds regarding the topic of accountability. Likewise, he supported his arguments through citing other review of related literatures and from works of people known to have established credibility on the topic being discussed. In addition, his credibility as a coach, mentor and as president and chief executive officer of an organization, assisted in providing viable arguments based on personal and professional experiences. However, one of the weaknesses noted was the failure to clearly list the authoritative references at the end of the discourse to determine their applicability from the date their respective literary works were published. Also,

Written Business Communication (Assignment #4C) Assignment

Written Business Communication ( #4C) - Assignment Example I would like to kindly remind you on the yearly warranty that you issued when you installed the gates since I suppose that will help you track the information on the same. For more clarity, I have attached the company’s proposal invoice to attest that the installation of the iron gates is still within the warranty and so still valid. All day shift employees are required to park in lots A and Lots B in the assigned spaces. On the other hand, the daytime employees are reminded not to park in the curbs lots, but eventually they may loan spaces to other distinguished employees that is if the parking spaces are not in use. To receive the a white sticker, please stop by the relations, employee at the cafeteria October 1st and it will be from 11:30 a.m. to 1:30 p.m. and also 3:00 to 5:00 to take their applications and also be issued with the white parking stickers. The swing shift employees may also park at the curb before evening at 3:00. Furthermore, after 3:00 p.m. all the swing shift employees are allowed to park in any empty parking space, even those for the Tandem, Handicapped or event management. For everyone’s convenience, we are all encouraged to register ourselves with the employee relation. This way there will be no inconvenience caused to any employee as far as parking space is concerned. Please stop at the cafeteria and get your white sticker at the most convenient time. All the tickets will be issued to all the cars that will not be having the sticker. By doing all that is needed there will be smooth parking activities and time also will be saved for more productive issues rather than things that are less

JOB STRESS, SATISFACTION AND INTENTION TO LEAVE AMONG NEW SAUDI NURSES Research Proposal

JOB STRESS, SATISFACTION AND INTENTION TO LEAVE AMONG NEW SAUDI NURSES - Research Proposal Example The author further associates stress with a positive effect on employee turnover rate. Aflab (2013, p. 12) explains possible factors to the association between workplace stress and both employee’s satisfaction and turnover. According to the author, stress increaser â€Å"safety and healthiness hazards† (12) whose effects include poor psychological health and increased susceptibility to injury and diseases. Cheng (2009, p. 11) supports the role of workplace stress in increasing employee turnover rate and introduces an interaction effect between stress and employee satisfaction to in influencing turnover rate. With reference to the role of organizational change on employees, the author argues that employees’ values influence their stress on job. Stress and job satisfaction then affect each other before they, each, influence employee turnover rate. Empirical studies shows existence of many factors to job stress, job satisfaction, and employees’ intention to leave their organizations, observations that could be indicative of the environment in the nursing profession. A study that aimed at investigating relationship between job stress and depressive symptoms among nurses in Korea established significance of job stress that translates to the symptoms. The symptoms further relates to some work environment factors such as job security and absence of reward. These imply significance of pleasure at work on employees stress that the depressive symptoms can detect (Yoon and Kim 2013, p. 171- 173). Vijay and Vazirani (2012, p. 48- 50) also explains significance of job stress in the nursing environment. Based on empirical results from a study on causes and moderators of stress, the authors note that job environment such as dealing with difficult associates of patients, poor remuneration, and challenges in interpersonal relations i nfluences level of stress in nurses. The level of stress