Security

Technology Outlook Express is used for mail communication. The company must use a range of multimedia software to produce printed goods. The company has two computers one of which is High Spec used for accounting and ordering and the other for the printers. Information security management system is a set of policies connected with information security management and information security risks. The expressions came from ISO 27001. “The principle behind ISMS is that an organisation should design, implement and maintain a clear set of policies, processes and systems to manage risks to its information assets, therefore ensuring acceptable levels of information security risk.”

ISMS should be competent in the future and should adapt to changes whether they are internal or external and therefore should integrate the Plan-Do-Check-Act cycle method which will keep it up to date. From the above the company will determine whether it is cost beneficial to place for example a lock on the stationary room, if the lock cost more than the stationary then it can indeed be seen as useless reason being that the stationary can be replaced if stolen this would be a cheaper alternative to buying a lock. But a lock could act as a deterrent to stop the theft in the first place.

Web hosting as the site is not hosted by the company is it secure and safe, is it vulnerable to attack from the web hosting side. Secure passwords should be used which use a combination keyboard keys, it is also vital to see what security measures the hosting company has in place. If a hacker gets control of the company’s website then secure card details are at risk. Online sales are being processed through the website are the credit/debit card details and customer details safe and are they being encrypted e.g. SSL, where are the details being saved and who has access to them. Is the website secure e.g. VeriSign secure SSL or MacAfee hacker tested?

Are there any validations on computerized processes that are completed by employees to reduce human error, e.g. a form would only allow alphabetical letters and not allow numbers in certain text boxes such as ‘Name’ to avoid errors, or have drop down combo boxes for dates. Data protection is also vital as data should be protected either by access control, encryption and passwords. Only allowing the accounts department access to employee payrolls would increase data protection as the risk of data theft, loss and corruption occurring is reduced. As well as that the company needing to check whether the customer data is secure and employee data is secures as well as it being backed up regularly.

The company should be ready for any threats from nature; these can include floods, hurricanes/tornadoes, and earthquakes. Each of which can have a devastating effect on the company from taking out the power to destroying the premises where they are based, threats such as these are rare and should be based upon the history of the area in which the premises are located, if near a river then floods could be likely and computers and printers should be placed above the ground floor. Power generators should be used to stop power failure in case of power cuts, but most importantly premises and content should be insured in case of major disasters which could bring down the company.

Software Attack Virus protection is vital to fight the threat of software attacks regular updates should be checked for and important patches should be installed for the OS. An IDS would detect if any attack was being made and alert the appropriate person to the attack. A ‘Honey pot’ (a decoy system fabricated with useless data) should be deployed to deter hackers to it allowing the IT Security Manager to see where the hack is originating from and to block it.

Premises The premises should have locks on doors, CCTV and alarmed so that the data on the computers inside the premises is secure and reasonable steps have been taken to secure it Conclusion: Overall to comply with ISO 27001 the company needs to start looking at risks starting within the company itself, the employees are the most likely risk, steps should be taken to implement access control to the current system. The external system should be secured by means IDPS, if that is not possible a firewall should be put in place to secure the system and configured for the company’s requirements. The website should be secured if not already even if this means moving to a different host, loosing customer data to hackers could mean a drop in sales as customers will not believe their data is safe within the company, the company being sued under the Data Protection Act 1998.

References:

http://security.practitioner.com/introduction/infosec_4_4.htm

In addition to this, it is not just the organization itself that can feel the brunt of the impact of weak security. Employees whose responsibility it is to ensure that there are no weaknesses an also be hit hard. Generally, it is up to managers to ensure that there are no weaknesses in a systems security; or at least to reduce the risk of negative impact/damage on the company. This means that if there is a major weakness is found in the system of an organization, managers could lose their jobs as a result of negligence etc.

This then puts the managers in a situation where they are losing money, not just the company. Loss of Customers- Weak system security can also result in the loss of customers as people will not want to use a business that has problems with their security s their personal details or information may be at risk. For example, if a bank has a weakness in its security, and this weakness is exploited by hackers; then customers’ information may be stolen and used to purchase goods under their name.

This goes against the organization’s key responsibilities to its customers as they have a responsibility to keep their customers data safe and hidden from unrestricted access. This means that if people’s data is stolen or lost then they will more than likely move to a rival organization where they think that their data will be safer. This will result in the loss of customers from the company and a massive lost in trust; possibly resulting in the loss of jobs as there aren’t enough customers to make a profit for the company.

Increased Costs- An increase in costs can also be incurred from the weakness in a systems security. This can be caused as a result Of needing a specialist engineer etc to come in to the company to see where the weakness in the systems security is. This may cost a lot of money as it is; and more money will need to be spent in order to get another specialist to come out and fix the problems that are there. In addition to this, customers may wish to receive mom sort of compensation as payment for the information that the company has lost about them. Or Image- A poor company image can be another nasty effect of weak system security. If a major company has even one or two system weaknesses it can reflect very badly on its image as people will start to lose trust in the overall protection that the company offers to its customers. A poor company image can have a massive impact on the ability for a company to make enough money to actually make a profit on the goods they are making/selling. A poor image may then result in the loss of customers and earnings from the many.

It is therefore vital that the company ensures that there are no weaknesses in its security so that their company image stays strong. All of the above impacts can be related to the organizations key responsibilities to their Customers. The Organization has a massive responsibility to ensure that all of their customers’ personal data is kept secure, and that only the people who are authorized to access it are able to and only at the right times. This links in with the data protection act of 1998, as companies must provide suitable means of protecting customers’ data.

Biometricss is usually defined as “ the machine-controlled use of physiological or behavioral features to set up or confirm individuality ” . Physiological biometries is a unswerving dimension taken from a measuring of the human organic structure, and behavioral biometries does non straight measures description of the human organic structure through entity actions. A biometric system integrates biometric hardware and package to carry on biometric designation or confirmation.

Biometric systems changes the information axial rotation up from physiological or behavioral features into forms, which are utilized for designation. During the first phase registration procedure, where an human being original biometric sample is collected, assessed, processed, and stored for assisting and designation in a biometric system. The following measure is the capitulation procedure, where a individual uses the peculiar biometric ownership tool to provide a biometric trial.

ASSIGNMENT OBJECTIVES

1. Technological, societal and political factors that are determining the biometries market
2. identix reaction to the environmental conditions.
3. 3.Does identix appear to be moving in an ethical mode. Why or why non.
4. Support or oppose the execution of biometries Based security.

TECHNOLOGICAL SOCIAL AND POLITICAL FACTORS

Biometric hallmark has a portion in keeping and supporting our control of our ain individuality and personal informations. This emerging engineering makes it virtually impossible to presume person else ‘s alone individuality. It is a method of showing the similar type of safeguarding in the inexplicit vicinity that we merely the one time had in entranced vicinities, where the singularity of single individuality was certain by neighbours authenticating each other during facial acknowledgment.

The chief facet to measure a biometric system is its truth. From the user ‘s point of position, an mistake of truth occurs when the system fails to authenticate the individuality of a registered individual or when the system mistakenly authenticates the individuality of an interloper biometries and a database of violent felons and sex wrongdoers are at the bosom of the constabulary ‘s usage of engineering to contend offense over the following five years.Biometrics will play a important function in the hereafter of condemnable justness and patroling itself and will transform current criterion practise in jurisprudence enforcement.

Peoples tend to utilize short and easy-to-remember watchwords as they do non wish to be troubled each clip they gain entree to a system. Biometric engineering uses one or more physical identifiers to find the person ‘s designation. This may be a fingerprint, flag or retina scan, manus size, vein scan, signature, voice, 2D or 3D face. So which one is more dependable. Obviously biomterics.

This system will advance societal exclusion through disablement favoritism, age favoritism, race favoritism, and category favoritism among others. These signifiers of favoritism are built-in within the system since it is impossible to accurately roll up the informations of all people

Terrorism, drug-running, illegal in-migration and an increasing throughput of legitimate travellers is seting a strain on in-migration governments throughout the world.It is indispensable for the governments to rapidly and automatically process observant travellers and identifies the jurisprudence surfs. Biometrics is being employed in a figure of diverse applications to do this possible. The U.S. Immigration and Naturalization Service ( INS ) are a major user and judge of biometric engineerings. Systems are presently in topographic point throughout to automatize the flow of legitimate travellers and discourage illegal immigrants.

States are following biometries engineering due to political intervenes.like European brotherhood does n’t necessitate any hold in biometries passports and all member states have to follow with that. It is rather possible that statute law will come into consequence in the close hereafter to follow new prosodies engineering in public and authorities administrations.

HOW IDENTIX IS REACTING TO THE ABOVE ENVOIRNMENTAL CONDITIONS.

Identix is responding to above the environmental conditions. Identix was the first company to detect the proper algorithms for facial recognistion. specialy due to terror onslaughts in 2001 these merchandises demand increased and identix took over 30 million dollar market.Law enforcement bureaus have been used these merchandises to cut down the offense. Air larboard security have been increased to to undertake illegal immigrants

Tenprinter and fingerprinter centimeters have been installed at fourty air ports.identix is besides working with police sections to undertake the felons.

DOES IDENTIX APPEAR TO BE ACTING IN AN ETHICAL MANNER.

Biometric face acknowledgment engineerings are a new and evolving step that authoritiess and houses use to place felons and protect guiltless people. However, the shapers of this biometric face engineering must postulate with the inevitable ethical issues: what if the incorrect individual is identified or what if the engineering infringes upon single rights? Developers and research workers are invariably mensurating and proving biometric methods to guarantee that the right person is identified, although the Civil Liberties Union asserts that the engineering is, “ outpacing our basic privateness rights. ” .

Peoples believe that biometries and finger prints are associated with felons. So people have a perceptual experience job sing bio prosodies. Identix delete the record from the information if it does n’t fit the ticker list from client informations base.what if the felons reach these records. Due to cyber link offenses digital records can be collected by latest choping techniques so clients records are non safe at all times.

EXPLAIN WHY YOU SUPPORT OR OPPOSE THE IMPLEMENTATION OF BIO METRICS.

I support the biometries engineering because nowadays our security is really of import as biometries are more effectual so watchwords.key and cards.password and keys are easy entree to criminals.building countries and people information is protected more expeditiously. Biometrics is cost effectual as comparison to identify and watchwords and sometimes its expensive to upgarde system when you lost watchword.

Distributed Denial of Service Attack

The IP spoofing is largely used in Distributed denial of service onslaughts ( DDoS ), in which hackers are concerned with devouring bandwidth and resources by deluging the mark host machine with as many packages as possible in a short p of clip. To efficaciously carry oning the onslaught, hackers spoof beginning IP addresses to do tracing and halting the DDoS every bit hard as possible. Here the aggressor scans internet and identifies the hosts with known exposures and compromise them to put in onslaught plan and so exploits the exposures to derive the root entree. [ 6 ]

Non-Blind Spoofing

This type of onslaught takes topographic point when the hacker is on the same subnet as the mark that can see sequence and recognition of every package. This type of spoofing is session commandeering and an aggressor can short-circuit any hallmark steps taken topographic point to construct the connexion. This is achieved by perverting the DataStream of an established connexion, so re-establishing it based on right sequence and acknowledgement Numberss with the onslaught host machine.

Blind Spoofing

This type of onslaughts may take topographic point from outside where sequence and acknowledgement Numberss are non approachable. Hackers normally send several packages to the mark host machine in order to try sequence Numberss, which is suited in old yearss. Now a yearss, about every OSs implement random sequence figure coevals for the packages, doing it hard to foretell the sequence figure of packages accurately. If, nevertheless, the sequence figure was compromised, information can be sent to the mark host machine.

Man in the Middle Attack

This onslaught is besides known as connexion oriented highjacking. In this onslaught chiefly the aggressor or the interrupter will assail the legal communicating between two parties and eliminates or modifies the information shared between the two hosts without their cognition. This is how the aggressor will gull a mark host and steal the informations by hammering the original host ‘s individuality. In the TCP communicating desynchronized province is given by connexion oriented highjacking. Desynchronized connexion is that when the package sequence figure varies for the standard package and the expected packet. TCP bed will make up one’s mind whether to buffer the package or fling it depending on the existent value of the standard sequence figure. Packages will be discarded or ignored when the two machines are desynchronized. Attacker may shoot spoofed packages with the exact sequence Numberss and alteration or insert messages to the communicating. By remaining on the communicating way between two hosts attacker can modify or alter packages. Making the desynchronized province in the web is the cardinal construct of this onslaught. [ 12 ]

Decision

Assorted types of IP spoofing and its onslaughts are explained in this chapter. Here we have discussed about four types of burlesquing onslaughts like Distributed Denial of Service Attack, Non-blind spoofing, blind burlesquing and Man-in-the-middle onslaught, and besides how these onslaughts can make jobs to destination machines. Various Security demands are discussed in the following chapter.

Security Requirements

Network security demands

The Internet became the largest public information web, enabling both personal and concern communications worldwide. Day to twenty-four hours the information trafficking is increasing exponentially over the internet universe and besides in the corporate webs. As the engineering is developing the velocity of communicating is increasing via electronic mail ; nomadic workers, telecommuters. Internet is besides used chiefly to link corporate webs to the subdivision offices.

As the technolgy developed the use of cyberspace has became more and besides use of different engineerings became more at the same clip security menace besides became more and gave opportunity to more faulties to make at that place things.so the corporations utilizing them should protect and increase the security.The web onslaughts became really serious as they are more effectual for the concerns because they store the of import and sensitive informations, as the personal banking records or the concern and medical studies. If the onslaught is done on such sort of corporates it is really hard to retrieve the doomed informations which besides leads to free the privateness and takes batch of clip to retrieve. Cyberspace would besides be the safest manner to make the concern Despite the dearly-won hazards. For illustration, It is non safe to give the recognition card inside informations to the telemarketer through the phone or even a server in the restaurent this is more hazardous than give the inside informations in the web because security engineering will protect electronic commercialism minutess. The telemarketers and servers may non be that safer or trustworthy because we can non supervise them all the clip. The fright of security jobs could be harmful to concerns as existent security voilates. Due to the misgiving on the cyberspace the fright and the intuition of computing machines still exists. For the administrations that depends on the web will diminish there oppurtunities due to this misgiving. To avoid this security constabularies should be purely taken by the companies and besides instate the precautions that are effective.To protect their clients Organizations should adequately pass on.

Companies should take the security stairss to non merely protect there clients from security breaches but besides there employers and the spouses information which are of import for them. Internet, intranet and extranet are used by the employers and the spouses for the efficient and the fast communication. These communicating and the efficiency should be looked after because they are more effectd by the web onslaughts. Attackers do the onslaught straight because this takes the tonss of clip for the employers to retrieve and reconstruct the lost informations and takes much clip even in the web harm control. loss of clip and valuble informations could greatly impact employee effectivity and assurance. The other chief ground for the demand of web security is the Legislation. Harmonizing to the serveys conducted by the authorities they came to cognize about the importance of cyberspace for the universes economic position, they besides recognize that the aggressors consequence on the cyberspace could besides do the economic harm to the universe. National authoritiess are mounting Torahs to modulate the huge watercourse of electronic information. Companies developed the schemes to procure the day of the month in the safe manner in conformity to set up the ordinances given by government.The companies which does non take security constabularies to protect the information conformity will be voilated and penalized.

System Security Demands

In these yearss supplying security had became a tough undertaking for all the bisiness and the different administrations. Security must be provided to the clients and the of import informations to safeguard them from the malicious and nonvoluntary leaks.Information is really of import for every endeavor, it may be the usage records or rational belongings. By the CIOs it became possible to clients, employees and spouses to acquire the informations in fraction of seconds. The cost of money besides became more to make all these things.There are three grounds for which this information may fall in hazard they are ( I ) when the concern procedure interruptions down ( two ) employee mistake ( three ) spreads in security.

Hazard is so from client and competitory force per unit areas, regulative and corporate conformity, and the lifting cost promotion of informations leaks Information one of the of import resources of fiscal establishment ‘s. To maintain the trust between the spouses or develop the assurance in the clients it is more of import to supply the good security which will be helpful for the good traveling and the repute of the company. At the same clip reliable information is necessary to treat minutess and comfirm client determinations. A fiscal establishment ‘s net income and capital can be affected if the information leaks to unauthorised companies. Information security is one of of import procedure by which an organisation protects and secures its systems, media, and maintain information of import to its operations. The fiscal establishments have a great duties to protect the states fiscal service infrastucture on a wide criterion.

The fiscal security of the client will besides depends on the security provided to the industrial systems and its informations. Effective security programs should be taken by the Individual fiscal establishments and their service providers for their operational complexness. There should be a strong and effectual board to keep and take attention of these security policies in order to protect the company from the security menaces or any other malicious attacks. There should be a regular guidance to the administrations on the security precations they take to supply the companies, so that we can acquire the more effectual consequences and can better the administrations security degree aswell. organisations frequently inaccurately recognize information security as status of controls. As the Security is an on-going procedure in overall security stance the status of a fiscal establishment depends on the index.

Other indexs include the power of the establishment to continually measure its stance and react appropriately in the face of quickly changing menaces, engineerings, and concern conditions. A fiscal establishment establishes and maintains truly effectual information security when it continuously integrates procedures, people, and engineering to palliate hazard in conformity with hazard appraisal and acceptable hazard tolerance degrees. By establishing a security procedure fiscal establishments secure there risks they recognizes hazards, forms a strategy to pull off the hazards, implements the strategy, tests the executing, and proctors the ambiance to pull off the hazards. A fiscal establishment outsources all of their information processing. Examiners use this brochure while measuring the fiscal establishment ‘s hazard direction procedure, including the duties, responsibilities, and occupation of the service beginning for information security and the oversight exercised by the fiscal establishment. [ 3 ]

Information Security Demands

An information security scheme is a program to palliate hazards while staying by with legal, Statutory, internally and contractual developed demands. Typical stairss to constructing a scheme include the definition of control aims, the appraisal and designation of attacks to run into the aims, the choice of controls, prosodies, the constitution of benchmarks and the readying of execution and proving programs. The pick of controls is typically depends on cost comparing of different strategic attacks to minimise the hazard. The cost comparing typically contrasts the costs of different attacks with the possible additions a fiscal establishment could recognize in footings of increased handiness, confidentality or unity of systems and informations. These additions may include reduced fiscal losingss, improved client assurance, regulative conformity and positive audit findings. Any peculiar attack should see the followers

1. Policies, processs and criterions
2. Technology design
3. Resource dedication
4. Testing and
5. Training.

For illustration, an establishment ‘s direction may be measuring the right strategic attack to the security supervision of activities for an Internet environment. There are two possible attacks identified for rating. The first attack utilizes a combination of web and host detectors with a staffed supervision centre. The 2nd attack consists of every twenty-four hours entree log scrutiny. The first option is judged much more capable of observing an onslaught in clip to cut down any harm to the establishment and its informations, even though at a much more cost. The added cost is wholly appropriate when establishment processing capablenesss and the client informations are exposed to an onslaught, such as in an Internet banking sphere. The 2nd attack may be suited when the primary hazard is reputational harm, such as when the Web site is non connected to other fiscal establishment systems and if the lone information is protected is an information-only Web site.

The word “cliche” is sure to have been used hundreds if not thousands of times for the terrorist attacks on the World Trade Center in September 11, 2001 or commonly known as 9/11. The meaning of 9/11 first on the domestic scene is that America joined the ranks of those that suffered the brunt of terrorism for decades such as the United Kingdom, Germany and Italy. America lost “its innocence” since this terrorist incident is of greater magnitude compared to the World Trade Center bombing in February 1993 or in terms of the socio-political impact, it really brought home the message that “no one is safe.”

On the global scale, 9/11 meant that even a superpower or the “only superpower” can fall prey to a low-intensity type of warfare known as terrorism. It prove that such an act can affect economic and market outputs considering that it weakened the stock exchange and flights were cancelled for a few days throughout the United States. 9/11 also redefined the meaning of terrorism and “holds lesson for other states, not just America, by demonstrating the U.S. resolve and ability to remove regimes that harbor or sponsor terrorism, 9/11should have strengthened the deterrent message to governments that would contemplate aiding terrorists. (Knopf, 2002)” It showed that whether it is state-sponsored terrorism or ideological group-led terrorism like Al-Qaeda, governments and nations of the world must unite to battle this modern-day organized plague.

In response to 9/11, the U.S. government implemented the Patriot Act of 2001 or completely known as “”Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001. This piece of legislation contains sections that defines and effects controls and measures in the fight against terrorism such as:

Enhancing domestic security against terrorism;

International money laundering abatement and anti-terrorist financing;

Removing obstacles to investigating terrorism;

Providing for victims of terrorism, public safety officers and their families;

Increased information sharing for critical infrastructure protection;

Strengthening the criminal laws against terrorism; and

Besides the Patriot Act, 9/11 brought about the existence of the Department of Homeland Security (DHS) through House Resolution 5005 and whose major mandate is to prevent terrorist attacks within and reduce the vulnerability to terrorism of the United States. Since DHS became the focal point of the U.S. response to terrorism some major government agencies were transferred to the DHS. One of the major outputs of the DHS is coming out with the National Response Plan (NRP) in December 2004 (DHS, 2004). The NRP “is an all-discipline, all-hazards plan that establishes a single, comprehensive framework for the management of domestic incidents. It provides the structure and mechanisms for the coordination of Federal support to State, local, and tribal incident managers and for exercising direct Federal authorities and responsibilities. (DHS, 2004)”

Having been aligned with the National Incident Management System (DHS, 2004), the NRP had more 32 signatory government departments and agencies. Although it is an incident response plan, the NRP carries policies “to protect national security, coordinates the activities of the other members of the law enforcement community to detect, prevent, preempt, and disrupt terrorist attacks against the United States.

This includes actions to prevent, preempt, and disrupt specific terrorist threats or actual incidents that are based upon specific intelligence or law enforcement information. (DHS, 2004)” Although brought out in general terms, the new security measures in place gives a signal to the domestic marketplace that vigilance and stricter enforcement of security rules is already in place. Trade and commerce with the United States became more stringent especially in terms of cross-border access between U.S., Mexico and Canada.

On the whole, the effectiveness of the change security posture after 9/11 is being met on two fronts. One group agrees with the measures believing that it really curtails terrorist activities. On the other hand, another group declares that starting with the Patriot Act, then the rise of the Department of Homeland Security and the implementation of the National Response Plan, all these are questioned due to their singular and collective effects on rights, freedom and liberties Americans enjoy.

But as in any history of the United States, the debate or division brought about by the new security measures in effect is always welcomed since this is one of the true tests of democracy – when two or more groups agree to disagree. Five years after 9/11, the full measure of the efficacy of the security policies and methods in place can only be truly gauged when a future major terrorist incident can be prevented and the perpetrators captured – only then can some of the “questionable human rights violation measures” can be vindicated! But for now, we can only “hope and pray” that such incident will not happen again or else another event that would live in infamy would be in our midst.

The Business of Security Deposits in Landlord-Tenant Laws

     According to The lease manual: a practical guide to negotiating office, retail, and industrial leases, published by the American Bar Association, all tenants are required to maintain security deposits and all landlords are allowed to apply these deposits if there are breaches of or defaults under the lease agreement.  From both the landlord’s and the tenant’s perspective, the laws on security deposits must make business sense, however.  The landlord has the legal right to use the security deposit amount to repair property that has been left damaged by the tenant.  Moreover, if the tenant has failed to pay rent, the security deposit amount represents compensation for the landlord.  The lease agreement may include other obligations of the tenant to boot.  In cases where the tenant fails to meet those obligations, the landlord has the right to keep a part of or the entire security deposit amount.  But, if the tenant does not fail to meet any of the terms of the lease, the landlord must return the entire security deposit amount to the tenant once the latter has vacated the property previously rented.  What is more, throughout his or her stay in rented property, the tenant would like to ensure that the security deposit amount “is not subject to claims by the Landlord’s creditors…” (Dilman, 2008, p. 203).

     Although security deposit laws may differ from state to state, they tend to be built around similar conditions for landlords and tenants in all states.  Differences are slight.  Studying security deposit law in one state must necessarily provide a gist of security deposit laws in other states.  Furthermore, because laws are intricate it is important to focus on a single state as we endeavor to gather a general idea about them as they apply in all states.  Let us, therefore, use the security deposit laws of Georgia as a case study.

     Under the Georgia Security Deposit Return Act, a landlord must return all security deposits provided that the tenant has adhered to all of the conditions specified on the lease agreement.  Moreover, if the landlord manages at least ten units of property and fails to return a security deposit, he or she is required by law to pay the tenant three times the amount that has been withheld (“Protecting your Deposit”).  After all, landlords managing ten or more units of property are in the position to return three times the amount of security deposits they have withheld.  If wealthy landlords fail to follow the laws, it is correct for them to be penalized with greater severity seeing that the spirit of corporatism is especially inclined to challenge ethical standards in the absence of imposition of such penalties.

     On a similar note, all of the Georgia landlord-tenant laws contained in the Official Code of Georgia, Title 44, Chapter 7, inclusive of security deposit laws, that is, O.C.G.A. §44-7-30 to O.C.G.A. §44-7-37 are based on ethical standards that landlords and tenants are required to comply with (“Protecting your Deposit;” Georgia Department of Community Affairs, 2008).  The first couple of statutes on security deposit read:

               44-7-30.
As used in this article, the term:
(1) ‘Residential rental agreement’ means a contract, lease, or license agreement for the

          rental or use of real property as a dwelling place.
(2) ‘Security deposit’ means money or any other form of security given after July 1, 1976,

          by a tenant to a landlord which shall be held by the landlord on behalf of a tenant by virtue

          of a residential rental agreement and shall include, but not be limited to, damage deposits,

          advance rent deposits, and pet deposits. The term ‘security deposit’ does not include earnest

          money or pet fees which are not to be returned to the tenant under the terms of the

          residential rental agreement.

               44-7-31.
Except as provided in Code Section 44-7-32, whenever a security deposit is held by a

          landlord or his agent on behalf of a tenant, such security deposit shall be deposited in an

          escrow account established only for that purpose in any bank or lending institution subject

          to regulation by this state or any agency of the United States government. The security

          deposit shall be held in trust for the tenant by the landlord or his agent except as provided

          in Code Section 44-7-34. Tenants shall be informed in writing of the location and account

          number of the escrow account required by this Code section. (“State of Georgia Landlord

          Tenant Law,” 2006).
While the O.C.G.A. §44-7-30 simply defines terms relevant to security deposit statutes in Georgia, the O.C.G.A. §44-7-31 makes it abundantly clear that landlords must not misuse the funds they hold as security deposits on behalf of tenants.  Rhodes (2008) writes that landlords – throughout America – do not have a legal claim over security deposit money until and unless the amount is lawfully claimed once the property has been vacated and it is found that the tenant has failed to meet his or her part of the obligations as described on the lease agreement (p. 36).  After all, it is unethical for a landlord to use security money he or she has received from a tenant for a vacation.  The tenant may decide to leave the rented premises at any time, demanding the security money held by the landlord.  Hence, O.C.G.A. §44-7-32 offers an alternative to landlords who do not desire to keep security moneys in escrow accounts (“State of Georgia Landlord Tenant Law;” Georgia Code – Property – Title 44, Section 44-7-35,” 2006).

     According to this statute, the landlord may choose to “maintain an effective surety bond with the clerk of the superior court in the county in which the dwelling unit is located” (“State of Georgia Landlord Tenant Law”).  The landlord is required to keep the entire security deposit thus or fifty thousand dollars, whichever amount is less.  The bond is executed between the landlord and a business that is authorized to act as surety, and it is conditioned upon compliance to O.C.G.A. §44-7-34.  The O.C.G.A. §44-7-32 further requires landlords to return security moneys if they enter bankruptcy or in case there is foreclosure of their property (“State of Georgia Landlord Tenant Law”).  More importantly, if a landlord misuses the tenants’ security monies on dream vacations and this is proved as the landlord has failed to keep the money in either escrow accounts or as surety bonds, he or she is not permitted to retain any amount held as security in the event that there are reasons to retain a part of the security deposit (“Georgia Code – Property – Title 44, Section 44-7-35”).  Thus, holding security deposits in either escrow accounts or as surety bonds ensures compliance with ethical standards on the part of landlords.  The security money belongs to the tenant, after all, and the landlord does not have the legal right to consider it as income.

     An article published on the CBS News website raises an interesting issue regarding interest earned on security deposits.  The author states:

               But what about the sometimes substantial amount of interest incurred on your money?

          In most states, it belongs to your landlord.

               Only one-third of all states require landlords to pay their tenants interest on security

          deposits.  In that case, your landlord typically sets up a separate trust account with your

          deposit.  The interest rate to be paid will be in your rental agreement (the rate is usually

          lower than what the bank pays so the landlord can cover administrative expenses).

          (“Collecting Interest on Your Rental Security Deposit”)

In Georgia, landlords are not required to place security deposit amounts in interest bearing accounts.  The law does not require landlords to pay earned interest to tenants either.  All the same, the landlord may agree to pay earned interest to the tenant by including this condition on the lease agreement (“Is the Landlord Required to Give the Tenant Interest Earned on the Security Deposit,” 2009).

     Because there are no provisions regarding earned interest in Georgia’s security deposit law, the following articles of the law describe conditions for returning security deposits with perfect business sense.  According to O.C.G.A. §44-7-33, the tenant should be provided with a list of damages to the property before he or she pays a security deposit and moves in.  The tenant has the legal right to check the accuracy of this list by visiting the property to inspect it.  The list should be signed by both the landlord and the tenant if they agree on the accuracy of the list.  If the tenant believes that the list is inaccurate, however, he or she must inform the landlord in writing about the items on the list that raise doubts about its accuracy (“State of Georgia Landlord Tenant Law”).  These pieces of legal writing come into use when the tenant leaves the property and security money must be refunded.

     Also according to O.C.G.A. §44-7-33, “[w]ithin three business days” after a property has been vacated, the landlord or his or her estate agent must inspect the property to compile yet another list of damages (“State of Georgia Landlord Tenant Law”).  If there are damages beyond the ones listed before security money was paid, the tenant is charged for these damages (“State of Georgia Landlord Tenant Law”).  The tenant has the legal right to visit the property “within five business days” to check the accuracy of the new list (“State of Georgia Landlord Tenant Law”).  If the tenant believes that the list is accurate, both the landlord and the tenant must sign the new list.  If there are items on the list that raise doubts in the tenant’s mind, however, he or she has the right to disagree in writing.  But, if the landlord cannot agree with this piece of writing, the tenant has the right to take the dispute to a court of law in order to recover his or her security money.  The dispute taken to court may only involve items on the final list that the landlord and the tenant have disagreed about.  If the tenant fails to comply with the statute to recover his or her security money believed to be unlawfully withheld by the landlord, the law gives no right to the tenant to recover the same (“State of Georgia Landlord Tenant Law”).  In this way, the landlord is protected from heeding untruthful claims of the tenant, and ethical standards are upheld.  It is entirely possible for the tenant to make a false claim to recover security money.  If he or she is not required to take the dispute to a court of law to recover a security deposit, legal authorities acting as third parties to resolve the dispute may not be involved.  There is a possibility that the landlord may be cheated by the tenant this way.

     The O.C.G.A. §44-7-34 requires the landlord to refund security money to the tenant within a month of termination of either the lease agreement or occupancy, whichever happens last.  The landlord must return all security money unless there is a dispute about the accuracy of the final list of damages prepared in accordance with O.C.G.A. §44-7-33 (“State of Georgia Landlord Tenant Law”).  The O.C.G.A. §44-7-34 also reads:

          No security deposit shall be retained to cover ordinary wear and tear which occurred as a

          result of the use of the premises for the purposes for which the premises were intended,

          provided that there was no negligence, carelessness, accident, or abuse of the premises by

          the tenant or members of his household or their invitees or guests” (“State of Georgia

          Landlord Tenant Law”).

This portion of the statute makes the landlord responsible for depreciation of property.  It is unethical to charge the tenant for the fact that the property is aging, after all.  Moreover, the O.C.G.A. §44-7-34 requires the landlord to present a written statement to the tenant if it is believed that a portion of the security money must be retained because there are damages to the property beyond ordinary depreciation.  These damages are listed in accordance with O.C.G.A. §44-7-33.  The O.C.G.A. §44-7-34 requires the list of damages to be delivered to the tenant with the remaining portion of security money in case the tenant has agreed about the accuracy of the list.  The list and the refund are required by law to be sent by mail to the address provided by the tenant (“State of Georgia Landlord Tenant Law”).  If the mail is returned to the landlord because the address given by the tenant is incorrect, however, the landlord is required to “locate the tenant” with “reasonable effort” (“State of Georgia Landlord Tenant Law”).  But, if the tenant cannot be located the refund becomes property of the landlord ninety days following the date it was mailed (“State of Georgia Landlord Tenant Law”).

     Of course, the landlord is also allowed by law to retain a part of the security deposit for unpaid rent, late payment, nonpayment of bills for utilities, and/or nonpayment of pet fees.  If there are disputes about these portions of the security money that the landlord has decided to retain, the tenant is required to resolve the disputes with the involvement of a competent court of law (“State of Georgia Landlord Tenant Law”).  Like the other statutes on security deposits, this ensures that neither the landlord nor the tenant is cheated in the process of security deposit recovery.  The landlord may be sued by the tenant if security money is not returned within the period of time specified by law (“Georgia Security Deposits”).  Similarly, the tenant is not permitted to make false claims for a security deposit refund before a court of law intervenes to end the dispute.  In this way, ethical standards are maintained and landlord-tenant relationships are regulated.  After all, renting of property is a vast enterprise calling for such regulation.  More importantly, the entire country enjoys similar regulations for landlord-tenant relationships, maintaining ethical standards in this essential business.

References

Collecting Interest on Your Rental Security Deposit. (2007, Apr 27). Retrieved Mar 15, 2009,

from

http://www.cbsnews.com/stories/2007/04/27/business/marketwatch/main2735515.shtml.

Dilman, R. J. (2008). The lease manual: a practical guide to negotiating office, retail, and

industrial leases. Chicago: American Bar Association.

Georgia Code – Property – Title 44, Section 44-7-35. (2006, May 2). Onecl Court Opinions.

Retrieved Mar 15, 2009, from http://law.onecle.com/georgia/44/44-7-35.html.

Georgia Department of Community Affairs. (1998, Mar). Questions Frequently Asked by

Tenants and Landlords. Eight Ed. Retrieved Mar 15, 2009, from http://www.dca.state.ga.us/housing/HousingDevelopment/programs/downloads/FAQHANDB-PgNo.pdf.

Georgia Security Deposits. Rent Law. Retrieved Mar 15, 2009, from

http://www.rentlaw.com/georgialandlord.htm.

Is the Landlord Required to Give the Tenant Interest Earned on the Security Deposit? (2009).

LawInfo. Retrieved Mar 15, 2009, from http://resources.lawinfo.com/en/Legal-FAQs/Landlord-Tenant/Georgia/is-a-landlord-required-to-give-the-tenant-the.html.

Protecting your Deposit. Consumer SOS. Retrieved Mar 15, 2009, from http://www.consumer-

sos.com/Georgia/Landlord_&_Tenant/ga_security.htm.

Rhodes, N. F. (2008). American Landlord Law: Everything U Need to Know–About Landlord-

Tenant Laws. New York: McGraw Hill Professional.

State of Georgia Landlord Tenant Law. (2006, Jan 30). Rent List. Retrieved Mar 15, 2009, from

http://www.rentlist.net/LTlaw.htm.

Personnel involved in emergency preparedness in an agency should be aware of state and local laws that are applicable in maintaining security. They should know how these laws may affect development and implementation of emergency preparedness in an agency. If the agency leases facilities that are owned by local government, state or private companies, responsibility in ensuring there is security should be allocated to all the parties who use the facilities.

Occupant emergency plan should be well known by the key staff and disabled people should get involved in preparing for emergency where disabled should be engaged in maintaining security. Agency plan should be updated by the senior staff and plan should be reviewed by facilities personnel, first responders and no part of the plan should conflict with the procedures of nearby agencies. Security strategy should coordinate information among enforcement of law and security agencies and strengthen cooperation of police and community through sharing information to know the causes of insecurity in an agency.

Operation plan should help in providing timely information about criminal activities that may arise so that the director of security can take preventive measures to ensure that no personnel are under risk. (Douglas, 1993 pp38-42). Steps taken to ensure security of organization assets Risk assessment on organizations sensitive information on assets where assets are evaluated basing on integrity, availability and confidentiality of the requirements in classifying assets to determine the ones essential in achieving organization objectives.

Risk assessment identifies the threat, probability of occurrence, how vulnerable it is and impact of severity. Threat analysis establishes all the threats that involve flood or virus and improper management of storage devices. Vulnerability analysis ensures that there is protection of critical information resources. Possible control to be implemented should be assessed to determine security functions to mitigate risks and provide protection to assets. Appropriate security measures should be selected to correspond to retained security functions.

Analysis should be done followed by decision making and drafting of action plan according to priority of security measures that should be deployed. Director of security communicate with employees on security issues, monitor and update implemented controls. (Douglas, 1993 pp33-37). Role of scenario planning This is a method of strategic planning used by some organizations to make long term plans that are flexible. It combines known future facts such as political, geography and industrial information with social, technical and environmental trends that act as key driving forces.

Scenario planning involves interpreting facts in a subjective manner, new inventions and shifting values. Scenario planning highlights the forces that push future to a different location. It ensures forces are visible so that the planner can recognize them in case they happen. It starts by identifying the decision where infinite number of stories tells of the future by telling the people that matter to make better decision. It begins by agreeing on the issue to be addressed and test of relevance of the issues. Scenario planning creates participation of the public and positive visioning.

It helps to understand what you want by use of new technology in understanding impact of decisions made in a project and making informed decisions. Through scenario planning, community is able to understand their future and make tradeoffs by understanding the purpose of decisions made. (Bakeoff, 1988 pp17-23). Comparing SWOT and STEEP analysis Both of them begin with analyzing external environment of the business and there after looks at internal strengths and weaknesses of organization in relation to internal factors like prior performance and external factors.

They combine analysis to look at organizations opportunities and threats to come up with plans in order to have opportunities for countering threats. Both of them help to develop effective corporate strategy. They are involved in changes in technology which they rarely consider as a threat and organization must make use of new improved technology so that it can produce final products that are of high quality and satisfy consumer needs and wants

Contrasting SWOT and STEEP analysis SWOT assesses the business of your own or competitors while SPEEP assesses the market which includes competitors from standpoint of a business. SWOT analyses benefits all businesses by completing main competitors SWOT analysis which provide feedback into STEEP analysis economic aspects while STEEP analysis is useful and relevant when business is larger and complex but can still have one or two issues of importance in small businesses.

SWOT analysis are used when business are starting to plan in order to identify the strength of business, weakness that may be encountered, available opportunities and threats. This is not a process of isolation but decisions taken should be based on findings while STEEP analysis looks for sociocultural, technological, economic and political factors and their impact on business. (Bakeoff, 1988 pp24-26).