Free Essay

It Didn't Have the Data

In: Computers and Technology

Submitted By tiffy5858
Words 3672
Pages 15
1.1 Purpose and Scope
The information security concern regarding information disposal and media sanitization resides not in the media but in the recorded information. The issue of media disposal and sanitization is driven by the information placed intentionally or unintentionally on the media. Electronic media used on a system should be assumed to contain information commensurate with the security categorization of the system’s confidentiality. If not handled properly, release of these media could lead to an occurrence of unauthorized disclosure of information. Categorization of an information technology (IT) system in accordance with Federal Information Processing Standard
(FIPS) 199, Standards for Security Categorization of Federal Information and Information
Systems1
, is the critical first step in understanding and managing system information and media.
Based on the results of categorization, the system owner should refer to NIST Special
Publication (SP) 800-53 Revision 4, Security and Privacy Controls for Federal Information
Systems and Organizations2
, which specifies that “the organization sanitizes information system digital media using approved equipment, techniques, and procedures. The organization tracks, documents, and verifies media sanitization and destruction actions and periodically tests sanitization equipment/procedures to ensure correct performance. The organization sanitizes or destroys information system digital media before its disposal or release for reuse outside the organization, to prevent unauthorized individuals from gaining access to and using the information contained on the media.”
This document will assist organizations in implementing a media sanitization program with proper and applicable techniques and controls for sanitization and disposal decisions, considering the security categorization of the associated system’s confidentiality.
The objective of this special publication is to assist with decision making when media require disposal, reuse, or will be leaving the effective control of an organization. Organizations should develop and use local policies and procedures in conjunction with this guide to make effective, risk-based decisions on the ultimate sanitization and/or disposition of media and information.
The information in this guide is best applied in the context of current technology and applications. It also provides guidance for information disposition, sanitization, and control decisions to be made throughout the system life cycle. Forms of media exist that are not addressed by this guide, and media are yet to be developed and deployed that are not covered by this guide. In those cases, the intent of this guide outlined in the procedures section applies to all forms of media based on the evaluated security categorization of the system’s confidentiality according to FIPS 199.
1 Federal Information Processing Standards (FIPS) Publication 199 Standards for Security Categorization of Federal
Information and Information Systems, February 2004, 13 pp. http://csrc.nist.gov/publications/PubsFIPS.html#199.
2 NIST Special Publication (SP) 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and
Organizations, April 2013 (includes updates as of January 15, 2014), 460 pp. http://dx.doi.org/10.6028/NIST.SP.800-53r4.
1

NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization
Before any media are sanitized, system owners are strongly advised to consult with designated officials with privacy responsibilities (e.g., Privacy Officers), Freedom of Information Act
(FOIA) officers, and the local records retention office. This consultation is to ensure compliance with record retention regulations and requirements in the Federal Records Act. In addition, organizational management should also be consulted to ensure that historical information is captured and maintained where required by business needs. This should be ongoing, as controls may have to be adjusted as the system and its environment changes.
1.2 Audience
Protecting the confidentiality of information should be a concern for everyone, from federal agencies and businesses to home users. Recognizing that interconnections and information exchange are critical in the delivery of government services, this guide can be used to assist in deciding what processes to use for sanitization or disposal.
1.3 Assumptions
The premise of this guide is that organizations are able to correctly identify the appropriate information categories, confidentiality impact levels, and location of the information. Ideally, this activity is accomplished in the earliest phase of the system life cycle.3 This critical initial step is outside the scope of this document, but without this identification, the organization will, in all likelihood, lose control of some media containing sensitive information.
This guide does not claim to cover all possible media that an organization could use to store information, nor does it attempt to forecast the future media that may be developed during the effective life of this guide. Users are expected to make sanitization and disposal decisions based on the security categorization of the information contained on the media.
1.4 Relationship to Other NIST Documents
The following NIST documents, including FIPS and Special Publications, are directly related to this document:
 FIPS 199 and NIST SP 800-60 Revision 1, Guide for Mapping Types of Information and
Information Systems to Security Categories4
, provide guidance for establishing the security categorization for a system’s confidentiality. This categorization will impact the level of assurance an organization should require in making sanitization decisions.
3 NIST SP 800-64 Revision 2, Security Considerations in the Systems Development Life Cycle, October 2008, 67 pp. http://csrc.nist.gov/publications/PubsSPs.html#800-64. 4 NIST SP 800-60 Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories,
August 2008, 2 vols. http://csrc.nist.gov/publications/PubsSPs.html#800-60.
2

NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization
 FIPS 200, Minimum Security Requirements for Federal Information and Information
Systems5
, sets a base of security requirements that requires organizations to have a media sanitization program.
 FIPS 140-2, Security Requirements for Cryptographic Modules6
, establishes a standard for cryptographic modules used by the U.S. Government.
 NIST SP 800-53 Revision 4 provides minimum recommended security controls, including sanitization, for Federal systems based on their overall system security categorization.  NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in Federal
Information Systems and Organizations: Building Effective Security Assessment Plans7
,
provides guidance for assessing security controls, including sanitization, for federal systems based on their overall system security categorization.
 NIST SP 800-111, Guide to Storage Encryption Technologies for End User Devices8
,
provides guidance for selecting and using storage encryption technologies.
 NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable
Information (PII)9
, provides guidance for protecting the confidentiality of personally identifiable information in information systems.
1.5 Document Structure
The guide is divided into the following sections and appendices:
 Section 1 (this section) explains the authority, purpose and scope, audience, assumptions of the document, relationships to other documents, and outlines its structure.
 Section 2 presents an overview of the need for sanitization and the basic types of information, sanitization, and media.
5 FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006, 17 pp. http://csrc.nist.gov/publications/PubsFIPS.html#200. 6 FIPS 140-2, Security Requirements for Cryptographic Modules, May 25, 2001 (includes change notices through December 3,
2002), 69 pp. http://csrc.nist.gov/publications/PubsFIPS.html#140-2.
7 NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations:
Building Effective Security Assessment Plans, June 2010, 399 pp. http://csrc.nist.gov/publications/PubsSPs.html#800-53A.
8 NIST SP 800-111, Guide to Storage Encryption Technologies for End User Devices, November 2007, 40 pp. http://csrc.nist.gov/publications/PubsSPs.html#800-111. 9 NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), April 2010, 59 pp. http://csrc.nist.gov/publications/PubsSPs.html#800-122. 3 NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization
 Section 3 provides an overview of relevant roles and responsibilities for the management of data throughout its lifecycle.
 Section 4 provides the user with a process flow to assist with sanitization decision making.  Section 5 summarizes some general sanitization techniques.
 Appendix A specifies the minimum recommended sanitization techniques to Clear,
Purge, or Destroy various media. This appendix is used with the decision flow chart provided in Section 4.
 Appendix B defines terms used in this guide.
 Appendix C lists tools and external resources that can assist with media sanitization.
 Appendix D contains considerations for selecting a storage device implementing
Cryptographic Erase.
 Appendix E identifies a set of device-specific characteristics of interest that users should request from storage device vendors.
 Appendix F contains a bibliography of sources and correspondence that was essential in developing this guide.
 Appendix G provides a sample certificate of sanitization form for documenting an organization’s sanitization activities.
4
NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization
2 Background
Information disposition and sanitization decisions occur throughout the information system life cycle. Critical factors affecting information disposition and media sanitization are decided at the start of a system’s development. The initial system requirements should include hardware and software specifications as well as interconnections and data flow documents that will assist the system owner in identifying the types of media used in the system. Some storage devices support enhanced commands for sanitization, which may make sanitization easier, faster, and/or more effective. The decision may be even more fundamental, because effective sanitization procedures may not yet have been determined for emerging media types. Without an effective command or interface-based sanitization technique, the only option left may be to destroy the media. In that event, the media cannot be reused by other organizations that might otherwise have been able to benefit from receiving the repurposed storage device.
A determination should be made during the requirements phase about what other types of media will be used to create, capture, or transfer information used by the system. This analysis, balancing business needs and risk to confidentiality, will formalize the media that will be considered for the system to conform to FIPS 200.
Media sanitization and information disposition activity is usually most intense during the disposal phase of the system life cycle. However, throughout the life of an information system, many types of media, containing data, will be transferred outside the positive control of the organization. This activity may be for maintenance reasons, system upgrades, or during a configuration update.
2.1 Need for Proper Media Sanitization and Information Disposition
Media sanitization is one key element in assuring confidentiality. Confidentiality is defined as
“preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…”10 Additionally, “a loss of confidentiality is the unauthorized disclosure of information.”11
In order for organizations to have appropriate controls on the information they are responsible for safeguarding, they must properly safeguard used media. An often rich source of illicit information collection is either through dumpster diving for improperly disposed hard copy media, acquisition of improperly sanitized electronic media, or through keyboard and laboratory reconstruction of media sanitized in a manner not commensurate with the confidentiality of its information. Media flows in and out of organizational control through recycle bins in paper form, out to vendors for equipment repairs, and hot swapped into other systems in response to hardware or software failures. This potential vulnerability can be mitigated through proper understanding of where information is located, what that information is, and how to protect it.
10 “Definitions,” Title 44 U.S.Code, Sec. 3542. 2006 ed. Supp. 5. Available: http://www.gpo.gov/; accessed 7/21/2014.
11 FIPS 199, p.2.
5

NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization
2.2 Types of Media
There are two primary types of media in common use:
 Hard Copy. Hard copy media are physical representations of information, most often associated with paper printouts. However, printer and facsimile ribbons, drums, and platens are all examples of hard copy media. The supplies associated with producing paper printouts are often the most uncontrolled. Hard copy materials containing sensitive data that leave an organization without effective sanitization expose a significant vulnerability to “dumpster divers” and overcurious employees, risking unwanted information disclosures.
 Electronic (i.e., “soft copy”). Electronic media are devices containing bits and bytes such as hard drives, random access memory (RAM), read-only memory (ROM), disks, flash memory, memory devices, phones, mobile computing devices, networking devices, office equipment, and many other types listed in Appendix A.
In the future, organizations will be using media types not specifically addressed by this guide.
The processes described in this document should guide media sanitization decision making regardless of the type of media in use. To effectively use this guide for all media types, organizations and individuals should focus on the information that could possibly have been recorded on the media, rather than on the media itself.
2.3 Trends in Data Storage Media
Historical efforts to sanitize magnetic media have benefitted from the wide use of a single common type of storage medium implemented relatively similarly across vendors and models.
The storage capacity of magnetic media has increased at a relatively constant rate and vendors have modified the technology as necessary to achieve higher capacities. As the technology approaches the superparamagnetic limit, or the limit at which magnetic state can be changed with existing media and recording approaches, additional new approaches and technologies will be necessary in order for storage vendors to produce higher capacity devices.
Alternative technologies such as flash memory-based storage devices, or Solid State Drives
(SSDs), have also become prevalent due to falling costs, higher performance, and shock resistance. SSDs have already begun changing the norm in storage technology, and—at least from a sanitization perspective—the change is revolutionary (as opposed to evolutionary).
Degaussing, a fundamental way to sanitize magnetic media, no longer applies in most cases for flash memory-based devices. Evolutionary changes in magnetic media will also have potential impacts on sanitization. New storage technologies, and even variations of magnetic storage, that are dramatically different from legacy magnetic media will clearly require sanitization research and require a reinvestigation of sanitization procedures to ensure efficacy.
Both revolutionary and evolutionary changes make sanitization decisions more difficult, as the storage device may not clearly indicate what type of media is used for data storage. The burden falls on the user to accurately determine the media type and apply the associated sanitization procedure. 6
NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization
2.4 Trends in Sanitization
For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data. One major drawback of relying solely upon the native
Read and Write interface for performing the overwrite procedure is that areas not currently mapped to active Logical Block Addressing (LBA) addresses (e.g., defect areas and currently unallocated space) are not addressed. Dedicated sanitize commands support addressing these areas more effectively. The use of such commands results in a tradeoff because although they should more thoroughly address all areas of the media, using these commands also requires trust and assurance from the vendor that the commands have been implemented as expected.
Users who have become accustomed to relying upon overwrite techniques on magnetic media and who have continued to apply these techniques as media types evolved (such as to flash memory-based devices) may be exposing their data to increased risk of unintentional disclosure.
Although the host interface (e.g. Advanced Technology Attachment (ATA) or Small Computer
System Interface (SCSI)) may be the same (or very similar) across devices with varying underlying media types, it is critical that the sanitization techniques are carefully matched to the media. Destructive techniques for some media types may become more difficult or impossible to apply in the future. Traditional techniques such as degaussing (for magnetic media) become more complicated as magnetic media evolves, because some emerging variations of magnetic recording technologies incorporate media with higher coercivity (magnetic force). As a result, existing degaussers may not have sufficient force to effectively degauss such media.
Applying destructive techniques to electronic storage media (e.g., flash memory) is also becoming more challenging, as the necessary particle size for commonly applied grinding techniques goes down proportionally to any increases in flash memory storage density. Flash memory chips already present challenges with occasional damage to grinders due to the hardness of the component materials, and this problem will get worse as grinders attempt to grind the chips into even smaller pieces.
Cryptographic Erase (CE), as described in Section 2.6, is an emerging sanitization technique that can be used in some situations when data is encrypted as it is stored on media. With CE, media sanitization is performed by sanitizing the cryptographic keys used to encrypt the data, as opposed to sanitizing the storage locations on media containing the encrypted data itself. CE techniques are typically capable of sanitizing media very quickly and could support partial sanitization, a technique where a subset of storage media is sanitization. Partial sanitization, sometimes referred to as selective sanitization, has potential applications in cloud computing and mobile devices. However, operational use of CE today presents some challenges. In some cases, it may be difficult to verify that CE has effectively sanitized media. This challenge, and possible approaches, is described in Section 4.7.3. If verification cannot be performed, organizations should use alternative sanitization methods that can be verified, or use CE in combination with a sanitization technique that can be verified.
A list of device-specific characteristics of interest for the application of sanitization techniques is
7
NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization included in Appendix E. These characteristics can be used to drive the types of questions that media users should ask vendors, but ideally this information would be made readily available by vendors so that it can be easily retrieved by users to facilitate informed risk based sanitization decisions. For example, knowing the coercivity of the media can help a user decide whether or not the available degausser(s) can effectively degauss the media.
2.5 Types of Sanitization
Regarding sanitization, the principal concern is ensuring that data is not unintentionally released.
Data is stored on media, which is connected to a system. This guidance focuses on the media sanitization component, which is simply data sanitization applied to a representation of the data as stored on a specific media type. Other potential concern areas exist as part of the system, such as for monitors, which may have sensitive data burned into the screen. Sensitive data stored in areas of the system other than storage media (such as on monitor screens) are not addressed by this document.
When media is repurposed or reaches end of life, the organization executes the system life cycle sanitization decision for the information on the media. For example, a mass-produced commercial software program contained on a DVD in an unopened package is unlikely to contain confidential data. Therefore, the decision may be made to simply dispose of the media without applying any sanitization technique. Alternatively, an organization is substantially more likely to decide that a hard drive from a system that processed PII needs sanitization prior to
Disposal.
Disposal without sanitization should be considered only if information disclosure would have no impact on organizational mission, would not result in damage to organizational assets, and would not result in financial loss or harm to any individuals.
The security categorization of the information, along with internal environmental factors, should drive the decisions on how to deal with the media. The key is to first think in terms of information confidentiality, then apply considerations based on media type.
In organizations, information exists that is not associated with any categorized system. This information is often hard copy internal communications such as memoranda, white papers, and presentations. Sometimes this information may be considered sensitive. Examples may include internal disciplinary letters, financial or salary negotiations, or strategy meeting minutes.
Organizations should label these media with their internal operating confidentiality levels and associate a type of sanitization described in this publication.
Sanitization is a process to render access to target data (the data subject to the sanitization technique) on the media infeasible for a given level of recovery effort. The level of effort applied when attempting to retrieve data may range widely. For example, a party may attempt simple keyboard attacks without the use of specialized tools, skills, or knowledge of the media characteristics. On the other end of the spectrum, a party may have extensive capabilities and be able to apply state of the art laboratory techniques.
8
NIST SP 800-88 Rev. 1 Guidelines for Media Sanitization
Clear, Purge, and Destroy are actions that can be taken to sanitize media. The categories of sanitization are defined as follows:
 Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state
(where rewriting is not supported).
 Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques.
 Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data.
A more detailed summary of sanitization techniques is provided in Section 5. Sanitization requirements for specific media/device types are provided in Appendix A.
It is suggested that the user of this guide categorize the information, assess the nature of the medium on which it is recorded, assess the risk to confidentiality, and determine the future plans for the media. Then, the organization can choose the appropriate type(s) of sanitization. The selected type(s) should be assessed as to cost, environmental impact, etc., and a decision should be made that best mitigates the risk to confidentiality and best satisfies other constraints imposed on the process.…...

Similar Documents

Premium Essay

Why Didn't We Know

...Why Didn’t We Know? Table of Contents Problem Identification ……………………………………………………………….…… 3 Ineffective Communication Ineffective Listening Abilities Ineffective Development of project team Situation Analysis …………………………………………………………………….…… 4 Ineffective Communication Ineffective Listening Abilities Ineffective Development of project team Recommendations ………………………………………………………………………..... 6 Ineffective Communication Ineffective Listening Abilities Ineffective Development of project team References ……………………………………………………………………………..…... 8 Problem Identification In the Harvard Business Review Case Study, “Why Didn’t We Know?” Ralph Hasson describes circumstances where communication, listening, and the development of a sales team could have greatly circumvented a lawsuit against the Galvatrens Company. Three of the problem areas that affect this case are, ineffective communication skills, ineffective listening abilities, and the ineffective development of the sales team. Ineffective Communication Engleberg & Wynn identifies communication as an instrument used by members of a group to share information and opinions, make decisions, solve problems, and develop interpersonal relationships. (Engleberg & Wynn, 2013, p. 5). The managers and employees of Galvatrens lack these communication skills and have caused major issues throughout the organization. In this article, it shows Galvatrens lacking in......

Words: 1494 - Pages: 6

Premium Essay

What If Christianity Didn't Spread

...replacing other forms of religion practiced under Roman rule. During the Middle Ages, most of the remainder of Europe was Christianized. The Catholic Church, one of the most powerful organizations on the planet would never have existed, because of that King Henry VIII wouldn't have separated from the church. Protestants wouldn't exist if King Henry VIII didn’t separate, half of the revolutions that took place wouldn't have happened, and several other religions wouldn't exist. Most of the people would still be in polytheistic religions. Christianity is one of the biggest monotheistic religions all over the world; it has influenced almost every aspect of our daily lives. If Christianity didn’t spread, I could not imagine our life today. Some people say that without Christianity, our technology would be far greater than it is now because Science was held back during the Medieval days and scientists we’re persecuted during those times. It was a dark age for science. Some people would say that if it was not for Christianity we’d all be living in chaos and would still live like our barbaric ancestors. I believe that if Christianity didn’t spread out, we’d all be stuck up and wouldn’t be really living our lives because we don’t have a purpose. We don’t have that sense of fulfillment when we do something because it seems like everything we would be doing is pointless....

Words: 346 - Pages: 2

Premium Essay

I Didn’t Do It

...I DIDN’T DO IT Abstract This report is comprised of the three primary values/virtues I believe an Ethical leader should poses in the modern business marketplace. 1. Diligence 2. Reliability 3. Forbearance With each of these values I have argued my position using examples of real life incidents where a single decision lead to tragedy. The research was conducted mainly through legally produced documents from each incidents inquiry into the events which caused each independent situation. I have used moral theory to relate these situations to modern business ethics, this gives practical application to ethical decision making and leadership skills. The summation of findings concludes that the values and virtues required of an ethical leader is far more extensive than I originally thought and is not limited to the primary three that I have chosen to argue. Major financial tragedies like the 2008 financial crisis, can only be attributed to unethical decision making. I believe there can be a definitive list, but not limited to, three primary value/virtues of an ethical leader. In the following report I intend to argue for what I believe to be the three values/virtues of leaders ( as section headings) who possess not great decisions making skills, but one step beyond that into ethical decision making skills. I will argue my position through a brief analysis of situations in which a single decision gave way to a multitude of unethical behaviours and even tragedy......

Words: 2773 - Pages: 12

Premium Essay

Why Didn't We Know?

...management and the board respond? HBR CASE STUDY Why Didn’t We Know? by Ralph Hasson COPYRIGHT © 2007 HARVARD BUSINESS SCHOOL PUBLISHING CORPORATION. ALL RIGHTS RESERVED. It was 9:30 in the evening of what had been a very long Friday when the phone rang in Chip Brownlee’s home study. On the line was Arch Carter, the lead director of Galvatrens, the Houston-based consumer products company that Chip had led as chairman and CEO for the past ten years. “I just got your voice mail,” Arch said. “The parts about a lawsuit and accusations that we manipulated our sales numbers certainly got my attention. What’s going on?” “At this point, I don’t know much,” Chip responded, “but I wanted to give you a heads-up. A former divisional sales manager has filed a lawsuit against the company, charging he was wrongfully terminated because he tried to report an illegal scheme to inflate sales.” Chip had received a copy of the lawsuit that afternoon. As he’d read through the complaint, he’d gotten a whole new perspective on the multiple departures that had rocked Sales dur- ing the past four weeks. The plaintiff was Mike Fields, who had left Galvatrens three weeks earlier. He claimed that he’d come across a plan devised by Greg Wilson, another divisional sales manager. According to Mike, Greg had proposed shipping goods to a few of his bigger customers, billing them, and booking the sales— but with a side agreement that they wouldn’t have to take ownership, could return the shipments at any......

Words: 3262 - Pages: 14

Premium Essay

Data

...different ways which depend on personal discretion, political currents, and informal arrangements. The conflict model tries to solve issues with crimes and criminals. This means that, if there were a number of unsolved murders and a murderer was caught, law enforcement would try to convince the offender to confess to the other crimes as well, even if he didn't commit them. This model allows each office to try to reach their own goals for their facility. This model also distorts away from any type of discrimination that may take place, such as fame, promotions, or money. There are several theories of crime which affect society previously and today, one of which being choice theories. Choice theories state that individuals commit crimes because they choose to. Their criminal actions might be because of need, such as a homeless person might try to break into a building for shelter and they might steal food because they are starving. In their mind they determined that commuting a crime was the best choice, rather than starving or freezing to death. In this case, it is still wrong for them to commit this crime however, they have deemed in necessary in their mind to commit this crime in order to survive. Their survival methods kicked in and took over control of their mind and body functions....

Words: 346 - Pages: 2

Premium Essay

Why Didn't We Know

...Case #1 – Team ACT Contributors: Leroy: ineffective development of an effective project team ASSIGNMENT:  Case Analysis – Why didn’t we know, by Ralph Hasson.   DESCRIPTION:  This case study will provide an analysis of the problems and the mechanisms leading up to the accusations against Galvatrens.  Galvatrens is a US based consumer products company.  The company discovers a significant problem within their sales department via a whistleblower that has been fired.  Through this study we will examine the communication breakdown and identify key instances of failure.   Problem Identified -A project team should include managers and team members with interpersonal skills, training and team building to enhance the team’s performance throughout the project (PMI, 2008, p. 232). The sales team for Galvatrens was not successfully developed. There were several flaws in the initial structure of the sales team, the management plan and execution, which led to inefficient management. Situation Analysis -The chain of command within Galvatrens directly affects the development of the sales team. The hierarchy of management has the COO responsible for daily operations, including the sales team, which is not consistent throughout all operations (Hasson, 2007). The next dilemma is with the CEO, Chip Brownlee. He follows the ill advice of the senior vice president of HR, Dale Willis. Dale believes that if something is outside the management’s chains of command it can allow a problem......

Words: 667 - Pages: 3

Premium Essay

Data

...access connect, display and collect information. A database management system allows users the capability to enter data within the database by the use software. This software is designed to manipulate, define, retrieve and manage data in the database. One tier architecture type of database would be Microsoft Access. A desktop computer is an example of what Microsoft Access uses to run a list personal phone numbers and addresses that has been saved in MS Windows “My Document” folders. A tier two architecture database application would be Oracle or SQL server. Also, communication is accomplished through a Microsoft Windows server and are GUI based. The choice of preference used in my workplace is One Tier. Management has access to Microsoft Office, Excel, and Access. Additionally, there are several different databases that are password protected through a web based GUI to get important information about different Dell systems and Dell troubleshooting steps to repair hardware and software issues. To log customer information and other Dell tools the company use Citrix servers that workstations connect with to edit and retrieve data. Because of the large amount of individuals editing information on these servers they become bogged at times and create issues with verification of customer’s information. When the tools we have are not working it makes it much more difficult to provide good customer experience in a reasonable timeframe. ...

Words: 324 - Pages: 2

Free Essay

Data

...Data Collection - Ballard Integrated Managed Services, Inc. (BIMS) Learning Team C QNT/351 September 22, 2015 Michael Smith Data Collection - Ballard Integrated Managed Services, Inc. (BIMS) Identify types of data collected--quantitative, qualitative, or both--and how the data is collected. A survey was sent out to all the employees’ two paychecks prior and a notice to complete the survey was included with their most recent paychecks. After reviewing the surveys that have been returned it was found that the data collected is both quantitative and qualitative. Questions one thru ten are considered qualitative data because the response for those questions are numbered from one (very negative) to five (very positive), which are measurements that cannot be measured on a natural numerical scale. They can only be classified or grouped into one of the categories and are simply selected numerical codes. Then, questions A-D could fall under quantitative data because it can determine the number of employees in each department, whether they are male or female and amount of time employed with the company. From that data it is able to find an average of time employed, then subcategorize by department, gender and if they are a supervisor or manager. Identify the level of measurement for each of the variables involved in the study. For qualitative variable there are a couple levels of measurements. Questions A, C, and D in Exhibit A fall in nominal-level data because when......

Words: 594 - Pages: 3

Free Essay

They Didn't Die in Vein

...They didn’t die in vein, I turn on the news, and the first thing I see is another Police Officer killed, I pull up Facebook and see two Firefighters lost their lives in Kansas. What is this world coming too? What happened to freedom of religion? Several students killed for saying they were Christians in Oregon, I ask again, what is this world coming too? But something I’ve noticed, even after everyone of these tragedies I see one thing in every article, news post, or even just a facebook post. It said “They didn’t die in vein. It took me far to long to realize what that really meant. The courage it takes for anyone in The First responders line of duty is astonishing to me, the willingness to lay their lives down for those they’ve never even met, the willingness to leave their families to save yours. The bravery and faith it took for those Christians in Oregon to say “Yes” when asked if they were a Christian at gun point, even after what they watched happen to the one that first said “Yes”. Then I realize, this is the life I’m choosing, I choose to be a Firefighter, I choose to be a Christians, and I often wonder, if I’m faced with what they were faced with, would I be as willing, as brave, and as faithful as they were. Would I say yes? And one last thing, to the parents that raised these kind of kids, I applaud you. Please know you did something right, and I wonder, if there were more parents like you, would there be as much hurt, and tragedy in this world? I......

Words: 322 - Pages: 2

Premium Essay

Data

...Data - raw facts about things and events Information - transformed data that has value for decision making 1. Persistent - data that resides on stable storage such as a magnetic disk (does not have to be forever - can be deleted or archived when no longer needed) 2. Shared - multiple uses and multiple users 3. Interrelated - data stored as separate units can be connected to provide a whole picture Database Management System - DBMS - A collection of components that supports: 1. creation, user, and maintenance of databases 2. data acquisition, dissemination, retrieval, and formatting Table – a named, two-dimensional arrangement of data. A table consists of two parts: Slide 5 1. heading defining a) table name b) column names 2. body containing rows of data Structured Query Language - SQL – an industry standard database language that includes statements for database definition, database manipulation, and database control. Nonprocedural Database Language - a language such as SQL that allows you to specify the parts of a database to access rather than to code a complex procedure and also does not include looping statements Three Types of SQL Statements Data Definition Language – DDL – SQL statements for database definition Examples: CREATE TABLE, CREATE VIEW, etc. Data Manipulation Language – DML – SQL statements for manipulation of data. Examples: SELECT, INSERT, UPDATE, DELETE, etc. Data Control Language – DCL – SQL statements for database......

Words: 1567 - Pages: 7

Free Essay

Data

...experience with the group. #next chapter RUSHKOFF’S PRINCIPLE OF: I. TIME DO NOT BE “ALWAYS ON”. The First Commandment in Rushkoff’s Program or Be Programmed is “do not be always on.” He proposes that networked digital technology is biased away from continuous time, depending instead on command intervals to parse existence. As the speed and availability of networked connections grow, we become more and more attached to the constant stream of information that is always running, updating to our phones, laptops and inboxes. In this chapter, Rushkoff explores how this tendency to be “always on” changes our ability to engage with the world around us. He reminds us that paying attention to the digital distractions is still a choice and that we don’t have to surrender our time to technology that has no use for it. # “do not be always on” “ h – Rushkoff # #nextchapter h hashnextchapter.com EXPLORE FURTHER WITH THESE LINKS The 10,000 Year Clock Rushkoff’s PDF Study Guide Turkle, Sherry. Alone Together: Why We Expect More from Technology & Less from Each Other. Cambridge, MA.: Basic Books, 2011. “ “live in person” The National Day Of Unplugging – Rushkoff #nextchapter Solnit, Rebecca. 2004. River of Shadows: Eadweard Muybridge and the Technological Wild West. Penguin Books. hashnextchapter.com # 4 h RUSHKOFF’S PRINCIPLE OF: II. PLACE LIVE IN PERSON. The digital world provides the opportunity for interaction between groups of people who may not be physically......

Words: 6071 - Pages: 25

Free Essay

Data

...instructed to backfill with temporary labour. The collated data is being used to investigate the effect of this shift in labour pattern, paying particular attention to staff retention. The table below gives a month by month record of how many staff have been employed, temporary and permanent , how many temporary staff are left at the end of each month compared to how many are left that are on a permanent contract. Month | Temporary staff | permanent staff | total | permanent leavers | Temporary leavers | total leavers | Jan-15 | 166 | 359 | 525 | 7 | 2 | 9 | Feb-15 | 181 | 344 | 525 | 15 | 5 | 20 | Mar-15 | 181 | 344 | 525 | 0 | 7 | 7 | Apr-15 | 204 | 321 | 525 | 23 | 7 | 30 | May-15 | 235 | 290 | 525 | 31 | 12 | 43 | Jun-15 | 238 | 287 | 525 | 3 | 17 | 20 | Jul-15 | 250 | 275 | 525 | 12 | 42 | 54 | Aug-15 | 267 | 258 | 525 | 17 | 23 | 40 | Sep-15 | 277 | 248 | 525 | 10 | 27 | 37 | Oct-15 | 286 | 239 | 525 | 9 | 30 | 39 | Nov-15 | 288 | 237 | 525 | 2 | 34 | 36 | Dec-15 | 304 | 221 | 525 | 16 | 45 | 61 | Jan-16 | 305 | 220 | 525 | 1 | 53 | 54 | Feb-16 | 308 | 217 | 525 | 3 | 57 | 60 | An explanation of how I analysed and interpreted the data To make a comparison between the labour pattern and retention, I placed the above data into a line graph this gives a more of an idea to trends over the period My Findings The actual level of staff has remained constant throughout the data collated, as each job requires a specific amount......

Words: 621 - Pages: 3

Free Essay

To Have or Have Not

...To Have and Have Not – Essay In Ernest Hemingway’s novel, To Have and Have Not, Harry Morgan is portrayed as a fisherman whose life is a struggle between following the law or his own instincts to provide for his family. He is a flawed person who is in a downward spiral and acts on desperation. The American dream applies to Harry Morgan; however, the dream works backwards for Harry and collapses around him. The American dream takes Harry Morgan from something to nothing. Despite this backwards direction Harry Morgan never gives up hope of doing better. Even though Harry Morgan runs liquor, Cubans, and murders people, he is a good man. Harry Morgan’s first business deal with Mr. Johnson does not go the way he had hoped it would. Harry is chartered by Mr. Johnson, who not only skips out without paying for the three weeks he chartered Harry’s boat, but also loses his fishing equipment. “Johnson had fished fifteen days, finally he hooks into a fish a fisherman would give a year to tie into, he loses him, he loses my heavy tackle, he makes a fool of himself and he sits there perfectly content, drinking with a rummy” (Hemingway 22). Even though Mr. Johnson lost all these things, he can still sit on Harry’s boat satisfied with his trip. “…It was my fault. I should have known better” (Hemingway 27). Despite losing income and equipment Harry still has his boat which is how he makes his living and he still has his family. Next Harry Morgan chose to run twelve Chinamen......

Words: 1134 - Pages: 5

Premium Essay

Data

...Discuss the importance of data accuracy. Inaccurate data leads to inaccurate information. What can be some of the consequences of data inaccuracy? What can be done to ensure data accuracy? Data accuracy is important because inaccurate data leads may lead to such things as the closing down of business, it may also lead to the loosing of jobs, and it may also lead to the failure of a new product. To ensure that one’s data is accurate one may double check the data given to them, as well as has more than one person researching the data they are researching. Project 3C and 3D Mastering Excel: Project 3G CGS2100L - Section 856 MAN3065 - Section 846 | | 1. (Introductory) Do you think Taco Bell was treated fairly by the mass media when the allegations were made about the meat filling in its tacos? I think so being that they are serving the people for which I must say that if you are serving the people then it’s in the people rights to know what exactly you are serving them. 2. (Advanced) Do you think the law firm would have dropped its suit against Taco Bell if there were real merits to the case? It’s hard to say but do think that with real merits it would have changed the playing feel for wit real merits whose the say that Taco Bell wouldn’t have had an upper hand in the case. 3. (Advanced) Do you think many people who saw television and newspaper coverage about Taco Bell's meat filling being questionable will see the news about the lawsuit being withdrawn? I doubt......

Words: 857 - Pages: 4

Premium Essay

Sorry I Didn't Mean It

...SORRY I DIDN’T MEAN IT! PSYC 21O Case Study 4-6-2012 BY POLLY JAMES A 6 year old boy brought a gun to school and shot his first grade classmate in the school library. They had a playground scuffle the day before. After the shooting, he threw the gun down and ran out of the room. Does the fact that someone is a certain age affect his or her responsibility for criminal conduct and liability to punishment? Can this be preventable and at what age does this prevention starts? If we look at the provisions of most legal systems, then the clear answer is “Yes,” for the vast majority of systems have rules on the age of criminal responsibility. At the age of 6 years old is the child capable of making a decision to hurt someone or is he merely doing what he has mimic in movies, video games or by life experiences? It also can come from culture and emotional control for example in a God fearing Christian family conflict would never take an aggressive turn such as this but in a non believer environment we would not be surprise of this type of thing to happen. We are aware that at age 6 years old they are not yet capable of planning and analyzing to do harm or are they? So what causes a 6 year old child to commit such an act? When does the impulsiveness take place? Do they actually have perseveration at such an early age (The tendency to persevere in, or......

Words: 659 - Pages: 3