Faith and Religion in Jane Eyre by Charlote Brontë Essay...

â€Å"I sincerely, deeply, fervently long to do what is right; and only that† (426). Throughout Jane Eyre, the characters struggle to live out and develop their faiths, according both to God’s will and their own. In Charlotte Bronte’s Jane Eyre, faith and religion are displayed in different forms through the characters of Helen Burns, St. John, and Jane Eyre. Faith in Christ is the stronghold for Helen Burns. She considers living to the glory of God the purpose of her life. Her troubles and sorrows do not sway her faith, for she declares it her â€Å"duty to bear it† (56). For Helen, living a fruitful life means imitating the character of Christ. When Jane inquires why she allows her superiors to treat her unjustly, Helen first replies that Christ†¦show more content†¦Faith and religion rests in the core of Jane’s character and actions, but also causes tension with her independence. At Lowood, she struggles to reconcile her desire to rebel against oppression and injustice with the words of Helen saying to submit like Christ. She chooses to submit, experiencing an â€Å"extraordinary sensation†, feeling â€Å"as if she was a martyr† (67). Through her submissions, she learns to be virtuous. This virtue is challenged when she must choose either to be Rochester’s mistress, or to forsake the man she loves, jeopardizing her happiness. Abiding by God’s law, she leaves, believing that â€Å"God directed [her] to a correct choice† (366). Jane faces her fiercest tension when she faces St. John’s proposal to marry him and become a missionary’s wife. She desires to continue in God’s will, telling St. John that â€Å"I will give my heart to God†, but knows that marrying him goes against her every desire. She wishes to be free from St. John; she desires her independence. She nearly submits, were she â€Å"but convinced that it is God’s will† that she marry St. John (426). She prays for Heaven to â€Å"show [her] the path† (426). Jane truly seeks God’s will, and in return, â€Å"seemed to penetrate very near a Mighty Spirit† (427). Her devotion to God is rewarded as she prays in her â€Å"different way to St. John’s† (427). God releases Jane from a life married to St. John and allows her to return to Rochester and become his wife. Jane’s faith in God allows her to make virtuous

The Impact Of Christian Features On Beowulf - 3125 Words

ELMARRACHI 11 AMINE ELMARRACHI Professor: Dr. Robinson ENG-205 Research paper 11/21/2015 The Impact of Christian Features on Beowulf. Given, the current high profile debate with regard to dating the epic poem Beowulf, it is quite surprising that some scholars go as far as placing it during the Vendel era around 550 - 793 CE. Even though it is considered as a kind of folk tale, many are those who believe it happened towards the early Vendel era. As a rebuttal to this point, it might be?convincingly argued?that this period is also referred to as the Germanic Iron Age. Moreover, this era saw the rise of Norse mythology, which is very fatalistic in nature; it focuses on a world coming to an end in a great cataclysm. Along with this fatalism comes the willingness to die. That is why warriors would go to fight in battles and combats. Surprisingly enough, not only the heroes die but so do the Gods. Therefore, the central value of this culture is glory and heroism. Having considered the fundamental premises upon which the Poem Beowulf took ground, it is also reasonable to look at the epitome of this epic poem which starts with a tale about the ancestors of the Danish king, Hrothgar who wins great fame and wealth in different battles. Therefore, he built a Mead-Hall called Herot, to commemorate his victories. The Mead-Hall took its name from a popular drink, mead, being fermented liquor which was drunk at banquets and celebrations. Herot is also a placeShow MoreRelatedThe Impact Of Christian Features On Beowulf3125 Words   |  13 PagesELMARRACHI 11 AMINE ELMARRACHI Professor: Dr. Robinson ENG-205 Research paper 11/21/2015 The Impact of Christian Features on Beowulf. Given, the current high profile debate with regard to dating the epic poem Beowulf, it is quite surprising that some scholars go as far as placing it during the Vendel era around 550 - 793 CE. Even though it is considered as a kind of folk tale, many are those who believe it happened towards the early Vendel era. As a rebuttal to this point, it mightRead MoreBeowulf Is The Oldest Recorded Poem1328 Words   |  6 PagesThe epic poem, Beowulf, is the oldest recorded poem in English and at 3200 lines long, comprises roughly ten percent of the surviving poetry in Old English. Although written in this language, Beowulf focuses on the feats of the poem’s namesake Beowulf, a Geatish prince, and the invading Germanic tribes in Denmark. Understood early on in the poem, these tribes have a lengthy and powerful warrior culture; a culture heavily influenced by heroic virtues, blood vengeance, and paganism. Along with theseRead MoreThe Importance Of Heroism In Beowulf1073 Words à ‚  |  5 PagesBeowulf is a classic, epic story which theme focuses on good versus evil, â€Å"Beowulf is essentially a heathen poem† (Bodek) said F.A Blackburn because it consists of elements drawn from Anglo-Saxons culture before they were converted to Christians. It is tidily divided into three parts; The battle with Grendel, The battle with Grendel’s mother and the battle with the Dragon. The poem deals with Germanic forebears, the Danes, the Geats and the Swedes. This story features a super-strong warrior BeowulfRead MoreEssay on The Changing Concept of Hero988 Words   |  4 Pagesthe enemies that are being faced, and the values of each of them. Beowulf has no known author but it is thought to be written before the Anglo-Saxon exodus is completed but after the conquest began (p.30). Also going on during this time was the conversion of the Anglo-Saxon pagans to Christianity by Saint Augustine of Canterbury’s mission. This may account for the major focus on Christian themes throughout Beowulf, while Beowulf as a character is seen as a very pagan character (Lane). For instanceRead MoreTrace the Development of English Lit During Any One Period...as Part of Your Discussion Highlight How Significant Events in the Influence the Writing...Additionally Show How Characteristics of the Genre the Writer Uses3085 Words   |  13 Pagesand the importance of this literary period to the development of English literature. In attempting to do the aforementioned, the focus will be on the Anglo-Saxon people, their society, culture, and literary work with a view towards highlighting the impact on the development of the English language a nd English literature. The Anglo-Saxon or Old English period goes from the invasion of Celtic England in the first half of the fifth century (AD 700) up till the conquest in 1066 by William of Normandy.Read MoreAnglo-Saxon Heroic Poetry5673 Words   |  23 PagesOld English poetry is divided into two types: the Heroic, the sources of which are pre-Christian Germanic myth, history and custom; and the Christian. Heroic, or Epic Poetry belongs to one of these two types and refers to long narrative poems celebrating the great deeds of one or more legendary heroes, in a grand, ceremonious style. In its strict use by literary critics, the terms Heroic Poetry or Epic are applied to a work that meets the following criteria: such a poem must be related in anRead MoreFate Vs. Free Will2263 Words   |  10 Pagesdestiny as the final outcomes of a person’s life, however, at some points you wonder if a person’s destiny falls directly in the decisions made by someone. Hektor and Achilles both had choices , but ultimately believed they must follow their destiny. In Beowulf, fate generally pulls out in the deciding factor of one’s destiny. It is fate that makes the legend he is. He goes through every challenge knowing that fate will be on his side. However, he showed free-will when he decided to help out Grendel. InRead More themebeo Epic of Beowulf Essay - Theme and Style of Beowulf2716 Words   |  11 PagesThe Theme and Style of Beowulf  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚      Interpretations of Beowulf’s theme vary much more than commentary on the poet’s style. In this essay I hope to state clearly some of the popularly mentioned themes running through the poem, and to carefully delineate many aspects of the author’s style.    â€Å"Many critics feel that the speech of Hrothgar between lines 1700 and 1784 encapsulates the moral of the poem†¦.’He does not know the worse – till inside him great arrogance grows andRead MoreThe Separate Journeys Of Beowulf And Sir Gawain1761 Words   |  8 PagesThe Separate Journeys of Beowulf and Sir Gawain The purpose of the hero in literature has evolved through time, and there is no denying the differences of two medieval heroic archetypes, Beowulf, and Sir Gawain. In both poems, the hero is faced with several different tests, each with proposed solutions and goals. Anglo-Saxon epic and romantic stories focus on the central hero who stands alone as the ideal example of perfected chivalry. Even though there are countless similarities that both manuscriptsRead More17th Century Literature Throughout Europe1973 Words   |  8 Pagesauthors/poets tried to copy Chaucer’s style. While they didn’t take over as â€Å"the new Chaucer,† several writers became known for a variety of different reasons. It is clear in all of the works that religion and history either had a positive or negative impact on the stories being told. 1. John Lydgate John Lydgate’s works are â€Å"extremely descriptive, and he had many influential patrons including high placed noblemen and even royalty of the period† (Schieferdecker, et al.). Like many great writers of the

Solving Problems and Making Decisions †Free Sample Solution

Questions: 1. How To Describe A Problem, Its Nature, Scope And Impact?2. How To Gather And Interpret Information To Solve A Problem?3. How To Evaluate Options To Make A Decision?4. How To Plan, Monitor And Review The Implementation And Communication Of Decisions? Answers: 1. Attrition Attrition can be referred to as the voluntary and involuntary shrinkage in the number of employees working in an organization (Nalila, 2012). It creates a vacuum space when trained employees leave an organization taking the key skills, knowledge and business relationships with them. The problem of attrition is faced by companies across various sectors and it becomes a managers day to day task to reduce employee turnover. Some of the major costs associated to increased turnover are an increase in the cost of training, learning time for a new employee, inefficiency, revenue and productivity loss (Shashikala Ravindra, 2013). It is important to control attrition because when an employee leaves an organization, it indicates a clue about chances for high employee turnover in future impacting job satisfaction, employee engagement and also organizations ability for attracting talented people in the firm (Arokiasamy, 2013). 2. Reasons and Solutions to Attrition Behind every problem there exists a reason for its cause. According to Garner (2008), the major five factors that lead to attrition are people and communication, various work assignments that are allotted to them, lack of career opportunities, the infrastructure of the company the compensation offered to them, and the nature of the company itself. According to Griffith et.al (2000), there is a direct relationship between the job satisfaction and organizational commitment. An employee should be selected in to the firm through true recruitment practices, how they are managed, lack of appreciation at work place and even absence of a true compensation system. Good workers often tend to leave their jobs because of occupational stress (Ongori, 2007) The situation of the economy and the opportunities for getting new jobs are also highly influential on employees decision making (Arokiasamy, 2013). There is a change in the lifestyle and environment of preferred by the employees. Monotony does not please them and try to break away from a monotonous job, where as management in most cases treats them as commodities, trying to make a person work for two. Increased opportunities and expectations decrease loyalty among the employees (Lalitha, 2012). Source: (Naila, 2012) When the special case of UAE is considered, employee burnout is one of the major problems detected by the employers. About 63% of the directors cite that workload is a major reason for employee burnout. They also have a problem with long working hours/overtime (57%), economic pressures (37%), and lack of ability to handle both professional and personal commitments (33%), lack of recognition (29%), higher and unachievable expectations (28%), operational inefficiencies (21%), bad relationship with colleagues and managers (12%), and lack of a departmental strategy and clear and defined business (8%) (Perotte, 2012). It is a fact that the directors do not have direct control over the attrition rate in a given company. But according to Perrotte (2012), there are certain warning signs that may indicate the chances of rise in the attrition rate including coming late frequently for work, becoming less productive, disagreeing with the managers and colleagues more frequently, becoming disconnected from work, increase in leaves, and outbursts in company that are both negative and emotional. It is extremely important to take make efficient strategies to reduce attrition in a given organization. Some of the effective retention strategies involve change in practices of hiring, proper branding of the employer, managing talents, proper employee engagement practices, and conducting an exit interview to understand the reasons behind the employee leaving the company (Lalitha, 2012). Fulfilling different levels in the Maslows hierarchy by satisfying various needs of the employees in different levels will help to contain attrition. The basic needs that can be fulfilled are physiological needs, safety needs, needs of love, affection and belongingness, need for esteem, and then self actualization (Maslow, 2013). According to Negi (2013), the organization should have a corporate social responsibility towards the employees and should implement the Hertzbergs two factor theory concentrating on both motivators and hygiene factors. Managers should be trained to use their emotional intelligence to control ones emotions and then channelize energies and potentials, in a positive direction so that there will be enhanced productivity in an organization (Negi, 2013). Attrition is now a major issue that is faced by organizations across various spheres. To conclude the reason for attrition, it can be said that attrition is a result of the non-fulfillment of the needs and expectations of the employees. This need varies from employee to employee and the managers in a firm should be proficient enough and given adequate resources to analyze, understand and make decisions depending on the nature of the group he/she is guiding. 3. Decision Making Techniques Tackling voluntary turnover is essential and for this Allen (2006) has come up with a voluntary turnover model to understand the process of voluntary attrition. When there are attractive options for the employees in comparison to where they work, employee satisfaction becomes a major issue especially those who are highly valued and are in demand. Source: (Allen, 2006) Considering the turnover path in an organization, it can be four types including dissatisfaction, better alternatives, plans and no plans (Allen, 2006). Companies should form different strategies to retain then. Following table represents strategies that can be undertaken for different turnover pathways. Source: (Allen, 2008) Decision making plays an important role in retaining the employees. Planning to control turnover rates in an organization should start from portraying the image of a good employer, recruitment of the right resourceful employees into the organization, training and developing them according to the culture of the organization, talent management process, proper succession planning, and in case the employee still leaves exit interview to use the information to further improve the procedures. This requires a retention management plan on the basis of which decision should be taken. Following figure demonstrates a retention management plan. Source: (Allen, 2008) 4. Communication to the employees Retention of the employees can be easily controlled by organizations through embedding them into organizations using socialization (Allen, 2006). This is because there are chances that some special organizational and individual factors will have an influence on organizational commitment and job satisfaction that usually initiates withdrawal (Allen et.al, 2010). Following are some of the communication strategies for embedding employees into an organization. Source: (Allen, 2008). Following is a model that is required for planning and communicating a retention plan. Source: (Government of Newfoundland and Labrador, 2008) The importance of succession planning cannot be overstressed in any given organization. This is a continuous process and the following figure depicts the process of communication in succession planning. Succession planning ensures that the organization will be planned enough to deal with emergency layoffs and resignations. Following figure represents various stages in succession planning. Source: (opm, 2005) Communication is essential in an organization to make sure that there is a balance between the expectations of the employees and the employers. This process of communication is divided among various hierarchies across departments to ensure proper tests, interviews, tests, and surveys are attended to on time by the employees. Evaluation of the success of the retention program The success in the program that is adopted by the company can be analyzed through the reduction in the attrition rate. The formulae for attrition rate is ((no. of attrition*100)/ (Actual Employees+ New joined))/100 (Naila, 2012). A decrease in this rate represents reduction in the employee turnover rate of the company. Conclusion To conclude, it can be said that attrition is a problem that is faced by organization across different industries. Though employees are different from each other, their needs are categorized into categories by researchers. Being sensitive to the employees and offering them an array of opportunities helps management to retain them and keep their talent pool intact. References 1. Allen, D. G. (2006). Do organizational socialization tactics influence newcomer embeddedness and turn over. Journal of management, 32. 237-256. 2. Allen, D. G. (2008). Retaining Talent: A Guide to analyzing and managing employee turnover. SHRM foundation effective guidelines Series, 1-43. 3. Allen, D. G. (2010). Retaining talent: replacing misconceptions with evidence based strategies. Academy of management perspectives. Available from https://misweb.cbi.msstate.edu/~COBI/faculty/users/jvardaman/files/files/AllenAMP.pdf. 4. Arokiasamy, A. R. R. (2013). A qualitative study on causes and effects of employee turnover in the private sector in Malaysia. Middle East Journal of Scientific Research 16(11), p.1513-1541. 5. DeCenzo, D. A. Robbins, S. P. (2005). Fundamentals of human resource management. John Wiley and Sons. 6. Garner, G. (2008). Five attrition factors and what you can do about them. National society of professional engineers. Available from https://www.asmeconferences.org/gemc10/may08AttritionFactorsandRetentionStrategies.pdf. 7. Government of Newfoundland and Labrador. (2008). Developing an integrated talent management: A human resource management framework. Available from https://www.exec.gov.nl.ca/exec/hrs/publications/developing_an_integrated_talent_management_program.pdf. 8. Griffeth, R. W. et.al. (2000). Meta analysis of antecedents and correlates of employee turnover: update, moderator tests, and research implications for the next millennium. Journal of Management, 26(3), p.464-468. 9. Lalitha, C. (2012). Managing employee attrition-The HR role and challenge. International Journal of research in management, economics and commerce. 2(11), p.262-267. 10. Maslow, A. H. (2013). A Theory of Human Motivation. Rough Draft Printing. 11. Naila, I. (2012). Analyzing causes of attrition rate and giving the solution through Maslows hierarchy of need in BPO Industry. Commerce and Management, 1(4), p.1-14. Available from https://www.rgcresearchjournal.org/volume-I,issues-IV,October-December2012/commerceandmgt/ANALYZINGCAUSESOFATTRITIONRATEANDGIVINGTHESOLUTION.pdf. 12. Ongori, H. (2007). A Review of Literature on Employee turnover. African Journal of Business management, 1(3), p.49-54. 13. (2005). Succession planning process. Available from https://www.opm.gov/policy-data-oversight/human-capital-management/reference-materials/leadership-knowledge-management/successionplanning.pdf. 14. Perrotte, K. (2012). Four in 10 HR Cite employee burnout a common occurrence in UAE companies. Available from https://www.roberthalf.ae/EMEA/Dubai/News%20and%20Press/Documents/UAE-Employee-Burnout-Feb-2013.pdf. 15. Shashikala, S. Ravindra, S. (2013). A study on causes and control techniques for attrition rate in Indian Industry. Asia Pacific Journal of Research, 2(4), p.1-8.

Structural Design of a Building Essay Example

Structural Design of a Building Essay There are 7 different forms of structural design used to form multi-storey buildings within the building industry today, They are:- †¢Shear wall structures †¢Hull core structures †¢Propped structures †¢Suspended structures †¢Traditional framed/caged structures †¢Cantilevered structures †¢Braced structures The two that are popular and most widely used are shear wall structuresand braced structures. SHEAR WALL STRUCTURES These are made up from Concrete continuous vertical walls that are used as both architecturally partitions and structurally to carry gravity and lateral loading. They are very high in plane stiffness and strength which makes them the ideal panels for bracing tall buildings; they also act as vertical cantilevers in the form of separate planar walls, and as non-planar assemblies of connected walls around elevator, stair and service shafts. This way of forming a building is well suited to hotel and residential buildings where the floor-by floor repetitive planning allows the walls to be vertically continuous and where they serve simultaneously as excellent acoustic and fire insulators between rooms and apartments. Advantages:- †¢Tensile reinforcement for areas where tension stresses occur in †¢Walls when wind uplifts stresses exceed gravity stresses. †¢High strength concrete has enable wall thickness to be minimized, hence maximizing rentable floor space. †¢Technology exists to pump and to place high-strength concrete at high elevation. †¢Fire rating for service and passenger elevator shafts is achieved by simply placing concrete of a determined thickness. †¢The need for complex bolted or side-welded steel connections is avoided. Well detail reinforce concrete will develop about twice as much damping as structural steel. Disadvantages:- †¢Shear walls formed around elevator and service risers require a concentration of opening at ground level where stresses are critical. †¢Shear wall vertical movements will continue throughout the life of the building. †¢Construction time is generally slower than for a steel frame building. †¢The additional weig ht of the vertical concrete elements as compared to steel will induce a cost penalty for the foundations. Regular survey check must be undertaken to ensure that the vertical and twist alignment of the shear walls are within tolerance. †¢In general it is difficult to achieve a good finish from slip-form formwork systems, and rendering or some other type of finishing may be necessary. Shear wall Structures BRACED FRAME STRUCTURES Braced frames are cantilevered vertical trusses resisting laterals loads through the axial stiffness of the frame members. This is an effective way of building as the steel has a high ratio of stiffness; it is an ideal method to use in the production of multi-storey building. We will write a custom essay sample on Structural Design of a Building specifically for you for only $16.38 $13.9/page Order now We will write a custom essay sample on Structural Design of a Building specifically for you FOR ONLY $16.38 $13.9/page Hire Writer We will write a custom essay sample on Structural Design of a Building specifically for you FOR ONLY $16.38 $13.9/page Hire Writer A braced frame is made completely from steel, this is because the diagonal steels are subjected to tension and lateral loading. Able to produce a laterally very stiff structure by using a minimum amount of additional materials makes it an economical structural form for any height of buildings. Advantages:- †¢Girders only participate minimally in the lateral bracing action-Floor framing design is independent of its level in the structure. †¢Can be repetitive up the height of the building with obvious economy in design and fabrication. Disadvantages:- Obstruct the internal planning and the locations of the windows and doors; for this reason, braced bent are usually incorporated internally along wall and partition lines, especially around elevator, stair, and service shaft. -Diagonal connections are expensive to fabricate and erect. Braced frame structures TASK 2 There are many different materials that can be used to form a multi-story building, the two most common are steel a nd concrete this is due to both the strength and the cost of the materials. STEEL The demand for steel as a building material is growing within the construction industry. Steels high strength, ductility, adaptation to prefabrication, speed of erection, etc. , have always been attractive characteristics to consultants and developers. In today’s fast tracked construction projects where time and schedule are of essence, these qualities become decisive in choosing the type of structure to be built. At present, Structural Steel Works, Inc. offers all of the advantages of steel as a building material at the most competitive price without sacrificing quality control. Advantages of using steel:- †¢Superior Strength and durability. †¢Precise measurements, perfect angles. †¢Resistant to pest. Great protection against the worst weather conditions. †¢Steel Components mean minimal material waste. †¢Installation is fast and simple. †¢Labour costs are minimal. †¢Steel is recyclable. †¢A cost Effective material. Structural steel building CONCRETE Reinforced concrete can be strengthened by using a number of different meth ods, such as -: †¢reinforcement bars †¢reinforcement grids †¢reinforcement plates †¢reinforcement fibers Concrete is very strong in compression but not in tension so these materials are there to help strengthen the concrete in tension. The term Ferro Concrete refers only to concrete that is reinforced with iron or steel. Other materials used to reinforce concrete can be organic and inorganic fibers as well as composites in different forms. The most common method of strengthening concrete is to use reinforcement bars. For a strong, ductile and durable construction the reinforcement should have the following properties: †¢High strength †¢High tensile strain †¢Good bond to the concrete †¢Thermal compatibility †¢Durability in the concrete environment Advantages of using precast concrete:- †¢Column-Free Long Spans With fewer columns and more usable floor space, precast, prestressed concrete provides greater freedom for space utilization. Conserves Energy Prestressed concrete components can improve the thermal storage potential of a building. It effectively conserves energy required for heating and cooling. †¢Maintenance Free Precast concrete does not require painting and is free from corrosion. Its durability extends building life. †¢Resists Fire Durability and fire resistance mean low insurance premiums and greater personnel safety. Those who investigate life cycle costing will appreciate the precast concretes excellent fire resistance characteristics. †¢Rapid Construction precast concrete construction gets the job done sooner. The manufacturing of prestressed members and site preparation can proceed simultaneously. Early occupancy provides obvious benefits to the client. †¢Versatility of Design Precast concrete buildings are not only functional but beautiful as well. Numerous panel configuration design possibilities are available. Structural concrete building As raw material prices differ, so does building design. During times of lower steel prices, more steel and less concrete is used, and vice versa, but both materials are typically used together. Concrete without steel reinforcement crumbles under tensile loads. Steel on its own, without composite or reinforced concrete floors, is likewise not a preferred building method. While rebar is almost always steel, it is not considered structural steel and is described separately in the rebar and reinforced concrete articles. While both steel structures and Reinforced concrete cement(R. C. C)structures have their pros and cons, the steel structures have better strength to weight ratio than RCC, and can be easily dismantled(Steel structures, which have bolted connections can also be reused to some extent after dismantling).

Traditional Bullying Vs free essay sample

Bullying has been an extreme issue all around the world for hundreds of years, and since modern technology has advanced, so has cyber bullying. â€Å"‘Gimme’ your lunch money† has turned into texting and posting gruesome threats and embarrassing material all over social media. Millions of kids all over the world have taken their own lives due to the harmful effects of cyber bullying. Problems that cannot be resolved independently are brought to court, and the government has become increasingly involved in banning cyber bullying across the nation. Many young adults (mostly girls) have been tried and convicted of cyber bullying. The United States is making efforts to stop cyber bullying by creating laws against it. The issue of cyber bullying has taken the entire world by storm. Every day, more people are seeing the effects of cyber bullying in their everyday lives, and more people are reaching out to put an end to cyber bullying. We will write a custom essay sample on Traditional Bullying Vs or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page Bullying is an unwanted and aggressive action and/or behavior that affects millions of children and teenagers that involves a real or perceived power imbalance that is repeated, or has the potential to be repeated, over time (â€Å"What is Bullying† n. pg). Bullying includes actions such as making threats, spreading rumors, attacking someone physically or verbally, and excluding someone from a group on purpose. There are four major types of bullying: cyber bullying, verbal bullying, social bullying, and physical bullying (â€Å"The Issue of Bullying† n. pg). Cyber bulling is when a child, preteen or teen is tormented, threatened, harassed, humiliated, embarrassed or otherwise targeted by another child, preteen or teen using the Internet, interactive and digital technologies, more specifically, mobile phones. Many cyber bullies think that bullying others online is funny, for cyber bullies may not realize the consequences of bullying someone online. Children have killed each other and committed suicide after having been involved in a cyber bullying incident (â€Å"What is Cyberbullying Exactly?† n. pg). â€Å"Verbal bullying is saying or writing vicious things that include: teasing, name-calling, inappropriate sexual comments, taunting, or threatening to cause harm† (â€Å"What is Bullying† n. pg). In addition, social bullying is referred to as â€Å"relational bullying†, that involves hurting someone’s reputation or relationships. Social bullying includes: leaving someone out on purpose, telling other children not to be friends with someone, spreading rumors about someone, or embarrassing someone in public (â€Å"What is Bullying† n. pg). Sometimes, social bullying can lead to physical bullying. Physical bullying involves hurting a person’s body or possessions. Physical bullying includes: hitting/kicking/pinching, spitting, tripping/pushing, taking or breaking someone’s things, or making mean or rude hand gestures (â€Å"What is Bullying† n. pg).1 of every 7 students from kindergarten to grade 12 has been a bully or has been bullied. 90% of victims admitted that they suffered negative side effects. Among them are: significant drop in grades, addiction to drugs and/or alcohol, increase in depression, increase in anxiety, loss of friend, and loss of social life (â€Å"Bullying Statistics† n. pg). â€Å"..Up to 43% of students have been bullied while online. 1 in 4 have had it happen more than once† (The Issue of Bullying n. pg). There are therefore two main reasons why bullying is significant. The first one is the prevalence of the problem†¦[A]t least 68% of all school age children had been bullied at least once, 38% had been bullied at least twice while 8% were affected by bullying to the extent of thinking about committing suicide, running away or being chronically ill†¦The second significance of bullying is in its effect. Professor Pearce, a Child Psychiatrist, states†¦Ã¢â‚¬â„¢[B]ullying does matter as it is connected to other and later acts of violence such as vandalism, hooliganism and domestic violence. He points out that aggressive behavior in children tends to continue.’( Alfandary, n. pg). For many decades, bullying was viewed as a relatively harmless â€Å"rite of passage and ignored altogether. Sadly, it has taken high-profile acts of school violence and youth suicide to change the public perception of bullying behavior, and to reach an understanding of what it actually is. Children have killed each other and committed suicide after having been involved in a cyber bullying incident. Bullying can lead a child to commit suicide, commit self harm amongst him/herself, or hurt other people. â€Å"[A] study shows that bullying id prevalent, with almost 30% of the largest sample of 6th- though 10th- graders reporting that they have participated in bullying, being bullied, or both†¦Those formerly bullied have been found to have higher rates of depression and poor self-esteem† (Howard, Prothroe-Stith, 1). The history of bullying has drastically changed; today, modern-day bullying is viewed differently and holds a different value and importance (Bullying 2). Bullying has been an issue for hundreds of years, but it is only since 1862 that bullying was first reported. Bullying is a critical issue that has only gotten worse over the years. Modern-day bullying compared to 18th century bullying was not as commonly seen and was not as detrimental. The way bullying has been viewed over the years has changed drastically, it started as verbal and physical bullying in schools, but today has transformed into a much more vicious thing. In 1862 a man, John Flood was a bully victim. â€Å"Flood had been the victim of ‘long, malignant and systematic bullying’† (â€Å"History of Bullying† n. pag).This first report of bullying, turned violent very quickly. Flood who was also a soldier, shot the bully and was convicted and sentenced to death. This sentence however, was overturned by the Queen because he was known to be a kind sole. (â€Å"History of Bullying† n. pag) This bullying situation is just one of numerous examples of how bullying can change a person’s attitude and feelings about his or her self, and take drastic measures like suicide or murder. In 1981 the first law against bullying was proposed. This law was then only thought about in the upcoming years. The law was made specifically for school bullying to spare the students the humiliation and sadness that would be felt by the kids. By the year 2000 a new kind of bullying was starting to become more frequent. Up with the wave of technological advancement, cyber bullying evolved along with the computers and phones (â€Å"History of Bullying† n. pag). Cyber bullying is the act of bullying through computers, cell phones, social media, or any other technological device that targets mainly teens. Cyber bullying is the more common way of modern-day bullying and is much more relentless because nearly everyone can see it. â€Å"It would be bad enough to be cyber-bullied by one kid when nobody else knew about it, but a video seen by hundreds or thousands of your peers could be devastating,† (â€Å"The rise of cyber-bullying† n. pag). [In 2003 a boy named] Ryan Halligan was bullied so relentlessly at school, he finally learned kickboxing to defend himself from the physical assaults. But when the attacks moved online, he had no way to fight back, and no refuge. October 2003, Ryan hanged himself in his familys bathroom. He was 13 years old. Now, Ryans father travels to schools around the country to share the events that led up to his sons suicide and to warn educators and students about the dangers of cyber bullying. (â€Å"History of Bullying† n. pag). This is not the only example of what cyber bullying can lead to for the victims, this specific occurrence was only one of the first to happen. Other situations like Ryan’s are Gail Jones, Tyler Clementi, Megan Meier, Rehtaeh Parsons, Jamey Rodemeyer, Audrie Pott, Amanda Todd, and countless others (â€Å"Victims of cyber-bullying† n. pag). In 2006 the very first law opposing cyber bullying was passed. The law states, â€Å" it [is] a federal crime to annoy, abuse, threaten or harass another person over the internet† (â€Å"History of Bullying† n. pag). This law among many others is a way to show how the nation is trying to oppose bullying of any kind. Laws are not the only things being done to prevent bullying, but conferences and national days (National Day of Action Against Bullying Violence) have been put into action as well. â€Å"More than 1 out of 3 kids have been bullied online in 2012†. (Bullyingstatistics.org). In our modern day society, our everyday actions are focused around social media. Social Networking Sites are easily accessible and can be seen by anyone; Two key components to why cyber bullying is so harmful and destructive. Victims of cyber bullying are being put on blast for the whole world to see. Most teens do not want to tell someone that they are being bullying; 52% of teen that have been cyber bullied haven’t reported it. Research shown by the Cyber bullying Research Center has concluded that victims of cyber bullying have a lower self-esteem than non-victims, this same organization also released that â€Å"more girls are cyber bullies than boys, to be exact 59% girls and 41% boys.†(Cyber Bullying Research Center n.p.) The Cyber Bullying Research Center has also produced an experiment on how the victims of cyber bullying feel, it was concluded that both boys and g irls reported to feel angry, sad, and embarrassed. However, more girls than boys feel frustrated, while report to feel boys are scared. Many people wonder why cyber bullying occurs, Enough is Enough Organization did a study on this and concluded with shocking output. â€Å"11% of kid said to show off to friends, 14% said to be mean, 16% said something else, 21 of kids said to embarrass them, 28% said for fun or entertainment, 58% of kids said that they deserved it and 58% said to get back at someone. Another common question asked is why is bullying and cyber bullying still happening? For the reason that cyber bullying is a very new twist on the traditional bullying a study was conducted on January 11 by Temple University. They concluded that one of the reasons that cyber bullying is an ongoing issue is because nearly half of school social workers feel unequipped to handle cyber bullying. Also 81% of youth agree that bullying online is easier to get away with than bullying in person and 80% think it is easier to hide online bullying from parents than in-person bullying.† (Enough is Enough-Internet Safety, n.p.) It is seen that cyber bullying is a huge issue, through current events. A recent event that happened took place in California on April 14th. Three boys accused of sexually assaulting an intoxicated 15-year-old girl, after raping her they took nude pictures of her and posted them online, days after the girl took her own life. Were talking about, other than murdering someone, the highest degree of a crime you could possibly do, which is to violate them in the worst of ways and then to effectively rub her face in it afterwards Said Robert Allard the attorney of the girls mother, father and stepmother. (US News n.p.) In the United States, the issue of bullying is taken seriously. According to the Cyber bullying Research Center, 49 of 50 states (excluding Alaska) have created laws against bullying. Though these laws differ per state, they all share common aspects that are fundamental to curbing bullying. Many of these core topics relate, either directly or indirectly, to cyber bullying. In all laws against bullying, the distinction is made that the scope of bullying includes â€Å"conduct that occurs on the school campus, at school-sponsored activities or events (regardless of the location), on school-provided transportation, or through school-owned technology or that otherwise creates a significant disruption to the school environment (â€Å"Key Components in State Anti-Bullying Laws†). Any activity that acts in opposition to appropriate online behavior on technology that is property of a school is illegal in the eyes of most state governments. As the Kelly Warner Law states, cyber bullying is any form of harassment, torment, or threat directed from one individual to another over the use of â€Å"digital, interactive or Internet technologies or mobile devices† (â€Å"Cyber Bullying Laws†). Whether the technology belongs to the student or the school, cyber bullying on campus is not allowed, and neither is cyber bullying off campus through means of self-owned or school-owned technology. Another key component to many anti-cyber bullying laws is the prohibition of â€Å"perpetuating bullying or harassing conduct by spreading hurtful or demeaning material even if the material was created by another person (e.g., forwarding offensive e-mails or text messages)† (â€Å"Key Components in State Anti-Bullying Laws†). In short, this idea states that it is illegal to spread degrading content, even in the case of chain letters or sharing received content with others. It is no more appropriate to act maliciously against someone online than to act maliciously against someone in person, and state governments are increasingly recognizing this cyber bullying issue and taking action against it. More and more states are passing laws against cyber bullying. Just recently, on April 29, 2013 in Tallahassee, Florida, the Florida Senate passed a bill to â€Å"expand the authority of Floridas public schools to discipline students for cyber bullying done through use of a school computer, at the site of a school-sponsored activity or on a school bus† (â€Å"Bill Aimed at Cyber bullying Clears Senate†). In a Senate vote, the bill passed with 100% approval and 0% opposition (thirty-seven people for the bill and zero against it). The bill will now move on for approval from the Governor; so far it has quickly and efficiently passed through the law system as more people have come to recognize cyber bullying as an issue as prominent as bullying. According to Cyber bullying is not worse than Physical bullying, cyber bullying is not worse than the physical side of bullying for a couple of reasons† (Cyber bullying vs. Physical Bullying). It has been statistically stated that 32% of kids have been bullied online, but 62% have been bullied offline. Even though more kids have been bullied online, they would prefer a sentence on Facebook over a punch in the jaw. At the same time, cyber bullying is widespread and the â€Å"hurt† can last forever while physical bullying can hurt temporarily. Also many people can view the picture or post wherever it may be and it is impossible to delete the post/picture. When someone is in the middle of fight a teacher or adult can break it up, but online there are not teachers or adults monitoring and breaking up the fight. Various people which wrote the article titled Traditional Bullying VS. Cyber bullying stated that traditional bullying is drastically different than cyber bullying. T raditional bullying is usually face to face, in a public place, and with a smaller audience. Cyber bullying is anonymous, it can be at home or at school, and it is with a larger audience. Ybarra and Mitchell both examined the internet users for ages 10-17 and found that 15% of those are harassers, 51% are harassers who were traditionally bullied, and 20% are victims (Gradinger, Petra, Dagmar Strohmeier, and Christiane Spiel). This experiment showed that many people who cyber bully, have been traditionally bullied in the past.

Business Terms and Relocation Essays

Business Terms and Relocation Essays Business Terms and Relocation Essay Business Terms and Relocation Essay Risks, Benefits and Costs of Relocation By Prudential Joseph R. Carucci Real Estate Business location continues to be a primary factor in sustaining a company’s competitive position – whether it is a corporate headquarters seeking to get closer to emerging markets, or a back office wanting to reduce operating costs. Companies often find that their current locations no longer provide the competitive advantage they once held. Consequently, they attempt to weigh the risks and benefits of a major relocation along with the costs to determine the viability of relocation. Risks Related to Relocation: By far the most significant risk related to a major relocation for any operation is the potential for business disruption. The outcome could result in the loss of valuable employees (knowledge assets) and distractions from normal business activity during planning and implementation that impact service delivery and customer retention. While the risk of disruption is real, careful planning and implementation can minimize its impact. A special relocation policy can be developed to maximize employee retention. Effective communications can minimize employee distraction and customer concerns. Short-term staff redundancy along with the phasing of relocation can minimize overall impact. Other factors that influence the success of a relocation decision include: Not making an effective location selection decision; Not adequately defining the costs of a relocation; Not making a reasonably accurate attrition calculation; Not engaging in a major relocation because of the fear of failure. Benefits of Relocation A relocation decision needs to achieve a payback in two to three years or less. Since the cost of labor comprises approximately 75% of the total operating cost, picking a location that results in a 10-15% reduction in labor cost is key. Because the majority of staff in a back office are on pay scales that reflect the local market, a significant cost reduction is potentially achievable. Attrition in a back office relocation is usually high (80-90%) depending on the destination. Benefits derived from relocating a company headquarters operation are less concerned with reducing cost and more on strategic positioning of the company. Key objectives focus on gaining access to emerging markets, enhancing the ability to recruit and retain top talent, or making a radical change in corporate culture – all of which send a positive signal to each company stakeholder and support the long-term viability of the company. Employee retention from a typical headquarters relocation is 60-70% and is influenced by the level of interest in the destination, availability of other local job opportunities and family situation. The average cost of relocation per employee is about $50,000, but can vary widely depending on salary, home ownership status and relocation policy provisions. Relocation Cost and Risk/Benefit Analysis Process Risks and benefits will vary for each type of business operation. In a given scenario, a particular condition may be viewed as either a risk or benefit depending on the specific needs of the company. For example, if a company wants to radically change culture and reduce the cost of highly tenured employees, a large percentage of attrition is positive. If there is a significant concern over the potential loss of â€Å"intellectual capital† due to a relocation, the company should have its relocation policy reviewed and incorporate provisions that maximize retention. The analysis process should be comprehensive, and take into consideration short-term risks as well as long-term benefits. Business location consulting firms specialize in preparing relocation analyses and in evaluating relocation alternatives. Factor examined include: retention/attrition of affected employees; one-time costs of relocation and build-out as well as the long-term costs and savings for real estate and labor. The following five-point process will help a company analyze its relocation cost and risk/benefit: 1. 2. 3. 4. 5. Define location and employment level alternatives. Determine potential employee retention and attrition for alternatives Estimate the one-time costs of relocation, attrition, new staff recruiting/training, etc. Estimate the incremental ongoing cost/savings over a specified period related to the cost of real estate and labor, facility improvements and lease penalties. Identify both the risks and benefits to the company for each location scenario. Whether it’s a short or long-distance relocation, this analysis process will help your company better understand the risks, benefits and costs of relocation.

Ethical issues in Health Care Management Essay Example | Topics and Well Written Essays - 250 words

Ethical issues in Health Care Management - Essay Example The latter increasingly take into account what are the ethical norms within the healthcare institution, because ethical considerations affect the commercial and corporate world. Stakeholders seek to maximize the profit and return on their investments and that is why they are particularly concern of ethical codes being correctly applied. Avoiding negative social effects in healthcare management is an activity, which is open and socially responsible. Stakeholders aim to minimize the ethical issues in health institutions because this affects sustainability of the organizations and destroys the bond between the local community and the healthcare system there. Therefore, following strictly the chosen ethical code increases the community’s confidence in the healthcare and secures its population with greater tolerance, compassion, awareness and flexibility. Ethical codes in healthcare institutions posses substantial advantage for the heath corporation, because society can anticipate certain behaviour and create public ethical expectations. Such are very helpful to the stakeholders, who run financially the system and invest in its technological improvements, research and development. Ethical codes and law go hand in hand in healthcare management, and stakeholders have to be aware of unethical/unlawful actions being taken. An example where ethics and law clash is the dumping of patients, namely in the US, where the healthcare system and social and medicare is designed in a way that do not fully covers the ethical presumptions of health institutions. In such cases I believe, stakeholders have the take decisions, which are rather patient abiding, than law

Cold War and its Impact on International Racism and Segregation Research Paper - 1

Cold War and its Impact on International Racism and Segregation - Research Paper Example The aspects of two social problems, international racism and segregation are examined in this paper. Emphasis is given to international racism and the segregationist image of the United States. It is concluded that the Cold War has significantly affected the international image of the United States regarding racism and segregation. The level of interaction of the above products are not standardized; within different social, political and economic conditions, the events of the Cold War could have led to different perceptions of the country’s international image regarding racism and segregation. The Cold War has strongly affected the perceptions on human rights. The starting point of the War can be identified at the end of the Second World War, i.e. in 1945. However, certain of its ideas have been already appeared before the end of the Second World War, even in 1939. Different views have been developed regarding the role of the Cold War on concepts, such as racism and segregatio n. According to Professor Adam Fairclough1, the Cold War has influenced the views of people on racial differences, leading to the promotion of values such as equality and fairness among people of different racial background and characteristics. More specifically, Professor Fairclough suggested that ‘the war had helped to discredit theories of racial superiority’.2 The above view is based on the fact that after the end of Nazism in Europe, people in countries that suffered significant damages – and human losses – could not tolerate any form of discrimination, which has been the key rule of Nazism.3 The specific fact is highlighted in the study of Professor Fairclough where reference is made to the non-acceptance of the concept of racial superiority, as the above framework was developed during the Second World War. It is explained that since the end of the Second World War the public does not accept any form of racism, either expressed, as Anti-Semitism or o ther form of racial discrimination. In addition, the Cold War has helped to increase awareness of both governments and the public on racial discrimination, making the specific problem ‘an international issue’.4 According to Professor Fairclough, racial discrimination has been an argument offering to the enemies, or else the political opponents, the chance to ask for the termination of existing governmental plans; for example, reference is made to the claim of Russia, during the Cold War, that USA does not respect human rights, especially the rights of black people.5 At this point, reference should be made to the following fact: the United States has traditionally faced a series of significant challenges regarding the entrance in the country of foreigners. Politicians do not equally support the continuous increase of foreigners across the country. In fact, certain of them are clearly opposed to such perspective. The issue is made clear in the speech of Joseph McCarthy on Communists in 1950. The key point of the specific speech has been the following one: foreigners are considered as not being directly related to the American Economy.6 Rather, it is believed that the problems of the country are related not to foreigners but to the traitors activating across the country.7 It is explained that these traitors are likely to enjoy all social and political benefits across the country, such as the right to education and the right to housing, at

Fiat Failure Case Study Example | Topics and Well Written Essays - 2500 words

Fiat Failure - Case Study Example Finally this study has particularly identified Fiat's inability to reorganize its internal and external strategic value chain and supply chain management processes to achieve positive synergies related to costs and corresponding benefits. More than a century of operations at Fiat were essentially characterized by typical Italian family business approach. The Agnelli family dynasty has been controlling Fiat ever since its inception and even today the family and its related people have roughly 34% of the shares. The company was growing from strength to strength, diversifying in the process in to one of the biggest European Business Conglomerate (Cammarata, Kurucz, Maj, Pavlovic & Portmann, 2006). Its diversification strategy spread in to a number of unrelated businesses as well. Aircraft manufacturing to pharmaceuticals Fiat spread its organizational umbrella. Currently its mammoth organizational structure has become unwieldy. Fiat has been going through a series of downs and very rare ups for a number of years now (Barry, 2009). The organization's inability to come to terms with the changing patterns of international trade and above all its structural orientation in the rapidly changing external competitive environment was not only flawed but also strategically divergent. It is the latter problem that affected the company much more than any other. The recent efforts to turn around the company financially and operationally have been met with no success because in the first place the company has been relying too much on corporate outcomes related to volume sales and capturing market shares while its smaller rivals have been concentrating on technology related productivity goals to identify niche markets in far corners of the globe(Landmann, Wolters, Bernhart & Harsten, 2000).Despite a growing threat coming from these bigger competitors, Fiat was more or less occupied with fluid external environment that pa rticularly had an impact on new product launches rather than testing the mood of the customer. Fiat's inability to effect internal structural changes along with a focus on the rapidly transient strategic competitive environment has been the main reason for its current debacle. While its competitors concentrated on merger and acquisition (M&A) related synergies, there was very little or no effort by Fiat to integrate its existing scale related advantages in to the existing operational environment (Fiat News, 2009). Thus its strategic market orientation was lacking in many respects. 2. Research aim The research aim of this paper is to establish a series of correlations and regressions

Penetration Testing Of General Hospital Information Technology Essay

Penetration Testing Of General Hospital Information Technology Essay Penetration testing PeT appendix B has always been an important first-step in any security life cycle. By doing penetration testing, the Hospitals IT team can obtain many invaluable information about the Hospitals newly developed security system. Basically the process of penetration testing will be involved with gathering information. Using these information to identity and then try to exploit the security vulnerabilities. 1/ Why do we need to perform penetration testing: Penetration testing is one of the oldest and effective method to evaluate the security of a computer system. Nowadays many organizations are using penetration testing in order to discover and fix security weakness before the get exposed. And for General Hospital after the process of creating a new security system, it is important that we do penetration testing, not only to find out about any potential vulnerability, but also to demonstrate the effectiveness of the new system, these are just a few points on why General Hospital should do penetration testing: The main purpose still for greater understanding of the current security system and finding any gap in security. This help the Hospitals IT team to have proper action plans to minimize the threat of attack or misuse. The penetration test will be documented carefully (more information on this bellow), and these well documented results will help the managers in making a strong business case to the Hospital board, explaining, justifying all the budget had been use for creating this new security system. Security is not a one-time solution, its actually a long process of maintaining and upgrading along the way, as new threads are being discovered. This pen-test maybe the first that SGH have, but itll definitely not be the last. By doing a proper pen-test, the result will act as a good foundation for future testing. 2/ Quality of the test: Like any big project, before we actually committed to complete the task, we have to have a very clear picture of the final product as well as the strategy, and every steps of the way, committing without planning is one way to ensure to achieve failure (more information on planning in the next part). As we go on later in this document, well see that the Hospital will cooperate with a security partner in order to carry the testing, the more reason for two party to sit down and agreed on the standard quality of this test. So, what makes a good penetration testing? Scope of the test: defying a clear scope, that will be most suitable for the Hospital that will be the first and most important task, for a good scope will help to prevent wasting of resource at the same time able to cover every potential vulnerability (the scope defying will be in the next section, the planning stage). Reliable partner : after the planning, sketch out a good strategy, its the security partner job to implement, launch the test, thats why we have to chose a skilled and experienced partner, the one who know what they are doing, in the fourth section, we will chose a partner that: Legally capable. Technically capable Can abide the non disclosure agreement, and this is especially important, for we a hospital, working with highly sensitive information. Choosing correct and adequate series of test, this depends heavily on the scope that we decide on. Also the executing of the test must follow strict methodology, every test must be planned carefully, followed the plan, and the well documented. This is very important because if we treat the test just like a guessing game, to see where the weaknesses are, its very likely that we are going to miss something, and that alone make the purpose of doing penetration testing completely voided. Result oriented: the only thing we care for its the result of the test, thats why the results should be well documented, the team should pay attention also to make the result understandable, so that the Hospital board can easily understand the problems, the consultant of the security partner company should also be ready to present and explain the results. With that set of quality in mind, we are going to proceed to the planning and further steps accordingly. However, because we are not going to actually perform the test, so we are only going through: planning, defying scope, chose a strategy, choosing the tests, and lastly defying methodology and standard for these series of test, we are going to explain what do we chose and why, as for the definition and how to execute please refer to the appendix. II/ The planning stage: In this part, we will cover the planning, defying scope, that lead to a strategy plant, which will be the back bone guide line for any further tests to follow. The security priorities of different target are different, for a service net work it is important to have a high stability, availability, or in case of an e-business network, it requires high authenticity. However none of that can be apply to SGH, for a hospital the utmost priority are confidentiality, data integrity, we are dealing with patients data here, there is no point in taking the Hippocratic Oath to keep the patients information confidential while on the other hand slacking off In putting effort to protect those information. Not only that we are dealing with much higher stake game here, which involve humans lives. This is no longer just protecting data for data mean money. When I were young, I remember a movie where a patient with a broken jaw put back together by metallic platting, years latter he has cancer, and his doctor without knowing about the platting still send him to the MRI machine (highly magnetic), and lead to his gruesome death. All of which cause by lack of de ntal documentation in his medical history. So in a nut shell, SGH highest priority is data Integrity and confidentiality, but in the mean time we still have to do minimum checking on every other aspect, leave out nothing. The second as part of SGH network system is the personnel, which in this case are doctors and nurses mostly. They are among the most highly trained employees, however not in IT. Nowadays almost every hospital in Singapore has been completely digitalized, dealing with database instead of paper files, also with many medical devices are being monitored by computer programs. The combination of high tech with unexperienced user leads to a very high chance of application misuse, data input wrongly. That put application security testing (appendix B application security testing) priority a bit higher than normal. So as a conclusion for the strategy of this penetration test: we are going to do a penetration test follow Blind Testing strategy (Bind testing strategy Appendix B) to stimulate the action like a real hacking attempt by hacker to obtain confidential data, or to modify, deleteà ¢Ã¢â€š ¬Ã‚ ¦etc. In the same time we will combine with certain Internal testing (Internal testing strategy), mostly focus on application security, misuse..etc, and of course a few basic test again common threat however we are not going to deep in that. After decided on a plan and testing strategy, the next step will be vulnerability assessment III Vulnerability assessment (VA): Why should we do VA (VA appendix B)? In fact there are some confusion between VA and pen-test, sometime people lable them as the same. Pen-test mostly consis of VA, but then take one step futher, find out the weak spot then attack it. So basically before we do pen-test, the first step would be VA. For the detail of how to do VA please refer to VA Appendix A . But basically we are going to series of techniques that can be considered as research before attack. Passive research: learn as much as we can about SGH, from out site point of view. Open source monitoring: utilizes Internet meta-searches focus on specific keywords, or sensitive information to see if there are any leaking. Network mapping and OS fingerprinting: from out side view, figuring out the structure of the network, even able to draw out a network diagram from the information gatherd through different tools Spoofing: trick the targeted computer in side the Hospital, sending out packets pretending that they are from trusted source. Network sniffing: capture data as it travel in and out the network, especially we have the different site between Clinics and Hospital, this can be a good check to see if our VPN is working properly. Trojan attack: and yes the traditional, butter and bread Trojan attack, Even though its basic, but because its so popular, itll be a mistake to think that our fire wall can do all the job, when Trojans combine with social engineering can be devastating. Brute force attack: this can be optional as we mention before the availability of the network may not be our highest priority, however if the resource allow, we can still do it, as a better safe than sorry. Vulnerability scanning: finally we can use automated tools to scan the whole database looking for potential vulnerability (the how, and what tool can be found in VA appendix A) After all those test, its very likely that we may able to discover a few holes in our security system. However in order to make sure that in all those vulnerabilities weve just discover none are false positive we will go to the next step is exploit testing, meaning actually attack to see if any got through. IV penetration testing, different types of test: Exploit testing (exploit testing appendix B) normally is the final stage in the whole process of penetration testing. There are many type of test, each with different level of commitment. We have to chose which test, and how far do we want to push. This decision is based on two aspects. One is the predefined scope that everybody agreed on earlier, we will conduct the test accordingly to that scope, to the strategy. The second is based on the result of VA, attack on every potential vulnerability that weve just found. In this scenario, because we have not actually performed the test, so we are going to chose based on the scope only. 1/ Database Integrity: As we discussed in the previous section, the integrity and confidentiality of SGH database is our highest priority. The fact that in the process of VA, we have done many test and checking, sniffing, mapping, Trojan, brute force, those are not only VA testing but actually a part of testing the confidentiality and integrity level of the data base also. Thats the fine line between VA and penetration testing as many of the assessment can actually be consider as exploitive. In the same manner in this stage of exploitive testing there still are test that could be done that may very well have been a part of VA like: War dialling: (war dialling appendix B): by calling a wide range number of telephone inside SGH, we may catch a modem, remote access devices, and maintenance connection that may leave an open on the hospital network. Why do we even consider this method? The fact that nowadays not only user, but even IT staff have very high ignorance when considering the phone network, while in fact they are the very primate assess point that possible for hacker to exploit, you dont actually need to be ignorance, just careless is enough, like leaving an open modem on a critical node of the network is enough to create an opening. There are many tools we can use for war dialling: ToneLoc from Minor Threat and Mucho Maas, or its alternative ModemScan , they both can be use for Microsoft window platform. TeleSweep for Microsoft also, and its free. For Macintosh use Assault Dialer. Unix try PAWS, THC-SCAN NG, Telescan, IWAR (intelligent war dialler), or ShokDial (from: http://www.tech-faq.com). 2/ Social engineering testing: Social engineering test (appendix B SE) is part of the blind strategy testing. The environment we are working on is SGH, where most of the employee dont have in-depth training in IT, an other point is the helpful nature, answering question is kind of comes with the job description, all in one word: gullible nurses. For any cunning hacker, this is a big fat moving target for social engineering attack. For that reason, basic training in social attack is required, in the same time several test can be conduct, mainly in two forms: Non face-to-face: the test can be done over mail, or phone, pretending to be somebody who have authority, or who needs help to tricks the user to use account, password, or giving out sensitive information. Face-to-face: this is a more advance kind of social engineering, by posting as an employee of authorized personnel , gaining physical access to restricted areas getting information, from intercepting mail to dumpster divingà ¢Ã¢â€š ¬Ã‚ ¦etc Social engineering maybe no as technical as other test, but it has equal importance if not more, for the fact that there are actually no fool proof method to prevent social engineering attack other than out smart the attacker, which Is ironically we dont usually put the smartest people of the organization to the reception desk , the only thing we can do is to raise the level of awareness of the employee (there are books on this matter like: the art of deception, the art of intrusion both by Mitnick Simon ) . 3/ Application security testing: The second point from the scope as we discussed earlier is Application security: there are a series of test for application security (technical detail on appendix A AppT): Code view, Authorization testing, Input validation, cookie security, Lockout testing, there are also some test for the functionality of the application as well like: input validation, Transaction testingà ¢Ã¢â€š ¬Ã‚ ¦etc For why we need application testing we have discussed above, but then again, do we really need to do all those test? Yes, we do. The objective of doing so many test on Application alone is to fully evaluate the control we have over our application (medical application, network applicationà ¢Ã¢â€š ¬Ã‚ ¦). The focus of those test still focus mainly on protecting the confidentiality and integrity of information, how to authenticate user, and also on the using of cookies (appendix B cookies) 4/ other test: There are some other test like: denial of service testing, resource..etc but as we mention above, these are not compulsory, not that they are not important, but there are higher priority test that need to be done. But since these are common attack and easy to carry out, its recommended that if the resources allow, we should go ahead and perform the tests, even at basic level. (the detail of the test can be found at DoS testing appendix A). V Other detail of a penetration test: 1/ methodology and standards: Methodology actually is a very important factor of a penetration test. A test that acts without a formal methodology has no real meaning, just poking around. But on the other hand, methodology should only acts as a framework, a discipline guideline to follow, we should not restrict the tester rather than let him/her fully explore his/her intuitions, while acting accordingly to the guideline. There are several methodology and standards, as for their technical detail, please refer to appendix A Metho 2/ Security partner: The reason why we needs to pay money for a third party to perform the test for us is : Un unbiased point of view: like a beta tester, sometime the programmer, or in this case the SGH IT team, cannot see ones own mistake clearly, so we need to hire trained professional to look for us. Highly experienced and highly trained: for the member of the IT team, some may have done a penetration test before, some may not. But for a company that specialize in penetration testing. They have done it hundreds of time, even done it for some big organization, thats why with the experience and the training, its more likely that they can discover things that the IT team cannot. Certified result: a Certified penetration testing company will have to satisfies certain level of standards (refer to appendix A Metho). If a test done by a Certified party, it can become a potential strong legal argument for future conflicts (for example: Insurance conflicts). With all those reason weve decided to hire a security partner to perform the test for us. In Singapore there are many company that have the certification and standards to perform such test, most trustworthy must be: Cisco IBM (with the express penetration testing service) Obtechs Certified penetration testing specialist 3/ Risks in doing penetration testing: While doing penetration testing, there are certain risks that we should consider and be careful for: Risk of exposure: there are many sensitive data in the hospital, sometime these data can be expose during a pen-test it can be unintentionally or intentionally, we have to have strong agreement of the conditions and responsibility of the security partner. Time delay: Pen-test take time, and for Hospital environment we cannot simply lock down our data base for testing, thats why a strict time-frame. For the size of our Hospital system, the testing should not take more than a month. VI Conclusion: As we all know security is continuum, no absolute. Through the penetration tests we should be able to not only find out there are flaws in the security system, but we have to go further to understand the process failures that lead to those flaws. Through the test, we can see that even a brand new developed security system can have many vulnerability, its a reminder to us so that we never have a false sense of security!. Appendix A: 1/ VA (Vulnerability assessment): As documented by SANS, Vulnerabilities are the gateways by which threats are manifested. In other words, a system compromise can occur through a weakness found in a system. A vulnerability assessment is a search for these weaknesses/exposures in order to apply a patch or fix to prevent a compromise. How do these weaknesses occur? There are two points to consider:  · This newly developed security system for SGH were born with it, means while underdeveloping by mistake the developing team creat the weakness.  · Many vulnerabilities occur as a result of misconfigurations by system administrators. Misuse by user, all can lead to the result of making a hole in the security system. There are many ways to search for vulnerability, however in our scenario, it is best to do it as a out side hacker would do it, before attacking a system, the hacker also have to perform a vulnerability assessment test on the system, only different would be we are going to do it on full scale, not only from outside looking in but also from the insider view. There are however certain number of technique that could effectively point out the weaknesses if the system have one. Passive research: As the name suggests, a passive research is a method used to gather as much information about an organizations systems configuration from public domain sources such as: o DNS (domain name service) o RIPE (Rà ©seaux IP Europà ©ens) o USENET (newsgroups) o ARIN (American Registry for Internet Numbers) Passive research is generally performed at the beginning of an external penetration test. Open source monitoring: This service is an associated technique that utilizes Internet meta-searches (multiple searches of Web sites, newswires, newsgroups and other sources) targeted on keyword that are important to the organization. The data is collected and discoveries are highlighted to the organization. This helps identify whether organizations confidential information has been leaked or whether an electronic conversation involving them has taken place. This enables an organization to take necessary measures to ensure confidentiality and integrity. Network mapping and OS fingerprinting: Visualization of network configuration is an important part of penetration testing. Network mapping is used to create a picture of the configuration of the network being tested. A network diagram can be created which infers the logical locations and IP addresses of routers, firewalls, Web servers and other border devices. Additionally, this examination can assist in identifying or fingerprinting operating systems. A combination of results from passive research and tools such as ping, traceroute and nmap, can help create a reasonably accurate network map. An extension of network mapping is Port Scanning. This technique is aimed at identifying the type of services available on the target machine. The scan result reveals important information such as function of a computer (whether it is a Web server, mail server etc) as well as revealing ports that may be serious security risks such as telnet. Port scans should include number of individual tests, including: o TCP (Transmission Control Protocol) scan o Connect scan o SYN (or half open) scan o RST (or Xmas-tree) scan o UDP (User Datagram Protocol) and ICMP (Internet Control Message Protocol) scans. Tools such as nmap can perform this type of scan. o Dynamic ports used by RPC (Remote Procedure Call) should be scanned using tool such as RPCinfo. Spoofing: Spoofing involves creation of TCP/IP packets using somebody elses Internet addresses and then sending the same to the targeted computer making it believe that it came from a trusted source. It is the act of using one machine to impersonate another. Routers use the destination IP address in order to forward packets through the Internet, but ignore the source IP address. The destination machine only uses that source IP address when it responds back to the source. This technique is used in internal and external penetration testing to access computers that have been instructed to only reply to specific computers. This can result in sensitive information be released to unauthorised systems. IP spoofing is also an integral part of many network attacks that do not need to see responses (blind spoofing). Network sniffing: Sniffing is technique used to capture data as it travels across a network. Sniffing is an important information gathering technique that enables capturing of specific information, such as passwords and also an entire conversation between specific computers, if required. To perform sniffing, the network card of computer needs to be put in promiscuous mode, so that it captures all data being sent across the network. Sniffing is extensively used in internal testing where the sniffer or the computer in promiscuous mode is directly attached to the network enabling capturing of a great deal of information. Sniffing can be performed by a number of commercial tools such as Ethereal, Network Associates SnifferPro and Network Instruments Observer. Trojan attack: Trojans are malicious programs that are typically sent into network as e-mail attachments or transferred via IM chat rooms. These programs run in stealth mode and get installed on the client computer without the users knowledge. Once installed, they can open remote control channels to attackers or capture information. A penetration test aims at attempting to send specially prepared Trojans into a network. Brute force attack: A brute force attack involves trying a huge number of alphanumeric combinations and exhaustive trial and error methods in order find legitimate authentication credentials. The objective behind this time consuming exercise is to gain access to the target system. Brute force attacks can overload a system and can possibly stop it from responding to legitimate requests. Additionally, if account lockout is being used, brute force attacks may close the account to legitimate users. Vulnerability scanning/analysis: Vulnerability scanning/analysis is an exhaustive examination of targeted areas of an organizations network infrastructure aimed at determining their current state. The targets range from a single system or only critical systems to scanning the entire network. It is usually performed using automated tools that test for a multitude of potential weaknesses in a system against a database of known vulnerabilities and report potential security holes. And although they dont actively prevent attacks, many scanners provide additional tools to help fix found vulnerabilities. Some of the commonly used vulnerability scanners include: the open-source Nessus Projects Nessus, ISS Internet Scanner, GFI Softwares GFI LANguard Network Security Scanner, eEye Digital Securitys Retina Network Security Scanner, the BindView RMS vulnerability-management solutions and Network Associates CyberCop. 2/ application testing ( AppT ) For the purpose of application testing there are several test that can be done: * Code review: Code reviews involve analysing all the application-based code to ensure that it does not contain any sensitive information that an intruder might use to exploit an application. For example: Publicly available application code may include test comments, names or clear text passwords that will give an intruder a great deal of information about the application. * Authorization testing: Involves testing the systems responsible for the initiation and maintenance of user sessions. This will require testing: o Input validation of login fields bad characters or overlong inputs can produce unpredictable results; o Cookie security cookies can be stolen and legitimate sessions can be used by an unauthorised individual; and o Lockout testing testing the timeout and intrusion lockout parameters set in the application, to ensure legitimate sessions cannot be hijacked. This is performed to discover whether the login system can be forced into permitting unauthorised access. The testing will also reveal whether the system is susceptible to denial of service attacks using the same techniques. * Functionality testing: This involves testing the systems responsible for the applications functionality as presented to a user. This will require testing: o Input validation bad characters, specific URLs or overlong inputs can produce unpredictable results; and o Transaction testing ensuring that the application performs to specification and does not permit the user to abuse the system. 3/ DoS testing: Denial of service testing involves attempting to exploit specific weaknesses on a system by exhausting the targets resources that will cause it to stop responding to legitimate requests. This testing can be performed using automated tools or manually. The different types of DoS can be broadly classified into software exploits and flooding attacks. Decisions regarding the extent of Denial of Service testing to be incorporated into a penetration testing exercise depend on the relative importance of ongoing, continued availability of the information systems and related processing activities. Denial of service can take a number of formats; those that are important to test for are listed below: * Resource overload these attacks intend to overload the resources (i.e. memory) of a target so that it no longer responds. * Flood attacks this involves sending a large amount of network requests with the intention of overloading the target. This can be performed via: ICMP (Internet Control Message Protocol), known as smurf attacks UDP (User Datagram Protocol), known as fraggle attacks * Half open SYN attack this involves partially opening numerous TCP connections on the target, so that legitimate connections could not be started. * Out-of-band attacks these attempt to crash targets by breaking IP header standards: o Oversized packets (ping of death) the packet header indicates that there is more data in the packet than there actually is. o Fragmentation (teardrop attack) sends overlapping fragmented packets (pieces of packets) which are under length. o IP source address spoofing (land attack) causes a computer to create a TCP connection to itself. o Malformed UDP packet header (UDP bomb) UDP headers indicate an incorrect length. 4/ Methodology and standards (Metho): The Open Source Security Testing Methodology Manual (OSSTMM) by Pete Herzog has become a de-facto methodology for performing penetration testing and obtaining security metrics. According to Pete Herzog, The primary goal of the OSSTMM is to provide transparency. It provides transparency of those who have inadequate security configurations and policies. It provides transparency of those who perform inadequate security and penetration tests. It provides transparency of the unscrupulous security vendors vying to sponge up every last cent of their preys already meager security budget; those who would side-step business values with over-hyped threats of legal compliancy, cyber-terrorism, and hackers. The OSSTMM covers the whole process of risk assessment involved in a penetration test, from initial requirements analysis to report generation. The six areas of testing methodology covered are: * Information security * Process security * Internet technology security * Communications security * Wireless security * Physical security The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated. The National Institute of Standards and Technology (NIST) discusses penetration testing in Special Publication 800-42, Guideline on Network Security Testing. NISTs methodology is less comprehensive than the OSSTMM however it is more likely to be accepted by regulatory agencies. Standards in penetration testing Lets take a look at some of the standards and guidelines available: Standards for Information Systems Auditing (ISACA): ISACA was established in 1967 and has become a pace-setting global organization for information governance, control, security and audit professionals. Its IS auditing and IS control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACAs cornerstone certification. CHECK: The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. CHECK consultants are only required when the assessment for HMG or related parties, and meets the requirements above. In the absence of other standards, CHECK became the de-facto standard for penetration tests and penetration testing in the UK. Companies belonging to CHECK must have employees that are security cleared and have passed the CESG Hacking Assault Course. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. OSSTMM: The aim of The Open Source Security Testing Methodology Manual is to se

The Internet Essay examples -- essays research papers fc

The Internet The Internet has an enormous impact on the American Experience. First, It encourages the growth of businesses by providing new ways of advertising products to a large audience, and thus helps companies to publicize their products. Secondly, It allows more Americans to find out what goes on in other countries by learning about other cultures and by exchanging their opinions and ideas with other people worldwide. This may well promote a better global understanding. Finally, by allowing people to access vast amounts of information easily, it will change how they make decisions and ultimately also their lifestyle. The Internet is a high-speed worldwide computer network which evolved from the Arpanet. The Arpanet was created by the Pentagon in the late 1969 as a network for academic and defense researchers. In 1983, the National Science Foundation took over the management of the Internet. Now the Internet is growing faster than any other telecommunications system ever built. It is estimated that in three years, the system will be used by over 100 million people (Cooke 61). Since the World Wide Web (WWW or W3) became popular through point-and-click programs that made it easier for non-technical people to use the Internet, over 21,000 businesses and corporations have become accessible through the Internet (Baig 81). These companies range from corporate giants like IBM, AT&T, Ford and J.C. Penny, to small law firms. "With the Internet, the whole globe is one marketplace and the Internet's information-rich WWW pages can help companies reach new customers," says Bill Washburn, former executive director of Commercial Internet Exchange (Baig 81). Through the Internet, new opportunities to save money are created for companies. One of the bigger savings is the cost of transmission. It is estimated that the administrative cost of trade between companies in the U.S. amounts to $250 billion a year (Liosa 160). Sending an ordinary one-page e-mail message from New York to California via the Internet costs about a penny and a half, vs. 32 cents for a letter and $2 for a fax (Liosa 158). Hale & Dorr for example, a Boston based law firm, uses the Internet to its advantage. If a client company requests a contract for a foreign distributor, it can send electronic mail over the Internet to a Hale & Dorr computer, where a draft document will b... ...et is having a major influence on America. Its successor in the near future, the Information Superhighway will continue to do so for a long time as well. By creating new ways of publicizing products and helping businesses, the Internet has strengthened and reinforced the U.S. economy. It also promotes a better global understanding by allowing millions of Americans to communicate with other people on an international level because it provides a constant flow of instant, unbiased information for everyone at any time, anywhere. The ability to obtain information quickly and easily will become very essential in the future, now that America is entering the information age. The Information Superhighway, once built, promises a good start into the new era. Bibliography Eddings, Joshua. How the Internet Works. California: Ziff-Davis Press, 1994. Cooke, Kevin. "The whole world is talking." Nation. July 12, 1993: 60-65. Verity, John. "The Internet." Business Week. November 14, 1994: 80-88. Silverstein, Ken. "Paving the Infoway." Scholastic Update. September 2, 1994: 8-10. Liosa, Patty. "Boom time on the new frontier." Fortune. Autumn93, 1993: 153-161.

DropBox it just works

I was searching for a new opportunity that was more Drop client software to a Windows, Mac, or Linux PC or to an phone, pad, Blackberry, or Android mobile device, the software created a local Drop folder for accessing files of any size or type via an encrypted Internet connection from other Drop-enabled devices or from any web browser. The client software tracked changes in real-time to any file in the user's local Drop folder, then instantly synchronized a copy of the file on Dropsy's servers, updating only the portions of he file that had changed, in order to save bandwidth and time.Likewise, within milliseconds, copies of the file were synchronized in local Drop folders on all other devices connected through the user's account. â€Å"We engineered Drop so it just worked, all of the time,† Drew explained, â€Å"We supported all the major operating systems and handled all kinds of obstacles, from flaky wireless connections to corporate firewalls, which was not an easy task. † The company adopted a fermium business model, that is, it offered both free and premium accounts.Users got 2 gigabytes of storage for free and had the option to ay $10 per month for 50 gigabytes or $20 per month for 100 gigabytes. Industry observers estimated that 2% to 3% of Dropsy's users were paying customers, which implied a $10 million to $15 million annual revenue run rate in mid 2010. 1 At that time, the company had 25 employees, most of whom worked in engineering or support functions. Drop had raised $7. 2 million in two rounds of venture capital funding from Sequoia Capital and Cell Partners.Market Overview Drop was a late entrant to the fiercely competitive online backup and storage services space. The first firms in the space, which had small companies as customers, ere launched in the late asses by startups offering outsourced storage at remote decanters. As costs declined, services also became available for consumers seeking to backup their data online. Most ear ly users were technically adept, for example, college students downloading music from peer-to-peer file sharing services.Few firms in this first wave of services survived the dot. Com crash, but by late 2006 the market was crowded again with new competitors. In July 2007, the tech blob Amassable published a list of more than 80 online backup and storage services. 2 Market research vendors like DC fueled the hype by predicting that the worldwide market for online backup services would grow to $71 5 million by 2011. 3 Investor interest in online storage surged when Muzzy was acquired by EMCEE for $76 million in late 2007.Houston was confident that Drop could succeed in the face of intense competition. He reasoned that Drop would be able to collect revenue from some users, because consumers generally understood that storage cost money, whether it came in the form of a physical drive or an online service. When challenged by endure capitalists to explain why the world needed another clou d backup company, Houston asked them, â€Å"How many of those services do you personally use? † The answer from Vs. was almost invariably, â€Å"None of them. 4 Houston asserted that direct experience with rival services, which often failed to transfer data across firewalls and sometimes balked with big files or large numbers of files, was helpful in innovations that contributed to these advantages: 2 The first generation of cloud storage services was based on a simplistic model, where file accesses were redirected over the Internet instead of to your computer's hard rive. Your operating system and all your applications assume that accessing your hard drive is cheap and fast, but when these requests are instead routed to a server thousands of miles away, they can take an order of magnitude longer.This subtle but critical distinction explains why when working remotely, even simple actions like browsing a directory can freeze your computer for seconds at a time. We needed to t ake a completely different approach by storing files locally and updating the cloud copy in the background using a number of time- and vindications optimizations. Launching Drop It's hard to imagine Tom Cruise in Minority Report sending himself files via Gamma or lugging around a USB thumbprint. Ђ? Drew Houston After his frustrating experience on the bus, Houston started working on Drop full time in late 2006. He said: I needed it badly. I worked on multiple desktops and a laptop and could never remember to keep my USB drive with me. I was drowning in email attachments trying to share files for my previous startup. My home desktops power supply literally exploded one day, killing one of my hard drives, and I had no backups. I tried everything I could find but each product inevitably suffered problems with Internet latency, large files, bugs, or Just made me think too much. To help with the project, Houston recruited Rash Overdose, who dropped out of MIT and later became Dropsy's co-founder and chief technology officer. The pair spent the next four months coding a prototype in a tiny Cambridge apartment. With a working prototype in hand, Houston came up with an innovative approach for testing demand for a minimum viable product. He had produced various recruiting videos for his college fraternity; with this know-how he created a three-minute crassest of a product demo and uploaded it to Hacker News, a popular forum for developers. â€Å"l did this out of necessity.There was no way I could ask for people's files before we were 100% sure our code was reliable. But I had a prototype that showed off the product's best features. â€Å"7 Houston used the screens to recruit beta testers and to solicit feedback on features that Drop might include. He added, â€Å"Not launching is painful, but not learning can be fatal. We got a lot of feedback through that video, so we were learning while we were building. † Houston had another reason for posting the video on Hacker News: he hoped to ND selective Y Combinatory seed fund and incubator program.He recalled, â€Å"l had Just submitted my application to Y Combinatory and as a gambit to get their attention, I submitted the video to Hacker News. I hoped it would work. â€Å"8 It did: in April 2007, Drop received $15,000 in funding from Y Combinatory (see Exhibit 1 for excerpts from Dropsy's Y Combinatory application). In exchange for a small percentage of a startup's common equity-?usually 2% to 10%-?Y Combinatory provided up to $20,000 of seed capital as well as mentoring, workspace, and introductions to other advisors ND investors over a three-month period.Many startups applied to Y Combination's program, which had a track record for matching strong technical teams with elite venture capital firms. 3 Upon conclusion of the Y Combinatory program in September 2007, Drop raised $1. 2 million of convertible debt from Sequoia Capital. â€Å"We fit into Sequoia's sweet spot: we were two youn g technical founders, working out of an apartment, targeting a big market. It helped that we were ranked at the top of our Y Combinatory cohort,† Houston recalled.He and Overdose moved to San Francisco to continue building the many, but despite the capital infusion, they continued to run lean. Drop delivered its service through Amazon's SO cloud storage platform, avoiding the need for infrastructure investments and positioning the company to scale rapidly. The co- founders created a private beta program for a limited group of users who registered through a simple landing page. The page contained a short description of Drop and requested an email address from visitors interested in participating in the beta test (Exhibit 2).Houston commented: There's a spectrum of well-informed opinions about when to launch your product. At one end, Paul Graham tells entrepreneurs, â€Å"Launch early and often† to accelerate learning. At the other end, [respected software guru] Joel Spoo ky says, â€Å"Launch when your product doesn't completely suck. † We were managing people's files, and it's a big deal if you lose or ruin them. That meant moving toward Spooky end of the spectrum and keeping our beta test small. Next, Houston devised ways to generate demand for the beta service.In a guerilla marketing move, he produced another short demo video and posted it in March 2008 on Dig, a site that showcased web content deemed popular by Digs users. Houston felt it was essential to communicate in an authentic manner with the tech enthusiasts who frequented Dig. He sprinkled â€Å"Easter eggs† into the video, for example, references to Chocolate Rain (a Youth phenomenon), TIPS reports used in the movie Office Space, Mitt's Gillian Hall, and the 09 IF key for decrypting Blurry disks (dissemination of which, in the face of movie studio legal threats, was a hacker crusade).With this tongue-in- cheek nod to its tech-sway audience, the Drop video soared to the top of Dig, few days. Overnight, the list for Dropsy's private beta Jumped from 5,000 to 75,000 Ames, far exceeding the team's expectations. Building the Company Make something people want. -? Y Combinatory motto Based on consumer response to the second video, it appeared that the promise behind Drop-? â€Å"It Just works†-?resonated with potential early adopters, especially those who were familiar with the performance limitations of existing online backup/ storage services. Houston shifted his focus to product development.The Drop team was comprised almost entirely of engineers during the first two years of the firm's existence. Early on, board members tasked Houston with hiring a reduce manager to help coordinate engineering efforts and prioritize features. Houston reflected: If you ask ten people what a product manager is, you'll get ten different answers. They tend to fall on a continuum with the end points being â€Å"poet† and â€Å"librarian. † A librarian i s focused on blocking and tackling, coordination, and facilitating communication. This type of PM is inherently organized and follows up relentlessly.A poet PM listens to the voice of the customer during usability tests and focus groups and based on that insight formulates an aesthetic vision, a grand strategy, and a product roadman. Our first product manager was 4 more of a librarian than a poet, because we needed a librarian's discipline: even today we don't have enough of that DNA in the company. But he Just drove people nuts. It was painful, but we had to let him go after six months. For the next year, until Drop hired another product manager, the company relied on Houston and Overdose to drive the product roadman.Development proceeded more slowly than Houston had originally expected. In his April 2007 Y Combinatory application, Houston had projected availability of a version that he could charge for thin 8 weeks, but launching Drop to the public actually took 18 months. Houston said, â€Å"As a result of doing a few things well, we left a lot of other things behind. We had no business people, we were terrible at getting mainstream PR, and running fast and loose didn't make for the most predictable engineering organization. 9 Public Launch Drop opened its beta to the public in September 2008 at Outstretched, an annual competition showcasing high-potential startups. Drop was one of 50 startups selected to present at the event from a pool of over 1,000 applicants. ND also provide a product development deadline for the team. Houston mused that since Drop was following a tried-and-true blueprint for launching a consumer Internet service, his next step would have to be devising a marketing plan. Drop retained an online marketing consultant to help with this task.Houston said, â€Å"What do most web companies do? Apply to Outstretched, check. Buy Towards, check. Get real marketing people, check. â€Å"10 Early on, Drop attempted to acquire new customers throu gh paid search advertising. However, incumbents had bid up the cost per click for obvious search keywords. As a result, it cost Drop more than $300 to acquire a paying customer (Exhibit 3). This was not sustainable, since an annual subscription for 50 KGB service was priced at $99. Drop had tweaked its sign-up process to increase the conversation rate from free user to paying customer.The company also experimented with hiding the free service option for visitors who arrived via search ads. Houston recalled, â€Å"Our average acquisition cost per paying customer went from thousands of dollars to hundreds, but we still had a problem with our economics. And we didn't feel good about doing sneaky things to our users to get them to pay. 11 Sequoia Capital and Cell Partners subsequently led a $6 million Series A round of financing in October 2008, but even with additional capital in the bank, relying on paid search would not be a viable long- term option.In addition, the team had experim ented with display ads and affiliate programs, but these efforts also yielded unacceptably high acquisition costs per paying customer. Houston realized that with a fermium strategy, optimization of marketing messages and pricing would be critical to Dropsy's success; consistent with this priority, the company hired an analytics engineer as its eighth employee. Inspired by the Backbone â€Å"growth† team dedicated to user acquisition and engagement, Houston later assigned 30% of engineering resources to optimizing customer acquisition efforts.This team closely tracked metrics across Dropsy's conversion funnel by cohort,a for example: the percent of landing page visitors who registered as free users; the percent of registrants who still were active free users after X months; and the percent of free users who upgraded to paid subscribers after Y months. Houston said, â€Å"We run our business based on the ‘Startup Metrics for Pirates' framework developed by investor Dave McClure. He says firms should a A cohort was a set of prospects or users acquired at the same time and/or via the same marketing method. Closely track metrics around the acquisition of landing page visitors; activation of those visitors into users; retention of users; referral of new visitors by satisfied users; and revenue earned from users. † The team used A/B testing to fine tune page layouts free storage given to users. Analytics showed that gigabytes were not necessarily the best measure of value for Drop users. â€Å"We had all kinds of people paying us for Drop but not even bumping against their quota,† Houston said. Analytics likewise revealed that few users were accessing past versions of their files, all of which-?including deleted files-?were being permanently stored by Drop at a significant and rapidly growing cost. The company modified its policy, offering 30 days of undo history free of charge and making unlimited undo history a premium option. Houston sai d, â€Å"Just a tenth of a percent improvement in conversion rates, or a small decrease in the cost of serving a customer can have a huge impact on profitability. Premium is a spreadsheet game-?one you win with lots and lots of little moves . â€Å"13 Fourteen Months to the EpiphanyDespite improvements through analytics, Houston and his colleagues struggled to make the company marketing programs profitable. Nevertheless, the service grew rapidly, reaching 200,000 users ten days after launch and 1 million users seven months later. The vast majority of these users were acquired through word-of-mouth referrals and viral marketing efforts, rather than paid advertising. A relentless focus on ease of use and reliability had paid dividends in the form of loyal users who encouraged friends, family, and co-workers to try Drop. Houston commented, â€Å"The power of focus can't be understated.If you look at a feature matrix of Drop versus everyone else, we would never come in first. We woul d rather do a few things well rather than present Drop in a confusing way. â€Å"14 To identify ways to improve ease of use, the Drop team tracked support forums closely. Houston said, â€Å"We get feature requests for things we already have. These are particularly bad because it means that even though we've implemented something, our users can't find it. We pay close attention when that happens. â€Å"1 5 The company also maintained a â€Å"Vote† on its site, allowing users to vote and comment on treasures they would like to see added.Since the team gained insight on users' preferences through support forums and the Vote, the company did not conduct regular consumer surveys, but it did conduct occasional usability tests. In one instance, the entire team watched as not one of five typical consumers recruited from Scraggliest could successfully install and interact with the application. Houston recalled: Watching them fail was excruciating. Imagine if your coffee maker Just spit coffee all over the counter every third time you used it or your car stopped in the middle of the road. That's the computer experience for a normal person.The PC is always conspiring against you to lose your stuff or break in some weird way. You have no idea what happened or what you did wrong. Watching those five consumers struggle to try to figure out how to use our product was probably the most painful day we ever had as a team, but afterward, we created a list of 70 things to fix. B A/B tests divided a set of similar individuals into a control group that experienced a status quo product and a test group that experienced a product with one modified element, to determine if the modification yielded a statistically significant DropBox it just works I was searching for a new opportunity that was more Drop client software to a Windows, Mac, or Linux PC or to an phone, pad, Blackberry, or Android mobile device, the software created a local Drop folder for accessing files of any size or type via an encrypted Internet connection from other Drop-enabled devices or from any web browser. The client software tracked changes in real-time to any file in the user's local Drop folder, then instantly synchronized a copy of the file on Dropsy's servers, updating only the portions of he file that had changed, in order to save bandwidth and time.Likewise, within milliseconds, copies of the file were synchronized in local Drop folders on all other devices connected through the user's account. â€Å"We engineered Drop so it just worked, all of the time,† Drew explained, â€Å"We supported all the major operating systems and handled all kinds of obstacles, from flaky wireless connections to corporate firewalls, which was not an easy task. † The company adopted a fermium business model, that is, it offered both free and premium accounts.Users got 2 gigabytes of storage for free and had the option to ay $10 per month for 50 gigabytes or $20 per month for 100 gigabytes. Industry observers estimated that 2% to 3% of Dropsy's users were paying customers, which implied a $10 million to $15 million annual revenue run rate in mid 2010. 1 At that time, the company had 25 employees, most of whom worked in engineering or support functions. Drop had raised $7. 2 million in two rounds of venture capital funding from Sequoia Capital and Cell Partners.Market Overview Drop was a late entrant to the fiercely competitive online backup and storage services space. The first firms in the space, which had small companies as customers, ere launched in the late asses by startups offering outsourced storage at remote decanters. As costs declined, services also became available for consumers seeking to backup their data online. Most ear ly users were technically adept, for example, college students downloading music from peer-to-peer file sharing services.Few firms in this first wave of services survived the dot. Com crash, but by late 2006 the market was crowded again with new competitors. In July 2007, the tech blob Amassable published a list of more than 80 online backup and storage services. 2 Market research vendors like DC fueled the hype by predicting that the worldwide market for online backup services would grow to $71 5 million by 2011. 3 Investor interest in online storage surged when Muzzy was acquired by EMCEE for $76 million in late 2007.Houston was confident that Drop could succeed in the face of intense competition. He reasoned that Drop would be able to collect revenue from some users, because consumers generally understood that storage cost money, whether it came in the form of a physical drive or an online service. When challenged by endure capitalists to explain why the world needed another clou d backup company, Houston asked them, â€Å"How many of those services do you personally use? † The answer from Vs. was almost invariably, â€Å"None of them. 4 Houston asserted that direct experience with rival services, which often failed to transfer data across firewalls and sometimes balked with big files or large numbers of files, was helpful in innovations that contributed to these advantages: 2 The first generation of cloud storage services was based on a simplistic model, where file accesses were redirected over the Internet instead of to your computer's hard rive. Your operating system and all your applications assume that accessing your hard drive is cheap and fast, but when these requests are instead routed to a server thousands of miles away, they can take an order of magnitude longer.This subtle but critical distinction explains why when working remotely, even simple actions like browsing a directory can freeze your computer for seconds at a time. We needed to t ake a completely different approach by storing files locally and updating the cloud copy in the background using a number of time- and vindications optimizations. Launching Drop It's hard to imagine Tom Cruise in Minority Report sending himself files via Gamma or lugging around a USB thumbprint. Ђ? Drew Houston After his frustrating experience on the bus, Houston started working on Drop full time in late 2006. He said: I needed it badly. I worked on multiple desktops and a laptop and could never remember to keep my USB drive with me. I was drowning in email attachments trying to share files for my previous startup. My home desktops power supply literally exploded one day, killing one of my hard drives, and I had no backups. I tried everything I could find but each product inevitably suffered problems with Internet latency, large files, bugs, or Just made me think too much. To help with the project, Houston recruited Rash Overdose, who dropped out of MIT and later became Dropsy's co-founder and chief technology officer. The pair spent the next four months coding a prototype in a tiny Cambridge apartment. With a working prototype in hand, Houston came up with an innovative approach for testing demand for a minimum viable product. He had produced various recruiting videos for his college fraternity; with this know-how he created a three-minute crassest of a product demo and uploaded it to Hacker News, a popular forum for developers. â€Å"l did this out of necessity.There was no way I could ask for people's files before we were 100% sure our code was reliable. But I had a prototype that showed off the product's best features. â€Å"7 Houston used the screens to recruit beta testers and to solicit feedback on features that Drop might include. He added, â€Å"Not launching is painful, but not learning can be fatal. We got a lot of feedback through that video, so we were learning while we were building. † Houston had another reason for posting the video on Hacker News: he hoped to ND selective Y Combinatory seed fund and incubator program.He recalled, â€Å"l had Just submitted my application to Y Combinatory and as a gambit to get their attention, I submitted the video to Hacker News. I hoped it would work. â€Å"8 It did: in April 2007, Drop received $15,000 in funding from Y Combinatory (see Exhibit 1 for excerpts from Dropsy's Y Combinatory application). In exchange for a small percentage of a startup's common equity-?usually 2% to 10%-?Y Combinatory provided up to $20,000 of seed capital as well as mentoring, workspace, and introductions to other advisors ND investors over a three-month period.Many startups applied to Y Combination's program, which had a track record for matching strong technical teams with elite venture capital firms. 3 Upon conclusion of the Y Combinatory program in September 2007, Drop raised $1. 2 million of convertible debt from Sequoia Capital. â€Å"We fit into Sequoia's sweet spot: we were two youn g technical founders, working out of an apartment, targeting a big market. It helped that we were ranked at the top of our Y Combinatory cohort,† Houston recalled.He and Overdose moved to San Francisco to continue building the many, but despite the capital infusion, they continued to run lean. Drop delivered its service through Amazon's SO cloud storage platform, avoiding the need for infrastructure investments and positioning the company to scale rapidly. The co- founders created a private beta program for a limited group of users who registered through a simple landing page. The page contained a short description of Drop and requested an email address from visitors interested in participating in the beta test (Exhibit 2).Houston commented: There's a spectrum of well-informed opinions about when to launch your product. At one end, Paul Graham tells entrepreneurs, â€Å"Launch early and often† to accelerate learning. At the other end, [respected software guru] Joel Spoo ky says, â€Å"Launch when your product doesn't completely suck. † We were managing people's files, and it's a big deal if you lose or ruin them. That meant moving toward Spooky end of the spectrum and keeping our beta test small. Next, Houston devised ways to generate demand for the beta service.In a guerilla marketing move, he produced another short demo video and posted it in March 2008 on Dig, a site that showcased web content deemed popular by Digs users. Houston felt it was essential to communicate in an authentic manner with the tech enthusiasts who frequented Dig. He sprinkled â€Å"Easter eggs† into the video, for example, references to Chocolate Rain (a Youth phenomenon), TIPS reports used in the movie Office Space, Mitt's Gillian Hall, and the 09 IF key for decrypting Blurry disks (dissemination of which, in the face of movie studio legal threats, was a hacker crusade).With this tongue-in- cheek nod to its tech-sway audience, the Drop video soared to the top of Dig, few days. Overnight, the list for Dropsy's private beta Jumped from 5,000 to 75,000 Ames, far exceeding the team's expectations. Building the Company Make something people want. -? Y Combinatory motto Based on consumer response to the second video, it appeared that the promise behind Drop-? â€Å"It Just works†-?resonated with potential early adopters, especially those who were familiar with the performance limitations of existing online backup/ storage services. Houston shifted his focus to product development.The Drop team was comprised almost entirely of engineers during the first two years of the firm's existence. Early on, board members tasked Houston with hiring a reduce manager to help coordinate engineering efforts and prioritize features. Houston reflected: If you ask ten people what a product manager is, you'll get ten different answers. They tend to fall on a continuum with the end points being â€Å"poet† and â€Å"librarian. † A librarian i s focused on blocking and tackling, coordination, and facilitating communication. This type of PM is inherently organized and follows up relentlessly.A poet PM listens to the voice of the customer during usability tests and focus groups and based on that insight formulates an aesthetic vision, a grand strategy, and a product roadman. Our first product manager was 4 more of a librarian than a poet, because we needed a librarian's discipline: even today we don't have enough of that DNA in the company. But he Just drove people nuts. It was painful, but we had to let him go after six months. For the next year, until Drop hired another product manager, the company relied on Houston and Overdose to drive the product roadman.Development proceeded more slowly than Houston had originally expected. In his April 2007 Y Combinatory application, Houston had projected availability of a version that he could charge for thin 8 weeks, but launching Drop to the public actually took 18 months. Houston said, â€Å"As a result of doing a few things well, we left a lot of other things behind. We had no business people, we were terrible at getting mainstream PR, and running fast and loose didn't make for the most predictable engineering organization. 9 Public Launch Drop opened its beta to the public in September 2008 at Outstretched, an annual competition showcasing high-potential startups. Drop was one of 50 startups selected to present at the event from a pool of over 1,000 applicants. ND also provide a product development deadline for the team. Houston mused that since Drop was following a tried-and-true blueprint for launching a consumer Internet service, his next step would have to be devising a marketing plan. Drop retained an online marketing consultant to help with this task.Houston said, â€Å"What do most web companies do? Apply to Outstretched, check. Buy Towards, check. Get real marketing people, check. â€Å"10 Early on, Drop attempted to acquire new customers throu gh paid search advertising. However, incumbents had bid up the cost per click for obvious search keywords. As a result, it cost Drop more than $300 to acquire a paying customer (Exhibit 3). This was not sustainable, since an annual subscription for 50 KGB service was priced at $99. Drop had tweaked its sign-up process to increase the conversation rate from free user to paying customer.The company also experimented with hiding the free service option for visitors who arrived via search ads. Houston recalled, â€Å"Our average acquisition cost per paying customer went from thousands of dollars to hundreds, but we still had a problem with our economics. And we didn't feel good about doing sneaky things to our users to get them to pay. 11 Sequoia Capital and Cell Partners subsequently led a $6 million Series A round of financing in October 2008, but even with additional capital in the bank, relying on paid search would not be a viable long- term option.In addition, the team had experim ented with display ads and affiliate programs, but these efforts also yielded unacceptably high acquisition costs per paying customer. Houston realized that with a fermium strategy, optimization of marketing messages and pricing would be critical to Dropsy's success; consistent with this priority, the company hired an analytics engineer as its eighth employee. Inspired by the Backbone â€Å"growth† team dedicated to user acquisition and engagement, Houston later assigned 30% of engineering resources to optimizing customer acquisition efforts.This team closely tracked metrics across Dropsy's conversion funnel by cohort,a for example: the percent of landing page visitors who registered as free users; the percent of registrants who still were active free users after X months; and the percent of free users who upgraded to paid subscribers after Y months. Houston said, â€Å"We run our business based on the ‘Startup Metrics for Pirates' framework developed by investor Dave McClure. He says firms should a A cohort was a set of prospects or users acquired at the same time and/or via the same marketing method. Closely track metrics around the acquisition of landing page visitors; activation of those visitors into users; retention of users; referral of new visitors by satisfied users; and revenue earned from users. † The team used A/B testing to fine tune page layouts free storage given to users. Analytics showed that gigabytes were not necessarily the best measure of value for Drop users. â€Å"We had all kinds of people paying us for Drop but not even bumping against their quota,† Houston said. Analytics likewise revealed that few users were accessing past versions of their files, all of which-?including deleted files-?were being permanently stored by Drop at a significant and rapidly growing cost. The company modified its policy, offering 30 days of undo history free of charge and making unlimited undo history a premium option. Houston sai d, â€Å"Just a tenth of a percent improvement in conversion rates, or a small decrease in the cost of serving a customer can have a huge impact on profitability. Premium is a spreadsheet game-?one you win with lots and lots of little moves . â€Å"13 Fourteen Months to the EpiphanyDespite improvements through analytics, Houston and his colleagues struggled to make the company marketing programs profitable. Nevertheless, the service grew rapidly, reaching 200,000 users ten days after launch and 1 million users seven months later. The vast majority of these users were acquired through word-of-mouth referrals and viral marketing efforts, rather than paid advertising. A relentless focus on ease of use and reliability had paid dividends in the form of loyal users who encouraged friends, family, and co-workers to try Drop. Houston commented, â€Å"The power of focus can't be understated.If you look at a feature matrix of Drop versus everyone else, we would never come in first. We woul d rather do a few things well rather than present Drop in a confusing way. â€Å"14 To identify ways to improve ease of use, the Drop team tracked support forums closely. Houston said, â€Å"We get feature requests for things we already have. These are particularly bad because it means that even though we've implemented something, our users can't find it. We pay close attention when that happens. â€Å"1 5 The company also maintained a â€Å"Vote† on its site, allowing users to vote and comment on treasures they would like to see added.Since the team gained insight on users' preferences through support forums and the Vote, the company did not conduct regular consumer surveys, but it did conduct occasional usability tests. In one instance, the entire team watched as not one of five typical consumers recruited from Scraggliest could successfully install and interact with the application. Houston recalled: Watching them fail was excruciating. Imagine if your coffee maker Just spit coffee all over the counter every third time you used it or your car stopped in the middle of the road. That's the computer experience for a normal person.The PC is always conspiring against you to lose your stuff or break in some weird way. You have no idea what happened or what you did wrong. Watching those five consumers struggle to try to figure out how to use our product was probably the most painful day we ever had as a team, but afterward, we created a list of 70 things to fix. B A/B tests divided a set of similar individuals into a control group that experienced a status quo product and a test group that experienced a product with one modified element, to determine if the modification yielded a statistically significant