October 20, 2020 Uncategorized

Ingrid Newkirk, co-founder of PETA, on animal rights and the film about her life

Tuesday, November 20, 2007

Last night HBO premiered I Am An Animal: The Story of Ingrid Newkirk and PETA. Since its inception, People for the Ethical Treatment of Animals (PETA) has made headlines and raised eyebrows. They are almost single-handedly responsible for the movement against animal testing and their efforts have raised the suffering animals experience in a broad spectrum of consumer goods production and food processing into a cause célèbre.

PETA first made headlines in the Silver Spring monkeys case, when Alex Pacheco, then a student at George Washington University, volunteered at a lab run by Edward Taub, who was testing neuroplasticity on live monkeys. Taub had cut sensory ganglia that supplied nerves to the monkeys’ fingers, hands, arms, legs; with some of the monkeys, he had severed the entire spinal column. He then tried to force the monkeys to use their limbs by exposing them to persistent electric shock, prolonged physical restraint of an intact arm or leg, and by withholding food. With footage obtained by Pacheco, Taub was convicted of six counts of animal cruelty—largely as a result of the monkeys’ reported living conditions—making them “the most famous lab animals in history,” according to psychiatrist Norman Doidge. Taub’s conviction was later overturned on appeal and the monkeys were eventually euthanized.

PETA was born.

In the subsequent decades they ran the Stop Huntingdon Animal Cruelty against Europe’s largest animal-testing facility (footage showed staff punching beagle puppies in the face, shouting at them, and simulating sex acts while taking blood samples); against Covance, the United State’s largest importer of primates for laboratory research (evidence was found that they were dissecting monkeys at its Vienna, Virginia laboratory while the animals were still alive); against General Motors for using live animals in crash tests; against L’Oreal for testing cosmetics on animals; against the use of fur for fashion and fur farms; against Smithfield Foods for torturing Butterball turkeys; and against fast food chains, most recently against KFC through the launch of their website kentuckyfriedcruelty.com.

They have launched campaigns and engaged in stunts that are designed for media attention. In 1996, PETA activists famously threw a dead raccoon onto the table of Anna Wintour, the fur supporting editor-in-chief of Vogue, while she was dining at the Four Seasons in New York, and left bloody paw prints and the words “Fur Hag” on the steps of her home. They ran a campaign entitled Holocaust on your Plate that consisted of eight 60-square-foot panels, each juxtaposing images of the Holocaust with images of factory farming. Photographs of concentration camp inmates in wooden bunks were shown next to photographs of caged chickens, and piled bodies of Holocaust victims next to a pile of pig carcasses. In 2003 in Jerusalem, after a donkey was loaded with explosives and blown up in a terrorist attack, Newkirk sent a letter to then-PLO leader Yasser Arafat to keep animals out of the conflict. As the film shows, they also took over Jean-Paul Gaultier‘s Paris boutique and smeared blood on the windows to protest his use of fur in his clothing.

The group’s tactics have been criticized. Co-founder Pacheco, who is no longer with PETA, called them “stupid human tricks.” Some feminists criticize their campaigns featuring the Lettuce Ladies and “I’d Rather Go Naked Than Wear Fur” ads as objectifying women. Of their Holocaust on a Plate campaign, Anti-Defamation League Chairman Abraham Foxman said “The effort by PETA to compare the deliberate systematic murder of millions of Jews to the issue of animal rights is abhorrent.” (Newkirk later issued an apology for any hurt it caused). Perhaps most controversial amongst politicians, the public and even other animal rights organizations is PETA’s refusal to condemn the actions of the Animal Liberation Front, which in January 2005 was named as a terrorist threat by the United States Department of Homeland Security.

David Shankbone attended the pre-release screening of I Am An Animal at HBO’s offices in New York City on November 12, and the following day he sat down with Ingrid Newkirk to discuss her perspectives on PETA, animal rights, her responses to criticism lodged against her and to discuss her on-going life’s work to raise human awareness of animal suffering. Below is her interview.

This exclusive interview features first-hand journalism by a Wikinews reporter. See the collaboration page for more details.
Retrieved from “https://en.wikinews.org/w/index.php?title=Ingrid_Newkirk,_co-founder_of_PETA,_on_animal_rights_and_the_film_about_her_life&oldid=4381126”
October 17, 2020 Uncategorized

Marussia F1 test driver Maria de Villota seriously injured in testing accident

Tuesday, July 3, 2012

The Marussia F1 team’s test driver, Spaniard María de Villota, was taken to hospital by air ambulance today after a collision in testing at Duxford Aerodrome.

At the end of her first installation run, the car she was driving had a low-speed collision with the loading ramp of the team’s support truck. According to BBC Cambridgeshire presenter Chris Mann, the car “suddenly accelerated” into the rear of the vehicle. The Marussia team released a statement an hour and a half after the accident, stating that she had been transferred to hospital, and a further statement would be issued once her condition had been assessed.

A spokesman for the East of England ambulance service, Gary Sanderson, said de Villota had “[…] sustained life-threatening injuries and following treatment at the scene by paramedics, she has been taken to Addenbrooke’s Hospital for further care.” According to witnesses, she was motionless for about fifteen minutes as medical teams attended to her, but did move her hands before being taken away from the test track. Medical charity Magpas, whose volunteer paramedics attended the accident, reported she had sustained injuries to her head and face, and was in a ‘stable condition’ when she reached the hospital.

Marussia reported her as conscious later in the afternoon: “Since Maria’s arrival at the hospital at approximately 10.45am this morning, she has been receiving the best medical attention possible at the hospital, which is the region’s major trauma centre. Maria is conscious and medical assessments are ongoing. The team will await the outcome of these assessments before providing further comment. The team’s first priority at this time is Maria and her family.”

De Villota was announced as Marussia’s test driver in March, having prior experience driving for Alan Docking Racing in Superleague Formula in Spain.

Retrieved from “https://en.wikinews.org/w/index.php?title=Marussia_F1_test_driver_Maria_de_Villota_seriously_injured_in_testing_accident&oldid=1554124”
October 10, 2020 Uncategorized

University of Southern California spit test predicts cavities

Monday, February 21, 2005

Los Angeles, California —A simple saliva test can predict whether children will get cavities, how many cavities they will get and which teeth are most vulnerable.

Developed by researchers at the University of Southern California in Los Angeles, the test quantifies the genetic component of tooth decay, spotting the risk when something can be done about it.

“When we apply this to young children, it allows us to predict what might be their future caries history—the number of cavities that they’ll get by, say, their late 20s or early 30s,” says researcher Paul Denny.

Called the Caries Assessment and Risk Evaluation (CARE) test, the test measures the relative proportions in saliva of different types of sugar chains called oligosaccharides. The same sugar chains are present on tooth surfaces.

The effect of sugar chains on teeth’s resistance to disease is analogous to the effect of “good” and “bad” cholesterol on blood vessels. “Good” sugar chains tend to repel bacteria that cause cavities while “bad” allow bacteria to bond to teeth and start the decay process. Unlike cholesterol, however, sugar chain makeup in humans is 100% genetically determined.

Denny and colleagues have found that the sugar chain makeup in saliva can predict a child’s future cavity history to plus or minus one cavity with greater than 98% confidence.

The findings suggest that in developed areas of the modern era genes play a more significant role in tooth decay than in former times or third world nations where gross malnutrition and negligent oral hygiene held the greatest impact on dental health.

[edit]

Retrieved from “https://en.wikinews.org/w/index.php?title=University_of_Southern_California_spit_test_predicts_cavities&oldid=850592”
October 9, 2020 Uncategorized

Chula Vista, California becomes model for blight control laws in the US

Tuesday, October 14, 2008

The San Diego, California suburb of Chula Vista has responded to the recent housing crisis with an aggressive blight control ordinance that compels lenders to maintain the appearance of vacant homes. As foreclosures increase both locally and throughout the United States, the one year old ordinance has become a model for other cities overwhelmed by the problem of abandoned homes that decay into neighborhood eyesores.

Chula Vista city code enforcement manager Doug Leeper told the San Diego Union Tribune that over 300 jurisdictions have contacted his office during the past year with inquiries about the city’s tough local ordinance. Coral Springs, Florida, and California towns Stockton, Santee, Riverside County, and Murietta have all modeled recently enacted anti-blight measures after Chula Vista’s. On Wednesday, 8 October, the Escondido City Council also voted to tighten local measures making lenders more accountable for maintenance of empty homes.

Lenders will respond when it costs them less to maintain the property than to ignore local agency requirements.

Under the Chula Vista ordinance lenders become legally responsible for upkeep as soon as a notice of mortgage default gets filed on a vacant dwelling, before actual ownership of the dwelling returns to the lender. Leeper regards that as “the cutting-edge part of our ordinance”. Chula Vista also requires prompt registration of vacant homes and applies stiff fines as high as US$1000 per day for failure to maintain a property. Since foreclosed properties are subject to frequent resale between mortgage brokers, city officials enforce the fines by sending notices to every name on title documents and placing a lien on the property, which prevents further resale until outstanding fines have been paid. In the year since the ordinance went into effect the city has applied $850,000 in fines and penalties, of which it has collected $200,000 to date. The city has collected an additional $77,000 in registration fees on vacant homes.

Jolie Houston, an attorney in San Jose, believes “Lenders will respond when it costs them less to maintain the property than to ignore local agency requirements.” Traditionally, local governments have resorted to addressing blight problems on abandoned properties with public funds, mowing overgrown lawns and performing other vital functions, then seeking repayment afterward. Chula Vista has moved that responsibility to an upfront obligation upon lenders.

That kind of measure will add additional costs to banks that have been hit really hard already and ultimately the cost will be transferred down to consumers and investors.

As one of the fastest growing cities in the United States during recent years, Chula Vista saw 22.6% growth between 2000 and 2006, which brought the city’s population from 173,556 in the 2000 census to an estimated 212,756, according to the U.S. Census Bureau. Chula Vista placed among the nation’s 20 fastest growing cities in 2004. A large proportion of local homes were purchased during the recent housing boom using creative financing options that purchasers did not understand were beyond their means. Average home prices in San Diego County declined by 25% in the last year, which is the steepest drop on record. Many homeowners in the region currently owe more than their homes are worth and confront rising balloon payment mortgages that they had expected to afford by refinancing new equity that either vanished or never materialized. In August 2008, Chula Vista’s eastern 91913 zip code had the highest home mortgage default rate in the county with 154 filings and 94 foreclosures, an increase of 154% over one year previously. Regionally, the county saw 1,979 foreclosures in August.

Professionals from the real estate and mortgage industries object to Chula Vista’s response to the crisis for the additional burdens it places on their struggling finances. Said San Diego real estate agent Marc Carpenter, “that kind of measure will add additional costs to banks that have been hit really hard already and ultimately the cost will be transferred down to consumers and investors.” Yet city councils in many communities have been under pressure to do something about increasing numbers of vacant properties. Concentrations of abandoned and neglected homes can attract vandals who hasten the decline of struggling neighborhoods. Jolie Houston explained that city officials “can’t fix the lending problem, but they can try to prevent neighborhoods from becoming blighted.”

HAVE YOUR SAY
Does Chula Vista’s solution save neighborhoods or worsen the financial crisis?
Add or view comments

CEO Robert Klein of Safeguard, a property management firm, told the Union Tribune that his industry is having difficulty adapting to the rapidly changing local ordinances. “Every day we discover a new ordinance coming out of somewhere”, he complained. Dustin Hobbs, a spokesman from the California Association of Mortgage Bankers agreed that uneven local ordinances are likely to increase the costs of lending. Hobbs advised that local legislation is unnecessary due to California State Senate Bill 1137, which was recently approved to address blight. Yet according to Houston, the statewide measure falls short because it fails to address upkeep needs during the months between the time when foreclosure begins and when the lender takes title.

Retrieved from “https://en.wikinews.org/w/index.php?title=Chula_Vista,_California_becomes_model_for_blight_control_laws_in_the_US&oldid=4202756”
Uncategorized

IRA disbands military structure

Thursday, October 5, 2006

The Independent Monitoring Commission has reported that the Provisional Irish Republican Army has undergone major changes within their military structure and shows that the IRA Army Council wants to put its military campaign behind it. The Commission consists of John Alderdice, a former Alliance Party leader; Joe Brosnan, former Secretary General of the Department of Justice, Republic of Ireland; John Grieve, former Deputy Assistant Commissioner of the Metropolitan Police and former head of the Metropolitan Police Anti-Terror Branch; and Dick Kerr, former Deputy Director of Central Intelligence Agency.

The report states the IRA no longer has the capacity to mount a military campaign anymore or return to one. The units that have been shut down were responsible for weapons-making, arms smuggling and training. The IRA decommissioned their arms last year.

The report also mentions that the IRA has also put its criminality beyond use and is “clamping down” on criminals within the organization, said Lord Alderdice, as he presented the report. He also added, “That doesn’t mean that criminal activity by all members has stopped but the leadership has made public statements and internal directions, investigated incidents of breach of the policy, even expelled some members and has emphasised the importance of ensuring that business affairs are conducted in a legitimate way.”

Finally, the report added that there is not enough evidence or intelligence to identify who killed Denis Donaldson, a British spy who infiltrated the IRA and Sinn Fein, before revealing his status as a spy.

However, the report added that splinter groups like the Real IRA (RIRA) and Continuity IRA (CIRA) are still threats and are still continuing their activity. The Real IRA was the group behind the deadly 1998 Omagh bombing. The Irish National Liberation Army (INLA) “was not capable of undertaking a sustained campaign [against the British State], nor does it aspire to” according to the report.

It is also noted the creation of two new organizations, Oglaigh na hEireann (Irish Gaelic for “Volunteers of Ireland” and is used by the Irish Defence Forces and the various IRAs.) and the Republican Defence Army. However, the groups are small dissident factions according to the report.

The report also added that the two loyalist paramilitaries, the Ulster Defence Association (UDA) and the Ulster Volunteer Force (UVF) are also beginning to move from violence but at slower pace and not at a grassroots level like the IRA. Another loyalist paramilitary, the Loyalist Volunteer Force

The report was received warmly by Irish Toaiseach Bertie Ahern and British Prime Minister Tony Blair. Ahern, said “These positive and clear-cut findings are of the utmost importance and significance. It is time to make decisions and for Northern Ireland to look to the future.”

“The IRA has done what we asked it to do, and while issues like policing remain to be solved, the door is now open to a final settlement, which is why the talks next week in Scotland are going to be so important.” said Tony Blair in a live statement.

In a surprising reaction, the notoriously hardline leader of the Democratic Unionist Party, Ian Paisley, also welcomed the report. He believes that his party’s pressure is working and if Sinn Fein signs up to policing there could be a deal. Paisley said, “If the police question is settled absolutely on a democratic basis and principle we would have come a long way along the road.”

Sinn Fein leader Gerry Adams said “The DUP don’t have anything other than very limited options. They will or will not participate in power-sharing arrangements. If they don’t participate they are condemning people here, but particularly their own constituents, to second class public services, run by second class fly-in, fly-out British ministers. All the DUP can do is to delay, is to attempt to slow down, but they can’t stop the process of changing.”

Retrieved from “https://en.wikinews.org/w/index.php?title=IRA_disbands_military_structure&oldid=4511284”
October 1, 2020 Air Conditioning Servicing

Florida Has Several Reputed Air Conditioning Companies At Various Locations

Florida has several reputed Air Conditioning companies at various locations

by

John_usersight

Florida is a large state that is endowed with development through its many small and large towns spread all over. Therefore and in view of the climatic conditions the state of Florida takes pride in having professional air-conditioning companies who cater to the much needed climatic control of the residents, commercial undertakings, government offices and institutions, shopping centers etc. The companies handling

air conditioning Delray Beach Florida

and its neighbor at Greenacres in the Palm Beach County ensure a comfortable living and working environment in the hot and humid climate of this southern state. This is the reason why a multitude of first time visitors and business events tend to repeat their patronization in Florida!

[youtube]http://www.youtube.com/watch?v=vDtT6hSpV4s[/youtube]

The most reputed air conditioning ventures are spread out in state offering equipment and services that are world class and prompt for the necessary climatic control against the vagaries of the weather. One only needs to pick up the telephone guide or browse on Internet to find one or the other expert organizations that either have a branch office or are able to reach your locale in minimum time to assist in all air control problems and emergencies. You will be able to procure the most sophisticated and modern appliances and equipment that will assure you of a comfortable and soothing environment in your area. Air conditioning is an activity that encompasses the most sophisticated air control principles available to mankind and one must properly understand the most common everyday functions by consulting the experts and manufacturers of such equipment. The Palm Beach County in Florida houses some of the top air conditioning companies of America and they along with many technical experts provide the best advice one can get in climatic control systems currently available in the market.

Any Greenacres

air conditioning company

is able to offer the expert advice on any air control jobs where you can approach and finalize your requirements of the much desired and much needed climatic control in Florida. The easiest way is to browse the websites of climatic engineers on the Internet and carry out a comparative review of the many services and costs of installing proper air conditioning equipment and systems.

For more information on

air conditioning Delray Beach Florida

you can visit our website.

Article Source:

ArticleRich.com

September 30, 2020 Uncategorized

Category:Euro

This is the category for the euro, the official currency of the eurozone countries.

The currency sign for the euro is .

Refresh this list to see the latest articles.

  • 21 May 2016: Lord Howard and Alistair Darling address Confederation of British Industry on EU referendum
  • 1 September 2012: China leads medal race after day two of competition at London Paralympics
  • 15 July 2011: Euro reaches new lows
  • 13 May 2010: Five hundred Euro note withdrawn from sale in UK
  • 5 May 2010: Euro reaches one-year low against US dollar
  • 3 March 2010: Euro reaches ten month low against US dollar
  • 7 November 2008: Danish PM pushes for new referendum on euro
  • 1 January 2008: Cyprus and Malta adopt the euro
  • 10 July 2007: Cyprus and Malta to adopt the euro
  • 2 January 2007: Slovenia adopts euro
?Category:Euro

From Wikinews, the free news source you can write.

Sister projects
  • Commons
  • Wikidata
  • Wikipedia
  • Wikiquote

Pages in category “Euro”

Retrieved from “https://en.wikinews.org/w/index.php?title=Category:Euro&oldid=4394648”
September 29, 2020 Uncategorized

Colleges offering admission to displaced New Orleans students/AL-KY

See the discussion page for instructions on adding schools to this list and for an alphabetically arranged listing of schools.

Due to the damage by Hurricane Katrina and subsequent flooding, a number of colleges and universities in the New Orleans metropolitan area will not be able to hold classes for the fall 2005 semester. It is estimated that 75,000 to 100,000 students have been displaced. [1]. In response, institutions across the United States and Canada are offering late registration for displaced students so that their academic progress is not unduly delayed. Some are offering free or reduced admission to displaced students. At some universities, especially state universities, this offer is limited to residents of the area.

Retrieved from “https://en.wikinews.org/w/index.php?title=Colleges_offering_admission_to_displaced_New_Orleans_students/AL-KY&oldid=527583”
September 28, 2020 Uncategorized

Category:October 15, 2005

? October 14, 2005
October 16, 2005 ?
October 15

Pages in category “October 15, 2005”

Media in category “October 15, 2005”

Retrieved from “https://en.wikinews.org/w/index.php?title=Category:October_15,_2005&oldid=1091037”
September 27, 2020 It Services

Suggested Topics For Dissertations And Thesis Research Projects In Information Technology Security, Services And Governance Frameworks

By Sourabh Kishore

The fields of IT Security, IT Governance and IT Services Management are excellent grounds for academic researchers to undertake their dissertation and thesis research projects. The researches can result in very practical outcomes given that the standards, frameworks and best practices pertaining to these fields are widely implemented in organisations across the world.

The dissertation/thesis projects in the fields of IT Security, IT Services and IT Governance shall essentially comprise of studies on world class standards, frameworks and best practices that are widely accepted and implemented in organisations. Students may like to conduct case studies in organisations where these standards, frameworks and best practices are implemented or else conduct interviews or surveys among thousands of IT security professionals across the world that are connected via community groups on social networking websites (Like Linkedin, Plaxo, Google Groups, etc.). The culture of sharing knowledge in the world of IT security is excellent because the security controls, threat management and best practices can be established effectively by practicing organized knowledge sharing only. The IT security, services and governance consulting companies support academic researches whole heartedly to prepare the young minds for the future challenges such that the acute shortage of human capital in these fields can be addressed. In this article, I recommend the following standards and frameworks in which hundreds of topics pertaining to dissertations and thesis research projects can be developed.

(a) NIST (US Department of Commerce) Recommendations: As per NIST recommendations, all the critical IT systems should be categorized at the first place such that the risks to these systems can to be identified, assessed and recorded. Thereafter, appropriate mitigation actions can be taken to reduce them to acceptable levels by either reducing the vulnerabilities (applying controls), by avoiding the risks (disallowing activities that can cause risks) or by transferring the risks to third parties (like outsourcing the controls to specialist security agencies). This entire process has been termed as IT Risk Management by NIST which is now regarded as the baseline for the industry. It requires management commitment and assignment of security roles to strategic business process owners in the organization. NIST recommends that the key roles that should contribute to IRM should be Senior Management, Chief Information Officer, System/Information owners, Business Managers, Functional Managers, IT Security Officers, Security Awareness Trainers, and Internal Auditors. The risk assessment recommended by NIST is a nine step structured analytics procedure that should be carried out by the key roles such that the outcome can be collated to form an organization wide risk registry.

(b) ISO 27005 Standard: The ISO 27005:2008 is the formal replacement of ISO 13335-3 & ISO 13335-4:2000 which essentially recommends a 100% metrics based evaluation of all the steps of risk assessment described in ISO 13335-3 using quantitative techniques. This standard considers Risk Management, Configuration Management and Change Management as part of an integrated framework to deliver IT security in an organization. The risk management framework recommended by this standard can be viewed as a model comprising of “concentric spheres” with the information assets placed at the core of the model, vulnerabilities prevailing at the sphere above the core, controls applied over the vulnerability sphere and threats prevailing at the periphery of the model. This model was originally part of ISO 13335-3 that represents an environment of threats changing continuously thus changing the risk baselines (residual acceptable risk level) of the organizations. Hence, periodic assessment of the effectiveness of controls is required such that the vulnerabilities are not exploited by the emerging external or internal threats to affect the information assets.

(c) ISO 27002 Standard: The ISO 27002:2008 standard was formerly known as ISO 17799:2005 code of practice for information security that was used as the supplement document of ISO 27001:2005 standard which is the largest framework of standards describing Information Security implementation in an organization. The ISO 27002:2008 standard recommends the practices documented in ISO 13335-3 which essentially is a wider framework of Information Security because it covers the impacts in terms of confidentiality, integrity, availability, accountability, authenticity and reliability. Unlike “system characterization” recommended as the starting point by NIST, this standard recommends “asset characterization” as the starting point which includes tangibles as well as intangibles. The asset characterization is carried out by assuming that anything that is critical for the business to produce the products & services and retain customers as well as market share is treated as critical asset for the organization. It may be the systems (IT Systems, power systems, admin systems, etc.), people, documents, records, databases, applications, intellectual properties, etc. thus forming a much wider coverage of subjects on which the risks analysis needs to be carried out. The threat & vulnerability analysis is carried out employing steps that are similar to NIST recommendations but the impact analysis is carried out based on multiple business impacts categorized by the business stake holders – like financial loss, business loss, customer loss, market share loss, key people loss, premises loss, intellectual property breaches, regulatory breaches, productivity loss, inventory loss, etc. Protection against such losses is the direct interest of business stake holders and hence the topmost priority of the risk management teams. The final stages of risk analysis, control analysis, and control recommendations are similar to those of NIST recommendations. This framework also recommends periodic control effectiveness testing which is recommended by NIST in their special publication 800-115 released in 2008.

(d) The COBIT Framework: The COBIT (Control Objectives for Information and Related Technology) framework is developed by IT Governance Institute which is a community of expert developers and reviewers from IT governance field that have contributed to the framework to arrive at the best practices published in its current form. The IT Governance Institute comprises of board of trustees, IT governance committee, COBIT steering committee, advisory panel and affiliates & sponsors. The framework is a wonderful effort of putting together all the best practices of IT governance & Risk Management which organizations can adopt to support their Business Governance & Risk Management frameworks effectively. The COBIT framework helps in effective alignment of IT systems & processes with business requirements such that the business risks due to IT enablement can be effectively mitigated.

(e) CRAMM Framework: CRAMM is the Risk Management Methodology developed the Central Computing and Telecommunications Agency (CCTA) which is based on qualitative methods of risk analysis. In this mechanism the steps called ‘asset identification & valuation’, ‘identification & assessment of threat & vulnerability’, ‘identification of security measures’, ‘identification of risks’ and ‘identification & assessment of risk mitigation’ are carried out using structured questionnaire defined by the CRAMM framework. Each question has either ‘yes’ or ‘no’ answer and the scores are collated by counting the numbers of ‘yes’ and ‘no’ responses which is done automatically by the CRAMM system. If the target respondents of the CRAMM questionnaire are selected very carefully (like asset owners, IT administrators, application engineers, database administrators, etc), then CRAMM can result in accurate identification & mitigation strategies of IT risks.

(f) OCTAVE Framework: OCTAVE is the abbreviation for ‘Operationally Critical Threat, Asset and Vulnerability Evaluation’ which is a model developed by Carnegie Mellon University. This framework takes into account operational risk, security practices and technology and leverages the existing knowledge of vulnerabilities within an organization. The assessment is carried out in three phases – ‘development of asset based threat profiles’, ‘identification of infrastructure vulnerabilities’ and ‘building security strategies & plans’. The first phase requires an organizational view whereas second phase requires technological view. The OCTAVE assessment criteria is self driven without the need for external experts to guide the organization. Just like CRAMM it is a self guided process but is carried out by few experts in the company that have extensive knowledge of IT systems in the company whereas CRAMM is carried out by all asset owners of the company. One good aspect about OCTAVE is that it captures the knowledge of threats to business and internal weaknesses from the people at all levels and then uses the knowledge to develop the asset based threat profiles. This ensures that the risk assessment is very close to the people’s perspective of threat exposures of the business and not based on some kind of threat database purchased from external consultants.

[youtube]http://www.youtube.com/watch?v=EzDzQ3-Vfbs[/youtube]

(g) FRAP Framework: Facilitated Risk Management Process (FRAP) is the framework which essentially takes into account prioritized threats and asset vulnerabilities that can potentially cause maximum damage to the business. This again is a qualitative approach and is popularly known as “four hour risk assessment”. FRAP is not accepted by many organizations because the threat perceptions do not allow scaled down list of assets, threats and vulnerabilities to be addressed. However, this is an effective framework given that the 80-20 rule applies in risk management as well – i.e., 20% threats cause 80% of the damages.

(h) ITIL version 2 and version 3 Frameworks: ITIL versions 2 and 3 are publications by the Office of Government Commerce (OGC) UK. They are end to end IT service management frameworks that can effectively align the IT services of an organization to business requirements at the operations level. ITIL version 2 is very popular due to its wide implementation base across the world in many countries. It has two major disciplines – IT Service Support and IT Service Delivery. The IT Service Support discipline comprises of the Service desk function of an organization and five management functions – Incident management, Problem management, Change management, Release management and Configuration management. These management functions are also included in ISO 27001 and ISO 20000 standards as well as in COBIT framework. The IT Service delivery discipline comprises of five management functions as well – Service Level management, Capacity management, Availability management, IT Financials management and IT Business Continuity management.

The ITIL version 3 is much wider framework compared to ITIL version 2. It comprises of five disciplines as against two in the version 2: Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement. There are many new management functions included in ITIL version 3 in addition to the ten functions recommended by ITIL version 3. This is a new framework and hence the global roll out is evolving gradually. The students can find vast opportunities of research in both these areas in the form of Phenomenography or case studies.

(i) Val IT: This is the latest framework developed by IT Governance Institute that can be seamlessly integrated with the COBIT framework. This framework can be implemented to tangibly demonstrate the value of IT investments to the Business. This framework has not yet been researched by academic researchers and hence offers an entirely new world of opportunities.

(j) ISO 27001: This is the mother of all standards in Information Security Management System (ISMS). No standard possesses such wide coverage as offered by ISO 27001 in the field of IT Security. The purpose of ISO 27001:2005 is to guide an organization on the level of ISMS implementation feasible as per the business needs. It guides the organization to implement a structured Information Security Management System with an approach of Risk Assessment & Business Impact Analysis that incorporates world class best practices in management of the existing systems running in the organization in the form of a structured Framework. The Framework includes:

— Adequately documented and implemented Security Policy(ies) and Procedures.

— Asset Master comprising of ALL critical Information Assets.

— Risk Assessment and Business Impact Analysis Worksheets.

— Risk Treatments Plans and Reports.

— ISMS Management and Operations Group with detailed roles.

— ISMS Operating Manual with Statement of Applicability.

— ISMS Operating Procedures, activity log-sheets and reports.

— ISMS Security Procedures pertaining to every operating area.

— Access Control Policies and Procedures for all the Information Processing and Storage Facilities.

— Incident, Problem, Change, Release, Configuration, Capacity & Availability Policies and Procedures.

— Detailed Implementation of the 133 Normative controls as defined in Annexure A of BS ISO/IEC 27001:2005.

— Internal and External Audit Procedures, audit sheets and corrective/preventive actions.

— Information Classification, Transit, Storage and Destruction Policies & Procedures.

— Disaster Recovery Plan and Procedures.

— Business Continuity Plan and Procedures.

About the Author: The Author is an IT Systems, IT Services/Governance, Information Security, and Telecommunications Research Analyst. Interest Areas – WiMax, LTE, WiFi, LBS, Cloud Computing, Virtualisation, Intrusion Detection and Prevention, Ethical Hacking, ITIL v2 & 3, COBIT, Val IT, MoF, Risk IT, etc.

Research Projects by AuthorResearch Services of Author

Source:

isnare.com

Permanent Link:

isnare.com/?aid=616467&ca=Computers+and+Technology