Agroforestry Research Essay

Agroforestry is an integrated approach of using the interactive benefits from combining trees and shrubs with crops and/or livestock. It combines agricultural and forestry technologies to create more diverse, productive, profitable, healthy, and sustainable land-use systems.[1] A narrow definition of agroforestry is â€Å"trees on farms.† As a science The theoretical base for agroforestry comes from ecology, via agroecology.[3] From this perspective, agroforestry is one of the three principal land-use sciences. The other two are agriculture and forestry.[4] The efficiency of photosynthesis drops off with increasing light intensity, and the rate of photosynthesis hardly increases once the light intensity is over about one tenth that of direct overhead sun. This means that plants under trees can still grow well even though they get less light. By having more than one level of vegetation, it is possible to get more photosynthesis than with a single layer. Agroforestry has a lot in common with intercropping. Both have two or more plant species (such as nitrogen-fixing plants) in close interaction, both provide multiple outputs, as a consequence, higher overall yields and, because a single application or input is shared, costs are reduced. Beyond these, there are gains specific to agroforestry. Benefits Further information: Ecoscaping Agroforestry systems can be advantageous over conventional agricultural and forest production methods. They can offer increased productivity, economic benefits, and more diversity in the ecological goods and services provided.[5] Biodiversity in agroforestry systems is typically higher than in conventional agricultural systems. With two or more interacting plant species in a given land area, it creates a more complex habitat that can support a wider variety of birds, insects, and other animals. Depending upon the application, potential impacts of agroforestry can include: †¢Reducing poverty through increased production of wood and other tree products for home consumption and sale †¢Contributing to food security by restoring the soil fertility for food crops †¢Cleaner water through reduced nutrient and soil runoff †¢Countering global warming and the risk of hunger by increasing the number of drought-resistant trees and the subsequent production of fruits, nuts and edible oils †¢Reducing deforestation and pressure on woodlands by providing farm-grown fuelwood †¢Reducing or eliminating the need for toxic chemicals (insecticides, herbicides, etc.) †¢Through more diverse farm outputs, improved human nutrition †¢In situations where people have limited access to mainstream medicines, providing growing space for medicinal plants Agroforestry practices may also realize a number of other associated environmental goals, such as: †¢Carbon sequestration †¢Odour, dust, and noise reduction †¢Green space and visual aesthetics †¢Enhancement or maintenance of wildlife habitat Adaptation to Climate Change There is some evidence that, especially in recent years, poor smallholder farmers are turning to agroforestry as a mean to adapt to the impacts of climate change. A study from the CGIAR research program on Climate Change, Agriculture and Food Security (CCAFS) found from a survey of over 700 households in East Africa that at least 50% of those households had begun planting trees on their farms in a change from their practices 10 years ago.[6] The trees ameliorate the effects of climate change by helping to stabilize erosion, improving water and soil quality and providing yields of fruit, tea, coffee, oil, fodder and medicinal products in addition to their usual harvest. Agroforestry was one of the most widely adopted adaptation strategies in the study, along with the use of improved crop varieties and intercropping.[6] Applications Agroforestry represents a wide diversity in application and in practice. One listing includes over 40 distinct uses.[3] The 40 or so applications can be roughly classified under a few broad headings. There are visual similarities between practices in different categories. This is expected as categorization is based around the problems addressed (countering winds, high rainfall, harmful insects, etc.) and the overall economic constraints and objectives (labor and other inputs costs, yield requirements, etc.). The categories include : †¢Parklands †¢Shade systems †¢Crop-over-tree systems †¢Alley cropping †¢Strip cropping †¢Fauna-based systems †¢Boundary systems †¢Taungyas †¢Physical support systems †¢Agroforests. Parkland Parklands are visually defined by the presence of trees widely scattered over a large agricultural plot or pasture. The trees are usually of a single species with clear regional favorites. Among the benefits, the trees offer shade to grazing animals, protect crops against strong wind bursts, provide tree prunings for firewood, and are a roost for insect or rodent-eating birds. There are other gains. Research with Faidherbia albida in Zambia showed that mature trees can sustain maize yields of 4.1 tonnes per hectare compared to 1.3 tonnes per hectare without these trees. Unlike other trees, Faidherbia sheds its nitrogen-rich leaves during the rainy crop growing season so it does not compete with the crop for light, nutrients and water. The leaves then regrow during the dry season and provide land cover and shade for crops.[7] Shade systems With shade applications, crops are purposely raised under tree canopies and within the resulting shady environment. For most uses, the understory crops are shade tolerant or the overstory trees have fairly open canopies. A conspicuous example is shade-grown coffee. This practice reduces weeding costs and increases the quality and taste of the coffee.[8][9] Crop-over-tree systems Not commonly encountered, crop-over-tree systems employ woody perennials in the role of a cover crop. For this, small shrubs or trees pruned to near ground level are utilized. The purpose, as with any cover crop, is to increase in-soil nutrients and/or to reduce soil erosion. Alley cropping With alley cropping, crop strips alternate with rows of closely spaced tree or hedge species. Normally, the trees are pruned before planting the crop. The cut leafy material is spread over the crop area to provide nutrients for the crop. In addition to nutrients, the hedges serve as windbreaks and eliminate soil erosion. Alley cropping has been shown to be advantagous in Africa, particularly in relation to improving maize yields in the sub-Saharan region. Use here relies upon the nitrogen fixing tree species Sesbania sesban, Tephrosia vogelii, Gliricidia sepium and Faidherbia albida. In one example, a ten-year experiment in Malawi showed that, by using fertilizer trees such as Tephrosia vogelii and Gliricidia sepium, maize yields averaged 3.7 tonnes per hectare as compared to one tonne per hectare in plots without fertilizer trees or mineral fertilizer.[10] Strip cropping Strip cropping is similar to alley cropping in that trees alternate with crops. The difference is that, with alley cropping, the trees are in single row. With strip cropping, the trees or shrubs are planted in wide strip. The purpose can be, as with alley cropping, to provide nutrients, in leaf form, to the crop. With strip cropping, the trees can have a purely productive role, providing fruits, nuts, etc. while, at the same time, protecting nearby crops from soil erosion and harmful winds. Fauna-based systems Silvopasture over the years (Australia). There are situations where trees benefit fauna. The most common examples are the silvopasture where cattle, goats, or sheep browse on grasses grown under trees.[11] In hot climates, the animals are less stressed and put on weight faster when grazing in a cooler, shaded environment. Other variations have these animals directly eating the leaves of trees or shrubs. There are similar systems for other types of fauna. Deer and hogs gain when living and feeding in a forest ecosystem, especially when the tree forage suits their dietary needs. Another variation, aquaforestry, is where trees shade fish ponds. In many cases, the fish eat the leaves or fruit from the trees. Boundary systems A riparian buffer bordering a river in Iowa. The are a number of applications that fall under the heading of a boundary system. These include the living fences, the riparian buffer, and windbreaks. †¢A living fence can be a thick hedge or fencing wire strung on living trees. In addition to restricting the movement of people and animals, living fences offer habitat to insect-eating birds and, in the case of a boundary hedge, slow soil erosion. †¢Riparian buffers are strips of permanent vegetation located along or near active watercourses or in ditches where water runoff concentrates. The purpose is to keep nutrients and soil from contaminating surface water. †¢Windbreaks reduce the velocity of the winds over and around crops. This increases yields through reduced drying of the crop and/or by preventing the crop from toppling in strong wind gusts. Taungyas Taungya is a system originating in Burma. In the initial stages of an orchard or tree plantation, the trees are small and widely spaced. The free space between the newly planted trees can accommodate a seasonal crop. Instead of costly weeding, the underutilized area provides an additional output and income. More complex taungyas use the between-tree space for a series of crops. The crops become more shade resistant as the tree canopies grow and the amount of sunlight reaching the ground declines. If a plantation is thinned in the latter stages, this opens further the between-tree cropping opportunities. Physical support systems In the long history of agriculture, trellises are comparatively recent. Before this, grapes and other vine crops were raised atop pruned trees. Variations of the physical support theme depend upon the type of vine. The advantages come through greater in-field biodiversity. In many cases, the control of weeds, diseases, and insect pests are a primary motive. Agroforests These are widely found in the humid tropics and are referenced by different names (forest gardening, forest farming, tropical home gardens and, where short-statured trees or shrubs dominate, shrub gardens). Agroforests, in many ways, epitomize agroforestry. Through a complex, disarrayed mix of trees, shrubs, vines, and seasonal crops, these systems, through their high levels of biodiversity, achieve the ecological dynamics of a forest ecosystem. Because of the internal ecology, they tend to be less susceptible to harmful insects, plant diseases, drought, and wind damage. Although they can be high yielding, complex systems tend to produce a large number of outputs. These are not utilized when a large volume of a single crop or output is required.

Principles of Development

PRINCIPLES OF DEVELOPMENT –Early foundations are critical. –Role of maturation and learning. –Follows definite and predictable pattern. –All individuals are different. –Each phase has characteristic behaviour. –Each phase of development has hazards. –Development is aided by simulation. –devt: is affected by cultural changes. –Social expectations in every stage. –Traditional beliefs about people of all ages. ?STAGES IN LIFE SPAN 1. PRE-NATAL PERIOD – CONCEPTION – BIRTH 2. INFANCY -Birth- end of 2w 3. BABYHOOD – 2w- 2y 4. EARLY CHILDHOOD -2-6 5.LATE CHILDHOOD -6-12 6. PUBERTY -10/11 -13/14 7. ADOLESCENCE -13/14 – 18 8. EARLY ADULTHOOD -18-40 9. MIDDLE AGE -40-50 MA / 50-60 LA 10. OLD AGE -60 -Death ?Pre-natal 270-280 days. 10 lunar months Basic body structure and organs form Rapid physical growth Vulnerability to environmental influence is great 1. Heredity endowment 2. Heredity potentials influenced strongly by envt. 3. Fixing up of sex 4. High rate of growth(1cell to 20 inches length) 5. Period of hazards 6. Attitude of significant people ?Pre-natal Hazards Period of Zygote ?starvation, Lack of Uterine preparation ? implanting wrongly, Period of Embryo ?miscarriage, ?Developmental irregularities Period of Foetus ?miscarriage, ?Pre-maturity, ?delivery complications, ?developmental Irregularities, ?Factors influence development –Age of mother, –Illness and infections –Blood RH factor –Birth complications –Drugs, x-rays, envtl. Hazards, –Paternal factors-smok,alcohol, radiations , pesticide –Maternal emotions –Diet and physical condition of the mother –Hormones ?Infancy- neonate. ?Extreme helplessness ?Shortest period ?Radical adjustment ?Loss of weight Disorganized behaviour ?High mortality ?Physical devt. ?Increase height& weight, muscles ?Bones and skeleton transformed ?Brain cells grows ?Breast feeding starts ?Reflex of new born ?Sex determination ?Nature –Nurture influence *physical- obesity,aging *cognitive-IQ *psycho-social- Personality-reacting to situations, extrovert, depression, leadership,nail biting,sleepwalking,other emotions & disorders like schizophrenia, infantile autism, alcoholism. ?Sensory capacity increases ?Touch is the earliest sense ?Smell- can distinguish different odour ?Taste sense well developed Hearing is least developed ?Vision- half of the adult- color vision is absent or minimal ? SIDS-sudden infant death syndrome-crib death Motor development ?Head control ?Hand control ?Locomotion ?Grasping ?Rolling over ?Sitting up ?Crawling ?Standing Common problems Unfavorable parental environment Multiple birth Complicated birth Post maturity- pre-maturity Infant mortality Psychological –traditional beliefs Helplessness , developmental lag, plateau, lack of stimulation, new parent blue, unfavorable attitude,.. ?Babyhood ?1. True foundation,- 2. ,Age of rapid growth & devt. 3Decreasing dependency 4 Increased individuality 5 Beginning of socialization 6. Sex role typing7. Appealing age 8,Age of creativity ? Hazardous—–(Ph)mortality, crib death, illness, accidents, malnutrition, foundation of obesity, habits, (Psy)-delayed motor devt. , delayed speech, emotional,play,social, family, // ? Rolling over , Sitting up, Crawling , Standing ?Play years 2-6 ?Physical growth ,Language devt. – chatter box , Socialisation , Peer influence, Negativism, self-centered, increased independence . Trust-vs-mistrust ,Personality-emotional, temperamental, cognitive ctivity level- regularity & predictability approach/withdrwal- initial response ?Age of troublesome, pre-school, pre-gang age ?Child abuse & neglect ?Causes__ characteristics of abuser ?90% at home, 90% not psychotic, unrealistic expectations ? Victim ?Families ?Communities ?Cultures ?Parent – child relationship ?Attachment behaviour ?Sibling relation- regress t o earlier behaviour, suck thir thumb, wet their parent, use baby talk etc ? Father to take care- interaction-play style ?Playmates ?Stranger anxiety & separation anxiety-starts 6months,active father care reduces St.A. sep. ax. related to attachment Behaviour ? Institutionalization- not harmful, if attachment and opportunities available- eg-MR ? Sociability-1-2 less, 2-increase interest in peers, imitation vocally . ?School years 6-12 ?Learning physical skills ?Learning to get along with agemate ?Appropriate sex roles ?Develop fundamental skills- reading,writing,calculating ? Develop concepts of everyday life ?Develop conscience, morality, values ?Develop social attitudes ?Phisical devt. -Height,weight,body proportion,body build, 1-2 Teeth-permanent teeth ?Emotional and social devt. ?Personality devt. -family-ordinal position-decipline, school-techers adjestment, society-socioeconomic status, culture-social pestige. ?Adolescence11-18 ?puberty ?State of growth ?State of maturation ?Co ncerns about physical changes, egocentrism ?Psychological- good look & grooming ?Social changes- peer influence ?Social groupings- close, crowds, organised, gangs ?Family relationship- generation gap, cultural gap, identity crisis, frictional, ? Personality changes-pleasing, ideal,maturity individuality, ? Social changes

PRODUCT REASSESSMENT Research Paper Example | Topics and Well Written Essays - 1250 words

PRODUCT REASSESSMENT - Research Paper Example This paper focuses on providing a plan to reposition dial-up internet services to a new target market. This could in essence mean a new use for dial-up internet service. Repositioning and Target market For dial-up internet service providers such as NetZero and America Online to regain their internet market share, there is a need for such providers to conduct product repositioning. This will require that these providers change the identity of their product in relation to that of their competitors. Dial-up service providers need to identify new loopholes in their market and promote their product based on a new criterion (Morley & Charles, 2012). Broadband internet providers have taken a large chunk of the market share and appear to make the dial-up internet outdated. Broadband internet providers offer higher internet speeds to its customers and at a higher cost than that of dial-up internet providers. Despite the apparent takeover by broadband internet, many areas remain without intern et connection. This gets attributed to factors such as location, population, profitability, and cost of setting up infrastructure by internet service providers (Morley & Charles, 2012). ... According to Pew Research center (2012), 81 % of American adults have access to the internet. Sixty six percent of those who have access to the internet from home use broadband connection. According, to the research center, 95% of teens have internet access (Joannna & Lee, 2012). The Pew research center indicates that only 3% of Americans with home internet access use dial-up services. Among the 3% who still use the dial-up internet, price got given as the main reason for not switching to broadband connection (Joannna & Lee, 2012). The US census bureau indicates that dial-up internet service use is high in states such as Maine, Alaska, Arkansas, Mississippi, Vermont and West Virginia with over 5% of households in these states using the dial-up internet. With these current demographics on the dial-up internet accessibility, effort should get geared at increasing the current 3% of the dial-up internet users in the market (Joannna & Lee, 2012). Research needed to reposition dial-up inte rnet services Dial-up service providers need to reposition dial-up services to maintain unique innovations not found with other broadband or mobile providers currently offering Internet services. When a brand gets to provide consumers with perceptions of self-expansion, they are more likely to be loyal. Major dial-up providers still holding onto the dial-up business model should be looking for opportunities to expand services, such as including free or reduced home line telephone services as a means of incentivizing purchase. By expanding into home phone service, dial-up marketers can regain some ground on lost revenues that occurred as a product of competition and changing social and professional lifestyles. Dial-up marketers could utilize

Write an essay to incoming freshman about plagiarism

Write an to incoming freshman about plagiarism - Essay Example Deliberate plagiarism includes summarizing or paraphrasing another person’s ideas without indicating where they come from. Accidental plagiarism on the other hand occurs when one forgets or unknowingly omits quotation marks around a passage that was copied word for word. If other people’s words are used; the words must be put in quotation makes and a citation of the source made (Nelson and Stepchyshyn, 60). When one plagiarizes his/ her work, they cheat themselves as they will not know how to write out their thoughts in their own words and they will not receive specific feedback from their instructors geared to ones needs and skills. Plagiarism affects the value of one’s degree and can diminish the worth of a diploma. If students work is found to be plagiarized, the professor of the course gets to determine the penalty and one of the most severe will include getting a fail in the course in not an expulsion from school (Nelson and Stepchyshyn, 60). Plagiarism is considered to violate the code of academic conduct and it can lead to dismissal or suspension. Taking or using other people’s property (work) without giving them credit is considered as copyright violation which can lead to damages and draws hefty fines or punitive jail terms (University of California and

POLITICS Essay Example | Topics and Well Written Essays - 1500 words

POLITICS - Essay Example Although there are definitely many advantages to the structure of the political system in Britain, there has been great controversy and debate over the questionable matter of why center parties have failed to have more of an impact on British electoral politics, in particular since the start of the 1940s. In response to this, there are various issues that need to be taken into consideration, and the aim of this paper is to further discuss this matter, as well as the reasons and situations which can be used to explain this troubling situation. This is what will be dissertated in the following. The arrangement of government across the United Kingdom in general is considered as being rather complex and confusing. Presently there are some areas in England that are covered by parish councils, while many others, namely community councils, exist in Scotland and Wales. This is certainly nothing new, however, as British local government has been subject to major restructuring since as far back as the early 1940s. Prior to the mid-19th century, the Whigs and Tories pretty much dominated politics in Britain, the Whigs having been associated with the newly emerging industrialized classes, the Tories more with the landed gentry. The Whigs are often described as being one of the most popular political parties ever to reign in Britain, and although they were certainly present in the 1940s, they did not truly evolve until the late 1980s. The Whigs and Tories basically dominated the political scene until around 1920, which was about the time that the Liberal Party began to decline in ter ms of its popularity, and the Labour Party then stepped in to sort of take their place here, and since that point in time, it has been the Conservative and Labour Parties who have held the title of political domination in Britain. The Conservative Party is actually the second largest political party in the UK today, and as well the oldest in UK history. In regards to current policies, conservatives are "generally supportive of reduced government intervention in most matters. They are also noted for stance against further EU integration Conservatives hold a varying record of opposition and support on parliamentary devolution to the national the English regions of the UK. They opposed devolution to Wales and Scotland in 1997, whilst supporting it for Northern Ireland." (The British Journal of Politics and International Relations, 2006). The Labour Party, on the other hand, has been recognized as the principal party of the left in Britain since the late 1920s, and it is also known for being the largest party in the Welsh Assembly. Although these center parties do certainly still have an effect on British electoral politics, it has easily been recognized that this effect is much less impacting than it was a half century ago, and this issue is quite obviously one of great importance and necessity. The problem with party finance is one issue in particular which is considered as having played a major role in this situation, and the study of party finance as well as the resulting consequences are thus critical to take into account here. Parties have been continuing to spend more and more money over the years, and this has resulted in causing a number of different problems, in response to which several bills have actually been passed. One in particular

Organizational Culture Assignment Example | Topics and Well Written Essays - 2500 words

Organizational Culture - Assignment Example Center of discussion in this paper is organizational culture as a â€Å"set of shared beliefs and experiences that essentially defines the identity of an organization and ultimately guides its behavior†. Today, most organizations are reconsidering and reconstructing their organizational culture for it is perceived as one of the important determinants of success in terms of influencing individual behavior. Furthermore, the culture’s role in the organization is indispensable because it is a lifetime result of weaknesses, strengths, failures, and experiences of people. In fact, it is frequently cited in the different versions of cultural studies that if an organization is planning to implement a change process, it must first understand its organizational culture because failure to do so will make the process unsuccessful. This idea was seconded by the study of Kotter and Heskett when they presented that organizational culture is one of the barriers in implementing a succes sful organizational change effort because culture or experiences are learnt over many years. In addition, a company’s invention or development of systems or procedures will too often fail because â€Å"cultures do not support the newly learned concepts, values, or assumptions†. â€Å"Generally, culture studies are conducted at different levels of analyses (for instance, organizational versus societal) using different methodological approaches (conceptual, quantitative, and qualitative) and a variety of associated constructs†.... Moreover, the positive relationship between culture and performance is supported by several research studies (Peters & Waterman, 1982; Denison, 1996; Marcoulides & Heck, 1993). Culture is also considered as a strong competitive advantage; thus, beliefs, values, attitudes, and behaviors of people in an organization are highly regarded (Alvesson & Sveningsson, 2008, p.3). For example, if business practices are not aligned with the corporate culture, profits will fall, wider range of facilities will not be fully utilized, and there will be no unity and cooperation in the organization. Theories and Conceptual Models in Defining the Style of Management Organizations are expected to be proactive with their actions or strategies and update them based on current market trends. However, changing an organizational culture is a complicated process because of the concept’s nature wherein â€Å"the stronger the culture, the more resistant it is to any form of change† (Kaliprasad, 20 06, p.29; Thompson & Luthans, 1990). Therefore, the organization’s greatest challenge is to create a strong and powerful culture, which is at the same time susceptible to environmental disturbances (Schein, 1992). Thus, several culture theories and models are proposed to have a good or in-depth understanding of the increasing perception that organizational culture and success/effectiveness have a positive linkage. These associated models and cultures are also created to determine the different aspects of culture in different analyses, approaches, forms, and dimensions, particularly in organizational behaviors. Edgar Schein’s Model of Organizational Culture and Leadership (1980s). Having a powerful and flexible organizational culture is considered

Criminal Justice Ethics Essay Example | Topics and Well Written Essays - 1500 words

Criminal Justice Ethics - Essay Example However, from the My Lai outrage at the height of the Vietnam war in the 1970s to the Guantanamo Bay horrors more recently, American law-enforcement authorities have behaved as though they are a law unto themselves and, therefore, not subject to the laws of the land; worse, the government has often tried to get round the judiciary to help the offenders get away with their crimes. Little wonder, therefore, that our true national heroes are the likes of Hugh Thompson who, at the height of the My Lai massacre, had saved the lives of children by holding guns to the heads of his compatriot soldiers committing cold-blooded murder, and later admitted as much. But this individual act of heroism was more than neutralized by the brutality with which an uprising by inmates of Attica Correctional Facility in western New York was put down, the racial bias exhibited at the Pelican Bay prison, and the killing of Dilawar, a taxi driver, in Afghanistan as shown in the documentary "Taxi to the Dark Side", and the FBI's complicity in the plot to have Joseph Salvati sentenced to imprisonment for 32 years on a false charge of murder to protect Mafia murderers in Boston who really were its own informants. Saving Grace The saving grace came as recently as on June 15, 2008, when the Supreme Court dismissed as specious the argument of the Bush administration that in wartime it should be deemed to have the right to exercise of what really were extra-judicial powers, circumventing the constitutionally established judiciary.

Research topic related to intelligence collection Paper

Topic related to intelligence collection - Research Paper Example Proper intelligence is an inevitable component of the defense system of all governments in the world to evaluate the threat by external as well as internal elements and to protect their countries from exposure to attacks by terrorists. In this context, the development of technology is a crucial factor for enabling nations to monitor and exercise surveillance over the activities of various organizations that sponsor and promote terrorism and other subversive activities. Intelligence collection is a process of â€Å"collection, processing, integration, evaluation, analysis and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements or areas of actual or potential operations† (Forcese 2011, 181). For obtaining such intelligence and to ensure the safety of their citizens, countries deploy modern technology. The effective collection of intelligence by the US government through Unmanned Aircraft System has enabled the cou ntry to attain a high level of operational success in the global war on terror. Human history, right from its initial stage has evidenced the use of human intelligence for the purpose of obtaining the movements of their enemies for preparing for offensive tactics in wars. Similarly, in order to fight terrorism, countries also need to collect intelligence on various terrorist organizations and evaluate their strategies for offensives to properly counter the problem of terrorism. In his message to war fighters, Joseph Reynes Jr., Major General USAF, states that proper surveillance can facilitate the â€Å"prediction of an adversary’s behavior and the formulation and execution of preemptive activities to deter or forestall† offensive attempts by such adversaries (Commander’s Handbook for Persistent Surveillance 2011). This handbook has been developed with an intention to provide an overview of the present systems of surveillance as well as discusses future needs for

Job Outsourcing Essay Example | Topics and Well Written Essays - 750 words

Job Outsourcing - Essay Example However, the opponents of the view that job outsourcing has positive effect on the US economy argue that hiring people outside the US significantly affect the US economy in a negative way as it strips many Americans of jobs (Kehal, 2006). It is in the light of these arguments that this paper will discuss how job outsourcing exactly affect the US economy. Both sides of the debate have valid points. Ching (2009) observes that studies have shown that outsourcing has contributed to the loss of employment opportunities in the US. This has had detrimental effect not only to those who are minimally qualified for employment, but also to those who have the skills because even skilled labor jobs are being outsourced to other countries (Hira and Hira, 2005). Availability of fewer jobs for unskilled and skilled workers due to job outsourcing has dire economic consequences to the US economy, especially in respect to increasing the levels of poverty and reducing tax revenues and consumer spending. Kehal (2006) argues that while job outsourcing may help companies to reduce costs, it may have detrimental effect on the companies in the end. This is because availability of fewer jobs due to outsourcing reduces spending power of the consumers, thereby reducing companies’ revenues (Hira & Hira, 2005). ... This outcome has a direct effect not only on the federal and companies’ spending, but also on the US economy in general. Job outsourcing also helps to lower the wages and this means that companies will be able to do production with less expense, thereby transferring benefits to the consumers (Kehal, 2006). This is the point that the supporters use to dispute arguments that job outsourcing reduces the availability of job opportunities. They argue that lower prices will lead to increased consumer spending, and that companies will be in a position to hire additional workers in the United States because they will be paying fewer wages for workers outside the country (Ching, 2009). It has also been argued that job outsourcing positively affects the US economy as it gives jobs to people in less developed countries, which improves their economies. As a result, the US is able to increase trade and investments with these countries, therefore promoting the US economy (Kehal, 2006). Besi des, job outsourcing increases the ability of the less developed countries to pay back their debts to the US, which not only promotes better political relationship, but also sustainable economic cooperation and improvement (Wood & Maniam, 2009). However, it has been argued that job outsourcing tend to deteriorate the economic and political relationships with the less developed countries. This view is informed by the argument that not all people in the countries where job outsourcing is done benefit economically from the process. Some of the companies have been accused of not providing humane working conditions (Ching, 2009). In some cases, for instance, outsourced work may be performed in inhumane working

Analysis of the Credit Card Industry in Turkey Essay Example for Free

Analysis of the Credit Card Industry in Turkey Essay The current Turkish government is very pro western and secular, however its divided religious loyalties, issues surrounding Greek sovereignty rights and fundamentalist groups threaten the expected 5 year stability of this administration. Government involvement in banking The Turkish Government has a history of involvement in banking affairs which is of concern to international investors. The Turkish state owns and finances a number of its banks and provides artificial stability to the banking system through state funded initiatives. The Government has also tailored wages in line with inflation rates e. g. minimum wages rates. With recent IMF intervention the long term plan for Turkey is still not absolutely clear. EU Membership The Turkish Government is pro EU membership and this is potentially the biggest paradigm shift on the horizon for Turkey’s financial system, this factor is further dealt with as a key driver. Economic †¢ Interest Rates Low interest rates in Turkey fuel loan take-up and have caused increase in credit card issue. Historically higher interest rates led to more widespread loan default and meant that less switching occurred as consumers were â€Å"tied† to provider. Economic growth in Turkey, with higher levels of middle and upper income, urban dwelling professionals and better access to continuing education has undoubtedly increased credit card take-up. (This could also be construed as a social factor). †¢ Global financial crisis The effects of the global financial crisis will have a major effect on banking restrictions to lending and credit availability in Turkey. Turkey’s export markets will be likely affected by the ongoing crisis which has a major effect on GDP which in turn affects spending power. Social †¢ Higher standard of living Higher standards of living among consumers have a beneficial knock on effect for credit cards issuers. In Turkey 7. 5% of GDP is invested back into education thus consumers are more financial savvy. †¢ Urban/Rural Divide Urban dwellers have a much higher likelihood of credit card use given their potential for access of issue and probability of a regular wage earning role. As the economy develops Turks are increasingly moving off the land from poorly paying seasonal work to the cities that offer a better chance of regular income and personal development. Technology †¢ E –Commerce Worth in excess of 2 billion euro to the economy and with 16 million people accessing the internet E-Commerce is a huge growth area and potential distribution channel for the credit card industry. It is also a medium for information driven purchasing through advertising potential and its access is furthered through telephone technology integration. †¢ SMART Cards The security afforded to the credit card industry through use of SMART cards has a beneficial affect on usage through; 1. Increased level of merchants accepting the facility 2. Security for use in Internet Cafes (here large numbers access the internet) 3. Security of service has become a battleground for competition among issuers Coupled with the above technologies, the explosion in EPOS facilities mean more access to products and services through credit card use, homogenising the myriad of potential transactions and benefiting both consumer and merchant. ATM’s also have further facilities to enhance the benefits of using plastic such as bill pay, mobile kiosks etc. Legal †¢ Intervention of Government/Key official Institutions There have been widespread changes in the law in Turkey affecting the credit card industry such as; 1. Restriction on credit card limits . Illegality of altering terms without informing consumer 3. Increases in minimum payment required 4. The Central Bank’s lowering of the interest rate cap 5. Loosening of the frameworks around mergers and acquisitions All of these interventions alter the attractiveness of the market for the credit card industry, which was historically fraught with lack of reg ulation and anti-consumer practises. Identify the 4 KEY DRIVERS FACING THE CREDIT CARD SECTOR 1. Technological Advances 2. State Intervention in Financial Affairs 3. EU membership 4. Rural-Urban Migration Technological Advances The rapidly advancing technology in the field of mobile payment will have a lasting effect on the credit card industry. Companies that can stay ahead of the game with new technologies in security, risk management and will be best placed to benefit from increased A physical â€Å"credit card† is really only a vehicle to hold a magnetic strip containing coded information. In terms of technology this is already quite dated; †¢ Already systems are designed to â€Å"swipe† a card on a merchant’s mobile phone, this will allow for a myriad of services which will no longer require cash transaction e. g. street traders. Advances in retina scanning technology are also at an advanced level and it is envisaged that the future of mobile payments may be through facial recognition or retina scanning. †¢ Other technology such as what is used in â€Å"The Baja Beach Club in Barcelona† where they inject a rice-size â€Å"VeriChip† RFID device into the wrist or upper arm of its patrons whom pay by swiping their arm – adapted from http://www. creditcards. com/credit-card-news/credit-cards-of-the-distant-future State Intervention The level of further state intervention in Turkey’s financial affairs will be a key driver in Turkey’s future credit card success or decline. As we have seen, moves by the government to regulate the industry have impacted on the potential earnings of the banks through lowering interest rates. In turn this type of regulation has stabilised the markets and led to economic growth which impacts positively on numbers of consumers available to the sector. Whether the current â€Å"Republican Democracy† in Turkey will be in power going forward is obviously of importance to this argument. With elections due in 2011 the future of state intervention in banking affairs is unclear. EU Membership Turkey becoming a full member of the EU will be another key driver in the credit card industry. EU entry will mean the freeing of trade and access to a further 500 million consumers. It is most likely that Turkey would be a more attractive market for global companies, of interest here, financial organisations who would be attracted by the large numbers of â€Å"unbanked† consumers and those who see Turkey strategically as the gateway to Eastern markets. The credit card market would likely become much more competitive with new entrants who would most likely look to merge with/acquire existing indigenous banks. Rural-Urban Migration According to the case study the majority of people in the rural areas of Turkey tend not to be credit card users. As the economy improves larger numbers of rural people (especially male) will likely move towards the larger urban centres to participate in the industrial or service sectors. This in turn leads to greater numbers with the potential to use credit cards, in turn offering greater numbers of potential consumers to the sector. SECTION 2 – Porters 5 Forces 2. Use the five forces framework to identify the forces affecting the Turkish credit card sector a. Graphically illustrate the five forces (see overleaf) b. Draw conclusions from the 5 forces analysis to explain; 1. How attractive the sector is I consider the Turkish credit card sector to be an attractive market for a large multinational e. g. BNP or Barclays to enter. From my analysis I have concluded that consumers are fragmented and suppliers are concentrated. Rivalry is high, yet only among 4 suppliers, considering rivalry in an industry such as haulage this must be considered attractive. Capital requirements of entry are high, but not on the scale of industries such as mining might be. Economies of scale and experience exist, however for companies already in credit card markets in other countries by no means insurmountable. The threat of substitutes is relatively low as the credit card holds a relatively niche position. Product differentiation/loyalty is low among existing consumers; good offers would attract new business, as would strong internet presence. Turkey has; â€Å"40 percent of people who are bankable based on their socio-economic status and age in Turkey are still â€Å"unbanked,† having no accounts with any banks in Turkey â€Å" (www. mckinsey. om/clientservice/ /Credit_Cards_in_Turkey. ashx) This data identifies a large section of the Turkish population who are potential consumers for a new entrant; therefore the market could potentially grow significantly for all players involved. 2. How the competitive forces are changing/may change The competitive forces are currently changing most notably in areas such as consumer access to information. More widespread access and use of the internet will drive further competition in the market through portals such as comparison websites, industry reviews etc. This will ultimately increase bargaining power of consumers, leading to decreased profits for suppliers. EU accession would alter the competitive forces among the major players currently in the sector. Interest rates set by the ECB, participation in the single currency etc. would have a significant impact on the state financed banking institutions and would alter their relevance. One would suspect that in a free market system the Turkish government would relish the opportunity of divesting the burden to international organisations to increase competition. With increased market stability and better financial education, consumer’s use of substitutes may extend to less expensive forms of credit such as personal loans. Coupled with better economic conditions consumer’s use of debit cards may also increase; given that currently lower income workers struggle to maintain a balance sufficient to cover their living costs. 3. How the sector may change to reflect changing forces The credit card sector can move more of its marketing budget toward E-Marketing and target new and younger consumers through this medium. MBNA have used this marketing channel very successfully in the past. In order to combat increased uptake of personal loans and increased use of debit cards the credit card sector may look at collective lower interest rates, better offers through loyalty bonuses and customer kickbacks and better education of its customers as to how to better use their credit cards. In order for the credit card sector to prepare for increased competition post EU accession it may look to further differentiate its offerings to appeal to the Turkish people e. g. align the credit offering with cultural values or emotions. It might be necessary to offer further services aligned to credit cards such as life insurance to augment and differentiate the offering. 3. Scenario Planning Scenario 1 â€Å"Renewed Political/Terrorist Violence in Turkey† In recent years, terrorist bombings some with significant numbers of casualties -have struck religious, political, and business targets in a variety of locations in Turkey. The potential remains throughout Turkey for violence and terrorist actions both by transnational and indigenous terrorist organizations such as PKK, . Revolutionary Peoples Liberation Party/Front (DHKP/C) and AlQa’ida. Adapted from http://www. eubusiness. com/europe/turkey/invest) Given Turkey’s increasing dependence on foreign direct investment a return to more concerted campaign of political violence would spell disaster for the credit card industry. Large financial corporations, especially US owned would be deterred from entering the market, or potentially pull out of t he market thus decimating competition. Access to sources of international credit and lending would dry up therefore affecting consumer’s ability to purchase products and services on credit. Turkey’s export market would potentially be destroyed as Western nations would deter from transacting in case monies were being skimmed to fund further terrorist activity. This would further lower the GDP of the country affecting the spending power of consumers in turn negating the need for credit cards. Further knock on effects of violence include the loss of capital Governments have available to invest in its economy, on education and infrastructure. Government capital would have to be spent on further military and security projects. The tourism industry, a huge earner for Turkey would be decimated as travelers would fear the threat of violence. The black market economy would thrive under such conditions and regular banking functions would significantly cease with many consumers using cash/barter systems of attaining needs. With respect to the Credit card sector, this scenario would be highly detrimental to its future, as consumer confidence in the financial service sector would be decimated. The sector would have to pour vast resources into transaction security and marketing the brand safety and correct usage policies to consumers. Default numbers would likely increase due to instability and escalating interest rates. Scenario 2 â€Å"Turkey Gains Full EU Membership† â€Å"The EU is committed to supporting Turkey in its path for membership. The initial objective of EU financial support towards Turkey was the extension of an area of peace, stability and prosperity within and beyond Europe. Once the Union accepted Turkey as a candidate, financial assistance began to focus on supporting Turkey in its preparation for EU membership† http://www. eubusiness. com/europe/turkey/funding A study on the EU (http://europa. eu/rapid/pressReleasesAction. o) reported the following economic benefits of a country joining the EU; 1. An average of 2. 15% increase in GDP 2. Exchange rates for Turks travelling through Europe would be eliminated, as would the potential damaging effects exchange rate swings have on Turkish exports. I would assume that the credit card sector would become significantly more competitive in the light of EU membership therefore the sector would have to increase its marketing and branding spend, but would have a larger pool of consumers to choose from.

Security Incident Handling Service

Security Incident Handling Service EXECUTIVE SUMMARY 1 INTRODUCTION Expect the unexpected. As soon as a crisis erupts, it should be immediately handled to reduce its potential impact on critical business operations. Such undesirable incidents occur unanticipated and when they do take place, damage or harm is the result. In most aspects of life, it is better to stop something disastrous happening than it is to deal with it after it has happened and IT security is no exception. If possible, security incidents should be dealt accordingly from occurring in the first place. Yet, it is unachievable to prevent security incidents. When an incident does happen, its impact needs to be brought down to adequate recommended level. Security incident handling outlines the actions to follow in an event that an electronic information system is compromised. An event is declared an incident when the confidentiality, integrity or availability (CIA) elements of a system is compromised. Significant commodities such as information and knowledge must be safeguarded at all c osts. Communications within an organization and its interactions to its customer base are regarded as the life blood in this IT intensive fast paced world. If an organization is inoperative for any period of time, it may cost millions in lost business or loss of reputation. Size of an organization does not matter. Unexpected downtime influences organizations of all sizes impacting revenue, customer satisfaction and overall production. It is vital that they quickly recover from such downtime and restore operation and re-establish their presence to ensure survival. Consequently, many firms have realized the importance of setting up incident handling procedures. One of the drawbacks is that many organizations learn how to respond to security incidents only after suffering from them. In the course of time, incidents often become much more costly. Proper incident response should be an integral part of the overall security policy and risk mitigation strategy. Incident handling procedures that are in place in an organization improves to maintain the business continuity of critical operations. In todays competitive economy, a company cant afford to cease critical business operations and remain idle for long period of time because of lack of incident handing procedures. Thus, an organization needs to be well prepared for continuity or recovery of systems. This typically requires a considerable investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event. The goal of setting up incident handling procedures is to know exactly what to do when an incident breaks out. This means anticipating scenarios before they occur and making appropriate decisions about them in advance. Those assessments typically demand consultation and senior management support, hence these people are needed early immediately after an incident has been confirmed. For example, just deciding who to tell when an incident occurs can be hard to determine. Manageme nt needs to provide input to respond quickly and this embarks into issues like after hours support and mixed project/support roles. External support may also be sought, resulting in additional cost, time and effort to select partners. 1.1 PURPOSE OF THE DOCUMENT This document provides guidance to identify and record the nature and scope of a computer security incident handling service. This paper discusses the functions that support the service, how those functions interrelate and the tools, procedures and roles necessary to implement the service. It also concentrates on incident analysis. For example, we can make a comparison between a fire that broke off in an apartment and a computer security incident that happened in an organization. Similarly as a fire department will investigate a fire to know where it originated from, a Computer Security Incident Response Team (CSIRT) tries to figure out how the security incident occurred. Both the fire department and CSIRT operate in the same approach. A fire department needs to get along with other fire departments on it can depend on for additional support in peak times or to tackle a serious catastrophe. It must cooperate with other emergency units to react promptly and provide law enforcement. Th is document will discuss how CSIRTs interact with other organizations, such as the department that reported the security incident to it, other CSIRTs, law enforcement and the media. Both fire department and CSIRT need to properly handle information, some of which is sensitive and relevant to the individual held responsible for the crime. Information handling is considered to be an indispensable discussion subject in this paper. CSIRTs propose client confidentiality in the same manner that many emergency units do, safeguarding reporters and victims from public disclosure. CSIRT survival depends on handling confidential information appropriately, because if it cant be trusted, nobody will report to it, thus making it almost useless. CSIRTs have committed permanent staff as well as part-time, volunteer staff and reliable security experts to handle an unexpected security emergency. Its staff is at the frontline in event of a crisis, CSIRT achievement depends on their interaction with th e outside world and the image that they project by the way of performing their duties and the service quality that they provide. To attain such high level of success, recruiting suitably competent staff seems to be a complicated process. People in charge of appointing CSIRT staff mistakenly look for unsuitable set of talent and ability in prospective employees. For that reason, this paper discusses staffing and hiring concerns and actions to guarantee that CSIRT staff offer reliable, pleasant and specialized service. Other services besides the incident handling service, such as the supply of intrusion detection assistance and vulnerability handling are also provided by CSIRT. The information in this paper is understandable in such a manner that is basic to the reader to put it into operation to any type of CSIRT setting, from in-house team for a company to an international coordination center. This document is intended to present a valuable foundation to both recently created teams and existing teams where there is a lack of clearly defined or documented services, policies and procedures. This paper is more appropriate to use during the early stages when a company has acquired management support and funding to set up a CSIRT, before the team becomes operational. Moreover, this paper can be still a valuable reference document for already operational teams. 1.2 INTENDED AUDIENCE The general CSIRT community who may require a better knowledge of the composition and objectives of their existing teams will benefit from this document. It also targets individuals and organizations who are likely to join the CSIRT community in the near future. It is precisely aimed at managers and other personnel who take part in the process of setting up and leading a CSIRT or managing incident crisis. The list may include Chief Information Officers, Chief Security Officers and Information Systems SecurityOfficers Project leaders and members in charge of creating the team CSIRT managers CSIRT staff IT managers [1] Higher management levels and all CSIRT staff can use this paper as a useful reference. This document can also be utilized by other individuals who work together with CSIRTs. This may include members of the CSIRT constituency law enforcement community systems and network administrator community CSIRT parent organization or other departments within the parent organization such as legal, media or public relations, human resources, audits and risk management investigations and crisis management [2] 2 MAIN CONTENT Definition of Security Incident The Information Security Management Handbook defines an incident as any unexpected action that has an immediate or potential effect on the organization [3]. Whenever the safety and stability of an information system is compromised, such instance can be referred to as a security incident. There are several different definitions of security incidents; one is A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices [4], another definition describes the security incident as any event that may threaten or compromise the security, operation or integrity of computing resources [5]. In other words, a security incident is a state of violation of security policy in an organization and the security of their information system. Security incident refers to a common term that encompasses any type of security breach regardless of location, the level of the threat or the magnitude of it. The commonly known factors of security incidents are events and actions that expose one or more basic elements of information security: confidentiality, integrity and availability (CIA) of information systems. An incident can be caused by authorized or unauthorized personnel, process, hardware or software. It can be an accident as well as a planned malicious action. Handling security incidents In the course of a crisis, time runs short in terms of about what to do, who will do it or how it will get done, therefore it is vital to arrange for a response in advance. The better prepared you are for an incident, the more likely you are to respond correctly. Proper set-up of an incident handling procedure can help to lessen impact of undesirable incidents. The objective of such procedure in place is to provide a framework for an orderly, coordinated response by appropriate resources within the organization. It is in a companys own benefit that it establishes a Computer Security Response Capability, a process that provides centralized response and reporting functions for security incidents. According to (Computer Security Incident Handling Guide, National Institute of Standards and Technology, March 2008), establishing an incident response capability should include the following actions: Creating an incident response policy plan Developing procedures for performing incident handling and reporting, based on the incident response policy Setting guidelines for communicating with outside parties regarding incidents Selecting a team structure and staffing model Establishing relationships between the incident response team and other groups, Determining what services the incident response team should provide Staffing and training the incident response team The â€Å"Cyberthreat Response and Reporting Guidelines† report, jointly approved by the FBI and US Secret Service recommends that the better equipped a company is in the event of a security event, the better probability it has to reduce the impact of the crisis. This recommendation is actually one of the chief responsibilities of a CSIRT, to be well organized to successfully cope with an incident when they happen and to help prevent incidents from occurring in the first place. As a starting point, the team should have a strategy plan for incident handling. This plan should be supported with documented policies and procedures. According to (State of the Practice of Computer Security Incident Response Teams, October 2003), the incident response plan identifies the mission and goals of the team, the team roles and responsibilities; the services provided; and policies, procedures, processes, and guidelines related to incident handling. The incident response plan is not only inten ded for CSIRT employees, but also for community that they serve. From that viewpoint, both parties should be proficient about what to report, how to report it and to whom it should be reported. The plan should also describe the expected level of service that is reasonable. Staff who is accustomed with computer security incidents recognize the fact that these incidents vary in shape and size. Some are quite uncomplicated, easy to cope with and mitigate while other are extremely severe and very complicated or can have harsh impact on IT systems and necessitate proper authority to respond to effectively. In the event of a crisis, adhering to the plan in place will facilitate the organization to promptly isolate disruption cropping up on IT systems or networks as well as to assist to counteract to such events. It may alleviate potential risk such as loss of company reputation, trust or financial status. For existing CSIRTs who dont have a robust plan, they can still manage with some bas ic guidelines. They can make use of their current incident handling procedures as a guideline, in the meantime they can revise their existing documentation. They can rely on those basic guidelines namely the plan to handle incidents, areas of responsibility, general and specific procedures. Other typical guidelines can include an incident response checklist as well as procedures for what type of activity to report and how that information should be reported. A company needs to take into consideration several factors prior to planning an incident response capability. They include introducing a point of contact for reporting incidents pinpointing the aims and objectives of the team distinguishing and selecting the staff and necessary expertise offering direction for reporting and handling incident reports allocating proper security awareness and incident response training for CSIRT staff launching and promoting specific incident handling and security policies and procedures for the CSIRT exposing lessons learned with other colleagues designing a benchmark to monitor the effectiveness of the CSIRT devising strategy to allow coordination between the CSIRT and internal and external parties Organizations or the team typically approve policies and record them. It is crucial to know what these policies consist of and to ensure that they are properly implementable, enforceable in the workplace. Like the mission statement, senior management approves and enforces policies. The policies need to be openly expressed and well understood by each team member, technical, management or administrative. It will be a difficult task for the staff to appropriately execute and carry out their duties without a clear understanding of the policy. In order to write a clear policy, it is best to avoid excessive jargon. Whenever possible, consult someone who is not in security or IT to examine the policies. Rephrase the policies if not understood. Use very short sentences. A good policy is a short one. A security policy should be concise, well segregated between the management aspect (the policy) and the operational aspect (the procedures). Moreover, a policy must be both implementable and enfo rceable, or else it doesnt have any purpose. It is easier to implement a policy if it is well designed and relevant to the needs and goals of the CSIRT. Truly effective policies address genuine needs within a business, making the staff willing and even eager to implement them because they make operations smoother and give the business added reliability. Top management should execute appropriate actions or steps to enforce a policy. Policies must be enforceable; otherwise they are of little or no value. Usually when a policy ismplementable, it is normally also enforceable unless it contradicts itself. Concrete measures are needed to assess the usage of the policy. Example: An example of a contradictory policy is the security policy that ranks internal information security as priority number 1 but at the same time ensures absolute privacy for its staff; the latter makes it hard or even impossible to enforce security in case of an insider threat. To successfully develop and implement s ecurity policies, top management needs to be involved in and strongly support the project (Lam, 2005). A proposal with a report of external and internal requirements and a draft assessing budget can easily persuade managers to support the development and implementation of a security project. Having management support and authorization can resolve money and time issues. These managers can allocate the required budget and allow sufficient time for development and implementation. In addition, top management has power to affect processes by requiring employees to participate (Kearns Sabherwal, 2006). How to Implement Security Policies Successfully The implementation phase probably is the hardest phase in the life cycle of developing and maintaining security policies. Many organizations fail in this phase. To effectively and efficiently implementing security policies, teams first need to resolve many issues. Lack of strong management support (Fedor et al., 2003; Lam, 2005), lack of budget (Kearns Sabherwal, 2006; Martin, Pearson, Furumo, 2007), lack of implementation time (Walker Cavanaugh, 1998), lack of strong leadership (Fedor et al., 2003), lack of awareness of benefits of implementing security policies—â€Å"why for† (Hansche, Berti, Hare, 2004)—, or ineffective communication with users (Jackson, Chow, Leitch, 1997; Walker Cavanaugh, 1998) may cause problems. Resolving all of the above issues can help in successfully implementing security policies. Computer Security Incident Response Team (CSIRT) A team is a focal component of incident response plan, policy and procedure creation so that incident response is dealt effectively, efficiently and consistently. The team should cooperate with other teams within the organization towards a central goal which encompasses the plan, policies and procedures. Outside parties such as law enforcement, the media and other incident response organizations can also be contacted. Computer Security Incident Response Team is regarded as the nerve center of an incident response plan. It is normally composed of a team manager, a management advisory board and other permanent and temporary team members. The temporary staff provides advice on technical, business, legal or administrative issues, depending on the nature and scope of the incident. The team assists the organization to identify and document the nature and scope of a computer security incident handling service. The team manager supervises labour of the team members, presents ongoing status i nformation to the Chief Information Officer (CIO) and other senior management and requests assistance on expert advice outside of IT department when needed. This role leader should be accustomed with computer security issues, the function of IT areas and staff, general company operations as well as the duty of other employees in the institution who may serve as resources for the CSIRT. Under challenging situations, the team manager must be able to coordinate teamwork with other staff and to deal properly with circumstances that necessitate discretion or confidentiality. The technical leaders role is to assess the characteristics and severity of an incident, propose recommendations on security control and recovery issues to the team manager and requests on additional technical resources if needed. This role should possess a broad understanding of operational and systems security. Other employees can join the team on a spontaneous basis and remain team members until closure of inciden t. Additional resources may be required to serve areas such as: law enforcement, legal, audit, human resources, public relations, facilities management or IT technical specialties. The table below shows a list of members who should be included in the CSIRT and their roles in the team. Table 1: Team members in IRT Source: table from page 4-2 of Incident Response Procedure for Account Compromise Version 1.2 2004 by Visa International Besides their technical expertise, CSIRT staff distinctive quality is their motivation and talent to stick to procedures and to present a professional image to customers and other parties working together with them. In other works, it is more convenient to appoint staff with less technical expertise and excellent interpersonal and communication skills and subsequently train them in a CSIRT-specific environment than vice versa. Communication of a team member who is a technical expert but has poor communication skills may brutally ruin the teams reputation while interactions that are dealt with competently will assist to improve the teams standing as a valued service provider. Possessing a broad range of interpersonal skills is significant since team members are frequently in contact with each other and other parties such as law enforcement, legal, human resources. T hus, these professional interactions that CSIRT employees adopt will influence the reputation of the team and special concern to an individuals interpersonal skills matters. Some interpersonal skills, required for incident handling staff, are listed below: logical judgment to formulate effective and suitable decisions in time of crisis or under pressure or strict time constraints effective oral and written communication skills for interaction with other parties discretion when dealing with the media aptitude to follow policies and procedures enthusiasm to learn new things challenge to work under pressure teamwork reliability to maintain teams reputation and status readiness to accept ones own mistakes problem solving skills to efficiently handle incidents time management skills for high priority tasks Apart from interpersonal skills, CSIRT staff should possess fundamental understanding of technology and issues on which they base their expertise. The following technical know-how is crucial for CSIRT staff: public data networks (telephone, ISDN, X.25, PBX, ATM, frame relay) the Internet (aspects ranging from architecture and history to future and philosophy) network protocols (IP, ICMP, TCP, UDP) network infrastructure elements (router, DNS, mail server) network applications, services and related protocols (SMTP, HTTP, HTTPS, FTP, TELNET, SSH, IMAP, POP3) basic security principles risks and threats to computers and networks security vulnerabilities/weakness and related attacks (IP spoofing, Internet sniffers, denial of service attacks and computer viruses) network security issues (firewalls and virtual private networks) encryption technologies (TripleDES, AES, IDEA), digital signatures (RSA, DSA, DH), cryptographic hash algorithms (MD5, SHA-1) host system security issues, from both a user and system administration perspective (backups, patches) [6] It is crucial that one division of the team possess a thorough understanding of the full range of technologies and issues used by the team. This contributes to expand and intensify the technical resource and capability of the team and train other team members through education and documentation. It also makes sure that the team can provide a full range of services. Besides an in-depth understanding of the technical skills listed above, the following specialist skills are required: technical skills such as programming, administration of networking components (e.g. routers, switches) and computer systems (UNIX, Linux, Windows, etc) interpersonal skills such as human communication, experience in presenting at conferences or managing a group work organization skills Obviously, a team will be unable to employ individuals who possess all the necessary interpersonal and technical skills. But there are opportunities to address such deficiency in those skills, such as training of staff to develop and retain such skills and support continuous progress. Hiring CSIRT Staff For any staff vacancy, the hiring process to select the most talented applicant is a complicated task. Even a candidate who appears on the surface to possess the right skill set might not be able to work within CSIRT setting. It is true when a crisis has been declared where the candidate may not be able to cope with the situation and inefficiently carry out their duties. Therefore, it is recommended to present the applicant to a hiring process, specifically designed to reveal the applicant strengths and weaknesses. Based upon the findings of the hiring process, the team will make up their mind to train the applicant in the specific skills that the candidate may require or decide not to employ the candidate. Compared to a regular hiring process, additional steps should be included in any CSIRT hiring process and they are: pre-interview document check pre-interview telephone screening interviews that cover topics from technical abilities to interpersonal skills candidate technical presentation reference checks, including criminal records The complete hiring process should be devised to detect potential employees who possess appropriate interpersonal skills and technical skills. Such candidates can undergo further training to acquire more competence. Before calling the applicant for a personal interview, the pre-interview document check and telephone screening determines in the first instance whether the candidate is an ideal match for the selection process. At this stage, more information is gathered about the applicants broad level of interest in computer security and other more specific details on items covered in his or her resume. The telephone screening will give a good impression of the candidates oral communication skills. Before CSIRT staff begin to interview potential candidates, its better to decide in advance what particular issues ranging from technical issues and ethical issues to social skills are most likely to be discussed during the interview process and select which existing staff are most suitable to talk about those issues with the candidate. Thus separate topic areas are covered by each of the various interviewers, saving any duplication of effort. Each interviewer will be in a position to review and consolidate feedback on the issues covered. Another strategy may be carried out where similar topics may be discussed by other team members involved in the interview process to agree on the candidates faculty about a particular topic and identify any weaknesses. To ensure proper recruitment, the applicant should have the opportunity to meet up with CSIRT team members through a lunch meeting or at the candidates technical presentation. A candidate, required to give a technical presentation, offers CSIRT an opportunity to measure other technical and interpersonal skills of the candidate. It also gives an idea how much common sense the candidate has and whether the applicant will be able to cope under stressful situations. Other qualities such as overall presentation skills, an ey e for detail, technical accuracy and ability to answer questions on the fly are also taken into account. After an individual has been appointed, there is also an enormous task to make them adapt to CSIRT. The new staff will need to undergo training for some period of time to get used to the CSIRT working environment as well as specific policies and procedures for the team. Some new recruits may be given access to limited information until relevant certificates or clearances such as government or military clearances are obtained. Staff training is compulsory in order to make the new recruits acquire the necessary skill level to take on their new responsibilities. Secondly, training is necessary to expand existing staff skills for personal career growth and overall team progress. Staff training also helps overall CSIRT skill set updated with emerging technologies and intruder trends. When considering the overall training needs of the team, it is necessary to spot out the overall skill s needed for each individual, as well as the common skill set required for the whole team. Obviously, new staff member should acquire immediate training in any deficient skills to perform effectively quickly. From a general viewpoint, the whole team should be assessed to determine any training that needs more attention to enlarge skill set exposure in the team. At the same time, this assessment focuses on an individuals skill set. Policies and procedures are a necessity and should be enforceable to support initial training of new team member and to guarantee ongoing training as policies and procedures get amended. Besides the interpersonal and technical skills discussed earlier, each team member should be trained in areas specific to the incident handling functions in a normal CSIRT work environment. Training should cover up the following issues: new technical developments CSIRT team policies and procedures incident analysis maintenance of incident records understanding and identifying intruder techniques work load distribution and organizational techniques Initial training is conducted through on-the-job training. Since incident handling profession is different in work nature from other professions, there is no formal educational path for CSIRT staff and limited documentation in the literature. Most printed materi Security Incident Handling Service Security Incident Handling Service EXECUTIVE SUMMARY 1 INTRODUCTION Expect the unexpected. As soon as a crisis erupts, it should be immediately handled to reduce its potential impact on critical business operations. Such undesirable incidents occur unanticipated and when they do take place, damage or harm is the result. In most aspects of life, it is better to stop something disastrous happening than it is to deal with it after it has happened and IT security is no exception. If possible, security incidents should be dealt accordingly from occurring in the first place. Yet, it is unachievable to prevent security incidents. When an incident does happen, its impact needs to be brought down to adequate recommended level. Security incident handling outlines the actions to follow in an event that an electronic information system is compromised. An event is declared an incident when the confidentiality, integrity or availability (CIA) elements of a system is compromised. Significant commodities such as information and knowledge must be safeguarded at all c osts. Communications within an organization and its interactions to its customer base are regarded as the life blood in this IT intensive fast paced world. If an organization is inoperative for any period of time, it may cost millions in lost business or loss of reputation. Size of an organization does not matter. Unexpected downtime influences organizations of all sizes impacting revenue, customer satisfaction and overall production. It is vital that they quickly recover from such downtime and restore operation and re-establish their presence to ensure survival. Consequently, many firms have realized the importance of setting up incident handling procedures. One of the drawbacks is that many organizations learn how to respond to security incidents only after suffering from them. In the course of time, incidents often become much more costly. Proper incident response should be an integral part of the overall security policy and risk mitigation strategy. Incident handling procedures that are in place in an organization improves to maintain the business continuity of critical operations. In todays competitive economy, a company cant afford to cease critical business operations and remain idle for long period of time because of lack of incident handing procedures. Thus, an organization needs to be well prepared for continuity or recovery of systems. This typically requires a considerable investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event. The goal of setting up incident handling procedures is to know exactly what to do when an incident breaks out. This means anticipating scenarios before they occur and making appropriate decisions about them in advance. Those assessments typically demand consultation and senior management support, hence these people are needed early immediately after an incident has been confirmed. For example, just deciding who to tell when an incident occurs can be hard to determine. Manageme nt needs to provide input to respond quickly and this embarks into issues like after hours support and mixed project/support roles. External support may also be sought, resulting in additional cost, time and effort to select partners. 1.1 PURPOSE OF THE DOCUMENT This document provides guidance to identify and record the nature and scope of a computer security incident handling service. This paper discusses the functions that support the service, how those functions interrelate and the tools, procedures and roles necessary to implement the service. It also concentrates on incident analysis. For example, we can make a comparison between a fire that broke off in an apartment and a computer security incident that happened in an organization. Similarly as a fire department will investigate a fire to know where it originated from, a Computer Security Incident Response Team (CSIRT) tries to figure out how the security incident occurred. Both the fire department and CSIRT operate in the same approach. A fire department needs to get along with other fire departments on it can depend on for additional support in peak times or to tackle a serious catastrophe. It must cooperate with other emergency units to react promptly and provide law enforcement. Th is document will discuss how CSIRTs interact with other organizations, such as the department that reported the security incident to it, other CSIRTs, law enforcement and the media. Both fire department and CSIRT need to properly handle information, some of which is sensitive and relevant to the individual held responsible for the crime. Information handling is considered to be an indispensable discussion subject in this paper. CSIRTs propose client confidentiality in the same manner that many emergency units do, safeguarding reporters and victims from public disclosure. CSIRT survival depends on handling confidential information appropriately, because if it cant be trusted, nobody will report to it, thus making it almost useless. CSIRTs have committed permanent staff as well as part-time, volunteer staff and reliable security experts to handle an unexpected security emergency. Its staff is at the frontline in event of a crisis, CSIRT achievement depends on their interaction with th e outside world and the image that they project by the way of performing their duties and the service quality that they provide. To attain such high level of success, recruiting suitably competent staff seems to be a complicated process. People in charge of appointing CSIRT staff mistakenly look for unsuitable set of talent and ability in prospective employees. For that reason, this paper discusses staffing and hiring concerns and actions to guarantee that CSIRT staff offer reliable, pleasant and specialized service. Other services besides the incident handling service, such as the supply of intrusion detection assistance and vulnerability handling are also provided by CSIRT. The information in this paper is understandable in such a manner that is basic to the reader to put it into operation to any type of CSIRT setting, from in-house team for a company to an international coordination center. This document is intended to present a valuable foundation to both recently created teams and existing teams where there is a lack of clearly defined or documented services, policies and procedures. This paper is more appropriate to use during the early stages when a company has acquired management support and funding to set up a CSIRT, before the team becomes operational. Moreover, this paper can be still a valuable reference document for already operational teams. 1.2 INTENDED AUDIENCE The general CSIRT community who may require a better knowledge of the composition and objectives of their existing teams will benefit from this document. It also targets individuals and organizations who are likely to join the CSIRT community in the near future. It is precisely aimed at managers and other personnel who take part in the process of setting up and leading a CSIRT or managing incident crisis. The list may include Chief Information Officers, Chief Security Officers and Information Systems SecurityOfficers Project leaders and members in charge of creating the team CSIRT managers CSIRT staff IT managers [1] Higher management levels and all CSIRT staff can use this paper as a useful reference. This document can also be utilized by other individuals who work together with CSIRTs. This may include members of the CSIRT constituency law enforcement community systems and network administrator community CSIRT parent organization or other departments within the parent organization such as legal, media or public relations, human resources, audits and risk management investigations and crisis management [2] 2 MAIN CONTENT Definition of Security Incident The Information Security Management Handbook defines an incident as any unexpected action that has an immediate or potential effect on the organization [3]. Whenever the safety and stability of an information system is compromised, such instance can be referred to as a security incident. There are several different definitions of security incidents; one is A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices [4], another definition describes the security incident as any event that may threaten or compromise the security, operation or integrity of computing resources [5]. In other words, a security incident is a state of violation of security policy in an organization and the security of their information system. Security incident refers to a common term that encompasses any type of security breach regardless of location, the level of the threat or the magnitude of it. The commonly known factors of security incidents are events and actions that expose one or more basic elements of information security: confidentiality, integrity and availability (CIA) of information systems. An incident can be caused by authorized or unauthorized personnel, process, hardware or software. It can be an accident as well as a planned malicious action. Handling security incidents In the course of a crisis, time runs short in terms of about what to do, who will do it or how it will get done, therefore it is vital to arrange for a response in advance. The better prepared you are for an incident, the more likely you are to respond correctly. Proper set-up of an incident handling procedure can help to lessen impact of undesirable incidents. The objective of such procedure in place is to provide a framework for an orderly, coordinated response by appropriate resources within the organization. It is in a companys own benefit that it establishes a Computer Security Response Capability, a process that provides centralized response and reporting functions for security incidents. According to (Computer Security Incident Handling Guide, National Institute of Standards and Technology, March 2008), establishing an incident response capability should include the following actions: Creating an incident response policy plan Developing procedures for performing incident handling and reporting, based on the incident response policy Setting guidelines for communicating with outside parties regarding incidents Selecting a team structure and staffing model Establishing relationships between the incident response team and other groups, Determining what services the incident response team should provide Staffing and training the incident response team The â€Å"Cyberthreat Response and Reporting Guidelines† report, jointly approved by the FBI and US Secret Service recommends that the better equipped a company is in the event of a security event, the better probability it has to reduce the impact of the crisis. This recommendation is actually one of the chief responsibilities of a CSIRT, to be well organized to successfully cope with an incident when they happen and to help prevent incidents from occurring in the first place. As a starting point, the team should have a strategy plan for incident handling. This plan should be supported with documented policies and procedures. According to (State of the Practice of Computer Security Incident Response Teams, October 2003), the incident response plan identifies the mission and goals of the team, the team roles and responsibilities; the services provided; and policies, procedures, processes, and guidelines related to incident handling. The incident response plan is not only inten ded for CSIRT employees, but also for community that they serve. From that viewpoint, both parties should be proficient about what to report, how to report it and to whom it should be reported. The plan should also describe the expected level of service that is reasonable. Staff who is accustomed with computer security incidents recognize the fact that these incidents vary in shape and size. Some are quite uncomplicated, easy to cope with and mitigate while other are extremely severe and very complicated or can have harsh impact on IT systems and necessitate proper authority to respond to effectively. In the event of a crisis, adhering to the plan in place will facilitate the organization to promptly isolate disruption cropping up on IT systems or networks as well as to assist to counteract to such events. It may alleviate potential risk such as loss of company reputation, trust or financial status. For existing CSIRTs who dont have a robust plan, they can still manage with some bas ic guidelines. They can make use of their current incident handling procedures as a guideline, in the meantime they can revise their existing documentation. They can rely on those basic guidelines namely the plan to handle incidents, areas of responsibility, general and specific procedures. Other typical guidelines can include an incident response checklist as well as procedures for what type of activity to report and how that information should be reported. A company needs to take into consideration several factors prior to planning an incident response capability. They include introducing a point of contact for reporting incidents pinpointing the aims and objectives of the team distinguishing and selecting the staff and necessary expertise offering direction for reporting and handling incident reports allocating proper security awareness and incident response training for CSIRT staff launching and promoting specific incident handling and security policies and procedures for the CSIRT exposing lessons learned with other colleagues designing a benchmark to monitor the effectiveness of the CSIRT devising strategy to allow coordination between the CSIRT and internal and external parties Organizations or the team typically approve policies and record them. It is crucial to know what these policies consist of and to ensure that they are properly implementable, enforceable in the workplace. Like the mission statement, senior management approves and enforces policies. The policies need to be openly expressed and well understood by each team member, technical, management or administrative. It will be a difficult task for the staff to appropriately execute and carry out their duties without a clear understanding of the policy. In order to write a clear policy, it is best to avoid excessive jargon. Whenever possible, consult someone who is not in security or IT to examine the policies. Rephrase the policies if not understood. Use very short sentences. A good policy is a short one. A security policy should be concise, well segregated between the management aspect (the policy) and the operational aspect (the procedures). Moreover, a policy must be both implementable and enfo rceable, or else it doesnt have any purpose. It is easier to implement a policy if it is well designed and relevant to the needs and goals of the CSIRT. Truly effective policies address genuine needs within a business, making the staff willing and even eager to implement them because they make operations smoother and give the business added reliability. Top management should execute appropriate actions or steps to enforce a policy. Policies must be enforceable; otherwise they are of little or no value. Usually when a policy ismplementable, it is normally also enforceable unless it contradicts itself. Concrete measures are needed to assess the usage of the policy. Example: An example of a contradictory policy is the security policy that ranks internal information security as priority number 1 but at the same time ensures absolute privacy for its staff; the latter makes it hard or even impossible to enforce security in case of an insider threat. To successfully develop and implement s ecurity policies, top management needs to be involved in and strongly support the project (Lam, 2005). A proposal with a report of external and internal requirements and a draft assessing budget can easily persuade managers to support the development and implementation of a security project. Having management support and authorization can resolve money and time issues. These managers can allocate the required budget and allow sufficient time for development and implementation. In addition, top management has power to affect processes by requiring employees to participate (Kearns Sabherwal, 2006). How to Implement Security Policies Successfully The implementation phase probably is the hardest phase in the life cycle of developing and maintaining security policies. Many organizations fail in this phase. To effectively and efficiently implementing security policies, teams first need to resolve many issues. Lack of strong management support (Fedor et al., 2003; Lam, 2005), lack of budget (Kearns Sabherwal, 2006; Martin, Pearson, Furumo, 2007), lack of implementation time (Walker Cavanaugh, 1998), lack of strong leadership (Fedor et al., 2003), lack of awareness of benefits of implementing security policies—â€Å"why for† (Hansche, Berti, Hare, 2004)—, or ineffective communication with users (Jackson, Chow, Leitch, 1997; Walker Cavanaugh, 1998) may cause problems. Resolving all of the above issues can help in successfully implementing security policies. Computer Security Incident Response Team (CSIRT) A team is a focal component of incident response plan, policy and procedure creation so that incident response is dealt effectively, efficiently and consistently. The team should cooperate with other teams within the organization towards a central goal which encompasses the plan, policies and procedures. Outside parties such as law enforcement, the media and other incident response organizations can also be contacted. Computer Security Incident Response Team is regarded as the nerve center of an incident response plan. It is normally composed of a team manager, a management advisory board and other permanent and temporary team members. The temporary staff provides advice on technical, business, legal or administrative issues, depending on the nature and scope of the incident. The team assists the organization to identify and document the nature and scope of a computer security incident handling service. The team manager supervises labour of the team members, presents ongoing status i nformation to the Chief Information Officer (CIO) and other senior management and requests assistance on expert advice outside of IT department when needed. This role leader should be accustomed with computer security issues, the function of IT areas and staff, general company operations as well as the duty of other employees in the institution who may serve as resources for the CSIRT. Under challenging situations, the team manager must be able to coordinate teamwork with other staff and to deal properly with circumstances that necessitate discretion or confidentiality. The technical leaders role is to assess the characteristics and severity of an incident, propose recommendations on security control and recovery issues to the team manager and requests on additional technical resources if needed. This role should possess a broad understanding of operational and systems security. Other employees can join the team on a spontaneous basis and remain team members until closure of inciden t. Additional resources may be required to serve areas such as: law enforcement, legal, audit, human resources, public relations, facilities management or IT technical specialties. The table below shows a list of members who should be included in the CSIRT and their roles in the team. Table 1: Team members in IRT Source: table from page 4-2 of Incident Response Procedure for Account Compromise Version 1.2 2004 by Visa International Besides their technical expertise, CSIRT staff distinctive quality is their motivation and talent to stick to procedures and to present a professional image to customers and other parties working together with them. In other works, it is more convenient to appoint staff with less technical expertise and excellent interpersonal and communication skills and subsequently train them in a CSIRT-specific environment than vice versa. Communication of a team member who is a technical expert but has poor communication skills may brutally ruin the teams reputation while interactions that are dealt with competently will assist to improve the teams standing as a valued service provider. Possessing a broad range of interpersonal skills is significant since team members are frequently in contact with each other and other parties such as law enforcement, legal, human resources. T hus, these professional interactions that CSIRT employees adopt will influence the reputation of the team and special concern to an individuals interpersonal skills matters. Some interpersonal skills, required for incident handling staff, are listed below: logical judgment to formulate effective and suitable decisions in time of crisis or under pressure or strict time constraints effective oral and written communication skills for interaction with other parties discretion when dealing with the media aptitude to follow policies and procedures enthusiasm to learn new things challenge to work under pressure teamwork reliability to maintain teams reputation and status readiness to accept ones own mistakes problem solving skills to efficiently handle incidents time management skills for high priority tasks Apart from interpersonal skills, CSIRT staff should possess fundamental understanding of technology and issues on which they base their expertise. The following technical know-how is crucial for CSIRT staff: public data networks (telephone, ISDN, X.25, PBX, ATM, frame relay) the Internet (aspects ranging from architecture and history to future and philosophy) network protocols (IP, ICMP, TCP, UDP) network infrastructure elements (router, DNS, mail server) network applications, services and related protocols (SMTP, HTTP, HTTPS, FTP, TELNET, SSH, IMAP, POP3) basic security principles risks and threats to computers and networks security vulnerabilities/weakness and related attacks (IP spoofing, Internet sniffers, denial of service attacks and computer viruses) network security issues (firewalls and virtual private networks) encryption technologies (TripleDES, AES, IDEA), digital signatures (RSA, DSA, DH), cryptographic hash algorithms (MD5, SHA-1) host system security issues, from both a user and system administration perspective (backups, patches) [6] It is crucial that one division of the team possess a thorough understanding of the full range of technologies and issues used by the team. This contributes to expand and intensify the technical resource and capability of the team and train other team members through education and documentation. It also makes sure that the team can provide a full range of services. Besides an in-depth understanding of the technical skills listed above, the following specialist skills are required: technical skills such as programming, administration of networking components (e.g. routers, switches) and computer systems (UNIX, Linux, Windows, etc) interpersonal skills such as human communication, experience in presenting at conferences or managing a group work organization skills Obviously, a team will be unable to employ individuals who possess all the necessary interpersonal and technical skills. But there are opportunities to address such deficiency in those skills, such as training of staff to develop and retain such skills and support continuous progress. Hiring CSIRT Staff For any staff vacancy, the hiring process to select the most talented applicant is a complicated task. Even a candidate who appears on the surface to possess the right skill set might not be able to work within CSIRT setting. It is true when a crisis has been declared where the candidate may not be able to cope with the situation and inefficiently carry out their duties. Therefore, it is recommended to present the applicant to a hiring process, specifically designed to reveal the applicant strengths and weaknesses. Based upon the findings of the hiring process, the team will make up their mind to train the applicant in the specific skills that the candidate may require or decide not to employ the candidate. Compared to a regular hiring process, additional steps should be included in any CSIRT hiring process and they are: pre-interview document check pre-interview telephone screening interviews that cover topics from technical abilities to interpersonal skills candidate technical presentation reference checks, including criminal records The complete hiring process should be devised to detect potential employees who possess appropriate interpersonal skills and technical skills. Such candidates can undergo further training to acquire more competence. Before calling the applicant for a personal interview, the pre-interview document check and telephone screening determines in the first instance whether the candidate is an ideal match for the selection process. At this stage, more information is gathered about the applicants broad level of interest in computer security and other more specific details on items covered in his or her resume. The telephone screening will give a good impression of the candidates oral communication skills. Before CSIRT staff begin to interview potential candidates, its better to decide in advance what particular issues ranging from technical issues and ethical issues to social skills are most likely to be discussed during the interview process and select which existing staff are most suitable to talk about those issues with the candidate. Thus separate topic areas are covered by each of the various interviewers, saving any duplication of effort. Each interviewer will be in a position to review and consolidate feedback on the issues covered. Another strategy may be carried out where similar topics may be discussed by other team members involved in the interview process to agree on the candidates faculty about a particular topic and identify any weaknesses. To ensure proper recruitment, the applicant should have the opportunity to meet up with CSIRT team members through a lunch meeting or at the candidates technical presentation. A candidate, required to give a technical presentation, offers CSIRT an opportunity to measure other technical and interpersonal skills of the candidate. It also gives an idea how much common sense the candidate has and whether the applicant will be able to cope under stressful situations. Other qualities such as overall presentation skills, an ey e for detail, technical accuracy and ability to answer questions on the fly are also taken into account. After an individual has been appointed, there is also an enormous task to make them adapt to CSIRT. The new staff will need to undergo training for some period of time to get used to the CSIRT working environment as well as specific policies and procedures for the team. Some new recruits may be given access to limited information until relevant certificates or clearances such as government or military clearances are obtained. Staff training is compulsory in order to make the new recruits acquire the necessary skill level to take on their new responsibilities. Secondly, training is necessary to expand existing staff skills for personal career growth and overall team progress. Staff training also helps overall CSIRT skill set updated with emerging technologies and intruder trends. When considering the overall training needs of the team, it is necessary to spot out the overall skill s needed for each individual, as well as the common skill set required for the whole team. Obviously, new staff member should acquire immediate training in any deficient skills to perform effectively quickly. From a general viewpoint, the whole team should be assessed to determine any training that needs more attention to enlarge skill set exposure in the team. At the same time, this assessment focuses on an individuals skill set. Policies and procedures are a necessity and should be enforceable to support initial training of new team member and to guarantee ongoing training as policies and procedures get amended. Besides the interpersonal and technical skills discussed earlier, each team member should be trained in areas specific to the incident handling functions in a normal CSIRT work environment. Training should cover up the following issues: new technical developments CSIRT team policies and procedures incident analysis maintenance of incident records understanding and identifying intruder techniques work load distribution and organizational techniques Initial training is conducted through on-the-job training. Since incident handling profession is different in work nature from other professions, there is no formal educational path for CSIRT staff and limited documentation in the literature. Most printed materi