World History: Ancient Civilizations

Joseph Reyes 2-B World History Ancient Civilizations People have been on the earth for hundreds of years. They have come together to become the best of the best. Civilizations were ways to put humans in to an organized group and to survive the ways of nature. Two civilizations were successful and survived for a long time. Ancient Mesopotamia was a much different civilization then Egypt, but both were organized in a similar way. They both developed by setting up their government, controlling their environment, and their values. In Mesopotamia the priest was in charge of dividing the farmers into groups to farm and take care of the land.In Egypt the priests were in charge of making a record of their pharaohs and marking the most important happenings of their reigns. Mesopotamia used the Code of Hammurabi which was laws that concerned daily life, business, medicine, property, and family. It was based on an eye for an eye (revenge) and was to give justice for all. In Egypt the pharaoh wa s considered a god that ruled the Egyptians and had absolute power that made all the laws of the land and decisions. This is both civilizations form of government and was successful for years; some of those laws are still in modern day government.Egyptians used the Nile River which provided food and water, farming, and transportation of goods. This helps them in their survival for the fact that they were living in the middle of a desert. In Mesopotamia, they developed city-states which were around the Tigris and Euphrates Rivers. These rivers were a key in their survival; they used these rivers for food, transportation, as well as plants. The rivers created a Fertile Crescent which allowed farming in Mesopotamia, the Fertile Crescent were important it was surrounded by desert and anything outside of it can’t be farmed. Using heir environment was an important key factor for the survival of these two great civilizations. As I said earlier Egyptians believed that the pharaoh was a god and was one with the divine. The Egyptians (supposedly) built the pyramids for the pharaohs to be buried in after they died and along with all of his possessions. The Sumerians and Akkadians practiced polytheism which was the worship of many gods. They believed that keeping the gods happy was the key to happiness and prosperity. They built big temples called ziggurats which were supposed to link Earth with the heavens and link people with the gods.These were the beliefs of the civilizations and have shape humans in to believing in religion and God. All of this contributed to the success of the two civilizations. With their government controlling their actions and giving justice where needed. They also controlled their environment to use for their own advantage which allowed them to eat and use for transportation. Building great monuments for their beliefs and believing to obey all the rules of God as well. I believe all this contributed to the success of two giant civilizatio ns.

The Top Ten Mistakes Leaders Make

Do you have a problem communicating with your staff? Do you feel you are not eliciting the best in your employees? If so, it is likely that â€Å"The Top Ten Mistakes Leaders Make,† holds the answer. The author, Dr. Hans Finzel Hans maintains that† inappropriate leadership habits often result from observing the poor leadership habits of others. † (Finzel, 2000). He uses case studies and biblical principles to illustrate the top ten mistakes most frequently made by leaders. This book will help you identify your errors and provide you with the tools to modify your style for more effective management.(Finzel, 2000). Chapter Summary The book contains ten chapters. Each chapter features a â€Å"mistake† and provides examples to show how each inappropriate leadership action can be modified to engender more effective leadership, encourage optimal production, and promote growth in the organization. (Finzel, 2000). Chapter 1, â€Å"The Top-down Attitude† is co ncerned with the number one leadership hazard. The author maintains that â€Å"The Top-down Attitude† is a militaristic model that involves egocentric, authoritarian attitudes, and that there are many other, more effective ways to lead.He cites the participatory management style as an example. (Finzle, 2000). Chapter 2, â€Å"Putting Paperwork before Peoplework. † A leader with this attitude gives the impression that people are an annoyance; he prefers to work behind closed doors and is always too busy with â€Å"paperwork† to be bothered by people. (Finzle2000). According to Finzel, (2000), â€Å"regardless of what orientation one has in leadership style–task or people–effective leaders make room for people. Leaving them out is a big, big leadership mistake. † (Finzle, 2000). Chapter 3, â€Å"Absence of Affirmation† is concerned with the incentives that motivate people.According to the author, (2000), affirmation motivates people muc h more than financial incentives†¦.. People thrive on praise. It does more to keep the people who work for you and with you fulfilled than fortune or fame could do. † (Finzle, 2000). Chapter 4, â€Å"No room for mavericks† describes how â€Å"the most creative and†¦. employees are often forced to comply with the inside-the-box thinking†¦. of the Mavericks create messes by their very nature–the good messes institutions need. † (Finzle, 2000). Without â€Å"mavericks† many companies simply fade out of existence, and many others become a shadow of what they once were.Yet today inside many corporations are leaders so focused on compliance and control, that they may control away their futures, and drive those who are innovative away to other places. (Finzle2000). â€Å"Don't allow your policies and procedures to stifle your brightest stars. Be flexible. Bend the rules, if you believe that someone needs more space. † (Finzle, 2000). Chapter 5, â€Å"Dictatorship in Decision-making is about the attitude of â€Å"I am the leader and I know best†¦.. According to Finzel, great leaders are those who truly feel that the led are just as important as the leader. † (Finzle, 2000).Chapter 6,†Dirty Delegation† and how it deflates enthusiasm for a project. â€Å"Leaders make this error in the name of getting things done. Relax and let go. † (Finzle, 2000). Chapter 7, â€Å"Communication Chaos. † â€Å"Never assume that anyone knows anything,† Finzel says. (2000). â€Å"The higher you go in leadership, the more sensitive you have to be about everything you communicate,† he says. â€Å"Every time I make a phone call or write a letter or make a decision, I have to ask, â€Å"what people are affected by this decision/letter/memo/directive? What are the linkages? † (Finzle, 2000). Chapter 8, â€Å"Missing the Clues of Corporate Culture.† Very simply defined, Fi nzel points out; corporate culture is â€Å"the way we do things around here. † (Finzel, 2000). â€Å"If you miss the culture clues as a leader, you may be in for some tough times,† he says. (Finzel, 2000). â€Å"As a leader, spend some time alone and sort out your own values and beliefs. Then work it through with your leadership team and come up with a list of the values and beliefs your whole team stands for. This becomes the powerful glue that holds you together, like the individual layers in a sheet of plywood. † (Finzle, 2000). Chapter 9, â€Å"Success without Successors.† In this chapter, the author gives the real-life example of a â€Å"large church where the plan was to have the older, soon-to-retire pastor to mentor the younger chosen successor. However, two camps soon developed with those who wanted change following the younger man and the â€Å"I side with the old† people following the older man. The older pastor quit in protest and the successor was voted out of the church, leaving it leaderless. † (Finzel, 2000). The answer to the dilemma? â€Å"To end well, we must not get too wrapped up in our own indispensability. Humility is the key to finishing well and passing the torch on to our successors (Finzel, 2000).Chapter 10, â€Å"Failure to Face the Future. † According to Finzel, (2000), â€Å"A leader's concentration must not be on the past nor on the present, but on the future. If we don't make the time to plan for the future, we will be its victims. † (Finzle, 2000). The author concludes his work with ideas about changes in the general philosophy of leadership, the reminder that setting goals that will help you avoid errors in leadership. (Finzle, 2000). Critique This book is accurate in theology and doctrine, and is useful and appropriate for both spiritual and secular leadership roles.It enables the leader to identify acquired habits and potential pitfalls that lead to leadership problem s, and provides the tools to help them alter their style for more effective management. It is significant that the author suggests a concise list of such habits for leaders to dissect and change, with anecdotal examples. Dr. Finzel’s concepts can be employed in most companies and organizations. His strategies embrace a positive, ethical approach to leadership that has been noticeably absent in many corporate cultures in America in recent history.Each chapter presents some outstanding insights into how leaders fail to make the most of their people, and get results. (Finzel, 2000) Hans Finzel makes the case that poor leadership habits are often the byproduct of observing others' poor leadership habits. This book suggests a concise list of such habits for leaders to dissect and change, with anecdotal examples as well as clear action items that can be implemented tomorrow morning. (Finzel, 2000) The author also makes some very significant points about improvements that need to be made in our country’s philosophy of leadership. (2000).He states that today’s leaders: †¢ Replicate the poor leadership habits they have observed in others. †¢ Often lack basic skills for common leadership demands. †¢ Lack good models and mentoring †¢ Lack formal leadership training (Finzel, 2000) Many-books are available today, but this book is different because it delivers what it promises, and provides no-nonsense, practical advice for managers and supervisors. The author's positive and supportive attitude fosters real interaction and communication, and is a superior accolade to the relationship between leaders and those they guide. OpinionThis is a book is a priceless instrument for anyone in position of leadership. Dr. Finzel’s strategies embrace a positive, ethical approach to leadership that has been noticeably absent in America’s corporate culture in recent history About the Author Dr. Finzel is a graduate of Dallas Theologica l Seminary, and the Fuller School of Missions. He is the executive director of Conservative Baptist International, which is a mission organization. He has held that position since 1993. (Powell’s Books, 2005). Prior to beginning his job at CBI, Dr. Finzel spent ten years working in the field of leadership training in Vienna, Austria.He lives in Littleton, Colorado with his wife and their four children. (Nelson Ministry, 2000). Bibliography About the Author (2005). Powell’s Books Services [On Line]. Available from: www. powells. com/biblio? PID=719&cgi=product&isbn=0781433657. Accessed December 14, 2005. Biography of Hans Finzel (2000). Nelson Ministry Services. Available from: www. nelsonministryservices. com/nms/bio. asp? cid=190. Accessed December 14, 2005. Finzel, Hans (2000). ‘The Top Ten Mistakes Leaders Make. † Publisher: Cook Communications. Accessed December 14, 2005.

Need for Social Networking Sites Research Paper

Need for Social Networking Sites - Research Paper Example Social networking sites provide very effective opportunities for people to associate, communicate and interact in the most appropriate way. It is a way of sharing interests, connections, and real-life connections. The online community across the world has been rising exponentially in the recent years as many people join the bandwagon (McFedries, 63). Initially, the aspect of social networking was basically associated with young people who needed the platform to share information and interact. Most online community services are group-centered and allow the profile holders to conduct a wide range of activities online. The need for social networking sites has arisen out of the increasingly globalized world which creates the need for people to interact despite the limitations created by distance and time. In the same way, the conventional communications methods do not provide an interactive platform for the association. In this regard, the need for the social networking sites gradually developed. The growth in information technology also provided a good ground for the development of these sites as people became more engaged in Internet-based activities. Through social networking sites, it is possible for people to reconnect with their old schoolmates and share a lot of information on the past and the present. The aspect of age is the refore greatly eliminated as a limitation in the context of the interaction. While the majority of the online networking sites are mostly associated with people of young ages, the sites are actually very important for an aging population. Most developed countries like Japan and Switzerland are increasingly facing the challenges of an aging population.  

Foriegn Intelligence Services Essay Example | Topics and Well Written Essays - 500 words

Foriegn Intelligence Services - Essay Example However, a few occasions of the Mossad spying on the U.S. (Jonathan Pollard and Ben-Ami Kadish) and the Mossad’s policy on abductions and assassinations have threatened the U.S. The Mossad’s threat to the U.S. is overall miniscule, yet when a threatening incident occurs the threat level is high. The Mossad’s mission is to protect Israel and Israeli citizens from any threat worldwide. The uniqueness about the Mossad is their mission also includes all Jews, Israeli or not. In order to accomplish this mission, the Mossad has agents or spies worldwide from Tel Aviv to the U.S. The Mossad’s mission to save Jews in Africa has resulted in several operations. The most famous is Operation Moses. When masses were starving in the Sudan during 1984, the Mossad evacuated six thousand Ethiopian Jews during Operation Moses (Shimron, 204). Not only did the Mossad evacuate these refugees, they paid corrupt Sudan officials millions of dollars, plus picked up the tab of the evacuation (Shimron 203). The goal was to save Jewish lives. Another famous Mossad mission was the capture of the former Nazi Adolf Eichmann in Argentina. In 1957, the Mossad received word that Eichmann, an infamous Nazi, was spotted in Argentina (Thomas, 75). Many Nazis had immigrated to Argentina, because Argentina would not extradite Nazis back to Germany, Israel, or any other European country. The Mossad decided to abduct Eichmann and bring him to Israel for justice. The operation ended in Eichmann being brought to trial in Israel. He received the death penalty; the only death penalty handed down by an Israeli court and carried out in Israeli history. Assassinations are routinely carried out not only by the Mossad, but by the Israeli military. The Israeli military carries out assassinations inside of Israel, Gaza, and the other Occupied Territories. The Mossad carries out assassinations outside of Israel. The most notable was the assassination of terrorists responsible for

HOW TO IMPROVE SECURITY IN THE DEPARTMENT OF EDUCATION(EXECUTIVE Article

HOW TO IMPROVE SECURITY IN THE DEPARTMENT OF EDUCATION(EXECUTIVE SUMMARY) - Article Example Locks and alarm on doors and windows should be fixed. Children suffering from autism and Alzheimer’s disease should be supplied with tracking devices and ID bracelets for automatic trace of them whenever they leave the school compound. Moreover, family emergency plans should be employed in monitoring of students. A student drowned to death in the presence of a teacher and a supervisor. The death of Avonte led to several questions of how the schools administrations are poor in that they have no full responsibility of students. They should always know the whereabouts of all their students wherever within the compound. In the case of our student, the boy got out through the gate of Long Island City School despite the presence of a security officer. The teachers were around the school, but they find out that the boy was missing. All they claimed was that none had the password for the live cameras a statement that seemed funny indicating how irresponsible the administration was. To worsen the case, his parents had talked with the Paraprofessionals that the boy was suffering from autism information that was not shared. The findings revealed that many schools in NYC have inadequate staff and resources making it impossible to monitor all the students. Insufficient number of special instructors such as school aiders and paraprofessionals’ has contributed to increasing in insecurity in schools. Staff should wear uniforms for identification and distinction between visitors. School doors should always be locked. Parents and staff should have a good association in sharing vital information about the students. The neighbours should be vigilant and report any abnormal issues to the school authority to increase security. Adoption of technology seems to be the only option that could have helped in improving security within the school. The plan is expensive, but it will give long term service. However, it is a one-time

Education Essay Example | Topics and Well Written Essays - 750 words - 1

Education - Essay Example Thus, repeated experiences of teaching different topics and observing lectures and sessions being taken emphasized the understanding within the Physicist that the general notion of understanding among the teacher-to-be was that the meaning of learning something was only to memorize it word by word, knowing every single definition by heart. But the core understanding of any of those things was unimportant to them. Absence of actual understanding led to the inability of the students to relate the physics concepts to practical situations. Certain words or ideas that appear frequently are ‘learn’, ‘meaning’ etc. The physicist is trying to emphasize that knowing something is not merely memorizing it but it actually requires concepts to be understood in practical perspectives especially when it comes to physics. The most important binaries that the author sets up are mentioning the Brazilian teachers-to-be to the mainstream system of the country itself. Another im portant binary that the physicist mentions is that of mentioning the US government officials to be as naive as the Brazilians who were unaware of the deficiency in their system. As the officials fail to realize the essence of Robert’s analysis he considers the US officials to be educated in a similar superficial manner in which the Brazilians are being educated. I think the text sarcastically points out the general nature of the Brazilian people. If it is the matter of learning Physics that is dealt such superficially then it must be the same with all the other subjects and even official state related matter. This is because the officials that would eventually come out of such a learning system would not let any such peers survive who may be learned enough to raise... This paper approves that about the topic of the essay Feynman believes that it was very clearly deceiving. He was alarmed to realize that Brazilian personnel who were being trained as teachers were hardly aware of the core concepts of practical Physics and had only learned word to word the exact text in the books instead of ever realizing the meaning of that text. Absence of actual understanding led to the inability of the students to relate the physics concepts to practical situations. This essay makes a conclusion that if it is the matter of learning Physics that is dealt such superficially then it must be the same with all the other subjects and even official state related matter. This is because the officials that would eventually come out of such a learning system would not let any such peers survive who may be learned enough to raise points of objection upon their modes of conduct. Since the entire Brazilian system is the resultant of a single educational system running throughout the country, it would behave just as similar to the larger in majority students who would suppress any others who would like to raise questions during lectures. They would refer to this question raising action as a deviation from learning not only for the student itself but also for all those others around him. So, the text may seems to be entirely about the knowing of something not as merely as learning it superficially, but in reality it was a critical analysis of the perspective o f the people of Brazil and specially the higher ups of the system of the state.

Rigoberta Menchu An Indian woman in Guatemala Essay

Rigoberta Menchu An Indian woman in Guatemala - Essay Example This book had a huge impact amongst people worldwide. It brought into forefront the sufferings of her people and gave the issue the much required attention and sympathy. This book opened up doors for the poor Guatemalan farmers who previously had no say under the oppressive militia regime. Besides, having a dictator for a government they were themselves illiterate and completely disconnected from the rest of the world. The book after being published in twelve different languages including English spread the message of these poor peasants all over the world and very soon Rigoberta Menchu became a well known social activist. She was awarded the Nobel Peace Prize in 1992 and made a goodwill ambassador for the UNESCO. This book was mainly an autobiography of Menchu herself that describes the condition and plight of the native Indian laborers working in various plantations owned by the whites skinned people in and around Guatemala and it starts in a very interesting manner with Menchu stating in bold terms â€Å"My name is Rigoberta Menchu...this is my testimony. I didnt learn it from a book and I didnt learn it alone. Id like to stress that it’s not only my life, it’s also the testimony of my people...my personal experience is the reality of a whole people (cited in Debray and Wright p.1). Thus, besides being an autobiography, this book speaks for her entire genre. Menchu was born in Chimel, Guatemala, to Vicente, a leader of his village and a preacher and Juana Tum a practicing midwife. Her family belonged to the group of Quiche tribe of Mayan origin and followed a mixed culture of Mayan rites combined with Roman Catholic beliefs. Her childhood was spent amidst the Guatemalan civil war which increased in vigor and force as she grew up. Political complexities were a part of her growing up years and she was soon deeply involved in this civil war, fighting with the Indian rebels against the

Importance of Path Dependence in Management Essay

Importance of Path Dependence in Management - Essay Example The strong implication is that actors in a particular process become locked-in mechanisms that are themselves a product of historical contingencies. This perspective holds that phenomena are complex, and, therefore, a result of mutually interacting variables which produce non-linear dynamics and feedback loops. The complexity of the discourse on organisational change and innovation has only increased. This is occasioned by two divergent views. The first view holds that new and more flexible or fluid organisational forms are on demand while the second view holds the belief in organisational inertia and the historical necessity of decision making (Garud, Arun, and Peter, 2009:760). These two views have confronted managers who have to balance between new ideas and customs of an organisation or an industry. This is mostly influenced in concepts such as entrepreneurial mindset where actors are more driven by the logic of control which drives them to effectively actualise complex processes. This has made path dependence essential to managers as they struggle to understand the basic factors underlying most organisational processes and past successes while linking them with the realities of the moment to improve sustenance of an organisational performance and effectiveness (Coombs and Hull, 1997:1 -26). In a case study of Toyota production system (TPS), the perspective of change as a path dependence phenomenon promotes the importance of this concept in management (Driel and Dolfsma, 2009:67). To begin with, TPS created lock-in mechanisms long before the development of a proper mechanism involving relative competition. The competitors were able to copy some of the TPS models with accuracy and create considerable competition. However, through application of its significant and reliable production techniques and marketing strategies, they maintained loyalty of a client base that believed in the products produced by Toyota (Driel and Dolfsma, 2009:67).

Finance for Managers Essay Example | Topics and Well Written Essays - 5250 words

Finance for Managers - Essay Example Conclusion 23 References 24 Introduction Lloyds Banking Group is regarded as one of the foremost groups of financial service that render its valuable services particularly in the UK. The group delivers its different services especially to personal and corporate customers. Lloyds was renamed in January 2009 after Lloyds TSB acquired HBOS, one of the banking and insurance companies of the UK, with a vision to become the best bank in the UK as compared to others. The group is viewed to be the largest retail bank operating in the UK with leading edge in many sectors in comparison with other banks prevailing in the UK. The group possess multiple brands that are served to its valuable customers which ultimately makes the group to enhance its productivity by a considerable level and accomplish significant competitive position over its chief business market competitors (Lloyds banking Group, 2012). This paper intends to critically analyse and assess the different sources of long-term finance that are currently used by Lloyds concerning a detailed discussion about the advantages as well as the disadvantages of each identified source supported with suitable calculations. Moreover, the paper also evaluates the approaches related with planning, control, performance management and financial decision making of the selected organisation. Various aspects such as evaluating the role of the Management Accountant in Lloyds and recognising a particular analytical technique that is used by this organisation that helps the organisation to make effective planning and decision-making among others will also be portrayed in this paper. Question 1 Identification and Assessment of long-term finance sources Used by Lloyds Banking Group Lloyds identify funding to be a key area of focus for its successful business performance. The group raises its long-term finance through executing various sources that include equity capital, customer deposits, wholesale funding and debt financing (Michigan Economic Development Corporation, 2009). The Advantages and Disadvantages of Each Source, Supported With Relevant Calculations Equity Capital The most important source of raising long-term funds for the financial institutions is the issue of equity shares. It has been apparently observed that Lloyds considers the issuance of equity shares as a p ermanent source of finance for them. This is owing to the fact that the issuance of equity capital has increased the group’s financial base as well increased its borrowing ability by a significant level. Being a financial institution, there might lay a probable chance of rising significant threat concerning that the issue of equity shares may reduce the ownership control of the existing shareholders and dividends payment can be reduced at large. In this similar context, the group strongly believed that the source i.e. issuance of equity shares would support it to mitigate the aforesaid threats (Michigan Economic Development Corporation, 2009). Customer/Public Deposits Customer or public deposits are also regarded as another important source of long-term finance for Lloyds. According to the group, customer or public

Contract Law - the Rules of Offer and Acceptance Case Study

Contract Law - the Rules of Offer and Acceptance - Case Study Example According to Chen-Wishart, a contract is a â€Å"promise (or agreement) which is enforced (recognized by the law†. Bhana, Bonthuys, and Nortje state that â€Å"Contracts are agreements between parties who have the intention to create legal rights and duties between them and which are legally binding upon the parties.†   Therefore, in order for a contract to exist it is necessary for the involved parties to have the intention to enter into contractual relations with the other party and express that intention in a legal manner.   A contract consists of the following elements: An Offer; an Acceptance in strict compliance with the terms of the offer; Legal Purpose/Objective; Mutuality of Obligation – also known as the â€Å"meeting of the minds†; Consideration and Competent Parties. Considering the case under analysis, the author shall focus on the first two elements: offer and acceptance. - â€Å"The first requisite of any contract is an agreement.†   An agreement is formed of offer and acceptance. Therefore, in order for the parties to reach an agreement, there must be an offer and acceptance. - â€Å"An offer is an undertaking by the offeror made with the intention that it will bind the offeror as soon as it is accepted by the offeree (the person to whom it is addressed†Ã‚   The binding force of an offer in case of its acceptance is confirmed by the definitions given by other authors, such as Bhana, Bonthuys and Nortje (2009, 25), who specify that a valid offer is â€Å"an invitation by one party to create obligations with another party, which obligations will become legally binding upon the acceptance by the other party†. An offer can be made whether orally, in writing or by conduct. An offer contains the following: - â€Å"a proposal of the terms of the exchange; - an intimation of willingness to be bound as soon as the offeree manifests acceptance. An offer puts the offeror on risk: it confers a power on the offeree to bind the offeror at the precise moment of acceptance; thereafter, the offeror loses his ability to withdraw from or further negotiate the arrangement.†

The Role Of Security Management Essay Example for Free

The Role Of Security Management Essay ABSTRACT Personal information security is usually considered a technical discipline with much attention being focused on topics such as encryption, hacking, break-ins, and credit card theft. Security products such as anti-virus programs and personal firewall software, are now available for end-users to install on their computers to protect against threats endemic to networked computers. The behavioral aspects related to maintaining enterprise security have received little attention from researchers and practitioners. Using Q-sort analysis, this thesis used students as end-users in a graduate business management security course to investigate issues affecting selection of personal firewall software in organizations. Based on the Q-sort analysis of end-users in relation to seven variables identified from review of the information security literature, three distinct group characteristics emerged. Similarities and differences between groups are investigated and implications of these results to IT managers, vendors of security software and researchers in information security area are discussed. ACKNOWLEDGEMENTS I would like to thank my supervisor Professor ____________ for his great supervision and guidance throughout the duration of my thesis project. I would also like to thank all colleagues for their help and support. Finally, I wish to thank my family for their continued support throughout the thesis. TABLE OF CONTENTS Page ABSTRACT†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦2 ACKNOWLEDGEMENTS†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.3 TABLE OF CONTENTS†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..4 LIST OF ACRONYMS†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.5 CHAPTER 1 – INTRODUCTION†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦6 †¢ Statement of the Problem†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦7 †¢ Research Question†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦8 †¢ Significance of the Research†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦9 †¢ Design and Methodology†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.10 Q-Sort Analysis†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.12 †¢ Organization of the Study†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦14 CHAPTER 2- LITERATURE REVIEW†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦14 CHAPTER 3 – RESEARCH QUESTION FINDINGS†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.18 Data Analysis†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..18 -Analysis of Results†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦26 -Limitations of the Study†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..29 Chapter 4- SUMMARY AND CONCLUSIONS Summary†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦30 Conclusion†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.31 Recommendation†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..33 REFERENCES†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..34 LIST OF ACRONYMS Operational definition of these variables as it relates to the study are provided: Performance [PERF] : Refers to how well the software operates under various conditions (such as high traffic, types of data, port scans, etc.) Ease-of-use [EOU]: Refers to usability of the product (such as screen design and layout, access to features using tabs, buttons, etc.) Updates [UPDTS]: Refers to product updates at regular intervals after product has been installed and used Features [FEATR] : Refers to the number of program options and features available in software Reports [RPORT]: Refers to Intrusion Reports and log files generated by the firewall software Cost [COST]: Refers to price paid for the product (either as shrink wrapped package or as a download) Configuration [CONFIG]: Refers to setup and configuration after product has been installed Support [SUPPRT]: Refers to availability of online help and technical support either by phone or e-mail Installation [INSTLL]: Refers to initial installation of the product. Chapter 1 – INTRODUCTION Security describes a process of protection from any harm. It also describes the countermeasures put in place by that process. Harm may indicate a loss of confidentiality, integrity, and availability. Security management focuses on preventing harm resulting from both random acts of nature and intentional strategic actions (Schechter, 2004). Security is considered to be a very important issue while developing complex personal information systems (Mouratidis et al., 2002). Security is a major concern in todays digital era. The Internet offers a low cost, but insecure means of reaching people. Owing to the ubiquity of the Internet, it is difficult to control and trace intrusions or attacks by unauthorized people, hackers, etc. Electronic commerce applications need secure mechanisms for accurate user identification, accessing sensitive database, storing and transmitting sensitive information, etc. Personal identification numbers (PINs), passwords, smart cards and digital certificates are some of the means normally used for this purpose. However, these means do not really identify a person, but only knowledge of some data or belonging of some determined object (Sanchez-Reillo et al., 1999), e.g. public key infrastructure (PKI) cannot assure identity of the maker of a transaction, it can only identify the makers computer. An imposter can easily masquerade as a legitimate user and defraud the system. Information must be readily available in organizations for making decisions to support the organizational mission. Murphy, Boren, and Schlarman (2000) state that due to increased connectivity and the urgency to exchange information and data among partners, suppliers, and customers on a real time basis, the need to protect and secure computer resources is greater than ever. As a result, this has created the possibility of exposing sensitive corporate information to competitors as well as hackers who can now access organizational computer resources from remote sites. Statement of the Problem The potential loss of such information to an organization goes beyond financial losses and includes the possibility of corrupted data, denial of services to suppliers, business partners and customers, loss of customer confidence, and lost sales. Security in business processes (i.e., maintaining proper authentication, authorization, non-repudiation, and privacy) is critical to successful e-business operations. Enabling business functions over the Internet has been recognized as a major component for the success of businesses and, by mitigating risks in a cost-effective manner, security is now being viewed as a component of business operations (Deise, Nowikow, King, Wright, 2000). Decisions about information systems made by managers are vital to the success, and even survival, of a firm (Enns, Huff, Golden, 2003). Despite increased security threats, organizations have traditionally allocated very little of the total IT budget to information security. Forrester Research estimates that in Fortune 500 companies, the average amount of money as a percent of revenue that is spent on IT security is 0.0025 percent or slightly less than what they spend on coffee (Clarke, 2002). Organizations must evaluate and prioritize the optimum mix of products and services to be deployed for protecting confidentiality (maintaining privacy of information), integrity (maintaining information is not altered in transit), and availability (maintaining access to information and resources) of corporate assets. The decision to deploy certain technology is based on variables such as the organizational business model, level of risk, vulnerability, cost, and return on investment (Highland, 1993). There are several ways in which information can be protected. One method to safeguard information is by using controls. The concept of controls can be applied to financial auditing as well as technical computer security. General controls include personnel, physical and organizational controls as well as technical security services and mechanisms (Summers, 1997). Computer security controls can be hardware or software-based and may include biometric devices, anti-virus software, smart cards, firewalls, and intrusion detection systems that can be used to build the enterprise security infrastructure. Additionally, these controls may be preventive, detective, or corrective. Research Question This paper will focus on one such computer security control Personal Firewalls. Firewalls intercept traffic and make routing and redirection decisions based on policies. Some firewalls can also inspect packets and make transformation and security decisions; therefore, they are critical components in maintaining security in organizations. There are different types of firewalls, such as hardware, software, enterprise, and personal firewalls. Personal firewalls are client-based solutions that are installed on desktop/laptop computers and may be administered individually from a central location. Successful selection and adoption of firewalls (enterprise as well as personal) is based on various factors, some of which are technical while others may be behavioral. This exploratory study looks at the new genre of personal firewalls and, based on the review of the literature, attempts to answer the following research questions: 1) What are the factors that could result in successful selection of personal firewalls in organizations? 2) What are the empirical evidence to support deployment of firewall software? Significance of the Research The study hopes to shed light on behavioral aspects of information security, which may be tied to perceptions of end-users who may influence technology selection in their organization. This will provide empirical evidence to an area that has been identified as lacking in research (Dhillon Blackhouse, 2001 Troutt, 2002) and provide directions and guidance for future studies. Another significance of this study is to look at end-user perception is that it may affect how well the user does his or her part in staying vigilant to combat threats posted by hackers to organizational assets. The end-user may be a conduit to organizational data being compromised. Proper software selection as well as positive user attitude and motivation for using the software are therefore important to ensure ongoing use of personal firewall software. Kettinger and Lee (2002) address the fact that the proliferation of personal computing and individualized software, and popularity of the Internet in organizations have resulted in users playing an important role in driving IT implementation. Their study found that for users selecting their own IT applications (such as desktop software programs), there is greater user satisfaction after implementation. Grantham and Vaske (1985) also state that positive user attitudes are important predictors in continued system use. This is especially important for personal firewall use because computers are at risk at all times when connected to the Internet. In reference to software selection, Chiasson and Lovato (2001) emphasize: Understanding of how users form perceptions of software innovation would help software designers, implementers and users in their evaluation, selection, implementation and ongoing use of software. However, with the exception of some recent work, there is little research examining how a user forms his or her perceptions of innovation overtime (p. 16). The area of information security as it relates to maintaining confidentiality and integrity of data stored on personal computers can benefit from identification of factors that would make it possible to safeguard corporate assets that are at risk as a result of remote data access by employees. Software selection for deployment on company computers cuts across different user levels in terms of knowledge and level of expertise of the user. Selection of software therefore must be done to accommodate all types of users ranging from novices to experts. The latter category of users may have higher tacit knowledge of tasks to be able to compensate for the interface without realizing it (Gery, 1997). Organization of Study The purpose of this paper is to investigate self-referent perceptions of end-users, and use Q-Sort analysis to investigate factors affecting deployment of security firewall software in organizations. The paper is organized as follows: review of research on information security is presented to the reader along with extraction of variables from the literature that may determine firewall deployment in organizations; The Q-Sort Factor Analysis method used for the study is explained and the research design is provided; Along with data analysis, results of the study are then explained, which is followed by discussion and applications to practice. Due to the nature of research design used in this study, limitations are also explained. Research Design and Methodology Subjects in this exploratory research study were 31MBA students enrolled in a security and Control of Information Systems course. The students came from different backgrounds, such as finance, liberal arts, nursing, and computer science. From a business perspective, the course examined implications of information security risks faced by organizations. Although technical issues of security, such as authentication, authorization, and encryption that make electronic commerce sites successful in processing business transactions securely were also explored in the course, the primary focus in the course was from a business perspective. There was no structured lab work during class, but to gain a better understanding of security issues, students were expected to complete hands-on exercises outside class. During initial weeks, topics covered included the PWC model, TCP/IP vs. OSI models, network, e-mail, database security, digital certificates and signatures, risk assessment, and privacy issues. Also, during Week 5, students had been previously tested on the topics using short-answer type questions to determine learning competency of factual information and applications related to information security in organizations. The test score counted towards 15% of overall course grade. With coverage of the aforementioned topics, it was safe to assume that students had knowledge of current security issues facing organizations in todays economy. Because there is no consensus on the common body of knowledge acceptable for all security professionals, and since this was an exploratory study, the study was conducted in a controlled environment with ahomogenous population of students to minimize confounding by extraneous variables. Using MBA students as surrogates for professionals or executives in reference to use and evaluation of technology has also been found to be acceptable (Briggs, Balthazard, Dennis, 1996). The hands-on firewall assignment in this course covered installation, configuration, and use of one standard personal firewall software (ZoneAlarm). After students had a chance to use the software, they were asked to participate in the study. No class discussion was conducted on results of the firewall tests in case it affected students perceptions about the software, which could have influenced their response. Therefore, the data reflected individual student perception without class discussions. Students were given instructions to visit a Web site that explained the nature of the study and provided information on how the Q-sort statements should be sorted. This was important since students are more used to completing questionnaires in a survey format that use Likert scale, open-ended, or closeended questions (such as those used during end of term class evaluation of instruction), but may not be familiar with the peculiarities of the Q-sort procedure. To reduce data errors and extract usable data, instructions were presented in detail before the respondents were shown the statements for the study. Q-Sort Analysis Q-sort analysis uses a technique for studying human subjectivity (Stephenson, 1953; Brown, 1980; McKeown Thomas, 1988). It is useful in exploratory research and a well-developed theoretical literature guides and supports its users (Thomas Watson, 2002). Q-sort methodology is suited for small samples and relies on theories in the domain area being researched to develop items for analysis. A disadvantage of the Q-sort methodology is that it is not suitable for large samples, and it forces subjects to conform to certain expectations (such as fitting responses within a normal distribution). Brown (1986) suggests that 30 to 50 subjects are sufficient for studies investigating public opinion. Q-sort uses an ipsative (self-referenced) technique of sorting participants statements about subjective conditions. It is a variation of factor analysis technique that uses Q-methodology theory to analyze correlation measure (Brown, 1980). Respondents to Q-sort studies are required to sort statements into predefined normal distribution type scale in which a fixed number of items fall under each category. The rankings provide clusters of perceptions of individuals consensus and conflict, which can be used to place individuals with similar characteristics into groups for further study, hi the past, the Q-sort technique used index cards for sorting, but now Web-based data collection programs (such as WebQ) are common. Initially the statements are presented to respondents in random order, and each respondent organizes statements into predefined categories. To view entered data, the respondent also can update statement rankings to see where the statements fall under each category. One advantage of using the WebQ method is that data submission errors are reduced since the program verifies that the statements are sorted according to predefined requirements. Figure 1. WebQ questionnaire Adapted from: Brown, 1980. In this personal firewall study, the statements were to be classified by respondents as Most Important (+2), Important (+1), Neutral (O), Less Important (-1), and Least Important (-2). To provide a forced distribution that is expected in the Q-Sort methodology, respondents were given instructions to identify one statement as Most Important, two statements each as Important and Less Important, and three statements as Neutral. The instrument used is shown in Figure 1 Chapter 2-LITERATURE REVIEW In the area of information security, research has often lagged practice. Dhillon Blackhouse (2001) have stressed the need for more empirical research to develop key principles for the prevention of negative events and therefore to help in the management of security. Despite known vulnerabilities in applications and operating systems, companies continue to deploy software to stay competitive, and steps taken to secure products and services are knee-jerk reactions to media stories that are more reactive than proactive in nature. Most IT managers lack a coherent framework and concrete methodology for achieving enterprise security. A security plan that includes technology, personnel, and policies would be a much better approach to developing an enterprise security strategy. One such model is the Enterprise security Framework Price Waterhouse Coopers (PWC) model. The PWC model is comprehensive because it addresses the entire enterprise of security architecture. The model emphasizes information security strategies within the organization using a holistic rather than apiecemeal approach. The framework is based on four pillars: security vision and strategy, senior management commitment, information security management structure, and training and awareness. Within the pillars are decision drivers, development, and implementation phases. Firewalls are placed in the development phase since they are used to provide interpretation of corporate standards at the technical level. For a detailed discussion of the PWC model, the reader is referred to Murphy, Boren, and Schlarman (2000). Firewalls can be considered a last line of defense in protecting and securing information systems. Wood (1988) provided a context for information security systems planning and proposed that reactive and incremental improvement approaches to address security are harbingers of a more serious problem. Other factors identified in Woods model are the lack of top management support, information overload, insufficient staffing, and limited resources. Straub and Welke (1998) advocate using deterrence, prevention, detection, and recovery security action cycle to mitigate systems risk and use prioritized security controls. Data on computer crimes is often under-reported because companies are not willing to risk public embarrassment and bad publicity. Most companies choose to handle these incidents internally without keeping documentation or reporting to local, state or federal authorities (Saita, 2001). There is a need for unbiased empirical studies in the information security area that will provide insight into problems affecting todays technology dependent corporations and industries. With a strong need to collect and analyze computer security data, the CSI/FBI Computer Crime and security Survey is published yearly (see http:// www.gocsi.com). This study provides descriptive statistics but does not attempt to identify relationship between variables, as is expected in analytical surveys. Also, results reported in this annual survey have been identified by the publishers themselves to be potentially misleading due to the limited number of respondents and their accuracy as a result of anonymous nature of the surveys. These results have also been called into question because of lack of statistical or scholarly rigor and self-serving interest (Heiser, 2002). Despite these limitations, the CSI/FBI survey provides a useful role in comparison of yearly data for similar parameters. The area of human computer interface provides a link between the user and software applications. User satisfaction is a function of features, user interface, response time, reliability, installability, information, maintainability, and other factors.†If a products user interface catches a users attention and is simple to learn and use, and has the right price and features, then the product may gain competitive advantage (Torres, 2002, p. 15). The theory of user interface design and user involvement in completing task-based actions related to Internet and security software has been substantiated by two studies in which user interaction with peer-to-peer software (Good Kerkelberg, 2002), and PGP software (Whitten Tygar, 1999) were examined. Good and Krekelberg (peer-to-peer study) found that applications connecting to the Internet need better usability and software design to maintain integrity of information stored on a users computer. In this study, individuals assumed responsibility of keeping firewalls operational at all times. This contributed in large part to maintaining effective enterprise security. Whitten and Tygar (PGP study) found that user errors are a significant portion of computer security failures, and further concluded that user interfaces for security programs require a usability standard much different from other consumer software. (Although this study is not directly concerned with user satisfaction, but is more focused on factors that affect deployment rather than development of end-user software in a specific area, some factors may be directly tied to user satisfaction as will be shown by correlational analysis). Due to increasing mobile and off-site access by employees using cable modems, DSL connections, and wireless devices to access corporate resources, personal firewalls are a necessary component to maintain overall enterprise security in an organization. Because of the nature and availability of personal firewall software, most companies choose to acquire it rather than develop it in-house. Software acquisition that results in productivity gains and strategic advantage is of critical concern to organizations, and factors that relate to these benefits must be correctly identified and understood for software acquisition decisions (Nelson, Richmond, Seidmann, 1996). Purchase of commercial software includes identifying requirements, evaluating packages from different vendors, configuring, installing, and evaluating it either as server or client-based solution. This may further involve requirements acquisition that leads to product selection (Maiden, Ncube, Moore, 1997). As a method of selection, professionals in charge of evaluating personal firewall software could draft a feature requirements document, and evaluate vendor products by comparing available features as well as using demonstration versions of software. This would be followed by user experience with the software. As mentioned earlier, the need for user involvement in information systems has been considered an important mechanism for improving system quality and ensuring successful system implementation. It is further believed that the users satisfaction with a system leads to greater system usage (Baroudi, Olson, Ives, 1986). The requirements for software though must be as measurable as possible to enable product selection and may also use repertory grids in which stakeholders are asked for attributes applicable to a set of entities and values for cells in an entity-attribute matrix. This would produce representation of requirements in a standardized, quantifiable format amenable even to statistical analyses (Maiden, Ncube, Moore, 1997). In relation to the security area, Goodhue and Straub (1991) found company actions and individual awareness to be statistically significant in a study of perceptions of managers regarding controls installed in organizations. Chapter 3 – RESEARCH QUESTION FINDINGS Data Analysis Q-Sort analysis is a type of inverse factor analysis in which the cases (subjects) rather than statement variables (features) are clustered. As recommended by Brown (1980), a procedure that arranged statements based on responses of a single individual was used for data analysis. The responses involved statements of opinion (also called Q-sample) that individuals rank-ordered based on the feature requirements in personal firewall software. The arrayed items (Q-sort) from the respondents were correlated and factor-analyzed. The factors indicated clusters of subjects who had ranked the statement in the same fashion. Explanation of factors was then advanced in terms of commonly shared attitudes or perspectives. A review of security literature (Hazari, 2000; Northcutt, McLachlan, Novak, 2000; Scambray, McClure, Kurtz, 2001; Strassberg, Rollie, Gondek, 2002; Zwicky, Cooper, Chapman, Russell, 2000) was used to extract the following statement variables relating to requirements in persona l firewall software: performance, ease-of-use, updates, features, reports, cost, configuration, and support. Table 1. Participant ranked scores Variable Mean SD PERF 4.45 0.77 EOU 3.39 1.08 UPDTS 3.23 0.88 FEATR 3.03 0.93 RPORT 3.00 1.03 COST 2.97 1.20 CONFIG 2.55 0.85 SUPPRT 2.35 0.98 INSTLL 2.00 0.89 Prior to conducting the Q-sort analysis, ranked scores of all participants (before identifying factor groups) on each statement variable were calculated for preliminary descriptive statistics. These are shown in Table 1, where a mean score of 5 = Most Important and 0 = Least Important). Correlation between the nine feature variables shows a low level of correlation between statements. This indicates there is a high degree of independence between the statement categories as used in the analysis. This finding is important since it supports the assertion that the statements represent relatively independent factors obtained from the review of the literature. In the correlation matrix shown, Table 2 shows significant correlation (p 0.05) between cost and updates, cost and reports, ease-of-use and performance, ease-of-use and updates, and installation and support. Table 2. Correlation matrix between variables COST FEATR EOU PERF INSTLL UPDTS RPORT CONFIG SUPPRT COST 1.00 -0.21 0.27 0.18 -0.13 -0.43 -0.49 -0.08 -0.10 FEATR 1.00 -.29 0.35 -0.16 0.06 -0.17 -0.13 -0.25 EOU 1.00 0.44 0.00 -0.37 -0.27 -0.20 -0.04 PERF 1.00 -0.10 -0.11 -0.13 0.13 -0.14 INSTLL 1.00 -0.13 -0.04 0.18 -0.53 UPDTS 1.00 0.26 -0.15 0.17 RPORT 1.00 1.00 0.03 CONFIG -0.24 SUPPRT 1.00 As mentioned earlier, in Q-factor analysis, the correlation between subjects rather than variables are factored. The factors represent grouping of people with similar patterns of response during sorting (Brown, 1980; Thomas Watson, 2002). Following guidelines for Q-factor analysis, eight factors were initially identified with eigenvalues 1 (an eigenvalue is the amount of variance in the original variable associated with the factor). These factors and their percentage of variance are shown in Table 3. Table 3. Eigenvalues of unrelated factors Eigenvalues % Cumul.% 1 11.56 37.28 37.28 2 6.03 19.45 56.73 3 3.91 12.61 69.34 4 2.98 9.61 78.95 5 2.14 6.92 85.87 6 1.93 6.23 92.10 7 1.43 4.61 96.71 8 1.02 3.29 100.00 Factors selected were rotated to maximize the loading of each variable on one of the extracted factors while minimizing loading on all other factors. Factors selected for rotation are usually identified by taking those with eigenvalue greater than one (Kline, 1994). However, in this study, the more rigorous Kaiser rule of selecting factors whose eigenvalue is at or above the mean eigenvalue (in this case 3.85) was used. Factors 1,2, and 3, which represented almost 70% of total variance in data, were then subjected to principal component analysis with varimax rotation. Following rotation, a Factor Matrix indicating defining sort (i.e., respondents in agreement) identified three factor groups with similar pattern of responses. The correlation of individual respondents with factors is shown in Table 4 below. Table 4. Factor matrix of respondents (* indicates defining sort) Q-Sort 1 2 3 1 02386 -0.0398 0.8988 2 0.0227 0.1971 0.8158* 3 0.4975 -0.3790 0.5458 4 0.8575* -0.2912 0.0811 5 -0.2639 0.0196 0.7993* 6 -0.0614 0.7524* -0.2289 7 0.4014 -0.1587 0.4678* 8 0.1367 0.0728 0.9054* 9 0.5351 0.1183 0.6886* 10 0.5065 0.3263 01754 11 0.5351 0.3357 0.6886 12 0.8192* 0.7321* 0.1035 13 -0.6495* 0.3450 -0.0844 14 -0.0464 0.8598* 0.5845 15 0.6535 0.0127 0.3053 16 0.2052 0.2324 0.2452 17 -0.1340 0.4049 0.9512 18 0.7553* 0.5865 0.2987 19 0.2431 0.4049 0.6946 20 0.5983* 0.5865 -0.0334 21 0.4660 0.6533* 0.4573 22 0.5672* 0.1057 -0.3342 23 0.3501 -0.1001 0.8195 24 0.1008 0.9240* 0.0038 25 0.3329 0.0999 0.7194 26 0.2254 0.6545* 0.1329 27 0.7660* 0.1246 0.5677 28 -0.1210 -0.3611* 0.2308 29 0.3850 0.7032* 0.0144 30 0.4656 0.5605 -0.3196 31 -0.1987 0.8988* 0.2470 % explained variance 21 22 26 From Table 4 it can be observed that for Factor 1, respondents 4, 12, 13, 15, 18,20,22, and 27 were in agreement and are highly loaded on this factor. Similarly, respondents 6, 10, 14, 16, 21, 24, 26, 29, and 30 were in agreement in Factor 2, and respondents 5,7,8,9,11,17,19, and 23 were in agreement in Factor 3. The statements in which these three factor groups were ranked are shown in Table 5. Table 5. Ranked statement totals with each factor No. Statement Factor 1 Factor 2 Factor 3 1 COST 0.31 5 0.91 2 -1.45 9 2 FEATR -0.45 7 0.10 5 0.70 2 3 EOU 0.91 2 0.63 3 -0.55 6 4 PERF 1.26 1 1.72 1 1.80 1 5 INSTLL -1.92 9 -0.31 6 -0.63 7 6 UPDTS 0.52 3 -0.54 7 0.61 3 7 RPORTS 0.03 6 -1.28 8 0.55 4 8 CONFIG -1.07 8 0.12 4 -0.17 5 9 SUPPRT 0.41 4 -1.34 9 -0.87 8 Table 6 shows correlation between the factors. Similar to the findings earlier about variable independence, the factor groups also show a high degree of independence. Table 6. Correlation between factors Factor 1 2 3 1 1.0000 0.3218 0.2970 2 0.3218 1.0000 0.2298 3 0.2970 0.2298 1.0000 The normalized factor scores for each factor were examined next. This provided ameasure of relative strength of importance attached by a factor to each statement on the scale used during sorting. Tables 7(a), 7(b), and 7(c) show these scores. Table 7(a). Normalized Factor 1 score No. Statement z-score 4 PERF 1.258 3 EOU 0.910 6 UPDTS 0.542 9 SUPPRT 0.409 1 COST 0.314 7 RPORT 0.032 2 FEATR -0.454 8 CONFIG -1.071 5I INSTLL -1.922 Table 7(b). Normalized Factor 2 score No. Statement z-score 4 PERF 1.717 1 COST 0.905 3 EOU 0.626 8 CONFIG 0.116 2 FEATR 0.102 5 INSTLL -0.313 6 UPDTS -0.535 7 RPORT -1.276 9I SUPPRT -1.343 Table 7(c). Normalized Factor 3 score No. Statement z-score 4 PERF 1.805 2 FEATR 0.702 6 UPDTS 0.606 7 RPORT 0.553 8 CONFIG -0.170 3 EOU -0.547 5 INSTLL -0.632 9 SUPPRT -0.872 1I COST -1.446 From the Table 7(a) it can be seen that adherents of Factor 1 feel strongly in favor of statement 4 (Performance) and oppose statements 8 and 5. This indicates for Factor 1 group, performance is preferred over initial installation, setup and configuration of the product. The results of Factor 2 group are consistent with Factor 1; that is, performance of the product is the highest rated criterion. Ease-of-use also rated highly in Factors 1 and 2. Perceived ease-of-use in an information systems product has been shown to play a critical role in predicting and determining a users decision to use the product (Hackbarth, Grover, Yi, 2003). The largest dissension between Factor 1 and 2 groups involved statements 9 (Availability of Online Help), 7 (Intrusion Reports generated), and 6 (Regular Product Updates). The results of Factor 3 are consistent with Factors 1 and 2 with Performance criteria once again being highly rated. The most dissension between Factors 2 and 3 involved statements 1 (Cost) and 3 (Ease-of-use). The most dissension between Factors 1 and 3 involved statements 1 (Cost), 3 (Ease-of-use), and 9 (Availability of Online Help). Analysis of Results The Q-sort analysis classified subjects into three groups. Eight subjects were classified under Factor 1, and 10 subjects each were included in Factors 2 and 3. There were three subjects in the study that were not distinguished in any group. These subjects were excluded from further analysis. The classification into factors gave a better idea of group characteristics. Since Factors 1 and 2 were similar and shown to include subjects who considered Performance, ease-of-use, and Availability of Online Help as the most important characteristics, this group can be considered to be comprised of non-technical users who place more emphasis on the product performing as expected in achieving goals for security. Factor 3 subjects emphasized technical characteristics and were more interested in number of features in the product, updates to the product on a regular basis, intrusion reports generated by personal firewalls, and setup/configuration of the product after installation. This group had c haracteristics of technical users. The normalized factor scores provided a measure of relative strength of importance attached by factors to each statement on the scale used during sorting. As mentioned earlier, adherents in Factor 1 felt strongly in favor of statement 4 (Performance) and opposed statements 8 (Setup/configuration) and 5 (Installation). The results of Factor 2 are consistent with Factor 1, that is, Performance of the product is the highest rated criterion. ease-of-use also rated highly in Factors 1 and 2. The largest dissension between Factor 1 and 2 groups involved statements 9 (Availability of Online Help), 7 (Intrusion Reports generated), and 6 (Regular Product Updates). The most dissension between Factors 2 and 3 involved Statements 1 (Cost) and 3 (Ease-of-use). Results of Factor 3 were consistent with Factors 1 and 2, with Performance criteria once again being highly rated. The largest dissension between Factors 1 and 3 involved statements 1 (Cost), 3 (Ease-of-use), and 9 (Availability of Online Help). Extreme differences between all factors appeared in Cost, Intrusion Reports generated, and Availability of Online Help. There was only one statement, Performance of the product, that showed consensus among all factors; that is, it did not distinguish between any pair of factors, which indicates Performance of the desktop firewall software is an agreed upon criterion irrespective of group characteristics. The managerial implications of this study can be assessed at the level of selecting appropriate software for use on computers in organizations to maintain security. There is evidence of user satisfaction being a useful measure of system success (Mahmood et al., 2000). While the end-user may not purchase individually preferred software for installation on company owned computers, the user can influence decisions for selection by making known to IS managers the features that would contribute to regular use of security software such as personal firewalls. Given access of these machines to corporate resources, appropriate and regular use of software would contribute to maintaining enterprise security. For technical professionals (e.g., programmers) who install firewalls on their desktop, programs could emphasize the statements that are defining characteristics shown in Factor 3. For an industry that has non-technical professionals (such as Factor 1 and 2), other non-technical characteristics of the product could be emphasized thus achieving maximum effectiveness in program deployment. Increased awareness should minimize user related faults, nullify these in theory, and maximize the efficiency of security techniques and procedures from the users point of view (Siponen, 2000). The results of this study could also benefit vendors who develop software for end-users. In this study it was found that performance of the software is the most important factor that affects selection of software, irrespective of group characteristics. Due to project deadlines and market competition, software is often shipped without being fully tested as secure, and standard industry practice is to release incremental service packs that address security issues in the product. In a case of security software, this may adversely affect the reputation of a vendor once its products have been shown to have high vulnerability to being compromised. The findings of this study could provide a better understanding of importance of personal firewall security software on organizational client computers. The decision to install an information system necessitates a choice of mechanisms to determine whether it is needed, and once implemented, whether it is functioning properly (Ives, Olson, Baroud i, 1983). More research needs to be done in the area of selection of software for implementation on users computers that are owned by corporations and given to employees for off-site work. This can include regular employees vs. contractors who may connect to employer and client networks from the same computer. If the findings are to have wider applicability, qualified industry professionals and security officers responsible for maintaining secure infrastructure in corporations should be included in the analysis. The study provides management and security professionals a basis for making decisions related to enterprise security. It provides personal firewall vendors an insight into feature requirements of the personal firewall market, and provides academic researchers interested in security, a more focused approach on various dimensions of security software from the behavioral perspective. Future studies could be industry and product specific in order to assess differences in selecting general- purpose software versus security specific products. In many cases, management has looked at the need for implementing information security programs and products as a necessary encumbrance, something akin to paying taxes or insurance premiums (Highland, 1993). But organizations are increasingly becoming aware of the potential for legal exposure via lawsuits, and are deploying countermeasures (such as personal firewalls) to reduce vulnerability and mitigate risk. The chief information security officer in todays organizations should have the responsibility of managing organizational risks by using empirical models and analysis to determine strategies for protecting corporate assets. Firewalls are the last line of defense in the corporate network and therefore play a critical role in information security. With personal firewalls being a new product genre, this study was conducted since there is no research available that specifically looks at determinants for selection of security software in a corporate environment to protect organizational assets. As the information security field evolves further, decisions for security software acquisitions need to be researched further. Selection and deployment of appropriate firewalls can make a significant difference in an organizations enterprise security strategy. It is therefore also important to understand the variables (as shown in this study) that may affect decisions to select and deploy personal firewall software in a corporate environment. Limitations of the Study Due to the exploratory nature of this study, there are several limitations. The sample used in the study comprised of all students enrolled in a security course at the same university, and was further limited to the firewall topic among a wide range of technical and behavioral information security topics. Students worked with only one type of firewall software and characteristics of this particular program may have heightened their awareness of certain strengths and weaknesses in the software. Since the purpose of information security implementation in an organization is to support business objectives of the organization, information security departments are sometimes placed under the chief financial officer recognizing the direct relationship between information assets and monetary assets. Software acquisition decisions may therefore be made by the finance department with limited input from the IT department. The purpose of this study was to explore an important topic for research on information security and determine operant subjectivity in a field where empirical research is severely lacking. The Q-sort technique itself is suitable for small sample populations (Thomas Watson, 2002), but the correlations obtained in smaller samples tend to have considerable standard errors (Kline, 1994). The exploratory nature of this study was not intended to prove some general proposition but to seek a better understanding of group characteristics that directly relate to maintaining a secure network environment (in this case by deploying personal firewalls to plug possible vulnerabilities that might exist in a network through use of computers by employees either on-site or at remote locations). The perceptions of end-users will therefore guide the selection and deployment of security technologies in an organization to provide a secure corporate environment. Chapter 4- SUMMARY and CONCLUSIONS Summary In the area of information security, research has often lagged practice. Dhillon Blackhouse (2001) have stressed the need for more empirical research to develop key principles for the prevention of negative events and therefore to help in the management of security. Despite known vulnerabilities in applications and operating systems, companies continue to deploy software to stay competitive, and steps taken to secure products and services are knee-jerk reactions to media stories that are more reactive than proactive in nature. Most IT managers lack a coherent framework and concrete methodology for achieving enterprise security. A security plan that includes technology, personnel, and policies would be a much better approach to developing an enterprise security strategy. One such model is the Enterprise security Framework Price Waterhouse Coopers (PWC) model. The PWC model is comprehensive because it addresses the entire enterprise of security architecture. The model emphasizes information security strategies within the organization using a holistic rather than apiecemeal approach. The framework is based on four pillars: security vision and strategy, senior management commitment, information security management structure, and training and awareness. Within the pillars are decision drivers, development, and implementation phases. Firewalls are placed in the development phase since they are used to provide interpretation of corporate standards at the technical level. For a detailed discussion of the PWC model, the reader is referred to Murphy, Boren, and Schlarman (2000). So it is important reason to look at end-user perception as it may affect how well the user does his or her part in staying vigilant to combat threats posted by hackers to organizational assets. The end-user may be a conduit to organizational data being compromised. Proper software selection as well as positive user attitude and motivation for using the software are therefore important to ensure ongoing use of personal firewall software. Kettinger and Lee (2002) address the fact that the proliferation of personal computing and individualized software, and popularity of the Internet in organizations have resulted in users playing an important role in driving IT implementation. Their study found that for users selecting their own IT applications (such as desktop software programs), there is greater user satisfaction after implementation. Grantham and Vaske (1985) also state that positive user attitudes are important predictors in continued system use. This is especially important for personal firewall use because computers are at risk at all times when connected to the Internet. In reference to software selection, Chiasson and Lovato (2001) emphasize: Understanding of how users form perceptions of software innovation would help software designers, implementers and users in their evaluation, selection, implementation and ongoing use of software. However, with the exception of some recent work, there is little research examining how a user forms his or her perceptions of innovation overtime (p. 16). The area of information security as it relates to maintaining confidentiality and integrity of data stored on personal computers can benefit from identification of factors that would make it possible to safeguard corporate assets that are at risk as a result of remote data access by employees. Software selection for deployment on company computers cuts across different user levels in terms of knowledge and level of expertise of the user. Selection of software therefore must be done to accommodate all types of users ranging from novices to experts. The latter category of users may have higher tacit knowledge of tasks to be able to compensate for the interface without realizing it (Gery, 1997). Conclusions In this study, Q-methodology was used to define participant viewpoints and perceptions, empirically place participants in groups, provide sharper insight into participant preferred directions, identify criteria that are important to participants, explicitly outline areas of consensus and conflicts, and investigate a contemporary problem relating to desktop firewalls by quantifying subjectivity. Similar to other IT areas, security software selection and deployment in todays environment faces many challenges, such as staying current with new threats, project deadlines, implementation issues, and support costs. Quality drives customer satisfaction and adoption of software. Human factors are important in contributing to successful software deployment in organizations, especially when it relates to desktop software applications. Organizations are now viewing security and controls as business enablers and desktop firewall technology plays a critical role in safeguarding corporate assets. In a fast-paced area where the new generation of applications and services are growing more complex each day, it is critical to understand characteristics that affect selection of end-user security products in enterprises. This study addresses a small but important area of safeguarding enterprise information security by using personal firewalls. As has been previously noted, limited research exists beyond the current study that explores behavioral aspects of information security. This study holds importance for professionals tasked with evaluating and selecting security products for company wide deployment. As the area of information security gains increased importance due to the strategic role of technology in organizations, and current events impact areas such as disaster recovery and enterprise continuity planning, a study of end-users to determine their perceptions about selection of technology controls in organizations is critical for protecting organizational assets. More research needs to be done in the area of perception of users towards other security software (such as anti-virus, intrusion detection, virtual private network software, and encryption products), and, due to varying security needs in different industries, studies could also be industry and product specific. While the findings should be considered preliminary, the results raise interesting observations about issues uncovered regarding security perceptions of feature requirements in personal firewalls. Information security is a dynamic area and, in this environment, this exploratory study contributes to evolving research by identifying variables from theoretical literature and using an empirical technique to study issues that affect safeguarding vital assets of an organization from internal and external threats. Recommendation It is recommended that in order to provide better evidence of factors that affect deployment of technology tools that create awareness of security issues and produce better informed employees, research into behavioral factors also needs to be conducted to gain insight into programs and processes that will lead to the development of a robust enterprise security strategy. Information security awareness research has been mostly descriptive and has not explored the possibilities offered by motivation/behavioral theories, or the related theory of planned behavior and the technology acceptance model, specifically in the information security domain (Mathieson, 1991 ; Siponen, 2000; Legris, Ingham, Collerette, 2003). Since security has been deployed at the perimeter of electronic network and on servers by system administrators, the area of information security has ignored users of information systems since software developers are far removed from how the user will interact with security software. Human compliance with information security rules require an understanding of how people work and think (Highland, 1993). Lane (1985) considers the human factor to be the first and most important component of security and a critical part of the risk analysis process. This is especially true in personal firewall software since the burden of maintaining a secure environment is being shared by the user and the system administrator. REFERENCES Baroudi, J., Oison, M., Ives, B. (1986). An empirical study of the impact of user involvement on system usage and information satisfaction. Communications of the ACM, 29(3), 785-793. Briggs, R.O., Balthazard, P.A., Dennis, A.R. (1996). Graduate business students as surrogates for executives in the evaluation of technology. Journal of End-user Computing, 8(4), 11-17. Brown, S.R. (1980). Political subjectivity: Applications of Q methodology in political science. New Haven, Connecticut: Yale University Press. Brown, S.R. (1986). Q-technique and method: Principles and procedures. In W.D. Berry M.S. Lewis-Beck (eds.), New Tools for Social Scientists: Advances and Applications in Research Methods. Beverly Hills, CA: Sage Publications. Chiasson, M., Lovato, C. (2001). Factors influencing the formation of a users perceptions and use of a DSS software innovation. ACM SIGMS Database, 32(3), 16-35. Clarke, R. (2002, February). Forum on technology and innovation: Sponsored by Sen. BillFrist (R-TN), Sen. Jay Rockefeller (D-WV), and the Council on Competitiveness. Retrieved October 28,2003, from hap:/ /www. techlawjournal, com/security/ 20020214.asp Deise, M., Nowikow, C., King, P., Wright, A. (2000). Executive s guide to e-business: From tactics to strategy. New York: John Wiley Sons. Dhillon, G., Blackhouse, J. (2001). Current directions in IS security research: Toward socio-organizational perspectives. Information Systems Journal, 11(2), 127-153. Enns, H., Huff, S., Golden, B. (2003). CIO influence behaviors: The impact of technical background. Information and Management, 40(5), 467-485. Gery, G. (1997). Granting three wishes through performance-centered design. Communications of the ACM, 40(7), 54-59. Good, N., Krekelberg, A. (2002). Usability and privacy: A study of Kazaa P2P file-sharing. Retrieved November 12, 2003, from http:// www. hpl. hp. com/shl/papers/kazaa/ Goodhue, D.L., Straub, D.W. (1991). security concerns of system users: A study of perceptions of the adequacy of security measures. Information Management, 20(1), 13-27. Grantham, C., Vaske, J. (1985). Predicting the usage of an advanced communication technology. Behavior and Information Technology, 4(4), 327-335 Hackbarth, G., Grover, V, Yi, M. (2003). Computer playfulness and anxiety: Positive and negative mediators of the system experience effect on perceived ease-of-use. Information and Management, 40(3), 221-232. Hazari, S. (2000). Firewalls for beginners. Retrieved December 17,2003, from http://online.securityfocus.com/ infoc Heiser, J. (2002, April). Go figure: Can you trust infosecurity surveys? Information security, 27-28.us/1182. Highland, HJ. (1993). A view of information security tomorrow. In E.G. Dougall (ed.), Computer security. Holland: Elsevier. Ives, B., Olson, M., Baroudi, J. (1983). The measurement of user information satisfaction. Communications of the ACM, 25(10), 785-793. Kettinger, W., Lee, C. (2002). Understanding the IS-User divide in IT innovation. Communications of the ACM, 45(2), 79-84. Kline, P. (1994). An easy guide to factor analysis. London: Rutledge Lane, YP. (1985). security of computer based information systems. London: Macmillan. Legris, P., Ingham, J., Collerette, P. (2003). Why do people use information technology? A critical review of the technology acceptance model. Information and Management, 40(3), 191-204. Mahmood, M.A., Burn, J.M., Gemoets, L.A., Jacquez, C. (2000). Variables affecting information technology enduser satisfaction: Ameta-analysis of the empirical literature. IntemationalJournal of Human-Computer Studies, 52, 751-771. Maiden, N., Ncube, C., Moore, A. (1997). Lessons learned during requirements acquisition for COTS systerns. Communications of the ACM, 40(12), 21-25. Mathieson, K. (1991). Predicting user intentions: Comparing the technology acceptance model with the theory of planned behavior. Information Systems Research, 3(2), 173-191. Murphy, B., Boren, R., Schlarman, S. (2000). Enterprise security architecture. CRC Press. Retrieved November 2, 2003, from http://www.pwcglobal.com Nelson P., Richmond W. , Seidmann A., (1996). Two dimensions of software acquisition. Communications of the ACM, 39(1), 29-35. Northcutt, S., McLachlan, D., Novak, J. (2000). Network intrusion detection: An analysts handbook (2nd ed.). IN: New Riders Publishing. Saita, A. (2001, June). Understanding peopleware. Information security, 72-80. Siponen, M.T. (2000). A conceptual foundation for organizational information security awareness. Information Management security, 5(1), 31-41. Strassberg, K., Rollie, G., Gondek, R. (2002). Firewalls: The complete reference. NY: Osborne McGraw-Hill. Straub, D.W., Welke, RJ. (1988). Coping with systems risk: security planning models for management decision making. MS Quarterly, 22(4), 441-469. Zwicky, E., Cooper, S., Chapman, D., Russell, D. (2000). Building Internet firewalls (2nd ed.). CA: OReilly.

Economic Rehabilitation and Modernisation in China

Economic Rehabilitation and Modernisation in China ECONOMIC REHABILITATION AND MODERNISATION PROGRAMME 1.  Post Mao Interlude (a) Fall of the Gang of Four, leadership under Deng Xiaoping restated the modernization program. (b) They also set new policies for accomplishing the Four Modernizations which was to turn the nation into a relatively advanced industrialized nation by the year 2000. The modernizations was to be in the field of industry, agriculture, science and technology, and national defence. (c) The new policies reinforced the authority of economic decision makers and managers at the expense of party officials, and called for expansion of the research and education systems . (d) Foreign trade was intended to be increased, and exchanges of foreign experts and students with developed countries was encouraged. It called for high rates of growth in both agriculture and industry. (e) The economy was reformed to a market oriented economy. 2.  Reforms in Agriculture Sector. (a) Maos policy of self-reliance was relaxed, and his motto grow grain everywhere was abandoned. (b) Communities were restructured into the responsible system wherein farmers no longer devoted maximum of their efforts in collective production but farmers were allowed to decide for themselves how and what to produce. (c) The constraints on the movements of rural populations was relaxed. Towns, villages, and groups of families referred to as rural economic unions established factories, processing units, construction teams, catering services, and other nonagricultural concerns. (d) A system of specialized households’ was made wherein free farmers markets in the urban areas and in the countryside were established. (e) Rural cadres implemented an entirely new system to motivate farmers, called ‘Baogan’ system. (f) The rural banking system (Agricultural Bank and Rural Credit Cooperatives) was restored and extended[1]. (g) However, the major change was after 1978 farm families were permitted to invest funds, and their investments in small tractors, rural industries, and housing were substantial. (h) Rural marketing system improved significantly in the post Mao period. The policy of selling the farm to local state came to an end. People had several options of selling the surpluses to local market or to state or consumed on the farm. Rural markets which were disbanded during the Cultural Revolution were reopened. 3.  Reforms in Industrial Sector. (a) The impetus to reforms were based on the framework of ‘Four Modernizations and industrial policies outlined by Deng Xiaoping. These included strengthening management and managerial rules, restoring the status of engineers and technicians, providing clear directives for realizing the eight planning targets ( output volume , product type, quality , consumption of materials and fuel, labor productivity, costs, profits and use of liquid capital) , greater regional coordination, firmer central planning and tighter control of investment policy and increased import of foreign technology[2]. (b) Emphasis on rapid industrial development was given and a group of 120 key large scale projects was central to the plan which aimed at lifting the rate of growth to the value of industrial output to 10 percent a  year and at large increases in the areas of power, fuels, raw materials and transport and communications including doubling the output of steel[3]. (c) In 1978 policy of ‘Thirty points’ was envisaged which included rules for enterprise management and post responsibility , state plans was to be fulfilled based on ‘five sixes’ ( fixed nature and scale of production, fixed personnel and organization ,fixed consumption and supply quotas, fixed capital allocation and relation of cooperation with other enterprises)[4]. (d) In 80’s the growth of mixed economy with complementarity’s between the plan and market competition was promoted[5]. (e) Mandatory planning covered sixty products such as coal, crude oil, nonferrous metals, timber, cement, basic industrial chemicals, chemical fertilizers, machines and electrical equipment, fibers, newsprint, cigarettes, and defense products. (f) Under the reforms of Guidance planning, enterprises try to meet the states planned goals but also make their own arrangements for production and sales based on the orientation of the states plan, the availability of raw and unfinished materials and energy supplies, and the demands on the market. (g) Urban, collectively owned enterprises (owned by the workers) for the most part were small units equipped with relatively little machinery. Many of these units were engaged in handicraft production or other labor-intensive activities, such as manufacturing furniture or assembling simple electrical items. (h) Rural, collectively owned industrial enterprises commonly referred to as township enterprises were the most rapidly growing portion of the industrial sector in the mid-1980s. The government regarded them as a means of expanding industrialization[6]. 4.  Development of Infrastructure. (a) China had inadequate transportation systems which hindered the movement of coal from mine to user, the transportation of agricultural and light industrial products from rural to urban areas, and the delivery of imports and exports. As a result, the underdeveloped transportation  system constrained the pace of economic development throughout the country. From 1980s onwards the updating of transportation systems was given priority[7]. (b)  Development of Railroads. (i) Priority was given to link all provinces of the country, by railroads. Many double-track lines, electrified lines, special lines, and bridges were added to the system. (ii) National highways linked provincial-level capitals with Beijing and major ports. (iii) Roads were built between large, medium, and small towns as well as between towns and railroad connections. (iv) Contract system for the management of railroad lines was introduced in China. (c)  Development of Waterways. (i) The maritime fleet made hundreds of port calls in virtually all parts of the world, but the inadequate port and harbor facilities at home still caused major problems. (ii) Port construction also was listed as a priority project in the plan. The combined accommodation capacity of ports was to be increased by 200 million tons. (d)  Development of Airways. (i) Civil aviation underwent tremendous development during the 1980s. Domestic and international air service was greatly increased. (ii) The plan also called for updating passenger and freight transportation and improving railroad, waterways, and air transportation. To achieve these goals, the government planned to increase state and local investment as well as to use private funds. 5.  Reforms in Trade Policies, Foreign Trade and Emerging New Market. (a) Abandonment of policy of ‘ Self Reliance’. Between 1975-80 China got into new trade activities, seeking to import technology, borrow money, request aid and adopt fresh methods of earning foreign exchange. (b) Policies were framed to bring in foreign technology and capital with minimum expenditure[8]. (c) To earn more foreign currency and to conserve foreign exchange reserves, foreign capital was also used to expand production of export commodities, such as textiles, and of import substitutes, such as consumer goods. (d) China has adopted a variety of measures to promote its foreign economic relations, maximizing the role of imports, exports, and foreign capital in economic development. Foreign trade organizations were reorganized, and control of imports and exports was relaxed or strengthened depending on the balance of trade and the level of foreign exchange reserves. (e) China joined a number of economic organizations, becoming a member of the World Bank, International Monetary Fund, the Asian Development Bank, the General Agreement on Tariffs and Trade (GATT). (f) Most loans went into infrastructure projects, such as energy and transportation, and funded raw materials imports. (g) Legal and institutional frameworks to facilitate foreign investment and trade also were created. Laws on taxation, joint ventures, foreign investments, and related areas were promulgated to encourage foreign investment. (h) Special economic zones were created .The special economic zones essentially were export-processing zones designed to attract foreign investment, expand exports, and import technology and expertise. (j) China took steps to decentralize its foreign trading system and integrate itself into the world trading system. In November 1991, China joined the Asia Pacific Economic Cooperation (APEC) group, which promotes free trade and cooperation in the economic, trade, investment, and technology spheres. (k) China formally joined the WTO in December 2001.On joining China agreed to lower tariffs and abolish market impediments after it joins the WTO. (l) Chinas global trade totaled 1384 billion dollars in 2005; the trade surplus stood at 60 billion dollars. Chinas primary trading partners include Japan, the EU, the United States, South Korea, Hong Kong, and Taiwan. According to U.S. statistics, China had a trade surplus with the U.S. of 150 billion dollars in 2005. 6.  Foreign Investment (a) Foreign investment was stalled in 1989 in the aftermath of Tiananmen. In response, the government introduced legislation and regulations designed to encourage foreigners to invest in high-priority sectors and regions. (b) In 1990, the government eliminated time restrictions on the establishment of joint ventures and allowed foreign partners to become chairman of joint venture boards. (c) In 1991, China granted more preferential tax treatment for wholly foreign-owned businesses and contractual ventures and for foreign companies which invest in selected economic zones or in projects encouraged by the state, such as energy, communications, and transportation. (d) China revised significantly its laws on Wholly Foreign-Owned Enterprises and China Foreign Equity Joint Ventures in 2000 and 2001, easing export performance and domestic content requirements. In 2005, China received nearly 53 billion dollars in foreign direct investment, making it the number one recipient of FDI in the world. 7. Energy and Mineral Resources. New energy policy was formalized which included development of indigenous oil and gas reserves, development of domestic oil and gas markets, diversification of energy sources, diversification of imported energy suppliers, encouragement of energy conservation and efficient energy use. (b) Reforms carried out to improve energy efficiency and promote the use of clean coal technology. Only one-fifth of the new coal power plant capacity installed from 1995 to 2000 included desulphurization equipment. (c) It has opened oil and gas industry. The offshore petroleum industry has also been developed with foreign investment. (d) Refining capacity is also being increased. Storage and pipeline facilities are being increased and new ones are being added. (e) China has developed a sound energy policy by diversifying its energy linkages and relationship through investment attraction , incentives for technology and dialogue with energy resource economy. 8.  Development of Science and Technology. (a) The Cultural Revolution had removed an entire generation from access to university and professional training, creating a gap in the age distribution of the scientific work force. (b) However since 1978 China encouraged experimentation in its science and technology system as a means of arriving at reforms. (c) In restructuring the science and technology system emphasis was placed on encouraging partnership between research, educational and designing institution on one hand and production units on the other and on strengthening the enterprises capability for technology absorption and  development .More power for decision making was granted to research institutes. (d) The long term policy of China’s science and technology development was to open to outside world and establish contact with other countries. [1] Agriculturereforms www.country-data.com [2] Jack gray and Gordon White op.cit p.91 [3] Jack gray and Gordon White op.cit p.92 [4] Jack gray and Gordon White op.cit p.95 [5] Jack gray and Gordon White op.cit p.98 [6]China’s economy www.country-data.com 1987 [7] ibid [8] Jack gray and Gordon White op.cit p.149