Monday, September 30, 2019

Cisa

1. A benefit of open system architecture is that it: A. facilitates interoperability. B. facilitates the integration of proprietary components. C. will be a basis for volume discounts from equipment vendors. D. allows for the achievement of more economies of scale for equipment. ANSWER: A NOTE: Open systems are those for which suppliers provide components whose interfaces are defined by public standards, thus facilitating interoperability between systems made by different vendors. In contrast, closed system components are built to proprietary standards so that other suppliers' systems cannot or will not interface with existing systems. . An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production environment? A. Commands typed on the command line are logged B. Hash keys are calculated periodica lly for programs and matched against hash keys calculated for the most recent authorized versions of the programs C. Access to the operating system command line is granted through an access restriction tool with preapproved rights D.Software development tools and compilers have been removed from the production environment ANSWER: B NOTE: The matching of hash keys over time would allow detection of changes to files. Choice A is incorrect because having a log is not a control, reviewing the log is a control. Choice C is incorrect because the access was already granted—it does not matter how. Choice D is wrong because files can be copied to and from the production environment. 3. In the context of effective information security governance, the primary objective of value delivery is to: A. optimize security investments in support of business objectives.B. implement a standard set of security practices. C. institute a standards-based solution. D. implement a continuous improvement culture. ANSWER: A NOTE: In the context of effective information security governance, value delivery is implemented to ensure optimization of security investments in support of business objectives. The tools and techniques for implementing value delivery include implementation of a standard set of security practices, institutionalization and commoditization of standards-based solutions, and implementation of a continuous improvement culture considering security as a process, not an event. 4.During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: A. assessment of the situation may be delayed. B. execution of the disaster recovery plan could be impacted. C. notification of the teams might not occur. D. potential crisis recognition might be ineffective. ANSWER: B NOTE: Execution of the business continuity plan would be impacted if the organizat ion does not know when to declare a crisis. Choices A, C and D are steps that must be performed to know whether to declare a crisis.Problem and severity assessment would provide information necessary in declaring a disaster. Once a potential crisis is recognized, the teams responsible for crisis management need to be notified. Delaying this step until a disaster has been declared would negate the effect of having response teams. Potential crisis recognition is the first step in responding to a disaster. 5. When implementing an IT governance framework in an organization the MOST important objective is: A. IT alignment with the business. B. accountability. C. value realization with IT. D. enhancing the return on IT investments.ANSWER: A NOTE: The goals of IT governance are to improve IT performance, to deliver optimum business value and to ensure regulatory compliance. The key practice in support of these goals is the strategic alignment of IT with the business (choice A). To achieve alignment, all other choices need to be tied to business practices and strategies. 6. When reviewing an implementation of a VoIP system over a corporate WAN, an IS auditor should expect to find: A. an integrated services digital network (ISDN) data link. B. traffic engineering. C. wired equivalent privacy (WEP) encryption of data.D. analog phone terminals. ANSWER: B NOTE: To ensure that quality of service requirements are achieved, the Voice-over IP (VoIP) service over the wide area network (WAN) should be protected from packet losses, latency or jitter. To reach this objective, the network performance can be managed using statistical techniques such as traffic engineering. The standard bandwidth of an integrated services digital network (ISDN) data link would not provide the quality of services required for corporate VoIP services. WEP is an encryption scheme related to wireless networking.The VoIP phones are usually connected to a corporate local area network (LAN) and are not ana log. 7. An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important? A. The tools used to conduct the test B. Certifications held by the IS auditor C. Permission from the data owner of the server D. An intrusion detection system (IDS) is enabled ANSWER: C NOTE: The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details.All other choices are not as important as the data owner's responsibility for the security of the data assets. 8. Which of the following is a risk of cross-training? A. Increases the dependence on one employee B. Does not assist in succession planning C. One employee may know all parts of a system D. Does not help in achieving a continuity of operations ANSWER: C NOTE: When cross-training, it would be prudent to first assess the risk of any person knowing all parts of a system and what exposur es this may cause. Cross-training has the advantage of decreasing dependence on one employee and, hence, can be part of succession planning.It also provides backup for personnel in the event of absence for any reason and thereby facilitates the continuity of operations. 9. The use of digital signatures: A. requires the use of a one-time password generator. B. provides encryption to a message. C. validates the source of a message. D. ensures message confidentiality. ANSWER: C NOTE: The use of a digital signature verifies the identity of the sender, but does not encrypt the whole message, and hence is not enough to ensure confidentiality. A one-time password generator is an option, but is not a requirement for using digital signatures. 0. A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative? A. Issues of privacy B. Wavelength can be absor bed by the human body C. RFID tags may not be removable D. RFID eliminates line-of-sight reading ANSWER: A NOTE: The purchaser of an item will not necessarily be aware of the presence of the tag. If a tagged item is paid for by credit card, it would be possible to tie the unique ID of that item to the identity of the purchaser.Privacy violations are a significant concern because RFID can carry unique identifier numbers. If desired it would be possible for a firm to track individuals who purchase an item containing an RFID. Choices B and C are concerns of less importance. Choice D is not a concern. 11. A lower recovery time objective (RTO) results in: A. higher disaster tolerance. B. higher cost. C. wider interruption windows. D. more permissive data loss. ANSWER: B NOTE: A recovery time objective (RTO) is based on the acceptable downtime in case of a disruption of operations. The lower the RTO, the higher the cost of recovery strategies.The lower the disaster tolerance, the narrower the interruption windows, and the lesser the permissive data loss. 12. During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing: A. test data covering critical applications. B. detailed test plans. C. quality assurance test specifications. D. user acceptance testing specifications. ANSWER: D NOTE: A key objective in any software development project is to ensure that the developed software will meet the business objectives and the requirements of the user.The users should be involved in the requirements definition phase of a development project and user acceptance test specification should be developed during this phase. The other choices are generally performed during the system testing phase. 13. The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all: A. outgoing traffic with IP source addresses external to the network . B. incoming traffic with discernible spoofed IP source addresses. C. incoming traffic with IP options set.D. incoming traffic to critical hosts. ANSWER: A NOTE: Outgoing traffic with an IP source address different than the IP range in the network is invalid. In most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack. 14. What is the BEST backup strategy for a large database with data supporting online sales? A. Weekly full backup with daily incremental backup B. Daily full backup C. Clustered servers D. Mirrored hard disks ANSWER: ANOTE: Weekly full backup and daily incremental backup is the best backup strategy; it ensures the ability to recover the database and yet reduces the daily backup time requirements. A full backup normally requires a couple of hours, and therefore it can be impractical to conduct a full backup every day. Clustered servers provide a redundant processing capability, but are not a backup. Mirrored hard disks will not help in case of disaster. 15. Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks? A. Session keys are dynamicB. Private symmetric keys are used C. Keys are static and shared D. Source addresses are not encrypted or authenticated ANSWER: A NOTE: WPA uses dynamic session keys, achieving stronger encryption than wireless encryption privacy (WEP), which operates with static keys (same key is used for everyone in the wireless network). All other choices are weaknesses of WEP. 16. The ultimate purpose of IT governance is to: A. encourage optimal use of IT. B. reduce IT costs. C. decentralize IT resources across the organization. D. centralize control of IT. ANSWER: ANOTE: IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise. Reducing IT costs may not be the best IT governance outcome for an enterprise. Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized environment. Centralizing control of IT is not always desired. An example of where it might be desired is an enterprise desiring a single point of customer contact. 17. The MAIN purpose of a transaction audit trail is to:A. reduce the use of storage media. B. determine accountability and responsibility for processed transactions. C. help an IS auditor trace transactions. D. provide useful information for capacity planning. ANSWER: B NOTE: Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used to trace transactions, but would not aid in determining accountability and responsibility.The objective of capacity planning is the efficient an d effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc. 18. An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to: A. tress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans. B. accept the project manager's position as the project manager is accountable for the outcome of the project. C. offer to work with the risk manager when one is appointed. D. inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the project. ANSWER: A NOTE: The majority of project risks can typically be i dentified before a project begins, allowing mitigation/avoidance plans to be put in place to deal with these risks.A project should have a clear link back to corporate strategy and tactical plans to support this strategy. The process of setting corporate strategy, setting objectives and developing tactical plans should include the consideration of risks. Appointing a risk manager is a good practice but waiting until the project has been impacted by risks is misguided. Risk management needs to be forward looking; allowing risks to evolve into issues that adversely impact the project represents a failure of risk management.With or without a risk manager, persons within and outside of the project team need to be consulted and encouraged to comment when they believe new risks have emerged or risk priorities have changed. The IS auditor has an obligation to the project sponsor and the organization to advise on appropriate project management practices. Waiting for the possible appointment of a risk manager represents an unnecessary and dangerous delay to implementing risk management. 19. A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?A. Badge readers are installed in locations where tampering would be noticed B. The computer that controls the badge system is backed up frequently C. A process for promptly deactivating lost or stolen badges exists D. All badge entry attempts are logged ANSWER: C NOTE: Tampering with a badge reader cannot open the door, so this is irrelevant. Logging the entry attempts may be of limited value. The biggest risk is from unauthorized individuals who can enter the data center, whether they are employees or not. Thus, a process of deactivating lost or stolen badges is important.The configuration of the system does not change frequently, therefore frequent backup is not necessary. 20. Which of the following would impair the independence of a quality assurance tea m? A. Ensuring compliance with development methods B. Checking the testing assumptions C. Correcting coding errors during the testing process D. Checking the code to ensure proper documentation ANSWER: C NOTE: Correction of code should not be a responsibility of the quality assurance team as it would not ensure segregation of duties and would impair the team's independence. The other choices are valid quality assurance functions. 1. Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors? A. A security information event management (SIEM) product B. An open-source correlation engine C. A log management tool D. An extract, transform, load (ETL) system ANSWER: C NOTE: A log management tool is a product designed to aggregate events from many log files (with distinct formats and from different sources), store them and typically correlate them offline to produce many reports (e. . , exception reports showing different statistics including anomalies and suspicious activities), and to answer time-based queries (e. g. , how many users have entered the system between 2 a. m. and 4 a. m. over the past three weeks? ). A SIEM product has some similar features. It correlates events from log files, but does it online and normally is not oriented to storing many weeks of historical information and producing audit reports. A correlation engine is part of a SIEM product. It is oriented to making an online correlation of events.An extract, transform, load (ETL) is part of a business intelligence system, dedicated to extracting operational or production data, transforming that data and loading them to a central repository (data warehouse or data mart); an ETL does not correlate data or produce reports, and normally it does not have extractors to read log file formats. 22. To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's: A. public key and then encrypt the message with the receiver's private key. B. private key and then encrypt the message with the receiver's public key.C. public key and then encrypt the message with the receiver's public key. D. private key and then encrypt the message with the receiver's private key. ANSWER: B NOTE: Obtaining the hash of the message ensures integrity; signing the hash of the message with the sender's private key ensures the authenticity of the origin, and encrypting the resulting message with the receiver's public key ensures confidentiality. The other choices are incorrect. 23. An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records.Which of the following is the MOST effective compensating control for this weakness? A. Staging and job set up B. Supervisory review of logs C. Regular back-up of tapes D. Offsite storage of tapes ANSWER: A NOTE: If the IS auditor finds that there are effective staging and job set up processes, this can be accepted as a compensating control. Choice B is a detective control while choices C and D are corrective controls, none of which would serve as good compensating controls. 24. What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?A. Malicious code could be spread across the network B. VPN logon could be spoofed C. Traffic could be sniffed and decrypted D. VPN gateway could be compromised ANSWER: A NOTE: VPN is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client could spread to the organization's network. Though choices B, C and D are security risks, VPN technology largely mitigates these risks. 25. The activation of an enterprise's business continuity plan should be based on predetermine d criteria that address the: A. duration of the outage. B. ype of outage. C. probability of the outage. D. cause of the outage. ANSWER: A NOTE: The initiation of a business continuity plan (action) should primarily be based on the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives. 26. After observing suspicious activities in a server, a manager requests a forensic analysis. Which of the following findings should be of MOST concern to the investigator? A. Server is a member of a workgroup and not part of the server domain B. Guest account is enabled on the server C.Recently, 100 users were created in the server D. Audit logs are not enabled for the server ANSWER: D NOTE: Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enab led on a system is a poor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern. 27. Minimum password length and password complexity verification are examples of: A. etection controls. B. control objectives. C. audit objectives. D. control procedures. ANSWER: D NOTE: Control procedures are practices established by management to achieve specific control objectives. Password controls are preventive controls, not detective controls. Control objectives are declarations of expected results from implementing controls and audit objectives are the specific goals of an audit. 28. Which of the following is an advantage of the top-down approach to software testing? A. Interface errors are identified early B. Testing can be started before all programs are complete C.It is more effective than other testing approaches D. Errors in critical modules are detected sooner ANSWER: A NOTE: The advantage of the top-down approach is that tests of major functions are conducted early, thus enabling the detection of interface errors sooner. The most effective testing approach is dependent on the environment being tested. Choices B and D are advantages of the bottom-up approach to system testing. 29. After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should: A. expand activities to determine whether an investigation is warranted.B. report the matter to the audit committee. C. report the possibility of fraud to top management and ask how they would like to proceed. D. consult with external legal counsel to determine the course of action to be taken. ANSWER: A NOTE: An IS auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. The IS auditor should notify the appropriate authoritie s within the organization only if it has determined that the indicators of fraud are sufficient to recommend an investigation.Normally, the IS auditor does not have authority to consult with external legal counsel. 30. As a driver of IT governance, transparency of IT's cost, value and risks is primarily achieved through: A. performance measurement. B. strategic alignment. C. value delivery. D. resource management. ANSWER: A NOTE: Performance measurement includes setting and monitoring measurable objectives of what the IT processes need to deliver (process outcome) and how they deliver it (process capability and performance). Strategic alignment primarily focuses on ensuring linkage of business and IT plans.Value delivery is about executing the value proposition throughout the delivery cycle. Resource management is about the optimal investment in and proper management of critical IT resources. Transparency is primarily achieved through performance measurement as it provides informati on to the stakeholders on how well the enterprise is performing when compared to objectives. 31. A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team.What would be of GREATEST concern if discovered during a forensic investigation? A. Audit logs are not enabled for the system B. A logon ID for the technical lead still exists C. Spyware is installed on the system D. A Trojan is installed on the system ANSWER: A NOTE: Audit logs are critical to the investigation of the event; however, if not enabled, misuse of the logon ID of the technical lead and the guest account could not be established. The logon ID of the technical lead should have been deleted as soon as the employee left the organization but, without audit logs, misuse of the ID is difficult to prove.Spyware installed on the system is a concern but could have been installed by any user an d, again, without the presence of logs, discovering who installed the spyware is difficult. A Trojan installed on the system is a concern, but it can be done by any user as it is accessible to the whole group and, without the presence of logs, investigation would be difficult. 32. When using a universal storage bus (USB) flash drive to transport confidential corporate data to an offsite location, an effective control would be to: A. carry the flash drive in a portable safe. B. assure management that you will not lose the flash drive. C. equest that management deliver the flash drive by courier. D. encrypt the folder containing the data with a strong key. ANSWER: D NOTE: Encryption, with a strong key, is the most secure method for protecting the information on the flash drive. Carrying the flash drive in a portable safe does not guarantee the safety of the information in the event that the safe is stolen or lost. No matter what measures you take, the chance of losing the flash drive still exists. It is possible that a courier might lose the flash drive or that it might be stolen. 33. The FIRST step in a successful attack to a system would be: A. gathering information. B. aining access. C. denying services. D. evading detection. ANSWER: A NOTE: Successful attacks start by gathering information about the target system. This is done in advance so that the attacker gets to know the target systems and their vulnerabilities. All of the other choices are based on the information gathered. 34. An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure? A. The corporate network is using an intrusion prevention system (IPS) B. This part of the network is isolated from the corporate network C. A single sign-on has been implemented in the corporate network D.Antivirus software is in place to protect the corporate network ANSWER: B NOTE: If the conference rooms have access to the corporate network, unauthorized us ers may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An IPS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk. 5. While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infrastructural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure: A. the salvage team is trained to use the notification system. B. the notification system provides for the recovery of the backup. C. redundancies are built into the notification system. D. the notification systems are stored in a vault. ANSWER: CNO TE: If the notification system has been severely impacted by the damage, redundancy would be the best control. The salvage team would not be able to use a severely damaged notification system, even if they are trained to use it. The recovery of the backups has no bearing on the notification system and storing the notification system in a vault would be of little value if the building is damaged. 36. The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data?A. SSL encryption B. Two-factor authentication C. Encrypted session cookies D. IP address verification ANSWER: A NOTE: The main risk in this scenario is confidentiality, therefore the only option which would provide confidentiality is Secure Socket Layer (SSL) encryption. The remaining options deal with authentication issues. 37. Regarding a disaster recovery plan, the role of an IS auditor should include: A. identifying critical applications. B. determining the external service providers involved in a recovery test. C. observing the tests of the disaster recovery plan. D. etermining the criteria for establishing a recovery time objective (RTO). ANSWER: C NOTE: The IS auditor should be present when disaster recovery plans are tested, to ensure that the test meets the targets for restoration, and the recovery procedures are effective and efficient. As appropriate, the auditor should provide a report of the test results. All other choices are a responsibility of management. 38. Which of the following is the BEST practice to ensure that access authorizations are still valid? A. Information owner provides authorization for users to gain access B. Identity management is integrated with human resource processes C.Information owners periodically review the access controls D. An authorization matrix is used to establish validity of access ANSWER: B NOTE: Personnel a nd departmental changes can result in authorization creep and can impact the effectiveness of access controls. Many times when personnel leave an organization, or employees are promoted, transferred or demoted, their system access is not fully removed, which increases the risk of unauthorized access. The best practices for ensuring access authorization is still valid is to integrate identity management with human resources processes.When an employee transfers to a different function, access rights are adjusted at the same time. 39. The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software? A. Rewrite the patches and apply them B. Code review and application of available patches C. Develop in-house patches D. Identify and test suitable patches before applying them ANSWER: D NOTE: Suitable patches from the existing developers should be selected and tested before applying them.Rewriting the patches and applying them is not a correct answer because it would require skilled resources and time to rewrite the patches. Code review could be possible but tests need to be performed before applying the patches. Since the system was developed outside the organization, the IT department may not have the necessary skills and resources to develop patches. 40. Which of the following is a prevalent risk in the development of end-user computing (EUC) applications? A. Applications may not be subject to testing and IT general controls B. Increased development and maintenance costsC. Increased application development time D. Decision-making may be impaired due to diminished responsiveness to requests for information ANSWER: A NOTE: End-user developed applications may not be subjected to an independent outside review by systems analysts and frequently are not created in the context of a formal development methodology. These applicati ons may lack appropriate standards, controls, quality assurance procedures, and documentation. A risk of end-user applications is that management may rely on them as much as traditional applications.End-user computing (EUC) systems typically result in reduced application development and maintenance costs, and a reduced development cycle time. EUC systems normally increase flexibility and responsiveness to management's information requests. 41. The MAJOR consideration for an IS auditor reviewing an organization's IT project portfolio is the: A. IT budget. B. existing IT environment. C. business plan. D. investment plan. ANSWER: C NOTE: One of the most important reasons for which projects get funded is how well a project meets an organization's strategic objectives.Portfolio management takes a holistic view of a company's overall IT strategy. IT strategy should be aligned with the business strategy and, hence, reviewing the business plan should be the major consideration. Choices A, B and D are important but secondary to the importance of reviewing the business plan. 42. Which of the following is an attribute of the control self-assessment (CSA) approach? A. Broad stakeholder involvement B. Auditors are the primary control analysts C. Limited employee participation D. Policy driven ANSWER: ANOTE: The control self-assessment (CSA) approach emphasizes management of and accountability for developing and monitoring the controls of an organization's business processes. The attributes of CSA include empowered employees, continuous improvement, extensive employee participation and training, all of which are representations of broad stakeholder involvement. Choices B, C and D are attributes of a traditional audit approach. 43. The BEST method for assessing the effectiveness of a business continuity plan is to review the: A. plans and compare them to appropriate standards. B. results from previous tests.C. emergency procedures and employee training. D. offsite storage an d environmental controls. ANSWER: B NOTE: Previous test results will provide evidence of the effectiveness of the business continuity plan. Comparisons to standards will give some assurance that the plan addresses the critical aspects of a business continuity plan but will not reveal anything about its effectiveness. Reviewing emergency procedures, offsite storage and environmental controls would provide insight into some aspects of the plan but would fall short of providing assurance of the plan's overall effectiveness. 4. An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? A. Review and evaluate the business continuity plan for adequacy B. Perform a full simulation of the business continuity plan C. Train and educate employees regarding the business continuity plan D. Notify critical contacts in the business continuity plan ANSWER: A NOTE: The business co ntinuity plan should be reviewed every time a risk assessment is completed for the organization.Training of the employees and a simulation should be performed after the business continuity plan has been deemed adequate for the organization. There is no reason to notify the business continuity plan contacts at this time. 45. Which of the following insurance types provide for a loss arising from fraudulent acts by employees? A. Business interruption B. Fidelity coverage C. Errors and omissions D. Extra expense ANSWER: B NOTE: Fidelity insurance covers the loss arising from dishonest or fraudulent acts by employees. Business interruption insurance covers the loss of profit due to the disruption in the operations of an organization.Errors and omissions insurance provides legal liability protection in the event that the professional practitioner commits an act that results in financial loss to a client. Extra expense insurance is designed to cover the extra costs of continuing operations following a disaster/disruption within an organization. 46. An IS auditor reviewing the risk assessment process of an organization should FIRST: A. identify the reasonable threats to the information assets. B. analyze the technical and organizational vulnerabilities. C. identify and rank the information assets. D. evaluate the effect of a potential security breach.ANSWER: C NOTE: Identification and ranking of information assets—e. g. , data criticality, locations of assets—will set the tone or scope of how to assess risk in relation to the organizational value of the asset. Second, the threats facing each of the organization's assets should be analyzed according to their value to the organization. Third, weaknesses should be identified so that controls can be evaluated to determine if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in absence of given controls, would impact the organization information assets. 47.An organization is using an enterpr ise resource management (ERP) application. Which of the following would be an effective access control? A. User-level permissions B. Role-based C. Fine-grained D. Discretionary ANSWER: B NOTE: Role-based access controls the system access by defining roles for a group of users. Users are assigned to the various roles and the access is granted based on the user's role. User-level permissions for an ERP system would create a larger administrative overhead. Fine-grained access control is very difficult to implement and maintain in the context of a large nterprise. Discretionary access control may be configured or modified by the users or data owners, and therefore may create inconsistencies in the access control management. 48. The sender of a public key would be authenticated by a: A. certificate authority. B. digital signature. C. digital certificate. D. registration authority. ANSWER: C NOTE: A digital certificate is an electronic document that declares a public key holder is who the holder claims to be. The certificates do handle data authentication as they are used to determine who sent a particular message.A certificate authority issues the digital certificates, and distributes, generates and manages public keys. A digital signature is used to ensure integrity of the message being sent and solve the nonrepudiation issue of message origination. The registration authority would perform most of the administrative tasks of a certificate authority, i. e. , registration of the users of a digital signature plus authenticating the information that is put in the digital certificate. 49. Which of the following is the MOST reliable form of single factor personal identification? A. Smart card B. PasswordC. Photo identification D. Iris scan ANSWER: D NOTE: Since no two irises are alike, identification and verification can be done with confidence. There is no guarantee that a smart card is being used by the correct person since it can be shared, stolen or lost and found. Passwords can be shared and, if written down, carry the risk of discovery. Photo IDs can be forged or falsified. 50. A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data? A.Introduce a secondary authentication method such as card swipe B. Apply role-based permissions within the application system C. Have users input the ID and password for each database transaction D. Set an expiration period for the database password embedded in the program ANSWER: B NOTE: When a single ID and password are embedded in a program, the best compensating control would be a sound access control over the application layer and procedures to ensure access to data is granted based on a user's role. The issue is user permissions, not authentication, therefore adding a stronger authentication does not improve the situation.Having a user input the ID and passwo rd for access would provide a better control because a database log would identify the initiator of the activity. However, this may not be efficient because each transaction would require a separate authentication process. It is a good practice to set an expiration date for a password. However, this might not be practical for an ID automatically logged in from the program. Often, this type of password is set not to expire. 51. Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation?A. Process maturity B. Performance indicators C. Business risk D. Assurance reports ANSWER: C NOTE: Priority should be given to those areas which represent a known risk to the enterprise's operations. The level of process maturity, process performance and audit reports will feed into the decision making process. Those areas that represent real risk to the business should be given priority. 52. An IS auditor has been asked to partic ipate in project initiation meetings for a critical project. The IS auditor's MAIN concern should be that the: A. omplexity and risks associated with the project have been analyzed. B. resources needed throughout the project have been determined. C. project deliverables have been identified. D. a contract for external parties involved in the project has been completed. ANSWER: A NOTE: Understanding complexity and risk, and actively managing these throughout a project are critical to a successful outcome. The other choices, while important during the course of the project, cannot be fully determined at the time the project is initiated, and are often contingent upon the risk and complexity of the project. 3. Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices? A. Policies that require instant dismissal if such devices are found B. Software for tracking and managing USB storage devices C. Administratively disabling the USB por t D. Searching personnel for USB storage devices at the facility's entrance ANSWER: B NOTE: Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user based on changing business requirements, and would provide for monitoring and reporting exceptions to management.A policy requiring dismissal may result in increased employee attrition and business requirements would not be properly addressed. Disabling ports would be complex to manage and might not allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility is not a practical solution since these devices are small and could be easily hidden. 54. When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next: A. recommend that the database be normalized. B. review the conceptual data model.C. review the stored procedures. D. review the justification. ANSWER: D NOTE: If the database is not normalized, the IS auditor should review the justification since, in some situations, denormalization is recommended for performance reasons. The IS auditor should not recommend normalizing the database until further investigation takes place. Reviewing the conceptual data model or the stored procedures will not provide information about normalization. 55. Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol? A.Presence of spyware in one of the ends B. The use of a traffic sniffing tool C. The implementation of an RSA-compliant solution D. A symmetric cryptography is used for transmitting data ANSWER: A NOTE: Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end user's computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place. 56.At the completion of a system development project, a postproject review should include which of the following? A. Assessing risks that may lead to downtime after the production release B. Identifying lessons learned that may be applicable to future projects C. Verifying the controls in the delivered system are working D. Ensuring that test data are deleted ANSWER: B NOTE: A project team has something to learn from each and every project. As risk assessment is a key issue for project management, it is important for the organization to accumulate lessons learned and integrate them into future projects.An assessment of potential downtime should be made with the operations group and other specialists before implementing a system. Verifying that controls are working should be covered during the acceptance test phase and possibly, again, in the postimplementation review. Test data should be retained for future regression testing. 57. While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: A. recommend the use of disk mirroring. B. review the adequacy of offsite storage. C. eview the capacity management process. D. recommend the use of a compression algorithm. ANSWER: C NOTE: Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. Business criticality must be considered before recommending a disk mirroring solution and offsite storage is unrelated to the problem. Though data compression may save disk space, it could affect system performance. 58. Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit? A.Data backups are performed on a timely basis B. A recovery site is contracted for and available as needed C. Human safety procedures a re in place D. Insurance coverage is adequate and premiums are current ANSWER: C NOTE: The most important element in any business continuity process is the protection of human life. This takes precedence over all other aspects of the plan. 59. While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the: A. audit trail of the versioning of the work papers. B. approval of the audit phases.C. access rights to the work papers. D. confidentiality of the work papers. ANSWER: D NOTE: Encryption provides confidentiality for the electronic work papers. Audit trails, audit phase approvals and access to the work papers do not, of themselves, affect the confidentiality but are part of the reason for requiring encryption. 60. An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary bec ause effective system access controls are in place.The BEST response the auditor can make is to: A. review the integrity of system access controls. B. accept management's statement that effective access controls are in place. C. stress the importance of having a system control framework in place. D. review the background checks of the accounts payable staff. ANSWER: C NOTE: Experience has demonstrated that reliance purely on preventative controls is dangerous. Preventative controls may not prove to be as strong as anticipated or their effectiveness can deteriorate over time.Evaluating the cost of controls versus the quantum of risk is a valid management concern. However, in a high-risk system a comprehensive control framework is needed. Intelligent design should permit additional detective and corrective controls to be established that don't have high ongoing costs, e. g. , automated interrogation of logs to highlight suspicious individual transactions or data patterns. Effective ac cess controls are, in themselves, a positive but, for reasons outlined above, may not sufficiently compensate for other control weaknesses. In this situation the IS auditor needs to be proactive.The IS auditor has a fundamental obligation to point out control weaknesses that give rise to unacceptable risks to the organization and work with management to have these corrected. Reviewing background checks on accounts payable staff does not provide evidence that fraud will not occur. 61. A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment? A. Reviewing logs frequently B. Testing and validating the rules C. Training a local administrator at the new location D. Sharing firewall administrative dutiesANSWER: B NOTE: A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log fil es would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important. 62. When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of: A. xcessive transaction turnaround time. B. application interface failure. C. improper transaction authorization. D. nonvalidated batch totals. ANSWER: C NOTE: Foremost among the risks associated with electronic data interchange (EDI) is improper transaction authorization. Since the interaction with the parties is electronic, there is no inherent authentication. The other choices, although risks, are not as significant. 63. The PRIMARY objective of implementing corporate governance by an organization's management is to: A. provide strategic direction. B. control business operations.C. align IT with business. D. implement best prac tices. ANSWER: A NOTE: Corporate governance is a set of management practices to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized. Hence, the primary objective of corporate governance is to provide strategic direction. Based on the strategic direction, business operations are directed and controlled. 64. To determine if unauthorized changes have been made to production code the BEST audit procedure is to: A. xamine the change control system records and trace them forward to object code files. B. review access control permissions operating within the production program libraries. C. examine object code to find instances of changes and trace them back to change control records. D. review change approved designations established within the change control system. ANSWER: C NOTE: The procedure of examining object code files to establish instances of code changes and tracing these back t o change control system records is a substantive test that directly addresses the risk of unauthorized code changes.The other choices are valid procedures to apply in a change control audit but they do not directly address the risk of unauthorized code changes. 65. When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the: A. project be discontinued. B. business case be updated and possible corrective actions be identified. C. project be returned to the project sponsor for reapproval. D. project be ompleted and the business case be updated later. ANSWER: B NOTE: An IS auditor should not recommend discontinuing or completing the project before reviewing an updated business case. The IS auditor should recommend that the business case be kept current throughout the project since it is a key input to decisions made throughout the life o f any project. 66. Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update? A. Test data run B. Code review C.Automated code comparison D. Review of code migration procedures ANSWER: C NOTE: An automated code comparison is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is an automated procedure. Test data runs permit the auditor to verify the processing of preselected transactions, but provide no evidence about unexercised portions of a program. Code review is the process of reading program source code listings to determine whether the code contains potential errors or inefficient statements.A code review can be used as a means of code comparison but it is inefficient. The review of code migration procedures would not detect program changes. 67. Doing which of the following d uring peak production hours could result in unexpected downtime? A. Performing data migration or tape backup B. Performing preventive maintenance on electrical systems C. Promoting applications from development to the staging environment D. Replacing a failed power supply in the core router of the data center ANSWER: B NOTE: Choices A and C are processing events which may impact performance, but ould not cause downtime. Enterprise-class routers have redundant hot-swappable power supplies, so replacing a failed power supply should not be an issue. Preventive maintenance activities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime. 68. Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information? A. Degaussing B. Defragmenting C. Erasing D. Destroying ANSWER: DNOTE: Destroying magnetic media is the only way to assure that confidential information cannot be recovered. Degaussing or demagnetizing is not sufficient to fully erase information from magnetic media. The purpose of defragmentation is to eliminate fragmentation in file systems and does not remove information. Erasing or deleting magnetic media does not remove the information; this method simply changes a file's indexing information. 69. The MAIN criterion for determining the severity level of a service disruption incident is: A. cost of recovery. B. negative public opinion. C. geographic location. D. downtime.ANSWER: D NOTE: The longer the period of time a client cannot be serviced, the greater the severity of the incident. The cost of recovery could be minimal yet the service downtime could have a major impact. Negative public opinion is a symptom of an incident. Geographic location does not determine the severity of the incident. 70. During the design of a business continuity plan, the business impact a nalysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the: A. responsibility for maintaining the business continuity plan. B. criteria for selecting a recovery site provider.C. recovery strategy. D. responsibilities of key personnel. ANSWER: C NOTE: The most appropriate strategy is selected based on the relative risk level and criticality identified in the business impact analysis (BIA. ), The other choices are made after the selection or design of the appropriate recovery strategy. 71. What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists? A. Repeatable but Intuitive B. Defined C. Managed and Measurable D. Optimized ANSWER: B NOTE: Defined (level 3) is the lowest level at which an IT balanced scorecard is defined. 2. During the system testing phase of an application development project the IS auditor should review the: A. conceptual design specifications. B. vendor contract. C. error repor ts. D. program change requests. ANSWER: C NOTE: Testing is crucial in determining that user requirements have been validated. The IS auditor should be involved in this phase and review error reports for their precision in recognizing erroneous data and review the procedures for resolving errors. A conceptual design specification is a document prepared during the requirements definition phase. A vendor ontract is prepared during a software acquisition process. Program change requests would normally be reviewed as a part of the postimplementation phase. 73. When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures: A. allow changes, which will be completed using after-the-fact follow-up. B. allow undocumented changes directly to the production library. C. do not allow any emergency changes. D. allow programmers permanent access to production programs. ANSWER: A NOTE: There may be situations where emergency fixes are required to resol ve system problems.This involves the use of special logon IDs that grant programmers temporary access to production programs during emergency situations. Emergency changes should be completed using after-the-fact follow-up procedures, which ensure that normal procedures are retroactively applied; otherwise, production may be impacted. Changes made in this fashion should be held in an emergency library from where they can be moved to the production library, following the normal change management process. Programmers should not directly alter the production library nor should they be allowed permanent access to production programs. 4. Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should: A. include the statement of management in the audit report. B. identify whether such software is, indeed, being used by the organization. C. reconfirm with management the usag e of the software. D. discuss the issue with senior management since reporting this could have a negative impact on the organization. ANSWER: B NOTE: When there is an indication that an organization might be using nlicensed software, the IS auditor should obtain sufficient evidence before including it in the report. With respect to this matter, representations obtained from management cannot be independently verified. If the organization is using software that is not licensed, the auditor, to maintain objectivity and independence, must include this in the report. 75. Which of the following would be BEST prevented by a raised floor in the computer machine room? A. Damage of wires around computers and servers B. A power failure from static electricity C. Shocks from earthquakes D. Water flood damage ANSWER: ANOTE: The primary reason for having a raised floor is to enable power cables and data cables to be installed underneath the floor. This eliminates the safety and damage risks pose d when cables are placed in a spaghetti-like fashion on an open floor. Static electricity should be avoided in the machine room; therefore, measures such as specially manufactured carpet or shoes would be more appropriate for static prevention than a raised floor. Raised floors do not address shocks from earthquakes. To address earthquakes, anti-seismic architecture would be required to establish a quake-resistant structural framework.Computer equipment needs to be protected against water. However, a raised floor would not prevent damage to the machines in the event of overhead water pipe leakage. 76. The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents? A. Antivirus software B. Hardening the servers C. Screening routers D. Honeypots ANSWER: D NOTE: Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators.All activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks. 77. The purpose of a deadman door controlling access to a computer facility is primarily to: A. prevent piggybacking.B. prevent toxic gases from entering the data center. C. starve a fire of oxygen. D. prevent an excessively rapid entry to, or exit from, the facility. ANSWER: A NOTE: The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplish ed with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e. g. , a fire. 78. The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to: A. comply with regulatory requirements. B. rovide a basis for drawing reasonable conclusions. C. ensure complete audit coverage. D. perform the audit according to the defined scope. ANSWER: B NOTE: The scope of an IS audit is defined by its objectives. This involves identifying control weaknesses relevant to the scope of the audit. Obtaining sufficient and appropriate evidence assists the auditor in not only identifying control weaknesses but also documenting and validating them. Complying with regulatory requirements, ensuring coverage and the execution of audit are all relevant to an audit but are not the reason why sufficient and relevant evidence is required. 9. During the audit of a database server, which of the following would be considered the GREATEST exposure? A. The password does not expire on the administrator account B. Default global security settings for the database remain unchanged C. Old data have not been purged D. Database activity is not fully logged ANSWER: B NOTE: Default security settings for the database could allow issues like blank user passwords or passwords that were the same as the username. Logging all database activity is not practical. Failure to purge old data may present a performance issue but is not an immediate security concern.Choice A is an exposure but not as serious as B. 80. An IS auditor finds that a DBA has read and write access to production data. The IS auditor should: A. accept the DBA access as a common practice. B. assess the controls relevant to the DBA function. C. recommend the immediate revocation of the DBA access to production data. D. review user access authorizations approved by the DBA. ANSWER: B NOTE: It is good practice when finding a potential exposure to look for the best controls. Though granting the database administrator (DBA) access to production data might be a common practice, the IS auditor should evaluate the relevant controls.The DBA should have access based on a need-to-know and need-to-do basis; therefore, revocation may remove the access required. The DBA, typically, may need to have access to some production data. Granting user authorizations is the responsibility of the data owner and not the DBA. 81. What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)? A. The copying of sensitive data on them B. The copying of songs and videos on them C. The cost of these devices multipl

Sunday, September 29, 2019

The Illiad Play

Isaiah Hammed An Iliad Essay Response Honors British Literature Mr.. Jason Then 3/24/14 â€Å"War is Hell† Adventurers seeking for a live blood fest should be cautioned, however, that all this riotous violence is induced through the words of a sole actor, played by James Deviate, in An Iliad. James Deviate tells the story of the Trojan War as he is living and referring to all wars that were fought since. â€Å"Every time I sing this song, I hope it's the last time,† the Poet tells his audience. But it never is because wars keep happening all over the world.An Iliad evokes the message of futility of war, with war, everyone loses and in the end there is no resolution. The message the production of an Iliad is trying to make is that war is foolish as every war. Andrew Bobby's destructed setting portrays the lost and ruined lives in the story. The informal, chatty tone echoes Homer's use of simile, and makes parallels between modern life to the desires that irritated the Tr ojan and Greeks. Deviated gets his message across by his conventional, ballet movements which express the ritual of war.Including the standout scene where the Poet loses it, representing the mindless killing of warriors. The poet gives every person being killed a backstops. As he describes a spear being plunged down someone's throat, he'll say, â€Å"He was a married man with a 3-year-old-son†. Or â€Å"he was an incredible warrior from the fields of Argon, and he was a good potter, known to produce beautiful things. † The poet values each life until the end of it. He glorifies the bravery, loyalty, and strength of the soldiers by giving each a positive quality.The cone where Prima the King chastens himself by putting his life at risk to beg for hi son's dead body, thinking that they will kill him and surprisingly they don't. He begs and Achilles agrees to give it back. Achilles is king enough to say miss, I'll do this†, and is patient enough to warn Prima not to yell so he doesn't kill him. This extraordinary scene depicts the sentimental and courageous side of the manly warriors. The onstage attendance of cellist Alicia Storing promotes the audience's gratefulness of how this ancient story will always remain a story for everyone. Just having the sound f a cello at times will evoke the women who are talked about in the play,† Deviated said. â€Å"Seeing a woman out there alters the story. So often, women and children are the collateral damage in war. Alias's presence, while I describe things like Hectors son being thrown from the battlements, will change how that account resonates. † Snowline) The ghostly presence of the cellist dramatists the story.

Saturday, September 28, 2019

An Analysis of Leadership Models

Models and their Influence on Educational Leadership Pamela Lee University of Phoenix An Analysis of Leadership Models Although there is no conclusive, comprehensive definition of leadership, there has been advances in researching leadership theories that have been uncovered and carried out over the last 200 years. In the late sass, the trait theory permeated the leadership theory. The World War era saw the beginning of the contingency/situation leadership theories of Fiddler, Broom-Yet, and Hershey-Blanchard. In the sass, the research turned toward behavioral leadership theories.Many researchers started to use rating skills and conduct interviews to identify the specific behaviors that leaders engaged in on-the-Job (Wren, 1995). The most recent leadership theories, transactional, and transformational, focus on the relationships between leaders and followers. According to Viola, Wallaby, and Weber, â€Å"Today, the field of leadership focus' not only on the leader, but also the foll owers, peers, supervisors, work setting/context, and culture† (Viola, Wallaby, & Weber, 2009, p. 422). Many of the leadership models have been used in education.The following will be a historical analysis of the trait, behavioral, transactional, and transformational models and their influence on educational leadership over the past 200 years. Close attention will be paid to the evolution of the educational leader (principal) and how his or her roles have changed over time. The scientific study of leadership began in the late sass with the discovery of the traits theory. The common assumption of the time was that certain people were born with the ability to lead, thus making them better leaders than others.Schemers stated, † Those who became leaders were different from those who remained lowers† (Schemers, 1995, p. 83). The goal of trait research was to identify traits that were associated with leadership. The tests measured dominance, masculinity, sensitivity, and physical appearance, to name a few (Schemers, p. 83). During this time, a key leadership role in education was beginning to develop, the principals. As a result of the expansion of education, the one room schoolhouse model with a teacher or master became obsolete.In the sass, grade level schools were established and certain teachers were elevated to the position of â€Å"principal teacher† (Kafka, p. 321). The principal teacher at this time also possessed certain traits. The principal was most always male, who could complete the following clerical and administrative duties that kept the school in order, such as assigning classes, conducting discipline, maintaining the building, taking attendance, and ensuring that school began and ended on time (Kafka, p. 231)t.According to Kafka, These duties brought the principal teacher a degree of authority, as did his role in communicating and answering to the district superintendent, who tended to govern local schools from afar† ( Kafka, 2009, p. 231). Many of these roles matched the traits earlier identified by the scientific studies. The principal was male and showed dominance through authority and could manage and maintain law and order in the school. The role of principal and the type of person who filled this position would not change until the scientific research revealed that traits alone do not determine who should be in leadership positions.In the late sass, Stodgily discovered that â€Å"traits alone do not determine leadership† (Schemers, 1995, p. 84). As a result of Stodgily discovery, new models of leadership were created and researched. One model, behaviorism, researched the behaviors (styles) that a leader would demonstrate in his or her chosen field. Questionnaires such as the Leader Behavior Description Questionnaire was used to identify behaviors that leaders engaged in (Schemers, p. 85). In education, the principals role changed as the country went off to war and people feared the fa scist and communist dictatorships.As a result of the changes in the world and new education laws passed, specifically the law that made school compulsory, the principals role changed and evolved. The principals role became a more democratic role. According to Kafka, â€Å"there was a greater expectation that other members of the school community-? including faculty and even students-?would help make decisions and govern the school. In this sense, the principals authority was drawn somewhat from his role as a democratic leader† (Kafka, 2009, p. 325).Principals would have many roles, they would become instructional leaders, and use the professional training they received and the scientific theories they were presumed to have mastered to bring about the very best classroom teaching and learning (Beck & Murphy, 1993, p. 73-76). Principals ere instructed how to manage custodians and cafeteria duties. Principals were expected to demonstrate a democratic leadership style when runnin g his or her school. In the sass, leadership research shifted from situational and contingency models to the transactional and transformational approaches.The transactional approach made popular by the research of Edwin Hollander focused on the leader as the star of the show. The transactional model did not focus on behaviors or specific situation, but on improving an organization through incentives and rewards. One transactional theory, the vertical dyad linkage theory plopped by Green, described how leaders in groups maintain their position through a series of tacit exchange agreements with their members (Schemers, p. 91). The transformational approach in contrast, is based on the interaction of leaders and followers.Bass, Burns, and House became key leaders in the research annals of transformational leadership. According to Cutout, † Genuine transformational is â€Å"socialized† and transcends self-interest for utilitarian or moral reasons. It seeks a convergence of values distinguish genuine from pseudo forms of transformational leadership† (Cutout, 2002, p. 96). Although the transactional leadership approach can be found primarily throughout business organizations, it also can be found in education at the principal position along with the transformational approach.In the field of education, a principal can implement both transformational and transactional leadership approaches simultaneously. In the sass, principals became agents of change. Healthier stated, â€Å"that this focus on the principals capacity to enact change was only affirmed in the sass with the popularity of Ron Edmondson effective schools research, which emphasized that strong administrative leadership as a common characteristic of successful schools† (Healthier, 1992, p. 37). As a result of No Child Left Behind (NCSC), schools have implemented high stakes testing to satisfy the requirements of the law.Principals are put in the position of having to wear â€Å"t wo hats†, a transformational hat and a transactional hat. Pepper states, † A principals ability to skillfully balance transform and transactional leadership styles will best position a school to accomplish the goals set forth by NCSC while also continuing to focus on individual students needs for academic success† (Pepper, 2010, p. 3). A principal practices a transformational leadership style when he or she is practicing shared leadership with staff, parents, and students.A principal would collaborate with teachers in the areas of curriculum development and instructional practices. The principal also would have a shared vision for the school and collaborate with staff and students to build an effective school culture. The principal would practice transactional leadership when he or she are overseeing the daily operations of the school. The principal would be enforcing policies, procedures, and rules of the school. The principal would reward teachers for accomplishi ng their goals and discipline teachers who do not live up to his or her standards.Although most would think of a principal as a transformational leader, there are times when a principal also has to be a transactional leader to accomplish goals, increase student achievement, and have a safe and effective school for both staff and students. Research and psychological studies will continue to contribute to the pool of leadership theories illustrated in this essay. The study of leadership has evolved from a leader-centered models with the advent of trait and behavioral studies to a Ochs on a multidimensional study that revolves around culture, context, and emotions as seen with the transactional and transformational models. An Analysis of Leadership Models Models and their Influence on Educational Leadership Pamela Lee University of Phoenix An Analysis of Leadership Models Although there is no conclusive, comprehensive definition of leadership, there has been advances in researching leadership theories that have been uncovered and carried out over the last 200 years. In the late sass, the trait theory permeated the leadership theory. The World War era saw the beginning of the contingency/situation leadership theories of Fiddler, Broom-Yet, and Hershey-Blanchard. In the sass, the research turned toward behavioral leadership theories.Many researchers started to use rating skills and conduct interviews to identify the specific behaviors that leaders engaged in on-the-Job (Wren, 1995). The most recent leadership theories, transactional, and transformational, focus on the relationships between leaders and followers. According to Viola, Wallaby, and Weber, â€Å"Today, the field of leadership focus' not only on the leader, but also the foll owers, peers, supervisors, work setting/context, and culture† (Viola, Wallaby, & Weber, 2009, p. 422). Many of the leadership models have been used in education.The following will be a historical analysis of the trait, behavioral, transactional, and transformational models and their influence on educational leadership over the past 200 years. Close attention will be paid to the evolution of the educational leader (principal) and how his or her roles have changed over time. The scientific study of leadership began in the late sass with the discovery of the traits theory. The common assumption of the time was that certain people were born with the ability to lead, thus making them better leaders than others.Schemers stated, † Those who became leaders were different from those who remained lowers† (Schemers, 1995, p. 83). The goal of trait research was to identify traits that were associated with leadership. The tests measured dominance, masculinity, sensitivity, and physical appearance, to name a few (Schemers, p. 83). During this time, a key leadership role in education was beginning to develop, the principals. As a result of the expansion of education, the one room schoolhouse model with a teacher or master became obsolete.In the sass, grade level schools were established and certain teachers were elevated to the position of â€Å"principal teacher† (Kafka, p. 321). The principal teacher at this time also possessed certain traits. The principal was most always male, who could complete the following clerical and administrative duties that kept the school in order, such as assigning classes, conducting discipline, maintaining the building, taking attendance, and ensuring that school began and ended on time (Kafka, p. 231)t.According to Kafka, These duties brought the principal teacher a degree of authority, as did his role in communicating and answering to the district superintendent, who tended to govern local schools from afar† ( Kafka, 2009, p. 231). Many of these roles matched the traits earlier identified by the scientific studies. The principal was male and showed dominance through authority and could manage and maintain law and order in the school. The role of principal and the type of person who filled this position would not change until the scientific research revealed that traits alone do not determine who should be in leadership positions.In the late sass, Stodgily discovered that â€Å"traits alone do not determine leadership† (Schemers, 1995, p. 84). As a result of Stodgily discovery, new models of leadership were created and researched. One model, behaviorism, researched the behaviors (styles) that a leader would demonstrate in his or her chosen field. Questionnaires such as the Leader Behavior Description Questionnaire was used to identify behaviors that leaders engaged in (Schemers, p. 85). In education, the principals role changed as the country went off to war and people feared the fa scist and communist dictatorships.As a result of the changes in the world and new education laws passed, specifically the law that made school compulsory, the principals role changed and evolved. The principals role became a more democratic role. According to Kafka, â€Å"there was a greater expectation that other members of the school community-? including faculty and even students-?would help make decisions and govern the school. In this sense, the principals authority was drawn somewhat from his role as a democratic leader† (Kafka, 2009, p. 325).Principals would have many roles, they would become instructional leaders, and use the professional training they received and the scientific theories they were presumed to have mastered to bring about the very best classroom teaching and learning (Beck & Murphy, 1993, p. 73-76). Principals ere instructed how to manage custodians and cafeteria duties. Principals were expected to demonstrate a democratic leadership style when runnin g his or her school. In the sass, leadership research shifted from situational and contingency models to the transactional and transformational approaches.The transactional approach made popular by the research of Edwin Hollander focused on the leader as the star of the show. The transactional model did not focus on behaviors or specific situation, but on improving an organization through incentives and rewards. One transactional theory, the vertical dyad linkage theory plopped by Green, described how leaders in groups maintain their position through a series of tacit exchange agreements with their members (Schemers, p. 91). The transformational approach in contrast, is based on the interaction of leaders and followers.Bass, Burns, and House became key leaders in the research annals of transformational leadership. According to Cutout, † Genuine transformational is â€Å"socialized† and transcends self-interest for utilitarian or moral reasons. It seeks a convergence of values distinguish genuine from pseudo forms of transformational leadership† (Cutout, 2002, p. 96). Although the transactional leadership approach can be found primarily throughout business organizations, it also can be found in education at the principal position along with the transformational approach.In the field of education, a principal can implement both transformational and transactional leadership approaches simultaneously. In the sass, principals became agents of change. Healthier stated, â€Å"that this focus on the principals capacity to enact change was only affirmed in the sass with the popularity of Ron Edmondson effective schools research, which emphasized that strong administrative leadership as a common characteristic of successful schools† (Healthier, 1992, p. 37). As a result of No Child Left Behind (NCSC), schools have implemented high stakes testing to satisfy the requirements of the law.Principals are put in the position of having to wear â€Å"t wo hats†, a transformational hat and a transactional hat. Pepper states, † A principals ability to skillfully balance transform and transactional leadership styles will best position a school to accomplish the goals set forth by NCSC while also continuing to focus on individual students needs for academic success† (Pepper, 2010, p. 3). A principal practices a transformational leadership style when he or she is practicing shared leadership with staff, parents, and students.A principal would collaborate with teachers in the areas of curriculum development and instructional practices. The principal also would have a shared vision for the school and collaborate with staff and students to build an effective school culture. The principal would practice transactional leadership when he or she are overseeing the daily operations of the school. The principal would be enforcing policies, procedures, and rules of the school. The principal would reward teachers for accomplishi ng their goals and discipline teachers who do not live up to his or her standards.Although most would think of a principal as a transformational leader, there are times when a principal also has to be a transactional leader to accomplish goals, increase student achievement, and have a safe and effective school for both staff and students. Research and psychological studies will continue to contribute to the pool of leadership theories illustrated in this essay. The study of leadership has evolved from a leader-centered models with the advent of trait and behavioral studies to a Ochs on a multidimensional study that revolves around culture, context, and emotions as seen with the transactional and transformational models.

Friday, September 27, 2019

World Cinema Essay Example | Topics and Well Written Essays - 1250 words

World Cinema - Essay Example With this close-up shot, the audience could notice that her eyes are looking towards the left or the shadowed side of her face. This reflects the confusion in her mind, the shrouded mystery of why this has happened to her which seems to be more poignant to her than all the physical suffering that she has endured. Also a sense of shame can be interpreted from her gaze to the left as she does not look directly to the audience. Just by the opening close-up shot on the Bride’s face, we can already sense that the whole movie will revolve around her tribulations and suffering, but more importantly, in her uncovering why this has happened to her. The following scene then shows a combination of a close-up shot and a tracking shot of an unknown person’s shoes walking left to right. These combinations of shots give an impending feeling to the audience yet at the same time, a mysterious aura because only the sleek leather shoes of the person is shown in the frame. The next scene goes back to the close-up shot on the Bride’s distorted face and the tip of the shoe seen earlier is now visible on the lower-right portion of the frame meaning this scene is a conjunction of the two previous scenes. At that precise moment, the Bride’s face tilts towards the right a little, exposing her face more than before and her eyes look towards the right as well. Her eyes convey the impression of fear on the person drawing near her. Her eyes also tell implicitly that the person who gave her the bruises and cuts on her face is the person is the person she is looking at right now. With the close-up shot, one could clearly see the trembling of her lips as the person in leather shoes moves in on her. She closes her eyes a little as if not wanting to see the person in front of her. The unknown person reaches out his hand holding a handkerchief to wipe the bleeding of the face of the Bride only for the Bride to look away and reject this person’s s how of compassion. Particularly

Thursday, September 26, 2019

Reflection Paper #2 Essay Example | Topics and Well Written Essays - 1000 words

Reflection Paper #2 - Essay Example Each of these characteristics is particularly important in developing my leadership skills. I first learned about my strengths, when my friends asked me to help them in a rather complicated situation. Then I not only learned about my strengths but also was able to apply them quite successfully. I believe that creativity is particularly important for a leader. It enables the leader to demonstrate an innovative approach to the work of his/her staff and workflow. Creativity in the work of the leader is an opportunity for employees to demonstrate their strengths and a variety of talents, which can have a positive impact on the company. Creativity can be regarded as a supporting element for a successful teamwork. I understand creativity as openness to new, innovative and unconventional approaches to work. Creativity can be expressed in various forms. I believe that creativity is an inherent quality of the modern professional. Any large company needs not only creative managers, but also creative leaders who are able to introduce new ideas to improve the work of the organization. Experience of the most successful people in the world, as well as numerous psychological studies demonstrate that the secret of success in one’s career is such a quality as creativity. In addition, as a creative leader I am able to demonstrate flexibility. Flexibility implies a willingness to adapt to changes affecting various aspects of the team. Flexibility can manifest itself in ways of organizing the learning process, methods of obtaining the desired results, etc. Todays reality is that the professional leader is well aware that he/she cannot always and everywhere show a conservative attitude to different business issues. The task of the modern leader is to respond to various changes quite quickly and adequately. It is no coincidence that that the majority of modern experts in the field of leadership argue

The Pros & Cons of In-House Versus Outsourced R&D (Research & Essay

The Pros & Cons of In-House Versus Outsourced R&D (Research & Development) Activity for Technology Firms - Essay Example The first section takes into account the various purposes and definitions of outsourcing as an activity. The primary reasons are explored in detail as to its evolution and factors influencing its security impacts on businesses. The next section outlines the various security issues that may arise in the outsourcing business and its various implications to the business and customer confidence. The primary focus is on secure outsourcing which acts to the safety of businesses and retains the faith and confidence in their services. It acts as a great tool to foster harmonies relationships and ensure business continuity for gaining competitive advantage. The need for state-of-the-art IT solutions worked out and innovations implemented with small losses, outsourcing may be the only way out. It will save from the nightmare of retraining employees (or even hiring new ones) and/or paying for re-equipment (Kenneth, 2007). Information strategy for any organization is purely based on their requirements to manage business and envelope operations into a system which would in turn effectively manage their resources and yield not only profits in the long run but satisfaction to its employees and customers (Laudon, 2002). Rich human capital: Outsourced software vendors produce ‘A’ level business and technological graduates from its most prestigious institutes like Institutes of Management and Institute of Technology. They possess extremely high talent in terms of fundamental knowledge and high level of skills due to their immense strength of aptitude and quantitative ability. The human capital has capability to take up entrepreneurship and make a difference to their economy (Checkland, 2003). Cost efficiency: In Outsourced software vendors, the costs of living and spending habits are quite less and thus the monetary policies are favorable for development at low costs. It makes it favorable for companies to outsource

Wednesday, September 25, 2019

Enron Corporation (former NYSE ticker symbol ENE) Essay

Enron Corporation (former NYSE ticker symbol ENE) - Essay Example ThÐ µ company did not havÐ µ accountability or transparÐ µncy to its sharÐ µholdÐ µrs; it liÐ µd to thÐ µm. ThÐ µ currÐ µnt status of thÐ µ casÐ µ against thÐ µ now dÐ µfunct TÐ µxas company, has not yÐ µt bÐ µÃ µn rÐ µsolvÐ µd. By 2001, it was rÐ µportÐ µd that â€Å"ThÐ µ company, whosÐ µ main businÐ µss is Ð µnÐ µrgy trading, is in crisis following thÐ µ tÐ µrmination of a multi-billion dollar rÐ µscuÐ µ bid† (WÐ µiss, 2001). It foldÐ µd as a rÐ µsult, but in its primÐ µ was considÐ µrÐ µd to bÐ µ an innovativÐ µ company and industry lÐ µadÐ µr. Еnron at thÐ µ hÐ µight of its powÐ µr contributÐ µd as much as $2.1 million in â€Å"individual, P A C, and soft monÐ µy contributions to fÐ µdÐ µral candidatÐ µs and partiÐ µs:† this rankÐ µd it â€Å"among thÐ µ top 50 organizational donors in thÐ µ 1999 – 2000 Ð µlÐ µction cyclÐ µÃ¢â‚¬  (WÐ µiss, 2001). AftÐ µr thÐ µ vÐ µry public fall of Еnron, n Ð µw accountability mÐ µasurÐ µs bÐ µcamÐ µ thÐ µ stuff of Ð µxtrÐ µmÐ µ mÐ µdia, public, and political scrutiny. If Еnron had had such mÐ µasurÐ µs in placÐ µ initially, it arguably wouldn’t havÐ µ fallÐ µn. Discuss whÐ µthÐ µr Еnron’s officÐ µrs actÐ µd within thÐ µ scopÐ µ of thÐ µir authority. Еnron stayÐ µd in thÐ µ nÐ µws long aftÐ µr thÐ µ initial accounting scandal, as jury sÐ µlÐ µction bÐ µgan for thÐ µ casÐ µ of its Ð µx Ð µxÐ µcutivÐ µs KÐ µnnÐ µth Lay and JÐ µffrÐ µy Skilling. ThÐ µsÐ µ individuals actÐ µd bÐ µyond thÐ µ scopÐ µ of thÐ µir authority. ... ThÐ µ bankruptcy court will likÐ µly allow thÐ µ paymÐ µnts to stand† (WÐ µinbÐ µrg and CookÐ µ, 2001). KÐ µnnÐ µth Lay is morÐ µ publicly associatÐ µd with thÐ µ casÐ µ although his namÐ µ is oftÐ µn mÐ µntionÐ µd bÐ µsidÐ µ Skilling’s, bÐ µcausÐ µ Lay is thÐ µ individual who foundÐ µd thÐ µ company in thÐ µ first placÐ µ, whilÐ µ Skilling was its CЕO. â€Å"Еnron foundÐ µr KÐ µn Lay and formÐ µr chiÐ µf Ð µxÐ µcutivÐ µ JÐ µffrÐ µy Skilling havÐ µ suffÐ µrÐ µd anothÐ µr sÐ µtback in thÐ µir Ð µfforts to havÐ µ thÐ µir trial at thÐ µ Ð µnd of thÐ µ month dismissÐ µd. US District JudgÐ µ Sim LakÐ µ, who will bÐ µ hÐ µaring thÐ µ fraud and conspiracy casÐ µ, thrÐ µw out allÐ µgations of misconduct by prosÐ µcutors. ThÐ µ pair's lawyÐ µrs havÐ µ bÐ µÃ µn arguing for months that prosÐ µcutors havÐ µ hampÐ µrÐ µd thÐ µir dÐ µfÐ µncÐ µ Ð µfforts by intimidating kÐ µy witnÐ µssÐ µs† (Е nron, 2006). DÐ µscribÐ µ thÐ µ corporatÐ µ culturÐ µ at Еnron. ThÐ µ businÐ µss culturÐ µ in which Еnron was stÐ µÃ µpÐ µd involvÐ µd unÐ µthical and non transparÐ µnt accounting practicÐ µs usÐ µd by thÐ µ company. Еnron was callÐ µd out on corruption and its lÐ µadÐ µrs havÐ µ bÐ µÃ µn indictÐ µd for fraudulÐ µnt financial statÐ µmÐ µnts and businÐ µss practicÐ µs. ThÐ µsÐ µ causÐ µd its stock to plummÐ µt in valuÐ µ whÐ µn thÐ µ Ð µxtÐ µnt of corporatÐ µ corruption at Еnron was rÐ µvÐ µalÐ µd. StakÐ µholdÐ µrs Ð µxpÐ µct thÐ µir documÐ µntation to bÐ µ fairly authÐ µntic. Also involvÐ µd by proxy arÐ µ thÐ µ othÐ µr Еnron Ð µxÐ µcutivÐ µs who got payoffs bÐ µforÐ µ thÐ µ company wÐ µnt bankrupt, and thÐ µ lowÐ µr lÐ µvÐ µl Ð µmployÐ µÃ µs who didn’t sÐ µÃ µ any of this financÐ µ coming thÐ µir way. Discuss two allÐ µgÐ µd irrÐ µgularitiÐ µs in thÐ µ actions bÐ µtwÐ µÃ µn sà  µllÐ µrs of sÐ µcuritiÐ µs and Еnron. ThÐ µ problÐ µms involvÐ µd in

Tuesday, September 24, 2019

Culture Aspect of Childbirth and Parenting Essay

Culture Aspect of Childbirth and Parenting - Essay Example There are so many dimensions to it that studying its dynamics could provide deep insights for health care professionals. This paper will examine the case of child birth and care in Kalahari, South Africa. It is expected that the discourse can further highlight the argument that the idiosyncrasies in various culture are especially prominent in pregnancy, child birth and parenting and that an understanding of such could empower health care professionals to be effective especially in decision-making stage when working with a highly diverse population. Kalahari is a region in southern Africa that covers parts of South Africa, Botswana, Angola, Namibia, Zambia and Zimbabwe. The Bushmen have thrived in the region for at least 20,000 years. Children and parenting among them are treated much the same way in Western societies. Babies are indulged and cared for until their survival is ensured. Sigelman and Rider (2011) noted that â€Å"babies are touched 70% of daytime hours, are breast-fed w henever they want (usually 20-40 times a day), and may not be weaned until the age of 4.† (p. 124) The way mothers and families rear their young – with the attention and importance given to this enterprise - is fundamentally the same with how Western communities and families care for their children. They are loved, protected and provided for. The Bushmen, however, practices a unique birthing culture. A very important aspect of it is how the Kalahari women aspire and value the manner of giving birth to her child unaided. At least this has been true in the case of the Bushmen tribe of Ju|’hoansi. According to Selin (2009), this is quite common across this group because solitary child birth is widely seen as an opportunity to prove one’s worth as it is considered part of the rites of passage wherein women can display their ability for self-control, in addition to the ritualistic beliefs entailed in ethnic rites of passage. (p. 17) The implication of this cult ural practice is that it exposes mothers and infants to several risk factors; the most serious of these is death. This practice appears so different from the Western idea about the entire birthing process. In most western societies such as in the United States, pregnancy and child birth is an opportunity for family, relatives and friends to lend support. They are equated with the procreation processes and, hence, are extremely important for many individuals beyond the family. In addition, anthropologists consider kinship relationships in the West as fundamentally connected with acts of birth and human understanding of procreation. (Stone 2009) And so pregnancy and birthing are considered an event of extreme interest. Rites, beliefs, myths, among other cultural practices that our community have made all feature the requirement of support and closer ties. It is normal for us to see assistance, especially those by women who possess authoritative knowledge on the process, as one with gr eat survival value for birthing mothers. This is the reason why today both the health professional such as the doctor or the midwife are actual partners in the pregnancy and the birthing enterprise. Another interesting aspect about child birth in Kalahari is the environment. Desert covers much of the area and this claimed an important impact in the childbirth beliefs and behaviors of the Bushmen. Unlike in our society, for instance, the Bushmen did not have the luxury of water for birthing. Women

Monday, September 23, 2019

Issues of Corporal Punishment Research Paper Example | Topics and Well Written Essays - 1500 words

Issues of Corporal Punishment - Research Paper Example According to Farrell, the existence of corporal punishment has diminished in Western society, but the practice is still continued in non-western societies, and the politicians of the western society keep on trying to making this punishment method a part of their legal system. Corporal punishment has existed in schooling systems and questions have been raised against and support has been given in the favour of corporal punishment in educational institutes. Activities that are categorized as Corporal punishment includes: whipping, gagging, flogging etc. These activities were practiced in US as well as Europeans nations for several years. Graeme Newman, a supporter of Corporal Punishment has stated in his work that activities such as electric shocks that are listed under the corporal punishment regime should be assigned for even smaller degree of crimes (Howard, 2001, p.259). He supports this kind of punishment over prison period because he believes that this punishment is equal to the crime committed and prison period cannot be compare to the crime committed. He is even in favour of corporal punishment as he believes that punishment has lower economic costs as compared to prison period. Body History The history of corporal punishment can be traced back to the period of tenth century and its existence can be traced in the educational and legal system of Rome and Egypt. Certain nations were highly popular for using such way of punishing individuals, one of such nations was Sparta, and during this period this means of penalizing individuals was most commonly used. During the Roman period the minimum corporal punishment assigned to an individual was forty counts of strokes with a whip or lash on the back and in certain cases fasces were applied on an individual’s buttocks. Such punished were carried to the extent of making the criminal bleed and these punishments were made public with the objective of creating an example out of these punishments and to inflict fear in the citizens. During the 5th and the 15th century, same practices were conducted and encouraged by the churches of that period in Europe. Due to the educational system’s close attachment to the churches of that period, these methods of disciplining individuals were even adopted by educational institutes. This treatment was never opposed before the 11th century, during 11th century, it gain criticism as it was being used continuously to discipline children and the degree of this punishment was considered very high. Corporal punishment experienced a complete switch during the 16th century. During this period these punishments were made available for the public’s eyes to inflict fear in those who have never committed a crime or who were potential future criminals. During this period Roger Ascham was one of those who criticized the use of corporal punishment in educational institutes. Another popular criticizer was John Locke, he openly criticized its use in educa tional institutes and due to his continuous criticism, this way of penalizing children in educational institutes was banned by the policy makers and educators of Poland during 1783 and Poland gained recognition as the first country every to do so (Hastings, 1971, p.144). This way of punishing individuals gained further criticism during the 18th century by policy makers and

Sunday, September 22, 2019

Women and Motorcycles Essay Example for Free

Women and Motorcycles Essay Introduction An American tradition can be dated back to 1903 when two young men brought their idea to life and produced the first Harley-Davidson motorcycle. At the time, the motor-driven motorcycle that these young men were inventing was to be for their own personal use. Once it was produced, it became popular with motorcycle enthusiast and having survived some difficult times Harley-Davidson is just as popular today, as it was when if first began (Bolfert). According to the company’s gross revenue in 2010, Fortune 500 list Harley-Davidson at number 430. What keeps Harley-Davidson going strong? Is it the motorcycles, the people who ride these machines, or is it because Harley-Davidson Motor Company is a great American success story (Bolfert)? The story of Harley-Davidson is an interesting story that I hope you will enjoy learning about. The motorcycles are true legends of art, but the people who choose to ride these machines are truly remarkable people. People often judge a group of riders as being a rough and rowdy crowd looking for trouble, but as you will learn through this paper, most of these groups are the friendliest and most helpful people you could find. Harley-Davidson and motorcycles are usually considered a masculine sport intended for men (Mitchel). However, there are women out there who enjoy the freedom of riding their own Harley. So, when did women become so passionate for the open road and begin riding Harley-Davidson motorcycles? What does Harley-Davidson Motor Company do to attract women to the sales of its products and services? Let the story of Harley-Davidson and women riders begin. History Although there had been steam powered tricycles and gasoline bicycles in the 17 and 1800’s, the story of Harley-Davidson begins in a small shed of a neighbor. William Harley and Arthur Davidson were neighbors and boyhood friends that worked at a Milwaukee manufacturing company as an apprentice draftsman and pattern maker with dreams of their own. They set out to build a motor-driven bicycle for their own personal use. Having built their own bike in 1902, they were not satisfied that the engine didn’t take all the work out of cycling and soon sought the help of Arthurs’ brother Walter, who was a skilled mechanic, to help produce a more powerful engine. They also needed a toolmaker to help with the development of the motorcycle and asked their brother William to join the team (Bolfert). Later, the same year the first true Harley-Davidson engine was completed and Bill Harley and the three Davidson brothers were ready to put their idea into production. Needing more space to produce their creation, the Davidson brothers’ father built a 1015-foot building in their backyard. It was here that a legend was born with the boys painting â€Å"Harley-Davidson’s Motor Company† on the door and producing three motorcycles in 1903 (Bolfert). Harley-Davidson’s reputation of being durable and dependable began with the very first produced motorcycle. This motorcycle had been bought and sold to several different men, who performed very low maintenance to the bike, and accumulated 100,000 miles with its original bearings (Bolfert). To meet the demand for stronger engines and better performance, Harley and the Davidson brothers produced the first V-twin engine in 1909. However, the first 27 manufactured V-twin motorcycles were recalled and destroyed, with the exception of one which resides in the Harley-Davidson museum today. In 1910 no V-twin models were produced because they wanted to make sure they developed an engine that would â€Å"measure up to the Harley-Davidson reputation for power, dependability and performance† (Bolfert). The V-twin model was reintroduced in 1911 and the Harley-Davidson low, deep rumble sound known today roars on (Bolfert). From the beginning, women have had the same enthusiasm as men for Harley-Davidson motorcycles. Photos from the early years of 1900 show advertisements of women posing on the legendary Harley-Davidson motorcycles. In 1910 one of the first articles published of a woman riding a motorcycle is in, The Bicycling World and Motorcycle Review, who wrote about Miss Leda Leslie and her Harley-Davidson (Harley-Women). Another early article of a woman on a Harley-Davidson is about Della Crewe and her dog named â€Å"Trouble. † Having only ten days of riding experience this lady and her dog set out to see America on her V-twin that had an attached sidecar. They left Waco, Texas in the summer of 1915 and by November they had made their way to Ohio traveling through rain and snow. When they finally reached their destination of New York City, they had traveled 5,378 miles and Della stated, â€Å"I had a glorious trip. I am in perfect health, and my desire is stronger than ever to keep going. † It wasn’t long before this pair was making their way to tour the South (Bolfert). The Enthusiast dubbed Vivian Bales as â€Å"The Enthusiast Girl† for her 5000 mile trip on her Harley-Davidson. During the Depression, Dot Robinson competed in endurance races right along with the men and in 1940 would win the Jack Pine Endurance sidecar race. During this time, another avid motorcycle rider contacted Dot Robinson to help form an organization for women riders. It was in 1940 that Dot Robinson and Linda Dugeau formed the first motorcycle riding club for women called â€Å"Motor Maids. † The first African-American to travel cross-country through 48 states in the 30 and 40’s was Bessie Springfield, who often had to sleep at filling stations on her motorcycle. She later joined a motorcycle dispatch unit for the army and rode across America delivering documents for the U. S. Army. During her life she owned 27 different Harley-Davidson motorcycles and continued to ride long after the doctors advised her not to (AMA Motorcycle Museum Hall of Fame). These brave and bold women paved the way for women today, to enjoy the pleasure of riding out on the open road on their own motorcycle. Geographical Scope While the Harley-Davidson headquarters are still located in Milwaukee, Wisconsin where it first originated, the company has grown and has other areas across America that helps with the production of the Harley-Davidson motorcycles. The company has testing and evaluation centers located in Meza, Arizona and Naples, Florida. In Franklin, Wisconsin is a distribution center is that is accountable for materials going from suppliers to warehouses. Harley-Davidson Dealer Systems that provides software, hardware, training and customer support to dealerships is located in Valley View, Ohio. Ann Arbor, Michigan holds the plant that protects the trademarks of Harley-Davidson. Wouwatosa, Wisconsin is home to the facility that produces â€Å"middleweight† engines for the Sportster models. Menomonee Falls, Wisconsin known as â€Å"Home of the Big Twin† produces engines and transmissions for the larger model motorcycles. The Product Development Center is located in Wouwatosa, Wisconsin and is responsible for the development, testing, and styling of new products. Talladega, Alabama is home to a testing site for Harley-Davidson. Tomahawk Operations in Tomahawk, Wisconsin is responsible for fiberglass body parts, windshields, and saddlebags. Kansas City, Missouri is home to the plant that produces the Sportster, Dyna, and V-Rod models. While York, Pennsylvania produces the Touring, Softail, and factory custom motorcycles such as the Screamin Eagle (Harley-Davidson). Products and Services The number one product of Harley-Davidson is its line of motorcycles with the Screamin Eagle editions being the most popular. The Screamin Eagle models have a limited number manufactured and come with all the chrome and custom work already done. The service departments can do anything from a simple service to rebuilding an engine. Need body work done to your ride? Harley-Davidson service departments can rebuild your ride for you (Harley-Davidson). Harley-Davidson offers a large variety of products for men, women, and children. Most men and women will ride out in full leather gear which includes gloves, chaps, bandanas, helmets, and jackets. Most people think bikers wear all this to look tough, but truth be known, all the leather is protection for your skin in the event of a fall on asphalt (Harley-Davidson). Harley-Davidson offers a full line of apparel and jewelry for women, men, and children. In 2010, Harley-Davidson came out with the Pink Label collection with a percentage of the proceeds going to the Y-me National Breast Cancer Organization. Even men wore shirts with the pink ribbon and slogan reading â€Å"On This Road, No One Rides Alone (Harley-Davidson). † One service that Harley-Davidson offers to attract women riders is the â€Å"Riders Edge† course that teaches a person how to handle and ride a motorcycle safely. Upon completion of this course one can go to the DMV to take the motorcycle written test and with a passing score can receive a motorcycle endorsed license. Harley-Davidson will even take off the amount paid for the course toward a purchase of a new motorcycle. That’s three hundred dollars off a new bike before any other discounts. Subsidiaries. Harley-Davidson has two subsidiaries in Italy, MV Augusta and Cagiva. Both of these companies sell motorcycles that are used in racing and what is known here as â€Å"crotch rockets. † Buell, an American made motorcycle, is another subsidiary of Harley-Davidson that was founded in 1994, but sadly closed in 2009 (Subsidiaries of H-D). Due to being lighter and easier to handle and maneuver, Harley-Davidson uses these bikes to teach riders how to operate a motorcycle safely through the â€Å"Riders Edge† course. Harley-Davidson has a subsidiary known as H. O. G. which stands for Harley Owners Group, for people who own Harley-Davidson motorcycles. Anyone who buys a new Harley-Davidson motorcycle is automatically enrolled for a one year membership. By being a H. O. G. member you can receive discounts on insurance and Harley-Davidson products. H. O. G. even recognizes women riders by giving them a special â€Å"Ladies of Harley† patch and pin. The H. O. G. chapters are in nearly every city and form rides to get owners on their bikes (Harley-Davidson). Finance In 1995 women represented only about 2% of the motorcycle sales. With more women learning to ride, women represent about 12% of the motorcycle sales in 2010 (Clothier). For the year of 2010, the Harley-Davidson homepage reported income from continuing operations being 259. 7 million dollars, with Harley-Davidson Financial services contributing 181. 9 million dollars to that income. Dealerships world-wide sold a total of 222,110 new Harley-Davidson motorcycles at retail with the U. S. selling 143,391 of these new bikes. A total of 210,494 Harley-Davidson motorcycles were shipped from the company in 2010. The following table breaks down each quarter income and losses with the last column showing the total for the year (Harley-Davidson). HARLEY-DAVIDSON, INC. CONDENSED CONSOLIDATED STATEMENTS OF INCOMEUnaudited YEAR ENDED DECEMBER 31, 2010 (IN THOUSANDS) Q1Q2Q3Q4TOTAL Net Revenue from motorcycles and related products$1,037,335$1,135,101$1,087,115$917,076$4,176,627 Gross Profit379,547396,984379,806271,0661,427,403 Selling, administrative and engineering expense205,204208,952210,828260,153885,137 Restructuring expense48,23630,12567,47617,671163,508 Operating income from motorcycles related products126,107157,907101,502(6,758)378,758 Financial services revenue169,837173,705172,845166,322682,709 Financial services expense143,155112,860121,977122,844500,836 Operating income from financial services26,68260,84550,86843,378181,873. Operating income152,789218,752152,37036,720560,631 Investment income8671,5511,2391,7765,442 Interest expense23,45523,59123,10220,20990,357 Loss on debt extinguishment85,24785,247 (Loss) income before income taxes130,210196,712130,507(66,960)390,469 (Benefit from) provision for income taxes61,46957,42536,790(24,884)130,800 (Loss) income from continuing operations68,71139,28793,717(42,076)259, 669 Loss from discontinued operations, net of tax(35,416)(68,130)(4,888)(4,690)(113,124) Net income$ 33,325$71,157$88,829(46,766)146,545. At the end of the fiscal year, Keith Wandell (President and CEO of Harley-Davidson) states: â€Å"We feel good about our 2010 results. † â€Å"While there is still hard work ahead and we remain cautious in our outlook, I am confident we are positioning Harley-Davidson to succeed and deliver value for all our stakeholders into the future. † â€Å"For 2011, we plan to build on our position as one of the strongest brands in the world through our continued focus on customer led products and experiences. † Future Trends To help boost sales in 2011, Harley-Davidson will allow customers to design a Sportster 1200 Custom on-line, order it from their local dealer, and Harley-Davidson will build it at the factory and ship it to you (Harley-Davidson). Another trend for 2011 is Bike Builder, which is an online tool that allows customers to visualize different options on their motorcycle as they are building it (Harley-Davidson). This will allow customers to get the real look of the bike with their choice of custom work before spending the money on the bike and not being satisfied with the outcome. By listening to the customers and giving them what they want, Harley-Davidson will continue to be leader in motorcycle sales. Miscellaneous Freedom and America being a part of Harley-Davidson history Harley-Davidson has formed a Harley’s Hero tour that honors and supports Disabled American Veterans. Harley-Davidson pledged one million dollars to this foundation in 2006 and another one million dollars in 2010 to support the Nations Heroes. â€Å"Through this foundation Harley-Davidson provides free access to benefits for all veterans,† and shows them our appreciation for our freedom (Harley-Davidson). Local Harley-Davidson dealerships hold benefit rides to raise money for various cancer organizations such as Relay for Life, Bikers for Boobs, and for individuals who needs help paying medical expenses. Harley riders love to come out and support these benefits with as many as 400 to 500 bikes in one ride. It not only gets us out to raise money for cures, but gives us a chance to ride. Conclusion By attracting women into the sport of motorcycling, Harley-Davidson has now launched May as Women’s month. During May, Harley-Davidson will hold garage parties, and rides for women to help attract even more to the sport. So women like Dot Robinson and all women riders today have helped make Harley-Davidson a success. The motorcycles being dependable and reliable, the people who choose to ride these machines, and the fact, that it is a great American success story have all made Harley-Davidson legendary. Harley-Davidson has faced many difficulties over the last 108 years and is still going strong, so when we are having a bad day and going through difficult times, let’s do as the Harley-Davidson slogan states: â€Å"Screw it, let’s ride. †