The impacts of structural and infrastructural elements to service o

The impacts of structural and infrastructural elements to service o I. INTRODUCTION With the ever-changing nature of a global business operation that requires firms to adjust rapidly, operations flexibility capability has become more influencing, underpinning the strength of an organization. World-class service organizations rely on right strategies and practices to enhance their operations flexibility. In Malaysia, for instance, the world best budget airline, AirAsia, applies certain principles, practices and procedures that align with its operations objectives to achieve appropriate level of flexibility in their operations that suited its market segments requirements [1] [2]. In another example, there was a lot of confusion on the part of the passengers and employees of Jet blue airlines in Florida when weather conditions delays flights. In any eventualities, organization must plan ahead on how to deal with the changing circumstances that will affect their operations. Some of the impact of changes must be dealt at the source through some standardization of products, services and process delivery. The remaining must be dealt with at the point of impact using robust structural and infrastructural resources deployment strategies. Among the most essential move to establish and eventually enhance the operations flexibility is the use of technology especially the IT to better communicate internally within organizational units and externally with their customers thus providing flexibility in their operations. Others may rely on smart networking with clients and suppliers so that they will handle the uncertainties together as a group. At the same times, having a flexible workforce will ensure certain level of variability will be absorbed by tactically reassign the workforce. In summary, the changing nature of the environment requires flexibility to be one of the primary competitive components to be applied and considered seriously. To enhance the flexibility capability, firms need to strike a balance with structural and infrastructural decisions. In this paper, we will evaluate the dimension of structural and infrastructural elements and service operations flexibility and their relationship in a multivariate outlook. Few important questions need to be addressed here namely: What is service operations flexibility; what are the important structural and infrastructural elements and how they affect the operations f lexibility of service organization. II. LITERATURE REVIEW It is widely argued that operations flexibility is very much related to changing the structure and infrastructures of the organizations. However, the discussion on the important elements that fall into each category is debated. In following the definitions given by Hayes and Wheelwright [3], and Schroeder [4] suggested structure resources include capacities, facilities, process technology, and vertical integration whereas infrastructures include people, information system, organization, production and inventory control, and quality control system. Slack [5] suggested labor and technology as structural resources that must be supported by infrastructural assets such as the system, relationship and information couplings. Relating the structural and infrastructural elements to operations flexibility, there have been several studies done to address the issue. One of the important studies conducted by Correa and Gianesi [6] associated the broader term of flexibility as being able to respond effectively to unplanned change. They linked uncertainty and variability with unplanned change, which require firms to understand the concept of unplanned change. Managing unplanned change can be divided into two dimensions. One is labeled as flexibility in dealing with change after the unplanned change has occurred. The second dimension is the ability to deal with a certain amount of change and reducing the effect of change. This can be done by finding ways to control the changes by implementing strategies like forecasting technique, maintenance system, parts standardization, and manufacturing focus. These strategies are to prevent and avoid the change before it occurs. This is where the structural and infrastructur al elements play their roles. For example, in order for service firms to be able to implement the chosen strategies both before and after the occurrences of unplanned changes, firms ought to have suitable structural elements such as integration and technology supported by systematic infrastructural elements such as quality leadership and teamwork activities. Harvey et al [7] explained that a flexible firm is the one that can handle variability with minimum penalty and suggest the difference between internal robustness and external flexibility. Internal robustness must be dealt with minimum efforts due to the fact that it will not create value to customers. Harvey et al [7] suggested that in order to deal with the internal variability, firms may require organizational arrangement such as cross-functional teams, empowering contact personal, and building a flat organization, which factors are related to infrastructural elements of operations as well as modifying the structural elements such networking capability. It is the external flexibility that must be managed carefully in order to gain competitive advantage. Central to the issue, Harvey et al [7] proposed the use of structural element, mainly IT technology in order to manage flexibility. This is also supported by Bucki and Pesqueux [8] who also proposed the components of operations strategy on structural and infrastructural elements that contribute to operations flexibility. Adler [9] agreed that flexibility in organizations is a useful tool to improve firms competitive position as related to the use of technologies in implementation and the decision- making process. Upton [10] supported the idea and added that firms should create an infrastructure to allow for system flexibility. As a result of technological improvement and changes in customer preferences, service operations have become flexible and this requires adjustment in the delivery process. Upton [10] also pointed out that customers expect and prefer to get services at their convenient time and location, therefore capability on the part of the service provider to be flexible is imperative. One specific example on how structural elements such as technology and integration play an influencing role in service operation flexibility is the use of ATM machines. Banks that have ATM services have been providing convenient services to customers for years. In accordance with this, ATM services have improved over time. Two of the improvements mentioned include the increase in the limit of the amount in withdrawal transactions and the multiplication of ATM units strategically situated in many convenient locations. In elaboration, ATM services nowadays are not solely restricted to bank premises but can also be found at airports, petrol stations, bus stations, fast food restaurants and many others. The change in the way banks deliver services indicates the degree of flexibility in service operations that benefits banks and customers alike. ATM technology may require some investment on the banks side, but in the long run, it reduces operating costs by decreasing the number of staff a t counter services. Davis and Heineke [11] concluded that reduction in customers waiting time at counter services by improving better services management of process design can certainly reduce customers dissatisfaction and defection and technology could help to achieve this goal. Technologies have proven to be able to offer more opportunities in improving services processes. Collier [12] in a study on electronic devices for check-in and check-out systems in the hotel industry, automatic toll booth in transportation, electronic fund transfer in banking services, the practices of e-ticketing in the airline business have given huge impact on the ticket purchasing system, airport checking process, and service industries as well. Therefore, in responding effectively to customers demand variations, improving services process design by using technology is another approach to increase flexibility of the service system. Based on the above discussion, we have recognized several elements that must be considered in enhancing flexibility capability of a firm which could be further divided into structural and infrastructural elements. Among the most cited structural elements in discussing the service flexibility is technology, particularly the ICT, integration, and facility. With regards to the infrastructural elements, some of the most important factors cited in the literature are team management, worker empowerment, and quality leadership. As for the dimensions of service operations flexibility, we incorporate the types given by Correa and Gianessi [6] who suggest service flexibility capability as design, package, volume, delivery time, delivery location, system robustness and customer recovery with Harveys internal robustness and external flexibility[7]. Thus, we hypothesize; H1: Structural elements consists of facility, location, technology, integration/networking positively influence the external flexibility; H2: Structural elements consists of facility, location, technology, integration/networking are positively influencing the internal robustness, H3: Infrastructural elements consists of teamwork management, worker empowerment, and quality leadership positively influence the external flexibility, H4: Infrastructural elements consists of teamwork management, worker empowerment, and quality leadership positively influence the internal robustness We also propose that the infrastructural elements are more dominant in service industries as the soft power related to human potential are the silent forces that determines the operations flexibility, H5: Infrastructural elements have a greater influence on both external flexibility and internal robustness as compared to the structural elements. III METHODOLOGY This research uses a survey approach. We employed several techniques leading to the final large scale survey. First we conducted a thorough literature review on topics leading to the development of items to measure structural and infrastructural decisions and operations flexibility. Subsequently, the researchers conducted several interviews with operations managers in selected service companies namely; hotel, port management, and airline, to check if the factors found in the literature are relevant to the practical ideas of the managers, particularly in the Malaysian business environment. This technique allows the researcher to explore any relevant ideas pertaining to the issue. The interview will also provide some valuable information on the keywords or the indicators from the Malaysian perspective since the literature is too replete with studies from the different environments of western countries. Each session usually takes more than an hour. Combining the literature review and the interviews, an instrument was developed to measure structural and infrastructural elements, and operation flexibility. The structural and infrastructural elements are mainly adapted from the instruments developed by Boyer and McDermott [13]. The items to measure operations flexibility capability are taken from Correa and Gianessi [6] and Harvey et al. [7]. In summary, the instrument consists of (A)Infrastructural elements divided into worker empowerment(7 items), quality leadership(6 items), team management (4 items) (B) Structural elements consists of location(2 items), integration(5 items), technology(6 items) and capacity(2 items) (C) external flexibility (6 items) and internal robustness (5 items).  A sample of questions is given as follows; Technology: Indicate level of investment in the latest technology relevant for enhancement of the business operations (e.g. latest scanning system for hospital or new ATMs for banks) Capacity: Indicate the level of investment in upgrading / improvement of existing facilities Several workshops and discussion were conducted leading to the final version of the instruments. Before conducting a pilot study, we pre-tested the instrument on our MBA students, whose backgrounds included experience working in service organizations to identify potential problems with respect to the ability of the respondents to understand the questions asked, and clarify the instruments when it is necessary. No major change was made. Consequently, a pilot test was done to test the reliability and validity of the instrument. This is also done to minimize the administration of the questionnaires in the real study. 30 companies were conveniently selected to test the instruments. 25-100 observations were thought adequate for this purpose [14]. The reliability of the instrument was assessed before we proceed with the large scale study. We employed the Cronbach alpha method in gauging the reliability of the scale. All constructs show the alpha coefficient of greater than 0.7. We conclude d that the measurement scale is reliable and thus, will maintain all items measures. The large scale study that involved companies from 9 service industries was followed subsequently. Instead of using mail, which often result in poor response in an emerging economies countries such as Malaysia, we sent enumerators to operations managers or equivalent positions whom we had contacted earlier and expressed their desire to participate in the study. To choose the companies, we used the appropriate directory when it is available. For example, for the hotel industry, we utilized the Malaysian Hotel Association directory and select hotels with the rating of three stars and above. The selection represented both low contact and high contact category [15] :(a) Hotels (Service factory);(b) Fast foods (service factory);(c) Auto repair (Service shop);(d) Private hospitals (Service shop);(e) Private colleges; (f) Retailing (stores) (Mass service);(g) Retailing banking (mass service);(h) Accountant(Professional);(i) Architect firms(Professional).   The total final response was 254 firms. We then analyzed the data using the appropriate statistical techniques such as Factor Analysis and Regression Analysis TABLE 1 SERVICE CATEGORIES Sectors Frequency Percent Hotel Fast Food Private Hospital Auto repair Retail stores Retail banks Private colleges Architect Accountant Total 31 30 24 26 30 30 30 30 23 254 12.2 11.8 9.4 10.2 11.8 11.8 11.8 11.8 9.1 100 III. RESULTS Descriptive Statistics: We had about equal numbers of respondent across the 9 industries as shown in Table 1. With regards to the years of operation, more than 30% of all companies have been in operations for more than 10 years. Of all respondents, close to 60 percents are managers or above with 7.1 percentile hold top management positions. Most firms (about 60%) do business locally or nationally whereas about 25 % cover international market. Factor Analysis: A series of factor analysis was conducted to establish uni-dimensionality of the variables and to reduce the independent variables (structural and infrastructural elements) and the dependent variables (external flexibility and internal robustness) to appropriate factors. In doing this, there is an opportunity to redefine or reduce the number of factors according to the commonalities within the variables. SPSS provides the test for the appropriateness of the use of factor analysis and the adequacy of the sampling size. Bartlett tests indicate that factor analysis is suitable and the KMO test calculated that the sample is enough to conduct factor analysis. The first analysis on the structural elements resulted in three factors with percentage variance explained 74.674 percent. We define the factor as facilities related factors (capacity and location),technology, and integration/networking. We then run the second factor analysis for the infrastructural elements and foun d only two factors with 64.958 percent cumulative variances included and name the factors as teamwork management and quality leadership. Finally a separate analysis for external flexibility and internal robustness, as suggested from the theory, maintain most of the items that measures both constructs. The results of exploratory factor analysis shed light on structural, infrastructural elements and the service operations flexibility: external flexibility and internal robustness. The previously mentioned separate structural factor; facility and location, were remerged into one factor that we could call a facility related factors. Examining the items that measures capacity and locations seem to highlight the facility issues and the merging is not totally surprising. Meanwhile, worker empowerment from the infrastructural elements was diluted as some of the items are highly correlated with the team management. This is also justifiable as the team needs some forms of empowerment to be abl e to work effectively. We however intend to cut short the detail discussion of the result s of the factor analysis as the emphasis of this study is on the impacts of the independent variable to service operations flexibility. Multiple Regression: The first model with internal robustness () as the dependent variable has a good fit with R = 0.662 and R square = 0.439. The strongest factors to influence the dependent variable seem to be the structural elements, with technology ( Ã‚ ¢ = .387; t = 6.839), capacity location ( Ã‚ ¢ = .320; t = 5.706), integration/networking ( Ã‚ ¢ = .180; t = 3.353) show the highest beta-coefficient consecutively. Only team management, one of the two factors of infrastructural elements significantly influences the dependent variables. ( Ã‚ ¢ = .156; t = 2.609). The second model has also a good fit with R = 0.686 and R square = 0.471. This time, technology also plays an influencing factor ( Ã‚ ¢ = .342; t = 6.219), followed by capacity/location ( Ã‚ ¢ = .299; t = 5.499), integration/networking ( Ã‚ ¢ = .197; t = 3.783), team management ( Ã‚ ¢ = .187; t = 3.215), and quality leadership ( Ã‚ ¢ = .151; t = 2.678). Here, it seems that quality leadership fac tor play a significant role in delivering the external flexibility of a service firm. We also notice a reducing degree of influence of structural elements (except integration/networking) to affect the external flexibility of the service firms. Further, it is also quite surprising to observe the structural elements enforcing a higher degree of influence to the service operations flexibility where as we hypothesize that the soft elements of infrastructural should lead the list. The results enable us to confirm H1, H2, H3, and H4 but H5 which it is partially confirmed. This requires further explanations that will be discussed in the next section. IV. DISCUSSION This study confirms the importance of structural and infrastructural elements to the service operations flexibility. As suggested from Harvey et al [7] that the variability will have to be dealt with organizational arrangement such as cross-functional teams, empowering contact personal, and building a flat organization, which factors are related to infrastructural elements of operations as well as modifying the structural elements such as networking capability. Our study not only supported the literature but also specifying which factors contribute the most to the operations flexibility. Contrary to our belief that the soft elements will impact more on the operations flexibility of service firms, we found that the structural part especially the element of technology show a greater influence. We believe this is not totally unexpected as the infrastructural parts have also been found in the literature to play a supporting role in the operations effectiveness. Idris and M Ali highlighted the importance role of quality leadership and best practices in steering the effectiveness of firms [16]. Idris et al. [17] emphasizes quality leadership as an important component of organizational capability to drive company performance. Hussain et al [18] also proposed the prime role of leadership in their Excellence model. Further, regarding a reducing degree of influence of structural elements (except integration/networking) to affect the external flexibility of the service firms, this study highlights the role of infrastructural elements on the enhancement of the external flexibility. External flexibility usually deals with the customer demand that require more involvement on the part of the human resource to bring about the needed adjustments whereas more structural elements such as technology is needed to provide consistent internal results in the form of less confusion and glitches. Implying the results, service companies must invest in the structural elements such as technology and networking capability to boost the operations flexibility. These initiatives must also be back up with the human dimension in the forms of team management, and quality leadership. By recognizing the five factors prescribed in this research, a service company would be able to develop and strengthen the operations flexibility of their firms. There is no further analysis of the categories of service companies that may moderate the level of deployment of structural and infrastructural resources. For example, it is a possibility that a low contact service firms will utilize higher level of technology as compared to professional services. Thus future studies should highlight the issues. In addition, the importance of having operations flexibility may also be moderated by the competitive priorities of the companies and the categories of firms themselves. It is presumed that those companies who strive to make flexibility as their top agenda will deploy higher level certain structural and infrastructural resources as compared to those who have cost minimization as their operation objectives. Finally, this study uses managers perception to assess the operations flexibility. Other objectives measures should be explored for future studies V. CONCLUSION In this study, we investigate the relationship between structural and infrastructural elements and their effects on service operations flexibility. We divide the structural elements decisions into capacity, location, integration/networking, and technology while infrastructural elements decisions include worker empowerment, quality leadership, and team management. Service operations flexibility is divided into internal robustness and external flexibility. An instrument to measure all the factors is designed and pre-tested on 30 MBA students with slight changes as required. Thereafter, a pilot study was directed to operations managers of 23 Malaysian service organizations to check the reliability of the instrument. All items used to measure the studied factors are found to be reliable. Factor analysis readjusts our independent factors. With the new defined factors, we regresses them against the internal and external flexibility. We also found the dominant influences of structural and t he supporting influence of infrastructural elements to the service operations flexibility. ACKNOWLEDGMENT This research is supported by a research grant of National University of Malaysia (UKM GUP EP 07 18 113)

Lessons Learned in Kate O’Brien’s Land of Spices Essay -- Land Spices

Lessons Learned in Kate O’Brien’s Land of Spices Kate O’Brien’s Land of Spices is a good read especially if the bookworm is from a catholic school upbringing. The story’s contents complete with the antics of the girls and the lack of patience in the sisters is recognizable from memories drawn on similar events. The nuns’ softer emotions were hidden away from the students and only their hard-heartedness evident in the school’s classrooms. In sixth grade during the fall of 1963 after President Kennedy was shot and killed in Dallas, Texas, a Dominican sister was seen at school with tears in her eyes. At this moment the realization descended upon the enrolled that there was flesh and blood under that habit and not an alien being. O’Brien addresses Catholicism, homosexuality and love in her novel with creativity and realism for the times. On a negative note, the liberal use of the French language is a reminder that this book was written with the rich and cultured person in mind and become s aggravating to this unenlightened one. In reading the excerpt from The Land of Spices by Kate O’Brien contained in â€Å"The Penguin Book of Irish Literature†, this reader is at once aware of the descriptive words with which Helen (the eventual Reverend Mother of the novel) depicts her father, Henry Archer. She presents him in the passage as a man who is â€Å"very beautiful†¦different from other men†¦with curly, silky hair and eyes that shone like stars† and goes on further to say that â€Å"his face grew more beautiful as one drew nearer to it†. 1[1] Perhaps, this feminine portrayal is a less than subtle hint into Henry Archer’s being for in revealing him as a man with a feminine countenance and inevitably finding him locked in a loving embrace... ...ontrol to temperance to love. Despite the rocky relationship between Helen and her father she inadvertently learned patience from him as he continues to love her despite her attitude and she in turn awaits Anna’s realization of her interest and love. Helen and Anna learn temperance in their everyday dealings with Mother Mary Andrew. The greatest lessons are those of dedication and commitment as Helen in the role of Reverend Mother becomes the best nun she can be despite a decision made under duress. Notes: [1] From The Penguin Book of Irish Fiction p. 475. [2] From The Penguin Book of Irish Fiction p. 475. [3] From The Penguin Book of Irish Literature p.485. [4] O’Brien, Kate. The Land of Spices, p.20. [5] O’Brien, Kate. The Land of Spices, p.252. [6] O’Brien, Kate. The Land of Spices, p104. [7] O’Brien, Kate. The Land of Spices, p. 110.

Information Systems Security Essay

In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution. The case we have been assigned today deals with physical and logical vulnerabilities and protection against the risks and threats by implying the best controls to either mitigate, avoid and transfer the risks. Being an Information Security officer at a newly opened location in a busy mall, I have been asked to identify physical and logical risks to the pharmacy operations and also to suggest remedies to avoid any huge loss to the business. The pharmacy operations involve the unique transactions which involves the critical patients’ data, valuable medication and access to cash. The regulation set by the government obligates a pharmacy to meet certain standards to secure logical and physical access to information systems. The pharmacy is comprised of 4 work stations, there is a drug storage are and an office in the premises which has a file server, domain controller and a firewall. The three of the four work stations are placed at the counter to record and retrieve information of customers’ order. The entry of the store if from the mall and there the drug storage area is securely locked location behind the front counters. The store has a back door entry which is used by the employees and for delivery of new drugs. As an IT officer I have to protect all aspect of security including physical security of IT systems. Information Systems Security Physical security is an essential part of information technology security. Physical security encompasses not only the area containing system hardware, but also locations of wiring used to connect the systems, supporting services, backup provisions and any other part of the systems. Laptops and other types of mobile computing devices must also be protected from theft. The data on the mobile devices sometimes more than the value of the device. Such devices can also be an entry point on network. First look at the physical vulnerable area to IT systems within the pharmacy. After identifying the IT assets of company we can surly identify the physical risks. * Server Room * File server * Domain controller * Front Counter workstations * Switches/hubs The back door as showed in the floor plan is used by the employees of the pharmacy and it is often used for delivery of drugs. The access through this door is a physical vulnerability. Only authorized personal should be allowed to use this door. Any unidentified entry or activity should be monitored carefully. Such incident can result in loss of physical devices. The server room is a highly secured area which should be allowed only to IT people, other personal should be granted access by seeking special approval. The door should be locked all the time to protect IT assets. The workstations at the front counters should also be locked and placed securely to avoid any theft. The caged area cannot be locked all the time, it would result in low productivity as the staff move between the store, office and front counters. Securing the server room by locking it is the first step; surveillance makes it more effective if someone breaks into the server room. In case of an incident, one can easily pull up the video and check it for a particular time or for a particular event. â€Å"A logical breach affects the network, data and software without physically affecting the hardware. One of the problems with any logical breach of security is that the damage is invisible and its extent is unknown†. (Georgia Institute of Technology). As we read in the book, vulnerabilities are found in all seven domains of the network: * User Domain: * Lack of awareness of security policy * Accidental acceptable use policy violation * Intentional malicious activity * Social engineering * Workstation Domain: Unauthorized user access * Malicious software introduced * Weaknesses in installed software * LAN Domain * Unauthorized network access * Transmitting private data unencrypted * Spreading malicious software * LAN-to-WAN Domain * Exposure and unauthorized access of internal resources to the public * Introduction of malicious software * Loss of productivity due to Internet access * WAN DomainTransmitting private data unencrypted * Malicious attacks from anonymous sources * Denial of Service attacks * Weaknesses in software * Remote Access Domain * Brute-force attacks on access and private data * Unauthorized remote access to resources Data leakage from remote access or lost storage devices * System/Application Domain * Unauthorized physical or logical access to resources * Weaknesses in server operating system or application software * Data loss from errors, failures, or disasters† (Kim, 2012) System and data could be vulnerable due a physical breach where an intruder affects any system or node by uploading some invisible malicious code on one of the computers. Usually the logical breach results due an unauthorized access to the system/network. The users on the front desk should be given access to the information they need to perform their job on need to know basis. Any workstation is capable to breach into sensitive information. Access to any machine could lead to confidential information breach. All users are required to use their credential to access information on the network. A strong password is required by the policy outlined by the IT department. Logical vulnerability deals with anything which is to do with computer software/network other than the physical network. People are the weakest link in the whole chain. They are the biggest threat to the IT network; any user could compromise the system without even knowing the result of his/her actions. Users using personal device on the enterprise network is the biggest threat ever. Use of personal media should be strictly prohibited because it could bring in the malicious code which gives access to hackers to break into network and steal confidential information. A weak password also helps intruders to disguise them as the legitimate user and access the information to compromise the network. Software and antivirus updates could also be crucial if it is not done on time, it can lead into breach. The physical threat and vulnerability can result in huge loss in revenue and confidential information leakage. As mentioned above, any physical vulnerability can result in loss such as theft of the equipment, any device plug to attack remotely or record data. We often printers in the network security, most printers nowadays stores information on built in memory on the printers before printing. If somebody walks out with the printer, access to information in printer’s memory can be accessed easily. Figure 1 Key Logger As showed in the picture, there is a small device which is a key logger. If any personal (internal or external) have access to the assets of the company can install such a device which will not be found with careful examination. Such devices can log the keys strokes which will open a door for attackers to get access to information all the time. Figure 2 Threats & Potential Impact The picture above is self-explanatory, is the network is physically or logically vulnerable any attacker can break which can lead to the impact mentioned above. In case of pharmacy where it is required by the law to take very extra care of customers’ confidential information no risks can be taken. In-case the network is compromised due to physical and logical vulnerability, the attacker can disrupt the whole business. Some disgruntle employee can cause DOS which will bough down the network which will result in delay in orders, low productivity. Vulnerability can also cause loss of information, loss of privacy of customers, legal liability due to leakage of confidential information which is governed by the HIPAA. And above of all reputation among customers, it is very difficult to gain customers’ confidence if it is lost just because of any event. To identity and deal with risks, we are going to take the same approach as defined in the book. After carefully examining the risks, we are going to analyze the impact and based on the impact we will develop a strategy either to mitigate, transfer, avoid or accept the risks. Figure 3 Risk Management Process To deal with the physical risks identified above, the best strategy would be to mitigate or transfer it in-case of any event. Numbers of steps are suggested to mitigate the risk due to physical vulnerability. The back door is used by employees only. The server room is always locked and with prior permission no other than IT personal can enter in it. All IT assets have been locked securely to avoid any theft. Surveillance is also part of our strategy to mitigate any risks. Risks transfer strategy comes into play if anything happened to IT assets. Based on the value of assets most of the assets are covered under insurance. But data is such a valuable asset of the company that no insurance can cover the loss of data theft. After evaluating the logical vulnerabilities, I am going to suggest risk mitigation and risk acceptance strategy. â€Å"Malicious attacks increasingly complex variations are continuously being introduced and can sometimes spread widely before protection software companies deliver the latest detection strings and solutions†. Standard for Technology in Aumotive Retail, 2012) . The first step would be to mitigate the risks at any cost) but since the people are weakest link in the whole IT security scenarios they tend to do things unintentionally which compromise the security. Based on these facts I have also suggested the risk acceptance strategy. This fact is known by most of the businesses but they still do it because they do not perform any operations without manpower. The staff working at front desks or any employee at the pharmacy could use personal media which could lead to any attack. The weak password can also help attackers to use logical bomb technique to guess the password. A strong administrative control is required to avoid such incidents. Some of the suggestions to mitigate the logical vulnerabilities: Security Awareness- as mentioned above the people is the weakest link in the IT security. User awareness on virus control is the most effective tool to control it. In the awareness programs they should be reminded that data should be accepted from the trusted sources. Incase they receive files from untrusted source should not be open. Persona media should be approved by IT department to use. Patch Management- latest patch protects the system against the latest viruses. It is a process that updates the vulnerable areas on the application level. Hackers usually use the flaws and weak points in the system and exploit them to get on the network. Software OEM issues a new update to fix the issue, windows and antivirus auto update is common examples of such patch management. Most organization does not allow automatic updates due to interference in current operations. They usually test the patch on test environment before replicating it to production nodes. Anti-virus scanners – these products scan files and email and instant messaging programs for signature patterns that match known malicious software. Since new viruses are continually emerging, these products can only be effective if they are regularly updated with the latest virus signatures. See your product manual for instructions on how to activate this. Anti-virus scanners can be positioned on gateways to the network and/or on network hosts. Anti-virus scanners need to be frequently updated to be effective. Therefore, regularity and method of update are criteria that need to be considered when selecting anti-virus products. The first line of defense is administrative controls against any physical and logical threats. These are the policies which is prepared and approved by the management to staff for compliance. In pharmacy’s case strict policies are suggested to comply with regulatory compliance (HIPAA). First of all physical access to premises especially from the back door needs to be secure. The policy to enter in the building using a cat card or smart token is mandatory which a control to prohibit any unauthorized access. The IT room is also protected by a digital lock which can only be accessed by ntering correct combination of the password. The IT devices cannot be move out without prior approval from management on a prescribed form. Another preventive control is to disable all removable media from the systems at the front desk. The USB/serial ports are disabled and it can only be granted on special approval. To control logical vulnerabilities I have suggested mix of administrative, detective, preventive, corrective controls. All users by policy are required to use strong passwords, the password must contain, one letter in caps, one symbol/numeric value. The total length should be between 8-20 characters. Users are required to change the password every 30 days and they cannot use passwords any 10 previously used passwords. Users are also cautioned about not to write passwords. Most of the employees have role based access to IT systems. All front desk employees go straight to the application required to book patients’ orders. They cannot open or use personal email on the systems. The access to internet is controlled by the web application filter which only allows users to check pre-approved sited required to manage operations. All systems have the latest updated antivirus software which does not allow any infected file to execute. The best strategy to deal it with is preventive. Similarly to prevent any intruder in the network, IDS are deployed to monitor any unusual activity. Backup of data with regular interval makes it possible to continue the business in case of any break down due to any malicious activity. The data is backed up with only last changed items after every 4 hours. As mentioned earlier the patients’ data is highly confidential, any loop whole can result in legal liabilities.

Annotated Bibliography On Adolescent Idiopathic Scoliosis

Tutorial Assignment 1 1. The title of the article is â€Å" A Functional SNP in BNC2 Is Associated with Adolescent Idiopathic Scoliosis† Journal Reference: Ogura Y, Kou I, Miura S, et al. A functional SNP in BNC2 is associated with adolescent idiopathic scoliosis. The American Journal of Human Genetics. 2015; 97(2): 337-342. doi: 10.1016/j.ajhg.2015.06.012 2. The authors studied this subject as it relates to a very prevalent medical diagnosis around the world, Adolescent idiopathic Scoliosis (AIS). This medical illness is the most common spinal deformity found in children from the age of 10 to the end of the pubertal growth spurt and can be very debilitating.1 The authors decided to study single nucleotide polymorphisms (SNP) and there effects on gene expression and protein regulation that may be linked to the disease because they had previously done a genome wide-association study where they identified two loci that were linked to AIS in a Japanese female population.1 This study was also replicated in Chinese and Caucasian ppulations.1 They knew they were on the right track that SNP’s and specific locations on the chromosome were linked to the disease and that they should look further into it. However, this link only explained an approximate 1% genetic variance in AIS and therefore the authors decided they should identify mor e susceptibility to genes and use a larger gene pool in their study. 1 They also conducted a whole genome imputation. 1 3. BNC2 or Baso-Nuclin 2, is