ACCT4060-06-information_security-2012-student
70 Pages

ACCT4060-06-information_security-2012-student

Course Number: BUSINESS ACCT4060, Fall 2013

College/University: Tsinghua University

Word Count: 4180

Rating:

Document Preview

AccountingInformation Systems InformationSecurity Learning Objectives Discuss how the COBIT framework can be used to develop sound internal control over an organizations information systems. Explain the factors that influence information systems reliability. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security....

Unformatted Document Excerpt
Coursehero >> China >> Tsinghua University >> BUSINESS ACCT4060

Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Course Hero has millions of student submitted documents similar to the one below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Objectives AccountingInformation Systems InformationSecurity Learning Discuss how the COBIT framework can be used to develop sound internal control over an organizations information systems. Explain the factors that influence information systems reliability. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. INTRODUCTION One basic function of an AIS is to provide information useful for decision making. In order to be useful, the information must be reliable, which means: It provides an accurate, complete, and timely picture of the organizations activities. It is available when needed. The information and the system that produces it is protected from loss, compromise, and theft. INTRODUCTION SECURITY AVAILABILITY PROCESSING INTEGRITY PRIVACY CONFIDENTIALITY SYSTEMS RELIABILITY The five basic principles that contribute to systems reliability: 1. Security: control access, the foundation 2. Confidentiality: no unauthorized disclosure 3. Online privacy: personal data protected 4. Processing integrity: accurate, complete, timely manner, proper authorization 5. Availability INTRODUCTION Sarbanes-Oxley requires management to include an internal control assessment using a suitable framework in the companys annual report. INTRODUCTION Suitable framework include: 1. COSO 2. COBIT and 3. Trust Services Framework Information Criteria (COBIT objectives) Effectiveness Information must be relevant and timely. Efficiency Information must be produced in a cost-effective manner. Confidentiality Sensitive information must be protected from unauthorized disclosure. Integrity Information must be accurate, complete, and valid. Availability Information must be available whenever needed. Compliance Controls must ensure compliance with internal policies and with external legal and regulatory requirements. Reliability Management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities. COBIT Process Framework Information Criteria COBIT Process Cycle Management develops plans to organize information resources to provide the information it needs. Management authorizes and oversees efforts to acquire (or build internally) the desired functionality. Management ensures that the resulting system actually delivers the desired information. Management monitors and evaluates system performance against the established criteria. Cycle constantly repeats, as management modifies existing plans and procedures or develops new ones to respond to changes in business objectives and new developments in information technology. Trust Services Framework Trust Services are a set of professional attestation and advisory services based on a core set of principles and criteria that addresses the risks and opportunities of IT-enabled systems and privacy programs. While COBIT is an excellent comprehensive framework for assessing IT controls, a narrower framework complementing the overall COSO model is better Trust Services framework with specific principles and criteria can be used to assess the reliability of a companys IT systems. Trust Services Framework Principles and criteria: Security Access to the system and its data is controlled and restricted to legitimate users. Confidentiality Sensitive organizational information (e.g., marketing plans, trade secrets) is protected from unauthorized disclosure. Privacy Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure. Processing Integrity Data are processed accurately, completely, in a timely manner, and only with proper authorization. Availability The system and its information are available to meet operational and contractual obligations. Security / Systems Reliability Foundation of the Trust Services Framework Management issue, not a technology issue SOX 302 states: CEO and the CFO responsible to certify that the FS fairly present the results of the companys activities. The accuracy of an organizations FS depends upon the reliability of its information systems. Defense-in-depth and the time-based model of information security Have multiple layers of control Managements Role in IS Security Create security aware culture Inventory and value company information resources Assess risk, select risk response Develop and communicate security: Plans, policies, and procedures Acquire and deploy IT security resources Monitor and evaluate effectiveness Managements Role in IS Security Security is a key component of the internal control and systems reliability to which management must attest. As identified in the COSO model, managements philosophy and operating style are critical to an effective control environment. Managements Role in IS Security The Trust Services framework identifies four essential criteria for successfully implementing the five principles of systems reliability: 1. Develop and document policies; considering resources available and cost effectiveness 2. Effectively communicate those policies to all authorized users; including training , sanction of violation Managements Role in IS Security 3. Design and employ appropriate control procedures to implement those policies; at optimal level of investment. 4. Monitor the system, and take corrective action to maintain compliance with the policies; remembering security is a moving target Top management involvement and support is necessary to satisfy each of the preceding criteria. TIME-BASED MODEL OF SECURITY The time-based model of security focuses on implementing a set of preventive, detective, and corrective controls that enable an organization to recognize that an attack is occurring and take steps to thwart it before any assets have been compromised. All three types of controls are necessary: Preventive Detective Corrective TIME-BASED MODEL OF SECURITY Combination of detective and corrective controls P = the time it takes an attacker to break through the organizations preventive controls D = the time it takes to detect that an attack is in progress C = the time it takes to respond to the attack For an effective information security system: P>D+C The model provides management with a means to identify the most cost-effective TIME-BASED MODEL OF SECURITY EXAMPLE: For an additional expenditure of $25,000, the company could take one of four measures: Measure 1 would increase P by 5 minutes. Measure 2 would decrease D by 3 minutes. Measure 3 would decrease C by 5 minutes. Measure 4 would increase P by 3 minutes and reduce C by 3 minutes. Because each measure has the same cost, which do you think would be the most costeffective choice? (Hint: Your goal is to have P exceed [D + C] by the maximum possible amount.) TIME-BASED MODEL OF SECURITY You may be able to solve this problem by eyeballing it. If not, one way to solve it is to assume some initial values for P, D, and C. So lets assume that P = 15 min., D = 5 min., and C = 8 min. At our starting point, P (D + C) = 15 (5 + 8) = 2 min. With Measure 1, P is increased by 5 minutes: 20 (5 + 8) = 7 min. With Measure 2, D is decreased by 3 minutes: 15 (2 + 8) = 5 min. With Measure 3, C is decreased by 5 min. 15 (5 + 3) = 7 min. With Measure 4, P is increased by 3 minutes and C is reduced by 3 min. 18 (5 + 5) = 8 min. DEFENSE IN DEPTH The idea of defense-in-depth is to employ multiple layers of controls to avoid having a single point of failure. If one layer fails, another may function as planned. Information security involves using a combination of firewalls, passwords, and other preventive procedures to restrict access. Redundancy also applies to detective and corrective controls. DEFENSE IN DEPTH Major types of preventive controls used for defense in depth include: Authentication controls (passwords, tokens, biometrics, MAC addresses) Authorization controls (access control matrices and compatibility tests) Training Physical access controls (locks, guards, biometric devices) Remote access controls (IP packet filtering by border routers and firewalls using access control lists; intrusion prevention systems; authentication of dial-in users; wireless access controls) Host and application hardening procedures (firewalls, anti-virus software, disabling of unnecessary features, user account management, software design, e.g., to prevent buffer overflows) Encryption DEFENSE IN DEPTH Detective controls include: Log analysis Intrusion detection systems Managerial reports Security testing (vulnerability scanners, penetration tests, war dialing) DEFENSE IN DEPTH Corrective controls include: Computer emergency response teams Chief Security Officer (CSO) Patch Management Steps in an IS System Attack PREVENTIVE CONTROLS The objective of preventive controls is to prevent security incidents from happening. Involves two related functions: Authentication Focuses on verifying the identity of the person or device attempting to gain access. Authorization Restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform. PREVENTIVE CONTROLS Users can be authenticated by verifying: Something they know, such as passwords or PINs. Something they have, such as smart cards or ID badges. Some physical characteristic (biometric identifier), such as fingerprints or voice. PREVENTIVE CONTROLS Discuss the pros and cons of passwords PREVENTIVE CONTROLS Authorization controls are implemented by creating an access control matrix. Specifies what part of the IS a user can access and what actions they are permitted to perform. When an employee tries to access a particular resource, the system performs a compatibility test that matches the users authentication credentials against the matrix to determine if the action should be allowed. PREVENTIVE CONTROLS User Identification Code Number Password 12345 ABC 12346 DEF 12354 KLM 12359 NOP 12389 RST 12567 XYZ Files A 0 0 1 3 0 1 B 0 2 1 0 1 1 Programs C 1 0 1 0 0 1 1 0 0 0 0 0 1 2 0 0 0 0 3 1 Codes for type of access: 0 = No access permitted 1 = Read and display only 2 = Read, display, and update 3 = Read, display, update, create, and delete 3 0 0 0 0 0 1 4 0 0 0 0 0 1 PREVENTIVE CONTROLS Authentication and authorization can be applied to devices as well as users. Every workstation, printer, or other computing device needs a network interface card (NIC) to connect to the organizations network. Each network device has a unique identifier, referred to as its media access control (MAC) address. It is possible to restrict network access to only those devices which have a recognized MAC address or to use MAC addresses for authorization. For example, payroll or EFT applications should be set only to run from authorized terminals. PREVENTIVE CONTROLS-training Employees should be trained to follow safe computing practices. Train employees about social engineering attacks, which use deception to obtain unauthorized access. Invest in continuing professional education for information security specialists. Keep abreast of recent hacking developments. Top management must also provide support for training: funding, support, enforcement PREVENTIVE CONTROLS -physical access Within a few minutes, a skilled attacker with unsupervised direct physical access to the system can successfully obtain access to sensitive data. Special boot disks exist that, when inserted, provide the person with unfettered privileges and rights on the computer. Keystroke loggers can be installed on the PC through hardware or software, which will capture every one of the authorized users keystrokes, including his ID and password. A diskette with a publicly available utility can be inserted in a PC which will instantly capture any ID number or password that has been entered on that PC, since the time it was last booted. Data can be copied to USB drive. Hard drive can be stolen. PREVENTIVE CONTROLS -physical access Physical access control begins with entry points to the building itself. Once inside the building, physical access to rooms housing computer equipment must be restricted. Access to wiring used in LANs must be restricted to prevent wiretapping. Physical access security must be cost effective. Laptops, cell phones, and PDA devices require special attention. PREVENTIVE CONTROLS -remote access Within a few minutes, a skilled attacker with unsupervised direct physical access to the system can successfully obtain access to sensitive data. Special boot disks exist that, when inserted, provide the person with unfettered privileges and rights on the computer. Keystroke loggers can be installed on the PC through hardware or software, which will capture every one of the authorized users keystrokes, including his ID and password. A diskette with a publicly available utility can be inserted in a PC which will instantly capture any ID number or password that has been entered on that PC, since the time it last was booted. Data can be copied to USB drive. Hard drive can be stolen. Network Access Control (Perimeter Defense) Border router Connects an organizations information system to the Internet Firewall Software or hardware used to filter information Demilitarized Zone (DMZ) Separate network that permits controlled access from the Internet to selected resources Intrusion Prevention Systems (IPS) Monitors patterns in the traffic flow, rather than only inspecting individual packets, to identify and automatically block attacks PREVENTIVE CONTROLS -remote access Dial-up connections Many organizations still allow employees to dial into their network from remote locations. Dial-in access often bypasses the firewalls. It is important to verify the identity of these users. Remote Authentication Dial-In User Service (RADIUS) is a standard method for doing that. Users connect to a remote-access server and submit log-in credentials. The remote-access server passes the credentials to the RADIUS server, which does compatibility tests to authenticate the users identity. PREVENTIVE CONTROLS -remote access The following adequately secure wireless access: Turn on available security features. Most wireless devices are sold and installed with these features disabled. Example: Encryption is usually turned off. Authenticate all devices attempting to establish wireless access to the network before assigning them an IP address. To do this, treat incoming wireless connections as dial-up attempts and route them first through a RADIUS server or other authorization device. PREVENTIVE CONTROLS -remote access Configure all authorized wireless NICs to operate only in infrastructure mode. Forces the device to connect only to wireless access points. Wireless NICs configured in ad hoc mode can communicate directly with any other device that has a wireless NIC. Creates a security threat because it creates peer-to-peer networks with no authentication controls. Use non-informative address for the access points address, called a service set identifier (SSID). SSIDs like "payroll," "finance," or "R&D" are more obvious targets to attack than devices with generic SSIDs like "A1," or "X2." PREVENTIVE CONTROLS -remote access Predefine a list of authorized MAC addresses and configure wireless access points to only accept connections from those MAC addresses. Reduce broadcast strength of wireless access points to make unauthorized reception more difficult off premises. Locate wireless access points in the interior of the building and use directional antennae to make unauthorized access and eavesdropping more difficult. PREVENTIVE CONTROLShardening Information security is enhanced by additional preventive controls on the workstations, servers, printers, and other devices (collectively referred to as hosts) Three areas deserve special attention: End-Point Configuration Disable unnecessary features that may be vulnerable to attack on: Servers, printers, workstations User Account Management Software Design Programmers must be trained to treat all input from external users as untrustworthy and to carefully check it before performing further actions. PREVENTIVE CONTROLSencryption Encrypting sensitive stored data provides one last barrier that must be overcome by an intruder. Also strengthens authentication procedures and plays an essential role in ensuring and verifying the validity of e-business transactions. PREVENTIVE CONTROLSencryption Encryption is the process of transforming normal text, called plaintext, into unreadable gibberish, called ciphertext. Decryption reverses this process. To encrypt or decrypt, both a key and an algorithm are needed. Plaintext This is a contract for . . . Key + Encryption algorithm Key Ciphertext Xb&j &m 2 ep0%fg . . . + Decryption algorithm Plaintext This is a contract for . . . PREVENTIVE CONTROLSencryption Encryption strength Three important factors determine the strength of any encryption system: Key length: longer the better Key management policies: built in master key, key escrow The nature of the encryption algorithm PREVENTIVE CONTROLSencryption Types of encryption systems There are two basic types of encryption systems: 1. Symmetric encryption systems; Use the same key to encrypt and decrypt. Examples: DES and AES. 2. Asymmetric encryption systems Use two keys The public key is publicly available. The private key is kept secret and known only to the owner of that pair of keys. Either key can be used to encrypt. Whichever key is used to encrypt, the other key must be used to decrypt. PREVENTIVE CONTROLSencryption E-business uses both types of encryption systems: Symmetric encryption to encode most of the data being exchanged. Asymmetric encryption to safely send the symmetric key to the recipient for use in decrypting the ciphertext. Asymmetric encryption can also be used in combination with a process called hashing to create digital signatures. PREVENTIVE CONTROLSencryption Hashing Hashing takes plaintext of any length and transforms it into a short code called a hash. SHA-256 creates 256 bit hash regardless of text length. Hashing differs from encryption in that: Encryption always produces ciphertext similar in length to the plaintext, but hashing produces a hash of a fixed short length. Encryption is reversible, but hashing is not; you cannot transform a hash back into its original plaintext. PREVENTIVE CONTROLSencryption Digital signatures Asymmetric encryption and hashing are used to create digital signatures. A digital signature is information encrypted with the creators private key. That information can only be decrypted using the corresponding public key. So successful decryption with an entitys public key proves the message could only have been created by the entity that holds the corresponding private key. The private key is known only to its owner, so only the owner could have created the message. PREVENTIVE CONTROLSencryption Digital signatures PREVENTIVE CONTROLSencryption Successfully using a public key to decrypt a document or file proves that it was created by the entity possessing the corresponding private key. But how can you know whether the entity with the private key is really who they purport to be? Also, how do you get hold of the entitys public key to decrypt it in the first place? If you have the sender provide their public key to you directly, you are not protected from an impersonation. Answers involve the use of digital certificates and the creation of a public key infrastructure. PREVENTIVE CONTROLSencryption A digital certificate is an electronic document, created and digitally signed by a trusted third party. Certifies the identity of the owner of a particular public key. Contains that partys public key. These certificates can be stored on Websites. Browsers are designed to automatically obtain a copy of that digital certificate and use the public key contained therein to communicate with the Website. You can manually examine the contents of a Websites digital certificate by double-clicking on the lock icon that appears in the lower, right-hand corner of the browser window. Digital certificates provide an automated method for obtaining an organizations or individuals public key. PREVENTIVE CONTROLSencryption The term public key infrastructure (PKI) refers to the system and processes used to issue and manage asymmetric keys and digital certificates. An organization that issues public and private keys and records the public key in a digital certificate is called a certificate authority. E-business typically uses commercial certificate authorities, such as Thawte or Verisign. The certificate authority: Hashes the information stored on a digital certificate Encrypts that hash with its private key Appends that digital signature to the digital certificate Provides a means for validating the authenticity of the certificate. PREVENTIVE CONTROLSencryption Digital signatures vs. e-signature Digital signatures use asymmetric keys to sign documents. E-signatures use a cursive imprint of a persons name applied to an electronic document. Both are legally binding like a paper document. PREVENTIVE CONTROLSencryption Effects of encryption on other layers of defense Encryption protects the confidentiality and privacy of the transmission and provides for authentication and non-repudiation of transactions. It also causes some problems. The firewall cannot effectively inspect encrypted packets. So one alternative is to have these packets routed to the DMZ, where they are decrypted and then passed back to the firewall. PREVENTIVE CONTROLSencryption The problem with the preceding approach is that it leaves the incoming packets vulnerable to sniffing attacks and therefore compromises their confidentiality and privacy. Allowing them through the firewall without being encrypted compromises the organizations security. Anti-virus and intrusion detection systems also have difficulty dealing with encrypted packets. Makes it important for the organization to consider these trade-offs in designing and implementing security procedures. DETECTIVE CONTROLS Organizations implement detective controls to enhance security by: Monitoring the effectiveness of preventive controls; and Detecting incidents in which preventive controls have been circumvented. DETECTIVE CONTROLS Actual system use (detective control) must be examined to assess compliance through: 1. Log analysis; process of examining logs to identify evidence of possible attacks, labor intensive 2. Intrusion detection systems (IDS); software with sensors and a central monitoring unit that create logs of network traffic that was permitted to pass the firewall and then analyze those logs for signs of attempted or successful intrusions DETECTIVE CONTROLS IDS sensors are usually located in several places. Most common is just inside the main firewall. Some may be placed inside each internal firewall to monitor the effectiveness of policies governing employee access to resources. Sometimes located just outside the main firewall. Provides means to monitor the number of attempted intrusions that are blocked. Can provide early warning that the organization is being targeted. May also be located on individual hosts to provide warnings of attempts to compromise those systems. DETECTIVE CONTROLS 3. Managerial reports; scorecards, no. of incidents with business impact, % of users who do not comply with password standards, % of cryptographic keys compromised and revoked 4. Periodically testing the effectiveness of existing security procedures; vulnerability scans, which use automated tools designed to identify whether a system possesses any well-known vulnerabilities DETECTIVE CONTROLS COBIT key performance indicators: Number of incidents with business impact Percent of users who do not comply with password standards Percent of cryptographic keys compromised and revoked CORRECTIVE CONTROLS COBIT specifies the need to identify and handle security incidents. Two of the Trust Services framework criteria for effective security are the existence of procedures to: React to system security breaches and other incidents (3.7). Take corrective action on a timely basis (3.9). CORRECTIVE CONTROLS Three key components that satisfy the preceding criteria are: 1.Establishment of a computer incident response team. 2. Designation of a specific individual with organization-wide responsibility for security. 3. An organized patch management system. CORRECTIVE CONTROLS The response team should lead the organizations incident response process through four steps: Recognition that a problem exists Containment of the problem Recovery: backup Follow-up CORRECTIVE CONTROLS Patch management Another important corrective control involves fixing known vulnerabilities and installing latest updates to: Anti-virus software Firewalls Operating systems Application programs CORRECTIVE CONTROLS Patch management is the process for regularly applying patches and updates to all of an organizations software. Challenging to do because: Patches can have unanticipated side effects that cause problems, which means they should be tested before being deployed. There are likely to be many patches each year for each software program, which may mean that hundreds of patches will need to be applied to thousands of machines. New Technologies Virtualization Multiple systems are run on one computer simultaneously Cloud Computing Remotely accessed resources through high bandwidth of telecommunication network Software applications Data storage Hardware Can be private, public or hybrid depending on ownership of the resources New Technologies Risks Increased exposure if breach occurs Reduced authentication standards Opportunities Implementing strong access controls; i.e. multifactor authentication, physical access control, virtual firewall, IPS, IDS, in the cloud or over the server that hosts a virtual network provides good security over all the systems contained therein The controls mentioned are all relevant

Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more. Course Hero has millions of course specific materials providing students with the best way to expand their education.

Below is a small sample set of documents:

Arab Academy for Science, Technology & Maritime Transport - AASTT - 24
- 79.9210102/60/5054.9210102/31/50%04.0-60-Aug ) ( .4.5010102/90/5054.4010102/61/50%09.0-59-Feb )
Amador Valley High - SOCIAL STU - Economics
night.$1,105-$52$1,053Four meals at the Celeste Restaurant at about 650Kc a meal, which is $34$1,053-$136$917To take a long visit at the Prague castle is 350Kc, which is $18$917-$18$899Stay at the Happy Inn Lodge in Interlaken, Switz
Universidad Nacional de Colombia - FIN - 101
ExercisesChapter 1: Self-Review 1-1, 1-2, Exercises #2,#4, #13.(Practice Only, no need to turn in !)1-1
SUNY Albany - BBUS - 400
Policy Questions That Can BeAddressed Using the Theory of the Firm/ Supply andDemand Framework for CSR How Should Managers Allocate Resources to CSR? What is the Relationship Between Productivity andCSR? How Much Are Consumers Willing
Brock University - ECON - 3Q91
ceinterval, would a test of significance at the 5% level support the nullhypothesis that  1 1 ?Using a 5% significance level, use a two-sided test to see if IBM’s beta isequal to 1. State the null and alternative hypotheses clearly and ex
Tsinghua University - BUSINESS - ACCT4060
AccountingInformationSystemsInformationConfidentiality,Privacy,Processing,AvailabilityLearning Objectives Identify and explain controls designed to protectthe confidentiality of sensitive corporateinformation. Identify and explain controls design
Tsinghua University - BUSINESS - bus2040
Principles of MacroeconomicsTutorialChapter 24 Measuring the Cost of Living1.A 10% increase in the price of chicken has a greater effect on the consumer price index thana 10% increase in the price of caviar because chicken is a bigger part of the ave
Tsinghua University - BUSINESS - bus2040
Principles of MacroeconomicsTutorialChapter 23 Measuring A Nations Income1.The production of a luxury car contributes more to GDP than the production of an economycar because the luxury car has a higher market value.2.The contribution to GDP is $3,
Tsinghua University - BUSINESS - bus2040
Principles of MacroeconomicsTutorialChapter 32 Open Economy: Theory1.Government budget deficits and trade deficits are sometimes called the twin deficits becausea government budget deficit often leads to a trade deficit. The government budget deficit
Tsinghua University - BUSINESS - bus2040
Principles of MacroeconomicsTutorialChapter 28 Unemployment and Its Natural Rate1.Unemployment is typically short term. Most people who become unemployed are able tofind new jobs fairly quickly. But some unemployment is attributable to the relatively
Tsinghua University - BUSINESS - bus2040
A MacroeconomicTheory of the OpenEconomyCopyright 2004 South-WesternThe Market for Loanable Fund A nation saving equals its domestic investmentplus its net capital outflow. S = I + NCO The two sides represent the two sides of themarket for loanab
Tsinghua University - BUSINESS - bus2040
The Influence ofMonetary and FiscalPolicy on AggregateDemandCopyright 2004 South-WesternAggregate Demand Many factors influence AD besides monetaryand fiscal policy. In particular, spending by households andbusiness firms determines the overall d
Tsinghua University - BUSINESS - bus2040
The Short-RunTradeoff betweenInflation andUnemploymentCopyright 2004 South-Western35THE PHILLIPS CURVE The Phillips curve shows the short-runtradeoff between inflation and unemployment. If policymakers expand aggregate demand, theycan lower unem
Tsinghua University - BUSINESS - bus2040
Measuring the Costof LivingCopyright2004 South-WesternMeasuring the Cost of Living Inflation refers to a situation in which theeconomys overall price level is rising. The inflation rate is the percentage change inthe price level from the previous p
Tsinghua University - BUSINESS - bus2040
The MonetarySystemCopyright 2004 South-WesternTHE MEANING OF MONEY Money is the set of assets in an economy thatpeople regularly use to buy goods and servicesfrom other people. It can be anything as long as it is accepted bysellers in exchange for
Tsinghua University - BUSINESS - bus2040
Money Growth andInflationCopyright 2004 South-WesternTHE CLASSICAL THEORY OFINFLATION Inflation is an increase in the overall level ofprices. Hyperinflation is an extraordinarily high rate ofinflation. When the overall price level rises, the valu
Tsinghua University - BUSINESS - bus2040
Unemployment andIts Natural RateCopyright 2004 South-WesternUnemploymentThe problem of unemployment is usually dividedinto two categories. The long-run problem - the natural rate ofunemployment The short-run problem - the cyclical rate ofunemploy
Tsinghua University - BUSINESS - bus2040
Open-EconomyMacroeconomics:Basic ConceptsCopyright 2004 South-WesternOpen-Economy Macroeconomics:Basic Concepts Open and Closed Economies A closed economy is one that does notinteract with other economies in the world. There are no exports, no im
Tsinghua University - BUSINESS - bus2040
Measuring a NationsIncomeCopyright 2004 South-WesternMeasuring a Nations Income Microeconomics Microeconomics is the study of how individualhouseholds and firms make decisions and how theyinteract with one another in markets. Macroeconomics Macro
Tsinghua University - BUSINESS - bus2040
Saving, Investment,and the FinancialSystemCopyright 2004 South-WesternThe Financial System The financial system consists of the group ofinstitutions in the economy that help to matchone persons saving with another personsinvestment. It moves the
LSU - FIN - 3717
March 4, 2013MEMORANDUM TO:The Board of DirectorsFROM:Arun LammataSUBJECT:Investment in Zinser Machine, and Net Present ValuesSUMMARY:The question facing the company at this moment in time is whether to invest ourresources into the Zinser machine
LSU - FIN - 3717
Arun LammataFinance 3717 StephensExecutive Summary25 March 2013Summary: On August 15, 2011, Google acquired Motorola Mobility a few months afterit had been spin off into a separate company, for $12.5 billion. Motorola is said to haveover 17,000 pate
LSU - FIN - 3717
Arun LammataFinance 3717 Executive Summary 618 March 2013Facebook IPOBackground: Facebook is an online social networking site that launched in 2003. The companyclaims to have nearly 58% of its over a billion users as active members who are online at
LSU - FIN - 3717
Arun LammataFinance 3717Case Study 3: Krispy Kreme2/17/13Executive Summary: Krispy Kreme was a relatively small doughnut company with a cult-likefollowing up to its large national growth beginning in the 1990s. The company began to grantfranchise ri
LSU - FIN - 3717
Arun LammataFinance 3717Executive SummaryHorniman HorticultureExecutive Summary- Bob and Maggie Brown acquire Horniman Horticulture for about$1,000,000 dollars. They intend to finance their firm conservatively, not taking out loans andpaying off deb
LSU - FIN - 3717
Finance3717NotesMarketEfficiencyWeakformInformationisallpastmarketinformationCantearnabnormalreturnSemistrongformStrongformEugeneFama16:4716:4716:47
LSU - FIN - 3717
ClaudiaBermudezHughHartzogHornimanHorticultureArunLammataJohnathanVillaChanceWahlBackgroundA$1millionrevenuewoodyshrubnurseryincentralVirginia52greenhousesand40acresofproductivefieldsSalesprimarilytoretailnurseriesthroughoutmidAtlanticregionPr
LSU - FIN - 3717
Arun LammataFinance 3717Case Study 2: Bill Miller Value Trust2/4/13Executive Summary: Bill Millers Value Trust mutual fund has outperformed the S&P500 index consistently for over 14 years. His strategy of identifying low price andundervalued stocks
LSU - FIN - 3717
Arun LammataFinance 3717 Stephens29 January 2012Case Study 1: Warren BuffetExecutive Summary: In 2005, Berkshire Hathaway, a large investment firm owned by investor andmultibillionaire Warren Buffett, wants to acquire electric utility PacificCorp thr
LSU - FIN - 3826
Chapter 01 - The Investment EnvironmentChapter 01The Investment EnvironmentMultiple Choice Questions1. The material wealth of a society is a function of _.A. all financial assetsB. all real assetsC. all financial and real assetsD. all physical ass
LSU - FIN - 3826
Chapter 03 - How Securities Are TradedChapter 03How Securities Are TradedMultiple Choice Questions1. The trading of stock that was previously issued takes placeA. in the secondary market.B. in the primary market.C. usually with the assistance of an
LSU - FIN - 3826
Chapter 02 - Asset Classes and Financial InstrumentsChapter 02Asset Classes and Financial InstrumentsMultiple Choice Questions1. Which of the following is/are not characteristic of a money market instrument?A. LiquidityB. MarketabilityC. Long matur
LSU - FIN - 3826
Chapter 07 - Optimal Risky PortfoliosChapter 07Optimal Risky PortfoliosMultiple Choice Questions1. Market risk is also referred to asA. systematic risk, diversifiable risk.B. systematic risk, nondiversifiable risk.C. unique risk, nondiversifiable r
LSU - FIN - 3826
Chapter 06 - Risk Aversion and Capital Allocation to Risky AssetsChapter 06Risk Aversion and Capital Allocation to Risky AssetsMultiple Choice Questions1. Which of the following statements regarding risk-averse investors is true?A. They only care abo
LSU - FIN - 3826
Chapter 05 - Introduction to Risk, Return, and the Historical RecordChapter 05Introduction to Risk, Return, and the Historical RecordMultiple Choice Questions1. Over the past year you earned a nominal rate of interest of 10 percent on your money. The
LSU - FIN - 3826
Chapter 04 - Mutual Funds and Other Investment CompaniesChapter 04Mutual Funds and Other Investment CompaniesMultiple Choice Questions1. Which one of the following statements regarding open-end mutual funds is false?A. The funds redeem shares at net
LSU - FIN - 3826
Chapter 16 - Managing Bond PortfoliosChapter 16Managing Bond PortfoliosMultiple Choice Questions1. The duration of a bond is a function of the bond'sA. coupon rate.B. yield to maturity.C. time to maturity.D. All of these are correct.E. None of th
LSU - FIN - 3826
Chapter 11 - The Efficient Market HypothesisChapter 11The Efficient Market HypothesisMultiple Choice Questions1. If you believe in the _ form of the EMH, you believe that stock prices reflect allrelevant information including historical stock prices
LSU - FIN - 3826
Chapter 17 - Macroeconomic and Industry AnalysisChapter 17Macroeconomic and Industry AnalysisMultiple Choice Questions1. A top down analysis of a firm starts with _.A. the relative value of the firmB. the absolute value of the firmC. the domestic e
LSU - FIN - 3826
Chapter 18 - Equity Valuation ModelsChapter 18Equity Valuation ModelsMultiple Choice Questions1. _ is equal to the total market value of the firm's common stock divided by (thereplacement cost of the firm's assets less liabilities).A. Book value per
Berkeley - PB HLTH - 142
Chapter 5 - Statistical Inference Inote: 0 = 100,1. n = 25 1 = 107 and = 10c = z1 / n + = 1. 645 (10 / 5) + 1002= 103. 29P(X 103. 29) = P(Z 103. 29 10710 / 52) = 0. 96812. c = 2. 326 (10 / 5) + 100 = 104. 6522P(X > 104. 652) = P(Z 104. 56
Berkeley - PB HLTH - 142
Chapter 4 - Probability Distributions1.CasesFamilies012395805025p = [0(95) + 1(80) + 2(50) + 3(25)] / 3(250)= 255 / 750= 0. 3425032. Pi = P(X = k) = ( ) pk (1 p)nkkCasesProbabilityExpected (n Pi )01230.2870.4440.2290.03971.9
Berkeley - PB HLTH - 142
Chapter 6 - Statistical Inference II1.2x = 0. 98Sx = 0. 297S2 = 2. 9684S = 1. 723Sx = 0. 545T=x 0 0. 98 0== 1. 799Sx0. 545t0.95 = 1. 833p-value = 0.532. x = 3. 8462Sx = 0. 0270S2 = 0. 2705S = 0. 5201u0 = 3. 95T=degrees of freedom =
Berkeley - PB HLTH - 142
Chapter 7 - Chi-square Analysisnottreated treated1."+"23total1033+"274067total5050100X2 = n(ad bc)2 / (a + b)(a + c)(c + d)(b + d)= 100[(23(40) 10(27)]2 / (33 50 67 50) = 7. 643X2 = 3. 842,0.95p value = 0. 006,2.Afracture30Btot
Berkeley - PB HLTH - 142
Berkeley - PB HLTH - 142
Berkeley - PB HLTH - 142
Chapter 8 - Linear RegressionWHITEy = 3. 453x = 262. 7n = 10S2 = 394. 011XS2 = 0. 416YSXY = 9. 1567b = 9. 157 / 394. 011 = 0. 023b = 0. 023a = 3. 453 0. 023(267. 7) = 2. 652S2 = 1. 830 / 8 = 0. 229Y|XSY|X = 0. 478S2 = 0. 229 / 3546. 1 = 0.
Berkeley - PB HLTH - 142
Chapter 9 - Correlation1.S2 = 117, 602. 3mS2 = 116, 526. 7 r = 0. 4786fSmf = 56, 025. 7 2.T=0. 4786 0[1 = 1. 724(0. 4786)2 ] / 10p value = 0. 0583.s=12log(1. 479/. 521) = 0. 521a = lower = s 1. 96 * sd = 0. 132b = upper = s + 1. 96 * s
Berkeley - PB HLTH - 142
Berkeley - PB HLTH - 142
Berkeley - PB HLTH - 162
Vaccine Types Toxoids produce antigens that react to pathogens that produce toxinso Cons: booster shots frequent Killed Whole Cell no longer has immunogenic properties, but cells conformation as awhole causes antibodies to be produced; killed by heat,
Berkeley - PB HLTH - 162
Lecture 19 - Diseases of the Eyes, Skin, Soft tissue, Muscle and WoundsDisease of Skin/Soft TissueBacterial-Staphylococcus aureus-Streptococcus pygogenesi-Staph and Strep skin diseases-Acne (Proprionibacterium acnes)Diseases of the EyeBacterial-O
Berkeley - PB HLTH - 162
Lecture 20 - Diseases of the Nervous SystemIncluding the Transmissible Spongiform EncephalopathiesCentral Nervous System brain and spinal cord meninges - membranes covering brain andspinal cord; sheets of connective tissue cerebrospinal fluid - foll
Berkeley - PB HLTH - 162
DiseaseDescription ofetiological agentTransmission (route, vectors,IP: incubation period,communicability)positive ssRNA, fourV: Aedes aegypti andserotypesalbopictus (day biting species)dirty standing water transovarial transmissionDengue Fever
Berkeley - PB HLTH - 162
This document was exported from Numbers. Each table was converted to an Excel worksheet. Allother objects on each Numbers sheet were placed on separate worksheets. Please be aware thatformula calculations may differ in Excel.Numbers Sheet NameNumbers
Berkeley - PB HLTH - 162
Bacterial infectionsDisease NamePlagueBacterialAgentYeseniaPestisReservoir/VectorPathogenesisVirulence FactorsTransmissionDiagnosis/ TreatmentSymptomsEuropean City Rat(urban plague)Vector - fleaBite travel via lymphatic system tolymph nod
Berkeley - PB HLTH - 162
First Name:_ Last Name _ SID #:_ Fall 2012 Public Health Microbiology (PH 162A) The Ghost Map Take Home Exam Carefully read the instructions for each category of questions. A. Matching Questions
Berkeley - MCB - 32
MCB 32 - Midterm 2 Key and Point DistributionFill In1. Up-regulation2. Vitamin D parathyroid hormone not accepted (question specifically says direct)3. Thyroid Hormone, TH, T3, etc.4. Tropomyosin ATP not accepted5. Optimal length point for synonym (
Berkeley - MCB - 32
Name\( -fSID numberSection (day and time)MCB 32EXAM 1BSEPT.27,20llPrint your name, SID and discussion section on this page AND on the Scantron.Bubble in your SID number on the Scantron.Mark whether the exam is 1A or 18 on the Scantron.Answer the
Berkeley - PHYSIC 8B - 8B
University of California at BerkeleyDepartment of PhysicsPhysics 8B, Spring 2008, Section 1Midterm 1March 6, 2008You will be given 110 minutes to work this exam. No books are allowed, but you mayuse a handwritten formulae sheet no larger than one si
Berkeley - PHYSIC 8B - 8B