· Your initial post should be at least 500 words, formatted and cited in current APA style with support from at least 2 academic sources. Your initial post is worth 8 points.
· You should respond to at least two of your peers by extending, refuting/correcting, or adding additional nuance to their posts. Your reply posts are worth 2 points (1 point per response.)
· All replies must be constructive and use literature where possible.
#1
Lisa Wright
St. Thomas University
NUR 417: Aging and End of Life
Yedelis Diaz
November 01, 2022
Pathological Conditions in Older Adults
As one goes through the natural aging process, the body's capacity to defend itself against infections diminishes. The immune system's ability to offer protection is reduced, and the individual becomes susceptible to conditions that affect them more than other age groups (Haynes, 2020). This population also experiences other symptoms impairing other aspects of their lives as time passes. For instance, their skin and bones lose their integrity and become more prone to abrasions and breakage. This assignment module will examine the pathological conditions that affect the sexual response in older adults and how and why nutritional and psychological factors, drugs, and other alternative and complementary medications affect the immune system of the populations.
Pathological Conditions that Affect Sexual Response in Older Adults
Sexuality is an essential aspect of life, irrespective of the age group one is in—the older population and the younger generation alike need to explore sexuality to maintain health and well-being. Exploring sexuality is also a mixture of biological, psychological, social, and religious factors, all of which have plenty to do with aging. Among the pathological conditions that affect sexual response in the elderly include
Genitourinary Syndrome of Menopause
These are the changes experienced in the genitourinary pathway as one age. The individual can feel a burning sensation, dryness, or irritation. This can lead to painful sexual encounters, which can, in turn, reduce their desire to engage and their response.
Dementia
This is a degenerative disorder of the mental faculties, predominantly among the elderly (National Institute on Aging, n.d.). Their judgment diminishes, making them disinterested or utterly unaware of their sexual experiences. Some forms of the condition have been shown to increase sex or closeness, but the individual may fail to recognize what is appropriate and what is not.
Diabetes
As a chronic condition experienced mainly by this population, it can lead to yeast generation, leading to itchiness around the sex organs, making sex unpalatable. The situation can, however, be addressed with medication.
Incontinence
This is a condition where one experiences bladder leakage caused by poor control (National Institute on Aging, n.d.). It is most prevalent among the population an.
Middle-age adulthood is a critical period in human development, seDioneWang844
Middle-age adulthood is a critical period in human development, seeing the peaking and decline of growth and development. As a result, an individual in the period experiences extensive biological changes. One of the critical changes that occur past the age of thirty years is the loss of body muscles and functioning, medically known as sarcopenia, at a rate of 3-8% per decade, which further accelerates past the age of 60 years (Lazzara, 2020). The loss is associated with the decline of the nervous system, leading to the nerves detaching from the muscles.
The age group also experiences a reduction in bone tissue, referred to as osteoporosis. Humans achieve peak bone mass between the age of 35 and 40 years, after which the descent begins. The decline is rapid in females past menopause, where they can lose as high as 5-10% of bone mass every year (Lazzara, 2020). Another critical biological change is the prevalence of chronic inflammation, with no discernible causes but is believed to result from the body's response to injuries and pathogens, which are prevalent at the age. Another critical change is presbyopia, which involves vision loss due to loss of eye flexibility necessary to adjust to stimuli. As a result, the group struggles to see up close at night or in dim lights (Lazzara, 2020).
The group also suffers from presbycusis, which entails the loss of hearing capacity due to the disintegration of the nerve hair cells in the cochlea and otosclerosis involving the distortion of the bone structure and other elements of the middle ear (Lazzara, 2020). The loss is more common in males due to risk factors such as working in noisy environments, smoking, high blood pressure, and stroke. Middle-aged adults also experience weight gain due to fat accumulation. Another critical change is climacteric, which involves the decline in the reproduction capacity in men and its total loss in women as they enter menopause (Lazzara, 2020). Individuals can regulate the changes in the middle ages through adequate exercise, dieting, and other lifestyle adjustments.
Contraceptives Counseling
The most critical step to ensuring efficiency is establishing a close and trusting relationship with the patients to bridge any barriers and achieve effective communication. Another crucial strategy is to actively engage the patient to jointly identify and evaluate alternatives, evaluate their benefits and drawbacks, answer any queries the patients may have, and help them make the best choice that suits them. It would also be critical to promote adherence to guidelines to ensure the best outcomes during contraception use (Dehlendorf et al., 2014). My personal beliefs should not affect my ability to advise clients because I base the process on scientific and medical data.
Smoking Cessation Plan
Smoking cessation is a critical medical intervention because its success depends on the willingness of the patient to adhere to the recommended actions. As a result, the process should begi ...
PTSD and Allostatic Load: Beneath the skin interrupting the pathways to path...Michael Changaris
This slideshow explores the way that stress leads to biological pathology. It attempts to connect the adverse childhood events study with Bruce McEwen's work on cortisol and stress. It explored the impact of PTSD, early childhood trauma and stress on health and longevity.
Eating Disorders: Confronting an Epidemic | Veritas CollaborativeVeritas_Collaborative
While attention to eating disorders has increased in recent years, the illness remains one of the most common, dangerous and least understood in the United States. The numbers are truly staggering: An estimated 25 million Americans, many of them adolescents, suffer from eating disorders. Ninety percent of them are women between the ages of 12 and 25, though eating disorders do not discriminate by gender, age or ethnic background. More than one-half of teenage girls and nearly one-third of teenage boys use such unhealthy weight control behaviors as skipping meals, fasting, vomiting, and taking laxatives.
Learn more about Veritas Collaborative's eating disorder treatment for teens and adolescents at http://veritascollaborative.com/blog/2014/03/eating-disorders-confronting-an-epidemic
Middle-age adulthood is a critical period in human development, seDioneWang844
Middle-age adulthood is a critical period in human development, seeing the peaking and decline of growth and development. As a result, an individual in the period experiences extensive biological changes. One of the critical changes that occur past the age of thirty years is the loss of body muscles and functioning, medically known as sarcopenia, at a rate of 3-8% per decade, which further accelerates past the age of 60 years (Lazzara, 2020). The loss is associated with the decline of the nervous system, leading to the nerves detaching from the muscles.
The age group also experiences a reduction in bone tissue, referred to as osteoporosis. Humans achieve peak bone mass between the age of 35 and 40 years, after which the descent begins. The decline is rapid in females past menopause, where they can lose as high as 5-10% of bone mass every year (Lazzara, 2020). Another critical biological change is the prevalence of chronic inflammation, with no discernible causes but is believed to result from the body's response to injuries and pathogens, which are prevalent at the age. Another critical change is presbyopia, which involves vision loss due to loss of eye flexibility necessary to adjust to stimuli. As a result, the group struggles to see up close at night or in dim lights (Lazzara, 2020).
The group also suffers from presbycusis, which entails the loss of hearing capacity due to the disintegration of the nerve hair cells in the cochlea and otosclerosis involving the distortion of the bone structure and other elements of the middle ear (Lazzara, 2020). The loss is more common in males due to risk factors such as working in noisy environments, smoking, high blood pressure, and stroke. Middle-aged adults also experience weight gain due to fat accumulation. Another critical change is climacteric, which involves the decline in the reproduction capacity in men and its total loss in women as they enter menopause (Lazzara, 2020). Individuals can regulate the changes in the middle ages through adequate exercise, dieting, and other lifestyle adjustments.
Contraceptives Counseling
The most critical step to ensuring efficiency is establishing a close and trusting relationship with the patients to bridge any barriers and achieve effective communication. Another crucial strategy is to actively engage the patient to jointly identify and evaluate alternatives, evaluate their benefits and drawbacks, answer any queries the patients may have, and help them make the best choice that suits them. It would also be critical to promote adherence to guidelines to ensure the best outcomes during contraception use (Dehlendorf et al., 2014). My personal beliefs should not affect my ability to advise clients because I base the process on scientific and medical data.
Smoking Cessation Plan
Smoking cessation is a critical medical intervention because its success depends on the willingness of the patient to adhere to the recommended actions. As a result, the process should begi ...
PTSD and Allostatic Load: Beneath the skin interrupting the pathways to path...Michael Changaris
This slideshow explores the way that stress leads to biological pathology. It attempts to connect the adverse childhood events study with Bruce McEwen's work on cortisol and stress. It explored the impact of PTSD, early childhood trauma and stress on health and longevity.
Eating Disorders: Confronting an Epidemic | Veritas CollaborativeVeritas_Collaborative
While attention to eating disorders has increased in recent years, the illness remains one of the most common, dangerous and least understood in the United States. The numbers are truly staggering: An estimated 25 million Americans, many of them adolescents, suffer from eating disorders. Ninety percent of them are women between the ages of 12 and 25, though eating disorders do not discriminate by gender, age or ethnic background. More than one-half of teenage girls and nearly one-third of teenage boys use such unhealthy weight control behaviors as skipping meals, fasting, vomiting, and taking laxatives.
Learn more about Veritas Collaborative's eating disorder treatment for teens and adolescents at http://veritascollaborative.com/blog/2014/03/eating-disorders-confronting-an-epidemic
1. Are there relationships between personal (hygiene, eating habits.docxgasciognecaren
1. Are there relationships between personal (hygiene, eating habits, wearing of masks) social (public gatherings, proximity to one another) demographic (age, gender, education, racial ethnicity), and economic (occupation, level of education, annual income, home environment) factors and the spread, severity, and mortality rates of COVID patients worldwide?
2. Is there a difference in behaviour changes in people who have undergone cognitive behaviour therapy versus those who undergo pharmacologic intervention alone?
3. What is the difference in infection rates, pain intensity, inflammation, and restoration of functionality in people who have received prophylactic antibiotics and those who do not receive the prophylactic antibiotics during endodontic surgery?
4. What are nurses' perceptions towards patients who are non-adherent to the prescribed medications and are always complaining of deteriorating health?
Question one
: dependent and independent variables.
The dependent variables in the first question are hygiene eating habits, wearing masks, public gatherings, proximity to one another, occupation, level of education, annual income and home environment (variables), COVID patients (Population) and spread, severity, and mortality rates. (testability). The independent variables include age, gender, and race.
Why question 1?
The end of 2019 set the beginning of what would become a life-changing experience for virtually everyone worldwide in the following one year. When COVID-19 first struck in Wuhan China, nobody speculated that the disease would later spread across the globe, killing millions of people and negatively impacting the livelihood of the affected. Other than the deaths that the disease has brought upon innocent people, their governments across the nations have implemented stringent policies to help curb the spread, such as national lockdowns, closure of schools and other institutions, curfews, and other strict rules, all intended to prevent the infection rates. These government intervention measures had a huge economic, social, and personal impact on people and led to other problems, including but not limited to mental health.
Surprisingly, the disease was affecting different nations on varying intensities. For example, back in March 2020 COVID deaths in Italy were ranging above 700 on a daily basis while during the same time, there were very few cases and deaths in Africa (Di Lorenzo & Di Trolio, 2020; Onder et al., 2020). There were speculations that upon reaching Africa, COVID would lead to very high infection and mortality rates due to the poor healthcare systems and the relatively low economic status of most African countries. However, this turned out to be wrong as to date, the developed countries such as the USA, UK, and other European countries have the largest numbers of COVID cases and deaths (Bamgboye et al., 2020).
The relatively low numbers of new cases and deaths in Africa is intriguing. This calls for res.
When the body is under stress, it produces more of the hormone cortisol, which acts as an anti-inflammatory agent. When cortisol is produced peripherally in the gums, it stimulates mast cells to produce more proteins, simultaneously increasing inflammation and the progression of periodontal disease.
This is the ongoing project discussion portion of this class. My pop.docxglennf2
This is the ongoing project discussion portion of this class. My population is geriatric/elderly. The problem is BP...
I will attach previous discussions because it all needs to tie in together
350 words
at least 3 references cited in the discussion.
must be last 5 years
Overview: Dr. Marcia Stanhope (2020) explained that evidence-based public health practice refers to those decisions made by using the best available evidence, data and information systems and program frameworks; engaging community stakeholders in the decision-making process; evaluating the results; and then disseminating that information to those who can use the information.
Practicum Discussion: This week, your assignment will be to incorporate all of the information you have gathered from the community—including the population itself, health data, interviews/conversations with interested community members, and your community assessment, including your Windshield Survey—as well as what you have gathered from scholarly literature to propose measureable interventions. Measureable interventions mean that the results can be measured through some data that could be collected (Stanhope, 2020). This requires thinking in terms of actions and then measuring results. An evaluation of interventions is important to see whether or not they are effective in solving a health care problem. Remember, you will need to use the data you gathered to determine whether or not a problem exists in your community and to then determine whether your interventions might be effective.
Please discuss the following points in your Practicum Discussion:
Identify one evidence-based behavior change that would promote health in your selected population.
Suggest one specific culturally sensitive, evidence-based, measureable intervention to address the health problem for your selected population.
Think in terms of measuring outcomes. What outcomes would you expect to see once the intervention(s) are in place? Be specific.
By Day 4
Post
your response to this Discussion.
Support your response with references from the professional nursing literature.
GOAL of PRACTICUM PROJECT
Overall Purpose for Practicum:
Develop a potential project to improve the health of a specific population of interest or a population at risk.
This practicum is designed to help you develop as a scholar practitioner and health leader to promote positive social change in your own community. In this practicum experience you will focus on
primary prevention
of a health problem in your community (see text for definition.) You already possess the knowledge and skills to help those who are acutely ill. This experience will help learn how to prevent a health problem in a specific population at risk at the
community and system level of care
(see text for definition). Consequently, because you are well aware of how to care for individuals you will now develop leadership and advocacy skills to improve the health of the communi.
This presentation about mental health, Factor Affecting the Health, Mental illness, Psychological and physiological symptoms of mental disorders,Common mental disorders (depression, anxiety disorders, schizophrenia, eating disorders, addictive behaviors and Alzheimer’s disease), prevention and promotion program, Types of behavioral therapy, Factors contribute to the achievement of mental health.
mental health mo na na na na na na song lyrics pikit naman e 😭 and i don't ha...MauriaPaglicawan
hey I got a gf like a nice sleep well I love love love you too I will be there in about kay king of the world baby I love love love e a lot of education phone ko sa'kin mahal just want to say na Miata na nga po ako ng pagkain ko mahal e and ako na na song lyrics 'no ba 'yan mahal e a nice sleep well I love love love again aaaaaaa hugs and prayers to say na Miata na nga po e poster ang ginawa mo na naman ako sa sarili mo na naman ako sa sarili mo na naman ako sa kanila at ihahatid pa kita kausap ay ay ay ay papi I can do that always mahal ha ha ha iloveyouuuuuuuuuu muchhh muchh tangiii always proud ang asawa mo na naman ako sa sarili mo na naman ako sa sarili mo na iloveyouuuuuuuuuu muchhh muchhh mahal e a lot
Experts appeal to cdc monitor eating disordersDiane_Ortiz
A coalition led by Harvard’s Strategic Training Initiative for the Prevention of Eating Disorders (STRIPED) is asking the Centers for Disease Control and Prevention (CDC) to monitor eating disorders as part of its national disease surveillance efforts. Bryn Austin, a professor at the Department of Social and Behavioral Sciences and director of STRIPED, explains why this is critical for the treatment and prevention of eating disorders.
The business direction for HR is to be more strategic in their fu.docxrandymartin91030
The business direction for HR is to be more strategic in their function.
In your experience, do you think HR is involved with setting and implementing strategy? If yes, how and what role does HR play?
If not, what makes you believe they are not involved?
Module 1
Module 2
Module 3
Module 4
MHA506 - Health Care System Organization
X
X
X
MHA507 - Health Care Delivery Systems
X
X
X
MHM525 - Marketing in Healthcare
X
MHM502 - Health Care Finance
X
MHM514 - Health Information Systems
X
MHM522 - Legal Aspects of Health Administration
X
Running Head: MISSION HOSPITAL ANALYSIS PROJECT 1
MISSION HOSPITAL ANALYSIS PROJECT 27
Mission Hospital Analysis Project
Professor’s Name
Student’s Name
Course Title
Date
MARKET RESEARCH AND SEGMENTATION
Mission Hospital is located in Mission Viejo, California.
Mission Hospital being state of the art has 523 beds as a regional medical center and acute care in California Mission Viejo. These number of required beds is calculated as, Number of beds needed = the average number of admissions to the hospital from the hospital statistics is approximately 7560, with a mean length of stay of 30 days. The occupancy rate of the hospital was approximated as 84.17%. Therefore, the number of beds needed will be = It is one of the busiest paediatric Level 2 and adults designated in the state of California Trauma center, full range of specialist of healthcare services with teams that are highly skilled in the treatment of multitude conditions of the complex are provided in the mission hospital (Rad, & Anantatmula, 2010).
The range that is full of expertise is included in the services of neuroscience and spine, cancer care, cardiovascular, wellness and mental health, orthopaedics, and other variety of services that are specialists. Mission Hospital on the beach of Laguna provides coastal communities of South Orange with intensive care and emergency services in 24 hours (Kohlstadt, 2016). A 48-bed facility is the only area of the hospital that is paediatric for children at Mission Hospital.
Factors Affecting an Organization Externally
An organization can be affected externally by social, political, or technological. Factors that are internal lead to the success of the organization (Rad & Anantatmula, 2010). A mission sense that is clear in an organization explains its self better to the world, and positive elements can align it in each area. Leaders who can learn and communicate with an organization also externally learn from the organization and successfully communicate with it, leading to exchange ongoing ideas for both organizations to benefit and their environment. External change that is done throughout the society also brings impact to the companies, such as the sexual harassment elimination movement aims to deliver results (Rad, & Anantatmula, 2010).
Common medical conditions of seniors overall health status
A typical medical cond.
2018-04-18 المؤتمر العلمي الثاني للمعهد القومي لعلوم المسنين جامعة بني سويف بعنوان" التحديات والمستجدات العالمية في رعاية المسنين"
http://www.bsu.edu.eg/ShowConfDetails.aspx?conf_id=217
Print, complete, and score the following scales. .docxVannaJoy20
Print, complete, and score the following scales. Do not read how to score a scale until after you have completed it.
1. Stressed Out
2. Susceptibility to Stress (SUS)
3. Response to Stress Scale
4. Are you a Type A or Type B?
5. Coping with Stress
6. Multidimensional Health Locus of Control
7. Locus of Control
8. Life Orientation Test
Identify at Least 5 of Your Personal Stressors and 5 Daily Hassles
Using the information gathered in A and B, write a 3-5 page self-reflection paper that includes the following sections:
. Discuss your scores on each of the above scales and write a couple of brief statements about what that score means for you. Were you surprised by the score(s)? Did the results of the scales resonate with your perception of your stress level?
Incorporating information from your text and other academic sources, provide a summary of your stressors and life hassles.
3. Incorporating information from your text and other academic sources, provide a summary of what you might do to reduce your stress.
4. Discuss the issue of personal stress as it relates to psychological well-being. Relate your own results and thoughts about your experience with these scales to the information provided in the text and other academic sources (journal articles, books, .gov, .edu, or .org websites)
PERSPECTIVE
published: 25 February 2022
doi: 10.3389/fpsyt.2022.846244
Frontiers in Psychiatry | www.frontiersin.org 1 February 2022 | Volume 13 | Article 846244
Edited by:
Kairi Kõlves,
Griffith University, Australia
Reviewed by:
Jacinta Hawgood,
Griffith University, Australia
Jennifer Muehlenkamp,
University of Wisconsin–Eau Claire,
United States
*Correspondence:
M. David Rudd
[email protected]
Specialty section:
This article was submitted to
Psychopathology,
a section of the journal
Frontiers in Psychiatry
Received: 30 December 2021
Accepted: 02 February 2022
Published: 25 February 2022
Citation:
Rudd MD and Bryan CJ (2022)
Finding Effective and Efficient Ways to
Integrate Research Advances Into the
Clinical Suicide Risk Assessment
Interview.
Front. Psychiatry 13:846244.
doi: 10.3389/fpsyt.2022.846244
Finding Effective and Efficient Ways
to Integrate Research Advances Into
the Clinical Suicide Risk Assessment
Interview
M. David Rudd 1* and Craig J. Bryan 2
1Department of Psychology, University of Memphis, Memphis, TN, United States, 2Department of Psychiatry and Behavioral
Science, The Ohio State University Wexner Medical Center, Columbus, OH, United States
Research in clinical suicidology continues to rapidly expand, much of it with implications
for day-to-day clinical practice. Clinicians routinely wrestle with how best to integrate
recent advances into practice and how to do so in efficient and effective fashion. This
article identifies five critical domains of recent research findings and offers examples
of simple questions that can easily be integ.
Consequentialist theory Focuses on consequences of a.docxVannaJoy20
Consequentialist theory
Focuses on consequences of actions
Hard Universalist/Absolutist theory
The theory that one ought to maximize happiness and
minimize the unhappiness of as many people as
possible
Epicurus (341-270 B.C.E.) Greek philosopher who
advocated a life free of pain
Coined the term utilitarianism
Believed that it is good for an action to have a utility
(to make people happy)
Developed Hume’s theory of utility into a moral theory
to reform the British legal system
Believed that all humans are hedonists
Developed Hedonistic Calculus
Calculates probable consequences of actions
Produces a rational solution to any problem
Rediscovered the paradox of hedonism
The more you search for pleasure, the more it will elude
you
Refined Bentham’s theory
Higher and lower pleasures
Harm Principle
The only purpose of interfering with the life of someone
is to prevent harm to others
Act Utilitarianism
Always do whatever act
that will create the
greatest happiness for
the greatest number of
people
Only focuses on
consequences of present
decision
Always do whatever type
of act (based on a rule)
that will create the
greatest happiness for
the greatest number of
people
Focuses on consequences
of others applying that
same rule
Rule Utilitarianism
CemeteryAnalysis
Massachusetts has a unique archaeological resource in its many colonial graveyards. These contain a large number of precisely dated “artifacts” in the form of headstones and provide an opportunity for studies of the ways in which different aspects of British colonial and Euro- American culture have changed over time. For this assignment, you will visit a local cemetery of your choosing and use the headstones and other associated material culture to address questions aimed at understanding demographic, social, symbolic, or technological issues in the past. This assignment does not require any archaeological excavation, and your instructor and federal, state, and local laws expressly forbid you from doing any! The project also does not require you to do any additional background research, although you are welcome to do so. Please
respect these cemeteries, the individuals buried therein, and any visitors you may encounter during your study.
You must follow these steps:
1)
Chooseagraveyardwithheadstonesdatingtothe1600s,1700s,or1800s. There are several good graveyards in downtown Boston and many more scattered around the city and suburbs. The downtown locations have been studied at length as they are all regularly served by the MBTA. Several “off-the-beaten-track” locations, such as the Tollgate Cemetery in Forest Hills, is also served by transit and has not been visited by my students in the past. While everyone has their own time pressures, I encourage to think .
More Related Content
Similar to · Your initial post should be at least 500 words, formatted and ci.docx
1. Are there relationships between personal (hygiene, eating habits.docxgasciognecaren
1. Are there relationships between personal (hygiene, eating habits, wearing of masks) social (public gatherings, proximity to one another) demographic (age, gender, education, racial ethnicity), and economic (occupation, level of education, annual income, home environment) factors and the spread, severity, and mortality rates of COVID patients worldwide?
2. Is there a difference in behaviour changes in people who have undergone cognitive behaviour therapy versus those who undergo pharmacologic intervention alone?
3. What is the difference in infection rates, pain intensity, inflammation, and restoration of functionality in people who have received prophylactic antibiotics and those who do not receive the prophylactic antibiotics during endodontic surgery?
4. What are nurses' perceptions towards patients who are non-adherent to the prescribed medications and are always complaining of deteriorating health?
Question one
: dependent and independent variables.
The dependent variables in the first question are hygiene eating habits, wearing masks, public gatherings, proximity to one another, occupation, level of education, annual income and home environment (variables), COVID patients (Population) and spread, severity, and mortality rates. (testability). The independent variables include age, gender, and race.
Why question 1?
The end of 2019 set the beginning of what would become a life-changing experience for virtually everyone worldwide in the following one year. When COVID-19 first struck in Wuhan China, nobody speculated that the disease would later spread across the globe, killing millions of people and negatively impacting the livelihood of the affected. Other than the deaths that the disease has brought upon innocent people, their governments across the nations have implemented stringent policies to help curb the spread, such as national lockdowns, closure of schools and other institutions, curfews, and other strict rules, all intended to prevent the infection rates. These government intervention measures had a huge economic, social, and personal impact on people and led to other problems, including but not limited to mental health.
Surprisingly, the disease was affecting different nations on varying intensities. For example, back in March 2020 COVID deaths in Italy were ranging above 700 on a daily basis while during the same time, there were very few cases and deaths in Africa (Di Lorenzo & Di Trolio, 2020; Onder et al., 2020). There were speculations that upon reaching Africa, COVID would lead to very high infection and mortality rates due to the poor healthcare systems and the relatively low economic status of most African countries. However, this turned out to be wrong as to date, the developed countries such as the USA, UK, and other European countries have the largest numbers of COVID cases and deaths (Bamgboye et al., 2020).
The relatively low numbers of new cases and deaths in Africa is intriguing. This calls for res.
When the body is under stress, it produces more of the hormone cortisol, which acts as an anti-inflammatory agent. When cortisol is produced peripherally in the gums, it stimulates mast cells to produce more proteins, simultaneously increasing inflammation and the progression of periodontal disease.
This is the ongoing project discussion portion of this class. My pop.docxglennf2
This is the ongoing project discussion portion of this class. My population is geriatric/elderly. The problem is BP...
I will attach previous discussions because it all needs to tie in together
350 words
at least 3 references cited in the discussion.
must be last 5 years
Overview: Dr. Marcia Stanhope (2020) explained that evidence-based public health practice refers to those decisions made by using the best available evidence, data and information systems and program frameworks; engaging community stakeholders in the decision-making process; evaluating the results; and then disseminating that information to those who can use the information.
Practicum Discussion: This week, your assignment will be to incorporate all of the information you have gathered from the community—including the population itself, health data, interviews/conversations with interested community members, and your community assessment, including your Windshield Survey—as well as what you have gathered from scholarly literature to propose measureable interventions. Measureable interventions mean that the results can be measured through some data that could be collected (Stanhope, 2020). This requires thinking in terms of actions and then measuring results. An evaluation of interventions is important to see whether or not they are effective in solving a health care problem. Remember, you will need to use the data you gathered to determine whether or not a problem exists in your community and to then determine whether your interventions might be effective.
Please discuss the following points in your Practicum Discussion:
Identify one evidence-based behavior change that would promote health in your selected population.
Suggest one specific culturally sensitive, evidence-based, measureable intervention to address the health problem for your selected population.
Think in terms of measuring outcomes. What outcomes would you expect to see once the intervention(s) are in place? Be specific.
By Day 4
Post
your response to this Discussion.
Support your response with references from the professional nursing literature.
GOAL of PRACTICUM PROJECT
Overall Purpose for Practicum:
Develop a potential project to improve the health of a specific population of interest or a population at risk.
This practicum is designed to help you develop as a scholar practitioner and health leader to promote positive social change in your own community. In this practicum experience you will focus on
primary prevention
of a health problem in your community (see text for definition.) You already possess the knowledge and skills to help those who are acutely ill. This experience will help learn how to prevent a health problem in a specific population at risk at the
community and system level of care
(see text for definition). Consequently, because you are well aware of how to care for individuals you will now develop leadership and advocacy skills to improve the health of the communi.
This presentation about mental health, Factor Affecting the Health, Mental illness, Psychological and physiological symptoms of mental disorders,Common mental disorders (depression, anxiety disorders, schizophrenia, eating disorders, addictive behaviors and Alzheimer’s disease), prevention and promotion program, Types of behavioral therapy, Factors contribute to the achievement of mental health.
mental health mo na na na na na na song lyrics pikit naman e 😭 and i don't ha...MauriaPaglicawan
hey I got a gf like a nice sleep well I love love love you too I will be there in about kay king of the world baby I love love love e a lot of education phone ko sa'kin mahal just want to say na Miata na nga po ako ng pagkain ko mahal e and ako na na song lyrics 'no ba 'yan mahal e a nice sleep well I love love love again aaaaaaa hugs and prayers to say na Miata na nga po e poster ang ginawa mo na naman ako sa sarili mo na naman ako sa sarili mo na naman ako sa kanila at ihahatid pa kita kausap ay ay ay ay papi I can do that always mahal ha ha ha iloveyouuuuuuuuuu muchhh muchh tangiii always proud ang asawa mo na naman ako sa sarili mo na naman ako sa sarili mo na iloveyouuuuuuuuuu muchhh muchhh mahal e a lot
Experts appeal to cdc monitor eating disordersDiane_Ortiz
A coalition led by Harvard’s Strategic Training Initiative for the Prevention of Eating Disorders (STRIPED) is asking the Centers for Disease Control and Prevention (CDC) to monitor eating disorders as part of its national disease surveillance efforts. Bryn Austin, a professor at the Department of Social and Behavioral Sciences and director of STRIPED, explains why this is critical for the treatment and prevention of eating disorders.
The business direction for HR is to be more strategic in their fu.docxrandymartin91030
The business direction for HR is to be more strategic in their function.
In your experience, do you think HR is involved with setting and implementing strategy? If yes, how and what role does HR play?
If not, what makes you believe they are not involved?
Module 1
Module 2
Module 3
Module 4
MHA506 - Health Care System Organization
X
X
X
MHA507 - Health Care Delivery Systems
X
X
X
MHM525 - Marketing in Healthcare
X
MHM502 - Health Care Finance
X
MHM514 - Health Information Systems
X
MHM522 - Legal Aspects of Health Administration
X
Running Head: MISSION HOSPITAL ANALYSIS PROJECT 1
MISSION HOSPITAL ANALYSIS PROJECT 27
Mission Hospital Analysis Project
Professor’s Name
Student’s Name
Course Title
Date
MARKET RESEARCH AND SEGMENTATION
Mission Hospital is located in Mission Viejo, California.
Mission Hospital being state of the art has 523 beds as a regional medical center and acute care in California Mission Viejo. These number of required beds is calculated as, Number of beds needed = the average number of admissions to the hospital from the hospital statistics is approximately 7560, with a mean length of stay of 30 days. The occupancy rate of the hospital was approximated as 84.17%. Therefore, the number of beds needed will be = It is one of the busiest paediatric Level 2 and adults designated in the state of California Trauma center, full range of specialist of healthcare services with teams that are highly skilled in the treatment of multitude conditions of the complex are provided in the mission hospital (Rad, & Anantatmula, 2010).
The range that is full of expertise is included in the services of neuroscience and spine, cancer care, cardiovascular, wellness and mental health, orthopaedics, and other variety of services that are specialists. Mission Hospital on the beach of Laguna provides coastal communities of South Orange with intensive care and emergency services in 24 hours (Kohlstadt, 2016). A 48-bed facility is the only area of the hospital that is paediatric for children at Mission Hospital.
Factors Affecting an Organization Externally
An organization can be affected externally by social, political, or technological. Factors that are internal lead to the success of the organization (Rad & Anantatmula, 2010). A mission sense that is clear in an organization explains its self better to the world, and positive elements can align it in each area. Leaders who can learn and communicate with an organization also externally learn from the organization and successfully communicate with it, leading to exchange ongoing ideas for both organizations to benefit and their environment. External change that is done throughout the society also brings impact to the companies, such as the sexual harassment elimination movement aims to deliver results (Rad, & Anantatmula, 2010).
Common medical conditions of seniors overall health status
A typical medical cond.
2018-04-18 المؤتمر العلمي الثاني للمعهد القومي لعلوم المسنين جامعة بني سويف بعنوان" التحديات والمستجدات العالمية في رعاية المسنين"
http://www.bsu.edu.eg/ShowConfDetails.aspx?conf_id=217
Print, complete, and score the following scales. .docxVannaJoy20
Print, complete, and score the following scales. Do not read how to score a scale until after you have completed it.
1. Stressed Out
2. Susceptibility to Stress (SUS)
3. Response to Stress Scale
4. Are you a Type A or Type B?
5. Coping with Stress
6. Multidimensional Health Locus of Control
7. Locus of Control
8. Life Orientation Test
Identify at Least 5 of Your Personal Stressors and 5 Daily Hassles
Using the information gathered in A and B, write a 3-5 page self-reflection paper that includes the following sections:
. Discuss your scores on each of the above scales and write a couple of brief statements about what that score means for you. Were you surprised by the score(s)? Did the results of the scales resonate with your perception of your stress level?
Incorporating information from your text and other academic sources, provide a summary of your stressors and life hassles.
3. Incorporating information from your text and other academic sources, provide a summary of what you might do to reduce your stress.
4. Discuss the issue of personal stress as it relates to psychological well-being. Relate your own results and thoughts about your experience with these scales to the information provided in the text and other academic sources (journal articles, books, .gov, .edu, or .org websites)
PERSPECTIVE
published: 25 February 2022
doi: 10.3389/fpsyt.2022.846244
Frontiers in Psychiatry | www.frontiersin.org 1 February 2022 | Volume 13 | Article 846244
Edited by:
Kairi Kõlves,
Griffith University, Australia
Reviewed by:
Jacinta Hawgood,
Griffith University, Australia
Jennifer Muehlenkamp,
University of Wisconsin–Eau Claire,
United States
*Correspondence:
M. David Rudd
[email protected]
Specialty section:
This article was submitted to
Psychopathology,
a section of the journal
Frontiers in Psychiatry
Received: 30 December 2021
Accepted: 02 February 2022
Published: 25 February 2022
Citation:
Rudd MD and Bryan CJ (2022)
Finding Effective and Efficient Ways to
Integrate Research Advances Into the
Clinical Suicide Risk Assessment
Interview.
Front. Psychiatry 13:846244.
doi: 10.3389/fpsyt.2022.846244
Finding Effective and Efficient Ways
to Integrate Research Advances Into
the Clinical Suicide Risk Assessment
Interview
M. David Rudd 1* and Craig J. Bryan 2
1Department of Psychology, University of Memphis, Memphis, TN, United States, 2Department of Psychiatry and Behavioral
Science, The Ohio State University Wexner Medical Center, Columbus, OH, United States
Research in clinical suicidology continues to rapidly expand, much of it with implications
for day-to-day clinical practice. Clinicians routinely wrestle with how best to integrate
recent advances into practice and how to do so in efficient and effective fashion. This
article identifies five critical domains of recent research findings and offers examples
of simple questions that can easily be integ.
Consequentialist theory Focuses on consequences of a.docxVannaJoy20
Consequentialist theory
Focuses on consequences of actions
Hard Universalist/Absolutist theory
The theory that one ought to maximize happiness and
minimize the unhappiness of as many people as
possible
Epicurus (341-270 B.C.E.) Greek philosopher who
advocated a life free of pain
Coined the term utilitarianism
Believed that it is good for an action to have a utility
(to make people happy)
Developed Hume’s theory of utility into a moral theory
to reform the British legal system
Believed that all humans are hedonists
Developed Hedonistic Calculus
Calculates probable consequences of actions
Produces a rational solution to any problem
Rediscovered the paradox of hedonism
The more you search for pleasure, the more it will elude
you
Refined Bentham’s theory
Higher and lower pleasures
Harm Principle
The only purpose of interfering with the life of someone
is to prevent harm to others
Act Utilitarianism
Always do whatever act
that will create the
greatest happiness for
the greatest number of
people
Only focuses on
consequences of present
decision
Always do whatever type
of act (based on a rule)
that will create the
greatest happiness for
the greatest number of
people
Focuses on consequences
of others applying that
same rule
Rule Utilitarianism
CemeteryAnalysis
Massachusetts has a unique archaeological resource in its many colonial graveyards. These contain a large number of precisely dated “artifacts” in the form of headstones and provide an opportunity for studies of the ways in which different aspects of British colonial and Euro- American culture have changed over time. For this assignment, you will visit a local cemetery of your choosing and use the headstones and other associated material culture to address questions aimed at understanding demographic, social, symbolic, or technological issues in the past. This assignment does not require any archaeological excavation, and your instructor and federal, state, and local laws expressly forbid you from doing any! The project also does not require you to do any additional background research, although you are welcome to do so. Please
respect these cemeteries, the individuals buried therein, and any visitors you may encounter during your study.
You must follow these steps:
1)
Chooseagraveyardwithheadstonesdatingtothe1600s,1700s,or1800s. There are several good graveyards in downtown Boston and many more scattered around the city and suburbs. The downtown locations have been studied at length as they are all regularly served by the MBTA. Several “off-the-beaten-track” locations, such as the Tollgate Cemetery in Forest Hills, is also served by transit and has not been visited by my students in the past. While everyone has their own time pressures, I encourage to think .
The theory that states that people look after their .docxVannaJoy20
The theory that states that people look
after their own self interest
An absolutist theory
Does not consider other options
A descriptive theory
Does not make a judgment
A British philosopher (1588-1679)
Agreed with Glaucon that:
Humans choose to live in a society with rules
because it benefits us
Any show of concern for others only hides a
true concern for ourselves
It is foolish to not look after ourselves
Believed that humans feel pity for others
because we fear something similar happening to
us
A theory that says people ought to act in their
own self interest
An absolutist theory
A normative theory
Makes a judgment or prescription about
behavior
A consequentialist theory
Focuses on consequences of actions
Russian-born American (1905-1982)
Believed that egoism benefits society
People should not feel guilty for seeking their own
happiness
People should not feel obligated to help those who are
“moochers and leeches.”
Everyone should give up his or her own self-interest
for others
Normative theory
Consequentialist theory
.
This is a graded discussion 30 points possibledue -.docxVannaJoy20
This is a graded discussion: 30 points possible
due -
Discussion 2 (Complete by
Sunday, Nov. 6)
20 20
This discussion aligns with Learning Outcomes 1, 2, and 4
Democracy, at its core, is centered on the idea that individuals can, in fact,
rule themselves. This concept is enshrined in the U.S. Constitution as we
know it today. However, early on the American Constitution was not a sound,
democratic document. In particular, the idea of popular sovereignty; that is,
the will of the people, was not extended to everyone. For example, as you
read this week, the framers, for a time, chose to retain slavery in the new
Republic. In addition to slavery, in what other areas was the Constitution of
1788 less than democratic? In what ways has the Constitution, since then,
become more democratic? Be sure to provide examples to support your
claims.
Submission
Our discussions are a valuable opportunity to have thoughtful conversations
regarding a specific topic. You are required to provide a comprehensive
initial post with 3-4 well-developed paragraphs that include a topic
sentence and at least 3-5 supporting sentences with additional details,
11/4/22, 1:30 AM
Page 1 of 29
Search entries or author
Reply
explanations, and examples. In addition, you are required to respond
substantively to the initial posts of at least two other classmates on two
different days. All posts should be reflective and well written, meaning free
of errors in grammar, sentence structure, and other mechanics.
Grading
This discussion is worth 30 points toward your final grade and will be
graded using the Discussion Rubric. Please use it as a guide toward
successful completion of this discussion. For information on how to view the
rubric, refer to this Canvas Community Guide
(https://community.canvaslms.com/docs/DOC-10577-4212540120) .
Unread Subscribe
(https://canvas.fscj.edu/courses/65283/users/135004)
Sarkis Boyajian (https://canvas.fscj.edu/courses/65283/users/135004)
Tuesday
11/4/22, 1:30 AM
Page 2 of 29
Reply
The Constitution of 1788 lacked democracy because it did not protect
the people’s beliefs. Religion influences people’s morality. And morality is
a key component of personal convictions. People’s convictions influence
how they want to be governed and how they vote. The first amendment to
the Constitution provided protection to the people’s beliefs by restricting
Congress from making laws respective to an establishment of religion or
prohibiting the free exercise thereof.
The Constitution of 1788 lacked democracy because it did not protect
the people’s expression. Speech is the cornerstone of sharing thoughts
and ideas. The sharing of thoughts and ideas influences people’s
opinions. People’s opinions influence how they want to be governed and
how they vote. The first amendment to the Constitution provided
protection to people’s expression by restricting Congress from making
laws respective to ab.
· Please include the following to create your Argumentative Essay .docxVannaJoy20
· Please include the following to create your Argumentative Essay Presentation Plan:
· Presentation author and title of the presentation (Essay)
· Purpose: What do you want your audience to obtain or support after the discussion?
· Audience: What phrases will you adapt-without diverting from the purpose of the essay- as you select a medium to include on the slides?
· Keywords: As you break down your essay into keywords, which themes and concepts arise?
· Introduction: What does the outline of the presentation include?
· Body: Think about the body of your essay. Which specific details are necessary to get your points across?
· Conclusion: Why is your essay and analysis important?
· How did you get to that conclusion?
· Since you will communicate with the audience through more than one sense, what media do you intend to use?
· Which presentation software program do you intend to use to prepare the presentation?
· As you prepare your presentation and deepen your understanding, what do you notice that you hadn’t seen before?
· You must present your writing double-spaced, in a Times New Roman, Arial or Courier New font, with a font size of 12.
· Pay attention to grammar rules (spelling and syntax).
· Your work must be original and must not contain material copied from books or the internet.
· When citing the work of other authors, include citations and references using APA style to respect their intellectual property and avoid plagiarism.
· Remember that your writing must have a header or a cover page that includes the name of the institution, the program, the course code, the title of the activity, your name and student number, and the assignment's due date.
.
• FINISH IVF• NATURAL FAMILY PLANNING• Preimplanta.docxVannaJoy20
• FINISH IVF
• NATURAL FAMILY PLANNING
• Preimplantation Genetic Diagnosis (PGD)
• Surrogate motherhood
• “snowflake babies”
• Artificial Insemination (AI)
Preimplantation Genetic Diagnosis (PGD)
ZYGOTE
M
O
RU
LA
COMPACTION
BLASTOMERES
MALE &
FEMALE
PRONUCLEI
Surrogate motherhood
https://en.wikipedia.org/wiki/2014_Thai_surrogacy_controversy
INTRINSIC BIOETHICAL EVIL/WRONG:
NATURAL RIGHT TO BE GESTATED BY BIOLOGICAL MOTHER
“snowflake babies” = ivf embryo transfer
http://www.vatican.va/roman_curia/congregations/cfaith/documents/rc_con_cfaith_doc_20081208_dignitas-personae_en.html
Artificial Insemination (AI)
NATURAL FAMILY PLANNING (NFP)
1.OVULATION SYMPTOMS
2.BIOETHICAL EVALUATION
NATURAL FAMILY PLANNING (NFP)
1.OVULATION SYMPTOMS
a) 3 PRIMARY
b) 7 SECONDARY
PRIMARY OVULATION SYMPTOMS:
1) BASAL BODY TEMPERATURE (BBT)
2) CERVIX ACTIVITY
3) CERVICAL MUCUS
SECONDARY OVULATION SYMPTOMS:
1) MITTELSCHMERZ
2) SPOTTING
3) SWOLLEN VAGINA AND/OR VULVA
4) INCREASED LIBIDO
5) BREAST TENDERNESS
6) GENERAL BLOATING
7) FERNING
SOME MAJOR PROTOCOLS AND METHODS:
• CREIGHTON MODEL (NaPro Technology)
• COUPLE TO COUPLE (CCL)
• SYMPTO-THERMAL METHOD
• BILLINGS METHOD
• FAMILY OF THE AMERICAS (BASED ON BILLINGS)
ACTIVITY OF THE CERVIX AND CERIVCAL OS DURING MENSTRUAL CYCLE
INFERTILEFERTILE
1 DAY BEFORE OVULATION:
OS OPEN, CERVIX HIGH,
SOFT AND CENTRAL,
EGGWHITE FLUID
INFERTILE PHASE: OS CLOSED,
CERVIX FIRM,
ANGLED SLIGHTLY,
TACKY FLUID
Examples of cervical mucus
during various days of the
menstrual cycle.
Transparent and elastic
is fertile.
Opaque and tacky
is infertile.
WHAT ABOUT THE HUSBAND?
• DISCIPLINE, RESPECT, COMMUNICATION, SACRIFICIAL LOVE
• OPENNESS TO THE PRESENCE OF GOD IN THEIR DAILY LIFE
2. BIOETHICAL EVALUATION OF NFP:
a) AS A MEANS
b) AS AN END / GOAL / OBJECTIVE
a) AS A MEANS:
• NO SEPARATION ÷ UNITIVE / PROCREATIVE
DIMENSIONS
• RESPECTFUL OF HUMAN NATURE
• MARRITAL INTIMACY = UNION OF
BODY AND SOUL
b) AS AN END:
HUMANAE VITAE 16b:
“If therefore there are well-grounded
reasons for spacing births, arising from the
physical or psychological condition
of husband or wife,
or from external circumstances…
then take advantage
of the natural cycles immanent
in the reproductive system…”
b) AS AN END:
THEREFORE, TO BE AVOIDED IS A
CONTRACEPTIVE MENTALITY,
WHEREBY PREGNANCY / CHILDREN
ARE SEEN AS AN EVIL,
TO BE AVOIDED BY ANY MEANS.
INSTEAD, A FUNDAMENTAL OPENNESS TO LIFE,
COLLABORATING WITH GOD’S PLAN
TO BE CO-CREATORS
OF A UNIQUE HUMAN LIFE.
Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19
See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/220672617
.
Use the information presented in the module folder along with your.docxVannaJoy20
Use the information presented in the module folder along with your readings from the textbook to answer thefollowing questions.1. Differentiate between bacterial infection and bacterial intoxication.
2. Discuss the importance of E. coli as part of our intestinal flora.
3. Describe three (3) different types of gastrointestinal diseases caused by bacteria. Besure to give the name of the specific organism that causes each, describe somecommon signs and symptoms and discuss treatment for each disease:
4. Define meningitis. Compare and contrast between bacterial and viral meningitisincluding treatment for each.
5. What is a prion? Describe the impact prions have on the human brain and discuss twoprion-associated diseases in humans:
6. What is a vector-borne (vector transmitted) disease? Give an example of a vectorborne disease and the vector responsible for causing it.
.
• Ryanairs operations have been consistently plagued with emp.docxVannaJoy20
• Ryanair's operations have been consistently plagued with employee
discontent and protests (Temming, 2017). Communication between Line
Managers and employees has been tensed, and performance has suffered as a
result. The Company would benefit from the strategic positioning and
interpersonal skills of the Human Resource Business Partner.
• As an employee advocate, he or she would engage employees in dialogue and
ensure that whatever findings are made are brought to the attention of the line
manager promptly to be addressed.
• Also, as a collaborative partner, he would assist in channeling the needs of the
line manager in a way that will be understood and well received by
subordinates.
• Effective communication would eventually lead to mutual understanding and
benefit for all parties.
• It would go a long way in developing a strong company culture where
individuals are not afraid to express their thoughts and ideas. and would shift
focus away from conflict towards meeting Organizational goals.
01 CONSTRUCTIVE COMMUNICATION
BETWEEN MANAGEMENT AND STAFF
02 EFFECTIVE CHANGE
MANAGEMENT
• The Greek Philosopher, Heraclitus stated that “Change is the only
constant of life” (Rothwell et al., 2015). This statement is pertinent to the
rapidly changing business climate (Lauer, 2019, p3) in which Ryanair
finds itself.
• A company’s readiness and reaction to change are important in
determining success. From our current state analysis, we discovered
that several tasks may be expedited and optimized with the introduction
of new technology.
• However, this must be introduced strategically to prevent resistance.
The role of the Human Resources Business Partner is essential in this
regard.
• He or She would determine the need for change and ensure reception of
the change by employing effective communication strategies
(McCracken et al., 2017).
• Apart from a change in technology, other elements that may undergo
transformation include processes, policies, personnel, amongst others.
It is important that these changes are taken in stride so that they do not
forestall operations.
03 FOCUSED TRAINING AND
CAPACITY BUILDING
• The Business Partner would be instrumental in identifying
areas requiring competency improvements (Onen, 2013) in
Ryanair.
• Through a series of activities such as performance reviews
and data analysis, as well as knowledge of the business, and
interactions with staff, the business partner would tailor
training programmers to drive outcomes that matter and meet
the company's needs and vision.
• Doing so would be of benefit not only to employees but to
Ryanair, who would see improved performances and save
costs that would have gone into retraining because of an
inefficient programme.
EFFECTIVE STRATEGY
DEVELOPMENT
• Ryanair would benefit from the HRBP's skills and
knowledge in developing strategic plans that create value
for future business successes.
• He or she would ensure that plans align with the needs and
expectations .
• ALFRED CIOFFI• CATHOLIC PRIEST, ARCHDIOCESE OF MIAMI.docxVannaJoy20
• ALFRED CIOFFI
• CATHOLIC PRIEST, ARCHDIOCESE OF MIAMI
• DOCTORATE IN MORAL THEOLOGY, GREGORIAN UNIVERSITY, ROME, ITALY
• DOCTORATE IN GENETICS, PURDUE UNIVERSITY, INDIANA
• ASSOCIATE PROFESSOR, BIOLOGY AND BIOETHICS
• DIRECTOR, INSTITUTE FOR BIOETHICS
BIOMEDICAL ETHICS
Introduction
• PRESENTATIONS
• THINK
• RESPECT
• HONOR CODE
• ON TIME
• QUIZZES
• TAKE NOTES
• AVERAGE
CANVAS
HUMAN BIO-ETHICS: evidence-based
• BEGINNING OF LIFE
• HEALTHCARE
• END OF LIFE
BIO-ETHICS
PRINCIPLED
UTILITARIAN
or…
• SEXUAL REPRODUCTION
• EARLY EMBRYONIC DEVELOPMENT
• ONTOLOGICAL STATUS OF HUMAN EMBRYO
SEXUAL REPRODUCTION: INVOLVES FERTILIZATION
FERTILIZATION: INVOLVES FUSION OF GAMETES
AT FERTILIZATION THE DIPLOID NUMBER (2n) IS RESTORED
GAMETES = SEX CELLS (SPERM & OVA), PRODUCED BY MEIOSIS
FIRST, A REVIEW OF MITOSIS
b
d
c
a
chromatin
2n
2n
b
d
c
a
chromatin
2n
2n
X
X
X
X
2b
1a
1b
2a
chromatin
2n
2n
2b1b
1a
2a
2b1b
1a
2a
1a 1b
2b
2a
2b1b
1a
2a
2a 2b
1b
1a
DNA REPLICATION
SISTER CHROMATIDS
Temporary “4n” stage
2b1b
1a
2a
CELL CYCLE
G = GAP
S = SYNTHESIS
2n
2n
2n
MEIOSIS:
DOUBLE CELLULAR SPLIT: ONE CELL -> -> 4 CELLS
• RECOMBINATION (CROSSING OVER)
• FROM DIPLOID NUMBER (2n) -> HAPLOID NUMBER (n) = CHROMATIC REDUCTION
2a
2b
1a
1b
2a
2b
1a
1b
2a2b
1a1b
DNA RECOMBINATION = CROSSING OVER
MEIOSIS = FORMATION OF GAMETES (SEX CELLS), HAPLOID
SPERMATOGENESIS -> SPERM (n)
GAMETOGENESIS
OOGENESIS -> OVUM (n)
Primary spermatocyte (2n)
Primary oocyte (2n)
Polar
bodies
H. sapiens # OF CHROMOSOMES = 46 = 23 "PAIRS" ONLY IDENTICAL IN FEMALE (XX)
• 22 PAIRS = AUTOSOMES
• 1 PAIR = SEX CHROMOSOMES
THEREFORE, IN HUMANS:
• n = 23 (gametes)
• 2n = 46 (somatic cells)
Seminiferous
tubules
Ovarian
follicles
VIDEOS OF HUMAN EMBRYONIC AND FETAL DEVELOPMENT
From fertilization to birth 6 minutes
https://www.youtube.com/watch?v=7kC6p1twkXk
https://www.youtube.com/watch?v=7kC6p1twkXk
EGG + SPERM = ZYGOTE
ZYGON (GK) = YOKED OR LINKED
ZYGOTE DNA:
• 50% OF THE GENETIC MATERIAL COMES FROM THE MOTHER
• 50% FROM THE FATHER
0.1 mm 0.005 mm
0.05 mm
= SYNGAMY
Ampulla
DAY 1
DAY 7
Endometrium
ZYGOTE
M
O
RU
LA
COMPACTION
BLASTOMERES
MALE &
FEMALE
PRONUCLEI
FIRST CELLULAR DIFFERENTIATION = 2 CELL LAYERS
(INNER CELL MASS)
1 2 3
4 5 6
IMPLANTATION
FURTHER CELLULAR DIFFERENTIATION: 3 GERM LAYERS
( ICM )
GASTRULATION
THIRD WEEK OF EMBRYONIC DEVELOPMNET:
GASTRULA
LONGITUDINAL VIEW CROSS SECTION
NEURAL GROOVE
~ 1 inch
EIGHT WEEKS
EMBRYO FETUS
FETUS
VIDEOS OF HUMAN EMBRYONIC AND FETAL DEVELOPMENT
Conception to birth -- visualized | Alexander Tsiaras 10 minutes
https://www.youtube.com/watch?v=fKyljukBE70
https://www.youtube.com/watch?v=fKyljukBE70
THEREFORE, REGARDING EMBRYONIC DEVELOPMENT:
CONTINUOUS DEVELOPMENT OF TISSUES, ORGANS AND SYSTEMS
FROM THE ZYGOTE, THROUGH 9 MONTHS, UP .
· Reflect on the four peer-reviewed articles you critically apprai.docxVannaJoy20
· Reflect on the four peer-reviewed articles you critically appraised in Module 4, related to your clinical topic of interest and PICOT.
· Reflect on your current healthcare organization and think about potential opportunities for evidence-based change, using your topic of interest and PICOT as the basis for your reflection.
· Consider the best method of disseminating the results of your presentation to an audience.
The Assignment: (Evidence-Based Project)
Part 4: Recommending an Evidence-Based Practice Change
Create an 8- to 9-slide
narrated PowerPoint presentation in which you do the following:
· Briefly describe your healthcare organization, including its culture and readiness for change. (You may opt to keep various elements of this anonymous, such as your company name.)
· Describe the current problem or opportunity for change. Include in this description the circumstances surrounding the need for change, the scope of the issue, the stakeholders involved, and the risks associated with change implementation in general.
· Propose an evidence-based idea for a change in practice using an EBP approach to decision making. Note that you may find further research needs to be conducted if sufficient evidence is not discovered.
· Describe your plan for knowledge transfer of this change, including knowledge creation, dissemination, and organizational adoption and implementation.
· Explain how you would disseminate the results of your project to an audience. Provide a rationale for why you selected this dissemination strategy.
· Describe the measurable outcomes you hope to achieve with the implementation of this evidence-based change.
· Be sure to provide APA citations of the supporting evidence-based peer reviewed articles you selected to support your thinking.
· Add a lessons learned section that includes the following:
· A summary of the critical appraisal of the peer-reviewed articles you previously submitted
· An explanation about what you learned from completing the Evaluation Table within the Critical Appraisal Tool Worksheet Template (1-3 slides)
Zeinab Hazime
Nurs 6052
10/16/2022
Evaluation Table
Use this document to complete the
evaluation table requirement of the Module 4 Assessment,
Evidence-Based Project, Part 3A: Critical Appraisal of Research
Full
APA formatted citation of selected article.
Article #1
Article #2
Article #3
Article #4
Abraham, J., Kitsiou, S., Meng, A., Burton, S., Vatani, H., & Kannampallil, T.
(2020). Effects of CPOE-based medication ordering on outcomes: an overview of systematic reviews.
BMJ Quality & Safety, 29(10), 1-2.
Alanazi, A. (2020). The effect of computerized physician order entry on mortality rates in pediatric and neonatal care setting: Meta-analysis.
Informatics in Medicine
Unlocked, 19, 100308. https.
· Choose a B2B company of your choice (please note that your chose.docxVannaJoy20
· Choose a B2B company of your choice (please note that your chosen company will also be used for your final assignment).
· Across your two assignment you will develop an Industrial marketing plan.
· For assignment 1 you are required to develop the first part of the marketing plan and assignment 2 the final part.
· Perform a situation analysis identifying the following:
1. Product mix:
i. Current product mix, product lines and individual products
2. Market analysis:
i. Who are their current competitors
ii. PESTEL
3. Market segmentation
i. Identify the segments that that they target (including the characteristics of each market segment).
4. Value proposition:
i. Identify the value that the company aims to provide to each segment (which products are aimed at each segment and what the benefits
are to that segment)
5. Positioning:
i. How do they position themselves in the market (and if relevant to each segment). How do they differentiate themselves through this
positioning from their competitors?
· Your Marketing Plan Part 1 should be uploaded in PDF format.
· Your table of contents should include:
1. Introduction/Background
2. Product Mix
3. Market analysis
4. Market segmentation
5. Value proposition
6. Positioning
7. References
Formalities:
· Wordcount: 1500
· Cover, Table of Contents, References and Appendix are excluded of the total wordcount.
· Font: Arial 11 pts.
· Text alignment: Left.
· The in-text References and the Bibliography must be in Harvard’s citation style.
Dido and Aeneas
Music composed by Henry Purcell
Libretto by Nahum Tate
Date of composition: 1689
DIDO AND AENEAS
An opera perform'd at Mr. Josias Priest's Boarding School
at Chelsey by Young Gentlewomen.
The words made by Mr. NAHUM TATE
The music composed by Mr. HENRY PURCELL
Dramatis Personae
DIDO
BELINDA
TWO WOMEN
AENEAS
SORCERESS
ENCHANTRESSES
SPIRIT of the Sorceress (Mercury)
Dido's train, Aeneas' train, Fairies, Sailors
OVERTURE
ACT THE FIRST
Scene [I]: The Palace [enter Dido, Belinda and train]
BELINDA
Shake the cloud from off your brow,
Fate your wishes does allow;
Empire growing,
Pleasures flowing,
Fortune smiles and so should you.
CHORUS
Banish sorrow, banish care,
Grief should ne'er approach the fair.
DIDO
Ah! Belinda, I am prest
With torment not to be Confest,
Peace and I are strangers grown.
I languish till my grief is known,
Yet would not have it guest.
BELINDA
Grief increases by concealing,
DIDO
Mine admits of no revealing.
BELINDA
Then let me speak; the Trojan guest
Into your tender thoughts has prest;
The greatest blessing Fate can give
Our Carthage to secure and Troy revive.
CHORUS
When monarchs unite, how happy their state,
They triumph at once o'er their foes and t.
Tool for Analyzing and Adapting Curriculum Materia.docxVannaJoy20
Tool for Analyzing and Adapting Curriculum Materials
Overview: This tool is designed to help you prepare to use curriculum materials, particularly individual lessons that are part of larger units, with students. It supports you to do three things:
1. Identify the academic focus of the materials;
2. Analyze the materials for demand, coherence, and cultural relevance;
3. Consider student thinking in relation to the core content and activities;
4. Adapt the materials and create a more complete plan to use in the classroom.
Section 1: Identify the academic focus of the materials
Read the materials in their entirety. If you are working with a single lesson that is part of a larger unit, read or skim the entire unit, and then read the lesson closely. Annotate the materials:
1. What are the primary and secondary learning goals?
· What are the 1-2 most important concepts or practices that students are supposed to learn?
· What are students responsible for demonstrating that they know and can do in mid-unit and final assessments and performance tasks?
2. What are the core tasks and activities:
· What needs to be mastered or completed before the next lesson?
· Where is the teacher’s delivery of new information, guidance, or support most important?
· Where is discussion or opportunities for collaboration with others important?
· Are there activities or tasks that could be moved to homework if necessary?
Section 2: Analyze the materials for demand, coherence, and cultural relevance:
Use the checklist in the chart below to analyze the materials. If you mark “no,” make notes about possible adaptations to the materials. You may annotate the materials directly as an alternative to completing the chart.
Consideration
Yes or no?
Notes about possible adaptations
1.
Analyze for grade-level appropriateness and intellectual demand:
1a. Do the learning goals and instructional activities align with relevant local, state, or national standards?
1b. Are the materials sufficiently challenging for one’s own students (taking into account the learning goals, the primary instructional activities, and the major assignments and assessments)? Do they press and support students to do the difficult academic work?
2.
Analyze for instructional and academic coherence (if analyzing a unit):
2a. Do the individual lessons in a unit build coherently toward clear, overarching learning goals, keyed to appropriate standards? Name the set of learning goals.
2b. Is progress against those goals measured in a well-designed assessment?
2c. Does each lesson build on the previous one?
2d. Are there opportunities for teachers to reinforce or draw upon previously learned information and skills in subsequent lessons?
3.
Analyze for cultural relevance/orientation to social justice:
3a. Are the materials likely to engage the backgrounds, interests, and strengths of one’s own s.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Home assignment II on Spectroscopy 2024 Answers.pdf
· Your initial post should be at least 500 words, formatted and ci.docx
1. · Your initial post should be at least 500 words, formatted and
cited in current APA style with support from at least 2 academic
sources. Your initial post is worth 8 points.
· You should respond to at least two of your peers by extending,
refuting/correcting, or adding additional nuance to their posts.
Your reply posts are worth 2 points (1 point per response.)
· All replies must be constructive and use literature where
possible.
#1
Lisa Wright
St. Thomas University
NUR 417: Aging and End of Life
Yedelis Diaz
November 01, 2022
Pathological Conditions in Older Adults
As one goes through the natural aging process, the
body's capacity to defend itself against infections diminishes.
The immune system's ability to offer protection is reduced, and
the individual becomes susceptible to conditions that affect
them more than other age groups (Haynes, 2020). This
population also experiences other symptoms impairing other
aspects of their lives as time passes. For instance, their skin and
bones lose their integrity and become more prone to abrasions
and breakage. This assignment module will examine the
pathological conditions that affect the sexual response in older
adults and how and why nutritional and psychological factors,
drugs, and other alternative and complementary medications
affect the immune system of the populations.
Pathological Conditions that Affect Sexual Response in Older
Adults
Sexuality is an essential aspect of life, irrespective of
the age group one is in—the older population and the younger
generation alike need to explore sexuality to maintain health
and well-being. Exploring sexuality is also a mixture of
2. biological, psychological, social, and religious factors, all of
which have plenty to do with aging. Among the pathological
conditions that affect sexual response in the elderly include
Genitourinary Syndrome of Menopause
These are the changes experienced in the genitourinary
pathway as one age. The individual can feel a burning
sensation, dryness, or irritation. This can lead to painful sexual
encounters, which can, in turn, reduce their desire to engage and
their response.
Dementia
This is a degenerative disorder of the mental faculties,
predominantly among the elderly (National Institute on Aging,
n.d.). Their judgment diminishes, making them disinterested or
utterly unaware of their sexual experiences. Some forms of the
condition have been shown to increase sex or closeness, but the
individual may fail to recognize what is appropriate and what is
not.
Diabetes
As a chronic condition experienced mainly by this
population, it can lead to yeast generation, leading to itchiness
around the sex organs, making sex unpalatable. The situation
can, however, be addressed with medication.
Incontinence
This is a condition where one experiences bladder
leakage caused by poor control (National Institute on Aging,
n.d.). It is most prevalent among the population and can lead to
diminished sex drive. It can, however, also be addressed with
medication.
Nutrition, Psychologic, Drugs, and Complementary and
Alternative Medication’s Influence on the Immune System
As the population ages, some aspects they go through
include isolation and loneliness brought on by not belonging to
the younger age groups. They also become more dependent on
their loved ones or caregivers for food, healthcare services, and
other needs. When this care is not meticulously monitored, the
individual can deteriorate even further, making them frailer and
3. generally unhealthy. Proper nutrition through food is the
primary source of life, which can significantly increase their
immune system’s capacity to defend their health. Food from
fruits like oranges that are rich in vitamin C is essential to the
immune system (Childs et al., 2019). Vegetables, proteins, and
fiber-rich food have been shown to stimulate an individual’s
immune cells.
Medical and alternative interventions also have plenty
of upsides for an individual in their old age. From medication
that helps with loss of appetite to multivitamins, the
individual’s immune system can be better boosted to protect the
system. A key aspect of medical interventions is fighting off
infections and bacteria and diminishing their capacity to
multiply. This, in turn, helps the immune system fend for itself
with ease and keep the elderly safe. Vaccines also work
splendidly, especially for the elderly, ensuring they are better
equipped to fight off an infection they would otherwise struggle
to fend off. Psychological intervention for the elderly has also
been effective in bolstering the immune system (Abdurachman
& Herawati, 2018). Maintaining a balance in one’s
psychological well-being was proven to have immune impacts
for an individual that, in turn, helps them better depend on their
health.
Conclusion
Age brings with it a host of issues that decrease the
body's functionalities that once were. From decreased cognitive
capacity through conditions like dementia to diminished sex
drive, age can feel like one's body is turning on them. It is thus
all the more imperative to observe one's health throughout one's
life, especially at this stage, to ensure that one is strong and can
lead relatively full lives even at that age. One needs to observe
all aspects of their health, from physical to psychological, as
coordination of all these aspects is critical to overall well-
being, especially as one age. This assignment module
investigated the pathological conditions that affect the sexual
response in older adults and how and why nutritional and
4. psychological factors, drugs, and other alternative and
complementary medications affect the immune system of the
populations.
References
Abdurachman, & Herawati, N. (2018). The role of psychological
well-being in boosting immune response: An optimal effort for
tackling infection.
African Journal of Infectious Diseases,
12(1 Suppl), 54. https://doi.org/10.2101/AJID.12V1S.7
Childs, C. E., Calder, P. C., & Miles, E. A. (2019). Diet and
immune function.
Nutrients,
11(8). https://doi.org/10.3390/NU11081933
Haynes, L. (2020). Aging of the immune system: Research
challenges to enhance the health span of older adults.
Frontiers in Aging,
0, 2. https://doi.org/10.3389/FRAGI.2020.602108
National Institute on Aging. (n.d.).
Sexuality and intimacy in older
adults. https://www.nia.nih.gov/health/sexuality-and-intimacy-
older-adults
#2
Jessica Rincon
St. Thomas University
NUR 417 AP2
Prof. Yedelis Diaz
11/1/2022
Effects of Pathological Conditions
5. Erens et al. (2019) posit that sexual expression contributes to
health and well-being, promotes self-esteem, and maintains
relationships, making it important throughout the life course.
However, society continues to witness an age-related decrease
in sexual satisfaction and activity, leading to the conclusion that
sexual expression changes with an increase in age. According to
Lecture Notes (Slide 2), nurses are responsible for assessing
disabling drugs and medical conditions, as well as age-related
changes affecting older adults’ sexual lives, and intervene at an
early point. The effectiveness of the interventions depends on
an understanding of the contributing factors. On the contrary,
most nurses share in society’s prejudice and negative attitudes
toward the asexuality of older adults, which is a barrier to the
effectiveness of the interventions they provide (Lecture Notes,
Slide 5). Hence, there is a need for nurses to be aware of and
understand the importance of sexuality among older adults.
Pathological factors are the primary contributors to decreased
sexual activity and satisfaction among older adults. They
include dementia, malignancies, and human immunodeficiency
virus (Lecture Notes, Slide 8). Dementia affects sexuality by
causing changes in cognition and judgment. Malignancies
include colon, prostate, and breast cancer, whose toll on the
health and well-being of older adults causes sexual inhibition or
a decrease in sexuality. Lastly is HIV, which affects about 45%
of the older adult population above 55 years (Lecture Notes,
Slide 8). Since it is mostly diagnosed late, older adults progress
quickly, thereby reducing their interests and chances of
engaging in sexual activity. Hence, nurses who serve this
population must be vigilant in assessing these pathological
conditions and providing appropriate interventions to enhance
their sexuality, which, in turn, will improve their health
outcomes.
On the other hand, nutritional factors, psychological factors,
drugs, and alternative and complementary medications affect the
immune systems of older adults by attacking their innate
response mechanisms that act as the first line of defense against
6. pathogens. Akha (2018) states that this outcome manifests in
the prevalence of constitutive low-grade inflammation and
autoimmunity, diminished response to vaccination, and
decreased ability to fight infection. For instance, nutritional
factors, such as malnutrition, could expose older adults to
sarcopenia, which refers to a decline in skeletal muscle as a
result of insufficient dietary protein, neuromuscular changes,
reduced levels of testosterone and growth hormone, disuse of
muscles, and physical inactivity (Lecture Notes, Slide 7).
Drugs, as well as complementary and alternative medications,
also affect the immune system of older adults immensely. Akha
(2018) provides an example of chemotherapeutic drugs used to
treat patients with cancer. The impact of such medications has
led to the development of evaluation criteria referred to as
immune-related response criteria (irCR). The evaluation criteria
reveal the expansion of immune-related adverse effects of
chemotherapeutic drugs, such as autoimmunity and
immunotoxicity (Akha, 2018). The adverse effects of
chemotherapeutic drugs are mediated by age-related immune
system changes and comorbidities, which significantly lower the
ability of the immune system to defend against other pathogens.
In other words, nutritional, psychological, and medication-
related factors affect the immune system of older adults by
cumulatively attacking its response criteria. The occurrence of
these factors at the same time, which is common among older
adults, compromises the immune system and its ability to fight
illnesses. The result is more comorbidities that increase hospital
visits by the population. Nurses must be aware of the interplay
between these factors and offer effective interventions to
provide better care.
References
Akha, A. A. S. (2018). Aging and the immune system: An
overview.
Journal of immunological methods,
463, 21-26.
7. Erens, B., Mitchell, K. R., Gibson, L., Datta, J., Lewis, R.,
Field, N., & Wellings, K. (2019). Health status, sexual activity
and satisfaction among older people in Britain: A mixed
methods study.
PloS one,
14(3), e0213835.
Lecture Notes. (n.d.).
Chapter 12: Sexuality and Aging.
Lecture Notes. (n.d.).
Chapter 9: Nutrition.
1
chapter
42
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
3
chapter
Organizations achieve operational security through policies and
procedures that guide user’s interactions with data and data
processing
systems. Developing and aligning these efforts with the goals of
the business
8. is a crucial part of developing a successful security program.
One method
of ensuring coverage is to align efforts with the operational
security model
described in the last chapter. This breaks efforts into groups;
prevention,
detection, and response elements.
Prevention technologies are designed to keep individuals from
being able
to gain access to systems or data they are not authorized to use.
Originally,
this was the sole approach to security. Eventually we learned
that in an
operational environment, prevention is extremely difficult and
relying
on prevention technologies alone is not sufficient. This led to
the rise of
technologies to detect and respond to events that occur when
prevention
fails. Together, the prevention technologies and the detection
and response
technologies form the operational model for computer security.
In this chapter, you will learn
9. how to
■■ Identify various operational aspects
to security in your organization
■■ Identify various policies and
procedures in your organization
■■ Identify the security awareness and
training needs of an organization
■■ Understand the different types of
agreements employed in negotiating
security requirements
■■ Describe the physical security
components that can protect your
computers and network
■■ Identify environmental factors that
can affect security
■■ Identify factors that affect the
security of the growing number of
wireless technologies used for data
transmission
■■ Prevent disclosure through
electronic emanations
We will bankrupt ourselves in the
vain search for absolute security.
—Dwight David Eisenhower
10. Operational and
Organizational Security
03-ch03.indd 42 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
PB 43
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
■■ Policies, Procedures, Standards,
and Guidelines
An important part of any organization’s approach to
implementing security
are the policies, procedures, standards, and guidelines that are
established
to detail what users and administrators should be doing to
maintain the
security of the systems and network. Collectively, these
documents provide
the guidance needed to determine how security will be
implemented in
the organization. Given this guidance, the specific technology
and security
mechanisms required can be planned for.
Policies are high-level, broad statements of what the
organization wants
to accomplish. They are made by management when laying out
the organi-
zation’s position on some issue. Procedures are the step-by-step
11. instructions
on how to implement policies in the organization. They describe
exactly
how employees are expected to act in a given situation or to
accomplish a
specific task. Standards are mandatory elements regarding the
implemen-
tation of a policy. They are accepted specifications that provide
specific
details on how a policy is to be enforced. Some standards are
externally
driven. Regulations for banking and financial institutions, for
example,
require certain security measures be taken by law. Other
standards may be
set by the organization to meet its own security goals.
Guidelines are recom-
mendations relating to a policy. The key term in this case is
recommenda-
tions—guidelines are not mandatory steps.
Just as the network itself constantly changes, the policies,
procedures,
standards, and guidelines should be included in living
documents that are
periodically evaluated and changed as necessary. The constant
monitoring
of the network and the periodic review of the relevant
documents are part
of the process that is the operational model. When applied to
policies, this
process results in what is known as the policy lifecycle. This
operational pro-
cess and policy lifecycle roughly consist of four steps in
relation to your
security policies and solutions:
12. 1. Plan (adjust) for security in your organization.
2. Implement the plans.
3. Monitor the implementation.
4. Evaluate the effectiveness.
In the first step, you develop the policies, procedures, and
guidelines
that will be implemented and design the security components
that will
protect your network. There are a variety of governing
instruments, from
standards to compliance rules that will provide boundaries for
these docu-
ments. Once these documents are designed and developed, you
can imple-
ment the plans. Part of the implementation of any policy,
procedure, or
guideline is an instruction period during which those who will
be affected
by the change or introduction of this new document learn about
its con-
tents. Next, you monitor to ensure that both the hardware and
the software
as well as the policies, procedures, and guidelines are effective
in securing
your systems. Finally, you evaluate the effectiveness of the
security mea-
sures you have in place. This step may include a vulnerability
assessment (an
attempt to identify and prioritize the list of vulnerabilities
within a system
13. These documents guide how
security will be implemented in
the organization:
Policies High-level,
broad statements of what the
organization wants to accomplish
Procedures Step-by-
step instructions on how to
implement the policies
Standards Mandatory
elements regarding the
implementation of a policy
Guidelines Recommend-
ations relating to a policy
03-ch03.indd 43 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
44 45
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
or network) and a penetration test (a method to check the
security of a sys-
tem by simulating an attack by a malicious individual) of your
system to
ensure the security is adequate. After evaluating your security
posture, you
14. begin again with step one, this time adjusting the security
mechanisms you
have in place, and then continue with this cyclical process.
Regarding security, every organization should have several
common
policies in place (in addition to those already discussed relative
to access
control methods). These include, but are not limited to, security
policies
regarding change management, classification of information,
acceptable
use, due care and due diligence, due process, need to know,
disposal and
destruction of data, service level agreements, human resources
issues, codes
of ethics, and policies governing incident response.
Security Policies
In keeping with the high-level nature of policies, the security
policy is a
high-level statement produced by senior management that
outlines both
what security means to the organization and the organization’s
goals for
security. The main security policy can then be broken down into
additional
policies that cover specific topics. Statements such as “this
organization
will exercise the principle of least access in its handling of
client informa-
tion” would be an example of a security policy. The security
policy can also
describe how security is to be handled from an organizational
point of view
(such as describing which office and corporate officer or
15. manager oversees
the organization’s security program).
In addition to policies related to access control, the
organization’s secu-
rity policy should include the specific policies described in the
next sec-
tions. All policies should be reviewed on a regular basis and
updated as
needed. Generally, policies should be updated less frequently
than the pro-
cedures that implement them, since the high-level goals will not
change as
often as the environment in which they must be implemented.
All policies
should be reviewed by the organization’s legal counsel, and a
plan should
be outlined that describes how the organization will ensure that
employees
will be made aware of the policies. Policies can also be made
stronger by
including references to the authority who made the policy
(whether this
policy comes from the CEO or is a department-level policy, for
example)
and references to any laws or regulations that are applicable to
the specific
policy and environment.
Change Management Policy
The purpose of change management is to ensure proper
procedures are fol-
lowed when modifications to the IT infrastructure are made.
These modi-
fications can be prompted by a number of different events,
including new
16. legislation, updated versions of software or hardware,
implementation of
new software or hardware, or improvements to the
infrastructure. The term
“management” implies that this process should be controlled in
some sys-
tematic way, and that is indeed the purpose. Changes to the
infrastructure
might have a detrimental impact on operations. New versions of
operat-
ing systems or application software might be incompatible with
other soft-
ware or hardware the organization is using. Without a process to
manage
03-ch03.indd 44 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
44 45
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
the change, an organization might suddenly find itself unable to
conduct
business. A change management process should include various
stages,
including a method to request a change to the infrastructure, a
review and
approval process for the request, an examination of the
consequences of
the change, resolution (or mitigation) of any detrimental effects
the change
17. might incur, implementation of the change, and documentation
of the pro-
cess as it related to the change.
Data Policies
System integration with third parties frequently involves the
sharing of
data. Data can be shared for the purpose of processing or
storage. Con-
trol over data is a significant issue in third-party relationships.
There are
numerous questions that need to be addressed. The question of
who owns
the data, both the data shared with third parties and subsequent
data devel-
oped as part of the relationship, is an issue that needs to be
established.
Data Ownership
Data requires a data owner. Data ownership roles for all data
elements need
to be defined in the business. Data ownership is a business
function, where
the requirements for security, privacy, retention, and other
business func-
tions must be established. Not all data requires the same
handling restric-
tions, but all data requires these characteristics to be defined.
This is the
responsibility of the data owner.
Unauthorized Data Sharing
Unauthorized data sharing can be a significant issue, and in
today’s world,
data has value and is frequently used for secondary purposes.
Ensuring
18. that all parties in the relationship understand the data-sharing
require-
ments is an important prerequisite. Equally important is
ensuring that all
parties understand the security requirements of shared data.
Data Backups
Data ownership requirements include backup responsibilities.
Data backup
requirements include determining the level of backup, restore
objectives,
and level of protection requirements. These can be defined by
the data
owner and then executed by operational IT personnel.
Determining the
backup responsibilities and developing the necessary
operational proce-
dures to ensure that adequate backups occur are important
security ele-
ments.
Classification of Information
A key component of IT security is the protection of the
information pro-
cessed and stored on the computer systems and network.
Organizations
deal with many different types of information, and they need to
recognize
that not all information is of equal importance or sensitivity.
This requires
classification of information into various categories, each with
its own
requirements for its handling. Factors that affect the
classification of spe-
cific information include its value to the organization (what will
be the
19. impact to the organization if it loses this information?), its age,
and laws or
03-ch03.indd 45 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
46 47
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
regulations that govern its protection. The most widely known
system of
classification of information is that implemented by the U.S.
government
(including the military), which classifies information into
categories such as
Confidential, Secret, and Top Secret. Businesses have similar
desires to protect
information and often use categories such as Publicly
Releasable, Proprietary,
Company Confidential, and For Internal Use Only. Each policy
for the clas-
sification of information should describe how it should be
protected, who
may have access to it, who has the authority to release it and
how, and how
it should be destroyed. All employees of the organization
should be trained
in the procedures for handling the information that they are
authorized to
access. Discretionary and mandatory access control techniques
use classi-
20. fications as a method to identify who may have access to what
resources.
Data Labeling, Handling, and Disposal
Effective data classification programs include data labeling,
which enables
personnel working with the data to know whether it is sensitive
and to
understand the levels of protection required. When the data is
inside an
information-processing system, the protections should be
designed into
the system. But when the data leaves this cocoon of protection,
whether
by printing, downloading, or copying, it becomes necessary to
ensure con-
tinued protection by other means. This is where data labeling
assists users
in fulfilling their responsibilities. Training to ensure that
labeling occurs
and that it is used and followed is important for users whose
roles can be
impacted by this material.
Training plays an important role in ensuring proper data
handling and
disposal. Personnel are intimately involved in several specific
tasks asso-
ciated with data handling and data destruction/disposal and, if
properly
trained, can act as a security control. Untrained or inadequately
trained per-
sonnel will not be a productive security control and, in fact, can
be a source
of potential compromise.
21. Need to Know
Another common security principle is that of need to know,
which goes hand-
in-hand with least privilege. The guiding factor here is that each
individual
in the organization is supplied with only the absolute minimum
amount of
information and privileges he or she needs to perform their
work tasks. To
obtain access to any piece of information, the individual must
have a justi-
fied need to know. A policy spelling out these two principles as
guiding
philosophies for the organization should be created. The policy
should also
address who in the organization can grant access to information
and who
can assign privileges to employees.
Disposal and Destruction Policy
Many potential intruders have learned the value of dumpster
diving. An
organization must be concerned about not only paper trash and
discarded
objects, but also the information stored on discarded objects
such as com-
puters. Several government organizations have been
embarrassed when
old computers sold to salvagers proved to contain sensitive
documents on
their hard drives. It is critical for every organization to have a
strong disposal
and destruction policy and related procedures.
Tech Tip
22. Data Classification
Information classification
categories you should be aware of
for the CompTIA Security+ exam
include: High, Medium, Low,
Confidential, Private, and Public.
03-ch03.indd 46 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
46 47
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
Important papers should be shredded, and important in this case
means
anything that might be useful to a potential intruder. It is
amazing what
intruders can do with what appear to be innocent pieces of
information.
Before magnetic storage media (such as disks or tapes) is
discarded in
the trash or sold for salvage, it should have all files deleted, and
should be
overwritten at least three times with all 1’s, all 0’s, and then
random charac-
ters. Commercial products are available to destroy files using
this process.
It is not sufficient simply to delete all files and leave it at that,
since the
deletion process affects only the pointers to where the files are
23. stored and
doesn’t actually get rid of all the bits in the file. This is why it
is possible to
“undelete” files and recover them after they have been deleted.
A safer method for destroying files from a storage device is to
destroy
the data magnetically, using a strong magnetic field to degauss
the media.
This effectively destroys all data on the media. Several
commercial degauss-
ers are available for this purpose. Another method that can be
used on hard
drives is to use a file on them (the sort of file you’d find in a
hardware store)
and actually file off the magnetic material from the surface of
the platter.
Shredding floppy media is normally sufficient, but simply
cutting a floppy
disk into a few pieces is not enough—data has been successfully
recovered
from floppies that were cut into only a couple of pieces. CDs
and DVDs
also need to be disposed of appropriately. Many paper shredders
now have
the ability to shred these forms of storage media. In some
highly secure
environments, the only acceptable method of disposing of hard
drives
and other storage devices is the actual physical destruction of
the devices.
Matching the security action to the level of risk is important to
recognize in
this instance. Destroying hard drives that do not have sensitive
information
is wasteful; proper file scrubbing is probably appropriate. For
24. drives with
ultra-sensitive information, physical destruction makes sense.
There is no
single answer, but as in most things associated with information
security,
the best practice is to match the action to the level of risk.
Human Resources Policies
It has been said that the weakest links in the security chain are
the humans.
Consequently, it is important for organizations to have policies
in place
relative to their employees. Policies that relate to the hiring of
individuals
are primarily important. The organization needs to make sure
that it hires
individuals who can be trusted with the organization’s data and
that of its
clients. Once employees are hired, they should be kept from
slipping into
the category of “disgruntled employee.” Finally, policies must
be devel-
oped to address the inevitable point in the future when an
employee leaves
the organization—either on his or her own or with the
“encouragement” of
the organization itself. Security issues must be considered at
each of these
points.
Code of Ethics
Numerous professional organizations have established codes of
ethics for
their members. Each of these describes the expected behavior of
their mem-
bers from a high-level standpoint. Organizations can adopt this
25. idea as
well. For organizations, a code of ethics can set the tone for
how employees
will be expected to act and to conduct business. The code
should demand
Many organizations overlook
the security implications
that decisions by Human
Resources may have. Human
Resources personnel and
security personnel should have
a close working relationship.
Decisions on the hiring and
firing of personnel have direct
security implications for the
organization. As a result,
procedures should be in place
that specify which actions must
be taken when an employee is
hired, is terminated, or retires.
03-ch03.indd 47 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
48 49
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
honesty from employees and require that they perform all
activities in a
professional manner. The code could also address principles of
26. privacy and
confidentiality and state how employees should treat client and
organiza-
tional data. Conflicts of interest can often cause problems, so
this could also
be covered in the code of ethics.
By outlining a code of ethics, the organization can encourage an
envi-
ronment that is conducive to integrity and high ethical
standards. For addi-
tional ideas on possible codes of ethics, check professional
organizations
such as the Institute for Electrical and Electronics Engineers
(IEEE), the
Association for Computing Machinery (ACM), or the
Information Systems
Security Association (ISSA).
Job Rotation
An interesting approach to enhance security that is gaining
increasing
attention is job rotation. Organizations often discuss the
benefits of rotat-
ing individuals through various jobs in an organization’s IT
department.
By rotating through jobs, individuals gain a better perspective
on how the
various parts of IT can enhance (or hinder) the business. Since
security is
often a misunderstood aspect of IT, rotating individuals through
security
positions can result in a much wider understanding throughout
the organi-
zation about potential security problems. It also can have the
side benefit of
27. a company not having to rely on any one individual too heavily
for security
expertise. If all security tasks are the domain of one employee,
and that
individual leaves suddenly, security at the organization could
suffer. On the
other hand, if security tasks are understood by many different
individuals,
the loss of any one individual has less of an impact on the
organization.
Employee Hiring and Promotions
It is becoming common for organizations to run background
checks on
prospective employees and to check the references prospective
employ-
ees supply. Frequently, organizations require drug testing,
check for any
past criminal activity, verify claimed educational credentials,
and confirm
reported work history. For highly sensitive environments,
special security
background investigations can also be required. Make sure that
your orga-
nization hires the most capable and trustworthy employees, and
that your
policies are designed to ensure this.
After an individual has been hired, your organization needs to
mini-
mize the risk that the employee will ignore company rules and
affect secu-
rity. Periodic reviews by supervisory personnel, additional drug
checks,
and monitoring of activity during work may all be considered by
the orga-
28. nization. If the organization chooses to implement any of these
reviews, this
must be specified in the organization’s policies, and prospective
employees
should be made aware of these policies before being hired.
What an organi-
zation can do in terms of monitoring and requiring drug tests,
for example,
can be severely restricted if not spelled out in advance as terms
of employ-
ment. New hires should be made aware of all pertinent policies,
especially
those applying to security, and should be asked to sign
documents indicat-
ing that they have read and understood them.
Occasionally an employee’s status will change within the
company. If
the change can be construed as a negative personnel action
(such as a demo-
tion), supervisors should be alerted to watch for changes in
behavior that
Tech Tip
Hiring Hackers
Hiring a skilled hacker may make
sense from a technical skills point
of view, but an organization also
has to consider the broader ethical
and business consequences and
associated risks. Is the hacker
completely reformed or not? How
much time is needed to determine
this? The real question is not
“Would you hire a hacker?” but
29. rather “Can you fire a hacker
once he has had access to your
systems?” Trust is an important
issue with employees who have
system administrator access, and
the long-term ramifications need
to be considered.
Tech Tip
Accounts of Former
Employees
When conducting security
assessments of organizations,
security professionals frequently
find active accounts for
individuals who no longer work
for the company. This is especially
true for larger organizations,
which may lack a clear process
for the personnel office to
communicate with the network
administrators when an employee
leaves the organization. These
old accounts, however, are a weak
point in the security perimeter for
the organization and should be
eliminated.
03-ch03.indd 48 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
48 49
30. BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
might indicate the employee is contemplating or conducting
unauthorized
activity. It is likely that the employee will be upset, and
whether he acts on
this to the detriment of the company is something that needs to
be guarded
against. In the case of a demotion, the individual may also lose
certain priv-
ileges or access rights, and these changes should be made
quickly so as to
lessen the likelihood that the employee will destroy previously
accessible
data if he becomes disgruntled and decides to take revenge on
the organiza-
tion. On the other hand, if the employee is promoted, privileges
may still
change, but the need to make the change to access privileges
may not be as
urgent, though it should still be accomplished as quickly as
possible. If the
move is a lateral one, changes may also need to take place, and
again they
should be accomplished as quickly as possible.
Retirement, Separation, or Termination of an Employee
An employee leaving an organization can be either a positive or
a negative
action. Employees who are retiring by their own choice may
announce their
planned retirement weeks or even months in advance. Limiting
their access
to sensitive documents the moment they announce their
31. intention may be
the safest thing to do, but it might not be necessary. Each
situation should
be evaluated individually. If the situation is a forced retirement,
the organi-
zation must determine the risk to its data if the employee
becomes disgrun-
tled as a result of the action. In this situation, the wisest choice
might be to
cut off the employee’s access quickly and provide her with
some additional
vacation time. This might seem like an expensive proposition,
but the dan-
ger to the company of having a disgruntled employee may
justify it. Again,
each case should be evaluated individually.
When an employee decides to leave a company, generally as a
result of a
new job offer, continued access to sensitive information should
be carefully
considered. If the employee is leaving as a result of hard
feelings toward the
company, it might be wise to quickly revoke her access
privileges.
If the employee is leaving the organization because he is being
termi-
nated, you should assume that he is or will become disgruntled.
While
it may not seem the friendliest thing to do, an employee in this
situation
should immediately have his access privileges to sensitive
information and
facilities revoked.
32. Combinations should also be quickly changed once an employee
has
been informed of their termination. Access cards, keys, and
badges should
be collected; the employee should be escorted to her desk and
watched as
she packs personal belongings; and then she should be escorted
from the
building.
Mandatory Vacations
Organizations have provided vacation time to their employees
for many
years. Few, however, force employees to take this time if they
don’t want
to. At some companies, employees are given the choice to either
“use or
lose” their vacation time; if they do not take all of their
vacation time, they
lose at least a portion of it. From a security standpoint, an
employee who
never takes time off might be involved in nefarious activity,
such as fraud or
embezzlement, and might be afraid that if he leaves on vacation,
the orga-
nization will discover his illicit activities. As a result, requiring
employees
to use their vacation time through a policy of mandatory
vacations can be
It is better to give a
potentially disgruntled
employee several weeks of paid
vacation than to have him trash
sensitive files to which he has
access. Because employees
33. typically know the pattern of
management behavior with
respect to termination, doing the
right thing will pay dividends in
the future for a firm.
Organizations commonly
neglect to have a policy that
mandates the removal of an
individual’s computer access
upon termination. Not only
should such a policy exist,
but it should also include the
procedures to reclaim and
“clean” a terminated employee’s
computer system and accounts.
03-ch03.indd 49 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
50 51
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
a security protection mechanism. Using mandatory vacations as
a tool to
detect fraud will require that somebody else also be trained in
the functions
of the employee who is on vacation. Having a second person
familiar with
security procedures is also a good policy in case something
happens to the
34. primary employee.
On-boarding/Off-boarding Business Partners
Just as it is important to manage the on- and off-boarding
processes of
company personnel, it is important to consider the same types of
elements
when making arrangements with third parties. Agreements with
business
partners tend to be fairly specific with respect to terms
associated with
mutual expectations associated with the process of the business.
Consid-
erations regarding the on-boarding and off-boarding processes
are impor-
tant, especially the off-boarding. When a contract arrangement
with a third
party comes to an end, issues as to data retention and
destruction by the
third party need to be addressed. These considerations need to
be made
prior to the establishment of the relationship, not added at the
time that it
is coming to an end.
Social Media Networks
The rise of social media networks has changed many aspects of
business.
Whether used for marketing, communications, customer
relations, or some
other purpose, social media networks can be considered a form
of third
party. One of the challenges in working with social media
networks and/or
applications is their terms of use. While a relationship with a
typical third
35. party involves a negotiated set of agreements with respect to
requirements,
there is no negotiation with social media networks. The only
option is to
adopt their terms of service, so it is important to understand the
implica-
tions of these terms with respect to the business use of the
social network.
Acceptable Use Policy
An acceptable use policy (AUP) outlines what the organization
considers to
be the appropriate use of company resources, such as computer
systems,
e-mail, Internet access, and networks. Organizations should be
concerned
about personal use of organizational assets that does not benefit
the
company.
The goal of the AUP is to ensure employee productivity while
limit-
ing organizational liability through inappropriate use of the
organization’s
assets. The AUP should clearly delineate what activities are not
allowed. It
should address issues such as the use of resources to conduct
personal busi-
ness, installation of hardware or software, remote access to
systems and
networks, the copying of company-owned software, and the
responsibility
of users to protect company assets, including data, software,
and hardware.
Statements regarding possible penalties for ignoring any of the
policies
36. (such as termination) should also be included.
Related to appropriate use of the organization’s computer
systems
and networks by employees is the appropriate use by the
organization.
The most important of such issues is whether the organization
considers
it appropriate to monitor the employees’ use of the systems and
network.
On-boarding and off-
boarding business procedures
should be well documented to
ensure compliance with legal
requirements.
03-ch03.indd 50 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
50 51
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
If monitoring is considered appropriate, the organization should
include
a statement to this effect in the banner that appears at login.
This repeat-
edly warns employees, and possible intruders, that their actions
are sub-
ject to monitoring and that any misuse of the system will not be
tolerated.
37. Should the organization need to use in a civil or criminal case
any informa-
tion gathered during monitoring, the issue of whether the
employee had an
expectation of privacy, or whether it was even legal for the
organization to
be monitoring, is simplified if the organization can point to a
statement that
is always displayed that instructs users that use of the system
constitutes
consent to monitoring. Before any monitoring is conducted, or
the actual
wording on the warning message is created, the organization’s
legal coun-
sel should be consulted to determine the appropriate way to
address this
issue in the particular jurisdiction.
Internet Usage Policy
In today’s highly connected environment, employee use of
access to the
Internet is of particular concern. The goal of the Internet usage
policy is to
ensure maximum employee productivity and to limit potential
liability to
the organization from inappropriate use of the Internet in a
workplace. The
Internet provides a tremendous temptation for employees to
waste hours
as they surf the Web for the scores of games from the previous
night, con-
duct quick online stock transactions, or read the review of the
latest block-
buster movie everyone is talking about. In addition, allowing
employees to
visit sites that may be considered offensive to others (such as
38. pornographic
or hate sites) can open the company to accusations of condoning
a hostile
work environment and result in legal liability.
The Internet usage policy needs to address what sites employees
are
allowed to visit and what sites they are not allowed to visit. If
the com-
pany allows them to surf the Web during nonwork hours, the
policy needs
to clearly spell out the acceptable parameters, in terms of when
they are
allowed to do this and what sites they are still prohibited from
visiting
(such as potentially offensive sites). The policy should also
describe under
what circumstances an employee would be allowed to post
something from
the organization’s network on the Web (on a blog, for example).
A necessary
addition to this policy would be the procedure for an employee
to follow to
obtain permission to post the object or message.
E-Mail Usage Policy
Related to the Internet usage policy is the e-mail usage policy,
which deals
with what the company will allow employees to send in, or as
attachments
to, e-mail messages. This policy should spell out whether
nonwork e-mail
traffic is allowed at all or is at least severely restricted. It needs
to cover the
type of message that would be considered inappropriate to send
to other
39. employees (for example, no offensive language, no sex-related
or ethnic
jokes, no harassment, and so on). The policy should also specify
any dis-
claimers that must be attached to an employee’s message sent to
an indi-
vidual outside the company. The policy should remind
employees of the
risks of clicking on links in e-mails, or opening attachments, as
these can be
social engineering attacks.
In today’s highly connected
environment, every organization
should have an AUP that spells
out to all employees what
the organization considers
appropriate and inappropriate
use of its computing and
networks resources. Having this
policy may be critical should
the organization need to take
disciplinary actions based on an
abuse of its resources.
03-ch03.indd 51 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
52 53
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
40. Clean Desk Policy
Preventing access to information is also important in the work
area. Firms
with sensitive information should have a “clean desk policy”
specifying
that sensitive information must not be left unsecured in the
work area when
the worker is not present to act as custodian. Even leaving the
desk area
and going to the bathroom can leave information exposed and
subject to
compromise. The clean desk policy should identify and prohibit
things that
are not obvious upon first glance, such as passwords on sticky
notes under
keyboards and mouse pads or in unsecured desk drawers. All of
these ele-
ments that demonstrate the need for a clean desk are lost if
employees do
not make them personal. Training for clean desk activities needs
to make
the issue a personal one, where consequences are understood
and the work-
place reinforces the positive activity.
Bring Your Own Device (BYOD) Policy
Everyone seems to have a smartphone, a tablet, or other
personal Internet
device that they use in their personal lives. Bringing these to
work is a natu-
ral extension of one’s normal activities, but this raises the
question of what
policies are appropriate before a firm allows these devices to
connect to the
corporate network and access company data. Like all other
policies, plan-
41. ning is needed to define the appropriate pathway to the company
objec-
tives. Personal devices offer cost savings and positive user
acceptance, and
in many cases these factors make allowing BYOD a sensible
decision.
The primary purpose of a BYOD policy is to lower the risk
associated
with connecting a wide array of personal devices to a
company’s network
and accessing sensitive data on them. This places security, in
the form of
risk management, as a center element of a BYOD policy.
Devices need to be
maintained in a current, up-to-date software posture, and with
certain secu-
rity features, such as screen locks and passwords enabled.
Remote wipe
and other features should be enabled, and highly sensitive data,
especially
in aggregate, should not be allowed on the devices. Users
should have
specific training as to what is allowed and what isn’t and should
be made
aware of the increased responsibility associated with a mobile
means of
accessing corporate resources.
In some cases it may be necessary to define a policy associated
with per-
sonally owned devices. This policy will describe the rules and
regulations
associated with use of personally owned devices with respect to
corporate
data, network connectivity, and security risks.
42. Privacy Policy
Customers place an enormous amount of trust in organizations
to which
they provide personal information. These customers expect their
informa-
tion to be kept secure so that unauthorized individuals will not
gain access
to it and so that authorized users will not use the information in
unintended
ways. Organizations should have a privacy policy that explains
what their
guiding principles will be in guarding personal data to which
they are
given access.
03-ch03.indd 52 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
52 53
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
A special category of private information that is becoming
increasingly
important today is personally identifiable information (PII).
This category
of information includes any data that can be used to uniquely
identify an
individual. This would include an individual’s name, address,
driver’s
license number, and other details. An organization that collects
43. PII on its
employees and customers must make sure that it takes all
necessary mea-
sures to protect the data from compromise.
Cross Check
Privacy
Privacy is an important consideration in today’s computing
environ-
ment. As such, it has been given its own chapter, Chapter 25.
Additional
details on privacy issues can be found there.
Due Care and Due Diligence
Due care and due diligence are terms used in the legal and
business com-
munity to define reasonable behavior. Basically, the law
recognizes the
responsibility of an individual or organization to act reasonably
relative to
another party. If party A alleges that the actions of party B have
caused it
loss or injury, party A must prove that party B failed to exercise
due care or
due diligence and that this failure resulted in the loss or injury.
These terms
often are used synonymously, but due care generally refers to
the standard
of care a reasonable person is expected to exercise in all
situations, whereas
due diligence generally refers to the standard of care a business
is expected
to exercise in preparation for a business transaction. An
organization must
take reasonable precautions before entering a business
44. transaction or it
might be found to have acted irresponsibly. In terms of security,
organiza-
tions are expected to take reasonable precautions to protect the
information
that they maintain on individuals. Should a person suffer a loss
as a result
of negligence on the part of an organization in terms of its
security, that
person typically can bring a legal suit against the organization.
The standard applied—reasonableness—is extremely subjective
and
often is determined by a jury. The organization will need to
show that it had
taken reasonable precautions to protect the information, and
that, despite
these precautions, an unforeseen security event occurred that
caused the
injury to the other party. Since this is so subjective, it is hard to
describe what
would be considered reasonable, but many sectors have a set of
“security
best practices” for their industry, which provides a basis for
organizations
in that sector to start from. If the organization decides not to
follow any of
the best practices accepted by the industry, it needs to be
prepared to justify
its reasons in court should an incident occur. If the sector the
organization
is in has regulatory requirements, justifying why the mandated
security
practices were not followed will be much more difficult (if not
impossible).
45. Tech Tip
Prudent Person
Principle
The concepts of due care and
due diligence are connected.
Due care addresses whether
the organization has a minimal
set of policies that provides
reasonable assurance of success
in maintaining security.
Due diligence requires that
management actually do
something to ensure security,
such as implement procedures
for testing and review of audit
records, internal security
controls, and personnel behavior.
The standard applied is one of
a “prudent person”; would a
prudent person find the actions
appropriate and sincere? To apply
this standard, all one has to do
is ask the following question for
the issue under consideration:
“What would a prudent person
do to protect and ensure that the
security features and procedures
are working or adequate?” Failure
of a security feature or procedure
doesn’t necessarily mean the
person acted imprudently.
Due diligence is the
application of a specific
standard of care. Due care is the
46. degree of care that an ordinary
person would exercise.
03-ch03.indd 53 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
54 55
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
Due Process
Due process is concerned with guaranteeing fundamental
fairness, justice,
and liberty in relation to an individual’s legal rights. In the
United States,
due process is concerned with the guarantee of an individual’s
rights as
outlined by the Constitution and Bill of Rights. Procedural due
process is
based on the concept of what is “fair.” Also of interest is the
recognition by
courts of a series of rights that are not explicitly specified by
the Constitu-
tion but that the courts have decided are implicit in the concepts
embodied
by the Constitution. An example of this is an individual’s right
to privacy.
From an organization’s point of view, due process may come
into play dur-
ing an administrative action that adversely affects an employee.
Before
an employee is terminated, for example, were all of the
47. employee’s rights
protected? An actual example pertains to the rights of privacy
regarding
employees’ e-mail messages. As the number of cases involving
employers
examining employee e-mails grows, case law continues to be
established
and the courts eventually will settle on what rights an employee
can expect.
The best thing an employer can do if faced with this sort of
situation is to
work closely with HR staff to ensure that appropriate policies
are followed
and that those policies are in keeping with current laws and
regulations.
Incident Response Policies and Procedures
No matter how careful an organization is, eventually a security
incident
of some sort will occur. When it happens, how effectively the
organization
responds to it will depend greatly on how prepared it is to
handle incidents.
An incident response policy and associated procedures should
be devel-
oped to outline how the organization will prepare for security
incidents
and respond to them when they occur. Waiting until an incident
happens
is not the right time to establish your policies—they need to be
designed
in advance. The incident response policy should cover five
phases: prep-
aration, detection, containment and eradication, recovery, and
follow-up
actions.
48. Cross Check
Incident Response
Incident response is covered in detail in Chapter 22. This
section serves
only as an introduction to policy elements associated with the
topic. For
complete details on incident response, please examine Chapter
22.
■■ Security Awareness and Training
Security awareness and training programs can enhance an
organization’s
security posture in two direct ways. First, they teach personnel
how to fol-
low the correct set of actions to perform their duties in a secure
manner.
Second, they make personnel aware of the indicators and effects
of social
engineering attacks.
03-ch03.indd 54 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
54 55
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
There are many tasks that employees perform that can have
information
security ramifications. Properly trained employees are able to
49. perform their
duties in a more effective manner, including their duties
associated with
information security. The extent of information security training
will vary
depending on the organization’s environment and the level of
threat, but
initial employee security training at the time of being hired is
important,
as is periodic refresher training. A strong security education and
awareness
training program can go a long way toward reducing the chance
that a social
engineering attack will be successful. Security awareness
programs and
campaigns, which might include seminars, videos, posters,
newsletters, and
similar materials, are also fairly easy to implement and are not
very costly.
Security Policy Training and Procedures
Personnel cannot be expected to perform complex tasks without
training with
respect to the tasks and expectations. This applies both to the
security policy
and to operational security details. If employees are going to be
expected
to comply with the organization’s security policy, they must be
properly
trained in its purpose, meaning, and objectives. Training with
respect to the
information security policy, individual responsibilities, and
expectations is
something that requires periodic reinforcement through
refresher training.
50. Because the security policy is a high-level directive that sets the
over-
all support and executive direction with respect to security, it is
important
that the meaning of this message be translated and supported.
Second-level
policies such as password, access, information handling, and
acceptable
use policies also need to be covered. The collection of policies
should paint
a picture describing the desired security culture of the
organization. The
training should be designed to ensure that people see and
understand the
whole picture, not just the elements.
Role-based Training
For training to be effective, it needs to be targeted to the user
with regard
to their role in the subject of the training. While all employees
may need
general security awareness training, they also need specific
training in
areas where they have individual responsibilities. Role-based
training with
regard to information security responsibilities is an important
part of infor-
mation security training.
If a person has job responsibilities that may impact information
security,
then role-specific training is needed to ensure that the
individual understands
the responsibilities as they relate to information security. Some
roles, such as
system administrator or developer, have clearly defined
51. information security
responsibilities. The roles of others, such as project manager or
purchasing
manager, have information security impacts that are less
obvious, but these
roles require training as well. In fact, the less-obvious but
wider-impact roles
of middle management can have a large effect on the
information security
culture, and thus if a specific outcome is desired, it requires
training.
As in all personnel-related training, two elements need
attention. First,
retraining over time is necessary to ensure that personnel keep
proper
levels of knowledge. Second, as people change jobs, a
reassessment of the
03-ch03.indd 55 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
56 57
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
required training basis is needed, and additional training may be
required.
Maintaining accurate training records of personnel is the only
way this can
be managed in any significant enterprise.
52. Compliance with Laws, Best Practices,
and Standards
There is a wide array of laws, regulations, contractual
requirements, standards,
and best practices associated with information security. Each
places its own set
of requirements upon an organization and its personnel. The
only effective
way for an organization to address these requirements is to
build them into
their own policies and procedures. Training to one’s own
policies and proce-
dures would then translate into coverage of these external
requirements.
It is important to note that many of these external requirements
impart
a specific training and awareness component upon the
organization. Orga-
nizations subject to the requirements of the Payment Card
Industry Data
Security Standard (PCI DSS), Gramm Leach Bliley Act
(GLBA), or Health
Insurance Portability Accountability Act (HIPAA) are among
the many
that must maintain a specific information security training
program. Other
organizations should do so as a matter of best practice.
User Habits
Individual user responsibilities vary between organizations and
the type of
business each organization is involved in, but there are certain
very basic
responsibilities that all users should be instructed to adopt:
53. ■■ Lock the door to your office or workspace, including
drawers and
cabinets.
■■ Do not leave sensitive information inside your car
unprotected.
■■ Secure storage media containing sensitive information in a
secure
storage device.
■■ Shred paper containing organizational information before
discarding it.
■■ Do not divulge sensitive information to individuals
(including other
employees) who do not have an authorized need to know it.
■■ Do not discuss sensitive information with family members.
(The most
common violation of this rule occurs in regard to HR
information, as
employees, especially supervisors, may complain to their spouse
or
friends about other employees or about problems that are
occurring
at work.)
■■ Protect laptops and other mobile devices that contain
sensitive or
important organization information wherever the device may be
stored or left. (It’s a good idea to ensure that sensitive
information
is encrypted on the laptop or mobile device so that, should the
equipment be lost or stolen, the information remains safe.)
54. ■■ Be aware of who is around you when discussing sensitive
corporate
information. Does everybody within earshot have the need to
hear
this information?
03-ch03.indd 56 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
56 57
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
■■ Enforce corporate access control procedures. Be alert to, and
do not
allow, piggybacking, shoulder surfing, or access without the
proper
credentials.
■■ Be aware of the correct procedures to report suspected or
actual
violations of security policies.
■■ Follow procedures established to enforce good password
security
practices. Passwords are such a critical element that they are
frequently the ultimate target of a social engineering attack.
Though
such password procedures may seem too oppressive or strict,
they
are often the best line of defense.
55. ■■ User habits are a front-line security tool in engaging the
workforce to
improve the overall security posture of an organization.
New Threats and Security Trends/Alerts
At the end of the day, information security practices are about
managing
risk, and it is well known that the risk environment is one
marked by con-
stant change. The ever-evolving threat environment frequently
encounters
new threats, new security issues, and new forms of defense.
Training peo-
ple to recognize the new threats necessitates continual
awareness and train-
ing refresher events.
New Viruses
New forms of viruses, or malware, are being created every day.
Some of
these new forms can be highly destructive and costly, and it is
incumbent
upon all users to be on the lookout for and take actions to avoid
exposure.
Poor user practices are counted on by malware authors to assist
in the
spread of their attacks. One way of explaining proper actions to
users is to
use an analogy to cleanliness. Training users to practice good
hygiene in
their actions can go a long way toward assisting the enterprise
in defending
against these attack vectors.
Phishing Attacks
The best defense against phishing and other social engineering
56. attacks is an
educated and aware body of employees. Continual refresher
training about
the topic of social engineering and specifics about current
attack trends are
needed to keep employees aware of and prepared for new trends
in social
engineering attacks. Attackers rely upon an uneducated,
complacent, or
distracted workforce to enable their attack vector. Social
engineering has
become the gateway for many of the most damaging attacks in
play today.
Social engineering is covered extensively in Chapter 4.
Social Networking and P2P
With the rise in popularity of peer-to-peer (P2P)
communications and social
networking sites—notably Facebook, Twitter, and LinkedIn—
many people
have gotten into a habit of sharing too much information. Using
a status of
“Returning from sales call to XYZ company” reveals
information to peo-
ple who have no need to know this information. Confusing
sharing with
User responsibilities are easy
training topics about which to
ask questions on the CompTIA
Security+ exam, so commit to
memory your knowledge of the
points listed here.
03-ch03.indd 57 03/11/15 5:20 pm
57. Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
58 59
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
friends and sharing business information with those who don’t
need to
know is a line people are crossing on a regular basis. Don’t be
the employee
who mixes business and personal information and releases
information to
parties who should not have it, regardless of how innocuous it
may seem.
Users need to understand the importance of not using common
pro-
grams such as torrents and other file sharing in the workplace,
as these pro-
grams can result in infection mechanisms and data-loss
channels. The infor-
mation security training and awareness program should cover
these issues.
If the issues are properly explained to employees, their
motivation to com-
ply won’t simply be to avoid adverse personnel action for
violating a policy;
they will want to assist in the security of the organization and
its mission.
Training Metrics and Compliance
Training and awareness programs can yield much in the way of
an edu-
58. cated and knowledgeable workforce. Many laws, regulations,
and best
practices have requirements for maintaining a trained
workforce. Having
a record-keeping system to measure compliance with attendance
and to
measure the effectiveness of the training is a normal
requirement. Simply
conducting training is not sufficient. Following up and
gathering training
metrics to validate compliance and security posture is an
important aspect
of security training management.
A number of factors deserve attention when managing security
train-
ing. Because of the diverse nature of role-based requirements,
maintaining
an active, up-to-date listing of individual training and retraining
require-
ments is one challenge. Monitoring the effectiveness of the
training is yet
another challenge. Creating an effective training and awareness
program
when measured by actual impact on employee behavior is a
challenging
endeavor. Training needs to be current, relevant, and interesting
to engage
employee attention. Simple repetition of the same training
material has not
proven to be effective, so regularly updating the program is a
requirement
if it is to remain effective over time.
■■ Interoperability Agreements
Many business operations involve actions between many
59. different par-
ties—some within an organization, and some in different
organizations.
These actions require communication between the parties,
defining the
responsibilities and expectations of the parties, the business
objectives, and
the environment within which the objectives will be pursued. To
ensure an
agreement is understood between the parties, written agreements
are used.
Numerous forms of legal agreements and contracts are used in
business,
but with respect to security, some of the most common ones are
the service
level agreement, business partnership agreement, memorandum
of under-
standing, and interconnection security agreement.
Tech Tip
Security Training
Records
Requirements for both periodic
training and retraining drive the
need for good training records.
Maintaining proper information
security training records is a
requirement of several laws
and regulations and should be
considered a best practice.
03-ch03.indd 58 03/11/15 5:20 pm
60. Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
58 59
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
Service Level Agreements
Service level agreements (SLAs) are contractual agreements
between entities
that describe specified levels of service that the servicing entity
agrees to
guarantee for the customer. SLAs essentially set the requisite
level of per-
formance of a given contractual service. SLAs are typically
included as part
of a service contract and set the level of technical expectations.
An SLA can
define specific services, the performance level associated with a
service,
issue management and resolution, and so on. SLAs are
negotiated between
customer and supplier and represent the agreed-upon terms. An
organi-
zation contracting with a service provider should remember to
include in
the agreement a section describing the service provider’s
responsibility in
terms of business continuity and disaster recovery. The
provider’s backup
plans and processes for restoring lost data should also be clearly
described.
Typically, a good SLA will satisfy two simple rules. First, it
will describe
the entire set of product or service functions in sufficient detail
61. that their
requirement will be unambiguous. Second, the SLA will provide
a clear
means of determining whether a specified function or service
has been pro-
vided at the agreed-upon level of performance.
Business Partnership Agreement
A business partnership agreement (BPA) is a legal agreement
between part-
ners establishing the terms, conditions, and expectations of the
relation-
ship between the partners. These details can cover a wide range
of issues,
including typical items such as the sharing of profits and losses,
the respon-
sibilities of each partner, the addition or removal of partners,
and any other
issues. The Uniform Partnership Act (UPA), established by state
law and
convention, lays out a uniform set of rules associated with
partnerships to
resolve any partnership terms. The terms in a UPA are designed
as “one
size fits all” and are not typically in the best interest of any
specific partner-
ship. To avoid undesired outcomes that may result from UPA
terms, it is
best for partnerships to spell out specifics in a BPA.
Memorandum of Understanding
A memorandum of understanding (MOU) is a legal document
used to describe
a bilateral agreement between parties. It is a written agreement
expressing
a set of intended actions between the parties with respect to
62. some common
pursuit or goal. It is more formal and detailed than a simple
handshake, but
it generally lacks the binding powers of a contract. It is also
common to find
MOUs between different units within an organization to detail
expectations
associated with the common business interest.
Interconnection Security Agreement
An interconnection security agreement (ISA) is a specialized
agreement
between organizations that have interconnected IT systems, the
purpose of
which is to document the security requirements associated with
the inter-
connection. An ISA can be a part of an MOU detailing the
specific technical
security aspects of a data interconnection.
Be sure you understand
the differences between the
interoperability agreements
SLA, BPA, MOU, and ISA. The
differences hinge upon the
purpose for each document.
03-ch03.indd 59 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
60 61
BaseTech / Principles of Computer Security, Fourth Edition /
63. Conklin / 597-0 / Chapter 3
■■ The Security Perimeter
The discussion to this point has not included any mention of the
specific
technology used to enforce operational and organizational
security or a
description of the various components that constitute the
organization’s
security perimeter. If the average administrator were asked to
draw a dia-
gram depicting the various components of their network, the
diagram
would probably look something like Figure 3.1.
This diagram includes the major components typically found in
a net-
work. The connection to the Internet generally has some sort of
protection
attached to it such as a firewall. An intrusion detection system
(IDS), also
often part of the security perimeter for the organization, may be
either on
the inside or the outside of the firewall, or it may in fact be on
both sides. The
specific location depends on the company and what it is more
concerned
about preventing (that is, insider threats or external threats).
The router can
also be thought of as a security device, as it can be used to
enhance security
such as in the case of wireless routers that can be used to
enforce encryption
settings. Beyond this security perimeter is the corporate net-
work. Figure 3.1 is obviously a very simple depiction—an
64. actual network can have numerous subnets and extranets as
well as wireless access points—but the basic components are
present. Unfortunately, if this were the diagram provided
by the administrator to show the organization’s basic net-
work structure, the administrator would have missed a very
important component. A more astute administrator would
provide a diagram more like Figure 3.2.
This diagram includes other possible access points into
the network, including the public switched telephone net-
work (PSTN) and wireless access points. The organization
may or may not have any authorized modems or wire-
less networks, but the savvy administrator would realize
that the potential exists for unauthorized versions of both.
When considering the policies, procedures, and
guidelines needed to implement security for the
organization, both networks need to be consid-
ered. Another development that has brought the
telephone and computer networks together is the
implementation of voice over IP (VoIP), which elimi-
nates the traditional land lines in an organization
and replaces them with special telephones that
connect to the IP data network.
While Figure 3.2 provides a more comprehen-
sive view of the various components that need to
be protected, it is still incomplete. Most experts will
agree that the biggest danger to any organization
does not come from external attacks but rather from
the insider—a disgruntled employee or somebody
else who has physical access to the facility. Given
physical access to an office, the knowledgeable
attacker will quickly find the information needed to
gain access to the organization’s computer systems
65. The security perimeter, with
its several layers of security,
along with additional security
mechanisms that may be
implemented on each system
(such as user IDs/passwords),
creates what is sometimes
known as defense-in-depth. This
implies that security is enhanced
when there are multiple layers
of security (the depth) through
which an attacker would have
to penetrate to reach the
desired goal.
An increasing number of
organizations are implementing
VoIP solutions to bring the
telephone and computer
networks together. While
there are some tremendous
advantages to doing this
in terms of both increased
capabilities and potential
monetary savings, bringing
the two networks together
may also introduce additional
security concerns. Another
common method to access
organizational networks today is
through wireless access points.
These may be provided by the
organization itself to enhance
productivity, or they may be
attached to the network by users
without organizational approval.
66. The impact of all of these
additional methods that can be
used to access a network is to
increase the complexity of the
security problem.
• Figure 3.2 A more complete diagram of an organization’s
network
Wireless
access point
IDS
Corporate
LAN
Corporate
PBX
Modem
Telephones
FirewallRouter
The
Internet
The
PSTN
• Figure 3.1 Basic diagram of an organization’s network
IDS
67. Corporate
LANFirewallRouter
The
Internet
03-ch03.indd 60 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
60 61
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
and network. Consequently, every organization also needs
security policies,
procedures, and guidelines that cover physical security, and
every secu-
rity administrator should be concerned with these as well. While
physical
security (which can include such things as locks, cameras,
guards and entry
points, alarm systems, and physical barriers) will probably not
fall under the
purview of the security administrator, the operational state of
the organiza-
tion’s physical security measures is just as important as many of
the other
network-centric measures.
■■ Physical Security
Physical security consists of all mechanisms used to ensure that
physical
68. access to the computer systems and networks is restricted to
only autho-
rized users. Additional physical security mechanisms may be
used to pro-
vide increased security for especially sensitive systems such as
servers and
devices such as routers, firewalls, and intrusion detection
systems. When
considering physical security, access from all six sides should
be consid-
ered—not only should the security of obvious points of entry be
examined,
such as doors and windows, but the walls themselves as well as
the floor
and ceiling should also be considered. Questions such as the
following
should be addressed:
■■ Is there a false ceiling with tiles that can be easily removed?
■■ Do the walls extend to the actual ceiling or only to a false
ceiling?
■■ Is there a raised floor?
■■ Do the walls extend to the actual floor, or do they stop at a
raised
floor?
■■ How are important systems situated?
■■ Do the monitors face away from windows, or could the
activity of
somebody at a system be monitored?
■■ Who has access to the facility?
69. ■■ What type of access control is there, and are there any
guards?
■■ Who is allowed unsupervised access to the facility?
■■ Is there an alarm system or security camera that covers the
area?
■■ What procedures govern the monitoring of the alarm system
or
security camera and the response should unauthorized activity
be
detected?
These are just some of the numerous questions that need to be
asked
when examining the physical security surrounding a system.
Physical Access Controls
The purpose of physical access controls is the same as that of
computer and
network access controls—you want to restrict access to only
those who are
authorized to have it. Physical access is restricted by requiring
the individ-
ual to somehow authenticate that they have the right or
authority to have
Tech Tip
Physical Security Is
Also Important to Computer
Security
Computer security professionals
recognize that they cannot
70. rely only on computer security
mechanisms to keep their systems
safe. Physical security must be
maintained as well, because in
many cases, if an attacker gains
physical access, he can steal data
and destroy the system.
■■ The Security Perimeter
The discussion to this point has not included any mention of the
specific
technology used to enforce operational and organizational
security or a
description of the various components that constitute the
organization’s
security perimeter. If the average administrator were asked to
draw a dia-
gram depicting the various components of their network, the
diagram
would probably look something like Figure 3.1.
This diagram includes the major components typically found in
a net-
work. The connection to the Internet generally has some sort of
protection
attached to it such as a firewall. An intrusion detection system
(IDS), also
often part of the security perimeter for the organization, may be
either on
the inside or the outside of the firewall, or it may in fact be on
both sides. The
specific location depends on the company and what it is more
concerned
about preventing (that is, insider threats or external threats).
The router can
also be thought of as a security device, as it can be used to
71. enhance security
such as in the case of wireless routers that can be used to
enforce encryption
settings. Beyond this security perimeter is the corporate net-
work. Figure 3.1 is obviously a very simple depiction—an
actual network can have numerous subnets and extranets as
well as wireless access points—but the basic components are
present. Unfortunately, if this were the diagram provided
by the administrator to show the organization’s basic net-
work structure, the administrator would have missed a very
important component. A more astute administrator would
provide a diagram more like Figure 3.2.
This diagram includes other possible access points into
the network, including the public switched telephone net-
work (PSTN) and wireless access points. The organization
may or may not have any authorized modems or wire-
less networks, but the savvy administrator would realize
that the potential exists for unauthorized versions of both.
When considering the policies, procedures, and
guidelines needed to implement security for the
organization, both networks need to be consid-
ered. Another development that has brought the
telephone and computer networks together is the
implementation of voice over IP (VoIP), which elimi-
nates the traditional land lines in an organization
and replaces them with special telephones that
connect to the IP data network.
While Figure 3.2 provides a more comprehen-
sive view of the various components that need to
be protected, it is still incomplete. Most experts will
agree that the biggest danger to any organization
does not come from external attacks but rather from
72. the insider—a disgruntled employee or somebody
else who has physical access to the facility. Given
physical access to an office, the knowledgeable
attacker will quickly find the information needed to
gain access to the organization’s computer systems
The security perimeter, with
its several layers of security,
along with additional security
mechanisms that may be
implemented on each system
(such as user IDs/passwords),
creates what is sometimes
known as defense-in-depth. This
implies that security is enhanced
when there are multiple layers
of security (the depth) through
which an attacker would have
to penetrate to reach the
desired goal.
An increasing number of
organizations are implementing
VoIP solutions to bring the
telephone and computer
networks together. While
there are some tremendous
advantages to doing this
in terms of both increased
capabilities and potential
monetary savings, bringing
the two networks together
may also introduce additional
security concerns. Another
common method to access
organizational networks today is
73. through wireless access points.
These may be provided by the
organization itself to enhance
productivity, or they may be
attached to the network by users
without organizational approval.
The impact of all of these
additional methods that can be
used to access a network is to
increase the complexity of the
security problem.
03-ch03.indd 61 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
62 63
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
the desired access. As in computer authentication, access in the
physical
world can be based on something the individual has, something
they know,
or something they are. Frequently, when dealing with the
physical world,
the terms “authentication” and “access control” are used
interchangeably.
The most common physical access control device, which has
been
around in some form for centuries, is a lock. Combination locks
represent
74. an access control device that depends on something the
individual knows
(the combination). Locks with keys depend on something the
individual has
(the key). Each of these has certain advantages and
disadvantages. Combi-
nations don’t require any extra hardware, but they must be
remembered
(which means individuals may write them down—a security
vulnerability
in itself) and are hard to control. Anybody who knows the
combination
may provide it to somebody else. Key locks are simple and easy
to use, but
the key may be lost, which means another key has to be made or
the lock
has to be rekeyed. Keys may also be copied, and their
dissemination can
be hard to control. Newer locks replace the traditional key with
a card that
must be passed through a reader or placed against it. The
individual may
also have to provide a personal access code, thus making this
form of access
both a something-you-know and something-you-have method.
In addition to locks on doors, other common physical security
devices
include video surveillance and even simple access control logs
(sign-in
logs). While sign-in logs don’t provide an actual barrier, they
do provide a
record of access and, when used in conjunction with a guard
who verifies
an individual’s identity, can dissuade potential adversaries from
attempt-
75. ing to gain access to a facility. As mentioned, another common
access con-
trol mechanism is a human security guard. Many organizations
employ a
guard to provide an extra level of examination of individuals
who want to
gain access to a facility. Other devices are limited to their
designed func-
tion. A human guard can apply common sense to situations that
might have
been unexpected. Having security guards also addresses the
common prac-
tice of piggybacking (aka tailgating), where an individual
follows another
person closely to avoid having to go through the access control
procedures.
Biometrics
Access controls that utilize something you know (for example,
combina-
tions) or something you have (such as keys) are not the only
methods to
limit facility access to authorized individuals. A third approach
is to utilize
something unique about the individual—their fingerprints, for
example—
to identify them. Unlike the other two methods, the something-
you-are
method, known as biometrics, does not rely on the individual to
either
remember something or to have something in their possession.
Biometrics
is a more sophisticated access control approach and can be more
expen-
sive. Biometrics also suffer from false positives and false
negatives, mak-
76. ing them less than 100 percent effective. For this reason they
are frequently
used in conjunction with another form of authentication. The
advantage
is the user always has them (cannot leave at home or share) and
they tend
to have better entropy than passwords. Other methods to
accomplish bio-
metrics include handwriting analysis, retinal scans, iris scans,
voiceprints,
hand geometry, and facial geometry.
Tech Tip
Physical and
Information Security
Convergence
In high-security sites, physical
access controls and electronic
access controls to information
are interlocked. This means that
before data can be accessed from a
particular machine, the physical
access control system must
agree with the finding that the
authorized party is present.
There are many similarities
between authentication and
access controls in computers
and in the physical world.
Remember the three common
techniques for verifying a
person’s identity and access
privileges: something you
know, something you have, and
77. something about you.
03-ch03.indd 62 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
62 63
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
Both access to computer systems and networks and physical
access
to restricted areas can be controlled with biometrics. However,
biometric
methods for controlling physical access are generally not the
same as those
employed for restricting access to computer systems and
networks. Hand
geometry, for example, requires a fairly large device. This can
easily be
placed outside of a door to control access to the room but would
not be as
convenient to control access to a computer system, since a
reader would
need to be placed with each computer or at least with groups of
computers.
In a mobile environment where laptops are being used, a device
such as a
hand geometry reader would be unrealistic.
Physical Barriers
An even more common security feature than locks is a physical
barrier.
78. Physical barriers help implement the physical-world equivalent
of layered
security. The outermost layer of physical security should
contain the more
publicly visible activities. A guard at a gate in a fence, for
example, would
be visible by all who happen to pass by. As you progress
through the lay-
ers, the barriers and security mechanisms should become less
publicly vis-
ible to make determining what mechanisms are in place more
difficult for
observers. Signs are also an important element in security, as
they announce
to the public which areas are public and which are private. A
man trap can
also be used in this layered approach. It generally consists of a
small space
that is large enough for only one person at a time, with two
locking doors.
An individual has to enter the first door, close the first door,
then attempt
to open the second door. If unsuccessful, perhaps because they
do not have
the proper access code, the person can be caught inside this
small location
until security personnel show up.
In addition to walls and fences, open space can also serve as a
barrier.
While this may at first seem to be an odd statement, consider
the use of
large areas of open space around a facility. For an intruder to
cross this
open space takes time—time in which they are vulnerable and
their pres-
79. ence may be discovered. In today’s environment in which
terrorist attacks
have become more common, additional precautions should be
taken for
areas that may be considered a possible target for terrorist
activity. In addi-
tion to open space, which is necessary to lessen the effect of
explosions,
concrete barriers that stop vehicles from getting too close to
facilities should
also be used. It is not necessary for these to be unsightly
concrete walls;
many facilities have placed large, round concrete circles, filled
them with
dirt, and then planted flowers and other plants to construct a
large, immov-
able planter.
■■ Environmental Issues
Environmental issues may not at first seem to be related to
security, but
when considering the availability of a computer system or
network, they
must be taken into consideration. Environmental issues include
items such
as heating, ventilation, and air conditioning (HVAC) systems,
electrical power,
and the “environments of nature.” HVAC systems are used to
maintain the
Tech Tip
Biometric Devices
Once only seen in spy or science
fiction movies, biometrics such
as hand and fingerprint readers,
80. eye-scanning technology, and
voiceprint devices are now
becoming more common in the
real world. The accuracy of these
devices has improved and the
costs have dropped, making them
realistic solutions to many access
control situations.
Tech Tip
Signs
Signs can be an effective control,
warning unauthorized personnel
not to enter, locating critical
elements for first responders,
and providing paths to exits in
emergencies. Proper signage is
an important aspect of physical
security controls.
03-ch03.indd 63 05/11/15 10:05 am
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
64 65
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
comfort of an office environment. A few years back, they were
also critical
for the smooth operation of computer systems that had low
tolerances for
81. humidity and heat. Today’s desktop systems are much more
tolerant, and
the limiting factor is now often the human user. The exception
to this HVAC
limitation is when large quantities of equipment are co-located,
in server
rooms and network equipment closets. In these heat-dense areas,
HVAC is
needed to keep equipment temperatures within reasonable
ranges. Often
certain security devices such as firewalls and intrusion
detection systems
are located in these same equipment closets and the loss of
HVAC systems
can cause these critical systems to fail. One interesting aspect
of HVAC sys-
tems is that they themselves are often computer controlled and
frequently
provide remote access via telephone or network connections.
These con-
nections should be protected in a similar manner to computer
modems, or
else attackers may locate them and change the HVAC settings
for an office
or building.
Electrical power is obviously an essential requirement for
computer
systems and networks. Electrical power is subject to momentary
surges and
disruption. Surge protectors are needed to protect sensitive
electronic equip-
ment from fluctuations in voltage. An uninterruptible power
supply (UPS)
should be considered for critical systems so that a loss of power
will not
82. halt processing. The size of the batteries associated with a UPS
will deter-
mine the amount of time that it can operate before it too loses
power. Many
sites ensure sufficient power to provide administrators the
opportunity to
cleanly bring the system or network down. For installations that
require
continuous operations, even in the event of a power outage,
electric gen-
erators that automatically start when a loss of power is detected
can be
installed. These systems may take a few seconds to start before
they reach
full operation, so a UPS should also be considered to smooth
the transition
between normal and backup power.
Fire Suppression
Fires are a common disaster that can affect organizations and
their com-
puting equipment. Fire detection and fire suppression devices
are two
approaches to addressing this threat. Detectors can be useful
because some
may be able to detect a fire in its very early stages before a fire
suppres-
sion system is activated, and they can potentially sound a
warning. This
warning could provide employees with the opportunity to deal
with the
fire before it becomes serious enough for the fire suppression
equipment to
kick in. Suppression systems come in several varieties,
including sprinkler-
based systems and gas-based systems. Standard sprinkler-based
83. systems
are not optimal for data centers because water will ruin large
electrical
infrastructures and most integrated circuit–based devices—such
as com-
puters. Gas-based systems are a good alternative, though they
also carry
special concerns. More extensive coverage of fire detection and
suppression
is provided in Chapter 8.
HVAC systems for server
rooms and network equipment
closets are important because
the dense equipment
environment can generate
significant amounts of heat.
HVAC outages can result in
temperatures that are outside
equipment operating ranges,
forcing shutdowns.
03-ch03.indd 64 03/11/15 5:20 pm
Chapter 3: Operational and Organizational SecurityPrinciples of
Computer Security
64 65
BaseTech / Principles of Computer Security, Fourth Edition /
Conklin / 597-0 / Chapter 3
■■ Wireless
When someone talks about wireless communication, they
generally are
84. referring to cellular telephones (“cell phones”). These devices
have become
ubiquitous in today’s modern office environment. A cell phone
network
consists of the phones themselves, the cells with their
accompanying base
stations that they are used in, and the hardware and software
that allow
them to communicate. The base stations are made up of
antennas, receivers,
transmitters, and amplifiers. The base stations communicate
with those cell
phones that are currently in the geographical area that is
serviced by that
station. As a person travels across town, they may exit and enter
multiple
cells. The stations must conduct a handoff to ensure continuous
operation
for the cell phone. As the individual moves toward the edge of a
cell, a
mobile switching center notices the power of the signal
beginning to drop,
checks whether another cell has a stronger signal for the phone
(cells fre-
quently overlap), and, if so, switches operation to this new cell
and base
station. All of this is done without the user ever knowing that
they have
moved from one cell to another.
Wireless technology can also be used for networking. There are
two
main standards for wireless network technology. Bluetooth is
designed as
a short-range (approximately ten meters) personal area network
(PAN)