Literature review Essay Example | Topics and Well Written Essays - 750 words - 2

Literature review - Essay Example In this regard, this book has discussed and analyzed different perspectives of learning that can be implemented in the organizations. One of the major breakthroughs has been the systems thinking that has given a number of opportunities to the organizations to increase their capacity and performance in the marketplace, which has been discussed in this book in a simple manner. The author has been able to introduce and integrate the basic components of systems thinking in this book, which has played a vital and crucial role in the significant performance of an organization. In addition, different principles of indifferences, dimensional analysis, and systems theory with relation to the systems thinking have been included in this abovementioned book. A working concept of systems theory has been developed and discussed in this book. Different methodologies related to the systems thinking have been dealt in this book, which has provided a detailed analysis of the topic to the readers. Different characteristics of socio-cultural systems have also been evaluated in this book. Topics related to the human resource, as well as, organizational development have been showcased in this book. Different practices and theories related to the organizational performance have been displayed by the author. In specific, systems thinking has been given due consideration in this course, as it has been one of the most effective measures for the continued and sustained growth of an organization. The term of systems have been incorporated with the existence of organizations in this book. The author has tried to explain the relationship of organizational performance with the characteristic of a system, which can be very beneficial for an organization. Performance based on the objectives can be facilitated by the provision of instructions based on the systems thinking. Management and Systems thinking have been analyzed and compared

The Art of Mimes and French Research Paper Example | Topics and Well Written Essays - 1250 words

The Art of Mimes and French - Research Paper Example e_map.jpg&imgrefurl=http://www.wordtravels.com/Travelguide/Countries/France/Map&usg=__AyHrNyof1csp7K_Auvx6wDXt0Dg=&h=511&w=475&sz=51&hl=en&start=0&zoom=1&tbnid=wXeKpCxy6vCMUM:&tbnh=107&tbnw=99&prev=/images%3Fq%3Dfrance%2Bmap%26um%3D1%26hl%3Den%26sa%3DG%26biw%3D963%26bih%3D519%26gbv%3D2%26tbs%3Disch:1&um=1&itbs=1&iact=hc&vpx=235&vpy=81&dur=1562&hovh=233&hovw=216&tx=124&ty=104&ei=8MTzTOKVMIqkuAOG_eiVCg&oei=8MTzTOKVMIqkuAOG_eiVCg&esq=1&page=1&ndsp=19&ved=1t:429,r:1,s:0 Coastal plains are situated in the north and west of France. Alps mountain ranges cover the country from the south-east. Pyrenees ranges cover from the south-west Massif central from the south-central. French people show pride for their unique and individual national heritage. Their food and dining habits make them unique. French have invented cheese of 400 kinds. They consider wine to be their identity and an essential part of their diet. They are of good health and that is why, they always enjoy their work. They never prioritize the work above everything but just do it for enjoying life. French are found very much interested in discussing current affairs and political issues. They feel proud to be French and this is very obvious in their discussions. They proud of their long history and culture. They enjoy life. Even they work for pleasure and enjoyment. They seem to be relatively distant personalities and difficult to meet. However, they are generally polite but they do not free themselves with other people soon. It take time to build relations with French. They sometimes also seem to be rude. Specially, when discussing an issue, they want to reach to a conclusion. Their attitude at debate; making arguments and counter-arguments, may seem aggressive and ridiculous. But it is not so actually. They just want is to find the truth. One of the negative traits of French culture is criticizing. They are rarely pleased with what they have. Their criticism and dissatisfaction often lead to strikes,

Channel Conflict Analysis of Schwinn Essay Example for Free

Channel Conflict Analysis of Schwinn Essay With Schwinn’s recent expansion into many large-scale retail stores (i. e. Wal-Mart, Toys-R-Us, Target, etc. ), they began to shift into a dual channel marketing strategy. Often times, if not handled properly, this type of approach can result in significant problems for some or all of the distribution channel partners. Fortunately for Schwinn however, they were able to make many critical decisions which ensured that each of the partners’ distinct interests was narrowly aligned with their own. This proactive plan not only motivated many of their smaller independent bicycle dealers to continue carrying their products but it also allowed Schwinn to effectively reach a much larger segment of their target market. By closely analyzing this case, we can learn many valuable lessons regarding the overall importance of strong channel management. Product differentiation was one of the primary ways that Schwinn managed to avoid channel conflict. Schwinn segmented the market and delivered to the different segments of the market through different channels. The product line delivered through the mass market channel consisted of completely different bicycles than those found at the independent bicycle dealers. This segmentation reduced the likelihood of conflict between the two channels, since the two product lines were targeted at segments with little to no crossover. Additionally, Schwinn introduced products like the Sting Ray which had nostalgic appeal and stretched beyond the traditional customer base of the independent bicycle dealers. These types of bicycles provided them with a unique product and furthermore a healthy margin to bolster profits. By maintaining distinct product lines for their two channels, Schwinn was able to minimize multi-channel conflict. The key to motivating channel members is to provide value and benefits to each partner in order to align interests and thus achieve the ultimate goal: satisfy the customer’s needs. Schwinn used both push and pull strategies effectively. By offering a relatively higher margin level than other high-end manufacturers catering to independent bicycle dealers, they were able to restore the confidence and interest of their long term retailers in spite of going for a dual channel strategy. Moreover, as mentioned in the article, unlike most companies in the industry, there was no complicated loyalty formula required to get the best prices from Schwinn. In addition, Schwinn did not require specific pre-order sales in order to carry their products. Instead, suppliers were granted flexible purchasing options so they did not have to unnecessarily stock inventories during their off-seasons (i. e. winter months in cold climates). This push strategy not only reduced the administrative cost of the retailers, but also improved the inventory turnover and ultimately the retailers’ bottom line. Conversely, Schwinn was also able to simultaneously create a pull strategy after they utilized the extensive media exposure of products, such as the Sting Ray, to increase the brand recognition among customers thus drawing them to the independent bicycle dealers. In addition to this, the specialty storeowners found significant profits lying in the repairing of these bikes and selling of parts/accessories. This proved to be a great factor for specialty bike owners to remain in business while selling Schwinn. They had a clear edge over other big retailers like Wal-Mart who did not provide any after sales service to its customers. Because they were making money by servicing the bikes sold at the mass market stores, the independent bicycle dealers were more tolerant of losing some sales on the edge of their segment to Wal-Mart, Target, Toys-R-Us, etc. Schwinn has done a good job of heading off any channel conflict by keeping the incentives aligned for its two main distribution channels. By expanding its product line into major retailers, the company has been able to target a new segment of casual bike riders. With Schwinn’s new line of entry-level bikes, big-box stores can satisfy the needs of casual bike riders by offering a large selection of affordable bikes at convenient locations. Meanwhile, Schwinn still provides a number of incentives to local bike shops, which form the company’s other main distribution channel. These shops still profit from service and repair, which large retailers do not offer. Additionally, some of Schwinn’s higher-end models are exclusively available in bike shops. Finally, Schwinn is flexible with its inventory requirements and offers good margins. By offering different incentives to each of its distribution channels, Schwinn has been able to target more customers while also keeping its retailers happy.

Widespread Use Of Digital Media Media Essay

Widespread Use Of Digital Media Media Essay This essay will critically asses the impact that widespread use of digital media has on broader culture and society. For me, this is questioning whether digital media, the technological revolution and the rise of the internet can be seen as a blessing or a curse on culture and society. According to Castells (2002) who writes avidly on this topic, new media technologies simultaneously reinforce relations of cultural capital, hierarchy and distinction, while enabling social movements to publicise campaigns and connect with distant others. Technology, the internet and the digital media has created unimaginable wealth yet also encouraged millions to work for nothing. Digital media Challenges authority yet allowed regimes to spy and censor as never before. The internet opens up new realms of knowledge and Al Gore (former vice president) states that its an empowering tool with more potential than any other tool developed by mankind. Digital media is very much a double edged sword and has b oth positive and negative aspects to it. This essay will explore these different aspects and look to given a definitive answers as to whether the digital media and the internet has overall had a good or bad impact on broader culture and society. Positive impact on culture and society There are a significant number of ways in which the use of digital media has facilitated democracy and pluralism in worldwide society and culture. Supporters of this view include the likes of Goodwin, Jenkins and Burrows. The inventor of the World Wide Web, Sir Tim Berners-Lee, saw the internet as a tool that connected humanity. W ith 35 million people using the internet every day in the UK alone, he sees the internet as a platform for equal access to voice, opportunity and information, having originally been designed as a rebellion against hierarchy and authority. Wikipedia is definitely a product of the digital media that has had a positive impact on culture and society. Every month 65 million people use this site, with the original idea being that instead of information being handed down by experts and the elite above, it instead slowly emerges from the masses from below. This is a good example of the democratisation of society and culture that the digital media brings, as Wikipedia allow people to shape knowledge together on one platform. Twitter is a social media site that has had a strong positive effect on culture and society. This digital media platform can be used to campaign for fundamental freedoms in culture and society across the globe. For example Twitter was used to campaign for fundamental civil rights Kenya during the violence in the Kenyan election of 2008. Witnesses used Twitter to report the violence and corruption that the worlds media was not reporting accurately. Twitter represents a new form of democracy in society and culture, meaning that countries hierarchy in effect has flipped from vertical to horizontal. Another example can be found in Iran; when riots occurred the government banned world media from the area, however the public used Twitter to alert the world of what was occurring. Napster is a digital media site that advanced culture and society by undermining centuries of copyrighting and property. This site allowed music to be listened to for free, making it equally accessable and shared for free. This demonstrated digital media and the internets power to destroy established business models. While this site was completely illegal, the issue was that because the usage of this site became so widespread, lawsuits would have been needs for everyone between the ages of 18 and 30 at the time. As a result of Napster, 95% of all music exchange online in now unpaid for, showing how digital media has helped create added cultural equality and democracy over the last decade. YouTube is another strong example of how the digital media and the internet has had a positive effect on the global culture and society. YouTube was first created in 2005, and is now viewed 1 billion times a day, with 1/5 of all content on the internet itself being created by amateurs. The attraction to this site is that it provides and platform for self-promotion and takes control away from the middleman such as agents of publishers. These older hierarchies are still at large today, however their power is dwindling as they struggle to adapt to the digital medias democratisation and equalization effect on society and culture. Having first been created to protect the USA in the 1960s to link information between the government, the armed forces and institutions of science and universities, the internet has now become a de-centralizing power to the state. The internet is now seen as a threat to the state, de-centralizing power in single nations by merging their individual economies into a global economy. The rise of the digital media and the internet is accelerating globalisation which in turn provides new developments in culture that cross historic and traditional borders. Old centres of power are crumbling, meaning a huge scramble to fill the vacuum left behind. An example of this can be seen in Wikileaks, which allows people to anomalously publish information on governments such as classified US army documents on Guatanamo Bay, which helps challenge censorship. Suppressing information has become increasingly difficult, with the digital media and the internet helping make traditional censored countries suc h as China become far more democratic. When one part of the internet becomes controlled and colonised, a new frontier will always spring up in its place elsewhere. This certainly shows how the digital media benefits society and culture in a broad sense globally. Negative impact on culture and society There are many negative aspects that the rise of the internet and digital media has brought to culture and society. The digital media can be seen as a source of control and homogenisation, with supporters of this view including the likes of Schiller and Virilio. Around 25% of the global population has access to the internet, which can be seen to show another form of control by the MEDCs over LEDCs. It is in human nature to have the desire for both profit and control. If you can control what people believe in you control what people have access to, hence the internet and the digital media is a powerful tool that can create this control if harnessed by the appropriate people in society. The internet and digital media has allowed elite megabrands to gain power with no competition. The idealistic view (steming from 1970s hippie culture) that the world wide web should be a creative space where all people can share information for free, which went against those who wanted use the web as a place to buy and sell, use the web as a market place. Some people, such as Bill Gates, saw the internet as the biggest business opportunity ever. In 1995 Microsoft launched Internet Explorer and ended up with more than 90% of the market globablly. This is just an example of how the world dominated by just a handful of mega brands. In Britain 1/3 of the population has Facebook, Ebay has 21 million visits a month while Amazon get 16 million visits per month. There is one search engine (Google), one marketplace (Ebay), one bookshop (Amazon), one cinema (YouTube) and one social network (Facebook) that matter. This means there is a new massive wealth and power in the hands of a tiny elite t hanks to the internet. It is a huge historic anomolie in the fact that there are no competitors (Coke and Pepsi, Honda and Toyota)that would usually reflect a capitalist society. Hence this is a pure manifestation of way in which power works, landing itself to a very narrow oligarchy and elite in society. The digital media and the internet can be seen as a tool of control and oppression. Increasingly it mirrors hierarchy and inequalities with its originally idealistic beginnings fading over time. It is a powerful tool the state can use to access information and control the masses. An example of this is seen in China (one party state) that has 250 million of it population currently using the internet. Technology has helped drive Chinas economic growth and the government is now worried about their communist culture and society due to the rise of digital media and the internet. The government has employed 30,000 people to police the web full-time in China, developing a firewall around the country preventing many western media sites from entering and influencing public opinion. Their surveillance of social network sites is essential to their state control, hence the government has hired bloggers 300, 000 people to post communist support on digital media sites and blogs. The digital media can be seen to be narrowing identity. The internet can link and connect extremists, which has given them new tools of terrorism. Al Qaeda try to implement control through fear via the internet through hatefull messages and shocking images. This is very difficult to prevent as there is no central control centre of base on the internet. Digital media removes national borders and therefore these extremists have a virtual reality nation to spread their message. The internet and digital media can be see as eroding the concept of privacy. Private information is now exploited for highly targeted advertising and profit. For example Google gathers billions of search terms that help them sell highly targeted advertising. Its turned human curiosity into a goldmine, as Google now makes $200 per second for this scheme. Internet cookies now track our interests and website history. This can even Facebook, a company that increasingly uses technology to recognise pictures and send targeted adverts. Today, after purchasing an item, you are constantly emailed with updates. This is a manifestation of the attempt by big businesses and coorperations to colonise the online marketplace . It homogenises consumers with messages such as people who bought this also bought this. Almost without realising it, our search history is stored on a database of the companies that give us access to internet. Its suprising how much all the searches can be pieced together, and give a picture of who may have made these searchs. Hence this potentially could be used against individuals, as blackmail in the future. While this is an extreme view, this is a distinct possibility, and means corporations such as Google and Facebook have a huge amount of power they could utilize in the future. Analysis The positive aspects of digital media and the internet currently and always will outweigh the negatives aspects of digital media and the internet. It is irrational for anyone to claim that we were better off in an era of information poverty and un-empowered masses. One would rather have information overload than information poverty in society and culture. The internet is a true digital and electronic frontier where everyone is on his or her own; all manuscripts are accepted for publication, they remain in virtual print forever, and no one can tell writers what to do. The rise of the internet and digital media has empowered the masses and given everyone a platform on which to speak to the world. Of course, that doesnt necessarily mean all of the internet users will have something informed or valid to broadcast to across the world wide web. But such vast human empowerment is worth celebrating, despite its occasional downsides. Abundance in information is better than the old analog world of fewer choices and fewer voices. However, criticisms can be made against the internet and the digital media, as there are some very legitimate concerns regarding how the passing of the old order might leave society absent of some important cultural and order aspects. For example, one need not endorse bailouts for a dying newspaper industry to nonetheless worry about the important public service provided by investigative journalists: Who will take up those efforts if large media institutions go under because of digital disintermediation? The skeptics are also certainly correct that each of us should think about how to better balance new technologies and assimilate them into our lives and the lives of our families and communities. For example, children need to learn new digital literacy and cyber-citizenship skills to be savvy users of the world wide web. Conclusion This essay has critically assessed the impact that widespread use of digital media has on broader culture and society. For me, this was questioning whether digital media, the technological revolution and the rise of the internet can be seen as a blessing or a curse on culture and society. According to Castells (2002) who wrote a lot on this topic, new media technologies simultaneously reinforced relations of cultural capital, hierarchy and distinction, while enabling social movements to publicise campaigns and connect with distant others. Technology, the internet and the digital media has created unimaginable wealth yet also encouraged millions to work for nothing. Digital media Challenges authority yet allowed regimes to spy and censor as never before. The internet opens up new realms of knowledge and Al Gore (former vice president) states that its an empowering tool with more potential than any other tool developed by mankind. Digital media is very much a double edged sword and has both positive and negative aspects to it. This essay explored these different aspects and can now give a definitive answer as to whether digital media and the internet has overall had a good or bad impact on broader culture and society. Overall, the internet and the digital media is a positive phenomenon for humanity, society and culture. There are a significant number of ways in which the use of digital media has facilitated democracy and pluralism in worldwide society and culture. Strong examples in the physical form of digital media sites on the internet can be used to show this. Firstly Wikipedia is definitely a product of the digital media that has had a positive impact on culture and society. Secondly Twitter is a social media site that has had a strong positive effect on culture and society. Thirdly Napster is a digital media site that advanced culture and society by undermining centuries of copyrighting and property. YouTube is another strong example of how the digital media and the internet has had a positive effect on the global culture and society. These websites are contributing to rise of the digital media and the internet is accelerating globalisation which in turn provides new developments in culture that cross historic and traditional borders. The rise of the internet and digital media has empowered the masses and given everyone a platform on which to share information and dissolve old forms of hierarchy. However, to a smaller extent, the internet and digital media has caused a negative affect on society and culture. The digital media can be seen as a source of control and homogenisation by MEDCs over LEDCs. The internet and digital media has allowed elite megabrands to gain power with no competition. Again, the digital media and the internet can be seen as a tool of control and oppression. Increasingly it mirrors hierarchy and inequalities with its originally idealistic beginnings fading over time. The digital media can be seen to be narrowing identity while the internet can also link and connect extremists, which has given them new tools of terrorism. Finally, the internet and digital media can be see as eroding the concept of privacy. Private information is now exploited for highly targeted advertising and profit.

Maedchen In Uniform :: essays research papers

MAEDCHEN IN UNIFORM   Ã‚  Ã‚  Ã‚  Ã‚  Maedchen in Uniform ( Sagan, 1932, 80’) is a film that was specifically design to represent a group of women living in a patriarchal society and the conflicts they encounter by simply being their naturally, nurturing selves. One major conflict involves the deep relationship that develops between a female teacher and her female student in an all girl boarding school that is operated like a strict military camp. It is heavily suggested that this relationship is a romantic one, but there are no solid evidence that it is. I believe that Sagan had design the film this way so that the idea of lesbianism would not be so aggressive towards the audience that they will not be willing to sit through the entire film. Should the teacher have been a man and the student remains a female, I believe that this film would not have had the same effect it did on the viewers as it did the way it was presented. The gender between the two people should not have made a difference because, in general, it is wrong to have a romantic relationship between a teacher and a student who is still under the teacher’s guidance. Given this conflict alone, I believe that the Sagan wanted to take it to the next level and show that with the suggestion of lesbianism, these women are like any other women who are also caring and nurturing. I believe she was trying to introduce a new idea of lesbianism where the women are not heavily masculine.   Ã‚  Ã‚  Ã‚  Ã‚  First, there is the setting of a strict military like boarding school where the students, all females, are craving the love and affection that they are missing from their family. One particular student, Manuela von Meinhardis, had just recently joined the school after the recent death of her mother. She is particularly vulnerable to the love and care that is provided by the only caring teacher in the school, Fraulein von Bernburg. Fraulein von Bernburg is a very beautiful young teacher who is constantly at odds with her elders because she does see the need to punish her group of girls. She believes that the students need to be shown compassion and care; not just as a teacher but as a friend. It is between these two women that a heavily suggested romantic relationship developed. The reason why I say â€Å"heavily suggested† is because I still believe that Fraulein von Bergen was only trying to be sympathetic with the new girl, Manuela, because her mother had just died.

Free Essays on Homers Odyssey: Gaining Power from Others in The Odyssey :: Odyssey essays

Gaining Power from Others in The Odyssey Throughout The Odyssey, Odysseus’ power was gained through the power of others resulting in three phases of understanding: self-determination, courage, and having a greater vision in life. In order to understand these three phases, one must be able to conquer predominance from those less useful than others. Although Odysseus was physically strong, he was not who he was mentally, without the help and guidance through the gods. Odysseus was like one who has no friends, but when he meets up with more people, he becomes popular. One who was alone and meets new people, has more friends and finds out more interesting subjects about daily life. They are the ones who have more predominance than others because they know more people and have much more interesting subjects. Odysseus was like this because he didn’t know much without the help and guidance from others. Once Odysseus has served enough time in a place against his will, he would be determined to leave that place. Odysseus’ journey towards home was now going to be able to be finished. For seven years Calypso held him prisoner on the island of Ogygia and he was determined to leave and see to the rest of his journey. Calypso agrees to let him go and she gives Odysseus some advice and guidance saying, "Only I will not aid [you] on [your] way, for I have no ships fitted with oars, nor crews to bear [you] over the broad oceanridges; but I will freely give [you] counsel and not hide how [you] may come unharmed to [your] own native land"(47). Calypso recognizes Odysseus’ greatness. Calypso says she will give some advice, but Odysseus will have to prove his greatness by making his own ship and understand how he will make it home. Even though Odysseus was physically strong, at other times he was weak. When the Phaeacians returned Odysseus home, Odysseus not knowing where he was recounted his jewels and gifts. While doing so the Phaeacians were just turned to stone by Poseidon for helping him return home. Odysseus can practically do whatever any god can do but with the help of them. So speaking, Odysseus says to Athena, "And do you stand beside me, inspiring hardy courage, even so as when we tore the shining crown from Troy"(130). When Odysseus was at war with Troy, Athena gave him guidance.

Evidence Collection Policy Essay

1.What are the main concerns when collecting evidence? That you are thorough, collect everything, do it in the proper and official manner, and that you do not tamper with or alter anything. 2.What precautions are necessary to preserve evidence state? Usually what is done is all of the evidence is duplicated several times and any processes involved with the investigation are done with the duplicates to ensure that the actual evidence isn’t altered in any way. 3.How do you ensure evidence remains in its initial state? It is duplicated and then stored in climate controlled conditions. 4.What information and procedures are necessary to ensure evidence is admissible in court? Whoever conducts the investigation does so in a previously mandated, official, and legally recognized manner. Information Systems Security Incident Response Policy I. Title A. Name: Information Systems Security Incident Response Policy B. Number: : 20070103-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer) D. Status: Approved E. Date Proposed: 2005-10-24 F. Date Revised: G. Date Approved: 2007-01-03 H. Effective Date: 2007-01-16 II. Authority and Responsibility Information Systems and Computing is responsible for the operation of Penn’s data networks (PennNet) as well as the establishment of information security policies, guidelines, and standards. The Office of Audit, Compliance and  Privacy has authority to develop and oversee policies and procedures regarding the privacy of personal information. These offices therefore have the authority and responsibility to specify security incident response requirements to protect those networks as well as University data contained on those networks. III. Executive Summary This policy defines the response to computer security incidents. IV. Purpose This policy defines the steps that personnel must use to ensure that security incidents are identified, contained, investigated, and remedied. It also provides a process for documentation, appropriate reporting internally and externally, and communication so that organizational learning occurs. Finally, it establishes responsibility and accountability for all steps in the process of addressing computer security incidents. V. Risk of Non-compliance Without an effective incident response process, corrective action may be delayed and harmful effects unnecessarily exacerbated. Further, proper communication allows the University key learning opportunities to improve the security of data and networks. Individuals who fail to comply are subject to sanctions as appropriate under Penn policies. VI. Definitions Confidential University Data includes: * Sensitive Personally Identifiable Information–Information relating to an individual that reasonably identifies the individual and, if compromised, could cause significant harm to that individual or to Penn. Examples may include, but are not limited to: Social Security numbers, credit card numbers, bank account information, student grades or disciplinary information, salary or employee performance information, donations, patient health information, information Penn has promised to keep confidential, and account passwords or encryption keys used to protect access to Confidential University Data. * Proprietary Information–Data, information, or intellectual property in which the University has an exclusive legal interest or ownership right, which, if compromised could cause significant harm to Penn. Examples may include, but are not limited to, business planning, financial information, trade secret, copyrighted material, and  software or comparable material from a third party when the University has agreed to keep such information confidential. * Any other data the disclosure of which could cause significant harm to Penn or its constituents. Security Incident. There are two types of Security Incidents: Computer Security Incidents and Confidential Data Security Incidents. * A Computer Security Incident is any event that threatens the confidentiality, integrity, or availability of University systems, applications, data, or networks. University systems include, but are not limited to: servers, desktops, laptops, workstations, PDAs, network servers/processors, or any other electronic data storage or transmission device. * A Confidential Data Security Incident is a subset of Computer Security Incidents that specifically threatens the security or privacy of Confidential University Data. User. A Penn user is any faculty, staff, consultant, contractor, student, or agent of any of the above. VII. Scope This policy applies to all Users. It applies to any computing devices owned or leased by the University of Pennsylvania that experience a Computer Security Incident. It also applies to any computing device regardless of ownership, which either is used to store Confidential University Data, or which, if lost, stolen, or compromised, and based on its privileged access, could lead to the unauthorized disclosure of Confidential University Data. Examples of systems in scope include, but are not limited to, a User’s personally owned home computer that is used to store Confidential University Data, or that contains passwords that would give access to Confidential University Data. This policy does not cover incidents involving the University of Pennsylvania Health System (UPHS) information systems, which has a separate incident response policy. ISC Information Security will coordinate with UPHS as appropriate when UPHS computing devices, data, or personnel are involved. VIII. Statement of Policy A. Overview of Penn’s Incident Response Program All Computer Security Incidents must be reported to ISC Information Security promptly. See Section B below. All Confidential Data Security Incidents must: a. Generate the creation of an Immediate Response Team, as designated by the  Information Security Officer (ISO), on a per incident basis. See Section C below. b. Follow appropriate Incident Handling procedures. See Sections C and D below. iii. ISC Information Security, under the direction of the Vice President for Information Systems and Computing (VP-ISC) is responsible for logging, investigating, and reporting on security incidents. See Sections D and E below. B. Identifying and Reporting Computer Security Incidents i. Users and Local Support Providers (LSPs). In the event that a User or an LSP detects a suspected or confirmed Computer Security Incident, the User must report it to his or her Local Security Officer or IT Director for issues including but not limited to viruses, worms, local attacks, denial of service attacks, or possible disclosure of Confidential University Data. ii. Local IT Management. Local IT Management must notify ISC Information Security of all Computer Security Incidents, except for categories of incidents that ISC Information Security may designate in Appendix I of this policy. iii. ISC Information Security. ISC Information Security shall notify appropriate systems administrators and other personnel of all emergency and attack incidents, as well as all suspicious activity incidents when it believes that an administrator’s system is at risk. The system’s administrators will then work with ISC Information Security to properly address the incident and minimize the risk of future occurrences. C. Immediate Response Team i. Purpose. The purpose of each Immediate Response Team is to supplement Penn’s information security infrastructure and minimize the threat of damage resulting from Computer Security Incidents. ii. Per Incident Basis. An Immediate Response Team shall be created for Confidential Data Security Incidents. iii. Membership. Membership on the Immediate Response Team shall be as designated by the ISO. In most cases, members shall include a representative from ISC Information Security and from the affected School or Center’s technical and management staff. iv. Responsibilities. Responsibilities of the Immediate Response Team are to assess the incident and follow incident handling procedures, appropriate to the incident as determined by the ISO. v. Confidentiality. Immediate Response Team members will share information about security incidents beyond the Immediate  Response Team only on a need-to-know basis, and only after consultation with all other team members. D. Incident Handling. For incidents requiring the formation of an Immediate Response Team, the following is a list of response priorities that should be reviewed and followed as recommended by the ISO. The most important items are listed first: i. Safety and Human Issues. If an information system involved in an incident affects human life and safety, responding to any incident involving any life-critical or safety-related system is the most important priority. ii. Address Urgent Concerns. Schools and Centers may have urgent concerns about the availability or integrity of critical systems or data that must be addressed promptly. ISC Information Security shall be available for consultation in such cases. iii. Establish Scope of Incident. The Immediate Response Team shall promptly work to establish the scope of the incident and to identify the extent of systems and data affected. If it appears that personally identifiable information may have been compromised, the Immediate Response Team shall immediately inform the VP-ISC and the Chief Privacy Officer (CPO). iv. Containment. Once life-critical and safety issues have been resolved, the Immediate Response Team shall identify and implement actions to be taken to reduce the potential for the spread of an incident or its consequences across additional systems and networks. Such steps may include requiring that the system be disconnected from the network. v. Develop Plan for Preservation of Evidence. The Immediate Response Team shall develop a plan promptly upon learning about an incident for identifying and implementing appropriate steps to preserve evidence, consistent with needs to restore availability. Preservation plans may include preserving relevant logs and screen captures. The affected system may not be rebuilt until the Immediate Response Team determines that appropriate evidence has been preserved. Preservation will be addressed as quickly as possible to restore availability that is critical to maintain business operations. vi. Investigate the Incident. The Immediate Response Team shall investigate the causes of the incident and future preventative actions. During the investigation phase, members of the incident response team will attempt to determine exactly what happened during the incident, especially the vulnerability that made the incident possible. In short, investigators will attempt to answer the following questions: Who? What? Where? When? How? vii. Incident-Specific Risk  Mitigation. The Immediate Response Team shall identify and recommend strategies to mitigate risk of harm arising from the incident, including but not limited to reducing, segregating, or better protecting personal, proprietary, or mission critical data. viii. Restore Availability. Once the above steps have been taken, and upon authorization by the Immediate Response Team, the availability of affected devices or networks may be restored. ix. Penn-Wide Learning. The Immediate Response Team shall develop and arrange for implementation of a communications plan to spread learning from the security incident throughout Penn to individuals best able to reduce risk of recurrence of such incident. E. Senior Response Team (SRT). If the ISO or CPO in their judgment believe that the incident reasonably may cause significant harm to the subjects of the data or to Penn, each may recommend to the VP-ISC or Associate Vice President for Audit, Compliance and Privacy (AVP-OACP) that a Senior Response Team be established. The Senior Response Team shall be comprised of senior-level officials as designated by the VP-ISC or AVP-OACP. The Senior Response Team shall: i. Establish whether additional executive management should be briefed and the plan for such briefing. ii. Determine, with final approval by the General Counsel, whether Penn shall make best efforts to notify individuals whose personal identifiable information may have been at risk. In making this determination, the following factors shall be considered: a. legal duty to notify b. length of compromise c. human involvement d. sensitivity of data e. existence of evidence that data was accessed and acquired f. concerns about personnel with access to the data g. existence of evidence that machine was compromised for reasons other than accessing and acquiring data h. additional factors recommended for consideration by members of the Immediate Response Team or the Senior Response Team. iii. Review and approve any external communication regarding the incident. F. Documentation i. Log of security incidents. ISC Information Security shall maintain a log  of all reportable security incidents recording the date, School or Center affected, whether or not the affected machine was registered as a critical host, the type of Confidential University Data affected (if any), number of subjects (if applicable), and a summary of the reason for the intrusion, and the corrective measure taken. ii. Critical Incident Report. ISC Information Security shall issue a Critical Incident Report for every reportable security incident affecting machines qualifying as Critical Hosts, or other priority incidents in the judgment of ISC Information Security describing in detail the circumstances that led to the incident, and a plan to eliminate the risk. iii. Annual Summary Report. ISC Information Security shall provide annually for the VP-ISC and AVP-OACP a report providing statistics and summary-level information about all significant incidents reported, and providing recommendation s and plans to mitigate known risks. IX. Best Practices A. Preserving Evidence: It is essential to consult Penn Information Security when handling Computer Security Incidents. However, if Information Security is not available for emergency consultation, the following practices are recommended: i. Generally, if it is necessary to copy computer data to preserve evidence for an incident, it is a good idea to use bit-wise file-system copy utilities that will produce an exact image, (e.g.UNIX dd) rather than to use file level utilities which can alter some file meta-data. ii. When making forensic backups, always take a cryptographic hash (such as an SHA-1 hash) of both the original object and of the copied object to verify the authenticity of the copy. Consult your System Administrator if you have questions. iii. Assigning members to an Immediate Response Team: In cases where an incident involves an investigation into misconduct, the School or Center should consider carefully whom to assign to the Immediate Response Team. For example, one may not wish to assign an IT professional who works closely with the individual(s) being investigated. X. Compliance A. Verification: ISC Information Security and the Office of Audit, Compliance and Privacy will verify any known computing security incidents as having been reported and documented as defined by this policy. B. Notification: Violations of this policy will be reported by ISC Security  and the Office of Audit, Compliance and Privacy to the Senior Management of the Business Unit affected. C. Remedy: The incident will be recorded by ISC Information Security and any required action to mitigate the harmful affects of the attack will be initiated in cooperation with the Business Unit Security Officer/Liaison. D. Financial Implications: The owner of the system shall bear the costs associated with ensuring compliance with this policy. E. Responsibility: Responsibility for compliance with this policy lies with the system administrator, system owner, and Business Unit’s Senior Manager. F. Time Frame: All incidents involving critical hosts systems and networks must be reported immediately. All other incidents should be reported within one business day of determining something has occurred. G. Enforcement: Compliance with this policy will be enforced by disconnecting any machines that may compromise the University network, or other machines with Confidential University Data. Workforce members not adhering to the policy may be subject to sanctions as defined by University policies. H. Appeals: Appeals are decided by the Vice President for Information Systems and Computing. XI. References 1. PennNet Computer Security Policy at www.net.isc.upenn.edu/policy/approved/20040524-hostsecurity.html 2. Critical PennNet Host Security Policy at www.net.isc.upenn.edu/policy/approved/20000530-hostsecurity.html 3. Policy on Computer Disconnection from PennNet at www.upenn.edu/computing/policy/disconnect.html 4. Adherence to University Policy at www.hr.upenn.edu/policy/policies/001.asp 5. Policy on Security of Electronic Protected Health Information (ePHI) at www.upenn.edu/computing/security/policy/ePHI_Policy.html Appendix I The following category of incidents need not be reported to Penn Information Security: * Unsuccessful network scans