Difficult for the reader to feel much affection for the protagonist Essay

It is difficult for the reader to feel much affection for the protagonist in Wolff’s memoir. Do you agree? This Boy’s Life, set in America in the 1950’s, is a compelling memoir by Tobias Wolff, whom recreates the frustrations and cruelties faced throughout his adolescence, as he fights for identity and self-respect. During this period of time, America underwent major changes in the political and economic spheres, which in turn were responsible for its social makeover. Society in this time was geared toward family; marriage and children being part of the national agenda. The 1950’s was also an age of male dominance, where even if women worked, their assumed proper place was at home. Throughout the memoir, the protagonist, young Jack Wolff, makes it difficult for the reader to feel much affection towards him, as his actions prove to be troublesome and unruly. However, as the memoir progresses, Jacks struggle reveal the reasons for his actions which sequentia lly shape his character, providing the readers with understanding and sympathy towards his inexorable situation. The fraudulent lies and deceitful ways of Jack can be frustrating upon the reader; though we come to realise that he does this in order to be accepted by the people around him. Jack also engages in fights and unfaithfully betrays his best friend Arthur, although it becomes evident that he only does this in order to gain Dwight’s approval of him. The lack of a real father figure in Jack’s life has a profound impact on him and his desperate attempt to develop his identity, which further supports the readers’ emotions of sympathy towards him. Jack lies relentlessly in order to escape the grim circumstances of his childhood. His life is fuelled with emotional neglect and verbal abuse; Dwight, his indignant step father, being the foremost cause. He desires of transforming himself into the person that he truly wants to be; an image he believes will help him to belong and to be happy. The lies he tells are a constant source of comfort for him, as he relies on them to pr ovide stability and hope in his otherwise unstable life. â€Å"I couldn’t help but try to introduce new versions of myself as my interests changed, and as other versions failed to persuade†, demonstrates an essential part of Jack’s character, as he lies in order to fit in. His identity would change with the different people he met, in order to meet their expectations of him and to obtain their acceptance. This greatly contributes to the sympathy felt for Jack, as he renders the reality that he finds so difficult to accept as a young boy. Among many other lies  throughout the memoir, Jack has the intention of creating a new identity for himself. â€Å"It was truth known only to me, but I believed in it more than I believed in the facts arrayed against it. I believed that in some sense not factually verifiable I was a straight-A student†. At this point, Jack takes his re-creation of identity to a new level. Jack is completely aware of what he is doing, although he does not stop. His incessant lies and then believing that they are the actual truth continuously reoccur throughout the memoir. This serves to show his insecurity of who he was, and his imprudent belief that he had the ability to become something better than what he was. Jacks fabricated attempts to re-create â€Å"new versions† of himself, reveal his instinctive lying nature, thus contributing to the annoyance the readers occasionally feel towards him. However, it becomes clear that Jack is confused; he wants to belong. This misperception, and yearn to fit in explicates why feelings of sympathy by the readers towards Jack are inevitable. Jack is forced to live with his violent stepfather Dwight. Dwight cruelly exercises authority over Jack, in order to create a sense of dominance over him â€Å"Dwight would dump a pile of nuts on the floor of the utility room and put me to work with a knife and pair of pliers until he judged that I’d done enough for the night†. Because of this, Jack is determined to prove to Dwight, himself and the reader that he is not the person Dwight defines him as. Jack is not hurt by Dwight’s accusations that he is a thief and liar because â€Å"I did not see myself that way†. However, when Dwight calls Jack a sissy, Jack thinks of Arthur, who is his best friend and the biggest â€Å"sissy† in school, and remembers how the word sparked the fight between him and Arthur. Dwight treated Jack differently for a few days; with certain deference – â€Å"Dwight took the calls and explained that the papers had been ruined in a fight, adding that his boy Jack hung a real shiner on the Gayle kid.† This was the only time he expressed a genuine interest in Jack that bordered on admiration, rather than disgust. Dwight was always associated with hatred and negativity, but because of this certain deference after he fought, Jack felt a certain connection to him as a father figure. He felt as though he finally impressed Dwight, and even felt loved because of Dwight’s respect towards him. This discloses that Dwight’s actions had significant influence over Jack, as he continued to engage in these violent fights, in order to demonstrate his m asculinity to  Dwight. Jacks violent nature is driven by his belief that he has to prove his masculinity to Dwight. This attests annoyance within the reader; as Jack claims he â€Å"defined myself in opposition to him†, he ironically shares the traits of Dwight, such as violence and his desire to be regarded as powerful and masculine. However, Dwight’s deference towards Jack after he fought contrastingly draws sympathy for Jack from the readers, as it reveals his desire to belong; his desire to be loved. Jack’s friendship with Arthur plays a significant role in the re-creation of his identity. Arthur was recognised as a â€Å"notorious sissy†, and because of this Jack worried of the social implications it would consequently have on him by being friends with Arthur. â€Å"To put myself in the clear I habitually mocked Arthur, always behind his back, imitating his speech and way of walking, even betraying his secrets†, demonstrates Jacks desperation to acquire acceptance fr om others, even if it meant denying a part of himself- a friendship- that actually made him happy at times â€Å"but I had withheld my friendship, because I was afraid of what it would cost me†. Jacks betrayal of Arthur imparts anger in the reader, as he attempts to impress people who are not his real friends. However his confused identity and lack of self-confidence justify his disloyal actions, particularly because of the circumstances he was faced with at such a young age. Parental neglect plays an important role throughout the memoir. This is first evident in the text when Jack says â€Å"after all, he was in Connecticut and we were in Utah†, signifying the substantial physical and emotional distance between his birth father and himself. Fathers play an important role in their child’s upbringing and development. Due to this lacking in Jacks life, the responsibilities of growing up prove to be difficult for him, evident through his confused identity and troublesome ways. Furthermore, Rosemary’s ex-husband Roy plays a significant role in shaping the way Jack thinks and reasons, particularly from such a young and susceptible age. â€Å"I thought Roy wa s what a man should be†, reveals Jack’s naivety at such a young age; as Roy, abusive and indignant, was in fact the complete opposite of â€Å"what a man should be†. Wolff is once again faced with a man, Dwight, who abuses him and sets a terrible example for him. His violent nature plays a major part in Jack’s development, which ultimately forms his identity. Dwight’s actions have such an influence that â€Å"Jack† writes about Dwight’s voice being ever-present in  his head and own voice, even as an adult; even as a father. â€Å"I hear his voice in my own when I speak to my children in anger†. The sympathy felt by the readers for Jack is inevitable, as his brutal childhood is left with him for the rest of his life. Although Jack makes it difficult for the reader to feel much affection towards him on some occasions, the abusive, neglectful and violent experiences he is confronted with at such a young and vulnerable age conveys a sense of understanding, which in turn rouse feelings of sympathy towards young Wolff. Jack lies constantly; whenever he is presented with the opportunity to. This frustrates the reader is some instances. Generally though, reasons for this are understandable, such as his confused identity due to the violent and emotionally unstable life he lives. The violent fights he associates himself with, and the betrayal of his â€Å"best-friend† Arthur, leave the readers in a position to question whether his motives can be justifiable. However, these fights and betrayal are a reflection of his desire to be accepted by others, and the masculine, powerful man Dwight’s expects him to be. The lack of a real father figure largely affects Jack and all aspects of his character, from his deceitful ways, to his violent involvement in fights. Because of this, compassion and sympathy prevails over the occasional frustration felt towards Jack by the readers. In supposition, Jack is a helpless child seeking a happy life; an identity he is truly happy with.

Masculinity portrayed in “The Great Gatsby” Essay

Masculinity is a well known stereotype that often defines men as being tough, strong, and having no emotions. In most cases, their work tends to identify their level of masculinity. In The Grapes of Wrath by John Steinbeck, The Great Gatsby by Scott F. Fitzgerald, and The Glass Menagerie by Tennessee Williams, the male characters create their identities through their abilities to provide for their families. In these three texts, the males portray their masculinity by their roles as head of the family and their work and wealth. As a tradition in many cultures, the males assume the position as head of the family. In most cases, their family responsibilities and obligations establish their masculinity. Pa was the head of the family now (Steinbeck 139). In The Grapes of Wrath by John Steinbeck, Pa became the leader of the family after Grandpa died. Pa took over Grandpas role in the family and was responsible for the whole family in result. Traditionally, the position of the family leader is passed down to the eldest male. Similar to Pa in The Grapes of Wrath, Tom in The Glass Menagerie by Tennessee Williams, demonstrated his masculinity as the head of the household after his father had abandoned the family. I mean that as soon as Laura has got somebody to take care of her, married, a home of her own, independent — Why, then youll be free to go wherever you please, on land, on sea, whichever way the wind blows you! (Williams 35). Tom is obligated to support his family, especially his crippled sister Laura, until she finds a husband. Because Tom was the only male in his sister and mothers lives, he had to assume household responsibilities, as most men did for their families. Ultimately, Pa and Tom expose their masculinity by obtaining the duties of being in charge of their families. Customarily, a mans masculinity is defined through his wealth, occupation, or means of work. Throughout society, it is a stereotype that if a man makes a sufficient amount of money and has a job that easily supports himself and or his family, he is masculine. If he has a small, not so important, low earning job, then he is typically considered less masculine. In The Grapes of Wrath, Pa struggles to prove his masculinity. Well what the hell am I gonna do? Were out of money. One of my boys got a short job but that wont  feed us. (Steinbeck 374). Pa gets frustrated because hes helpless when it comes to work. He does not feel like he is supporting his family, therefore he feels like he is masculinity is diminishing. Different from Pa, Tom and Gatsby in The Great Gatsby are able to successfully display their masculinity by the amount of wealth that they have. Tom Buchanans arrogance and pride that he shows toward his wealth seems to prove his masculinity to his mistress Myrtle. They are both hung up on his money and Tom likes to flaunt it. Because Tom is wealthy, Myrtle sees him as the perfect gentleman. Two shining arrogant eyes had established dominance over his face (Fitzgerald 7). Tom is described as being clearly aware of his power and manliness. Like Tom, Jay Gatsby also has a large fortune. The fact that Mr. Gatsbys money is entirely earned from work, unlike Tom whose money is passed down through the family, also displays masculinity. His gorgeous home and lavish parties provided by his abundant wealth makes the community realize how much he earns, which otherwise depicts his masculinity. Masculinity is identified in The Grapes of Wrath by John Steinbeck, The Great Gatsby by Scott F. Fitzgerald, and The Glass Menagerie by Tennessee Williams, through the male characters abilities to support their families, which also touches upon their jobs and wealth. In modern society, while masculinity still seems to be based on a mans ability to provide for his family, the type of job he has, or the money that he earns, it plays a crucial and distinctive role in the way that people view men. Overall, it classifies their level of manliness. Furthermore, men tend to strive to gain these qualities that illustrate masculinity, as it is portrayed in these three novels.

Global Intitutions Research Paper Example | Topics and Well Written Essays - 2000 words

Global Intitutions - Research Paper Example Health is also vital for achieving peace and security and hence both individuals and states should fully co-operate towards achieving this means. When there is a lack of health promotion activities and adequate steps taken for disease control then the state becomes more vulnerable to communicable diseases. Promotion of child health and welfare and creating awareness among all the individuals of a state about medical well-being could help in achieving complete health attainment. In order to meet this end it is vital for people to fully extend their cooperation and work together in improving the health of the entire community. In order to meet this end the constitution also calls for the co-operation from the governments of all states to undertake social and medical measures which will ensure a healthy society. The WHO is headquartered at Geneva, Switzerland and has offices in more than 150 countries with more than 7000 people working in them. The organization has 6 regional offices in the African region, America, South-East Asia, Europe, Eastern Mediterranean, Western Pacific and a Global Service Center in Malaysia. Its staff includes medical doctors, specialists working in public health, scientists, epidemiologists, and staff who have been trained for the purpose of managing administration, finance, and information systems in the various offices. In addition, the centers also include members who have specialized in the field of health statistics, economics and who have experience in carrying out emergency relief operations. Within the framework of the United Nations, the WHO directs and coordinates with other world countries on issues pertaining to international health. The WHO offers leadership positions and entering into partnerships wherever required on critical health issues. They al so play an active role in encouraging research studies and thereby stimulate the creation and transfer of knowledge regarding various health issues. The WHO is

ENGLISH JOURNAL ANALYSIS Coursework Example | Topics and Well Written Essays - 500 words

ENGLISH JOURNAL ANALYSIS - Coursework Example It redefined the minima of theatrical certainty.   It was simple as that. He got away. He won by twenty-eight lengths, and he’d done it with so little—and I mean that as an enormous compliment. There they all were, busting a gut with great monologues and fireworks, and this extraordinary genius just put this play together with enormous refinement, and then with two completely unprecedented and unique bursts of architecture in the middle—terrible metaphor—and there it was, theatre. Though scholars and enthusiasts have speculated on the form and structure of the play, not many have managed to grasp the influence of the play over the linguistic characteristics of theatre. Contrary to the earlier attempts to construct a play using carefully chosen dialogues, Beckett liberated dramatic speech from the clutches of rhetoric and replaced it with his unique choice of words which contradict the foundations of conventional grammar. Most importantly, he strips words of their literal or contextual interpretations in an attempt to prove it being ineffective of trying to find sense inherent in the universe.

Ethical & Legal Case Study Evaluation Example | Topics and Well Written Essays - 1500 words

Ethical & Legal Evaluation - Case Study Example There are also chances of civil liability ensuing (Guido, G. 2009). Though The Human Rights Act 1998 identifies a right to life in Article 2. A court ruling, NHS Trust A v M: NHS Trust B v H [2001, affirmed that the patient’s right to willingly refuse treatment, and whether it was in the patient’s ‘best interests’ to forgo treatment were the two key factors determine whether treatment will be foregone. The patient’s right to intentionally refuse treatment, was recognized as being both legal and not the same as suicide, this was despite the fact that the refusal would ultimately lead to the patient’s death (Chiarella 2006). Legality of Janet’s Actions Janet’s actions can be termed as being illegal because, according to NHS guidelines on the discontinuation of (LSMT), in occasion a disagreement amongst the team members, the team should sit down and consider the basis of the disagreement and try to obtain an opinion from a medical p rofessional who happens to be working in a discipline that is the same as the disagreeing member. This was clearly not followed in the case of Dr. Johnson’s disagreement with the other attending nurses (Guido, G. 2009). Janet the nurse did not consult with all the staff included in the patient’s care when she made the decision to discontinue the supply of Mrs. Jordan’s noradrenaline. This was in direct contravention of a checklist used in the ruling by Dame Elizabeth Butler-Sloss in Case: Re B (an adult: refusal of medical treatment) [2002] 2 All ER 449. One of the requirements in the checklist was that there must be adequate consultation between all the staff involved before a decision is made (McIlwraith &Madden 2006). Ethical Features Mrs. Jordan was undergoing palliative chemotherapy, for pancreatic adenocarcinoma that was in its advanced stage and there were not chances that she would recover. Her quality of life was severely hampered and her family underst ood this and wanted the Life Sustaining Medical Treatment to be discontinued. Their intentions are seen to be inline with the doctrine of double effect (Chirella 2006) Ethicality of Janet’s Actions Janet’s actions can be viewed as being ethical as supported by a court ruling, Re Conroy [1985] that upheld that a patient declining life-sustaining treatment could not be viewed as an attempt to commit suicide. The action merely allows a disease to follow its natural course. If the patient dies, it could not be termed as a self-inflicted injury but it would be considered to be the result of the underlying disease. She was not responsible for the death (Charella 2006). Legally significant Events in the Alternate Version of the Case Scenario In the second Scenario, there was sufficient consultation between the medical staff attending to Mrs. Jordan and her family before Janet was instructed to withdraw the LSMT. Hence this is perfectly legal in accordance with the Ministry of Health Guidelines (Ministry of Health). The medical professionals and members of the family were also in agreement as opposed to the first scenario where their views were divergent. Dr. Jackson also complied with Mrs. Jordan’s Advanced Care Directive which clearly stated that she did not want to receive LSMT. This is in compliance with the law as opposed to the

Comparasion of Apple and Samsung Essay Example | Topics and Well Written Essays - 3500 words - 1

Comparasion of Apple and Samsung - Essay Example A comparison of the stock prices provides us with the information on the relative investor confidence on the two companies. A comparative analysis of the two companies helps the investors to reach an investment decision on the common stocks of Apple and Samsung. A comparison between two publicly traded companies Apple and Samsung could be done with the help of financial ratio analysis. The profitability ratio, liquidity ratio, investment value ratio and debt ratio has been taken into consideration for this comparison. The financial ratio has been determined by considering the financial statements of the two companies for the last two years. The return on assets for Apple is much higher with respect to Samsung. While Samsung produced an 8.83% return on assets in 2011, Apple registered an ROA of 22.28% in 2011. Apple focused to increase its asset base in 2012. The rate of increase in ROA for Samsung is more than that of Apple but the percentage return on assets for Apple is 23.70% which is more than 13.17% ROA for Samsung in 2012 (Bragg, 2012). The return on equity gives an indication of the efficiency of fund management by the companies to increase the wealth of the shareholders. The net income earned by the companies could be expressed as a percentage of the total equity of the company. The return on equity for Apple is more than the return on equity for Samsung in the last two years. In 2011, Samsung achieved a return on equity of 13.58% as compared Apple’s return on equity of 33.83%. From the 2011 to 2012, rate of increase in ROE for Samsung is more than Apple. Despite that, Apple recorded an ROE of 35.30% in 2012 which is more than 19.63% ROE for Samsung. A comparison of the asset turnover of Apple and Samsung provides a measure of utilization of assets of the two companies. Asset turnover indicates the amount of revenue generation of

PESTLE and life Cycle analysis Essay Example | Topics and Well Written Essays - 2000 words

PESTLE and life Cycle analysis - Essay Example According to this method any individual stakeholder or any stakeholder group’s power can be ascertained and managed. Many books define stakeholders to be individuals or groups that have an interest in an organization; hence it may not be necessary for any individual or group to have an interest in any particular organization because interest is not the only ingredient to constitute regard someone as a stakeholder. This can be further explained by giving the example of the society at large which is a major stakeholder to the all factories which are emitting a large quantity of carbon dioxide, hence they only have an interest to the extent of the carbon dioxide emission and they might not have enough power to stop the factories from doing such an act (ACCA, 2007). The five groups of stakeholders that any business organization needs to consider for its growth perspective would be: Shareholders/Owners Employees Customers Government Society at large Majority of banks consider the e mployees to be the most important stakeholder within the banking organization. Banks consider their employees to be their vital stakeholder because of their decision making ability. The employees have the ability to take up decisions on any given matter hence these employees have the ability to drive the bank into a profitable or a loss making venture. This decision is really important for the survival and the long-term growth of the banks and hence it is because of this only reason that the employees have such a powerful decision in their hand, banks considers them to be the most important stakeholder (ACCA, 2007). â€Å"Systems thinking† is a process which tells that different things and activities within nature/organization are totally linked with each other. This theory defines that the activity of one individual or a group would affect the life or decision of other individuals or groups. Systems within an organization include the employees, the processes and the structur e of that organization and it is because of these people, processes and structures that the organizations get affected either in a positive or a negative manner. The banks use the closed systems thinking approach in the entire movie. The best exception would have been to follow the open systems thinking approach where the banks would have been involved in focusing on external issues and threats as well, this way open systems thinking system would help the banks to survive for a long period of time by focusing on the external environment along with the internal one (Gharajedaghi, 1999). The governments should play an important part in stabilizing banks as these banks are the main institutions in any economy. These banks are heavily involved in stimulating an economy and hence they should always be helped in situations when these banks are falling apart. Government interference in managing the general environment would be really important and these banks can be funded by the governmen ts to make them survive during difficult time periods. The film tells us the Government and the Law Enforcing authorities were really weak in putting up any system that would have led the bank to survive during such difficult times. The banks collapsed leading to further

Porter and Kotlers Essay Example | Topics and Well Written Essays - 2250 words

Porter and Kotlers - Essay Example A large number of child center in Australia is now on the industry. ABC needs to survive and increase its profit and has come up and decide to merge with Child Care Center Australia (CCCA) and Peppercorn Management Group (PMG). Action done by its managing director are being analyze in this paper. Suggestion where given to help the company succeed on its aim to increase sale, profits and shares and survival in this stiff and increasing competition. What is an industry As defined in userweb.nni.com an "Industry" is way of classifying businesses that have something in common. Firms are included in or excluded from an industry classification based on the degree of similarity in the products they make or sell and types of customers they service, and the marketplace in which they compete. Industry analysis is a type of business research that focuses on the status of an industry or an industrial sector (a broad industry classification, like "manufacturing"). A complete industrial analysis usually includes a review of an industry's recent performance, its current status, and the outlook for the future. Many analyses include a combination of text and statistical data. Based on the article of Themanager.org, Porters model is based on the insight that a corporate strategy should meet the opportunities and threats in the organizations external environment. Especially, competitive strategy should base on and understanding of industry structures and the way they change. Porter has identified five competitive forces that shape every industry and every market. These forces determine the intensity of competition and hence the profitability and attractiveness of an industry. The objective of corporate strategy should be to modify these competitive forces in a way that improves the position of the organization. Porters model supports analysis of the driving forces in an industry. Based on the information derived from the Five Forces Analysis, management can decide how to influence or to exploit particular characteristics of their industry. 3 1. Main Aspects of Porter's Five Forces Analysis The original competitive forces model, as proposed by Porter, identified five forces which would impact on an organization's behaviour in a competitive market. These include the following: - The rivalry between existing sellers in the market. - The

Internationalization of Trade Essay Example | Topics and Well Written Essays - 2250 words

Internationalization of Trade - Essay Example The research is about international trade, mainly strategies of becoming internationally competative. It is limited to the study of the East Asian markets. The topicality of the work is stipulated by the fact that since East Asian economies have joined the world trading community they have been causing a huge shift in relative prices and incomes of labor, commodities, goods, and assets. The new models of business and strategies used in these economies are based on their adoption of free market policies, liberalization and permission for FDI, and, of course, abundantly available cheap labour. Tax incentives and lowering and removing of trade barriers opened these markets to the West. With reference to relevant theories and models, the author tries to outline and critically appraise the learning and capability development strategies used by East Asian emerging companies to become internationally competitive. The researcher attempts to explain how international competitive advantages in the cars, clothes and chips sectors are shaped by production features, market structure, nature of competitive rivalry, and government policy. Using examples the writer seeks an answer why and in what ways the retail, financial and telecommunications sectors are becoming more international. The work describes the role of information and communication technologies and deregulation in the internationalisation of those sectors.

Issues of Faculty Training for Online Courses Research Paper

Issues of Faculty Training for Online Courses - Research Paper Example The authors incorporates qualitative research in educations so as to mitigate the issues circumventing around online trainings based on knew knowing patterns. The authors takes an approach of sociological perspective but showcases alterations in conceptualization of qualitative research resulting from feminist and post-structural thought. The emphasis on technology and qualitative analysis software in qualitative research assist faculty stakeholders and learners in technology utilization as well as its efficient installation and incorporation which is beneficial to online training. However the outstanding issues in online training such as faculty compensation, faculty workload and faculty selection need to be addressed urgently. Compensation and incentives are motivating factors to faculty and hence should be addressed based on course-load, incentives and perks and promotional (In Shattuck, 2014). The Faculty Workload is also a factor it determines the number of hours work and not how course count. This also incorporated class sizes. Another issue is the issue of Faculty Selection which is the driving force behind distance education program. There is need for proper selection of academically qualified faculty to deliver. This should consider academic review with increased technical and instructional skills. Computer proficiency should form the major benchmark for faculty selection as there is not automatic guarantee for those who have excelled in some fields to be good online

The Green Light in The Great Gatsby Essay Essay Example for Free

The Green Light in The Great Gatsby Essay Essay Key Factors * 1920’s America â€Å"the Jazz era† – America had a soaring economy – Set in the summer of 1922. * Wealth, class, social status, love, materialism and the decline of theâ€Å"American Dream† (caused by a dizzy rise in the stock markets after WW1) are all major themes * Narrated through the eyes of character Nick Carraway – educated at Yale, moves to New York from Minnesota – presumably searching for success i.e. the American Dream * The storyline is very similar to Francis Scott Key Fitzgerald’s own life events. * Prohibition of alcohol in America (1920-1933) meant that bootlegging/rum-running was big business. This was how Gatsby made his fortune. * Every character appears to be something they’re not. * Fitzgerald portrays the 1920s as an era of decayed social and moral values, evidenced in its overarching cynicism, greed, and empty pursuit of pleasure * As Fitzgerald saw it (and as Nick explains in Chapter 9), the American dream was originally about discovery, individualism, and the pursuit of happiness. In the 1920s depicted in the novel, however, easy money and relaxed social values have corrupted this dream, especially on the East Coast. Essay Question Analysis Explore the ways in which Fitzgerald presents contrast between the characters of Daisy and Myrtle in The Great Gatsby? Daisy Buchanan: Her name symbolises a flower: White on the outside and yellow on this inside, this is in keeping with Fitzgerald’s use of colours/symbolism. Although white may be used throughout the novel to symbolise purity, innocence and honesty, could it be that white could mean blank, void, empty? * â€Å"The exhilarating ripple of her voice was a wild tonic in the rain† * â€Å"Her voice is full of money† couldnt be over-dreamed Metaphor * â€Å"Daisy’s murmur was only to make people lean towards her, an irrelevant criticism that made it no less charming† * â€Å"She dressed in white, and had a little white roadster† – â€Å"white girlhood† * It makes me sad because Ive never seen such such beautiful shirts before. – Materialism * Daisy and Jordan lay upon an enormous couch, like silver idols weig hing down their own white dresses against the singing breeze of the fans. * I hope shell be a  foolthats the best thing a girl can be in this world, a beautiful little fool You see, I think everythings terrible anyhow And I know. Ive been everywhere and seen everything and done everything. – Materialism If her daughter is a fool, then shell never get hurt. Shell never realize that she married for money and status instead of real love, that her husband is having an affair right under her nose, that everyone sees her as silly, stupid, naive, and pitiful. If shes a fool, shell never have an opinion that can be dismissed by the men in her life, and shell never care about anything except dresses and flowers and all the pretty things in life. Shell be pretty enough to find a husband who can support her financially, and dumb enough never to realize how tragic life actually is. * Nicks second cousin, once removed. * â€Å"The most popular young girl in Louisville† * Daughter â€Å"Pammy† is rarely seen throughout the book. Though when company is over she is beckoned to perform an act. Much like Daisy. Daisy’s Location and descriptions * East Egg, Long Island, New York. – home to â€Å"old money†, wealthy aristocracy, tradition, old ideals and ideas * Comes from a wealthy family in Louisville, Kentucky * The significance of East Egg and West Egg is the social divide between new money and old money. Daisy and Tom Buchanan are old money (their families have been rich for many generations) and so they live on East Egg island. Gatsby and Nick are new money (theyve earned it themselves or their parents earned it through work) so they live on West Egg island. It also represents the ideas of living in the past and present. East Egg represents how Daisy and Tom both live with old world ideals and ideas, and refusing to move on into the west where new things await. West Egg represents how Gatsby and Nick are living in the present and they try to move out of the past life and ideals. They are able to look to the future instead of being held back in the past. They are unafraid to try new things. NICKS QUOTE ABOUT THE AMERICAN DREAM â€Å"the green light, the orgiastic future  that year by year recedes before us. It eluded us then, but thats no mattertomorrow we will run faster, stretch out our arms farther. And one fine morning So we beat on, boats against the current, borne back ceaselessly into the past. TOM AND DAISY QUOTE – â€Å"They were careless people, Tom and Daisy they smashed up things and creatures and then retreated back into their money of their vast carelessness, or whatever it was that kept them together and let other people clean up the mess they had made.† Myrtle Wilson – Much like Daisy, Myrtle also symbolises a plant, however, Myrtle (translated from old English) means evergreen shrub, which is a very common plant. This is a valley of ashesa fantastic farm where ashes grow like wheat into ridges and hills and grotesque gardens; where ashes take the forms of houses and chimneys and rising smoke and, finally, with a transcendent effort, of men who move dimly and already crumbling through the powdery air. Occasionally a line of gray cars crawls along an invisible track, gives out a ghastly creak, and comes to rest, and immediately the ash-gray men swarm up with leaden spades and stir up an impenetrable cloud, which screens their obscure operations from your sight. He thinks she goes to see her sister in New York. Hes so dumb he doesnt know hes alive. I married him because I thought he was a gentlemanI thought he knew something about breeding, but he wasnt fit to lick my shoe. Colors Symbolism, Imagery, Allegory Sometimes we sound like art snobs when we talk about The Great Gatsby (Look at the use of green! Such marvelous blues, and so forth). Honestly, it seems like there’s a little too much color stuff going on here to be coincidental. Yellow and Gold: Money, Money, Money. Oh, and Death. First off, we’ve got yellows and golds, which we’re thinking has something to  do with†¦gold (in the cash money sense). Why gold and not green? Because we’re talking about the real stuff, the authentic, traditional, old money – not these new-fangled dollar bills. So you’ve got your yellow cocktail music playing at Gatsby’s party where the turkeys are bewitched to dark gold and Jordan and Nick sit with two girls in yellow. It seems clear, then, that Gatsby is using these parties to try to fit in with the old money crowd. And it doesn’t stop there; when Gatsby is finally going to see Daisy again at Nick’s house, he wears a gold tie. Nick later mentions the pale gold odor of kiss-me-at-the-gate, which may seem weird (since last we checked, colors didn’t have a smell) until we remember Nick’s description of New York as a wish out of non-olfactory money. Odor then is associated with gold, and non-odor with money. The difference? Perhaps the same distinction as Daisy’s upper class world and Gatsby’s new-found wealth. While Gatsby buys a yellow car to further promote his facade, he’s really not fooling anyone. Lastly, we’ve got Daisy, who is only called the golden girl once Gatsby realizes that her voice, her main feature, is full of money. Yellow is not just the color of money, but also of destruction. Yellow is the color of the car that runs down Myrtle. The glasses of Eckleburg, looking over the wasteland of America, are yellow. This dual symbolism clearly associates money with destruction; the ash heaps are the filthy result of the decadent lifestyle led by the rich. White: Innocence and Femininity. Maybe. While we’re looking at cars, notice that Daisy’s car (back before she was married) was white. So are her clothes, the rooms of her house, and about half the adjectives used to describe her (her white neck, white girlhood, the king’s daughter high in a white palace). Everyone likes to say that white in The Great Gatsby means innocence, probably because 1) that’s easy to say and 2) everyone else is saying it. But come on – Daisy is hardly the picture of girlish innocence. At the end of the novel, she is described as selfish, careless, and destructive. Does this make the point that even the purest characters in Gatsby have been corrupted? Did Daisy start off all innocent and fall along the way, or was there no such purity to begin with? Or, in some way, does Daisy’s decision to remain with Tom allow her to keep her innocence? We’ll keep thinking about that one.  Blue: This One’s Up For Grabs Then there’s the color blue, which we think represents Gatsby’s illusions his deeply romantic dreams of unreality. We did notice that the color blue is present around Gatsby more so than any other character. His gardens are blue, his chauffeur wears blue, the water separating him from Daisy is his blue lawn, mingled with the blue smoke of brittle leaves in his yard. His transformation into Jay Gatsby is sparked by Cody, who buys him, among other things, a blue coat. Before you tie this up under one simple label, keep in mind that the eyes of T.J. Eckleburg are also blue, and so is Tom’s car. If blue represents illusions and alternatives to reality, God may be seen as a non-existent dream. As for Tom’s car†¦well, you can field that one. Grey and a General Lack of Color: Lifelessness (no surprise there) Then there is the lack of color presented in the grey ash heaps. If the ash heaps are associated with lifelessness and barrenness, and grey is associated with the ash heaps, anyone described as grey is going to be connected to barren lifelessness. Our main contender is Wilson: When anyone spoke to him he invariably laughed in an agreeable colorless way. Wilson’s face is ashen. His eyes are described as pale and glazed. It is then no coincidence that Wilson is the bearer of lifelessness, killing Gatsby among yellow leaved trees, which we already decided had something to do with destruction. Green: Life, Vitality, The Future, Exploration Last one. We’re thinking green = plants and trees and stuff, so life and springtime and other happy things. Do we see this in The Great Gatsby? The most noticeable image is that green light we seem to see over and over. You know, the green light of the orgastic future that we stretch our hands towards, etc. etc. We can definitely see green as being hopeful, as being the future, as being vitality and freshness. Right before these famous last lines, Nick also describes the fresh, green breast of the new world, the new world being this land as Nick imagines it existed hundreds of years before. The new world might be green, but when Nick imagines Gatsby’s future without Daisy, he sees a new world, material without being real, where poor ghosts, breathing dreams like air, drifted fortuitously aboutlike that ashen fantastic figure gliding toward him through the amorphous trees. Nick  struggles to define what the future really means, especially as he faces the new decade before him (the dreaded thirties). Is he driving on toward grey, ashen death through the twilight, or reaching out for a bright, fresh green future across the water?

Ang Katay Essay Example for Free

Ang Katay Essay Riting a biography is hard work. Whether its analyzing the mindset of philosophers who died many millennia ago, or encapsulating the lasting impact of the life of an American president, its always a great challenge. Fortunately, youre not alone on your quest to write an A essay. Couselling on Smoking Cessation Therapeutics II: Counselling on Smoking Cessation Nancy Unsworth March 18, 2011 Counselling on Smoking Cessation For the purpose of this assignment, this client will Premium 4130 Words 17 Pages Jack London Jack London Jack London is one of the most famous American writers. He wrote many great books over his short lifetime. Many of his stories are about animals and nature Premium 2680 Words 11 Pages Mary Shelley: Life of Literature I, the miserable and the abandoned, am an abortion, to be spurned at, and kicked, and trampled on (SparkNote on Frankenstein). This famous quote said by Frankenstein, in Premium 1429 Words 6 Pages Chief Lieutenant of the Tuskegee Machine Gaitor, Bridget Word Count: 1,859 The Chief Lieutenant of the Tuskegee Machine by David H. Jackson Jr. exemplifies the life of Charles Banks as Booker T. Washingtons Premium 1881 Words 8 Pages John Steinbecks Greatest Accomplishments John Steinbeck, born in 1902 in Salinas California to John Ernst and Olive Hamilton Steinbeck, became one of the greatest American writers of his century. Growing up Premium 973 Words 4 Pages The Consumer Appeal of Underdog Branding.Docx

Security Forensics and Risk Management

Security Forensics and Risk Management Acknowledgement Foremost I would like say thanks to god for all support in all my life and secondly University of Greenwich to give this my life aim to complete my masters. Next my supervisor Professor Kevin Parrott to the supports he gave because without his support I wouldnt be able to complete my project with this quality. Especially the suggestions and appreciation given my supervisor make me feel better and gave positive thinking. Finally need to thank my family and friends for unbelievable supports and encouragements. Abstract As we are in the information era the world is changing to use electronic means for day to day use. The paper documents is gone and most of them are paper free because of so many reasons such as pollution, easy, fast, etc At the same time this digital media has availability, scalability, confidentiality and integrity which are required behaviour for secure communication. The risk is increased with the increase of computer and digital means usage and the single security lack may cause huge losses. There are some surveys says most of the crimes are happening through electronic means and the target is computer or computer peripherals. If the attacker found a single security lack that is enough to start and break the whole system and the security lack could be configuration mistake, firewall issue and basically problems in the protection mechanism. Because of these reasons testing become very important and this process called as Auditing. There are so many types in the auditing and this auditing requires technical knowledge to make these tests perfect and to give an audit report including suggestions. The auditing falls into two main categories such as Automatic and manual. The test will be efficient if it is automated using testing tools which are called as automated or computerised test. Even though there are some tests cannot be automated and need to test manually. This auditing covers network security test, physical or environment security test, computer security test which includes software and hardware tests. The computerised test will carry on with some security tools and the manual will use questioner to minimise human made errors mainly forgetting.   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Security audit is the technical assessment of the application or system. The assessment may be manual or systematic or both. In most case the auditing process uses manual and systematic/ automatic methods because there are some tests cannot be automatic such as review of the security policy, asset management, etc   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  This auditing has different types such as internal or external. This type is depends on the company size and the resource availability. Usually big companies have their own security auditor so they will perform the audit internally and the small and medium size companies mostly hire auditor form outside. Both types got pros and cons in security and financial manor. Chapter 1 Introduction This chapter largely contains non-technical information to give the understanding of high level objectives. Also describe the techniques and technologies used in the project and research to accomplish the project Objective Audit The audit is a systematic or manual security assessment of the network, infrastructure, system, etc The complete audit should be the combination of manual and automatic assessment because in every test target there will be some test cannot be automatic. The audit has so many categories and the following paragraph will explain about the categories and the functions or techniques behind that. There are 3 controls in the auditing process which are Preventive control The preventive controls are controls may in the form of software or hardware or ant configuration to prevent the error or vulnerabilities. This is an active type control always monitor the interface for any vulnerabilities and block such vulnerabilities or errors before it enter into the system or infrastructure. This is most effective control mechanism because not allows the vulnerabilities. Detective control The detectives are in placed to monitor the vulnerabilities in the form of software or hardware but the different between preventive and detective is the preventive wont allow the vulnerabilities into the system where detective allows entering everything and correcting the vulnerabilities after enter. The best example is for this control is fire alarm because fire alarm wont prevent the fire before but if any fire it will work. Corrective controls The corrective controls are the controls to correct the error or issue before it make any harm. This is very important control for all places even if they have other controls because there are some issues or vulnerabilities cannot detect by the controls if they will come and attack so there should be some control to correct those before loss occur. Addition to that the controls should up to date such as latest firmware or latest definition. Type of auditors   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  There are two basic types of auditors in the information era the internal and external auditors. This selection of the auditor will be done by the management with the use of financial status of the organisation. Size of the organisation and the policies defined in the company. Internal auditors Internal auditors are auditors belong to that particular company which is going to perform the audit. That means the auditor is an employee of the company. So the auditor is always available to do the auditing and data or information will keep within the organisation. This is the main advantage of having the internal auditor and the same time and the employee purposely recruited for auditing then is cost a lot for the company. So it is only possible for the big level companies because they have huge investments and revenue. The disadvantage of the internal auditor is they may be up-to-date and dont have current market or audit status such as new techniques and tools. External auditors The auditor recruited from other auditing firm for the auditing so it is very hard to find professional auditor because of the availability and as the auditor recruited from outside the company information may go out. At the same time the auditor needs some time to get and understand the company process. But the advantage of recruiting the external auditor is their knowledge and it is suitable for middle and small level companies. Types of Audit: Traditional Audit It is just like a manual auditing. It is useful when working with a large amount of data in a large company. Here auditor took some sample data from different place then provide a report. Advantage: Easy Cheaper Disadvantage: Always do not provide correct information. In IT sector it is not useful. Software audit: Software audit is a wide popular for any educational institute or organization. It is just like a review of the software and the system that can find all information of the system such as operating system, application software, processor, drives, controllers, bus adapters, multimedia, virus protection, system model, main circuit board, memory models, local drive volumes, network drives, printers information etc.. There are so many auditing tools in the market such as Belarc Advisor, E-Z audit that are very power full. KW116 is the main Lab for school of computing and mathematical science in University of Greenwich. CMS installed lots of software for students to continue study or research. According to Copy right, Design and Patents Act 1988, all Software must have a valid licences to continue the process. As Lab uses large amount of software and different software expire on different time so it is very difficult for Lab administrator to keep up to date all licence by manually checks. Only auditing by software can possible to give details report to administrator to keep up safe the system. Advantages: Correct Information: Machine always provide the correct information so it has less chance to provide the incorrect information. Save time: Software very quickly provides a report of the system so it saves time. Details description: It provide a details description of system including any warning or licences issues etc Minimise the cost: By implementing the software audit two peoples work may possible with one people so it reduce the extra cost. Disadvantages: Investment Costly: Software is very expensive so university need extra money to buy this software. Risk: Auditor knows the details information of the system. Work flow: Auditor needs part of the lab to check the system. So it discontinues the student workflow. The approach The typical audit has different approach to collect the data. The single audit will use multiple techniques to gather full information and it is necessary to use different technique for different level of people. These are common techniques here. Interview This technique uses to collect the information from outside people or top level people and the number should be limited. During the interview the auditor or interviewer will ask questions from other people and collect the information. So the person will be well prepared for the interview. This is very robust method because it will allow people to express fully and the method also simple as it is talking which is natural way to communicate. Another advantage is this bi directional communication, means both parties allows to ask questions for clarification or gather information. Observation This method uses in the place where real time process monitoring or behavioural change is required. This is a powerful way of do the changes throughout the audit because other techniques exist in currently not possible to get real time information. Inspection The technique required to do some action with collected data to collect audit related information. This is the form of observation with advance criteria expected. This is extended version of observation because if the auditor apply any advance criteria to gather the data which is necessary to the auditing. After collecting the data the next step is to identify the weakness and process it. The identifying is the key work in the audit and after that categorising. The identifying uses some techniques to make that easy, preface and professional. The techniques used here are Root cause analysis General technique for analyse and get the better solution for the vulnerability or weakness. Because this technique drilldowns to the issue and finds the root and fix the weakness. The basic technique behind this is if the root is fixed automatically it will fix all other problems related to that. So simply close all related issues at once. As mention the easy and robust way to stop the issues exist and the issues may come in the future. After root cause analysis the next step is to get the solution for the root of the issue. The important thing here is choosing better and effective solution for the issue. The selection depends on some external and internal restrictions. Organisation policy Cost per benefit Legal restrictions Availability Compatibility Vendor and citification Advantage of having Auditing: Satisfaction: It brings the confidence of the Lab administrator of the University of Greenwich to continue the business process. Owner always thinks is there any lack that breaks down the continuity of the business. Detection and prevention of errors: Human can made error in any times .on one can say there is no error in there company. By auditing people can find the error and suggestion to recover the error. Detection and prevention of fraud: It also just likes errors. Sometimes user intentionally or unintentionally does this thing. So after audit we can find out the fraud. Verification of the Licences: KW116 Lab installs lots of software for student. Here some software for 1 year some software for more than one year and some software has limitation (No. Of user can use) for use. So auditor can find all kind of licence issues. Independent opinion: Audit always done by the independent people .so this report always accepted by everyone. Safety form exploitation: Health and safety always is a big issue for any organization. KW116 Lab got lots of equipment that are connected with electricity. So always chances for short circuit or exploitation. Audit identifies the all lack point and advice for prevention. Disadvantage of having Auditing: It is expensive Sometimes slow or stop the work flow External people know the company information. Encryption Encryption is the simple technique in the different for to send the date securely through shared place like internet. The form of encryption may vary from each other but they all commonly use digital certificate to encrypt and decrypt the data. Encryption use keys to make cipher text from actual message. The cipher text is not readable and it is the encrypted version of the massage using some algorithm. Security roles/user roles The security roles are very important technique to make network administration easy. This is basically creating some groups with different permissions according to the organisation operation or policy. A user or staff can have multiple security roles according to their need. This roles use to authorise the user permission. Security policy Security policy is a document which has all rules and regulations documented and approved by management and align with laws and legislation. This policy is used to define all activities and this is used to make some decision. Business Continuity: There are three things always we have to mind to continue the business Essential: to running the business any customer order cannot be delay more than seven days. Tolerate delay: some application may delay to continue the business such as management pay. It is a midterm i.e. one to four weeks. Discretionary: some application is useful for business but it is not affected to continue the business operation such as management report. It is a long term i.e. 3 to 6 months. Business continuity planning Business continuity planning (BCP) is the most important for any organization to continue the business. BCP engages with only different kind of risk to continue the business process that might occur in the organization and it also creates the policies, plan and procedures to reduce the risk. BCP can continue the business process in disaster situation as well. The main goal of the BCP is to combine together all policies, procedures and process so that any disruptive situation business process can continue or it may impact very little. Here main important function of BCP is Maintaining the business operation Continue the business in emergency situation Reduce the risk If any situation BCP cannot take over then Disaster recovery planning (DRP) takes over. British Auditing Standard BS7799: It is a British standard called as BS7799 that developed by British standard institution where describes the security policy and standard procedures.BS7799 become the ISO IEC 17799 after accepting the ISO IEC technical committee for international use. Now a days information is a valuable asset for organization .So it is very important to protect the information like other corporate asset. Here BS7799 introduces how to protect the information from threats and suggest the three points to secure the information such as Integrity: it is assurance the completeness and accuracy of the information. Confidentiality: Information can only access by the authorise people Availability: Authorise people can access the information when needed. Attacks and prevention for the attacks Errors and Omissions: Errors and Omission is one of the most common and toughest vulnerabilities .It is a human made error because human interact with programming, controlling and enter data for computer. There are no countermeasures to protect the errors and omission. Fraud and theft: It is a one kind of criminal activities that may occur in the KW116 Lab. It includes computer component such as mouse, keyboard, router, switch, cables, CPU box etc. It was observed that security person always not in the access point. So it is harm to secure the lab from fraud and theft. By protecting the access control we can reduce the fraud and theft. Both internal and external people are responsible for that kind of activities. Prevention of Fraud and theft: Regular auditing and monitoring program will help to identify all kind of fraud and theft. Deploy all of the access control. CCTV in proper place. Virus: Virus is a malicious code that has ability to reproduce his code itself and spread one system to another system via e-mail, downloading, storage devices (CD, DVD, memory stick, removal hard drive) and destroy the computer system. It was observed that removal memory stick all most every user are using and it is the most change to spread the virus in the Lab computer system and also observed user are using their own laptop and connected to the university wireless network. If user laptop effected with virus then it also change to spread the lab network that can affect the internal network and attack the server and crash the hard drive. Prevention: Install the latest antivirus software. Regular update the antivirus software. Follow the backup procedures regularly. Scan the device when transfer data. Installing the NIDS (Network Intrusion detection system) and firewall Minimise the download from internet. Download only repudiated site web site. Scan before the download. Care full to open unknown e-mail attach. Scan all incoming file from the remote site. Aware the user about danger of the virus. Trap-doors: It is an undocumented command that might user can create to speed up the work flow. Unfortunately sometimes student might leave these trap-doors. Prevention of Trap-doors: Use latest antivirus software. Give permission to develop the code only authorise people. Check properly all coding before use it. Logic bombs: It work s like time bombs and affect the system in a particular event or day such as program launch, website logon. It changes the data and deletes the data from the system. Here student are accessing the lots software to do the course work or project. So they are strong enough to build the logic bombs. It is normally happen in company if employee leaves the job. Prevention: Audit regularly and monitoring Always back up the necessary file Allow authorise people to develop the code Need record of all modification or changes Trojan Horses: It is a software programming that contains the malicious code. Normally students are interested to download the music, free software from internet. It is the most change to affect the lab computer and destroy the data stored on lab computer system. Prevention: Avoid unwanted software and music download from internet. Aware the user about Trojan Horses. Worm: Warm also is a malicious code that can spread itself without any human involvement from one system to another system .It works only computer network system and does not need any devices to transport. Prevention: Use firewall Use update antivirus software Spyware: It is an unwanted software interface that monitors the activity of the user and transfers the important information like log in details or account details to the remote system that monitor the user activities. Adware: It is also similar to spyware but it does not intent to transfer the user details to a remote system. It works like advertisements on the internet. Some adware monitor the searching behaviour of the user and then redirect the related websites. Prevention of Adware /Spyware: Close the pop up window. Aware about the spyware/adware. Click only reputed link. Social Engineering: Most of the users are getting unknown mail and they are also chatting with unknown people. Social engineering is one of the most popular techniques that attackers use to access the system by sending the mail or chatting with people to know the password. So it is a major risk to the security of the password. Prevention: Not response the unknown mail. Not chatting with unknown people. Dont give any one personal information or login id. Proper training or aware the new user about social engineering. Ping of death: we have only permission to send the largest packet (65,536 bytes) on the server. Attackers know this amount of bytes from ICMP specification. So they try to send the packets more than 65,536 bytes (at least 65,537). If the server does not check the size of the packet and try to process then it hung or crashed the operating system. Dumpster diving: Every day Lab user printing there necessary document but sometimes by mistake they are printing unnecessary document and end of the day through all document in the bin. Hacker is very intelligence. They always look at the bin and find the necessary document to access the network. Prevention: Destroy all documents before put in a bin Natural disasters: If anything happen that is not under control of human it is called natural dusters such as earthquakes, volcano, floods, fires, storms, hurricanes etc It may occur in any time but most risk is the fire for KW116 lab. It may cause from heater, power supply, over heating the power box, short circuit etc. Natural disaster is less chance for lab but it affect is more than any threat .It may destroy the part of the building, loses the all information. Prevention: Follow the health and safety procedures. Clear the fire exit. Aware the user about possible disaster. Man-Made Disasters: If anything happen intentionally to destroy the business process or destroy the part of the business and it is control of human then it is called the Man-Made Disaster such as Fire, Act of Terrorism, Bombings/Explosions, and Power Outages etc. Prevention: Check always ID card Allow only authorise people Use metal detector CCTV Equipment failure: Students are always busy with their course work and other course related work so equipment failure may loss the all data. Prevention: Use extra UPS Back up all data Auditing Stages/Steps Scope and Pre-Audit survey Planning Field work Analysis Reporting Scope and Pre-Auditing The first step or stage of the audit is to understand the purpose of the audit and the areas need to cover during the audit. Understanding the audit purpose is basically get the idea why this audit needs to perform; means any special risk assessment or annual audit. If it is special risk assessment audit this will be more specific and the scope will be narrow and deep otherwise if it is annual audit it will be the general audit to cover as much as possible area. Pre-Auditing survey is to verify the audit areas using risk management techniques and some general techniques such are reading previous audit report, web browsing, background reading, etc This will reduce the chance of failure by correcting the plan by lesson learned. Planning and Preparation In this stage the scope is going to break into small areas to make auditing easier and clear. So the clarity will be more and purpose will be easy to understand. Usually this stage will involve the work breakdown plan and risk control matrix. The risk control matrix is just a check list contains questions to carry out during the audit. Field work Actual auditing will perform during this stage by different techniques or methods. Simply it starts with interviewing staff or students using questioner or oral interview to system or network test by auditing software tools. The result of this stage will be the evidence of the audit to get a conclusion or submit to the management with audit report. So this will be the most important stage in the audit process. This step may use several testing software tools depend on the scope of the audit and the software selection is another key event of the audit process because there are so many fake software applications available in the market. Actually those are virus and the reason of making virus in the form of auditing tools. The reason of spreading the virus in the form of auditing or testing tool is very easy and hart to detect. Analysis Using the evidences or any results collected in the previous stage are the input of this stage. This stage is fully analysis and decision making so it needs a lots of time to investigation and assessment. The most sensitive area of the audit process is analysis because this is the place going to take the decision to submit to the board so that should be perfect otherwise the audit is useless and it will lead to make some wrong decision. Reporting The stage is to present all audit findings in the form of report. This is the document contains all evidences, analysis results, suggestions recommendations, conclusion, etc This document will pass to the management or the higher level people to review approve and take necessary action if necessary. The report should be clearly written and easy to understand because this document need for future also to give some information to start next auditing or to take some strategic decision. Problem Domain Because of the increased use of university of Greenwich KW116 lab the chances of threats or issues are high and this is the responsibility of the student and the staff to make the lab secure in all aspects. The reason of this project based on KW116 is that is the lab used by the students largely and usually network related or any other lab sessions and happening in this lab so if the lab got any security hole or lack that may affect the student and the staffs. Easiest way to ensure the security level of the lab is auditing. This auditing needs to cover all areas from physical security to network security. Then only this will the perfect audit and the audit can use some standard checklist to make more efficient and to eliminate human made errors such as forgotten, typing mistakes, etc There are so many ways to make sure the security level such as penetration testing and vulnerability testing. These are more specific with attacks and threats and for the general purpose security audit is the suitable one as it will cover all areas of the security. According the reasons given above the general security audit is the most suitable technique to verify the security level of the lab. So the auditing will cover most of the areas of the lab with the aid of standard checklist which is approved by British Standard Institute. Test behind the auditing Physical test Network test Software Test Security Policy test Hardware/Peripherals test Access control test Objectives To evaluate the actual level of security that exists at The University of Greenwich Maritime campus KW116 Lab. Activities plan and schedule the audit Auditing with software tools Analysis audit result Deliverable Detailed audit report with suggestions and recommendation This is the main objective of the project and this will carry on with several tools like packet sniffer, port scanner software, etc There are three different tests using these tools to identify internal and external vulnerabilities. To evaluate various methods of implementing the security policy, determine the security weaknesses and implement risk management for the existing security weaknesses. University lab security policy review Analysis Deliverable Detailed security policy analysis report with changes/suggestions/recommendation. The reason of this objective is to stop the holes from policy level because this is the easy way to implement. Learn Audit and Audit process and practice auditing and Research auditing products available in the market and select appropriate. This task is fully learning about audit and audit related stuffs. This objective is the key or starter of this project because if project start without proper knowledge that will mislead to somewhere else not to project aim. To draft a new security policy that addresses the existing weakness to the management. According to the analysis draft a security policy to fix or overcome all existing security holes. Deliverable Draft security policy How the objectives will be achieved Third and fourth objectives will be achieved with books and internet. This objective will give the idea about auditing the outcome of this objective will be a documentation which contains all requirements which need to cover in this project. The research will give the details about tools which requires to perform the auditing the methods/process for the auditing. Internet is the main and basic mean for this research as it is easy to access and with wide range of data. Tools which identified from the research will used to perform the security auditing and this audit result will monitor in real-time and document instantly. Mostly these tools will be freeware and from well-known vendor. The auditing will perform in three different views to make sure the area is secured fully. The views are inside computer local network, outside computer local network, outside computer different network. Audit Methodology This project uses two different methodologies to accomplish the task such as checklist and questioner. The check list is an aid for the auditor to perform the audit and it is a manual to the audit. So the checklist will contains all tests need to perform during the auditing where questioner is to get the opinion or feedback for the staffs and students (generally this will be feedback from stockholders). The analysis also will carry in two different way using questioner and the checklist and finally compare both and get the conclusion. The questioner and checklist covers most of the areas and those are grouped separately to make the auditors life easy and more understandable. The areas coved in the documents are Physical Security/ E Security Forensics and Risk Management Security Forensics and Risk Management Acknowledgement Foremost I would like say thanks to god for all support in all my life and secondly University of Greenwich to give this my life aim to complete my masters. Next my supervisor Professor Kevin Parrott to the supports he gave because without his support I wouldnt be able to complete my project with this quality. Especially the suggestions and appreciation given my supervisor make me feel better and gave positive thinking. Finally need to thank my family and friends for unbelievable supports and encouragements. Abstract As we are in the information era the world is changing to use electronic means for day to day use. The paper documents is gone and most of them are paper free because of so many reasons such as pollution, easy, fast, etc At the same time this digital media has availability, scalability, confidentiality and integrity which are required behaviour for secure communication. The risk is increased with the increase of computer and digital means usage and the single security lack may cause huge losses. There are some surveys says most of the crimes are happening through electronic means and the target is computer or computer peripherals. If the attacker found a single security lack that is enough to start and break the whole system and the security lack could be configuration mistake, firewall issue and basically problems in the protection mechanism. Because of these reasons testing become very important and this process called as Auditing. There are so many types in the auditing and this auditing requires technical knowledge to make these tests perfect and to give an audit report including suggestions. The auditing falls into two main categories such as Automatic and manual. The test will be efficient if it is automated using testing tools which are called as automated or computerised test. Even though there are some tests cannot be automated and need to test manually. This auditing covers network security test, physical or environment security test, computer security test which includes software and hardware tests. The computerised test will carry on with some security tools and the manual will use questioner to minimise human made errors mainly forgetting.   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Security audit is the technical assessment of the application or system. The assessment may be manual or systematic or both. In most case the auditing process uses manual and systematic/ automatic methods because there are some tests cannot be automatic such as review of the security policy, asset management, etc   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  This auditing has different types such as internal or external. This type is depends on the company size and the resource availability. Usually big companies have their own security auditor so they will perform the audit internally and the small and medium size companies mostly hire auditor form outside. Both types got pros and cons in security and financial manor. Chapter 1 Introduction This chapter largely contains non-technical information to give the understanding of high level objectives. Also describe the techniques and technologies used in the project and research to accomplish the project Objective Audit The audit is a systematic or manual security assessment of the network, infrastructure, system, etc The complete audit should be the combination of manual and automatic assessment because in every test target there will be some test cannot be automatic. The audit has so many categories and the following paragraph will explain about the categories and the functions or techniques behind that. There are 3 controls in the auditing process which are Preventive control The preventive controls are controls may in the form of software or hardware or ant configuration to prevent the error or vulnerabilities. This is an active type control always monitor the interface for any vulnerabilities and block such vulnerabilities or errors before it enter into the system or infrastructure. This is most effective control mechanism because not allows the vulnerabilities. Detective control The detectives are in placed to monitor the vulnerabilities in the form of software or hardware but the different between preventive and detective is the preventive wont allow the vulnerabilities into the system where detective allows entering everything and correcting the vulnerabilities after enter. The best example is for this control is fire alarm because fire alarm wont prevent the fire before but if any fire it will work. Corrective controls The corrective controls are the controls to correct the error or issue before it make any harm. This is very important control for all places even if they have other controls because there are some issues or vulnerabilities cannot detect by the controls if they will come and attack so there should be some control to correct those before loss occur. Addition to that the controls should up to date such as latest firmware or latest definition. Type of auditors   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  There are two basic types of auditors in the information era the internal and external auditors. This selection of the auditor will be done by the management with the use of financial status of the organisation. Size of the organisation and the policies defined in the company. Internal auditors Internal auditors are auditors belong to that particular company which is going to perform the audit. That means the auditor is an employee of the company. So the auditor is always available to do the auditing and data or information will keep within the organisation. This is the main advantage of having the internal auditor and the same time and the employee purposely recruited for auditing then is cost a lot for the company. So it is only possible for the big level companies because they have huge investments and revenue. The disadvantage of the internal auditor is they may be up-to-date and dont have current market or audit status such as new techniques and tools. External auditors The auditor recruited from other auditing firm for the auditing so it is very hard to find professional auditor because of the availability and as the auditor recruited from outside the company information may go out. At the same time the auditor needs some time to get and understand the company process. But the advantage of recruiting the external auditor is their knowledge and it is suitable for middle and small level companies. Types of Audit: Traditional Audit It is just like a manual auditing. It is useful when working with a large amount of data in a large company. Here auditor took some sample data from different place then provide a report. Advantage: Easy Cheaper Disadvantage: Always do not provide correct information. In IT sector it is not useful. Software audit: Software audit is a wide popular for any educational institute or organization. It is just like a review of the software and the system that can find all information of the system such as operating system, application software, processor, drives, controllers, bus adapters, multimedia, virus protection, system model, main circuit board, memory models, local drive volumes, network drives, printers information etc.. There are so many auditing tools in the market such as Belarc Advisor, E-Z audit that are very power full. KW116 is the main Lab for school of computing and mathematical science in University of Greenwich. CMS installed lots of software for students to continue study or research. According to Copy right, Design and Patents Act 1988, all Software must have a valid licences to continue the process. As Lab uses large amount of software and different software expire on different time so it is very difficult for Lab administrator to keep up to date all licence by manually checks. Only auditing by software can possible to give details report to administrator to keep up safe the system. Advantages: Correct Information: Machine always provide the correct information so it has less chance to provide the incorrect information. Save time: Software very quickly provides a report of the system so it saves time. Details description: It provide a details description of system including any warning or licences issues etc Minimise the cost: By implementing the software audit two peoples work may possible with one people so it reduce the extra cost. Disadvantages: Investment Costly: Software is very expensive so university need extra money to buy this software. Risk: Auditor knows the details information of the system. Work flow: Auditor needs part of the lab to check the system. So it discontinues the student workflow. The approach The typical audit has different approach to collect the data. The single audit will use multiple techniques to gather full information and it is necessary to use different technique for different level of people. These are common techniques here. Interview This technique uses to collect the information from outside people or top level people and the number should be limited. During the interview the auditor or interviewer will ask questions from other people and collect the information. So the person will be well prepared for the interview. This is very robust method because it will allow people to express fully and the method also simple as it is talking which is natural way to communicate. Another advantage is this bi directional communication, means both parties allows to ask questions for clarification or gather information. Observation This method uses in the place where real time process monitoring or behavioural change is required. This is a powerful way of do the changes throughout the audit because other techniques exist in currently not possible to get real time information. Inspection The technique required to do some action with collected data to collect audit related information. This is the form of observation with advance criteria expected. This is extended version of observation because if the auditor apply any advance criteria to gather the data which is necessary to the auditing. After collecting the data the next step is to identify the weakness and process it. The identifying is the key work in the audit and after that categorising. The identifying uses some techniques to make that easy, preface and professional. The techniques used here are Root cause analysis General technique for analyse and get the better solution for the vulnerability or weakness. Because this technique drilldowns to the issue and finds the root and fix the weakness. The basic technique behind this is if the root is fixed automatically it will fix all other problems related to that. So simply close all related issues at once. As mention the easy and robust way to stop the issues exist and the issues may come in the future. After root cause analysis the next step is to get the solution for the root of the issue. The important thing here is choosing better and effective solution for the issue. The selection depends on some external and internal restrictions. Organisation policy Cost per benefit Legal restrictions Availability Compatibility Vendor and citification Advantage of having Auditing: Satisfaction: It brings the confidence of the Lab administrator of the University of Greenwich to continue the business process. Owner always thinks is there any lack that breaks down the continuity of the business. Detection and prevention of errors: Human can made error in any times .on one can say there is no error in there company. By auditing people can find the error and suggestion to recover the error. Detection and prevention of fraud: It also just likes errors. Sometimes user intentionally or unintentionally does this thing. So after audit we can find out the fraud. Verification of the Licences: KW116 Lab installs lots of software for student. Here some software for 1 year some software for more than one year and some software has limitation (No. Of user can use) for use. So auditor can find all kind of licence issues. Independent opinion: Audit always done by the independent people .so this report always accepted by everyone. Safety form exploitation: Health and safety always is a big issue for any organization. KW116 Lab got lots of equipment that are connected with electricity. So always chances for short circuit or exploitation. Audit identifies the all lack point and advice for prevention. Disadvantage of having Auditing: It is expensive Sometimes slow or stop the work flow External people know the company information. Encryption Encryption is the simple technique in the different for to send the date securely through shared place like internet. The form of encryption may vary from each other but they all commonly use digital certificate to encrypt and decrypt the data. Encryption use keys to make cipher text from actual message. The cipher text is not readable and it is the encrypted version of the massage using some algorithm. Security roles/user roles The security roles are very important technique to make network administration easy. This is basically creating some groups with different permissions according to the organisation operation or policy. A user or staff can have multiple security roles according to their need. This roles use to authorise the user permission. Security policy Security policy is a document which has all rules and regulations documented and approved by management and align with laws and legislation. This policy is used to define all activities and this is used to make some decision. Business Continuity: There are three things always we have to mind to continue the business Essential: to running the business any customer order cannot be delay more than seven days. Tolerate delay: some application may delay to continue the business such as management pay. It is a midterm i.e. one to four weeks. Discretionary: some application is useful for business but it is not affected to continue the business operation such as management report. It is a long term i.e. 3 to 6 months. Business continuity planning Business continuity planning (BCP) is the most important for any organization to continue the business. BCP engages with only different kind of risk to continue the business process that might occur in the organization and it also creates the policies, plan and procedures to reduce the risk. BCP can continue the business process in disaster situation as well. The main goal of the BCP is to combine together all policies, procedures and process so that any disruptive situation business process can continue or it may impact very little. Here main important function of BCP is Maintaining the business operation Continue the business in emergency situation Reduce the risk If any situation BCP cannot take over then Disaster recovery planning (DRP) takes over. British Auditing Standard BS7799: It is a British standard called as BS7799 that developed by British standard institution where describes the security policy and standard procedures.BS7799 become the ISO IEC 17799 after accepting the ISO IEC technical committee for international use. Now a days information is a valuable asset for organization .So it is very important to protect the information like other corporate asset. Here BS7799 introduces how to protect the information from threats and suggest the three points to secure the information such as Integrity: it is assurance the completeness and accuracy of the information. Confidentiality: Information can only access by the authorise people Availability: Authorise people can access the information when needed. Attacks and prevention for the attacks Errors and Omissions: Errors and Omission is one of the most common and toughest vulnerabilities .It is a human made error because human interact with programming, controlling and enter data for computer. There are no countermeasures to protect the errors and omission. Fraud and theft: It is a one kind of criminal activities that may occur in the KW116 Lab. It includes computer component such as mouse, keyboard, router, switch, cables, CPU box etc. It was observed that security person always not in the access point. So it is harm to secure the lab from fraud and theft. By protecting the access control we can reduce the fraud and theft. Both internal and external people are responsible for that kind of activities. Prevention of Fraud and theft: Regular auditing and monitoring program will help to identify all kind of fraud and theft. Deploy all of the access control. CCTV in proper place. Virus: Virus is a malicious code that has ability to reproduce his code itself and spread one system to another system via e-mail, downloading, storage devices (CD, DVD, memory stick, removal hard drive) and destroy the computer system. It was observed that removal memory stick all most every user are using and it is the most change to spread the virus in the Lab computer system and also observed user are using their own laptop and connected to the university wireless network. If user laptop effected with virus then it also change to spread the lab network that can affect the internal network and attack the server and crash the hard drive. Prevention: Install the latest antivirus software. Regular update the antivirus software. Follow the backup procedures regularly. Scan the device when transfer data. Installing the NIDS (Network Intrusion detection system) and firewall Minimise the download from internet. Download only repudiated site web site. Scan before the download. Care full to open unknown e-mail attach. Scan all incoming file from the remote site. Aware the user about danger of the virus. Trap-doors: It is an undocumented command that might user can create to speed up the work flow. Unfortunately sometimes student might leave these trap-doors. Prevention of Trap-doors: Use latest antivirus software. Give permission to develop the code only authorise people. Check properly all coding before use it. Logic bombs: It work s like time bombs and affect the system in a particular event or day such as program launch, website logon. It changes the data and deletes the data from the system. Here student are accessing the lots software to do the course work or project. So they are strong enough to build the logic bombs. It is normally happen in company if employee leaves the job. Prevention: Audit regularly and monitoring Always back up the necessary file Allow authorise people to develop the code Need record of all modification or changes Trojan Horses: It is a software programming that contains the malicious code. Normally students are interested to download the music, free software from internet. It is the most change to affect the lab computer and destroy the data stored on lab computer system. Prevention: Avoid unwanted software and music download from internet. Aware the user about Trojan Horses. Worm: Warm also is a malicious code that can spread itself without any human involvement from one system to another system .It works only computer network system and does not need any devices to transport. Prevention: Use firewall Use update antivirus software Spyware: It is an unwanted software interface that monitors the activity of the user and transfers the important information like log in details or account details to the remote system that monitor the user activities. Adware: It is also similar to spyware but it does not intent to transfer the user details to a remote system. It works like advertisements on the internet. Some adware monitor the searching behaviour of the user and then redirect the related websites. Prevention of Adware /Spyware: Close the pop up window. Aware about the spyware/adware. Click only reputed link. Social Engineering: Most of the users are getting unknown mail and they are also chatting with unknown people. Social engineering is one of the most popular techniques that attackers use to access the system by sending the mail or chatting with people to know the password. So it is a major risk to the security of the password. Prevention: Not response the unknown mail. Not chatting with unknown people. Dont give any one personal information or login id. Proper training or aware the new user about social engineering. Ping of death: we have only permission to send the largest packet (65,536 bytes) on the server. Attackers know this amount of bytes from ICMP specification. So they try to send the packets more than 65,536 bytes (at least 65,537). If the server does not check the size of the packet and try to process then it hung or crashed the operating system. Dumpster diving: Every day Lab user printing there necessary document but sometimes by mistake they are printing unnecessary document and end of the day through all document in the bin. Hacker is very intelligence. They always look at the bin and find the necessary document to access the network. Prevention: Destroy all documents before put in a bin Natural disasters: If anything happen that is not under control of human it is called natural dusters such as earthquakes, volcano, floods, fires, storms, hurricanes etc It may occur in any time but most risk is the fire for KW116 lab. It may cause from heater, power supply, over heating the power box, short circuit etc. Natural disaster is less chance for lab but it affect is more than any threat .It may destroy the part of the building, loses the all information. Prevention: Follow the health and safety procedures. Clear the fire exit. Aware the user about possible disaster. Man-Made Disasters: If anything happen intentionally to destroy the business process or destroy the part of the business and it is control of human then it is called the Man-Made Disaster such as Fire, Act of Terrorism, Bombings/Explosions, and Power Outages etc. Prevention: Check always ID card Allow only authorise people Use metal detector CCTV Equipment failure: Students are always busy with their course work and other course related work so equipment failure may loss the all data. Prevention: Use extra UPS Back up all data Auditing Stages/Steps Scope and Pre-Audit survey Planning Field work Analysis Reporting Scope and Pre-Auditing The first step or stage of the audit is to understand the purpose of the audit and the areas need to cover during the audit. Understanding the audit purpose is basically get the idea why this audit needs to perform; means any special risk assessment or annual audit. If it is special risk assessment audit this will be more specific and the scope will be narrow and deep otherwise if it is annual audit it will be the general audit to cover as much as possible area. Pre-Auditing survey is to verify the audit areas using risk management techniques and some general techniques such are reading previous audit report, web browsing, background reading, etc This will reduce the chance of failure by correcting the plan by lesson learned. Planning and Preparation In this stage the scope is going to break into small areas to make auditing easier and clear. So the clarity will be more and purpose will be easy to understand. Usually this stage will involve the work breakdown plan and risk control matrix. The risk control matrix is just a check list contains questions to carry out during the audit. Field work Actual auditing will perform during this stage by different techniques or methods. Simply it starts with interviewing staff or students using questioner or oral interview to system or network test by auditing software tools. The result of this stage will be the evidence of the audit to get a conclusion or submit to the management with audit report. So this will be the most important stage in the audit process. This step may use several testing software tools depend on the scope of the audit and the software selection is another key event of the audit process because there are so many fake software applications available in the market. Actually those are virus and the reason of making virus in the form of auditing tools. The reason of spreading the virus in the form of auditing or testing tool is very easy and hart to detect. Analysis Using the evidences or any results collected in the previous stage are the input of this stage. This stage is fully analysis and decision making so it needs a lots of time to investigation and assessment. The most sensitive area of the audit process is analysis because this is the place going to take the decision to submit to the board so that should be perfect otherwise the audit is useless and it will lead to make some wrong decision. Reporting The stage is to present all audit findings in the form of report. This is the document contains all evidences, analysis results, suggestions recommendations, conclusion, etc This document will pass to the management or the higher level people to review approve and take necessary action if necessary. The report should be clearly written and easy to understand because this document need for future also to give some information to start next auditing or to take some strategic decision. Problem Domain Because of the increased use of university of Greenwich KW116 lab the chances of threats or issues are high and this is the responsibility of the student and the staff to make the lab secure in all aspects. The reason of this project based on KW116 is that is the lab used by the students largely and usually network related or any other lab sessions and happening in this lab so if the lab got any security hole or lack that may affect the student and the staffs. Easiest way to ensure the security level of the lab is auditing. This auditing needs to cover all areas from physical security to network security. Then only this will the perfect audit and the audit can use some standard checklist to make more efficient and to eliminate human made errors such as forgotten, typing mistakes, etc There are so many ways to make sure the security level such as penetration testing and vulnerability testing. These are more specific with attacks and threats and for the general purpose security audit is the suitable one as it will cover all areas of the security. According the reasons given above the general security audit is the most suitable technique to verify the security level of the lab. So the auditing will cover most of the areas of the lab with the aid of standard checklist which is approved by British Standard Institute. Test behind the auditing Physical test Network test Software Test Security Policy test Hardware/Peripherals test Access control test Objectives To evaluate the actual level of security that exists at The University of Greenwich Maritime campus KW116 Lab. Activities plan and schedule the audit Auditing with software tools Analysis audit result Deliverable Detailed audit report with suggestions and recommendation This is the main objective of the project and this will carry on with several tools like packet sniffer, port scanner software, etc There are three different tests using these tools to identify internal and external vulnerabilities. To evaluate various methods of implementing the security policy, determine the security weaknesses and implement risk management for the existing security weaknesses. University lab security policy review Analysis Deliverable Detailed security policy analysis report with changes/suggestions/recommendation. The reason of this objective is to stop the holes from policy level because this is the easy way to implement. Learn Audit and Audit process and practice auditing and Research auditing products available in the market and select appropriate. This task is fully learning about audit and audit related stuffs. This objective is the key or starter of this project because if project start without proper knowledge that will mislead to somewhere else not to project aim. To draft a new security policy that addresses the existing weakness to the management. According to the analysis draft a security policy to fix or overcome all existing security holes. Deliverable Draft security policy How the objectives will be achieved Third and fourth objectives will be achieved with books and internet. This objective will give the idea about auditing the outcome of this objective will be a documentation which contains all requirements which need to cover in this project. The research will give the details about tools which requires to perform the auditing the methods/process for the auditing. Internet is the main and basic mean for this research as it is easy to access and with wide range of data. Tools which identified from the research will used to perform the security auditing and this audit result will monitor in real-time and document instantly. Mostly these tools will be freeware and from well-known vendor. The auditing will perform in three different views to make sure the area is secured fully. The views are inside computer local network, outside computer local network, outside computer different network. Audit Methodology This project uses two different methodologies to accomplish the task such as checklist and questioner. The check list is an aid for the auditor to perform the audit and it is a manual to the audit. So the checklist will contains all tests need to perform during the auditing where questioner is to get the opinion or feedback for the staffs and students (generally this will be feedback from stockholders). The analysis also will carry in two different way using questioner and the checklist and finally compare both and get the conclusion. The questioner and checklist covers most of the areas and those are grouped separately to make the auditors life easy and more understandable. The areas coved in the documents are Physical Security/ E