Industrial and Commercial Training
Collaborate to build effective teams to achieve organizational excellence and effectiveness
M.S. Rao
Article information:
To cite this document:
M.S. Rao , (2016),"Collaborate to build effective teams to achieve organizational excellence and effectiveness", Industrial
and Commercial Training, Vol. 48 Iss 1 pp. 24 - 28
Permanent link to this document:
http://dx.doi.org/10.1108/ICT-01-2015-0010
Downloaded on: 07 December 2016, At: 13:44 (PT)
References: this document contains references to 3 other documents.
To copy this document: [email protected]
The fulltext of this document has been downloaded 1556 times since 2016*
Users who downloaded this article also downloaded:
(2008),"Teams in organizations: a review on team effectiveness", Team Performance Management: An International Journal,
Vol. 14 Iss 1/2 pp. 7-21 http://dx.doi.org/10.1108/13527590810860177
(2002),"From loose groups to effective teams: The nine key factors of the team landscape", Journal of Management
Development, Vol. 21 Iss 2 pp. 133-151 http://dx.doi.org/10.1108/02621710210417439
Access to this document was granted through an Emerald subscription provided by emerald-srm:486520 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service
information about how to choose which publication to write for and submission guidelines are available for all. Please visit
www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication
Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation.
*Related content and download information correct at time of download.
D
ow
nl
oa
de
d
by
N
ov
a
S
ou
th
ea
st
er
n
U
ni
ve
rs
it
y
A
t
13
:4
4
07
D
ec
em
be
r
20
16
(
P
T
)
http://dx.doi.org/10.1108/ICT-01-2015-0010
Collaborate to build effective teams
to achieve organizational excellence
and effectiveness
M.S. Rao
Professor M.S. Rao is based at
MSR Leadership Consultants
India, Hyderabad, India.
Abstract
Purpose – The purpose of this paper is to collaborate to build effective teams to achieve organizational
excellence and effectiveness.
Design/methodology/approach – The paper outlines a blueprint to build an effective team based on
various personality types leveraging their competencies and capabilities.
Findings – It implores to identify various personality types of your team members, leverage their strengths,
understand their expectations and apply different leadership tools an ...
Toyota has succeeded because of its team-oriented culture. Some key reasons are:
1) Team-oriented culture allows employees to understand their strengths and weaknesses to work well together.
2) It develops a more efficient system to complete tasks on time and increase productivity.
3) Working in teams allows employees to learn from each other and motivate better performance.
4) Strong team bonds create support during challenges and help the organization grow.
Hr and organization strategy ppt @ mba 2009Babasab Patil
The document outlines a course on HR and organization strategy that will cover strategic HR alignment, leadership, strategic planning, and HR competencies. It provides tips for success in the course including sharing experiences and incorporating concepts into one's own style. The course will also examine changes in the professional world and how to develop strategic HR initiatives that support an organization's objectives.
Hr and organization strategy ppt @ mba 2009Babasab Patil
This document outlines the topics and activities to be covered in a course on HR and organization strategy. The course will include introductions, discussions on changes in the professional world, defining strategic HR alignment and competencies, leadership and management, strategic planning, formation and implementation. Participants will work in groups to identify changes impacting their profession and implications for HR. The document provides guidance on class participation, paper writing, and defines key concepts such as the differences between managers and leaders, strategic HR, vision and mission statements.
The study investigates the impact of team building on organisational productivity. The objective of this study is to evaluate the impact of team building among the members of the selected case study and to assess the effect of training and retraining of team members on organisational productivity. The study also x-rayed the absence of team building in a workplace which led to low levels of turnover and productivity. the total population of the study was 750 while researcher employed Yaro Yamane sampling technique to select sample size of 261 because of the large population and hypothesis were tested using Pearson correlation. The finding revealed that if members of the team can work in synergy without considering the differences in the likes of level of educational background and others, the expected productivity will be very high. It was also observed that capabilities of team leader in carrying out the assigned task determined its output especially if the team leader understands the technical knowhow of job and he is friendly with co-team members with a lot of motivation, that this would definitely enhance employees’ efficiencies and productivities. The study recommends that team members should trust, support and respect one another individual differences in order to accomplish group common goals and tasks.
The Team Management Profile is a management tool that provides personalized feedback to individuals and teams based on a validated questionnaire. It analyzes preferences for different work roles and team behaviors. The resulting 4,500 word report helps maximize individual and team performance to achieve business goals.
Organization Health Care Inc.Employees 15-20 thousand worldw.docxgerardkortney
This document provides guidelines for an organizational development change proposal (OCP) paper assignment. It instructs students to select an issue within their organization, analyze it through the lenses of Bolman and Deal's four frames (structural, human resources, political, symbolic), and develop recommendations and an intervention design using one assumption from each frame. It also notes key elements to address such as potential resistance to change and next steps. The format should be 1-2 pages single spaced with pseudonyms to ensure confidentiality.
Role of Effective Team Management by Leaderbantiadhikary1
Mr. Simeon Olubukola Adeogun presented on the role of effective team management in improving organizational performance. He discussed that teams are formed to achieve goals that individuals cannot achieve alone. Key aspects of effective team management include understanding goals and roles, collaboration, commitment, clear communication, and continuous improvement. High performing teams also have emotional intelligence, a mix of introverts and extroverts, shared understanding of goals, effective communication, clarity, capability, and creativity. The most important elements of team management are leadership, communication, decision-making, and shared power and authority.
Running Head DISCUSSION 2DISCUSSION 2Discus.docxhealdkathaleen
Running Head: DISCUSSION 2
DISCUSSION 2
Discussion
Name
Institution
Date
Discussion
The following are four character traits that people worth trusting must have in my opinion. Firstly, they must be authentic in the sense that they must be having real character anytime they are close to others. They should ensure that they are not struggling to remain over others at any given time, thus they should remain humble and likeable. Secondly they must have integrity. They must be in apposition to stand for what is right at any given time in life even in times when none is watching them. Thirdly they must be resourceful. Trusted people are normally relied upon to make a number of decisions meant for growth. Therefore, they should be in a position to understand that there is always room for improvement and should be ready to inspire and support those trusting them. Lastly, they must be kind particularly when looking for other individuals. They should always be there fore them and not only times when everything is okay.
The concept of transparent leadership does not exist any more in the contemporary world. Therefore, leaders are not always transparent as they claim to be. In any organization, if employees are not aware of any truth about leadership transparency, it is the matter time before they come to realize the truth. This is regardless of the extent to which leaders might try to run away or hide from reality.
The concept of first leading yourself helps enable others because of the following reasons. The concept helps one build and strengthen personal leadership skills which are necessary in administering different issues. After self-development and advancement has been completed, then he/she extends toe skills to help others (Jensen, 2017).
References
Jensen, J. R. (2017). Self-action leadership: Leading yourself to solve personal and professional problems. SAGE Publications: SAGE Business Cases Originals. Retrieved from http://sk.sagepub.com/cases/self-action-leadership-leading-yourself-to-solve-problems
Running Head: LEADERSHIP DISCUSSION 1
LEADERSHIP DISCUSSION 4
Student’s name:
Professor’s name:
Topic:
Institution:
Date:
Leadership Discussion
I was once part of a team working on an innovative project. Our team leader greatly inspired me because he was a revolutionary leader. There is one particular team member who was competent, but the only problem was that he was quite slow in his work. This team member had great expertise in design since this was his specialty. His design skills stood out from the rest of us. He at one time landed our team in trouble with a client as he failed to complete a critical assignment on time. Our leader was very disappointed with the team member, and was tempted to write him off. Before making this grand ...
Toyota has succeeded because of its team-oriented culture. Some key reasons are:
1) Team-oriented culture allows employees to understand their strengths and weaknesses to work well together.
2) It develops a more efficient system to complete tasks on time and increase productivity.
3) Working in teams allows employees to learn from each other and motivate better performance.
4) Strong team bonds create support during challenges and help the organization grow.
Hr and organization strategy ppt @ mba 2009Babasab Patil
The document outlines a course on HR and organization strategy that will cover strategic HR alignment, leadership, strategic planning, and HR competencies. It provides tips for success in the course including sharing experiences and incorporating concepts into one's own style. The course will also examine changes in the professional world and how to develop strategic HR initiatives that support an organization's objectives.
Hr and organization strategy ppt @ mba 2009Babasab Patil
This document outlines the topics and activities to be covered in a course on HR and organization strategy. The course will include introductions, discussions on changes in the professional world, defining strategic HR alignment and competencies, leadership and management, strategic planning, formation and implementation. Participants will work in groups to identify changes impacting their profession and implications for HR. The document provides guidance on class participation, paper writing, and defines key concepts such as the differences between managers and leaders, strategic HR, vision and mission statements.
The study investigates the impact of team building on organisational productivity. The objective of this study is to evaluate the impact of team building among the members of the selected case study and to assess the effect of training and retraining of team members on organisational productivity. The study also x-rayed the absence of team building in a workplace which led to low levels of turnover and productivity. the total population of the study was 750 while researcher employed Yaro Yamane sampling technique to select sample size of 261 because of the large population and hypothesis were tested using Pearson correlation. The finding revealed that if members of the team can work in synergy without considering the differences in the likes of level of educational background and others, the expected productivity will be very high. It was also observed that capabilities of team leader in carrying out the assigned task determined its output especially if the team leader understands the technical knowhow of job and he is friendly with co-team members with a lot of motivation, that this would definitely enhance employees’ efficiencies and productivities. The study recommends that team members should trust, support and respect one another individual differences in order to accomplish group common goals and tasks.
The Team Management Profile is a management tool that provides personalized feedback to individuals and teams based on a validated questionnaire. It analyzes preferences for different work roles and team behaviors. The resulting 4,500 word report helps maximize individual and team performance to achieve business goals.
Organization Health Care Inc.Employees 15-20 thousand worldw.docxgerardkortney
This document provides guidelines for an organizational development change proposal (OCP) paper assignment. It instructs students to select an issue within their organization, analyze it through the lenses of Bolman and Deal's four frames (structural, human resources, political, symbolic), and develop recommendations and an intervention design using one assumption from each frame. It also notes key elements to address such as potential resistance to change and next steps. The format should be 1-2 pages single spaced with pseudonyms to ensure confidentiality.
Role of Effective Team Management by Leaderbantiadhikary1
Mr. Simeon Olubukola Adeogun presented on the role of effective team management in improving organizational performance. He discussed that teams are formed to achieve goals that individuals cannot achieve alone. Key aspects of effective team management include understanding goals and roles, collaboration, commitment, clear communication, and continuous improvement. High performing teams also have emotional intelligence, a mix of introverts and extroverts, shared understanding of goals, effective communication, clarity, capability, and creativity. The most important elements of team management are leadership, communication, decision-making, and shared power and authority.
Running Head DISCUSSION 2DISCUSSION 2Discus.docxhealdkathaleen
Running Head: DISCUSSION 2
DISCUSSION 2
Discussion
Name
Institution
Date
Discussion
The following are four character traits that people worth trusting must have in my opinion. Firstly, they must be authentic in the sense that they must be having real character anytime they are close to others. They should ensure that they are not struggling to remain over others at any given time, thus they should remain humble and likeable. Secondly they must have integrity. They must be in apposition to stand for what is right at any given time in life even in times when none is watching them. Thirdly they must be resourceful. Trusted people are normally relied upon to make a number of decisions meant for growth. Therefore, they should be in a position to understand that there is always room for improvement and should be ready to inspire and support those trusting them. Lastly, they must be kind particularly when looking for other individuals. They should always be there fore them and not only times when everything is okay.
The concept of transparent leadership does not exist any more in the contemporary world. Therefore, leaders are not always transparent as they claim to be. In any organization, if employees are not aware of any truth about leadership transparency, it is the matter time before they come to realize the truth. This is regardless of the extent to which leaders might try to run away or hide from reality.
The concept of first leading yourself helps enable others because of the following reasons. The concept helps one build and strengthen personal leadership skills which are necessary in administering different issues. After self-development and advancement has been completed, then he/she extends toe skills to help others (Jensen, 2017).
References
Jensen, J. R. (2017). Self-action leadership: Leading yourself to solve personal and professional problems. SAGE Publications: SAGE Business Cases Originals. Retrieved from http://sk.sagepub.com/cases/self-action-leadership-leading-yourself-to-solve-problems
Running Head: LEADERSHIP DISCUSSION 1
LEADERSHIP DISCUSSION 4
Student’s name:
Professor’s name:
Topic:
Institution:
Date:
Leadership Discussion
I was once part of a team working on an innovative project. Our team leader greatly inspired me because he was a revolutionary leader. There is one particular team member who was competent, but the only problem was that he was quite slow in his work. This team member had great expertise in design since this was his specialty. His design skills stood out from the rest of us. He at one time landed our team in trouble with a client as he failed to complete a critical assignment on time. Our leader was very disappointed with the team member, and was tempted to write him off. Before making this grand ...
Running Head Discussion Board #11Discussion Board.docxsusanschei
Running Head: Discussion Board #1 1
Discussion Board #1
Sarah Swift
Discussion Board #1 2
1. Why is shared information so important in a learning organization in comparison to an efficient performance organization? Discuss how an organization’s approach to sharing information may be related to other elements of organization design such as: structure, tasks, strategy, and culture.
The primary function of an organization is said to be “the coordination of people and resources to collectively accomplish desired goals” (Daft, 2016, p 13). As an organization requires the collaboration amongst the people that formulate the entity, there develops a need for shared information. This concept of shared information is however more accepted within a learning organization rather than a performance organization (Daft, 2016). Shared information reflects a dynamic that encourages the interaction with one another to solve problems and innovate new ideas which can be seen as the characteristic that drives the mentality of a learning organization (Daft, 2016). In contrast to this, a performance organization places their focus more so in the efficiency of their business (Daft, 2016).
The elements of these types of organizations are reflected within their design as well. Learning organizations tend to use a decentralized structure approach where the authority of decision making, implementation, and innovation is shared amongst many employees in the organization even those considered in a lower level position (Tata & Prasad, 2004). This creates a flow of shared information. Those however in an efficient performance environment are impacted by a centralized structure. This type of structure allows for the authority to remain with fewer individuals which tend to be those that are in the top levels of the organization (Tata
Discussion Board #1 3
& Prasad, 2004). A centralized structure brings with it a hierarchical system where those at the higher levels engage in problem resolution and create policies while instructing those that are below them to implement these policies (Tata & Prasad, 2004). This set up discourages the collaboration amongst all employees.
The type of organization, also plays into the type of tasks given and the culture of the business. A learning organization develops more of a role oriented demeanor where employees are encouraged to bring their own thoughts for a better resolution and the roles in place are adjusted when needed (Daft, 2016). This creates a culture of collaboration and allows all employees to feel that they are needed. Meanwhile in a performance dominated organization, the tasks are more specialized and there are more sets of rules or regulations to follow (Daft, 2016).
2. What are some differences that one might anticipate among the expectations of stakeholder for a nonprofit organization versus a for-profit business? Do you believe nonprofit managers have to pay more attention to s ...
This document provides an overview of a unit on building high-performance teams. It discusses the four determinants of team performance known as the "four Cs": context, composition, coordination, and change. Context refers to how the organization's culture, structure, and systems support teamwork. Composition examines the skills and experiences of team members. Coordination focuses on how well members communicate and make decisions together. Change considers a team's ability to adapt over time. The document emphasizes understanding these factors when designing teams and resolving conflicts that could hinder performance.
This document provides an overview of a unit on building high-performance teams. It discusses the four determinants of team performance known as the "four Cs": context, composition, coordination, and change. Context refers to how the organization's culture, structure, and systems support teamwork. Composition examines the skills and experiences of team members. Coordination focuses on how well members communicate and make decisions together. Change considers a team's ability to adapt over time. The document emphasizes understanding these factors when designing teams and resolving conflicts that could hinder performance.
Lisa Beihoff assigment Organizational BehaviorLisaBeihoff
The document summarizes research on creating an effective team work environment. It identifies different types of teams, such as problem-solving teams, self-managed teams, cross-functional teams, and virtual teams. It discusses factors that determine team effectiveness, such as context, composition, process, and social factors. It provides recommendations for how to create effective teams, such as using cross-functional teams, setting clear expectations, ensuring commitment and competence, and emphasizing communication, collaboration, and accountability. The goal is to encourage engagement, creativity, and morale to improve performance.
This document discusses the importance of teamwork and interrelationships between tasks, people, and the work environment for achieving organizational goals. It defines a team and describes how teamwork allows goals to be accomplished that individual efforts cannot. The document then examines how organizational culture can support teamwork and provides examples of how companies have created cultures that foster collaboration, independence, and interdepartmental coordination to boost performance. It concludes that teamwork and strong interpersonal relationships are critical for an organization's success.
The document discusses teams and teamwork in organizations. It defines a team as a group of people organized to work independently and cooperatively to achieve common goals and purposes. Effective teamwork is important in fields like nursing to ensure patient safety. The document also discusses factors that make teams effective or dysfunctional, and barriers to dysfunctional teams like lack of cooperation, respect for other's roles, and unwillingness to share skills. It emphasizes the importance of leadership, communication, and organizational behavior for successful teamwork.
The article can be purchased at http://www.businessexpertpress.com/expert-insights-summary?search=bawany
CEE Leadership Masterclass Series in Leading to a #Disrupted, #VUCA World
CEE in collaboration with FGD Academy is pleased to offer a series of Virtual Masterclass.
For further details visit: http://www.cee-global.com/masterclass/
Ten highly practical Leadership Masterclass programmes, dedicated to developing Leadership skills for Board, C-Suite and Senior Level Leaders operating in today’s VUCA world
This Series of Courses will leverage on best-in-class or thought-leadership concepts, tools, and techniques to drive organizational & leadership excellence.
The Courses are designed to provide Business and HR leaders with a platform to develop from being good to great.
They are being offered in response to the market needs to ensure that their senior-level executives possess the right competencies and skills to successfully adapt to new realities when leading in a VUCA World.
Learning Outcomes:
• The context for leadership today’s VUCA business environment
• Understand the elements of Cognitive Readiness Competencies
• What is required to transform to be a ‘High-Performance Organisation’ (HPO)?
• How to transform your NextGen leaders to succeed in the VUCA world?
The CEE Masterclass Series is also available as customized in-company Leadership Development Workshops which are certified by The International Professional Managers Association (IPMA).
The programs incorporate a number of unique features and work on a number of levels. It is specifically aimed at enhancing and developing the skills, knowledge, and behaviors of the participants.
The participants will develop their understanding of Leadership Effectiveness and how it will lead to a creation of a sustainable competitive advantage for their respective organizations through the development of an organizational climate that will contribute towards enhancing employee engagement and productivity.
For further information, contact us at enquiry@cee-global.com or visit our website at http://www.cee-global.com/masterclass/
The Overview of the CEE Executive Coaching Solutions could be found here: http://www.cee-global.com/executive-coaching/
The Centre for Executive Coaching (CEC), a wholly-owned division of CEE, delivers recognized certified professional coach training programme for individuals interested in entering the field of executive coaching, as well as executives seeking to become better managers and leaders as managerial coaches in their respective organizations.
Further information on CEC could be found here: http://www.cee-global.com/about-cec/
For initial 30 min complimentary coaching session for CEOs and C-Suite Leaders, email us at enquiry@cee-global.com
This document provides an overview of the seven biggest team-building blunders and how to avoid them. The blunders are: failing to build support from managers, failing to establish conditions for effectiveness, failing to set meaningful goals, lacking a decision-making process, not establishing norms, weak communication, and insensitivity to diversity. It recommends ensuring information flows between teams and managers, properly selecting team members, clarifying goals and revisiting them, allowing open opinions and decision making, using failure constructively, encouraging listening, and establishing inclusive norms. The document also introduces Profiles International assessments that analyze team compatibility and provide development recommendations.
- The document discusses high-performance teams and how to develop them. It presents the S.C.O.R.E. framework for developing high-performance teams, which stands for strategy and purpose, clearly defined roles and responsibilities, open communication, rapid response to change, and effective leadership.
- It provides a case study of how a dysfunctional IT project team was transformed into a high-performing team using the S.C.O.R.E. framework, which resulted in improved project delivery and customer satisfaction.
- Developing high-performance teams requires focusing on synergistic characteristics like those defined in the S.C.O.R.E. framework in order to achieve results greater than the
This document provides guidance for leaders on how to effectively develop talent within their organizations. It outlines 12 key actions that talent builders must take, including identifying current and future organizational capabilities and talent needs, driving world-class performance, continually developing their direct reports, recruiting and exporting internal and external talent, and accelerating the development of high potentials. An example is also given of providing a direct report with a focused development plan to address a specific area of growth. The overall message is that line leaders must seriously commit to and execute talent development for it to be successful in an organization.
This document discusses keys to success and reasons for failure in organizational design. The five keys to success are: 1) Build on your strengths by identifying your unique role. 2) Go beyond lines and boxes by empowering decision making. 3) Know your roles by clearly defining impact and skills needed. 4) Rock your roles through ongoing development. 5) Support a culture of learning by making it a priority. The five reasons for failure are: 1) Poor planning leads to a false start. 2) Lack of leadership support and involvement. 3) Lack of adequate resources for implementation. 4) Focusing more on systems than people. 5) Leaders lacking change management skills.
Post #1Employee empowerment has allowed organizations to have qu.docxharrisonhoward80223
Post #1
Employee empowerment has allowed organizations to have quicker response times to customers for resolutions, but my thoughts of this quick solution being beneficial shifted as I read Senge’s studies. “Today, many executives are articulating a new philosophy revolving around ‘empowering people.’ But few organizations are working hard to introduce tools and methods to actually help people to make more intelligent decisions, especially decisions that improve systemwide performance” (Senge, Kleiner, Roberts, Ross, & Smith, 1994, p. 40). It is important for organizations to consider the impact of the training systems, as well as how to evaluate their effectiveness. Without the proper ‘tools’ it is difficult for employees to make decisions that are best for both the business and the customer. This also makes it difficult for leaders to be confident in backing their employees decisions or in holding them accountable to the decisions made when effective learning systems were not developed prior to training. “Once we learn to distinguish our assumptions from the ‘data’ upon which those assumptions are based, we are forever more aware of our own thinking” (Senge, Kleiner, Roberts, Ross, & Smith, 1994, p. 43).
“Motivation also appears to be an important correlate of leadership” (Vidic, Burton, South, Pickering, & Start, 2016). By utilizing the teachings of each section and putting them into practice within real life situations I can support my learning while also utilizing success stories of the implementation of my practices of the materials to share with the class for discussions. Many of the teachings discussed in this week’s material would work for the current organization I work for. Senge mentions situations where employees are placed into quick training courses that only last a few days, but later the training is not reinforced or further developed upon. Organizations will then give up on the current training practices as they believe them not to be effective. In the organization I work for there is always change. Changes in culture, leadership, and even training styles. There is an opportunity to evaluate the importance of each change prior to implementation and utilize different metrics to evaluate success which could include quantity, but most importantly quality of the results with the success of the organization.
References
Senge, P., Kleiner, A., Roberts, C., Ross, R., & Smith, B. (1994). The fifth discipline fieldbook: strategies and tools for building a learning organization. New York: Doubleday.
Vidic, Z., Burton, D., South, G., Pickering, A. M., & Start, A. (2016). Emotional and Motivational Correlates of Leadership Styles: A Comprehensive Framework for Understanding Effective Leaders. Journal Of Leadership Studies, (3), 22. doi:10.1002/jls.21485
Post #2
I found it interesting how Kleiner, Roberts, Ross , Senge & Smith (1994) discussed team development as a learning organization. They note that team members “develop new skill.
The document discusses developing a leadership strategy for organizational success. It defines what a leadership strategy is and provides steps for creating one, including analyzing the business strategy to identify key drivers and their implications for leadership, assessing the current and desired future leadership states, and identifying gaps to focus the leadership strategy. The leadership strategy should specify the quantity, qualities, skills/behaviors, collective capabilities, and culture needed for leaders to implement the business strategy.
The document discusses corporate culture and its impact on organizational performance. It defines corporate culture as the amalgamation of values, vision, mission, and day-to-day communication and interactions that create the atmosphere for how people work. Research shows corporate culture is the most important factor for driving innovation. An effective culture stems from understanding individuals and leadership relating goals in a way employees can internalize. It also requires promoting diverse thinking and shared knowledge to create collaborative cohesion that propels culture positively. Maintaining culture requires reinforcement at all employee lifecycle stages from hiring to retention.
As the companies examined in these pages will demonstrate, developing and executing an organization’s collective ambition requires involvement at all levels. HR and talent management professionals play a powerful role every step of the way, from helping to shape the collective ambition to executing it. An organization’s collective ambition can only be successful if there are the right people, in the right places with the right knowledge, skills and abilities. Simply put, it takes people to make the glue and to facilitate the grease.This white paper: Discusses the seven elements of collective ambition and why they matter.Explains why one of these elements may matter more than the others. Shows how top organizations collaborate to bring these elements together, enabling employees at all levels (and senior leaders in particular) to work together to provide the glue and the grease to get them where they want to go.Profiles several companies who have done an outstanding job of integrating these pieces into a powerful whole.Outlines the HR practices required at every level to ensure success.
1) The document provides definitions and literature on teamwork, discussing how effective teamwork requires common goals, complementary skills, mutual accountability and more.
2) It discusses theories of teamwork and outlines six common misperceptions, such as thinking smooth interactions are best and that face-to-face communication is outdated.
3) The document also reviews principles for effective virtual teamwork, such as getting teams together initially, clear communication guidelines, selecting the best technologies and establishing regular meetings.
Chapter 6Our Coherence Framework is simplexity.” Simplexity is .docxmccormicknadine86
Chapter 6
Our Coherence Framework is “simplexity.” Simplexity is not a real word, but it is a valuable concept. Simplexity means that you take a difficult problem and identify a small number of key factors (about four to six)—this is the simple part. And then you make these factors gel under the reality of action with its pressures, politics, and personalities in the situation—this is the complex part. In the case of our framework, there are only four big chunks and their interrelationships. Not only are these components dynamic but they also get refined over time in the setting in which you work. You have to focus on the right things, but you also must learn as you go. One of our favorite insights came from a retired CEO from a very successful company who, when asked about the most important thing he has learned about leadership, responded by say- ing, “It is more important to be right at the end of the meeting than the most important thing he has learned about leadership, responded by saying- ing, “It is more important to be right at the end of the meeting than the beginning” (David Cote, Honeywell, nyti.ms/1chUHqp). He was using this as a metaphor for a good change process: leaders influence the group, but they also learn from it. In fact, joint learning is what happens in effective change processes. If you are right at the beginning of the meeting, you are right only in your mind. If you are right at the notional end of the meeting, it means that you have processed the ideas with the group. McKinsey & Company conducted a study of leaders in the social sector (education et al.) and opened their report with these words: “chronic underinvestment [in leadership development] is placing increasing demands on social sector leaders” (Callanan, Gardner, Mendonca, & Scott, 2014). Their conclusions are right in our wheelhouse. In the survey of 200 social sector leaders, participants rated four critical attributes: balancing innovation with implementation, building executive teams, collaborating, and manag- ing outcomes. Survey respondents found themselves and their peers to be deficient in all four domains. In one table, they show the priorities—ability to innovate and implement, ability to surround selves with talented teams, collaboration, and ability to manage to outcomes—in terms of how respon- dents rated themselves and rated their peers as strong in the given domain. Both sets of scores were low—all below 40 percent. Collaboration, for example, was rated as 24 percent (self-rating) and 24 percent (rating of their peers). So the top capabilities are in short supply. Leaders build coherence when they combine the four components of our Coherence Framework with meeting the varied needs of the complex organizations they lead. Coherence making is a forever job because people come and go, and the situational dynamics are always in flux. They actively develop lateral and vertical connections so that the collaborative culture is deepened and drives dee ...
make sure to discuss the following•your understanding of t.docxcarliotwaycave
make sure to discuss the following
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
make sure to discuss the following•your understanding of .docxcarliotwaycave
make sure to discuss the following:
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
More Related Content
Similar to Industrial and Commercial TrainingCollaborate to build effec.docx
Running Head Discussion Board #11Discussion Board.docxsusanschei
Running Head: Discussion Board #1 1
Discussion Board #1
Sarah Swift
Discussion Board #1 2
1. Why is shared information so important in a learning organization in comparison to an efficient performance organization? Discuss how an organization’s approach to sharing information may be related to other elements of organization design such as: structure, tasks, strategy, and culture.
The primary function of an organization is said to be “the coordination of people and resources to collectively accomplish desired goals” (Daft, 2016, p 13). As an organization requires the collaboration amongst the people that formulate the entity, there develops a need for shared information. This concept of shared information is however more accepted within a learning organization rather than a performance organization (Daft, 2016). Shared information reflects a dynamic that encourages the interaction with one another to solve problems and innovate new ideas which can be seen as the characteristic that drives the mentality of a learning organization (Daft, 2016). In contrast to this, a performance organization places their focus more so in the efficiency of their business (Daft, 2016).
The elements of these types of organizations are reflected within their design as well. Learning organizations tend to use a decentralized structure approach where the authority of decision making, implementation, and innovation is shared amongst many employees in the organization even those considered in a lower level position (Tata & Prasad, 2004). This creates a flow of shared information. Those however in an efficient performance environment are impacted by a centralized structure. This type of structure allows for the authority to remain with fewer individuals which tend to be those that are in the top levels of the organization (Tata
Discussion Board #1 3
& Prasad, 2004). A centralized structure brings with it a hierarchical system where those at the higher levels engage in problem resolution and create policies while instructing those that are below them to implement these policies (Tata & Prasad, 2004). This set up discourages the collaboration amongst all employees.
The type of organization, also plays into the type of tasks given and the culture of the business. A learning organization develops more of a role oriented demeanor where employees are encouraged to bring their own thoughts for a better resolution and the roles in place are adjusted when needed (Daft, 2016). This creates a culture of collaboration and allows all employees to feel that they are needed. Meanwhile in a performance dominated organization, the tasks are more specialized and there are more sets of rules or regulations to follow (Daft, 2016).
2. What are some differences that one might anticipate among the expectations of stakeholder for a nonprofit organization versus a for-profit business? Do you believe nonprofit managers have to pay more attention to s ...
This document provides an overview of a unit on building high-performance teams. It discusses the four determinants of team performance known as the "four Cs": context, composition, coordination, and change. Context refers to how the organization's culture, structure, and systems support teamwork. Composition examines the skills and experiences of team members. Coordination focuses on how well members communicate and make decisions together. Change considers a team's ability to adapt over time. The document emphasizes understanding these factors when designing teams and resolving conflicts that could hinder performance.
This document provides an overview of a unit on building high-performance teams. It discusses the four determinants of team performance known as the "four Cs": context, composition, coordination, and change. Context refers to how the organization's culture, structure, and systems support teamwork. Composition examines the skills and experiences of team members. Coordination focuses on how well members communicate and make decisions together. Change considers a team's ability to adapt over time. The document emphasizes understanding these factors when designing teams and resolving conflicts that could hinder performance.
Lisa Beihoff assigment Organizational BehaviorLisaBeihoff
The document summarizes research on creating an effective team work environment. It identifies different types of teams, such as problem-solving teams, self-managed teams, cross-functional teams, and virtual teams. It discusses factors that determine team effectiveness, such as context, composition, process, and social factors. It provides recommendations for how to create effective teams, such as using cross-functional teams, setting clear expectations, ensuring commitment and competence, and emphasizing communication, collaboration, and accountability. The goal is to encourage engagement, creativity, and morale to improve performance.
This document discusses the importance of teamwork and interrelationships between tasks, people, and the work environment for achieving organizational goals. It defines a team and describes how teamwork allows goals to be accomplished that individual efforts cannot. The document then examines how organizational culture can support teamwork and provides examples of how companies have created cultures that foster collaboration, independence, and interdepartmental coordination to boost performance. It concludes that teamwork and strong interpersonal relationships are critical for an organization's success.
The document discusses teams and teamwork in organizations. It defines a team as a group of people organized to work independently and cooperatively to achieve common goals and purposes. Effective teamwork is important in fields like nursing to ensure patient safety. The document also discusses factors that make teams effective or dysfunctional, and barriers to dysfunctional teams like lack of cooperation, respect for other's roles, and unwillingness to share skills. It emphasizes the importance of leadership, communication, and organizational behavior for successful teamwork.
The article can be purchased at http://www.businessexpertpress.com/expert-insights-summary?search=bawany
CEE Leadership Masterclass Series in Leading to a #Disrupted, #VUCA World
CEE in collaboration with FGD Academy is pleased to offer a series of Virtual Masterclass.
For further details visit: http://www.cee-global.com/masterclass/
Ten highly practical Leadership Masterclass programmes, dedicated to developing Leadership skills for Board, C-Suite and Senior Level Leaders operating in today’s VUCA world
This Series of Courses will leverage on best-in-class or thought-leadership concepts, tools, and techniques to drive organizational & leadership excellence.
The Courses are designed to provide Business and HR leaders with a platform to develop from being good to great.
They are being offered in response to the market needs to ensure that their senior-level executives possess the right competencies and skills to successfully adapt to new realities when leading in a VUCA World.
Learning Outcomes:
• The context for leadership today’s VUCA business environment
• Understand the elements of Cognitive Readiness Competencies
• What is required to transform to be a ‘High-Performance Organisation’ (HPO)?
• How to transform your NextGen leaders to succeed in the VUCA world?
The CEE Masterclass Series is also available as customized in-company Leadership Development Workshops which are certified by The International Professional Managers Association (IPMA).
The programs incorporate a number of unique features and work on a number of levels. It is specifically aimed at enhancing and developing the skills, knowledge, and behaviors of the participants.
The participants will develop their understanding of Leadership Effectiveness and how it will lead to a creation of a sustainable competitive advantage for their respective organizations through the development of an organizational climate that will contribute towards enhancing employee engagement and productivity.
For further information, contact us at enquiry@cee-global.com or visit our website at http://www.cee-global.com/masterclass/
The Overview of the CEE Executive Coaching Solutions could be found here: http://www.cee-global.com/executive-coaching/
The Centre for Executive Coaching (CEC), a wholly-owned division of CEE, delivers recognized certified professional coach training programme for individuals interested in entering the field of executive coaching, as well as executives seeking to become better managers and leaders as managerial coaches in their respective organizations.
Further information on CEC could be found here: http://www.cee-global.com/about-cec/
For initial 30 min complimentary coaching session for CEOs and C-Suite Leaders, email us at enquiry@cee-global.com
This document provides an overview of the seven biggest team-building blunders and how to avoid them. The blunders are: failing to build support from managers, failing to establish conditions for effectiveness, failing to set meaningful goals, lacking a decision-making process, not establishing norms, weak communication, and insensitivity to diversity. It recommends ensuring information flows between teams and managers, properly selecting team members, clarifying goals and revisiting them, allowing open opinions and decision making, using failure constructively, encouraging listening, and establishing inclusive norms. The document also introduces Profiles International assessments that analyze team compatibility and provide development recommendations.
- The document discusses high-performance teams and how to develop them. It presents the S.C.O.R.E. framework for developing high-performance teams, which stands for strategy and purpose, clearly defined roles and responsibilities, open communication, rapid response to change, and effective leadership.
- It provides a case study of how a dysfunctional IT project team was transformed into a high-performing team using the S.C.O.R.E. framework, which resulted in improved project delivery and customer satisfaction.
- Developing high-performance teams requires focusing on synergistic characteristics like those defined in the S.C.O.R.E. framework in order to achieve results greater than the
This document provides guidance for leaders on how to effectively develop talent within their organizations. It outlines 12 key actions that talent builders must take, including identifying current and future organizational capabilities and talent needs, driving world-class performance, continually developing their direct reports, recruiting and exporting internal and external talent, and accelerating the development of high potentials. An example is also given of providing a direct report with a focused development plan to address a specific area of growth. The overall message is that line leaders must seriously commit to and execute talent development for it to be successful in an organization.
This document discusses keys to success and reasons for failure in organizational design. The five keys to success are: 1) Build on your strengths by identifying your unique role. 2) Go beyond lines and boxes by empowering decision making. 3) Know your roles by clearly defining impact and skills needed. 4) Rock your roles through ongoing development. 5) Support a culture of learning by making it a priority. The five reasons for failure are: 1) Poor planning leads to a false start. 2) Lack of leadership support and involvement. 3) Lack of adequate resources for implementation. 4) Focusing more on systems than people. 5) Leaders lacking change management skills.
Post #1Employee empowerment has allowed organizations to have qu.docxharrisonhoward80223
Post #1
Employee empowerment has allowed organizations to have quicker response times to customers for resolutions, but my thoughts of this quick solution being beneficial shifted as I read Senge’s studies. “Today, many executives are articulating a new philosophy revolving around ‘empowering people.’ But few organizations are working hard to introduce tools and methods to actually help people to make more intelligent decisions, especially decisions that improve systemwide performance” (Senge, Kleiner, Roberts, Ross, & Smith, 1994, p. 40). It is important for organizations to consider the impact of the training systems, as well as how to evaluate their effectiveness. Without the proper ‘tools’ it is difficult for employees to make decisions that are best for both the business and the customer. This also makes it difficult for leaders to be confident in backing their employees decisions or in holding them accountable to the decisions made when effective learning systems were not developed prior to training. “Once we learn to distinguish our assumptions from the ‘data’ upon which those assumptions are based, we are forever more aware of our own thinking” (Senge, Kleiner, Roberts, Ross, & Smith, 1994, p. 43).
“Motivation also appears to be an important correlate of leadership” (Vidic, Burton, South, Pickering, & Start, 2016). By utilizing the teachings of each section and putting them into practice within real life situations I can support my learning while also utilizing success stories of the implementation of my practices of the materials to share with the class for discussions. Many of the teachings discussed in this week’s material would work for the current organization I work for. Senge mentions situations where employees are placed into quick training courses that only last a few days, but later the training is not reinforced or further developed upon. Organizations will then give up on the current training practices as they believe them not to be effective. In the organization I work for there is always change. Changes in culture, leadership, and even training styles. There is an opportunity to evaluate the importance of each change prior to implementation and utilize different metrics to evaluate success which could include quantity, but most importantly quality of the results with the success of the organization.
References
Senge, P., Kleiner, A., Roberts, C., Ross, R., & Smith, B. (1994). The fifth discipline fieldbook: strategies and tools for building a learning organization. New York: Doubleday.
Vidic, Z., Burton, D., South, G., Pickering, A. M., & Start, A. (2016). Emotional and Motivational Correlates of Leadership Styles: A Comprehensive Framework for Understanding Effective Leaders. Journal Of Leadership Studies, (3), 22. doi:10.1002/jls.21485
Post #2
I found it interesting how Kleiner, Roberts, Ross , Senge & Smith (1994) discussed team development as a learning organization. They note that team members “develop new skill.
The document discusses developing a leadership strategy for organizational success. It defines what a leadership strategy is and provides steps for creating one, including analyzing the business strategy to identify key drivers and their implications for leadership, assessing the current and desired future leadership states, and identifying gaps to focus the leadership strategy. The leadership strategy should specify the quantity, qualities, skills/behaviors, collective capabilities, and culture needed for leaders to implement the business strategy.
The document discusses corporate culture and its impact on organizational performance. It defines corporate culture as the amalgamation of values, vision, mission, and day-to-day communication and interactions that create the atmosphere for how people work. Research shows corporate culture is the most important factor for driving innovation. An effective culture stems from understanding individuals and leadership relating goals in a way employees can internalize. It also requires promoting diverse thinking and shared knowledge to create collaborative cohesion that propels culture positively. Maintaining culture requires reinforcement at all employee lifecycle stages from hiring to retention.
As the companies examined in these pages will demonstrate, developing and executing an organization’s collective ambition requires involvement at all levels. HR and talent management professionals play a powerful role every step of the way, from helping to shape the collective ambition to executing it. An organization’s collective ambition can only be successful if there are the right people, in the right places with the right knowledge, skills and abilities. Simply put, it takes people to make the glue and to facilitate the grease.This white paper: Discusses the seven elements of collective ambition and why they matter.Explains why one of these elements may matter more than the others. Shows how top organizations collaborate to bring these elements together, enabling employees at all levels (and senior leaders in particular) to work together to provide the glue and the grease to get them where they want to go.Profiles several companies who have done an outstanding job of integrating these pieces into a powerful whole.Outlines the HR practices required at every level to ensure success.
1) The document provides definitions and literature on teamwork, discussing how effective teamwork requires common goals, complementary skills, mutual accountability and more.
2) It discusses theories of teamwork and outlines six common misperceptions, such as thinking smooth interactions are best and that face-to-face communication is outdated.
3) The document also reviews principles for effective virtual teamwork, such as getting teams together initially, clear communication guidelines, selecting the best technologies and establishing regular meetings.
Chapter 6Our Coherence Framework is simplexity.” Simplexity is .docxmccormicknadine86
Chapter 6
Our Coherence Framework is “simplexity.” Simplexity is not a real word, but it is a valuable concept. Simplexity means that you take a difficult problem and identify a small number of key factors (about four to six)—this is the simple part. And then you make these factors gel under the reality of action with its pressures, politics, and personalities in the situation—this is the complex part. In the case of our framework, there are only four big chunks and their interrelationships. Not only are these components dynamic but they also get refined over time in the setting in which you work. You have to focus on the right things, but you also must learn as you go. One of our favorite insights came from a retired CEO from a very successful company who, when asked about the most important thing he has learned about leadership, responded by say- ing, “It is more important to be right at the end of the meeting than the most important thing he has learned about leadership, responded by saying- ing, “It is more important to be right at the end of the meeting than the beginning” (David Cote, Honeywell, nyti.ms/1chUHqp). He was using this as a metaphor for a good change process: leaders influence the group, but they also learn from it. In fact, joint learning is what happens in effective change processes. If you are right at the beginning of the meeting, you are right only in your mind. If you are right at the notional end of the meeting, it means that you have processed the ideas with the group. McKinsey & Company conducted a study of leaders in the social sector (education et al.) and opened their report with these words: “chronic underinvestment [in leadership development] is placing increasing demands on social sector leaders” (Callanan, Gardner, Mendonca, & Scott, 2014). Their conclusions are right in our wheelhouse. In the survey of 200 social sector leaders, participants rated four critical attributes: balancing innovation with implementation, building executive teams, collaborating, and manag- ing outcomes. Survey respondents found themselves and their peers to be deficient in all four domains. In one table, they show the priorities—ability to innovate and implement, ability to surround selves with talented teams, collaboration, and ability to manage to outcomes—in terms of how respon- dents rated themselves and rated their peers as strong in the given domain. Both sets of scores were low—all below 40 percent. Collaboration, for example, was rated as 24 percent (self-rating) and 24 percent (rating of their peers). So the top capabilities are in short supply. Leaders build coherence when they combine the four components of our Coherence Framework with meeting the varied needs of the complex organizations they lead. Coherence making is a forever job because people come and go, and the situational dynamics are always in flux. They actively develop lateral and vertical connections so that the collaborative culture is deepened and drives dee ...
Similar to Industrial and Commercial TrainingCollaborate to build effec.docx (20)
make sure to discuss the following•your understanding of t.docxcarliotwaycave
make sure to discuss the following
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
make sure to discuss the following•your understanding of .docxcarliotwaycave
make sure to discuss the following:
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
make sure to discuss the following•your understanding o.docxcarliotwaycave
make sure to discuss the following:
•
your understanding of the purpose of the research
•
what the researchers found (i.e., the results of the research study)
•
the broader implications or practical application of the research
•
any problems you see in the research study
•
what the researchers might have done differently to improve their study
•
future research that might be conducted in this particular research area
.
Major DiseasesCHAPTER 10Chapter 10Maj.docxcarliotwaycave
Major Diseases
CHAPTER 10
*
Chapter 10
Major Diseases
Learning Outcomes:Identify agents and vectors involved in the spread of infectious diseasesDescribe the process of infection, and the role of the body’s immune systemDiscuss prevention and treatments for colds and influenzaName and describe common infectious diseasesEvaluate your personal infectious disease risk factors, and strategies to decrease risk
Infectious Diseases
Infection is triggered by a pathogen (disease-causing organism) that is transmitted to the host (person or population) by a vector (biological or physical vehicle)
Types of microbes that can cause infection are:
Viruses Fungi
Bacteria Protozoa
Helminths (Parasitic Worms)
Agents of Infection: VirusesThe most common viruses are as follows:Rhinoviruses and Adenoviruses: which get into the mucous membranes and cause upper respiratory tract infections and coldsInfluenza viruses: can change their outer protein coats so dramatically that individuals resistant to one strain cannot fight off a new oneHerpes viruses: take up permanent residence in the cells and periodically flare upPapillomaviruses: may be responsible for a rise in the incidence of cervical cancer among younger womenHepatitis viruses: cause several forms of liver infection, ranging from mild to life threateningSlow viruses: give no early indication of their presence but can produce fatal illnesses within a few years
Agents of Infection: Viruses cont’dRetroviruses: named for their backward (retro) sequence of genetic replication compared to other viruses. One retrovirus, human immunodeficiency virus (HIV), causes acquired immune deficiency syndrome (AIDS)
Filoviruses: resemble threads and extremely lethal
Coronavirus 2019-COVID-19CDC is responding to a pandemic of respiratory disease spreading from person-to-person caused by a novel (new) coronavirus. The disease has been named “coronavirus disease 2019” (abbreviated “COVID-19”)
COVID-19 is caused by a coronavirus. Coronaviruses are a large family of viruses that are common in people and many different species of animals, including camels, cattle, cats, and bats. Reported illnesses have ranged from very mild (including some with no reported symptoms) to severe, including illness resulting in death. Older people and people of all ages with severe chronic medical conditions — like heart disease, lung disease and diabetes, for example — seem to be at higher risk of developing serious COVID-19 illness
Agents of InfectionBacteria: are the most plentiful microorganisms as well as the most pathogenic. Bacteria harm the body by releasing either enzymes that digest body cells or toxins that produce the specific effects of diseases such as diphtheria or toxic shock syndromeFungi: consist of threadlike fibers and reproductive spores. Fungi lack chlorophyll and must obtain their food from organic material, which may include human tissueProtozoa: single-celled, microscopic animals release enzymes.
Main questions of the essay1. What are types of daily-lived situat.docxcarliotwaycave
Main questions of the essay
1. What are types of daily-lived situations that confront undocumented youth sense of identity and belonging?
2. What types of psychological trauma impacts gow undocumented youth negotiate their daily lived situations?
3. How do undocumented youth respond to their daily psychological trauma that they experienced?
Use some examples to describe those experiences happened to those undocument youth, it can be made up.
In the Conclusion, provide some solution. Picture yourself as a policy maker.
.
Make a simple plan to observe and evaluate a facility in your school.docxcarliotwaycave
Make a simple plan to observe and evaluate a facility in your school or surrounding community , and recomond somethings in order to improve it ( write an essay about this article )
#Requirements
200 words
MLA style
should have basic words
Should have an introduction,two bodies,and conclusion.
.
Major Approaches to Clinical Psychology PresentationSelect one.docxcarliotwaycave
Major Approaches to Clinical Psychology Presentation
Select
one of the following psychological diagnoses:
·
Depressive disorder
·
Generalized anxiety disorder
·
Attention deficit hyperactivity disorder
·
Obsessive-compulsive disorder
Create
a 9-12 slide Microsoft
®
PowerPoint
®
presentation, with Speaker Notes;
You have been asked to provide a presentation regarding psychological issues for a local community organization. Your audience is made up of adults within the community who are
not
mental health professionals, and who are interested in learning more about a specific mental health issue.
Provide
a brief explanation of the mental health issue chosen, including primary symptoms, diagnostic criteria, populations most affected, and prevalence within the U.S.
Discuss
each of the major theories in Psychology: psychodynamic, cognitive-behavioral, humanistic, and family systems approaches.
Compare and contrast
the major approaches in relation to your selected psychological issue.
Include the following:
When, how, and why each approach developed, and identify psychologists most associated with the approach.
Terms and concepts associated with the psychological approach.
The techniques and strategies used by each approach, and the goals of treatment.
The effectiveness of each approach towardtreating yourselected diagnosis, based on treatment outcome research.
Incorporate
information from at least five peer-reviewed, professional publications.
Cite
each source you have relied upon throughout the body of your presentation, and list them on a separate slide titled
References
. Use direct quotes only sparingly.
Format
your paper consistent with APA guidelines.
Submit
a signed Certificate of Originality document.
.
Make a powerpoint presentation. At least 4 to 6 pages. Your pape.docxcarliotwaycave
Make a powerpoint presentation. At least 4 to 6 pages.
Your paper should include a cover page (setting forth the title of the paper, your name, the course number, and the date), and a bibliography.
Your paper should include an introductory paragraph, a comprehensive but concise analysis of the topic, and a conclusion paragraph.
.
Make a 150 word response to the following. Incorporarte what was sai.docxcarliotwaycave
Make a 150 word response to the following. Incorporarte what was said in 1.In your response. Discuss some of the qualities that can make art "great." Use texbook: Getlein, Mark. Living with Art, 9th Ed., New York: McGraw-Hill, 2010. Chapters 1-5
1. Although beauty is in the eye of the beholder, certain criteria should be looked at or met to consider something art. The same applies to calling someone an artist. Getlein first discusses that artists create places that fulfill a purpose for humans. Examples of this include Stonehenge and the Vietnam Memorial. Artists also exaggerate or give new perspective on ordinary objects to make them seem extraordinary. Another thing artists accomplish is using their art to record history. Their art could remind people of a different time or era in human history. For example, a painting for an ancient Chinese dynasty gives us insight into that era. Artists give form to things that cannot be seen or understood. This mostly includes statues, paintings, etc. of various deities. This same idea can also be applied when artists give form to feelings or ideas. This is shown in Van Gogh's famous painting called The Starry Night. Lastly, artists can give us a new or refreshing perspective on the world.
An artist or their art must meet one of these criteria to be considered art. These six criteria show how influential and important art has been to human culture and society for a very long time. Art gives us glimpses into times that are long gone and clues to a different culture.
Make a 150 word response to the following. Incorporate what is said in 2. In your response. What factors make a work of art valuable in different ways to different people? Use texbook: Getlein, Mark. Living with Art, 9th Ed., New York: McGraw-Hill, 2010. Chapters 1-5
2. Unity is when pieces come together in art to form a cohesive whole. Variety is the difference in these pieces to be more interesting. An example of these concepts is figure 3.8 on page 56. Guernica by Pablo Picasso is a painting of disfigured animals and people that seem chaotic. Different images can be seen throughout the painting. Unity is shown because all the individual objects and people come together to give you a large picture. Variety is also shown because many of the animals like the horse are disfigured and almost cartoonish. I chose this work because looking at the individual pieces of the picture seem strange but they come together to show some kind of conflict.
Symmetrical balance is when the center of gravity in a piece of art is vertical. The two sides of the art must also correspond to each other. An example of this is figure 3.1 on page 51. A picture of interior upper chapel of the Sainte-Chappelle in Paris is shown. This artwork in the chapel shows symmetrical balance because there is an implied line down the middle of the design where a door is and both sides mirror each other perfectly. Asymmetrical balance is when two sides of the art do not correspond w.
Major dams and bridges were built by the WPA during the New Deal o.docxcarliotwaycave
Major dams and bridges were built by the WPA during the "New Deal" of President Franklin Roosevelt in the 1930s and 1940s and have withstood decades. The American Interstate Highway system came into being during the Eisenhower presidential years over 60 years ago. Sewers were built several generations ago. In more exact terms, the United States' infrastructure system is old and beginning to rapidly deteriorate. How do you feel about the aging of United States' infrastructure? Explain.
How would you recommend a strategy to repair or replace the various aging critical infrastructure? Explain.
What major challenges or barriers exist? Explain.
How do you think they could be overcome?
What types of technologies can be used in determining weaknesses in the integrity of infrastructure construction? Explain.
In your opinion, are these technologies effective? Why or why not?
How often do you think critical components should be inspected for weaknesses and vulnerabilities? Explain your rationale.
In your own words, please post a response to the Discussion Board and comment on at least two other postings. You will be graded on the quality of your postings.
For assistance with your assignment, please use your text, Web resources, and all course materials.
Unit Materials
.
Major Paper #1--The Point of View EssayWe will be working on this .docxcarliotwaycave
Major Paper #1--The Point of View Essay
We will be working on this paper for the next three units. The final draft of the paper--with all three sections described below--will be due at the end of Unit #4.
Purpose:
This paper assignment has several purposes. As the first major paper for this class, the Point of View Essay is designed to re-engage you with the fundamentals of all good writing, including using lush sensory details to show the reader a particular place (rather than tell them about it), basic organization, clear focus, etc. However, this unit does not function as a mere review. The Point of View Essay will also introduce you to the concept of "thinking and seeing rhetorically, and analyzing writing rhetorically"--using the Writer's Toolbox described in this unit to improve your writing and critical reading skills. Finally, the Point of View Essay allows you to reflect on this process.
The Assignment:
1. Pleasant/Unpleasant Description of the Place:
Choose a place you can observe for an extended period of time (at least 20-30 minutes). Use all of your senses (sight, hearing, touch, smell, even taste if possible) to experience the place, and record all of the sensations that you experience. As you record your data, you may wish to note which details naturally seem more positive, negative, or neutral, in terms of tone. (For instance, a stinky and overflowing trash barrel swarming with flies in a nearby alley might seem more inherently negative than a little white bunny rabbit hopping playfully across the lawn.) Then, you will use this information to help your write two descriptions of the place: one positive, one negative (at least 1-2 well-developed paragraphs or a minimum of 125-150 words each). Both descriptions should be factually true (same real time and real place), but you will want one description to be clearly positive in terms of tone and the other to be clearly negative. In addition to including the information and sensory details you've collected as the basis for these descriptions, you will also use the Writer's Toolbox to create your two contrasting impressions for this assignment. (The Writer's Toolbox is explained in the Lecture Notes section of this unit.) As you revise and refine your descriptions, please be sure you are "showing" your readers your place (really putting the readers "there" in the moment and in this scene), rather than simply "telling" them about it. You will also want to try to eliminate unnecessary linking verbs as much as you can, incorporating verbs that show "action" whenever possible.
2. Rhetorical Analysis:
Looking back at your descriptions, analyze how you created these two very different impressions of the place (one positive, one negative) without changing any of the facts. How did you make your place seem so positive in one paragraph and yet so negative in the other paragraph, without changing the facts? Discuss how you incorporated each of the tools from the Writer's T.
Major Essay for Final needs to be 5 pages long on the topic below an.docxcarliotwaycave
Major Essay for Final needs to be 5 pages long on the topic below and in Mla format with wroks citied AFTER he five pages due at 12:15 today
Requriements: 5 pages long
secondary sources 2 credible , 2 academic
Mla format (in-text ciations + works cited page)
focused specific paper topic
Identifiable methods of compostion choosen wisely
Topic Propsal:
The Media’s Influences on Society
The topic I chose to write my major essay on is the media’s influences on society.
This includes both positive and negative influences that the media portrays which plays a big part in society. I will explain how and why the media is used for much more than just entertainment purposes for society and how the media affects the choices society makes and its outcomes. The media affects society with these influences because it alters the way people think and it plays a role in the choices the people make. The change in peoples thoughts do to influences from what they see creates an opportunity for them to either make a good or bad choice depending on the type of influence that is shown. I believe that most of time the media portrays negative influences upon society. A positive influence from the media would be a commercial or show/clip about stopping bullying that informs people about the topic and why bullying is wrong and how it affects the lives of the victims. This type of media would influence society in a positive way because it would actually get society thinking about the situation and for the bullies some of them will actually realize the harm they are causing there victims and they would probably stop bullying people. A negative influence of the media would be a song with someone talking about how they murder people and take drugs and make it in a way to make people think it’s “cool” and then people who listen to it start imitating the things talked about in the song because they want to be “cool”. What I hope to accomplish with this essay is to open people eyes and help them see that the things they watch and listen to as in media actually alter the way they think and the choices they make so hopefully they change what they listen to and watch to more positive things.
The reason I chose to write about the media and its influences on society is to inform people that media has a bigger purposes than just entertainment for society and to hopefully help people make better choices and actually pay attention to the things they watch and listen to. I see how the media influence our modern society everywhere, at the basketball courts at the park at stores. Some of the people at the basketball courts I go to start listening to music that talk about drugs, gangs, murder and they start acting tough, being stupid and talking reckless and they get into arguments or even worse end up getting into fights and someone gets hurt I see this all the time. My paper is important because it will help shed light on the media motives and hopefully start making people m.
Major AssignmentObjectivesThis assignment will provide practice .docxcarliotwaycave
Major Assignment
Objectives
This assignment will provide practice and experience in:
·
Writing a program – Topic 2
·
Debugging– Topic 3
·
Stepwise Refinement& Modularisation – Topic 4 and Topic 10
·
Selection – Topic 5
·
Iteration – Topic 6
·
Arrays – Topic 7
·
File handling – Topic 9
·
Structs – Topic 11
NB Depend
i
ng on when you start this assignment you may need to read ahead especially on how to use files andstructs.
Suggestions:
Read the assignment specifications carefully first.Write the first version of your program in Week 4 and then create new versions as you learn new topics. Do NOT leave it until Week 11 to start writing the program. Review Topic 4 on stepwise refinement. This is how you should approach the major. Also note that though your program must do something and must compile it does not have to be complete to earn marks.
Specifications
One of the many tasks that programmers get asked to do is to convert data from one form to another. Frequently data is presented to users in well-labelled, tabular form for easy reading. However, it is impossible or very difficult to do further processing of the data unless it is changed into a more useful form.
For the purposes of this assignment I have downloaded and will make available the undergraduate applications to the 37 Australian universities from the Department of Education for 2009 – 2013 data file as a text file.
Your program will load this data into an array of structs, save the data in a form that is directly usable by a database (see below), display the data on the console in its original form and in its database form. It will also allow the user to display the highest number of applications for a given state and year.
Your program will use a menu to allow the user to choose what task is to be done. You will only be required to handle the Applications data. You can ignore the Offers and Offers rates data (see below).
Data
See “undergraduateapplicationsoffersandacceptances2013appendices.txt” for the original data.
This is the data your program should produce and save:
New South Wales Charles Sturt University 4265 4298 4287 4668 4614
New South Wales Macquarie University 6255 6880 7294 7632 7625
New South Wales Southern Cross University 2432 2742 2573 2666 2442
New South Wales The University of New England 1601 1531 1504 1632 1690
New South Wales The University of New South Wales 10572 10865 11077 11008 11424
New South Wales The University of Newcastle 9364 9651 9876 10300 10571
New South Wales The University of Sydney 13963 14631 14271 14486 15058
New South Wales "University of Technology, Sydney" 10155 9906 9854 10621 9614
New South Wales University of Western Sydney 11251 11.
magine that you are employed by one of the followingT.docxcarliotwaycave
magine
that you are employed by one of the following:
The social services division of a state or city government
A citizen action committee made up of community members
A police or fire department
A school or educational organization (public or private)
Develop
a 1,050- to 1,400-word needs statement and management plan that will be part of a proposal for a fictitious, grant-funded project of your choosing on behalf of your agency or organization. Include the following sections in your submission:
Paragraph One: Describe the characteristics of your fictitious agency or organization.
Paragraph Two: Discuss the possible funding sources you might contact for this grant proposal.
Needs Statement: Establish the specific problem the proposed project will address.
Management Plan: Describe the responsibilities of the project director (you) and any staff you will employ to implement the grant.
Format
your paper in accordance with APA guidelines.
Submit
your assignment.
Resources
Center for Writing Excellence
Reference and Citation Generator
Grammar and Writing Guides
Copyright 2018 by University of Phoenix. All rights reserved.
.
M4D1 Communication TechnologiesIn this module, we have focused .docxcarliotwaycave
M4D1: Communication Technologies
In this module, we have focused on understanding and using new communication technologies to be more competent communicators.
Respond to the following:
What social media strategy would you recommend for your current (or previous) workplace?
What areas do you think your organization can still improve?
How would you explain the importance of social media to your employer?
.
Luthans and Doh (2012) discuss three major techniques for responding.docxcarliotwaycave
Luthans and Doh (2012) discuss three major techniques for responding to political risk. Should an international organization always use all three techniques? Why or why not?
Your response should be at least 150 words in length. All sources used must be referenced; paraphrased and quoted material must have accompanying citations.
www.obm.nsaem.ru/.../International%20Management_
Main
Textbook.pd
.
Lyddie by Katherine Paterson1. If you were Lyddie how would you h.docxcarliotwaycave
Lyddie by Katherine Paterson
1. If you were Lyddie how would you have handled the incident with mr marsen?
2. Explain how Charlie's visit is a turning point in the story
3. How does Paterson show how important it is for a person to have goals in life
4. What are three examples that Lyddie supports her self pity with when she feels she has been too late for everything
5. What do we learn about Diana and how does this new development change Lyddies role in the factory
6. What event occurs in chapter 20 that was foreshadowed earlier? What predictions can you make about Lyddie's future
.
Luthans and Doh (2012) discuss feedback systems. Why is it important.docxcarliotwaycave
Luthans and Doh (2012) discuss feedback systems. Why is it important to consider an effective feedback system as an international manager?
Your response should be at least 150 words in length. All sources used must be referenced; paraphrased and quoted material must have accompanying citations.
www.obm.nsaem.ru/.../International%20Management_
Main
Textbook.pdf
use pages 212-215
.
Luthans and Doh (2012) discuss factors affecting decision-making aut.docxcarliotwaycave
Luthans and Doh (2012) discuss factors affecting decision-making authority. Briefly describe at least three factors that affect decision-making authority.
I attached chapter 11 to the reflection paper assignment so you can use that to answer this question
thank you
Your response should be at least 200 words in length. All sources used must be referenced; paraphrased and quoted material must have accompanying citations.
[removed][removed][removed][removed]
.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
Walmart Business+ and Spark Good for Nonprofits.pdf
Industrial and Commercial TrainingCollaborate to build effec.docx
1. Industrial and Commercial Training
Collaborate to build effective teams to achieve organizational
excellence and effectiveness
M.S. Rao
Article information:
To cite this document:
M.S. Rao , (2016),"Collaborate to build effective teams to
achieve organizational excellence and effectiveness", Industrial
and Commercial Training, Vol. 48 Iss 1 pp. 24 - 28
Permanent link to this document:
http://dx.doi.org/10.1108/ICT-01-2015-0010
Downloaded on: 07 December 2016, At: 13:44 (PT)
References: this document contains references to 3 other
documents.
To copy this document: [email protected]
The fulltext of this document has been downloaded 1556 times
since 2016*
Users who downloaded this article also downloaded:
(2008),"Teams in organizations: a review on team
effectiveness", Team Performance Management: An
International Journal,
Vol. 14 Iss 1/2 pp. 7-21
http://dx.doi.org/10.1108/13527590810860177
(2002),"From loose groups to effective teams: The nine key
factors of the team landscape", Journal of Management
Development, Vol. 21 Iss 2 pp. 133-151
http://dx.doi.org/10.1108/02621710210417439
Access to this document was granted through an Emerald
2. subscription provided by emerald-srm:486520 []
For Authors
If you would like to write for this, or any other Emerald
publication, then please use our Emerald for Authors service
information about how to choose which publication to write for
and submission guidelines are available for all. Please visit
www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to
the benefit of society. The company manages a portfolio of
more than 290 journals and over 2,350 books and book series
volumes, as well as providing an extensive range of online
products and additional customer resources and services.
Emerald is both COUNTER 4 and TRANSFER compliant. The
organization is a partner of the Committee on Publication
Ethics (COPE) and also works with Portico and the LOCKSS
initiative for digital archive preservation.
*Related content and download information correct at time of
download.
D
ow
nl
oa
de
d
by
N
4. be
r
20
16
(
P
T
)
http://dx.doi.org/10.1108/ICT-01-2015-0010
Collaborate to build effective teams
to achieve organizational excellence
and effectiveness
M.S. Rao
Professor M.S. Rao is based at
MSR Leadership Consultants
India, Hyderabad, India.
Abstract
Purpose – The purpose of this paper is to collaborate to build
effective teams to achieve organizational
excellence and effectiveness.
Design/methodology/approach – The paper outlines a blueprint
to build an effective team based on
various personality types leveraging their competencies and
capabilities.
Findings – It implores to identify various personality types of
your team members, leverage their strengths,
5. understand their expectations and apply different leadership
tools and techniques as per the situation to build
an effective team.
Practical implications – The tools and techniques adopted by
leaders to build teams can be applied in any
industry and in any size of organization.
Social implications – The social implications of this research
suggests that leaders can do much better by
collaborating to bring synergy in team members.
Originality/value – It outlines to lead three types of employees
– actors, spectators and speed breakers
in the workplace. It underscores to replace competitive mindset
with a collaborative mindset to build
successful teams.
Keywords Organizational development, Collaboration,
Leadership development, Team building
Paper type Research paper
Introduction
Teamwork is the ability to work together toward a common
vision. The ability to direct individual
accomplishments toward organizational objectives. It is the fuel
that allows common people to attain
uncommon results (Andrew Carnegie).
Building an effective team is easier said than done. You can
manage machines easily, not people.
You can press buttons and get the things done by machines
mechanically. Whereas managing
men throws lots of challenges as they have different mindsets,
emotions, egos and feelings.
Leaders must find out various personality types, mindsets,
emotions and expectations of the
team members to motivate them to accomplish their
8. (
P
T
)
a powerful team. Most organizations craft their vision,
articulate it effectively, create a strong
organizational culture, build strong teams, leverage the
strengths of its employees and finally,
accomplish their vision. Hence, when leaders build teams, they
utilize the strengths of their
precious human resources to improve the organizational bottom
lines. George Bernard Shaw
rightly remarked, “If you have an apple and I have an apple and
we exchange these apples then
you and I will still each have one apple. But if you have an idea
and I have an idea and we
exchange these ideas, then each of us will have two ideas.”
Hence, exchanging ideas generate
more ideas thus providing solutions to lots of problems.
Understand four personality types
It is essential to understand various personality types to build
effective teams. Alessandra
and O’Connor (1998) outlined four personality types in their
award-winning book The Platinum
Rule: Discover the Four Basic Business Personalities and How
They Can Lead You to
Success[1] – Directors, Relaters, Socializers and Thinkers.
“Directors” are firm and forceful,
confident and competitive, decisive and determined risk-takers.
9. “Socializers” are outgoing,
optimistic and enthusiastic people who like to be at the center
of things. “Relaters” are genial
team players who like stability more than risk, and who care
greatly about relationships with
others. “Thinkers” are self-controlled and cautious, preferring
analysis over emotion. Directors
and Socializers both prefer open and direct communication,
whereas Relaters and Thinkers
are more reserved and indirect. Directors and Thinkers focus on
work tasks, in contrast to
Relaters and Socializers, who focus on people. Understanding
these personality types helps
you identify your personality and also that of your team
members to build leadership compatibility
and enhance your leadership effectiveness.
A blueprint to build a successful team
Here is a blueprint to build your team successfully:
■ Identify the personality types and assess the strengths and
weaknesses of your team
members and allocate them with roles and responsibilities as per
their strengths and
competencies.
■ Encourage diversity in your team to get more ideas and
insights. It brainstorms the team to get
more solutions to problems.
■ Be transparent to build trust in your team. It inspires them to
deliver their best.
■ Inculcate emotional intelligence in your team members to
enable them to get along with
10. others easily.
■ Provide clarity of tasks to be executed to eliminate any
differences of opinions and views
among the team members. It helps them work as per the
expected objectives.
■ Empower your team members. Allow them to explore and
experiment. If they fail, correct and
ask them to learn lessons from failures. Do not criticize them.
■ Create healthy organizational culture and climate for
employees to contribute their best.
Culture connects employees to create an emotional bonding to
improve organizational
bottom lines. For instance, leaders like A.G. Lafley of P&G,
Tony Hsieh the CEO of Zappos.
com and Ross Fowler, the Managing Director, Cisco Systems
Australia strove hard to connect
people by emphasizing organizational culture.
“Most organizations craft their vision, articulate it
effectively, create a strong organizational culture,
build strong teams, leverage the strengths of its
employees and finally, accomplish their vision.”
VOL. 48 NO. 1 2016 j INDUSTRIAL AND COMMERCIAL
TRAINING j PAGE 25
D
ow
nl
oa
de
12. D
ec
em
be
r
20
16
(
P
T
)
■ Adopt different tools and techniques to different team
members based on their needs and
expectations. Additionally, adopt situational leadership to
enhance your team’s effectiveness.
Remember, there is no one-size-fits-all approach in team
building.
■ Do not micromanage. Give them assignments and enough time
to breathe to execute their
tasks. Give them freedom to work as they might surprise you
with their performance.
■ Make your team members special. Build confidence in them
that they will be able to execute
tasks without any hiccups.
■ Offer them feedback to enable them to assess their strengths
13. and concerns. It helps them
overcome their concerns to grow as better performers and
leaders.
■ Allay any apprehensions and fears among your team members.
Constantly inspire them about
the possibilities to execute vision effectively. Enlighten them to
look at the door that is opened,
not the one that is closed.
■ Emphasize on stretch goals. When employees stretch, they
unlock their hidden potential.
For instance, Jack Welch emphasized on stretch goals and
succeeded as a CEO in GE.
■ Align their energies and efforts toward organizational goals
constantly.
■ Take initiative to inspire your employees as they prefer to
work under good leaders than bad
bosses. Above all, treat your employees as people, not as
workers.
Leaders must check their excessive ego while handling their
team members. They must empathize
with their team members before assigning the tasks whether the
assigned tasks can be executed
effectively with confidence. Additionally, leaders must handle
differences among the team members
without any prejudice. Remember, the slogan: Always look at
what is right and wrong, not who is
right and wrong. When you look at who is right or wrong, your
heart rules your head leading to
ill-feelings among the team members, losing their trust and
finally failing as a leader.
14. Actors, spectators and speed breakers in workplace
You will find three categories of people in the workplace –
actors, spectators and speed
breakers. Actors are the employees who follow your ideas,
insights, principles and philosophies.
Speed breakers are the employees who often criticize your
leadership style, tools and
techniques. And spectators are the employees who oscillate
between the actors and the speed
breakers without much clarity. One side, actors try to pull
spectators into their group and on
another side, speed breakers try to pull them into their group.
Your role as a leader is to ensure
that spectators become actors and follow your principles and
philosophies and work in your
team as cohesion. You must ensure that these spectators are not
influenced and instigated
by speed breakers.
Do not compete, collaborate
King Solomon once quoted, “Two are better than one, because
they have a good return for their
work: If one falls down, his friend can help him up. But pity the
man who falls and has no one to
help him up! Though one may be overpowered, two can defend
themselves. A cord of three
strands is not quickly broken.” With a dynamic global business
environment, the permutations
and combinations are changing rapidly. Companies are
reinventing themselves with the changing
business scenario. They are finding that collaboration is better
than competition. Every company
has its own strengths and weaknesses. The leaders currently
capitalize on the strengths of
15. “Companies are reinventing themselves with the
changing business scenario. They are finding that
collaboration is better than competition.”
PAGE 26 j INDUSTRIAL AND COMMERCIAL TRAINING j
VOL. 48 NO. 1 2016
D
ow
nl
oa
de
d
by
N
ov
a
S
ou
th
ea
st
er
n
U
ni
17. is needed, excessive competition drains a lot of resources and
energies. Hence, leaders must
consider the current global climate and redesign their strategies
in order to collaborate.
Collaboration is the key to effective team building
Helen Keller once remarked, “Alone we can do so little;
together we can do so much.” It indicates
the significance of collaboration, as there is synergy.
Collaboration is not something new to
mankind. In the olden days, several leaders avoided competition
with the strong ones and
collaborated for mutual benefit, peace and prosperity.
Collaboration involves a win-win situation
for all, while competition involves win-lose or lose-win.
The advantage of collaboration is that people share their
knowledge, skills, abilities and, above all,
ideas to deliver better results. We find more creative solutions
for problems as people think
differently and present diversified ideas and insights. It adds
value to work, thus leading to the
best decision or solution. It capitalizes on the strengths of all
the people for the collective good.
We find several global researchers and authors collaborating,
rather than competing, to provide the
best content to the readers. Although it does entail a division of
labor and saves time, apart from
leveraging diversified competencies, such collaboration pays off
for authors and mostly for readers,
as the latter receive a manuscript that has been well-edited and
proofread. At the workplace, too, we
find employees coming together and working to achieve the best
outcomes.
18. Collaboration and leadership
In her 1994 Harvard Business Review article “Collaborative
advantage,” Rosabeth Moss Kanter
talks about leaders who recognize that there are critical business
relationships “that cannot
be controlled by formal systems but require (a) dense web of
interpersonal connections […].”
When we observe leaders like Andrew Carnegie and Henry
Ford, we see that they believed
in more collaboration. Presently, the steel giant Lakshmi Niwas
Mittal also believes strongly in
collaboration. Leaders like Rick Wagoner (who turned General
Motors around) were collaborative
leaders who believed in hiring the best talent for restructuring
the company.
Collaborative leaders have open minds and are free of
prejudices. They have the flexibility to
accommodate and adjust with realities. They look below the
surface and are visionaries. They are
good listeners, and above all, they look at the ground realities.
Competition vs collaboration
Competition emphasizes on “who wins,” while collaboration
involves “we all win.” Competition
often creates complications, while collaboration creates
camaraderie. By nature, people prefer
to compete rather than collaborate. There are challenges
involved in competition, as well as
resources such as time, money and energy. However, when we
take a long-term view, we see
that it is ideal to work together for the overall benefit of the
people and society, rather than
19. involving focussed negative energies to outsmart others. Man,
by instinct, is competitive, and has
been since primitive times. However, with civilization there is
need for a change in the mindset of
people, to work in peace for the overall good of the society.
The downside of collaboration is that it keeps people in their
comfort zones rather than in effective
zones. But when viewed in totality, competition is seen to
create ill-will and envy. It does
more harm than good. It results in a loss of peace and
prosperity. Hence, it is better to go by
collaboration than competition.
“Collaborative leaders have open minds and are
free of prejudices.”
VOL. 48 NO. 1 2016 j INDUSTRIAL AND COMMERCIAL
TRAINING j PAGE 27
D
ow
nl
oa
de
d
by
N
ov
a
S
21. 16
(
P
T
)
A Creative Center for Leadership study reveals, “Collaboration
is critical to success.” It further
says, “Relationship building ranked tenth out of sixteen
leadership competencies”[2]. It indicates
the growing importance attached to collaboration. Collaboration
is desirable when more damage
is being done through competition, and in situations where we
can ensure peace, security and
productivity of the people. What matters at the end of the day is
the value we are adding and the
difference we are making in the lives of others. Whether in
politics or business, we have to look at
the overall prosperity. If the gains are greater and the results
concrete, then it is advisable to
collaborate rather than compete.
Conclusion
In the ancient days, the slogan might is right prevailed.
However, in today’s world this has been
replaced by just is right. Similarly, in ancient days competition
and the rule of the jungle prevailed.
However, in today’s world people appreciate collaboration,
which is congenial for both growth
and prosperity. Hence, it is obvious that what worked in the past
no longer works in the present.
22. Henry Ford rightly noted, “Coming together is a beginning,
keeping together is progress; working
together is success.” The twenty-first century is a period of
coalition and collaboration. A new
mindset must replace competition with collaboration. Mother
Teresa rightly quoted, “I can do
what you can’t do and you can do what I can’t do. Together we
can do great things.”
To summarize, identify various personality types of your team
members, leverage their strengths,
understand their expectations and apply different leadership
tools and techniques as per the
situation to build an effective team to achieve organizational
excellence and effectiveness.
Notes
1. www.amazon.com/The-Platinum-Rule-Discover-
Personalities/product-reviews/0446673439?
pageNumber¼2
2.
www.cio.com/article/152451/Great_Leaders_Build_Off_Great_
Relationships
Reference
Alessandra, T. and O’Connor, M.J. (1998), The Platinum Rule:
Discover the Four Basic Business Personalities
and How They Can Lead You to Success, Warner Business
Books, New York, NY.
Web reference
www.amazon.com/21-Success-Sutras-Leaders-
ebook/dp/B00AK98ELI
23. Further reading
Rao, M.S. (2012), 21 Success Sutras for Leaders, 1st ed.,
Pearson.
Corresponding author
Professor M.S. Rao can be contacted at: [email protected]
For instructions on how to order reprints of this article, please
visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: [email protected]
PAGE 28 j INDUSTRIAL AND COMMERCIAL TRAINING j
VOL. 48 NO. 1 2016
D
ow
nl
oa
de
d
by
N
ov
a
S
ou
th
ea
26. Company Background
• Founded by Ira John Sifers and John Michael
Cole in 1974
• Based in Pine Knob, Grayson County, Kentucky
• Located in the Appalachian Economic
Development Region
• Business areas:
– Industrial Control Systems for Advanced
Manufacturing & Utilities
– R&D for Drones and Robots
Sifers‐Grayson
CEO
Chief Operating
Officer
Finance &
Accounting Personnel Engineering
R&D Dev Lab
Scada Support
Lab
Test Range
Project
Management Sales & Support
27. Sifers‐Grayson Organization Chart
Mary Beth Sifers
Ira John Sifers, III
Michael Coles, Jr.
Customer Base
• Advanced Manufacturing Firms
• Utility Companies
• U.S. Department of Defense
• U.S. Department of Homeland Security
SITE SURVEY
A Quick Look at the SG Enterprise Architecture
Figure 1. Overview of Sifers‐Grayson Enterprise IT Architectur
e
Figure 2. Combined Networks and Systems Views:
Sifers‐Grayson Headquarters, R&D Center, and Data Center
Figure 3. Combined Networks and Systems Views:
Sifers‐Grayson Engineering Center
28. Figure 4. Combined Communications, Networks and Systems Vi
ews:
Sifers‐Grayson Test Range and R&D Center
Figure 5. Combined Networks and Systems Views:
Sifers‐Grayson SCADA Support Lab
Figure 6. Combined Networks and Systems View:
Sifers‐Grayson R&D DevOps Lab
Threat Landscape
Sifers‐Grayson
Security Posture Assessment
C
S Pervasive Cybersecurity is our passion …
PRELIMINARY – NOT FOR DISTRIBUTION
Threat Landscape for Sifers‐Grayson SCADA Lab
SCADA Support Lab
33. Threat Landscape for Enterprise IT Systems
R&D
Center
Corporate Offices
High Speed
Fiber Optic
Cable
(Buried)
Copper
Cable from
Telco
(buried)
SV‐1
Firewall
Backdoor into
Enterprise
Network
Vulnerable
System
Missing IDS /
IDPS
Internal
Threat
Sources
34. Missing IDS /
IDPS
Email, Web
Traffic
“Quick Look” Recommendations
& Next Steps
Sifers‐Grayson
Security Posture Assessment
C
S Pervasive Cybersecurity is our passion …
PRELIMINARY – NOT FOR DISTRIBUTION
Issues Summary
1. Newly won government contracts now require compliance
with DFARS §252.204‐7008, 7009, and 7012
– http://www.acq.osd.mil/dpap/dars/dfars/html/current/25
2204.htm
– http://www.acq.osd.mil/se/docs/DFARS‐guide.pdf
2. Derivative requirements include:
– Implementation of and compliance with NIST SP 800‐171
Protecting Controlled Unclassified Information in
Nonfederal Information Systems and Organizations
35. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.
SP.800‐171.pdf
– Compliance with DFARS 252.239‐7009 Representation of
Use of Cloud Computing and 7010 Cloud Computing
Services (see
http://www.acq.osd.mil/dpap/dars/dfars/html/current/25
2239.htm)
Additional Derivative Requirements
• Use NIST Guidance Documents for
– Incident Response, e.g. NIST SP‐800‐61 (Computer
Security Incident Handling Guide)
– SCADA Security, e.g. NIST SP 800‐82 (Guide to
Industrial Control Systems Security)
– Software / Systems Development Lifecycle (SDLC)
Security, e.g. NIST SP 800‐64 (Security Considerations
in the System Development Life Cycle)
– Configuration Management, e.g. NIST sp 800‐128
(Guide for Security‐Focused Configuration
Management of Information Systems)
Recommendations
• Immediate (Phase I)
– Remove direct network connection between Corporate
Campus Area Network (CCAN) and R&D Center’s LAN
36. – Install a VPN solution to allow R&D Center to access CCAN
and internal resources from the Internet
– Install backup network connections from TELCO to CCAN
and TELCO to R&D LAN
• Rationale
– Segment network to reduce internal & external risks from
CCAN to Test Range, SCADA Lab, and R&D DevOps Lab
– Limit the “reach” of the customer’s requirements (per
DFARS & NIST guidance) to the smallest allowable footprint
– Provide backup connectivity to WAN for business
continuity
C
S
Pervasive Cybersecurity is our passion …
• Recommendations (Phase II)
– Evaluate & Recommend Acquisitions for Security
Solution
s to strengthen the company’s IT security
posture
1. End Point Protection Platforms
2. Application Lifecycle Management
37. 3. Identity Governance & Administration
4. Security Information & Event Management
– Develop Incident Response Handbook &
Guidance
C
S Pervasive Cybersecurity is our passion …
• Recommendations (Phases III, IV, V, etc.)
– Build security operations team led by dedicated CISO
– Identify, evaluate and improve Internal Processes for IT
security
– Implement IT Security Governance & Enterprise Risk
Management
– Establish Security Operations Center
– Upgrade security appliances to include advanced network
monitoring and intrusion detection and prevention
systems
38. – Join information sharing and analysis center
– … additional recommendations to be made after further
investigation and assessment
C
S Pervasive Cybersecurity is our passion …
“After Action” Review:
Sifers‐Grayson
Sifers‐Grayson
Security Posture Assessment
C
S Pervasive Cybersecurity is our passion …
PRELIMINARY – NOT FOR DISTRIBUTION
The customer’s feedback
39. • Surprised at the extent of the problems
• Dismayed at the potential liabilities and
contractual issues
• Concerned about the costs
• Determined not to let technology stand in the
way of progress
• Agreed to implement Phase I and II
recommendations
Additional Negotiated Work
• NCS “Red Team” will conduct pentration test
within next 60 days
• NCS will establish & train Sifers‐Grayson
Incident Response Team
• NCS will provide a contract CISO to Sifers‐
Grayson for 180 days (renewable on a yearly
basis thereafter)
40. • NCS will provide additional staff & services at
negotiated rates
Rao
Nayak
Shelve in
Networking/Security
User level:
Beginning–Advanced
BOOKS FOR PROFESSIONALS BY PROFESSIONALS®
The InfoSec Handbook
The InfoSec Handbook introduces the real-world challenges of
establishing and maintaining
information security in an organization. The book offers a
practical view of the importance of
following standard security practices. It also provides solid
technical information about security.
41. Beginning users to experienced engineers get insights on the
latest policies, practices, tools, and
technologies that are available.
Information security is constantly changing, and demands the
attention of all stakeholders
in an organization. Whatever their jobs, users will always be
confronted with different security
risks. The range of risks can vary, and should always be
managed according to established best
practices. Unfortunately, not everyone is aware of the risks or
how to prevent them; as a result,
this lack of awareness often causes most of the security
problems in an organization. When users
don’t follow security precautions, many breaches can arise from
system compromises to the loss
of data and information.
This book is intended to educate all users about the kinds of
security practices and standards
that exist. It also covers how to manage security software and
updates in order to protect
organizations from possible security threats they could
encounter.
42. What You’ll learn:
• Essentials of information security
• Importance of maintaining information security in an
organization
• How to establish an information security management system
(ISMS)
• Best practices for implementing a security system
• Various categories of information security
9 781430 263821
53999
ISBN 978-1-4302-6382-1
For your convenience Apress has placed some of the front
matter material after the index. Please use the Bookmarks
and Contents at a Glance links to access them.
43. v
Contents at a Glance
About the Authors
�����������������������������������
�����������������������������������
�����������������������������������
����� xxi
Acknowledgments
�����������������������������������
�����������������������������������
�����������������������������������
�� xxiii
Introduction
�����������������������������������
�����������������������������������
�����������������������������������
44. ������������� xxv
Part I: Introduction ■
�����������������������������������
�����������������������������������
����������������� 1
Chapter 1 ■ : Introduction to Security
�����������������������������������
�����������������������������������
�������������3
Chapter 2 ■ : History of Computer Security
�����������������������������������
�����������������������������������
��13
Part II: Key Principles and Practices ■
�����������������������������������
����������������������� 27
Chapter 3 ■ : Key Concepts and Principles
�����������������������������������
�����������������������������������
���29
45. Chapter 4 ■ : Access Controls
�����������������������������������
�����������������������������������
�����������������������63
Chapter 5 ■ : Information Systems Management
�����������������������������������
�����������������������������77
Part III: Application Security ■
�����������������������������������
��������������������������������� 113
Chapter 6 ■ : Application and Web Security
�����������������������������������
�����������������������������������
115
Chapter 7 ■ : Malicious Software and Anti-Virus
Software������������������������������
�����������������141
Chapter 8 ■ : Cryptography
�����������������������������������
46. �����������������������������������
�������������������������163
Part IV: Network Security ■
�����������������������������������
�����������������������������������
��� 183
Chapter 9 ■ : Understanding Networks and Network Security
�����������������������������������
������187
Chapter 10 ■ : Firewalls
�����������������������������������
�����������������������������������
������������������������������205
Chapter 11 ■ : Intrusion Detection and Prevention Systems
�����������������������������������
���������225
■ Contents at a GlanCe
47. vi
Chapter 12 ■ : Virtual Private Networks
�����������������������������������
�����������������������������������
�����245
Chapter 13 ■ : Data Backups and Cloud Computing
�����������������������������������
����������������������263
Part V: Physical Security ■
�����������������������������������
�����������������������������������
���� 289
Chapter 14 ■ : Physical Security and Biometrics
�����������������������������������
���������������������������293
Chapter 15 ■ : Social Engineering
�����������������������������������
�����������������������������������
���������������307
48. Chapter 16 ■ : Current Trends in Information Security
�����������������������������������
������������������325
Bibliography ■
�����������������������������������
�����������������������������������
�����������������������������������
���������331
Index
�����������������������������������
�����������������������������������
�����������������������������������
������������������������349
x xv
Introduction
This book explains information security concepts in lay terms.
The target audience is beginning users. At the same
time, we also describe some of the concepts in detail in order
49. for the content to be of interest to people in the
information security field.
With the increasingly connected world revolving around the
revolution of internet and new technologies like
mobiles, smartphones, and tablets, and with the wide usage of
wireless technologies, the information security risks
have increased. Any information security vulnerability is
possible to be widely exploited by the hackers and crackers
who are looking for such opportunities. Both individuals and
organizations are under regular attacks for commercial
or non-commercial gains. The objectives of such attacks may
be to take revenge, malign the reputation of a
competitor organization, understand the strategies and sensitive
information about the competitor, simply have fun of
exploiting the vulnerabilities through new means and claim
superiority, misuse of information like credit card details,
banking account details for monetary gains, and so on. Over a
period of time exploitation from the perspective of
making monetary gains has increased. While objectives may
vary from attack to attack, the impact can be very severe
in terms of reputation loss to business loss to monetary loss to
loss of sensitive information of strategic / competitive
value, or loss of intellectual property rights. The hackers are
constantly looking for vulnerabilities in the software
50. applications, protocols, and infrastructure. Hence, the need to
protect information assets and ensure information
security receives adequate attention.
This book considers various important aspects of relevance to
information security both from the perspective of
individuals and organizations. As assured at the beginning of
this book we maintain the simplicity of the explanations
without using high-tech jargons so readers can understand. We
also provide a significant number of tips to the
readers which they can follow to avoid them getting into the
trap of attackers and becoming prey to the attacks.
Our book is organized in five sections:
Part I: Introduction•
We start the book with an interesting discussion on the need for
security and highlight the
value of information security programs to all the employees and
relevant personnel like
contractors and vendors. We then explore the history of
information security and highlight
what some of the major hackers / crackers did to circumvent the
system and exploit them.
51. Part II: Key Principles and Practices•
We cover major aspects of information security, including
fundamental concepts
underlying information security like confidentiality, integrity,
and availability. We explore
the importance of having appropriate access control applied to
all the stakeholders and
discuss various access control models including the role-based
access control model and
attribute-based access control model. We then explore important
aspects of information
systems management like risk management, incident response,
disaster recovery, and
business continuity planning.
■ IntroduCtIon
x xvi
Part III: Application Security•
52. We examine application security-related issues including web
application security issues.
We also explore the approach to be taken by the organizations
to avoid these application
security issues. We then explore the issues of malicious
software like adware, spyware,
viruses, worms, and Trojans. In this context we discuss the
value of anti-virus software
and provide details of some of the commercially available
useful anti-virus software. We
then explore the world of encryption and Cryptography. We
describe Symmetric Key
Cryptography and Asymmetric Key Cryptography.
Part IV: Network Security•
We explore network security, the fundamentals of networking,
and the vulnerabilities
related to network security and what needs to be done to ensure
network security. We
then describe Firewalls, Intrusion Detection and Prevention
Systems, and Virtual Private
Networks. We also touch upon data backups and cloud security.
Part V: Physical Security •
53. We discuss physical security, and explain important physical
security related issues and
how they can be handled effectively. In this context we discuss
the role of biometrics
and various biometric systems. We explain the social
engineering aspects and how
individuals and organizations can be impacted because of this.
We also describe what
individuals and organizations have to do to ensure that they do
not become prey to the
social engineering attacks.
What to Take From This Book?
This book is primarily intended to open up and make clear the
aspects of information security to beginners in the field
of information security. However, this book also brings in a
newer perspective and the latest trends of interest to those
who have a good understanding of the information security
field, like the information security professionals who
may be information security auditors, information security
consultants, and information security officers. This book
is intended to give a clear understanding of concepts and related
information in simple terms rather than through
complicated jargon and abstract theories. The approach used in
54. this book is practical and straightforward, and clarity
is the main focus of this book. Wherever possible, various
aspects are demonstrated through the situational scenarios.
The intention is not to get too technical, but as far as possible to
elaborate on technical aspects in common terms so
that most intended readers of this book can understand what is
being conveyed.
As most of you are aware, technological advances are happening
at a high speed and we cannot claim that we are
the masters of a particular technology, or that we understand the
intricacies of each technology. Everyone, including
us, is exploring every day; learning either a new concept or
getting more clarity on existing concepts. Hence, as
learning is an everyday process, we proceed with our knowledge
of information security and bring to you as many
concepts as possible regarding information security in simple
and clear terms.
How to Read This Book?
Although we suggest that you read the chapters in sequential
order, from the introduction to the last chapter as
concepts are built on each other, readers are free to go through
any chapter of their liking as we have also made
an effort to ensure that each chapter can be read independently.
55. If readers are already well versed in information
security, then we suggest that they go through the chapters of
their own interest.
Chapter 1 focuses on the need for security in general and
information security in particular. We also discuss the
value of and need for security programs. We then offer potential
scenarios in which we do not care about security
with examples from the current world. We then explore the
information security scenario today. We conclude with
■ IntroduCtIon
x xvii
information about some of the applicable standards and
certifications such as ISO27001:2013, PCI DSS by PCI
Security Standards Council, and COBIT from ISACA.
Chapter 2 focuses on the history of computer security, including
the purpose as to why computer security
evolved, the role of the world wars in its evolution, the initial
forms of security of communication, including initial
56. cipher usage like the Caesar cipher and initial cipher machines
like Enigma and the greatest hackers and crackers in
the field of computer security.
Chapter 3 focuses on key concepts behind information security,
such as confidentiality, integrity, availability,
possession or control, authenticity, and utility as well as the
principles of information security to be applied at the
organization level, including key responsibilities and
accountability. We also deliberate the role of processes, people,
and technology in meeting information security needs.
Chapter 4 focuses on the important aspects of access controls,
the need for those controls, the importance of
control, and various access control models.
Chapter 5 focuses on aspects of information systems
management such as risk management, incident response,
disaster recovery, and the business continuity.
Chapter 6 focuses on software application security and web
security. We also discuss the web browser, web
server, and web applications related information security issues.
We also provide the best practices to protect the
individuals / organizations from such information security
57. issues.
Chapter 7 focuses on an in-depth analysis of discussion on
malicious software, different types of malicious
software, how they propagate, and the historical aspects of
malware. We also discuss what an anti-virus is, what its
benefits are, and how to manage most effectively the anti-virus
software and common anti-virus platforms that are
used in the industry.
Chapter 8 focuses on cryptography, one of the important ways
of preserving the confidentiality of the message
or communication and also its authentication. In this chapter,
we also focus on what is meant by cryptography,
encryption, cryptoalgorithm, and encryption/decryption keys.
We also discuss symmetric cryptography and
asymmetric cryptography. In this context we discuss on public
key infrastructure. We also discuss how these
cryptography aspects are used, the value of the certificates like
digital certificates and digital signature in the field of
cryptography, various hashing algorithms, and the disk/drive
encryption tools that are used.
Chapter 9 focuses on an introduction to basics of networking,
communication concepts, networking models like
58. OSI and TCP/IP models, comparison between them and the
protocols used by different layers. We also discuss the
information security issues related to networking.
Chapter 10 focuses on firewalls which are essential in today’s
world to protect organizations. This chapter covers
the basics of firewalls and their functionality, the importance of
the firewalls, the types and different generations of
firewalls, and how the firewalls are used. We also discuss best
practices.
Chapter 11 focuses on an introduction to intrusion detection and
prevention systems (IDS/IPS), their purpose
and uses, various detection methodologies employed by these
systems, types of IDS/IPS methodologies that are
available and popular, and the typical responses by these.
Chapter 12 focuses on the introduction to the Virtual Private
Network (VPN), their uses, types of VPNs, and the
protocols used to make the VPNs effective.
Chapter 13 focuses on the importance of data backups, the
benefits of using a backup, the dangers of not having
backups, and various types of backups. This chapter also covers
the current hot topic of cloud computing and related
59. models, and issues of privacy and compliance that are related to
them.
Chapter 14 focuses on physical security in general including
fire safety and one of the important aspects of
physical security: biometrics. This chapter introduces
biometrics, why it is gaining popularity, its functionality, the
multi-modal biometric systems, issues, and controversies
pertaining to biometric systems.
Chapter 15 focuses on another important topic in the current
world: social engineering. This chapter covers the
introduction to social engineering, how social engineering
attacks are made possible, and typical social engineering
scenarios, We also discuss various techniques that are used in
the field of social engineering, such as pretexting,
phishing, baiting, and tailgating and the steps to be taken to
avoid falling prey to social engineering.
Chapter 16 focuses on two of the current and important trends
in information security: wireless security and
mobile security. We also cover bluetooth security.
60. Part I
Introduction
This section introduces the concept of security in general and
information security in particular. The intention
was also to provide a historical perspective about information
security.
Chapter 1, “Introduction to Security,” highlights three examples
of information security breaches
recently published on the internet. The first example explains
how the encrypted messages can be read by
injecting plaintext into HTTPS request and measuring
compression changes. The second example explains
how the NSA was provided direct access to the networks of
some of the big corporations like Google, Yahoo,
and Microsoft and how the tapping of information from
undersea cables where the information moves
unencrypted was carried out. The third example explains the
breach of 40 million credit and debit cards,
which happened during the busy Christmas season at Target. We
then generally describe what security is
and describe it as protecting what one has. We also look into the
fact that security not only applies to physical
61. assets, but also non-physical assets like confidential
information, research information with high value
realization potential, intellectual property rights, and security of
customers. We also highlight the role of
terrorists and disgruntled employees in the breach of security.
We then explore why security is important.
In this context we look into how every individual and
organization wants to preserve its societal status and
how the compromise of information security can lead to misuse
of the information at the wrong hands.
We then look into the importance of protection of business
information of value and protection of customer
data and that information security should not be implemented
for the sake of implementing it, but with
all the serious consideration it requires. We also highlight how
new technologies, new products, and
new applications can also bring new security threats to the fore.
We then discuss what happens if we do
not care about security with examples from the current world.
We then discuss the history of computers
and information security. We then explore the information
security scenario today. We also discuss how
prevention is better than cure and explain the need to build in
appropriate controls through risk assessment of
what can go wrong. We conclude with information about some
62. of the applicable standards and certifications
like ISO27001:2013, PCI DSS by PCI Security Standards
Council, and COBIT from ISACA.
Chapter 2, “History of Computer Security,” starts with the
history of exploiting security started with
the tapping of telephone lines and how the telephone operators
intentionally misdirected the calls and
eavesdropped on the conversations. We also look into the role
of “phreakers” like John Draper. Next we look
into how bulletin boards became the target of hackers as the
people started sharing passwords, credit card
numbers thereon. Then we look into Ian Murphy’s breaking into
AT&T’s computers and Kevin Mitnick’s
stealing of computer manuals of Pacific Bells’s switching
center. Then we look into how Computer Emergency
Response Team (CERT) was formed by government agencies in
charge of ARPANET to counter increasing
threats to security. We then look into how the 1990s saw more
hacking activities such as the “Michelangelo”
virus, the arrest of notorious hacker Kevin Mitnick for stealing
credit card data, and the 1998 Solar Sunrise
attack targeting Pentagon computers by Ehud Tenebaum. We
look into the growth of the Internet and
how business-related information became available on the
63. Internet and with the increasing threats the
Part I ■ IntroductIon
2
technologies like firewalls, antivirus programs came into
existing while on the other hand the viruses,
Trojans, and worms were proliferating. We then explore the
history of communications and in the
context discussed Caesar cipher. We also highlight how the
need for secure communications in the
context of military information exchange led to cryptography.
We then discuss the role of world wars in the development of
coding to exchange the information
secretly. In this context we discuss Enigma machine and how
Alan Turing succeeded at Bletchley Park
in decoding the messages coded through Enigma machine and
how this led to the shortening of World
War II. We then discuss some of the greatest phreakers and
hackers like John Draper and Kevin Mitnick
and discuss in today’s context of the Internet the role of people
64. like Julian Assange of WikiLeaks and
whistleblowers like Edward Snowden in the context of the role
of the NSA in the breach of information
security.
3
Chapter 1
Introduction to Security
Scenario 1: A post on http://threatpost.com, Threatpost, the
Kaspersky Lab Security News Service, dated
August 5th, 2013 with the title “BREACH Compression Attack
Steals HTTPS Secrets in Under 30 Seconds” by
Michael Mimoso, states1:
“A serious attack against ciphertext secrets, buried inside
HTTPS responses, has prompted
an advisory from Homeland Security.
The BREACH attack is an offshoot of CRIME, which was
thought dead and buried after it
65. was disclosed in September. Released at last week’s Black Hat
USA 2013, BREACH enables
an attacker to read encrypted messages over the Web by
injecting plaintext into an HTTPS
request, and measuring compression changes.
Researchers Angelo Prado, Neal Harris, and Yoel Gluck
demonstrated the attack against
Outlook Web Access (OWA) at Black Hat. Once the Web
application was opened and the
Breach attack was launched, within 30 seconds, the attackers
had extracted the secret.”
Scenario 2: A post on http://threatpost.com, Threatpost, the
Kaspersky Lab Security News Service, dated
December 30th, 2013 with the title: “Most Surprising NSA
Capability: Defeating the Collective Security Prowess of the
Silicon Valley” by Dennis Fisher, states as follows2:
“Some of the earliest leaks to emerge from the Edward Snowden
cache described a program
called PRISM that granted the NSA “direct access” to networks
run by Google, Yahoo,
Microsoft, and many other companies. That direct access was
quickly interpreted to mean
66. that those companies were giving the agency data links to their
servers through which the
NSA could collect traffic information on targets. The affected
companies quickly denied
this; only later was it revealed that “direct access” came in the
form of tapping undersea
cables that carry unencrypted traffic between data centers
around the world. The revelation
triggered an immediate response from Google, Microsoft, and
Yahoo, who said that they
would be encrypting that traffic in the near future. In addition,
some Google engineers had
some choice words for the NSA’s in-house hackers. In the
words of Google’s Mike Hearn,
“The traffic shown in the slides below is now all encrypted and
the work the NSA/GCHQ
staff did on understanding it is ruined.”
What is Security?
The events above are a few of the security breaches that were
reported during 2013. There are many security breaches
reported every year from different quarters of the world. Some
of these may be accidental and some intentional. Some
may not be with the intention of making money, while others
are done purely with the intention of making money.
67. Some events may be done for one-upmanship or merely for the
thrill of breaking the system. With more computers
and people interconnected and in turn, connected by the
internet, the role of computer security in general and
http://threatpost.com/
http://threatpost.com/
Chapter 1 ■ IntroduCtIon to SeCurIty
4
information security in particular, with special emphasis on
cybersecurity, is gaining momentum. With technological
advances and the spread of technological know-how,
information security is certainly a humongous task for
everyone!
That is, all computer users including the non-technical ones.
Our intention here is not to define the term “security,” but to
explore the term so that it becomes crystal clear to
the readers as to what it really means. A basic animal instinct is
to ensure one’s own “safety.” Every animal, including
a human, will fight for its safety. Everyone wants to be safe and
68. preserve whatever they have with them whether that
be assets, money, or otherwise. The security of the individual,
company, assets, or security of their information and
many more similar things are expected and seem to be quite in
sync with nature’s laws. Security, in simple terms,
is protecting what you or others have. This same idea applies to
entities like government departments, agencies,
companies, institutes, and so on, irrespective of their size or
function.
The security of not only physical assets, but of non-physical
assets as well are important and necessary. Some
of these non-physical assets include confidential information
and data; intellectual property; research data with
the potential of high value realization and high investment; and
the security of your customers or end users when
at your facility or while using your systems. The security of the
installations with high defense or strategic value, like
nuclear installations, nuclear sources, chemical and biological
laboratories, and areas with high-level political and
administrative dignitaries, are of significance. Most terrorist
threats are guided (or misguided) by so-called ideals
or ulterior motives, making the security more important.
Security is even more important with the recent rise in
widespread use of technology such as mobile phones, the
69. internet, tablets, and other mobile devices. Disgruntled or
unhappy employees are also achieving significance by leaking
information that is of strategic importance, either for
exacting vengeance or for profit.
Why is Security Important?
Earning is difficult, but losing is extremely easy. You have to
earn with your efforts, but you can lose because of
others’ efforts. No individual or entity wants to lose what they
have earned through hard work (or even otherwise!).
If you lose what you have, you have to start over again, which
is hard for anyone. Again, by nature, everyone wants to
preserve their energy and secure their future for themselves and
their children. Every organization wants to secure its
bright future. Securing what you have and not losing it, while
getting more of it, is important for societal status. Every
individual or organization is a “social animal” and is conscious
about their status. Status is what makes one distinct or
different from others. Organizations or governments have a lot
of information at their fingertips which is of strategic
importance to them. They invest a lot in carrying out research in
areas of strategic, military, or competitive significance
to them. The loss of this information to a third party with the
same interests may lead to their strategy being a complete
waste, thereby leading to the waste of entire investments and
70. years of effort. This may require them to restart their
efforts, possibly using a new way of thinking. Information may
be required by those who want it for the value of it, or
who want to show their heroism. Some of the current generation
of so-called computer hackers may just want to satisfy
their ego or show their supremacy over the technology and may
steal useful and valuable information and publish it to
others. Others may want to mine for data of value so that they
can sell the same to others, who want the information to
either harm others or make commercial gains from it. Terrorists
may want the information to either destroy the strategic
or military capability of a country, or to threaten the economy
of a country by using the information they steal. Also,
3D printers present a new possible threat by potentially being
used by terrorists to create weapons! The primary
reason for information security is the threat of information
being misused if it lands in the wrong hands.
Some people feel that the need for information security is
“hyped.” However, we in technology security do not
think so. It is possible to think of information security as
“hyped” only if our focus is on information security just for
the sake of information security, and not based on the risks to
the business of any information leakage, breakage,
or loss. The protection of business information of value is the
71. primary reason for information security. We must ask
ourselves, “Can we risk the leakage of customer data held by us
or to which we have access?” If the answer is “no,”
then we have used basic Risk Management to justify a need for
security because the leakage of customer data can only
be at our own peril.
Furthermore, the pace at which we are coming up with new
technologies is also of concern to security. New
technology, new products, and new applications are brought to
the market with such speed that inherent security
issues may not be known yet and it may not have been possible
to be tested thoroughly before launch. Once new
Chapter 1 ■ IntroduCtIon to SeCurIty
5
technologies are in the market, there is a possibility that
somebody may accidentally or intentionally break through
any of the inherent security flaws in the technology, product, or
application. It is necessary that entities or individuals
have the capability to be able to respond at such a speed that the
72. chances of an exploitation of a security flaw are very
minimal. Many times, it may not be possible to do so because of
design or technical issues behind the flaw, or because
of the extent to which the solution is required, sometimes across
multiple systems and by multiple users. This means
that some of the entities or users are open to the exploitation of
such a security flaw. Oftentimes, users and entities
may not apply the corrective actions immediately, either
because of a lack of appreciation of the gravity of the issue,
because of ignorance, or because of other priorities. This is very
much true when there are deadlines to be met and
many of the compulsory checks get skipped due to lack of time
or personnel to perform those checks.
Science and technology provide many tools which are at the
disposal of entities and people that can be used for
either good purposes or bad purposes. Bad guys can always use
such facilities or tools for bad purposes. For example,
a security tool like Metasploit or Nessus or nMap, if placed in
an auditor’s hands, can harden infrastructure, whereas
in a cracker’s hands they become the go-to tools for criminal
activity. A proper focus on information security allows
only the required details about the entity or person to be known
to the outside world. If any entity or person wants
“peace of mind” in today’s connected world, information
73. security is a MUST.
Note ■ Sometimes the book might appear to use the terms
“cracker” and “hacker” interchangeably. however, they are
different. a cracker is the name given to a hacker who breaks
into computers for criminal gain. a hacker, however, can
also be an internet security expert who is hired to find
vulnerabilities in systems.
What if You Do Not Care About Security?
If you think you don’t need to care about information security,
you are creating more risk than you bargained for.
With advanced technologies at the disposal of many people, it is
only a matter of time until you are robbed or your
reputation is tarnished. Hence, at this time, no person or entity
can ignore or take its own security lightly, making it
hard to sleep at night! For example, you could find that if you
doze off, and ten minutes have passed, your debit card
could be stolen by someone and already, all the money in your
account could be swindled by someone. Maybe your
laptop is stolen and the new proposal of millions of dollars you
have been working on quite painstakingly is already in
the hands of your competitors. Maybe the innovative concept
you have been discussing over the phone is overheard,
recorded, and patented by someone else. There are unlimited
74. possibilities as to what can go wrong. If you do not care
about security, your existence itself will be at risk. Beware of
this!
There are instances of Automated Teller Machines (ATMs)
being towed away or otherwise hacked by thieves.
There are many instances where information has been stolen
from emails, laptops, or cell phones and used to
blackmail the owners.
There have been instances of weak encryption being substituted
by strong encryption, and entities/people have
been blackmailed have had to shell out significant amounts of
money to get the data decrypted. There have been
instances where passwords have been changed or servers have
been overtaken by others and then thieves demand a
ransom to restore access. There have been instances where
software applications have been pirated by overcoming
built-in controls and thus, the entity that created the software
loses a significant amount of revenue.
There have also been instances of identity theft, which can lead
to huge losses. There have been instances where
the data of strategic and military importance has been stolen
physically or through logical means of hacking. There
75. have been instances of gaining physical entry into secure areas
and destroying crucial assets, including information
assets. There have been instances where the data has been
compromised, either by luring the people or by other
means, which leads the party to huge losses. We cannot even
fully imagine the kind of possibilities that are out there.
Perhaps, the hacker is even able to intervene with the navigation
system of an airplane or a missile and bring it down
or make it strike somewhere else! The possibilities are endless,
and we do not know the extent of damage information
in the wrong hands could potentially cause. We can continue
citing examples, but we hope to bring as many instances
as possible to your attention as we write this book.
Chapter 1 ■ IntroduCtIon to SeCurIty
6
We have seen or heard of instances of hacking into banking
accounts and initiating transactions or hacking into
systems and obtaining credit card or debit card related
information or credentials such as PIN or Telephonic PIN and
misusing them. Phishing attacks are common as are instances of
76. credit cards or debit cards being cloned. There have
been instances of identity theft and fake profiles created on
social media. Social engineering attacks, where attackers
befriend persons and later misuse the information or
relationship obtained, are becoming common.
Malicious software attacks through links or attachments in
emails, through add-ins to the browser, or through
the download of free applications or games is common.
Tracking or hacking through mobile devices is a recent
phenomenon that must be monitored. Exploiting the technical
vulnerabilities of the applications, protocols, web
browsers, web servers, or utilities is also a known phenomenon.
Eavesdropping on wireless communications or misusing
wireless connections is on the rise. The rogue wireless
access points set up by attackers attract many users which leads
to the compromise of important information like
login credentials.
In addition to the above, ineffective maintenance of the systems
or utilities such as UPS or electrical cables can
lead to system failure, thus reducing productivity.
There have also been instances of misuse of surveillance
77. cameras, remote connection utilities used to hack into
someone else’s system, and application errors not known or not
fixed by the vendor organizations.
With a lot of information getting distributed easily across the
globe because of Web and Cloud technologies,
there are a lot of challenges to ensure that data and information
of value are well protected so that they are not
compromised.
The Evolution of the Computer and Information Security
If you glance through the history of computer security, you will
find that the initial need was to physically protect
the mainframe computers, which were used to crack the
encrypted messages used during the world wars. Physical
security was provided through security guards, identification
cards, badges, keys, and other means. These regulated
the access to sites and locations where the mainframe computers
were hosted and were essential for protecting them
from theft and destruction. This was the main scenario during
the 1950s and 1960s.
ARPAnet, the precursor to the Internet, was started with the
intent of sharing data between remote locations.
With the primary intention of ARPAnet being a provision of
78. connectivity across various locations and systems,
information security does not seem to have been given much
importance. However, as the days progressed and more
data and more people came on to ARPAnet, linking many
computers, the need for information security increased.5
The MULTICS, multi-users, and timesharing operating systems
increased the need for information security.
MULTICS (Multiplexed Information and Computing Services)
operating system, true to its name, facilitated many
different users to access the system simultaneously. The
MULTICS was a research project started at MIT in 1964
and sponsored by Honeywell, GE, and MIT that allowed multi-
user capability serving thousands in academic and
research communities. This operating system provided much-
needed focus on computer security and was built into
the requirements for computer security. Honeywell then dropped
out of the consortium to develop its own product.
MULTICS systems were eventually sold for commercial use by
Honeywell, with both the security and services.
Multi-user systems allow hardware and software applications to
be accessed by multiple users. Multiple users
can access the single system from the same location or a remote
location using different computer terminals with
79. different operating systems. These terminals are connected
through wires and telephone networks. Since systems
were shared by users who might not trust each other, security
was of major concern and services were developed to
support security features for file sharing via access control.
MULTICS machines were developed to protect data from
other users. Information co-existed on the same machine and the
data was marked as ‘Confidential’, ‘Classified’, etc.
Operating systems were designed to ensure that the right data is
accessed by the right user.6
Ken Thomson from Bell Labs liked the MULTICS system but
felt it was too complex and the same idea could be
implemented in a simpler way. In 1969, he wrote the first
version of Unix, called UNICS (Uniplexed Operating and
Computing Systems). In 1973, Ken Thomson and Denise Ritchie
wrote the first C compiler and rewrote Unix in C. The
following year, Unix was licensed to various universities.
University of California Berkley modified UNIX and called
their
version “BSD” Unix, and Bell Labs continued to use Unix under
the name “System V-+” Unix. Eventually, there were two
types of Unix operating systems: BSD and System V. The
biggest advantage Unix had was its networking capabilities.
80. Chapter 1 ■ IntroduCtIon to SeCurIty
7
Unix became an ideal operating system for connecting different
systems and providing e-mail services. It supported the
TCP/IP protocol for computer communication. It also provided
security features like user authentication mechanisms
through user ID and password, different levels of access, and
restrictions at the file level.6
In the mid 1970s, the invention of microprocessors led to a new
age of computing with the introduction of
Personal Computers (PCs). The 1980s gave rise to wider
computer communication through the interconnection of
personal computers, mainframe computers, and mini computers.
This enabled resources to be available to all users
within a networking community and led to the need for complex
information security. As the popularity of PCs grew,
networks of computers became more common as did the need to
connect these computer systems together. This
gave rise to the birth of the Internet. In the 1990s, the Internet
was made available to the general public. The Internet
81. virtually connected all computers over a pre-existing telephone
infrastructure. After the Internet was commercialized,
the technology became pervasive, connecting every corner of
the globe. However, initial days of internetworking
experienced many issues because of factors like incompatibility
of the proprietary protocols not allowing proper
communications between two systems/networks, different
vendors using different technologies to ensure their
stronghold on the technology, and difficulties in ensuring that
the message intended reaches only the destination
device. Routing technologies, standardization efforts on the
protocols, and standardization of computer systems and
logical addressing systems like IP changed the scenario over
time and enabled easy communication between various
devices on the internet.
Tim Berners Lee wrote the first web page and the first web
server.7 He designed the World Wide Web (WWW) to
link and share news, documents, and data anywhere in the
network. By 1991, people outside CERN joined the web
community and in April 1993, World Wide Web technology was
made available to the public. Since that time, the web
has changed the world. It has become the most powerful
communication medium today. More than 30% of people in the
world today are connected to the web. The WWW has changed
82. the way we communicate with people, the way we learn
new things, the way we do business, the way we share
information, and also the way we solve problems. It has allowed
everyone to not only be connected to one another, but also
enables the sharing of information widely across the globe.8
The growth of the web has been phenomenal. There are more
people communicating online today than any
other medium. More shoppers buy and sell online today than in
any other retail store. The rapid growth of the web
and web usage has brought about many innovative
developments. The web has several layers of technologies that
all work together to deliver communication to the user. Today,
the Internet has connected millions of “unsecured”
computers together. This has been enabled through the growth
of networking technologies and equipment like
switches, multi-layered switches, and routers coupled with
standardization of various protocols used. The switches
enable connecting many machines within an organization and
ensuring the frames are passed on appropriately to the
intended destination computer whereas routers play a large role
in routing the
messages/communications from one network to the other and
also connect to the internet. Routers are intelligent
equipment and route the messages/communications efficiently
83. from the source to the destination and connect to
the internet. Also, many of the routers are now built with
firewall capabilities. Advanced routers may act as switches as
well as router. DHCP, NAT, and DNS have made the
configuration and routing easy.
The vulnerability of information on each computer depends on
the level of security provided by each system and
to the system to which it is connected. Recent cyber threats
have made organizations and governments realize the
importance of information security. Information security has
now become one of the major technologies to support
the smooth operation of the Word Wide Web and Internet.
With the invention of the World Wide Web and the Internet,
millions of users are connected and communicating
with each other. This has raised several concerns regarding the
integrity of the user, confidentiality of data, types of
data that are being shared in the system, who is accessing the
data, who is monitoring the information that is being
sent on the Internet, and many more concerns related to
information security. With the advancement of technologies
such as wireless and cellular, users are always connected and
networked computing has become the prevailing style
of computing. As information became more exposed to the
84. outside world, securing information has become a major
challenge in the era of Inter-networking.
Information security is meant to protect information and
information systems from unauthorized users
accessing, using, modifying, or destroying the information.
According to the standards defined by the Committee on
National Security Systems, information security is the
protection of information and its critical elements, including
systems and hardware that uses, stores, and transmits that
information. Security is achieved by implementing
Chapter 1 ■ IntroduCtIon to SeCurIty
8
policies, guidelines, procedures, governance, and other software
functions. Information security consists of three
main components: hardware, software, and a communication
system.
Various tools are developed daily to combat the compromise of
information security. Several standards and
85. guidelines have been implemented to reduce the propensity for
information security breaches. However, in a
constantly evolving world, information security will always be a
matter of concern that will need to be addressed for
the good of the world!
Information security also spans to physical aspects like
hardware and infrastructure, the operating system, networks,
applications, software systems, utilities, and tools. Other
important contributors (favorable or adverse) to the field of
information security are human beings, particularly employees,
contractors, system providers, hackers, and crackers.
Information Security Today
Let’s explore information security in today’s context.
Information security is a matter of concern for organizations
and
individuals alike. Modern hackers are equipped with
technological knowledge and tools to infiltrate the accounts of
individuals and their credit and debit cards.
Thieves and the authorities are constantly at odds. Most often,
thieves are beating the authorities. Many times,
the police learn a new technique only after thieves have used it.
Similarly, in the field of information, there is always
86. a race between hackers and crackers and the information
security personnel. With widespread use of Information
Technology and related tools, particularly with the advent of the
Internet, it has become a challenge for organizations
and their employees to prevent the misuse of information.
Information in lay terms is anything that is communicated in
any form, public or private. Any compromise of
private information to others can have a significant impact on
the parties involved, including the loss of reputation,
finances, or other consequences depending upon the nature of
the information. All forms of technology, including the
Internet, credit cards or debit cards, ATMs, bank web portals,
and so on, are all under attack; most times intentionally,
sometimes accidentally.
Cloud computing is the popular buzz word today and has many
benefits but also presents many new risks.
A contextual illustration of this scenario is given in Figure 1-1.
The rise in the use of electronic chips in everything from
automobiles to refrigerators to TVs is another cause for
concern. Theories of such attacks are emerging every day. This
possibility is illustrated in Figure 1-2.
87. Chapter 1 ■ IntroduCtIon to SeCurIty
9
IS MY INFORMATION
SECURE IN THE
CLOUD?
INFORMATION IN
THE CLOUD CANNOT
BE SECURE FROM
ME.
HOW DO I ENSURE
THE SECURITY OF
THE INFORMATION
IN THE CLOUD?
Computer
User
Computer
Hacker
88. Information Security
Specialist
Cloud Technology
Cloud Technology
Cloud Technology
Figure 1-1. Mistrust on “Cloud” and its security
Chapter 1 ■ IntroduCtIon to SeCurIty
10
Information security is an extension of computer security and
extends beyond physical control to logical control,
control over media, and control over a medium of
communication. Information security should be one of the most
important goals of everyone, including employees, contractors,
suppliers/vendors, and other service providers. Even
though there is growing recognition of this fact, there is still a
lot more that needs to be understood and implemented
by all the stakeholders involved.
89. In this fast-paced world, where information is an asset and the
achievement of business objectives is everybody’s
responsibility, ensuring that the information security risks are
minimized with the appropriate controls in place,
has become a top priority. Of course, it is not always possible to
eliminate all the vulnerabilities and consequential
threats, but it is necessary to identify the risks to minimize the
overall risk to the organization. It is also necessary that
organizational management understands the residual risks
created by the controls they have put in place. A proper
and appropriate risk assessment and management methodology
is one of the prime necessities of an information
security framework.
As the old adage goes, “An ounce of prevention is worth a
pound of cure.” It is always better to put on our critical
thinking caps and consider what can go wrong and have the
appropriate solutions in place than to worry after an
incident has taken place and cost us our reputation or
significant monetary loss, either in terms of penalty or in terms
of consequential damages.
YOUR CAR’S COMPUTER SYSTEM
HAS BEEN HACKED. SO HAS YOUR
90. MOBILE PHONE. TRANSFER $X TO
MY ACCOUNT IN THE NEXT TEN
MINUTES... OTHERWISE, YOU WILL
MEET WITH A FATAL ACCIDENT.
SCENARIO OF THE FUTURE?
Figure 1-2. Is this the future state of security?
Chapter 1 ■ IntroduCtIon to SeCurIty
11
Even with the utmost sincerity and tremendous efforts, it is not
possible to have 100% foolproof information
security, because while there may be many known issues, there
may also be an equal number of hidden ones. However,
if we do not make sincere efforts to at least contain known
security flaws or security issues which are applicable to our
organization, we do an injustice not only to ourselves and to our
customers, but also to the world at large.
Customers have also started explicitly looking for information
91. security being implemented whenever they
purchase a system, software, or application. They will not be
inclined to purchase any product with known security
flaws. As such, product companies, as well as service
companies, are required to focus more on information security.
What better place to start information security than right at the
requirements phase and carry it through during the
design, development, testing, and deployment phases? Secure
coding practices are gaining momentum and are going
to be one of the focus areas of the future.
The following information sheds light on the current
information security environment:
“The Norton Report3 (for 2013), now in its fourth year, is an
annual research study, commissioned by Symantec,
which examines consumers’ online behaviors, attitudes, security
habits, and the dangers and financial cost of
cybercrime.” The Norton Report highlights the following
information3:
Consumers are more mobile than ever, but are leaving security
behind. Despite the fact that •
63% of those surveyed own smartphones and 30% own tablets,
nearly one out of two users
92. don’t take basic precautions such as using passwords, having
security software, or backing up
files on their mobile device.
Cybercrime continues to be a growing global concern. Both the
total global direct cost •
of cybercrime (US $113 billion; up from $110 billion) and the
average cost per victim of
cybercrime ($298; up from $197) increased this year.
As people are now constantly connected, the lines are blurring
between their personal and •
work lives, across multiple devices and storage solutions.
Nearly half (49%) of the respondents
report using their personal devices (PCs, laptops, smartphones,
tablets) for work-related
activities.”
Information security is often not given adequate attention
primarily based on the false theory that the risk is low.
It is also possible that many times, we try to use complex
solutions rather than simple solutions. Whatever the method
of implementation, information security has become imperative.
Applicable Standards and Certifications
93. In order to ensure information security, various efforts have
been made by the industry in the form of standards
and certifications. Some of the popular ones are ISO/IEC
27001:20054 (revised in 2013) — Information Systems
Security Management System — Requirements by the
International Organization for Standardization (based on
ISO/IEC 27002), Payment Card Industry Data Security Standard
(PCI DSS) by PCI Security Standards Council,
Payment Application Data Security Standard (PA-DSS) by the
PCI Security Standards Council, Control Objectives
for IT and related Technology (COBIT) by Information Systems
Audit and Control Association, ISO 20000-1:20114
i.e. Information technology — Service Management — Part 1:
Service management system requirements. These are
the standards against which an organization or an application
can get certified (as appropriate) to or adapted by an
organization to improve itself and provide a base for the
compliance check for others.
Some of the other related regulations/framework of importance
are: Sarbanes-Oxley Act of 2002 also known as
SOX, Committee Of Sponsoring Organization of the Treadway
Commission (COSO) framework, the Health Insurance
Portability And Accountability Act (HIPAA) of 1996, Federal
Information Security Management Act (FISMA) of 2002,
94. Federal Information Processing Standards (FIPS) released by
the National Institute of Standards and Technology
(NIST), just to name a few.
Some of the other standards of relevance are: ISO/IEC 15408-
1:2009 - Information technology — Security
techniques — Evaluation criteria for IT security — Part 1:
Introduction and general model4; ISO/IEC 15408-2:2008 -
Information technology -- Security techniques — Evaluation
criteria for IT security — Part 2: Security
Chapter 1 ■ IntroduCtIon to SeCurIty
12
functional components4; ISO/IEC 15408-3 - Information
technology — Security techniques — Evaluation criteria
for IT security — Part 3: Security assurance components4;
ISO/IEC 18405:2008 - Information technology — Security
techniques — Methodology for IT security evaluation4. The
International Organization for Standardization has also
published many more guidelines for security professionals4.
Furthermore, organizations like Information Systems
95. Audit and Control Association in the U.S. have published many
useful models and papers on information security.
We will elaborate on the above as it becomes relevant in
subsequent chapters of this book.
The Role of a Security Program
Typically, a lack of awareness is one of the prime reasons for
not adhering to requisite security guidelines and
consequential security breaches. For instance, when a person
ignores an advisory about how laptops left visibly
in cars can be stolen or a travel advisory warning against
travelling by taxi or other unknown vehicle, there is an
increased risk for information security breach. Similarly, failure
to create a strong password on your work computer
can result in information security breaches at many levels,
endangering you and your organization’s reputation.
Awareness is the number one step in ensuring security, both
physical security and information security.
Awareness ensures that the chances or risks of vulnerability and
threats to security are reduced considerably. Toward
this end, it is essential to provide organizationwide security
awareness programs to all employees (permanent or
temporary), contractors, suppliers/vendors, customers, and all
96. other relevant stakeholders who have access to the
organization or its information. In order to achieve this,
organizations need to ensure regular security awareness
programs spanning various aspects of their life in the
organization, clearly explaining what can go wrong. However,
to
ensure that all these stakeholders understand why security is
important, it is essential for the success of any security
program. Still, as the saying goes, “Knowing but not doing is
equivalent to not knowing at all”, and it is up to the
individual participants of these programs to take the message
and content of these programs seriously and implement
them in letter and in spirit.
It is not enough that such a security program is in place and is
conducted only once for the entire organization. This
has to be an ongoing process to ensure that any new
stakeholders, including new employees, are trained invariably.
In
addition, the organizational structure and environment (internal
and/or external) may undergo changes which may lead
to different vulnerabilities and threats. Hence, it is necessary
that these programs are regularly reviewed, updated, and all
the relevant stakeholders are trained on the changed scenarios
and made aware of new risks.
97. All programs should take into account the risks the organization
is currently undertaking and the controls they
have painstakingly put in place for any security violation which
defeats the very purpose of such controls. Involving
each and every person is important for the success of any
Security Program. Any person who is not aware of the
security requirements, like a new security guard, employee,
system administrator, or a new manager, can endanger
the entire organization.
Moreover, in addition to the regular security programs as
mentioned above, strong audits/assessments/compliance
checks to ensure compliance to the policies, processes, and
instructions of the company towards its security are to
be adhered to without fail. A good execution is required to
ensure the success of any well-intended program. However,
execution is possibly the weakest link when it comes to most of
the entities as well as most countries. Hence, regular
checks carried out by competent and independent personnel of
the organization or external agencies who do it not
for the sake of just checking, but carry them out with the true
intention and goal of bringing out any compliance
weaknesses to the fore, is essential. Many times, reports of such
compliance checks are beautifully made and
98. wonderfully presented to the management but more often are
totally forgotten, which could eventually lead to these
documents creating liabilities when the suggested resolutions
are not acted upon. Any compliance check with actions
not being taken seriously on weaknesses found during the check
is as good as a compliance check not being carried
out in the first place! The better the compliance check carried
out with extreme focus by the competent personnel and
with extreme focus on the actions to be taken (and actually
taken), the better the entity will be!
13
Chapter 2
History of Computer Security
Introduction
The first events in the history of exploiting security date back
to the days of telephony. Telephone signals were sent
via copper cables. Telephone lines could be tapped and
conversations could be heard. In the early days of telephone
systems, telephone operators intentionally misdirected calls and
99. eavesdropped on conversations. In the 1970s, a
set of people known as phreakers exploited the weakness of
digital switching telephone systems for fun. Phreakers
discovered the signal frequency at which the numbers are dialed
and tried to match the frequency by blowing a
whistle and fooling the electronic switching system to make
calls for free. Among these phreakers, John Draper found
that he could make long-distance calls for free by building an
electronic box that could whistle different frequencies.
During the 1960s and 1970s, telephone networks became the
dominant mode of communication, connecting
millions of users. Given the increasing importance of computers
and the advent of time shared systems, it was
natural to consider linking the computers on the telephone
networks so that information could be shared among
geographically distributed networks. Since telephones were
analog and computers were digital, modem (modulator
and demodulator) devices were used to connect computers over
the telephone network. Connecting computers
and sharing information was of major interest during the early
days of network computing and the security of the
information became weak. Since people already knew how to
break and tap into the phone systems, it became a game
for them to break into the computer system, which was
100. connected over the telephone networks.
With the creation of Advanced Research Projects Agency
Network (ARPANET), a limited form of a system
break-in to the network began. ARPANET was originally
designed to allow scientists to share data and access remote
systems. E-mail applications became the most popular
application to allow scientists to collaborate on research
projects and discuss various topics over the network. Soon, a
bulletin message board was created where people could
post a topic and discuss various research topics together.
Bulletin boards became the venue of choice for discussing
a wide range of topics, including passwords, credit card
numbers, and trade tips, which encouraged the bad guys to
hack into the system. Some famous bulletin boards include
Sherwood Forest and Catch-22.
What IS arpaNet?
The predecessor of the Internet, the Advanced Research Projects
Agency Network (ARPANET) was a large
wide-area network created by the United States Defense
Advanced Research Project Agency (ARPA). Established
in 1969, ARPANET served as a testing ground for new
networking technologies, linking many universities
101. and research centers. The first two nodes that formed the
ARPANET were UCLA and the Stanford Research
Institute, followed shortly thereafter by the University of Utah.
Some of the reasons for creating ARPANET include
making it easier for people to access computers, to improve
computer equipment, and to have a more effective
communication method for the military.
ChAPTER 2 ■ hISToRy of ComPUTER SECURITy
14
In the 1980s, the TCP/IP network protocol Transmission
Control Protocol (TCP) and the Internet Protocol
(IP), and Personal Computers (PC) brought computing to homes
where more and more people connected to the
Internet. The 1983 fictional movie, “War Games,” was watched
by millions of people and popularized hacking and
made it glamorous. In 1981, Ian Murphy broke into AT&T’s
computers and changed billing rates of meters. He was
later convicted.1 Kevin Mitnick stole computer manuals of
Pacific Bells’ switching center in Los Angeles, California,
and was prosecuted for this crime.1 Bill Landreth was convicted
102. for breaking into NASA’s Department of Defense
computers through GTE’s e-mail network. In 1988, Kevin
Mitnick was held for stealing software that was worth
$1 million, and also caused damages of around $4 million.
With increasing threats to security, government agencies in
charge of ARPANET came up with the Computer
Emergency Response Team (CERT): the first network security
organization in 1988.2 The purpose of CERT is to spread
security awareness among users and find ways to mitigate
security breaches. As the Internet became popular, with
more and more users becoming active, it became an appealing
target for the “hackers” around the world. The 1990s
saw more hacking activities such as the “Michelangelo” virus
and the arrest of notorious hacker Kevin Mitnick for
stealing credit card data, and the 1998 Solar Sunrise attack
targeting Pentagon computers by Ehud Tenebaum.3
Today we are living in the Internet and World Wide Web
(WWW) era, where everyone is connected. The Internet
has changed the way we communicate with each other. The Web
allowed information to be accessed instantly
from anywhere in the world. First-generation web 1.0 was just a
static web. Web 2.0, called interactive web, allowed
the users to communicate by emphasizing online collaboration.
103. Web 3.0 technology called ‘the intelligent Web’
emphasized machine-facilitated understanding of information to
provide a more intuitive user experience. The Web
has become a social medium where we can interact with one
another, which has unfortunately resulted in many
threats and vulnerabilities and an increasing number of security
breaches. Some of the popular attacks include
“Mellisa, the love bug,” the “killer resume,” and “The code
red.”
Communication
Communication is about conveying messages to the other party
or to a group. These messages carry certain information.
The medium through which information is communicated can be
words or signs. The basic need to communicate has
evolved languages, and language is used as a medium to share
information, ideas, and feelings. There are three main
types of communication: oral communication, written or verbal
communication, and non-verbal communication.
During oral communication, parties communicate through voice
as a medium. The parties involved in the oral
communication are expected to be able to convey the message,
which clearly expresses all their feelings, needs,
wants, values, beliefs, and thoughts. Again, both the sender and
104. the receiver use the same language so that both can
understand. The sender can speak and the receiver can listen
and vice versa, in order to exchange information. The
tone of voice or the gap of silence makes a huge difference in
oral communication.
During non-verbal communication, the communication is
through the use of body language, gestures, facial
expressions, and signs. These expressions may be well
structured or unstructured. The semaphores that were used
by military, sign language used by deaf persons, and gestures,
postures, facial expression, and eye contact used by
humans are a few of the examples. Semaphore Flags are the
telegraphy system that conveys information at a distance
by means of visual signals with handheld flags, rods, disks,
paddles, or occasionally bare or gloved hands. Information
is encoded by the position of the flags and is read when the flag
is in a fixed position. Semaphores were adopted and
widely used (with hand-held flags replacing the mechanical
arms of shutter semaphores) in the maritime world
in the nineteenth century. It is still used during underway
replenishment at sea and is acceptable for emergency
communication in the daylight or while using lighted wands
instead of flags at night. Even verbal communication may
have underlying non-verbal signals like stress, rhythm, and