Food and Beverage Essay

What does the term ‘right of admission’ mean ? (6) It means that a Proprietor allows the customers of his hotel and he reserves the right admission with him . Entry of customers subject to rights of hotel owners. It also means that the store owner or management are allowed to deny entry to potential customers without giving just cause . The decision as to who is allowed in or out is usually up to the store owners discretion , which can be in good judgement or not . The right of admission notice also allows the shop security to search your bag or your person at their own discretion. For proper justifications , the owner may restrict the Right of Admission to certain categories of people or customers in the following events : (i) If the customer is a nuisance under the influence of alcohol , drug or lunatic . (ii) If the customer is naked (though simple dress code is allowed) (iii) If the customer is below 18 years of age , that too in a restaurant /hotel who has been given a permit for serving alcohol or drugs. (iv) If the customer is fighting or disturbing or causing annoyance to other customers. Etc -If the owner does not use his above ‘Right of Admission’, then another customer can sue the Hotel/Restaurant for deliberate negligence with criminal abetment and for ‘defiency in service’ besides for ‘damages’ to untold extents. QUESTION 2 Give five characteristics of a good beverage manager and explain in your own words why these characteristics are important. (15) (i) People-oriented A beverage manager must be comfortable leading their employees and working with public . In fast food restaurants , some managers also work as cashiers. In fine dining establishments the manager is expected to walk the floor and talk to the patrons . At the same time they have to ensure their employees are working efficiently . If a customer has a complaint , its usually up to the manager to smooth things over and make sure the customer wants to return in the future . (ii) Honesty In some cases beverage managers work for the owner of the establishment , who has entrusted his/her managers with the restaurants profits and supplies . Stealing from the establishment or other dishonesty is a fast way to lose the owners trust and make it difficult to find a similar position in the future . (iii) Organized Advance preparation is a key success factor in restaurant operations. Beverage managers must be strong administrators . Your employees will rely on you to decide what days and times they are working and what their responsibilities are so scheduling staff hours is a key task , as well as handling payroll. Your employees will expect to be paid regularly and at the same time each week or every two weeks , whatever the schedule is . (iv) Willing to learn and lead It will be the beverages managers responsibility to make sure the restaurant does not face liability issues, so he will need to stay up to date on safety certifications and management techniques. Employee retention can be a major success factor in the quality of services and reduce new employee expenses , such as training time , new uniforms and the time it takes to learn the job . (v) Flexiibility with hours His hours will depend on the venue for which he works. If he works in a restaurant or a bar , he might at times need to work late at night . He must be prepared for all situations if his goal is to work in management . QUESTION 3 What is the difference between on-consumption and off-consumption of liquor ? (6) (i) On – consumption On consumption liquor is liquor which can be sold and consumed on licensed premises. E. g hotels , clubs , and restaurants (ii) Off- consumption Off consumption liquor is liquor sold that is going to be consumed off the premises. Examples of these premises include shops , liquor producers and liquor stores. QUESTION 4 Why should the requirements of a bar control system be identified independently of the requirements of an accounting system ? (8) The requirements of a bar control system must be identified independently of the requirements of an accounting system because the bar control system is actually controlled by the accounting system . And the bar control system focuses on the stock available for the customers . A bar control system controls issues from the store or cellar . The accounting system ensures the compliance system with accounting policies and procedures . QUESTION 5 Explain the possible causes of discrepancies between sales at selling price on the bar liquor stock sheet and actual sales recorded. (10) Discrepancies in stock management refers to the difference between actual quantities of stock of material available in a bar and the available quantities as per stock records . Major causes of stock discrepancies are: Any discrepancies between sales at selling price on the bar liquor stock sheet may indicate theft by employees or customers . Not taking stock takes occasionally and spontaneously. Actual liquor stock issued from the store being different from the quantity recorded . Actual quantity of liquor received from the store being different from the quantity recorded. Liquor stored at the wrong place and therefore not considered during physical stock verification . Losses during storage for reasons such as evaporation and losses handling . Errors in ascertaining quantities physically available . Receipt or issues entries made in records under wrong item . There could be spillages . An employee could be over or under totting . QUESTION 6 If sales at cost price are R1650 and sales at selling price are R6600: (a) What is the percentage of cost of sales (show the formula you use ) ? (4) Cost/sales*100=cost of sales R1650/R6000*100 1 /4 25. = 25% cost of sales (b) What is the gross profit percentage ? (2) 100%-% of cost of sales 100%-25% = 75% QUESTION 7 What is the difference between a cocktail and a shooter ? (5) (i) Cocktail : An alcoholic drink consisting of a spirit or several spirits mixed with other ingredients , such as fruit juices , lemonade , or cream (ii) A shooter: a shooter is usually a mixed drink that amounts about 2 to 3 tots in a shot glass. They are generally drunk quickly , rather than being sipped . QUESTION 8 Why do cocktails have the potential to improve the gross profits of the bar ? (4) Cocktails have a potential to improve the gross profits in a bar because they are pricey than any other liquor . Its easy to generate sales from the customer that you already have . This is were a good cocktail list can be a greatest asset . If someone comes in and orders a Campari and soda , and you can up-sell them to an Americano , everybody wins . Its also easy to create new and unique cocktails with a little something extra to entice the customers, which can easily sell. With cocktails its easy to cut costs to increase profit without increasing sales volume. iQUESTION 9. Why would you want to garnish a cocktail ? (3) Garnishing a cocktail will add character or style to a cocktail as garnishes are decorative ournaments . You can garnish with eg carrot sticks , cherries , cinnamon , cocktail olives , pepper , salt etc QUESTION 10 Explain the difference between the shake method and the stir method of making cocktails . (8) (i) Shake method Is the method by which you use a cocktail shaker to mix ingredients together and chill them simultaneously. The object is to almost freeze the drink whilst breaking down and combining the ingredients. Normally this is done with ice cubes three quarters of the way full . When you have poured in the ingredients , hold the shaker in both hands with one hand on top and one supporting the base and give a short, sharp, snappy shake (ii) Stir method Is a more gentle technique for mixing cocktails and is used to delicately combine the drinks with a perfect amount of dilution . You stir cocktails that use only distilled spirits or very light mixers . Stirring takes longer than shaking to chill a drink. You can stir cocktails effectively with a metal or glass rod in a mixing glass. If ice is to be used , use ice cubes to prevent dilution , and strain the contents into a glass when the surface of the mixing glass begins to collect condensation . QUESTION 11 What does the term ‘bruising’ mean with regards to making cocktails ? (2) Its what happens when you shake a drink for too long. If you put your liquor in a shaker and then shake for a second the drink comes out cold . If you shake it for too long then the drink becomes bruised meaning there are pieces in the actual drink . QUESTION 12 Give the recipes for popular cocktails based on each of the following (nine recipes) . Rum , Brandy, Gin (15) (a) Rum (i) Daiquiri- 11/2 tots light rum (ii) Mojito-2tsp sugar 3/4ml lime juice 6-8mint leaves ? ml sugar syrup club soda 1 lime,halved 2 tots light rum Mint sprig for garnish (ii) Hurrcane-2 tots light rum 2tots dark rum 2oz passion fruit juice 1oz orange juice Juice of half a lime 1tbsp simple syrup 1tbsp grenadine Orange slice and cherry for garnish (b) Brandy (i) Apple Fizz-ice cubes (ii) sidecar – ice cubes 2parts apple brandy 3tots brandy 5parts carbonated apple juice 3parts triple sec 50ml lemon juice 1part lemon or lime juice Lemon slice to garnish. (ii) Metropolitan cocktail- ice cubes 3tots brandy 2parts sweet vermouth Sugar syrup to taste 2 dashes Angostura bitters (c) Gin (i) Bring it home – 2 tots Organic Nation Gin (iii) Delilah-11/2 tots Gin 11/2 tots Elder Flower Liquer ? tots Cointreau 11/2 measuresAlmond Syrup ? lemon juice 11/2 measures Lemon Juice Garnish: Cherry and lemon wedge (ii) Cherry bitch- 6 tots Bulldog Gin 1bag black currant tea 3-5 fresh cherries ? measures lime juice ? measures apple juice 1 measure syrup Garnish – orange peel twist QUESTION 13 As the bar man manager you are training a new bar man. Explain to him (or her ) in your own words how to serve a whiskey and soda . (5) Whisky should be served always with some ice tray and soda. These are the two perquisite of serving whisky. Being high in alcohol content , whisky blending requires spring water , and some tangy tinge. Different people like their whisky served in their own ways . So it would be a good idea if you place whisky with ice and soda in separate beakers . QUESTION 14 What glass would you use for serving Cognac or South African Liquer Brandy ? (1) Balloon Brandy Snifter Glass QUESTION 15 What is a Sambuco , why is it popular and how is it often served ? (3) Sambuco is an Italian liquor flavoured with maniseed that is often found in clear or white form . The most common way of serving sambuca is neat , on the rocks , with fresh water added or in coffee in place of sugar . Sambuca con mosca (neat with coffee beans floated atop) is a common Italian way . QUESTION 16 What is meant by the term ‘binder’ with reference to a cigar ? (3) The binder is what keeps (or binds) the filler leaves together . It is also a tobacco leaf , usually having little or no flavour , which is used to bind and contain the filler tobacco inside of a cigar.

Medical Tourism Marketing Strategy in Thailand Essay

Abstract Thailand has emerged as a leading medical tourism destination in recent years. The increase in the number of international patients shows that Thailand has great potential for medical tourism and the improvement of its marketing strategies will further increase the image of Thailand as a medical tourism destination. In order to face off the challenges of growing competition form India, Singapore, Malaysia and other destinations, Thailand needs among other things to improve its marketing as a favourite medical tourism destination in the region. Therefore, this exploratory research was set to evaluate the current marketing strategies of healthcare providers and intermediaries through interviews with stakeholders and observation, and to propose effective marketing strategies for preserving and enhancing Thailand’s position as a leading medical tourism destination. This qualitative research employed semi-structured interviews to examine the current marketing strategies of Thailand’s healthcare service providers. Interviews took place with healthcare service providers (public hospitals, private hospitals, and clinics), medical travel agents and related parties, at several popular tourism destinations of Thailand: Bangkok, Phuket, and Pattaya. Respondents were selected through purposive sampling. In addition, observation of stakeholders’ websites and online marketing of service providers of competitors (Singapore, India, and Malaysia) took place. The paper identifies the strengths of Thailand’s healthcare service providers and points at a number of problems that may reduce the growth opportunity of this industry. These include lack of practical government policies with regard to medical tourism and of other supporting regulations, lack of organization as a cooperation centre aimed at promoting the medical tourism industry as a whole, remaining low awareness of the opportunities presented by the industry among potential foreign patients, and shortage of doctors and qualified medical staff. Measures for improvement are suggested. Keywords: medical travel, medical tourism, Thailand, marketing strategies 1. Introduction Medical tourism is a new form of a niche tourism market which has been rapidly growing in the recent years. The term â€Å"Medical tourism† describes tourists who travel to oversea countries to obtain healthcare services and facilities such as medical, dental and surgical care whilst having the opportunity to combine it with visiting the tourist attractions of that country. The main groups of Medical tourists come from the industrialized countries of the world especially Europe, the UK, Middle East, Japan, U.S. and Canada where the cost of medical treatment is very expensive and there are often long waiting times for treatments [1]. Other than Thailand, countries that are currently promoting medical tourism are Bolivia, Brazil, Belgium, Cuba, Costa Rica, Hungary, India, Israel, Jordan, Lithuania, Malaysia, Poland, Singapore and South Korea. The main reasons for the growing popularity in medical tourism are: 1.) The long waiting lists in the developed countries, 2.) The low cos t of medical treatments in developing countries, 3.) The affordable international air fares and favorable exchange rates, 4.) The Internet; with the development of communications, new companies have emerged who acts as middlemen between international patients and hospital networks, giving patients easy access to information, prices and option, 5.) The state-of-art technology that has been adopted by the new healthcare services [2]. Thailand has emerged in recent years as one of the leaders in the industry. Data collected from 30 private hospitals by Department of Export Promotion of Ministry of Commerce shows the increasing number of international patients who came to obtain the medical treatments in private hospitals in Thailand. In 1997 only 120,000 patients came for medical treatment; since then, the number has drastically increased to 975,532 in 2003 and 1,356,000 in 2006 (see Figure 1). Source: Data collected from 30 private hospitals by Department of Export Promotion, Ministry of Commerce (cited in http://mrd-hss.moph.go.th/ac/download.asp) Thailand has a number of competitive advantages: it is already a well-known tourist destination; it is one of the first countries which entered the medical tourism market; it is known for its unique culture of service – the renown Thai hospitality; and also provides high quality services by qualified staff at a reasonable price. Under the guidance and regulation of the Ministry of Public Health, some Thai hospitals have been recognized and approved for the standards set by the Hospital Accreditation of both Thailand and International (Joint Commission International or JCI), and also other international standards such as ISO and Hazards and Critical Control Points Principle (HACCP). Thailand’s main Asian competitors in the industry of medical tourism are India, Singapore, Malaysia and Hong Kong [3]. India, with its lower cost of health services, has recently emerged as an important competitor to Thailand. It had approximately 150,000 patients in 2004 and the Indian government predicted that this industry could grow by 13% per year in the near future [4]. Despite this, India still lacks the quality of standards and infrastructure, and suffers from a negative image due to the low hygiene and sanitation perception of travelers. Singapore has high living standards, a strong government support for the medical tourism industry, excellent English speaking communication and high quality medical services. Their services are offered at somewhat higher prices than in Thailand but are still much cheaper than in developed countries. In 2006, 410,000 patients traveled to Singapore specifically for healthcare and the country hopes to attract 1 million medical travelers annually by 2012 (www.singaporemedicine.com). Malaysia also offers low prices for healthcare services, and as a predominantly Muslim country has a competitive advantage in attracting patients from the Middle East [5]. According to the Association of Private Hospitals Malaysia [6], the number of international patients seeking medical services in Malaysia has grown from 75,210 patients in 2001 to 296,687 patients in 2006 and generated 59 million USD in revenue. In order to face off the challenges of growing competition, Thailand needs among other things to improve its marketing of healthcare services. Therefore, this research was set with the objectives to study and observe the current marketing strategies of service providers in medical tourism in Thailand (public hospitals, private hospitals, clinics, and medical travel agents) and related parties such as the Ministry of Public Health, the Tourism Authority of Thailand (TAT) and to analyze and evaluate the marketing strategies of Thailand and its main competitors in the region (Singapore, India, and Malaysia) in order to come up with a proposal of effective marketing strategies to develop and promote medical tourism in the country. This is the first such study carried out in Thailand, and is expected to enhance knowledge as well as to contribute to the development effective planning in the future and to enhancing the co-operation between stakeholders. current marketing strategies of Thailand’s medical tourism service providers. Interviews took place with healthcare service providers (public hospitals, private hospitals, and clinics), medical travel agents and related parties, at several popular tourism destinations of Thailand: Bangkok, Phuket, and Pattaya. Respondents were selected through purposive sampling, based on information from secondary data and the researchers’ experience in the area, as well as observation of healthcare providers’ websites. Criteria for inclusion in the interview list included: membership in Thailand Private Hospital Association, high number of international patients who received medical treatments, active marketing on the Internet, and non-medical care serviced provided to the patients. The interview topics included questions related to current and future target markets and marketing strategies, channel distribution, positioning, main competitors, threats to medical tourism in Thailand, industry collaboration, involvement of new stakeholders, medical travel packaging, and other relevant topics. In addition, observation of stakeholders’ websites and online marketing of service providers of competitors (Singapore, India, and Malaysia) was used to accomplish the objectives of the study. 3. Results and Discussions The findings from the interviews with the healthcare service providers and observation of stakeholders’ websites about the current marketing strategies used by Thailand’s healthcare service providers are described based on the 7 Ps of marketing mix: Product, Price, Place, Promotion, People, Process, and Physical Evidence [7], [8]. Product: Thailand’s healthcare service providers offer a wide range of tertiary and elective medical treatments such as Cardiology, Orthopedic, Cosmetic and 2. Methodology This qualitative research employed semi-structured interviews to examine the Plastic surgery, Dental care, Eye treatment, and etc. to attract the international patients. Well-trained medical staff with international board certification (US, UK, Australia, Germany, Japan) are considered as a valuable asset of the companies and used as an important tool to promote healthcare services. The patients of Bumrungrad Hospital and Bangkok Hospital Medical Center (the major player of Thailand’s medical tourism business) can select their required doctors through their websites by name, gender, photo, medical qualification, their specialty, language spoken, and even the working day. Moreover, the cutting-edge technology and equipment available made by each service provider was also used as one of the major products in this industry. Quality of treatment in a less-developed and developing countries is the major concern raised by the medical travelers from industrialized countries. Most of respondents commented that Thailand is still considered as developing country among Westerners, especially those who have never been in the country before, so the availability of high quality medical care services is not easily recognized – unlike Singapore, with its positive image of high living standards country. However, the results of previous research [2] about satisfaction with health service in Thailand indicated that most of the patients who have been treated were very satisfied with facility of hospitals, medical staffs’ professionalism, and quality of medical treatments and willing to recommend to their friends/relatives which spread word of mouth information to more potential patients Another marketing strategy used by service providers is to create more value through services. Superior value-added services have been created to differentiate themselves from their increasing competitors, increasing its efficiency, creating convenience for the patients, and developing and strengthening the customer relationships. These non-medical care services are services such as, on-line service for medical arrangement, travel arrangement, interpreter services in many languages (Arabic, Burmese, Bengali, Bhutanese, English, French, Japanese, Korean, German, Spanish, Mandarin, Vietnamese, and etc), luxury service apartments for patients’ relatives adjacent to the hospital, hotel selection and reservation, sightseeing tour services, medical transportation both on land and air, one-to-one nursing care service, and etc. Major healthcare service providers in Thailand have started expanding their business to other countries by investing in and/or operating hospitals or medical center overseas. These hospitals function as a diagnostic center for screening cases and also for follow-ups in medical treatments. Bumrungrad Hospital invested in the newest private medical center in Manila, Philippines and is investing about US$ 10 million into a new hospital in Dubai, as well as having plans to manage other two new regional hospitals in Yangon, Myanmar and Dhaka, Bangladesh to expand its operations in other potential countries. Moreover, Bangkok Dusit Medical Services Group (a listed holding company operates 17 hospitals in Bangkok, Pattaya, Phuket, and Koh Samui which also includes Samitivaj Hospital, Bangkok Hospital Center, and BNH Hospital) already operates the Royal Angkor International Hospital in Siem Reap, Cambodia and also has future plans of setting up diagnostic centers in Abu Dhabi, and the United Arab Emirates which will be a joint venture hospital network to the UAE and the Middle-East. It also plans to open a boutique hospital in Phnom Penh, Cambodia which will offer health check-up programs, investigating diseases and primary treatments as well as making referrals of patients to Bangkok Hospital Medical Center in Bangkok for further secondary treatments if needed in the near future. Price: Thailand’s healthcare service providers have a competitive advantage among their competitor due to its high standard of medical treatments and services offered to the patients at a very competitive price. Singapore offer medical treatments at a higher price than Thailand because of its positioning as a high-end complex quality acute care [9]. India offers lower price than Thailand but still has the negative image of poor hygiene and sanitation. India complicated medical procedures are being done only at one tenth of the cost in industrialized countries but in terms of infrastructure facilities such as roads, sanitation, power backups, accommodations, and public utility s ervices much more is needed for the country to become a medical tourism destination [4]. Malaysia offers prices lower than Thailand, partly due to the favorable exchange rate but its focus is mainly on the Muslim patients from Indonesia, Brunei and the Middle East. Place: Internet is the main means for disseminating information related to medical and non-medical care services offered by each of healthcare service providers (both hospitals, and clinics). It is the most effective and inexpensive way to reach the product to its target customers directly, and at the same time helping patients acquire correct and valuable information allowing them to make an informed decision. Informative online marketing of each service provider creates awareness of the medical treatments available and reassures potential patients. Interactive communication, treatments description, description of services and facilities, quality assurance other concierge services were also presented on the websites to attract the patient who are on medical traveling program. At the moment Thailand does not have a central organization to publicize valuable information on the health care services to the medical travelers. Singapore established the outstanding websitewww.singaporemedicine.com as the center of the country’s healthcare services. It aims at promoting Singapore as a world class medical tourism destination, and has proved very successful in this respect. All the healthcare service providers mentioned that there is the increasing use of agents in the target countries to be representative for them. These agents provide information and recommend the patients regarding their treatments to the hospitals. They work as a center cooperating between patients and hospitals for screening cases, sending all the necessary me dical reports of the patients to the hospitals. And at the same time agents have the responsibility of advertising and doing marketing in those countries for healthcare service providers, spreading word of mouth advertising of service assurance and reliability. Some respondents expressed concerns about the services of the medical travel agents, with regard to low accuracy in the medical correspondence and overpromising to the patients which both lead to overall patient’s subsequent dissatisfaction and create negative image of the medical service provider. Promotion: Most healthcare service providers particularly hospitals participate in travel marts, travel fairs, trade fair, exhibitions, seminars, conferences, and advertise in travel magazines in countries with the supporting from the government. With the cooperation from the Ministry of Public Health, Tourism Authority of Thailand (TAT), Ministry of Foreign Affairs, and Department of Export Promotion (DEP) organized these activities for promoting healthcare services to in ternational markets. In addition, other informative materials such as brochures, booklets, video-cds, paper bags and t-shirt with logos were also used to create awareness of the available healthcare services as well. Moreover, some healthcare service providers build up cooperation with the local institutes, universities, medical schools in other countries to establish collaboration in education, exchange of knowledge and training as well as to promote their alternative healthcare services. Advertising about medical and nonmedical services in both local and international media are used by healthcare service providers. The advertisement has to be based on Thai laws and regulations about how to advertise healthcare services. Media such as magazines, newspaper (both in Thai and English), television etc. are used to target local people and expatriates who work in Thailand. For the international market, most of respondents stated that they let medical travel agents do the marketing in each target country whic h is based on their professional background and knowledge about those people’s behavior. Articles, video, news related to their high quality and standard of medical treatments and services, health issues, latest medical technology equipment, quality assurance/awards/accreditation available on their own websites and also to the international media. These help to create awareness of the available alternative medical treatments as well as to build up a positive image of the high quality and international standard of medical care in Thailand. People: Another strategy that healthcare service providers use to attract the international patients for their treatments in Thailand is to emphasize its well-trained medical specialists, over with degrees from well-known overseas institutes. It was acknowledged by all the health care service providers that having specialized and qualified doctors and staffs proved a competitive advantage for the hospitals. This has been observed for example on the websites of Bumrungrad hospital and Bangkok hospital, where the qualifications of doctors and hospitality of nurses and the medical staff were intensively promoted to attract and capture the potential patients. However, shortage of doctors and trained medical staff was the major concern currently commented by the respondents. Moreover, language communication skills – sometimes of doctors, but more often of nurses, receptionists, and other relevant staffs – and misunderstanding of the patients’ culture were still considered as problem and challenges for the medical tourism business for both hospitals and clinics. Process: Patients who seek medical treatments abroad are mostly concerned with the quality of treatments and have to make sure the hospital they select is licensed and preferably accredited by a recognized international organization that audits medical quality. Therefore, acquiring the international accreditation with Joint Commission International (JCI) which recognizes that the standard of the hospital meets or exceeds the standard of medical facilities in the US was used as one of the marketing strategy tools by healthcare service providers. Currently, in Thailand Bumrungrad Hospital, Samitivej Hospital, and Bangkok Hospital Medical Center attained this JCI accreditation, compared to 11 hospitals in Singapore (accounting for one-third of all JCIaccredited facilities in Asia), and 8 hospitals in India [9]. There are other hospital assurance schemes and awards which are also important to guarantee the quality of medical care services, such as Thailand Hospital Accreditation Program (HA) conducted by the Institute of Hospital Quality Improvement & Accreditation, and ISO. Moreover, the result from observation indicated that the websites of the major hospitals display not only JCI accreditation but also other awards and Thai government’s accreditation treatments such as ISO, HACCP, HA (Thailand Hospital Accreditation Program), and so on to reassure the standard and their high quality of medical treatments. Physical Evidence: Because the healthcare system has developed relatively recently in Thailand, it has been observed that the major healthcare service providers have developed significantly in both infrastructures and facilities. Most hospitals have a good ambience in their buildings with spacious, luxury rooms and excellent amenities same as that of a five star hotel for patients and relatives, and also come equipped with cutting-edge technology. This is a competitive advantage of Thailand in order to gain the confidence and build up the trust of international patients, making a decision to choose Thailand as their preferred choice. References [1] Connell, J. (2006). Medical tourism: Sea, Sun, Sand and †¦ Surgery. Tourism Management , 27 (6), 1093-1100. [2] Suthin, K., Assenov, I., and Tirasatayapitak, A. (2007). Medical Tourism: Can supply keep up with the demand. Proceedings, APac-CHRIE & Asia Pacific Tourism Association Joint Conference 2007, May 23-27 May, 2007, Beijing, China. [3] Bangkok Bank. (2005). Health Products and Health Services: Another Industry in which Thailand is Competitive. Retrieved August 25, 2007, from http://www.bangkokbank.com/download/Hea lth_Products_and_Health_Services.pdf. [4] Kaur, J., Sundar. G H., Vaidya D., and Bhargava S. (2007). Health Tourism in India Growth and Opportunities. Proceedings, International Marketing Conference on Marketing & Society, 415-422. Retrieved September 2, 2007, from http://dspace.iimk.ac.in/bitstream/2259/345/1 /415-422.pdf [5] Tirasatayapitak, A., Suthin, K., and Assenov, I. (2007). Medical Tourism in Thailand: Meeting Better the Needs of Japanese Tourists a nd Patients. Thailand: Prince of Songkla University. [6] Advertising and Publicity Division, Tourism Malaysia. (2007). Media Info Health Tourism in Malaysia, Retrieved April 4, 2008, from http://www.tourism.gov.my/tourismbiz/medi acentre/articles/travelideas/PR%20Health%2 0Tourism%206%20Nov%2007.pdf [7] Kotler, P., Armstrong, G. (2008). Principles of Marketing. New Jersey: Pearson Education, Inc. [8] Chartered Institute of Marketing. (2005). Marketing and the 7Ps A brief summary of 4. Conclusion The medical tourism industry in Thailand is still growing and expanding in spite of the high competition. Both online and offline promotion tools were used to create awareness of the availability of high quality medical care and non-medical care services, reassure patients about the standards and quality of medical treatments, and offer alternative healthcare services for selection by potential target customers. This research had recommended marketing strategies for further promoting medical tourism in Thailand. These include building and promoting the image of Thailand as â€Å"High quality medical tourism destination†, creating and promoting new combination of medical tourism products, promoting as health and wellness destination, exporting healthcare business to other countries, keeping up the high standard of quality treatments at a reasonable price, providing informative online and offline materials and make them available to the potential customers, emphasize on patients ’ testimonials (word of mouth), attaining the accreditation/standard to reassure the quality of treatments as well as emphasizing on the needs and demands of the existing target markets and also the potential target markets. This research also identified some issues related to the development and expanding of medical tourism in Thailand which may slow down the growth of this business. The researcher hopes that these issues will be given immediate attention and addressed responsibly and appropriately by the government, healthcare services providers and the other related stakeholders in the nearest future. marketing and how it works. Retrieved March 1, 2008 from www.cim.co.uk/MediaStore/FactFiles/Factifi le7ps.pdf [9] Boston Consulting Group. (2008). Overview of Medical Tourism – Give back deck. BCG.

Basic Rhetorical Analysis Assignment Example | Topics and Well Written Essays - 500 words

Basic Rhetorical Analysis - Assignment Example There are applications for the citizens in paying energy bills available on the Internet, and at the local county office. Addresses Certain Users Someone needs only fills in the application with honest answers. If someone does not speak English, and requires assistance filling in the application there is someone at the local county office who is available to assist someone in filling in the application. There are directions available at the back of the application explaining some of the definitions, and offer’s assistance to anyone who is in need of it. The certain users the application addresses are low income families who are in need of assistance with energy bills. There is a large X at the bottom of the application for someone to sign, and the usability of the application was made for anyone who speaks English, and if someone needs assistance there is someone at the local county office who is available to offer assistance. Help readers solve problems If readers are filling in the application over the Internet, some readers need only fills in the highlighted areas of the application. If a reader is in doubt of what information needs to be put in the application readers need only to address this issue by reading the definitions, and explanations that accompany the question.

Organisational Behaviour Essay Example | Topics and Well Written Essays - 750 words

Organisational Behaviour - Essay Example There is always a high demand for people having good communication skills and those professionals who are young and adaptive to change. To study the demographic factors is vital for a manger as it helps him in selecting the best person for the job. In job interviews, managers are mostly looking for confident candidates and also those candidates that have good interpersonal and good communication skills. These types of employees tend to prove themselves highly valuable to the firm. The abilities and skills of a person highly influence his behaviour and performance. If your skills and abilities match the requirements of the job, you are likely to perform better. This is so because one knows the job description requirements and can perform well accordingly. The manager plays a key role when matching the job requirements with the skills and abilities of the employees. This is crucial as matching skills and abilities will allow the desired results to be achieved by the firm. Perception is a process by which sensory impressions are organised and interpreted by an individual in order to give meaning to whatever is around him. The perception of a person can be influenced by many factors. For managers it is really important to create a work environment that is favourable and that it is positively perceived by the employees. If the employees perceive it positively, it will improve their performance and overall, the firm will become productive and profitable. Attitude is the propensity to react positively or negatively towards certain things, people or circumstances. The supervisor of a company should study the factors related to employment to create a positive work environment so that workers are encouraged to form a favourable attitude towards their particular jobs. The variables such as family, society, traditions and culture, friends and organisational characteristics affect the development and attitude of the employees. The workers can perform efficiently if they for m a better attitude in the workplace. Employees also need to work upon having a good work life balance so that they can achieve their targets successfully without having pressure from anyone side of professional work or personal life. Personality is the study of the unique characteristics of an individual, the relations between these individuals and how they alter and change with respect to society and changing circumstances. The numerous dynamics that affect the personality of a person are inheritance, family, friends, society, culture and other circumstances. This shows that individuals are different when working in an organisation and their personality changes along with it. Personality can be considered as the most difficult part of an individual, and this largely affects the behaviour of a human being. Studying the personality characteristics of an individual is a good opportunity to comprehend them. It motivates them to complete the organisational goal in an efficient manner. Diverse environmental variables produce different reactions, and studying these reactions is very crucial for the organisation. By studying these responses certain types of behaviours that are demanded by organisations are discovered and learnt. Examples of these behaviours are

Question Essay Example | Topics and Well Written Essays - 500 words - 4

Question - Essay Example The approach that will be adopted by this lawyer would be of a proactive nature and he would consistently keep a check on the activities and measures of the other industrial competitors and narrate the same dealings to the company’s top heads. Moreover, this lawyer will help solve the different legal issues which the organization might run into from time to time and also facilitate avenues for better understanding between the company and its publics (usually the stakeholders). (Commons, 1923) Since keeping a check of the law regimes is the duty of any organization that works under a certain law of the land, this organization would be helped a great deal by the efforts undertaken by the lawyer and his role would be increased with each passing day. Thus it is in the best interests of the business unit operating in a foreign country to hire the best lawyer and adopt an approach of goodwill with the legislative

What is the main difference between Aristotle's account of virtue and Essay

What is the main difference between Aristotle's account of virtue and Socrates' account of virtue Who has the more plausible view - Essay Example In this way, Aristotle has accepted the Socrate’s account of virtue as related to courage but he is differentiated from Socrates to the following point: courage, which, in the form of knowledge, is for Socrates the basis of virtue (Kahn 1998, p.85), is considered for Aristotle just an element of virtue; the latter, in accordance with Aristotle, is likely to be influenced from other elements and values, such as eudaimonia (Klosko 2006). The differences regarding the views of Socrates and Aristotle on virtue are analytically presented below; explanations are given, as possible by referring to the relevant texts. Also, suggestions are made regarding the potential limitation of the distance between the views of Socrates and Aristotle on virtue and its elements. The key difference between Aristotle’s account of virtue and Socrates’ account of virtue is highlighted in the study of Achtenberg (2002); in accordance with the above researchers, Socrates emphasized on virtue as knowledge, while Aristotle considered virtue as related to the behavioural characteristics of each individual; in the context of Aristotle’s account of virtue, virtue is an element of human behaviour which requires the emotional development of the person involved (Achtenberg 2002, p.24). From this point of view, minors cannot have virtue – at least not in its full form – since their emotional development is still in progress. The importance of knowledge as a criterion for virtue has been the key characteristic of Socrates’ account of virtue. Curren (2000) noted that Plato accepted the view of Socrates that ‘wisdom is a key element of virtue’ (Curren 2000, p.48). It is on this basis that the suggestions of Plato on education have been based. Taking into consideration the fact that virtue can be taught, as Socrates supported, Plato developed the framework

Ethical Guidance Essay Example | Topics and Well Written Essays - 1500 words

Ethical Guidance - Essay Example Interpretations 'f the rules and rulings issued by the AICPA to answer specific questions regarding members' ethical conduct supplement the principles and rules and, in combination, provide guidance to auditors making decisions about ethical dilemmas. The model 'f the decision-making process implied by the combination 'f these Code elements is conservative, however, and may not fully capture all the actual influences on auditors' decisions. This study proposes and tests an alternative model in comparison with the AICPA Code-implied model. (Jeffrey 2004, 553-579) When faced with an ethical dilemma, an auditor must gather and analyze data from many sources. It is likely that auditors gather and analyze these data in many different ways. One benefit 'f a model 'f auditors' ethical decision making is that the model elements can be identified and tested to better understand how and why the decisions are made. In this section the decision model implied by the AICPA Code is delineated and compared with other existing models. (Martin 2007, 5-14) Numerous professional accounting, financial, and auditing organizations have separately adopted codes 'f ethics. Most practicing internal, public, and governmental auditors are associated with one or more 'f these organizations and have voluntarily submitted to the respective codes 'f conduct which restrict activities beyond the legal statutes binding the general citizenry. Comparisons 'f these codes indicate that there are significant common components across many 'f them, but also that omissions and potential conflicts exist Unlike most other codes, the AICPA Code provides specific guidance in using both rules and principles to conservatively resolve conflicts. The chairman 'f the committee drafting the restructured Code described the application 'f principles in the following manner: 'guided by the basic principles in the Standards of Professional Conduct, members must exercise professional and moral judgments in all their activities. Within the added principles section 'f the AICPA Code, members are called 10 an "unswerving commitment to honourable behaviour, even at the sacrifice 'f personal advantage" (AICPA 1988). This description 'f the AICPA Code implies an exceptionally conservative decision model. According to the Code-implied model, an accountant or auditor must be aware 'f the principles, rules, interpretations, and rulings promulgated by the AICPA. When facing an ethical dilemma, an auditor compares the dilemma situation with these elements 'f the Code and makes a decision to avoid any possible violation. To follow this decision model without exception would lead to increasingly conservative decisions in which the gray area calling for auditor judgment is reduced. That is, when an ethical dilemma situation is addressed within the Code each new level 'f guidance adds restrictions which require auditors to follow promulgated rules and principles without deviation. This model is illustrated in figure 1 and discussed below. At the legal level, CPAs are constrained from complete decision-making freedom. For example, a CPA

Relationship banking Essay Example | Topics and Well Written Essays - 1500 words

Relationship banking - Essay Example Sale of banking products has become extremely competitive. This paper will discuss how relationship marketing has penetrated the banking sector and what are its pitfalls or benefits. It will also discuss the type of relationship that banks have with customers and what marketing activities it performs to establish and maintain such relationships. Banks have adopted the concepts of marketing in the highly competitive market as the consumers have become highly literate and empowered. Customers are increasingly using technology for using banking services, and hence the bank-customer relationship have become of great importance. To stimulate the improvement in the quality of service from the banks, deregulation brought in a range of suppliers in the financial services (Durkin & Howcroft, 2003). Because of the pressure on the bank margins from new competitors, banks have had to reengineer their internal and external delivery process to make profits. Technology is used to increase market share and reduce costs. Banks have been forced to consider this because in the new and emerging delivery channels the bank-customer interactions do not involve face to face contact. Relationship marketing (RM) means to identify, establish, maintain and enhance, and when necessary even to terminate relationships with customers and other stakeholders. In doing do both parties gain and the objectives have been met (Durkin & Howcorft, 2003). This conforms to Gummesson’s concept of relationship marketing. Thus it involves mutual satisfaction, gains and attainment of objectives. In RM the customer is treated as a partner and their needs are identified, and loyalty developed through quality service (Fjà ¤llborg, Morin, Mannberg, Rosell & Heckscher, 2005). Relationship between the buyer and seller differs across industries and firms and customer service forms the core of RM. Effective customer service creates

Linguistics - The English Language (750words paper) - Cohesion Essay

Linguistics - The English Language (750words paper) - Cohesion Exercise - Essay Example By repeating it the reader must continue to read because they want to understand why the watch is so important. This is also the idea of repetition because the word is repeated over again. They also use synonyms for the missing watch and the watch itself like "bare wristed arm", "unique timepiece", and "threatening to tarnish". This last one indicates that the watch was silver and overtime would tarnish. There are also incidences of exophoric expression. In the first paragraph, "It is standard tourist advice" says that "it" is something the reader should immediately understand, and most tourists and people who live in the city will agree that this is a situation that everyone knows -- that they should look out for pickpockets. The word "pickpocket" immediately sets off in the readers mind a situation that is "seedy" and negative. This first paragraph sets the stage for the later cataphoic reference in that the watch is lifted from the president. The words "standard tourist" seems to imply that although tourists know this informant "the president" may not. The second paragraph starts off with "film" rather than saying something like "there was a security film" so the reader is not given what type of film, but it is another exophoric reference because the reader will know that some type of film could capture this situation. The use of the words "mobbed" and "plunging into an adoring crowd" seem to be juxtaposed to each other. We think of a "mob" as something out of control and at the same time he is "plunging into" the situation which makes it more positive. This creates a contrast between the words "plunging into" and "mob" so that it almost seems like someone being moved along in a crowd at a rock concert. In fact, the writer actually uses the metaphor phrase, "Mr. Bush†¦was received like a rock star†¦" in paragraph five. This was set up previously to make an endophoric connection. The article implies that the

Political Corruption Essay Example for Free

Political Corruption Essay Wrongdoing on the part of an authority or powerful party through means that are illegitimate, immoral, or incompatible with ethical standards. Corruption often results from patronage and is associated with bribery. In economy, corruption is payment for services or material which the recipient is not due, under law. This may be called bribery. Way back in 200 B.C., Kautilya meticulously described 40 different kinds of corruption in his Arthashastra. He has aptly commented: Just as it is impossible not to taste honey or poison when it is at the tip of the tongue, so it is impossible for a government servant not to eat up a bit of revenue. And just as it cannot be found out whether a fish swimming through water drinks or not so also government servants cannot be found out while taking money for themselves. Corruption is defined as moral depravity and influencing through bribery. Essentially, corruption is the abuse of trust in the interest of private gain. This normally involves business man and government. The extortive type is the kind where the donor is compelled to bribe in order to avoid harm being inflicted upon his person or his interest. It is not difficult to locate the causes of corruption. Corruption breeds at the top and then gradually filters down to the lower levels. Gone are the days when people who joined politics were imbued with the spirit of serving the nation. Those who plunged themselves into the fight for freedom knew that there were only sacrifices to be made, no return was expected. So only the selfless people came forward. But the modern politicians are of entirely different mould. They are not motivated by any lofty ideals. They win elections at a huge personal cost and then try to make the best of the opportunity they get. Powerful business magnates who are forced to give huge donations to political parties indulge in corrupt practices not only to make up their losses but also to consolidate their gains. Corruption in different fields Collusion is an agreement between two or more persons, sometimes illegal and therefore secretive, to limit open competition by deceiving, misleading, or  defrauding others of their legal rights, or to obtain an objective forbidden by law typically by defrauding or gaining an unfair advantage. Collusion is a corrupt activity. The different fields of corruption are 1. Political corruption 2. Police Corruption 3. Corporate corruption 4. Corruption in local Government 1. Political Corruption Political corruption is the use of legislated powers by government officials for illegitimate private gain. Misuse of government power for other purposes, such as repression of political opponents and general police brutality, is not considered political corruption. Neither are illegal acts by private persons or corporations not directly involved with the government. An illegal act by an officeholder constitutes political corruption only if the act is directly related to their official duties, is done under color of law or involves trading in influence. Forms of corruption vary, but include bribery, extortion, cronyism, nepotism, patronage, graft, and embezzlement. While corruption may facilitate criminal enterprise such as drug trafficking, money laundering, and human trafficking, it is not restricted to these activities. The activities that constitute illegal corruption differ depending on the country or jurisdiction. For instance, certain political funding practices that are legal in one place may be illegal in another. In some cases, government officials have broad or poorly defined powers, which make it difficult to distinguish between legal and illegal actions. Worldwide, bribery alone is estimated to involve over 1 trillion US dollars annually. A state of unrestrained political corruption is known as a kleptocracy, literally meaning rule by thieves. When people in power indulge in corruption so unabashedly, the common man gets a kind of sanction. Ironically, instead of  fighting against the menace of corruption, our political leaders declare it a worldwide phenomenon and accept it as something inevitable. 2. Police Corruption Police corruption is a specific form of police misconduct designed to obtain financial benefits, other personal gain, and/or career advancement for a police officer or officers in exchange for not pursuing, or selectively pursuing, an investigation or arrest. One common form of police corruption is soliciting and/or accepting bribes in exchange for not reporting organized drug or prostitution rings or other illegal activities. Another example is police officers flouting the police code of conduct in order to secure convictions of suspects — for example, through the use of falsified evidence. More rarely, police officers may deliberately and systematically participate in organized crime themselves. In most major cities there are internal affairs sections to investigate suspected police corruption or misconduct. Similar entities include the British Independent Police Complaints Commission. Police corruption is a significant widespread problem in many third world countries, such as Russia, Ukraine and Mexico. 3. Corporate Corruption Corporate crime refers to crimes committed either by a corporation (i.e., a business entity having a separate legal personality from the natural persons that manage its activities), or by individuals acting on behalf of a corporation or other business entity (see vicarious liability and corporate liability). Some negative behaviours by corporations may not actually be criminal; laws vary between jurisdictions. For example, some jurisdictions allow insider trading. Corporate crime overlaps with: †¢ White-collar crime, because the majority of individuals who may act as or represent the interests of the corporation are white-collar professionals; †¢ Organized crime, because criminals may set up corporations either for the purposes of crime or as vehicles for laundering the proceeds of crime. The world’s gross criminal product has been estimated at 20 percent of world trade. (de Brie 2000); and †¢ State-corporate crime because, in many contexts, the opportunity to commit crime emerges  from the relationship between the corporation and the state. 4. Corruption in Local Governments There are several types of political corruption that occur in local government. Some are more common than others, and some are more prevalent to local governments than to larger segments of government. Local governments may be more susceptible to corruption because interactions between private individuals and officials happen at greater levels of intimacy and with more frequency at more decentralized levels. Forms of corruption pertaining to money like bribery, extortion, embezzlement, and graft are found in local government systems. Other forms of political corruption are nepotism and patronage systems. Bribery Bribery is the offering of something which is most often money but can also be goods or services in order to gain an unfair advantage. Common advantages can be to sway a person’s opinion, action, or decision, reduce amounts fees collected, speed up a government grants, or change outcomes of legal processes. Extortion Extortion is threatening or inflicting harm to a person, their reputation, or their property in order to unjustly obtain money, actions, services, or other goods from that person. Blackmail is a form of extortion. Embezzlement Embezzlement is the illegal taking or appropriation of money or property that has been entrusted to a person but is actually owned by another. In political terms this is called graft which is when a political office holder unlawfully uses public funds for personal purposes. Nepotism Nepotism is the practice or inclination to favor a group or person who is a relative when giving promotions, jobs, raises, and other benefits to employees. This is often based on the concept of familism which believes that a person must always respect and favor family in all situations including those pertaining to politics and business. This leads some political officials to give privileges and positions of authority to  relatives based on relationships and regardless of their actual abilities. Patronage systems Patronage systems consist of the granting favors, contracts, or appointments to positions by a local public office holder or candidate for a political office in return for political support. Many times patronage is used to gain support and votes in elections or in passing legislation. Patronage systems disregard the formal rules of a local government and use personal instead of formalized channels to gain an advantage. Corruption Perceptions Index Since 1995, Transparency International (TI) publishes the Corruption Perceptions Index (CPI) annually ranking countries by their perceived levels of corruption, as determined by expert assessments and opinion surveys. The CPI generally defines corruption as the misuse of public power for private benefit. The results of the 2010 edition, as every year, are sobering. No region or country in the world is immune to the damages of corruption, the vast majority of them score below 5. The CPI has played a critical role in branding the issue of corruption on the world’s conscience. It sends a powerful message and national governments have been forced to take notice and act. The demand for public sector governance that keeps the interests of its citizens first with openness and accountability is not limited to a country or region – this is a common goal that transcends borders and cultures. The public sector is just one side of a multi-faceted problem though. Transparency International conducts an array of global research, such as the Global Corruption Barometer, a world wide public opinion survey, and the Bribe Payers Index, which measures the likelihood of firms from leading exporting countries to bribe abroad, which taken together enables us to better comprehend the many sides of corruption. Corruption is notoriously difficult to measure. The complexity and secrecy that shroud corrupt deals mean that it is virtually impossible to quantify the financial cost of corruption. The human expense is clear to see though, and it is the poorest that are most vulnerable. The diversity of victims that seek help from one of TI’s Advocacy and Legal Advice Centers shows that corruption can affect anyone. As we support these individuals, their personal triumphs are translated into systemic change – proving that corruption can be fought and  beaten. It may be that the CPI scores are just a number to you, but for many people around the world it is their daily reality. It need not be so. As Huguette Labelle, Chair of Transparency International, notes, â€Å"These 180 countries in our index are your countries, and their perceived levels of corruption will remain as such until you demand accountability.† India in Corruption Perception Index India’s ranking in Transparency International’s Corruption Perception Index too has slipped from 84 to 87 in 2010. All this exhibits a problem that is not going anywhere soon and mocks the high moral ground that we aspire to occupy in the international arena. Corruption has afflicted all the organs of our society including the polity, bureaucracy, judiciary, police, businessmen, and even public at large. It has rendered our governance apparatus hollow and ineffective. Countless efforts to combat corruption have not made any significant dent into this hydra headed monster. The public perception of India has been extensively damaged by the corrupt activities of politicians, bureaucrats and business houses. The telecom spectrum allocation scam – the biggest in the history of independent India – for which a minister, an MP and several corporate bosses are in jail and others are expected soon, the Commonwealth Games scandal in which the whole organizing committee, including the chairman are in jail, politicians grabbing prime real estate in housing Society meant for war widows in Mumbai, and the cash-for-vote scam involving parliamentarians have all badly eroded the public faith in government functioning in India. Corruption is silently eating into the vitals of our nation like termite. Bit by bit, it is denting our dignity and compromising our soul. Not only does it affect only individuals but alarmingly it affects our nation as a whole. India Against Corruption India Against Corruption (IAC) is a citizens movement to demand strong anti-corruption laws. Lokpal bills were introduced several times since 1968, yet they were never passed by the Indian Parliament. After a fast by veteran social activist Anna Hazare and widespread protests by citizens across India the Government of India constituted a 10-member Joint Committee of ministers  and civil society activists to draft an effective Jan Lokpal Bill. The primary focus of IAC movement is to ensure a strong Lokpal bill. This corruption in India does not lead simply to cabinet portfolio shifts or newspaper headlines, but to massive human deprivation and even more extreme income inequalities. Combating corruption in the region is not just about punishing corrupt politicians and bureaucrats but also saving human lives. The IAC is a strictly voluntary organization and its participants are bound by the IAC code of conduct. India Against Corruption Movement – Code Of Conduct 1. The movement is completely NONVIOLENT PEACEFUL  2. It is INCLUSIVE NON-DISCRIMINATORY. Encouraging every community regardless of religion, caste, language, region, culture, sex, age, profession, economic strata, etc. to be part of the movement and be treated equally. 3. The movement is completely SECULAR. Communalism is more dangerous than corruption. Also, the problems of this country cannot be solved without people from all faiths and religions coming together. 4. The volunteers should work in the spirit of SELFLESS SERVICE to fulfill the dream of realizing a strong Jan Lokpal Act for the country without expecting money, name, fame, recognition, etc. for oneself. 5. India Against Corruption is not a Sangathan or an NGO or any institution. It is a people’s movement, a collective expression of the people of India fighting against corruption and seeking a better future. Therefore, the movement cannot have any branches. Rather than an organizational structure, it seeks to develop an efficient communication structure to enable free flow of ideas. Every person participating in the movement does so as a citizen of India with a burning desire to do something for the country. No person is a representative of Anna Hazare or in any other position. 6. FRATERNITY UNITY. People should work with a feeling of brotherhood and avoid conflicts within a group or across groups. The forces opposite us are so powerful. We must stay united if we have to win over them. Deficiencies in the present anti-corruption systems Central Government level: At central Government level, there is Central Vigilance Commission, Departmental vigilance and CBI. CVC and Departmental vigilance deal with vigilance (disciplinary proceedings) aspect of a corruption case and CBI deals with criminal aspect of that case. Central Vigilance Commission: CVC is the apex body for all vigilance cases in Government of India. †¢ However, it does not have adequate resources commensurate with the large number of complaints that it receives. CVC is a very small set up with a staff strength less than 200. It is supposed to check corruption in more than 1500 central government departments and ministries, some of them being as big as Central Excise, Railways, Income Tax etc. Therefore, it has to depend on the vigilance wings of respective departments and forwards most of the complaints for inquiry and report to them. While it monitors the progress of these complaints, there is delay and the complainants are often disturbed by this. It directly enquires into a few complaints on its own, especially when it suspects motivated delays or where senior officials could be implicated. But given the constraints of manpower, such number is really small. †¢ CVC is merely an advisory body. Central Government Departments seek CVC’s advice on various corruption cases. However, they are free to accept or reject CVC’s advice. Even in those cases, which are directly enquired into by the CVC, it can only advise government. CVC mentions these cases of non-acceptance in its monthly reports and the Annual Report to Parliament. But these are not much in focus in Parliamentary debates or by the media. †¢ Experience shows that CVC’s advice to initiate prosecution is rarely accepted and whenever CVC advised major penalty, it was reduced to minor penalty. Therefore, CVC can hardly be treated as an effective deterrent against corruption. †¢ CVC cannot direct CBI to initiate enquiries against any officer of the level of Joint Secretary and above on its own. The CBI has to seek the permission of that department, which obviously would not be granted if the senior officers of that department are involved and they could delay the case or see to it that permission would not be granted. †¢ CVC does not have powers to register criminal case. It deals only with vigilance or disciplinary matters. †¢ It does not have powers over politicians. If there is an involvement of a politician in any case, CVC could at best bring it to the notice of the Government. There are several cases of serious corruption in which officials and political executive are  involved together. †¢ It does not have any direct powers over departmental vigilance wings. Often it is seen that CVC forwards a complaint to a department and then keeps sending reminders to them to enquire and send report. Many a times, the departments just do not comply. CVC does not have any really effective powers over them to seek compliance of its orders. †¢ CVC does not have administrative control over officials in vigilance wings of various central government departments to which it forwards corruption complaints. Though the government does consult CVC before appointing the Chief Vigilance Officers of various departments, however, the final decision lies with the government. Also, the officials below CVO are appointed/transferred by that department only. Only in exceptional cases, if the CVO chooses to bring it to the notice of CVC, CVC could bring pressure on the Department to revoke orders but again such recommendations are not binding. †¢ Appointments to CVC are directly under the control of ruling political party, though the leader of the Opposition is a member of the Committee to select CVC and VCs. But the Committee only considers names put up before it and that is decided by the Government. The appointments are opaque. †¢ Therefore, though CVC is relatively independent in its functioning, it neither has resources nor powers to enquire and take action on complaints of corruption in a manner that meets the expectations of people or act as an effective deterrence against corruption. Departmental Vigilance Wings: Each Department has a vigilance wing, which is manned by officials from the same department (barring a few which have an outsider as Chief Vigilance Officer. However, all the officers under him belong to the same department). †¢ Since the officers in the vigilance wing of a department are from the same department and they can be posted to any position in that department anytime, it is practically impossible for them to be independent and objective while inquiring into complaints against their colleagues and seniors. If a complaint is received against a senior officer, it is impossible to enquire into that complaint because an officer who is in vigilance today might get posted under that senior officer some time in future. †¢ There have been instances of the officials posted in vigilance wing by that department having had a very corrupt past. While in vigilance, they try to scuttle all cases against themselves. They also turn vigilance wing into a hub of corruption, where cases are closed for  consideration. †¢ Departmental vigilance does not investigate into criminal aspect of any case. It does not have the powers to register an FIR. †¢ They also do not have any powers against politicians. †¢ Since the vigilance wing is directly under the control of the Head of that Department, it is practically impossible for them to enquire against senior officials of that department. †¢ Therefore, , the vigilance wing of any department is seen to softpedal on genuine complaints or used to enquire against inconvenient officers. CBI: CBI has powers of a police station to investigate and register FIR. It can investigate any case related to a Central Government department on its own or any case referred to it by any state government or any court. †¢ CBI is overburdened and does not accept cases even where amount of defalcation is alleged to be around Rs 1 crore. †¢ CBI is directly under the administrative control of Central Government. †¢ So, if a complaint pertains to any minister or politician who is part of a ruling coalition or a bureaucrat who is close to them, CBIs credibility has suffered and there is increasing public perception that it cannot do a fair investigation and that it is influenced to to scuttle these cases. †¢ Again, because CBI is directly under the control of Central Government, CBI is perceived to have been often used to settle scores against inconvenient politicians. Therefore, if a citizen wants to make a complaint about corruption by a politician or an official in the Central Government, there isn’t a single anti-corruption agency which is effective and independent of the government, whose wrongdoings are sought to be investigated. CBI has powers but it is not independent. CVC is independent but it does not have sufficient powers or resources. Conclusion We are all part of this historic movement to eradicate corruption. Together, under the leadership of Anna Hazare, the â€Å"Jan Lokpal Bill† – a strong law to ensure swift and certain punishment to the corrupt political leaders and government officials is being drafted. Jan Lokpal Bill is a Law being made by the people and for the people. The success of this campaign depends entirely on us. So we have to support the fight for effective Jan Lokpal Bill. References http://www.google.co.in/ http://www.wikipedia.org/ http://www.indiaagainstcorruption.org

Computer Network Security within Organisations

Computer Network Security within Organisations Networking and Management Introduction A computer network is a connection of two or more computers in order to share resources and data. These shared resources can include devices like printers and other resources like electronic mail, internet access, and file sharing. A computer network can also be seen as a collection of Personal computers and other related devices which are connected together, either with cables or wirelessly, so that they can share information and communicate with one another. Computer networks vary in size. Some networks are needed for areas within a single office, while others are vast or even span the globe. Network management has grown as a career that requires specialized training, and comes with management of important responsibilities, thus creating future opportunities for employment. The resulting expected increase in opportunities should be a determining and persuasive factor for graduates to consider going into network management. Computer networking is a discipline of engineering that involves communication between various computer devices and systems. In computer networking, protocols, routers, routing, and networking across the public internet have specifications that are defined in RFC documents. Computer networking can be seen as a sub-category of computer science, telecommunications, IT and/or computer engineering. Computer networks also depend largely upon the practical and theoretical applications of these engineering and scientific disciplines. In the vastly technological environment of today, most organisations have some kind of network that is used every day. It is essential that the day-to-day operations in such a company or organisation are carried out on a network that runs smoothly. Most companies employ a network administrator or manager to oversee this very important aspect of the company’s business. This is a significant position, as it comes with great responsibilities because an organisation will experience significant operational losses if problems arise within its network. Computer networking also involves the setting up of any set of computers or computer devices and enabling them to exchange information and data. Some examples of computer networks include: Local area networks (LANs) that are made up of small networks which are constrained to a relatively small geographic area. Wide area networks (WANs) which are usually bigger than local area networks, and cover a large geographic area. Wireless LANs and WANs (WLAN WWAN). These represent the wireless equivalent of the Local Area Network and Wide Area Networks Networks involve interconnection to allow communication with a variety of different kinds of media, including twisted-pair copper wire cable, coaxial cable, optical fiber, and various wireless technologies. The devices can be separated by a few meters (e.g. via Bluetooth) or nearly unlimited distances (e.g. via the interconnections of the Internet. (http://en.wikipedia.org/wiki/Computer_networking) TASK 1 TCP connection congestion control Every application, whether it is a small or large application, should perform adaptive congestion control because applications that perform congestion control use a network more efficiently and are generally of better performance. Congestion control algorithms prevent the network from entering Congestive Collapse. Congestive Collapse is a situation where, although the network links are being heavily utilized, very little useful work is being done. The network will soon begin to require applications to perform congestion control, and those applications which do not perform congestion control will be harshly penalized by the network, probably in the form of preferentially dropping their packets during times of congestion (http://www.psc.edu/networking/projects/tcpfriendly/) Principles of Congestion Control Informally, congestion entails that too many sources are sending too much data, and sending them too fast for the network to handle. TCP Congestion Control is not the same as flow control, as there are several differences between TCP Congestion Control and flow control. Other principles of congestion control include Global versus point-2-point, and orthogonal issues. Congestion manifests itself by causing loss of packets (buffer overflow at routers), and long delays (queuing in router buffers). Also, during congestion, there is no explicit feedback from network routers, and there is congestion inferred from end-system observed loss. In network-assisted congestion control, routers provide feedback to end systems, and the explicit rate sender sends at –Choke Packet. Below are some other characteristics and principles of congestion control: When CongWin is below Threshold, sender in slow-start phase, window grows exponentially. When CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold. When timeout occurs, Threshold set to CongWin/2 and CongWin is set to 1 MSS. Avoidance of Congestion It is necessary for the TCP sender to use congestion avoidance and slow start algorithms in controlling the amount of outstanding data that is injected into a network. In order to implement these algorithms, two variables are added to the TCP per-connection state. The congestion window (cwnd) is a sender-side limit on the amount of data the sender can transmit into the network before receiving an acknowledgment (ACK), while the receivers advertised window (rwnd) is a receiver-side limit on the amount of outstanding data. The minimum of cwnd and rwnd governs data transmission. (Stevens, W. and Allman, M. 1998) TCP Flow Control In TCP flow control, the receiving side of the TCP connection possesses a receive buffer, and a speed-matching service which matches the send rate to the receiving application’s drain rate. During flow control, Rcvr advertises any spare room by including value of RcvWindow in segments, and the sender limits unACKed data to RcvWindow. TCP flow control also ensures that there is no overflow of the receive buffer. Round-trip Time Estimation and Timeout TCP Round Trip Time and Timeout are usually longer than RTT, but RTT varies, and has a slow reaction to segment loss. SampleRTT is measured time from segment transmission until ACK receipt, ignore retransmissions, and will vary, want estimated RTT â€Å"smoother† Round-trip time samples arrive with new ACKs. The RTT sample is computed as the difference between the current time and a time echo field in the ACK packet. When the first sample is taken, its value is used as the initial value for srtt. Half the first sample is used as the initial value for rttvar. (Round-Trip Time Estimation and RTO Timeout Selection) There are often problems due to timeouts, including the restriction of the sender that is compelled to wait until a timeout, and is able to do nothing during this period. Also, the first segment in the sliding window is often not acked, and retransmission becomes necessary, waiting again one RTT before the segment flow continues. It should be noted that on receiving the later segments, the receiver sends back ACKs. Estimated RTT EstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTT DevRTT DevRTT = (1 0.25) * DevRTT + | SampleRTT – EstimatedRTT Timeout interval TimeoutInterval = EstimatedRTT + 4 * DevRTT The integrated services (IntServ) and DiffServ (Differentiated Services) architecture are two architectures that have been proposed for the provision of and guaranteeing of quality of service (QoS) over the internet. Whereas the Intserv framework is developed within the IETF to provide individualized QoS guarantees to individual application sessions, Diffserv is geared towards enabling the handling of different classes of traffic in various ways on the internet. These two architectures represent the IETF’s current standards for provision of QoS guarantees, although neither Intserv nor Diffserv have taken off or found widespread acceptance on the web. (a) Integrated Service Architecture In computer networking, the integrated services (IntServ) architecture is an architecture that specifies the elements for the guaranteeing of quality of service (QoS) on the network. For instance, IntServ can be used to allow sound and video to be sent over a network to the receiver without getting interrupted. IntServ specifies a fine-grained Quality of service system, in contrast to DiffServs coarse-grained system of control. In the IntServ architecture, the idea is that each router inside a system implements IntServ, and applications which require various types of guarantees have to make individual reservations. Flow Specs are used to describe the purpose of the reservation, and the underlying mechanism that signals it across the network is called RSVP. TSPECs include token bucket algorithm parameters. The idea is that there is a token bucket which slowly fills up with tokens, arriving at a constant rate. Every packet which is sent requires a token, and if there are no tokens, then it cannot be sent. Thus, the rate at which tokens arrive dictates the average rate of traffic flow, while the depth of the bucket dictates how large the traffic is allowed to be. TSPECs typically just specify the token rate and the bucket depth. For example, a video with a refresh rate of 75 frames per second, with each frame taking 10 packets, might specify a token rate of 750Hz, and a bucket depth of only 10. The bucket depth would be sufficient to accommodate the burst associated with sending an entire frame all at once. On the other hand, a conversation would need a lower token rate, but a much higher bucket depth. This is because there are often pauses in conversations, so they can make do with fewer tokens by not sending the gaps between words and sentences. However, this means the bucket depth needs to be increased to compensate for the traffic being larger. (http://en.wikipedia.org/wiki/Integrated_services) (b) Differentiated Service Architecture The RFC 2475 (An Architecture for Differentiated Services) was published In 1998, by the IETF. Presently, DiffServ has widely replaced other Layer 3 Quality of Service mechanisms (such as IntServ), as the basic protocol that routers use to provide different service levels. DiffServ (Differentiated Services) architecture is a computer networking architecture which specifies a scalable, less complex, coarse-grained mechanism for the classification, management of network traffic and for provision of QoS (Quality of Service) guarantees on modern IP networks. For instance, DiffServ can be used for providing low-latency, guaranteed service (GS) to video, voice or other critical network traffic, while ensuring simple best-effort traffic guarantees to non-critical network services like file transfers and web traffic. Most of the proposed Quality of Service mechanisms which allowed these services to co-exist were complicated and did not adequately meet the demands Internet users because modern data networks carry various kinds of services like streaming music, video, voice, email and also web pages. It would probably be difficult to implement Intserv in the core of the internet because most of the communication between computers connected to the Internet is based on a client/server structural design. This Client/server describes a structure involving the connection of one computer to another for the purpose of giving work instructions or asking it questions. In an arrangement like this, the particular computer that questions and gives out instructions is the client, while the computer that provides answers to the asked questions and responds to the work instructions is the server. The same terms are used to describe the software programs that facilitate the asking and answering. A client application, for instance, presents an on-screen interface for the user to work with at the client computer; the server application welcomes the client and knows how to respond correctly to the clients commands. Any file server or PC can be adapted for use as an Internet server, however a dedicated computer should be chosen. Anyone with a computer and modem can join this network by using a standard phone. Dedicating the server that is, using a computer as a server only helps avoid some security and basic problems that result from sharing the functions of the server. To gain access to the Internet you will require an engineer to install the broadband modem. Then you will be able to use the server to network the Internet on all machines on a network. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) TASK 5 Network security These days, computers are used for everything from shopping and communication to banking and investment. Intruders into a network system (or hackers) do not care about the privacy or identity of network users. Their aim is to gain control of computers on the network so that they can use these systems to launch attacks on other computer systems. Therefore people who use the network for these purposes must be protected from unknown strangers who try to read their sensitive documents, or use their computer to attack other systems, and send forged email, or access their personal information (such as their bank or other financial statements) Security Clauses The International Organisation for Standardizations (ISOs) 17799: 2005 Standard is a code of practice for information security management which provides a broad, non-technical framework for establishing efficient IT controls. The ISO 17799 Standard consists of 11 clauses that are divided into one or more security categories for a total of 39 security categories The security clauses of the ISO standard 17799:2005- code of practice for Information Security Management include: The security Policy clause Organizing Information Security Asset Management. Human Resources Security. Physical and Environmental Security. Communications and Operations. Access Control. Information Systems Acquisition, Development, and Maintenance. Information Security Incident Management. Business Continuity Management. Compliance. (http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209) Here is a brief description of the more recent version of these security clauses: Security Policy: Security policies are the foundation of the security framework and provide direction and information on the companys security posture. This clause states that support for information security should be done in accordance with the companys security policy. Organizing Information Security: This clause addresses the establishment and organizational structure of the security program, including the appropriate management framework for security policy, how information assets should be secured from third parties, and how information security is maintained when processing is outsourced. Asset Management: This clause describes best practices for classifying and protecting assets, including data, software, hardware, and utilities. The clause also provides information on how to classify data, how data should be handled, and how to protect data assets adequately. Human Resources Security: This clause describes best practices for personnel management, including hiring practices, termination procedures, employee training on security controls, dissemination of security policies, and use of incident response procedures. Physical and Environmental Security: As the name implies, this clause addresses the different physical and environmental aspects of security, including best practices organizations can use to mitigate service interruptions, prevent unauthorized physical access, or minimize theft of corporate resources. Communications and Operations: This clause discusses the requirements pertaining to the management and operation of systems and electronic information. Examples of controls to audit in this area include system planning, network management, and e-mail and e-commerce security. Access Control: This security clause describes how access to corporate assets should be managed, including access to digital and nondigital information, as well as network resources. Information Systems Acquisitions, Development, and Maintenance: This section discusses the development of IT systems, including applications created by third-parties, and how security should be incorporated during the development phase. Information Security Incident Management: This clause identifies best practices for communicating information security issues and weaknesses, such as reporting and escalation procedures. Once established, auditors can review existing controls to determine if the company has adequate procedures in place to handle security incidents. Business Continuity Management: The 10th security clause provides information on disaster recovery and business continuity planning. Actions auditors should review include how plans are developed, maintained, tested, and validated, and whether or not the plans address critical business operation components. Compliance: The final clause provides valuable information auditors can use when identifying the compliance level of systems and controls with internal security policies, industry-specific regulations, and government legislation. (Edmead, M. T. 2006 retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) The standard, which was updated in June 2005 to reflect changes in the field of information security, provides a high-level view of information security from different angles and a comprehensive set of information security best practices. More specifically, ISO 17799 is designed for companies that wish to develop effective information security management practices and enhance their IT security efforts. Control Objectives The ISO 17799 Standard contains 11 clauses which are split into security categories, with each category having a clear control objective. There are a total of 39 security categories in the standard. The control objectives in the clauses are designed to meet the risk assessment requirements and they can serve as a practical guideline or common basis for development of effective security management practices and organisational security standards. Therefore, if a company is compliant with the ISO/IEC 17799 Standard, it will most likely meet IT management requirements found in other laws and regulations. However, because different standards strive for different overall objectives, auditors should point out that compliance with 17799 alone will not meet all of the requirements needed for compliance with other laws and regulations. Establishing an ISO/IEC 17799 compliance program could enhance a companys information security controls and IT environment greatly. Conducting an audit evaluation of the standard provides organizations with a quick snapshot of the security infrastructure. Based on this snapshot, senior managers can obtain a high-level view of how well information security is being implemented across the IT environment. In fact, the evaluation can highlight gaps present in security controls and identify areas for improvement. In addition, organizations looking to enhance their IT and security controls could keep in mind other ISO standards, especially current and future standards from the 27000 series, which the ISO has set aside for guidance on security best practices. (Edmead, M. T. 2006 retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) Tree Topology Tree topologies bind multiple star topologies together onto a bus. In its most simple form, only hub devices are directly connected to the tree bus and the hubs function as the root of the device tree. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub ports) alone. Topologies remain an important part of network design theory. It is very simple to build a home or small business network without understanding the difference between a bus design and a star design, but understanding the concepts behind these gives you a deeper understanding of important elements like hubs, broadcasts, ports, and routes. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Use of the ring topology should be considered for use in medium sized companies, and the ring topology would also be the best topology for small companies because it is ensures ease of data transfer. Ring Topology In a ring network, there are two neighbors for each device, so as to enable communication. Messages are passed in the same direction, through a ring which is effectively either counterclockwise or clockwise. If any cable or device fails, this will break the loop and could disable the entire network. Bus Topology Bus networks utilize a common backbone to connect various devices. This backbone, which is a single cable, functions as a shared medium of communication which the devices tap into or attach to, with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Star Topology The star topology is used in a lot of home networks. A star network consists of a central connection point or hub that can be in the form of an actual hub, or a switch. Usually, devices will connect to the switch or hub by an Unshielded Twisted Pair (UTP) Ethernet. Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computers network access and not the entire LAN. If the hub fails, however, the entire network also fails. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Relating the security clauses and control objectives to an organisation In an organisation like the Nurht’s Institute of Information Technology (NIIT), the above mentioned security clauses and control objectives provide a high-level view of information security from different angles and a comprehensive set of information best security practices. Also, the ISO 17799 is designed for companies like NIIT, which aim to enhance their IT security, and to develop effective information security management practices. At NIIT, the local network relies to a considerable degree, on the correct implementation of these security practices and other algorithms so as to avoid congestion collapse, and preserve network stability. An attacker or hacker on the network can cause TCP endpoints to react in a more aggressive way in the face of congestion, by the forging of excessive data acknowledgments, or excess duplicate acknowledgments. Such an attack could possibly cause a portion of the network to go into congestion collapse. The Security Policy clause states that â€Å"support for information security should be done in accordance with the companys security policy.† (Edmead, M. T. 2006). This provides a foundation of the security framework at NIIT, and also provides information and direction on the organisation’s security posture. For instance, this clause helps the company auditors to determine whether the security policy of the company is properly maintained, and also if indeed it is to be disseminated to every employee. The Organizing Information Security clause stipulates that there should be appropriate management framework for the organisation’s security policy. This takes care of the organizational structure of NIIT’s security program, including the right security policy management framework, the securing of information assets from third parties, and the maintenance of information security during outsourced processing. At NIIT, the Security clauses and control objectives define the company’s stand on security and also help to identify the vital areas considered when implementing IT controls. The ISO/IEC 17799s 11 security clauses enable NIIT to accomplish its security objectives by providing a comprehensive set of information security best practices for the company to utilize for enhancement of its IT infrastructure. Conclusion Different businesses require different computer networks, because the type of network utilized in an organisation must be suitable for the organisation. It is advisable for smaller businesses to use the LAN type of network because it is more reliable. The WAN and MAN would be ideal for larger companies, but if an organisation decides to expand, they can then change the type of network they have in use. If an organisation decides to go international, then a Wireless Area Network can be very useful Also, small companies should endeavor to set up their network by using a client/server approach. This would help the company to be more secure and enable them to keep in touch with the activities of others are doing. The client/server would be much better than a peer-to-peer network, it would be more cost-effective. On the average, most organisations have to spend a good amount of money and resources to procure and maintain a reliable and successful network that will be and easy to maintain in the long run. For TCP Congestion Control, when CongWin is below Threshold, sender in slow-start phase, window grows exponentially. If CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold, and threshold set to CongWin/2 and CongWin is set to 1 MSS when a timeout occurs. For a Small Office/Home Office (SOHO), networks such as wireless networks are very suitable. In such a network, there won’t be any need to run wires through walls and under carpets for connectivity. The SOHO user need not worry about plugging their laptop into docking stations every time they come into the office or fumble for clumsy and unattractive network cabling. Wireless networking provides connectivity without the hassle and cost of wiring and expensive docking stations. Also, as the business or home office grows or shrinks, the need for wiring new computers to the network is nonexistent. If the business moves, the network is ready for use as soon as the computers are moved. For the wired impossible networks such as those that might be found in warehouses, wireless will always be the only attractive alternative. As wireless speeds increase, these users have only brighter days in their future. (http://www.nextstep.ir/network.shtml) It is essential to note that the computer network installed in an organisation represents more than just a simple change in the method by which employees communicate. The impact of a particular computer network may dramatically affect the way employees in an organisation work and also affect the way they think. Bibliography Business Editors High-Tech Writers. (2003, July 22). International VoIP Council Launches Fax-Over-IP Working Group. Business Wire. Retrieved July 28, 2003 from ProQuest database. Career Directions (2001 October). Tech Directions, 61(3), 28 Retrieved July 21, 2003 from EBSCOhost database Edmead, M. T. (2006) Are You Familiar with the Most Recent ISO/IEC 17799 Changes? (Retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) FitzGerald, J. (1999), Business Data Communications And Networking Pub: John Wiley Sons Forouzan, B. (1998), Introduction To Data Communications And Networking Pub: Mc- Graw Hill http://www.theiia.org/itaudit http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209 http://www.psc.edu/networking/projects/tcpfriendly/ ISO/IEC 17799:2000 – Code of practice for information security management Published by ISO and the British Standards Institute [http://www.iso.org/] ISO/IEC 17799:2005, Information technology – Security techniques – Code of practice for information security management. Published by ISO [http://www.iso.org/iso/en/prods-services/popstds/informationsecurity.html] Kurose, J. F. Ross, K. W. 2002. Computer Networking A Top-Down Approach Featuring the Internet, 2nd Edition, ISBN: 0-321-17644-8 (the international edition), ISBN: 0-201-97699-4, published by Addison-Wesley, 2002 www.awl.com/cs Ming, D. R. Sudama (1992) NETWORK MONITORING EXPLAINED: DESIGN AND APPLICATION Pub: Ellis Horwood Rigney, S. (1995) NETWORK PLANNING AND MANAGMENT YOUR PERSONAL CONSALTANT Round-Trip Time Estimation and RTO Timeout Selection (retrieved from http://netlab.cse.yzu.edu.tw/ns2/html/doc/node368.html) Shafer, M. (2001, June 11). Careers not so secure? Network Computing, 12(12), 130- Retrieved July 22, 2003 from EBSCOhost database Stevens, W. and Allman, M. (1998) TCP Implementation Working Group (retrieved from http://www.ietf.org/proceedings/98aug/I-D/draft-ietf-tcpimpl-cong-control-00.txt) Watson, S (2002). The Network Troubleshooters. Computerworld 36(38), 54. (Retrieved July 21, 2003 from EBSCOhost database) Wesley, A. (2000), Internet Users Guide to Network Resource Tools 1st Ed, Pub: Netskils www.microsoft.co.uk www.apple.com www.apple.co.uk www.bized.com http://www.nextstep.ir/network.shtml www.novell.com www.apple.com/business www.microsoft.com/networking/e-mails www.engin.umich.edu www.microsoft.com Computer Network Security within Organisations Computer Network Security within Organisations Networking and Management Introduction A computer network is a connection of two or more computers in order to share resources and data. These shared resources can include devices like printers and other resources like electronic mail, internet access, and file sharing. A computer network can also be seen as a collection of Personal computers and other related devices which are connected together, either with cables or wirelessly, so that they can share information and communicate with one another. Computer networks vary in size. Some networks are needed for areas within a single office, while others are vast or even span the globe. Network management has grown as a career that requires specialized training, and comes with management of important responsibilities, thus creating future opportunities for employment. The resulting expected increase in opportunities should be a determining and persuasive factor for graduates to consider going into network management. Computer networking is a discipline of engineering that involves communication between various computer devices and systems. In computer networking, protocols, routers, routing, and networking across the public internet have specifications that are defined in RFC documents. Computer networking can be seen as a sub-category of computer science, telecommunications, IT and/or computer engineering. Computer networks also depend largely upon the practical and theoretical applications of these engineering and scientific disciplines. In the vastly technological environment of today, most organisations have some kind of network that is used every day. It is essential that the day-to-day operations in such a company or organisation are carried out on a network that runs smoothly. Most companies employ a network administrator or manager to oversee this very important aspect of the company’s business. This is a significant position, as it comes with great responsibilities because an organisation will experience significant operational losses if problems arise within its network. Computer networking also involves the setting up of any set of computers or computer devices and enabling them to exchange information and data. Some examples of computer networks include: Local area networks (LANs) that are made up of small networks which are constrained to a relatively small geographic area. Wide area networks (WANs) which are usually bigger than local area networks, and cover a large geographic area. Wireless LANs and WANs (WLAN WWAN). These represent the wireless equivalent of the Local Area Network and Wide Area Networks Networks involve interconnection to allow communication with a variety of different kinds of media, including twisted-pair copper wire cable, coaxial cable, optical fiber, and various wireless technologies. The devices can be separated by a few meters (e.g. via Bluetooth) or nearly unlimited distances (e.g. via the interconnections of the Internet. (http://en.wikipedia.org/wiki/Computer_networking) TASK 1 TCP connection congestion control Every application, whether it is a small or large application, should perform adaptive congestion control because applications that perform congestion control use a network more efficiently and are generally of better performance. Congestion control algorithms prevent the network from entering Congestive Collapse. Congestive Collapse is a situation where, although the network links are being heavily utilized, very little useful work is being done. The network will soon begin to require applications to perform congestion control, and those applications which do not perform congestion control will be harshly penalized by the network, probably in the form of preferentially dropping their packets during times of congestion (http://www.psc.edu/networking/projects/tcpfriendly/) Principles of Congestion Control Informally, congestion entails that too many sources are sending too much data, and sending them too fast for the network to handle. TCP Congestion Control is not the same as flow control, as there are several differences between TCP Congestion Control and flow control. Other principles of congestion control include Global versus point-2-point, and orthogonal issues. Congestion manifests itself by causing loss of packets (buffer overflow at routers), and long delays (queuing in router buffers). Also, during congestion, there is no explicit feedback from network routers, and there is congestion inferred from end-system observed loss. In network-assisted congestion control, routers provide feedback to end systems, and the explicit rate sender sends at –Choke Packet. Below are some other characteristics and principles of congestion control: When CongWin is below Threshold, sender in slow-start phase, window grows exponentially. When CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold. When timeout occurs, Threshold set to CongWin/2 and CongWin is set to 1 MSS. Avoidance of Congestion It is necessary for the TCP sender to use congestion avoidance and slow start algorithms in controlling the amount of outstanding data that is injected into a network. In order to implement these algorithms, two variables are added to the TCP per-connection state. The congestion window (cwnd) is a sender-side limit on the amount of data the sender can transmit into the network before receiving an acknowledgment (ACK), while the receivers advertised window (rwnd) is a receiver-side limit on the amount of outstanding data. The minimum of cwnd and rwnd governs data transmission. (Stevens, W. and Allman, M. 1998) TCP Flow Control In TCP flow control, the receiving side of the TCP connection possesses a receive buffer, and a speed-matching service which matches the send rate to the receiving application’s drain rate. During flow control, Rcvr advertises any spare room by including value of RcvWindow in segments, and the sender limits unACKed data to RcvWindow. TCP flow control also ensures that there is no overflow of the receive buffer. Round-trip Time Estimation and Timeout TCP Round Trip Time and Timeout are usually longer than RTT, but RTT varies, and has a slow reaction to segment loss. SampleRTT is measured time from segment transmission until ACK receipt, ignore retransmissions, and will vary, want estimated RTT â€Å"smoother† Round-trip time samples arrive with new ACKs. The RTT sample is computed as the difference between the current time and a time echo field in the ACK packet. When the first sample is taken, its value is used as the initial value for srtt. Half the first sample is used as the initial value for rttvar. (Round-Trip Time Estimation and RTO Timeout Selection) There are often problems due to timeouts, including the restriction of the sender that is compelled to wait until a timeout, and is able to do nothing during this period. Also, the first segment in the sliding window is often not acked, and retransmission becomes necessary, waiting again one RTT before the segment flow continues. It should be noted that on receiving the later segments, the receiver sends back ACKs. Estimated RTT EstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTT DevRTT DevRTT = (1 0.25) * DevRTT + | SampleRTT – EstimatedRTT Timeout interval TimeoutInterval = EstimatedRTT + 4 * DevRTT The integrated services (IntServ) and DiffServ (Differentiated Services) architecture are two architectures that have been proposed for the provision of and guaranteeing of quality of service (QoS) over the internet. Whereas the Intserv framework is developed within the IETF to provide individualized QoS guarantees to individual application sessions, Diffserv is geared towards enabling the handling of different classes of traffic in various ways on the internet. These two architectures represent the IETF’s current standards for provision of QoS guarantees, although neither Intserv nor Diffserv have taken off or found widespread acceptance on the web. (a) Integrated Service Architecture In computer networking, the integrated services (IntServ) architecture is an architecture that specifies the elements for the guaranteeing of quality of service (QoS) on the network. For instance, IntServ can be used to allow sound and video to be sent over a network to the receiver without getting interrupted. IntServ specifies a fine-grained Quality of service system, in contrast to DiffServs coarse-grained system of control. In the IntServ architecture, the idea is that each router inside a system implements IntServ, and applications which require various types of guarantees have to make individual reservations. Flow Specs are used to describe the purpose of the reservation, and the underlying mechanism that signals it across the network is called RSVP. TSPECs include token bucket algorithm parameters. The idea is that there is a token bucket which slowly fills up with tokens, arriving at a constant rate. Every packet which is sent requires a token, and if there are no tokens, then it cannot be sent. Thus, the rate at which tokens arrive dictates the average rate of traffic flow, while the depth of the bucket dictates how large the traffic is allowed to be. TSPECs typically just specify the token rate and the bucket depth. For example, a video with a refresh rate of 75 frames per second, with each frame taking 10 packets, might specify a token rate of 750Hz, and a bucket depth of only 10. The bucket depth would be sufficient to accommodate the burst associated with sending an entire frame all at once. On the other hand, a conversation would need a lower token rate, but a much higher bucket depth. This is because there are often pauses in conversations, so they can make do with fewer tokens by not sending the gaps between words and sentences. However, this means the bucket depth needs to be increased to compensate for the traffic being larger. (http://en.wikipedia.org/wiki/Integrated_services) (b) Differentiated Service Architecture The RFC 2475 (An Architecture for Differentiated Services) was published In 1998, by the IETF. Presently, DiffServ has widely replaced other Layer 3 Quality of Service mechanisms (such as IntServ), as the basic protocol that routers use to provide different service levels. DiffServ (Differentiated Services) architecture is a computer networking architecture which specifies a scalable, less complex, coarse-grained mechanism for the classification, management of network traffic and for provision of QoS (Quality of Service) guarantees on modern IP networks. For instance, DiffServ can be used for providing low-latency, guaranteed service (GS) to video, voice or other critical network traffic, while ensuring simple best-effort traffic guarantees to non-critical network services like file transfers and web traffic. Most of the proposed Quality of Service mechanisms which allowed these services to co-exist were complicated and did not adequately meet the demands Internet users because modern data networks carry various kinds of services like streaming music, video, voice, email and also web pages. It would probably be difficult to implement Intserv in the core of the internet because most of the communication between computers connected to the Internet is based on a client/server structural design. This Client/server describes a structure involving the connection of one computer to another for the purpose of giving work instructions or asking it questions. In an arrangement like this, the particular computer that questions and gives out instructions is the client, while the computer that provides answers to the asked questions and responds to the work instructions is the server. The same terms are used to describe the software programs that facilitate the asking and answering. A client application, for instance, presents an on-screen interface for the user to work with at the client computer; the server application welcomes the client and knows how to respond correctly to the clients commands. Any file server or PC can be adapted for use as an Internet server, however a dedicated computer should be chosen. Anyone with a computer and modem can join this network by using a standard phone. Dedicating the server that is, using a computer as a server only helps avoid some security and basic problems that result from sharing the functions of the server. To gain access to the Internet you will require an engineer to install the broadband modem. Then you will be able to use the server to network the Internet on all machines on a network. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) TASK 5 Network security These days, computers are used for everything from shopping and communication to banking and investment. Intruders into a network system (or hackers) do not care about the privacy or identity of network users. Their aim is to gain control of computers on the network so that they can use these systems to launch attacks on other computer systems. Therefore people who use the network for these purposes must be protected from unknown strangers who try to read their sensitive documents, or use their computer to attack other systems, and send forged email, or access their personal information (such as their bank or other financial statements) Security Clauses The International Organisation for Standardizations (ISOs) 17799: 2005 Standard is a code of practice for information security management which provides a broad, non-technical framework for establishing efficient IT controls. The ISO 17799 Standard consists of 11 clauses that are divided into one or more security categories for a total of 39 security categories The security clauses of the ISO standard 17799:2005- code of practice for Information Security Management include: The security Policy clause Organizing Information Security Asset Management. Human Resources Security. Physical and Environmental Security. Communications and Operations. Access Control. Information Systems Acquisition, Development, and Maintenance. Information Security Incident Management. Business Continuity Management. Compliance. (http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209) Here is a brief description of the more recent version of these security clauses: Security Policy: Security policies are the foundation of the security framework and provide direction and information on the companys security posture. This clause states that support for information security should be done in accordance with the companys security policy. Organizing Information Security: This clause addresses the establishment and organizational structure of the security program, including the appropriate management framework for security policy, how information assets should be secured from third parties, and how information security is maintained when processing is outsourced. Asset Management: This clause describes best practices for classifying and protecting assets, including data, software, hardware, and utilities. The clause also provides information on how to classify data, how data should be handled, and how to protect data assets adequately. Human Resources Security: This clause describes best practices for personnel management, including hiring practices, termination procedures, employee training on security controls, dissemination of security policies, and use of incident response procedures. Physical and Environmental Security: As the name implies, this clause addresses the different physical and environmental aspects of security, including best practices organizations can use to mitigate service interruptions, prevent unauthorized physical access, or minimize theft of corporate resources. Communications and Operations: This clause discusses the requirements pertaining to the management and operation of systems and electronic information. Examples of controls to audit in this area include system planning, network management, and e-mail and e-commerce security. Access Control: This security clause describes how access to corporate assets should be managed, including access to digital and nondigital information, as well as network resources. Information Systems Acquisitions, Development, and Maintenance: This section discusses the development of IT systems, including applications created by third-parties, and how security should be incorporated during the development phase. Information Security Incident Management: This clause identifies best practices for communicating information security issues and weaknesses, such as reporting and escalation procedures. Once established, auditors can review existing controls to determine if the company has adequate procedures in place to handle security incidents. Business Continuity Management: The 10th security clause provides information on disaster recovery and business continuity planning. Actions auditors should review include how plans are developed, maintained, tested, and validated, and whether or not the plans address critical business operation components. Compliance: The final clause provides valuable information auditors can use when identifying the compliance level of systems and controls with internal security policies, industry-specific regulations, and government legislation. (Edmead, M. T. 2006 retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) The standard, which was updated in June 2005 to reflect changes in the field of information security, provides a high-level view of information security from different angles and a comprehensive set of information security best practices. More specifically, ISO 17799 is designed for companies that wish to develop effective information security management practices and enhance their IT security efforts. Control Objectives The ISO 17799 Standard contains 11 clauses which are split into security categories, with each category having a clear control objective. There are a total of 39 security categories in the standard. The control objectives in the clauses are designed to meet the risk assessment requirements and they can serve as a practical guideline or common basis for development of effective security management practices and organisational security standards. Therefore, if a company is compliant with the ISO/IEC 17799 Standard, it will most likely meet IT management requirements found in other laws and regulations. However, because different standards strive for different overall objectives, auditors should point out that compliance with 17799 alone will not meet all of the requirements needed for compliance with other laws and regulations. Establishing an ISO/IEC 17799 compliance program could enhance a companys information security controls and IT environment greatly. Conducting an audit evaluation of the standard provides organizations with a quick snapshot of the security infrastructure. Based on this snapshot, senior managers can obtain a high-level view of how well information security is being implemented across the IT environment. In fact, the evaluation can highlight gaps present in security controls and identify areas for improvement. In addition, organizations looking to enhance their IT and security controls could keep in mind other ISO standards, especially current and future standards from the 27000 series, which the ISO has set aside for guidance on security best practices. (Edmead, M. T. 2006 retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) Tree Topology Tree topologies bind multiple star topologies together onto a bus. In its most simple form, only hub devices are directly connected to the tree bus and the hubs function as the root of the device tree. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub ports) alone. Topologies remain an important part of network design theory. It is very simple to build a home or small business network without understanding the difference between a bus design and a star design, but understanding the concepts behind these gives you a deeper understanding of important elements like hubs, broadcasts, ports, and routes. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Use of the ring topology should be considered for use in medium sized companies, and the ring topology would also be the best topology for small companies because it is ensures ease of data transfer. Ring Topology In a ring network, there are two neighbors for each device, so as to enable communication. Messages are passed in the same direction, through a ring which is effectively either counterclockwise or clockwise. If any cable or device fails, this will break the loop and could disable the entire network. Bus Topology Bus networks utilize a common backbone to connect various devices. This backbone, which is a single cable, functions as a shared medium of communication which the devices tap into or attach to, with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Star Topology The star topology is used in a lot of home networks. A star network consists of a central connection point or hub that can be in the form of an actual hub, or a switch. Usually, devices will connect to the switch or hub by an Unshielded Twisted Pair (UTP) Ethernet. Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computers network access and not the entire LAN. If the hub fails, however, the entire network also fails. (www.redbooks.ibm.com/redbooks/pdfs/sg246380.pdf) Relating the security clauses and control objectives to an organisation In an organisation like the Nurht’s Institute of Information Technology (NIIT), the above mentioned security clauses and control objectives provide a high-level view of information security from different angles and a comprehensive set of information best security practices. Also, the ISO 17799 is designed for companies like NIIT, which aim to enhance their IT security, and to develop effective information security management practices. At NIIT, the local network relies to a considerable degree, on the correct implementation of these security practices and other algorithms so as to avoid congestion collapse, and preserve network stability. An attacker or hacker on the network can cause TCP endpoints to react in a more aggressive way in the face of congestion, by the forging of excessive data acknowledgments, or excess duplicate acknowledgments. Such an attack could possibly cause a portion of the network to go into congestion collapse. The Security Policy clause states that â€Å"support for information security should be done in accordance with the companys security policy.† (Edmead, M. T. 2006). This provides a foundation of the security framework at NIIT, and also provides information and direction on the organisation’s security posture. For instance, this clause helps the company auditors to determine whether the security policy of the company is properly maintained, and also if indeed it is to be disseminated to every employee. The Organizing Information Security clause stipulates that there should be appropriate management framework for the organisation’s security policy. This takes care of the organizational structure of NIIT’s security program, including the right security policy management framework, the securing of information assets from third parties, and the maintenance of information security during outsourced processing. At NIIT, the Security clauses and control objectives define the company’s stand on security and also help to identify the vital areas considered when implementing IT controls. The ISO/IEC 17799s 11 security clauses enable NIIT to accomplish its security objectives by providing a comprehensive set of information security best practices for the company to utilize for enhancement of its IT infrastructure. Conclusion Different businesses require different computer networks, because the type of network utilized in an organisation must be suitable for the organisation. It is advisable for smaller businesses to use the LAN type of network because it is more reliable. The WAN and MAN would be ideal for larger companies, but if an organisation decides to expand, they can then change the type of network they have in use. If an organisation decides to go international, then a Wireless Area Network can be very useful Also, small companies should endeavor to set up their network by using a client/server approach. This would help the company to be more secure and enable them to keep in touch with the activities of others are doing. The client/server would be much better than a peer-to-peer network, it would be more cost-effective. On the average, most organisations have to spend a good amount of money and resources to procure and maintain a reliable and successful network that will be and easy to maintain in the long run. For TCP Congestion Control, when CongWin is below Threshold, sender in slow-start phase, window grows exponentially. If CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold, and threshold set to CongWin/2 and CongWin is set to 1 MSS when a timeout occurs. For a Small Office/Home Office (SOHO), networks such as wireless networks are very suitable. In such a network, there won’t be any need to run wires through walls and under carpets for connectivity. The SOHO user need not worry about plugging their laptop into docking stations every time they come into the office or fumble for clumsy and unattractive network cabling. Wireless networking provides connectivity without the hassle and cost of wiring and expensive docking stations. Also, as the business or home office grows or shrinks, the need for wiring new computers to the network is nonexistent. If the business moves, the network is ready for use as soon as the computers are moved. For the wired impossible networks such as those that might be found in warehouses, wireless will always be the only attractive alternative. As wireless speeds increase, these users have only brighter days in their future. (http://www.nextstep.ir/network.shtml) It is essential to note that the computer network installed in an organisation represents more than just a simple change in the method by which employees communicate. The impact of a particular computer network may dramatically affect the way employees in an organisation work and also affect the way they think. Bibliography Business Editors High-Tech Writers. (2003, July 22). International VoIP Council Launches Fax-Over-IP Working Group. Business Wire. Retrieved July 28, 2003 from ProQuest database. Career Directions (2001 October). Tech Directions, 61(3), 28 Retrieved July 21, 2003 from EBSCOhost database Edmead, M. T. (2006) Are You Familiar with the Most Recent ISO/IEC 17799 Changes? (Retrieved from http://www.theiia.org/ITAuditArchive/?aid=2209iid=467) FitzGerald, J. (1999), Business Data Communications And Networking Pub: John Wiley Sons Forouzan, B. (1998), Introduction To Data Communications And Networking Pub: Mc- Graw Hill http://www.theiia.org/itaudit http://www.theiia.org/ITAuditArchive/index.cfm?act=ITAudit.printiiid=467aid=2209 http://www.psc.edu/networking/projects/tcpfriendly/ ISO/IEC 17799:2000 – Code of practice for information security management Published by ISO and the British Standards Institute [http://www.iso.org/] ISO/IEC 17799:2005, Information technology – Security techniques – Code of practice for information security management. Published by ISO [http://www.iso.org/iso/en/prods-services/popstds/informationsecurity.html] Kurose, J. F. Ross, K. W. 2002. Computer Networking A Top-Down Approach Featuring the Internet, 2nd Edition, ISBN: 0-321-17644-8 (the international edition), ISBN: 0-201-97699-4, published by Addison-Wesley, 2002 www.awl.com/cs Ming, D. R. Sudama (1992) NETWORK MONITORING EXPLAINED: DESIGN AND APPLICATION Pub: Ellis Horwood Rigney, S. (1995) NETWORK PLANNING AND MANAGMENT YOUR PERSONAL CONSALTANT Round-Trip Time Estimation and RTO Timeout Selection (retrieved from http://netlab.cse.yzu.edu.tw/ns2/html/doc/node368.html) Shafer, M. (2001, June 11). Careers not so secure? Network Computing, 12(12), 130- Retrieved July 22, 2003 from EBSCOhost database Stevens, W. and Allman, M. (1998) TCP Implementation Working Group (retrieved from http://www.ietf.org/proceedings/98aug/I-D/draft-ietf-tcpimpl-cong-control-00.txt) Watson, S (2002). The Network Troubleshooters. Computerworld 36(38), 54. (Retrieved July 21, 2003 from EBSCOhost database) Wesley, A. (2000), Internet Users Guide to Network Resource Tools 1st Ed, Pub: Netskils www.microsoft.co.uk www.apple.com www.apple.co.uk www.bized.com http://www.nextstep.ir/network.shtml www.novell.com www.apple.com/business www.microsoft.com/networking/e-mails www.engin.umich.edu www.microsoft.com