Free Essay

Network Sec

In: Science

Submitted By bslabs
Words 2079
Pages 9
Network Security Policy Practices Every company or corporation with a computer network that has valuable assets stored has a well planned network security policy in place. A network security policy is defined as a manuscript that defines the regulations for computer network admission identifies policies and how they are enforced, and gives a basic layout of proper security procedures. Without a policy to prepare, prevent and respond to security breaches, reliability of the network could be compromised. Basic beginning steps to implementing a security policy, or preparing, include accessing the jeopardy to the network and creating a response panel. Next we look at the continuation, or prevention, of the network which consists of monitoring the network for violations and a security change management practice for when the policy needs to be updated. The final step for the policy is the review process which goes over past events and incidents, and implementing modifications to the existing policy to adapt these breaches. Each of these steps is essential to the integrity and continuation of a secure network and must be subject to constant observation and change. New types of viruses and attacks are dreamed up on a daily basis, and we need to be prepared to prevent and respond as quickly as possible in order to provide network availability to company employees and needs. Preparation is the groundwork in handling the security measures for a security policy and provides a starting point for an IT team to work with. The preparation stage includes three main components: construction of a usage policy, completion of a risk analysis, and creating a security team. When the usage policy is created, it states each user group and its roles and duties with regards to the network’s security. This can start out as just a broad policy that breaks down the users into specific groups. The first group will be the general, or basic, user group which has a general comprehension of the policy, the purpose it provides, and outlines how to improve security and security duties. In other words, this group is usually reserved for non-IT users that do not have any administrative authority to network systems. Any operations that can result in disciplinary action against an employee are clearly defined, as well as how to avoid said action, in the usage policy. The next usage policy to establish is a partner acceptable use statement, which outlines the information accessible to the group, expected discloser of such data, and the conduct of the staff. Also explained in this statement are specific attacks that have been identified as security threats and the discipline that will result if an attack is detected. The last acceptable use statement is the administrator, which defines the measures for other user account administrative tasks, privilege review, and enforcement of policies.
After the usage policies are defined and in place, the next order of business is to identify hazards to any and all parts of the network to include its resources and archived information. The risk analysis is intended to address sections, provide a threat rating to the individual sections, and implement a specific level of protection. This will provide a balance, or check sum, among security and necessary accessibility to the network. The three risk categories for the analysis are low, medium, and high risk priorities. Low risks describe that the systems or data that have been corrupted will not hinder normal activities or be the cause of any financial or legal situations. When a medium risk is placed on equipment or data, there is a good chance that it will cause a reasonable interruption to business, slight legal or financial situations, and could lead to further access to other systems within the network. The target area will most likely require moderate effort to restore the system or data integrity within the network. The last and most dangerous risk level is high, which describes the equipment or records will reason severe interruption in production, rigorous financial or legal problems, provide a way to access other systems, or even threaten the well-being of personnel. The besieged system or information would call for a swift and considerable attempt to reverse the damage that has been done. Some examples of systems that need to be assigned risk intensity include: core network devices, distribution network devices, network security devices, access network devices, e-mail systems, desktop computers, all servers, ECT. Such devices that can cause extreme disruptive failure need to be recorded as a medium or high risk device include: switches, DNS servers, DHCP servers, and routers because of the corruption of these devices can cripple the entire network. Once the risk levels have been assigned, the types of users that will be using the systems need to be identified. There are 5 common users that are established by most companies, which are as follows: 1. Administrators are internal users that are responsible for network resources a. Are responsible for configuration of high risk systems and usually have access to all system administrative actions. 2. Privileged are internal users that need greater access than general users 3. Users are internal users that need only general access to systems 4. Partners are external users with need to access some resources 5. Others are external users or customers
The last stage of prevention is establishing a structured security team. This is a multi capable security squad that is guided by a Security Manager, and is comprised of members from the individual sections of the organization’s operational areas. These representatives need to be conscious of the security policy as well as the basic technical aspects of the network blueprints and implementation. Practices include the actual risk analysis, as oppose to review, the consent of security amend needs, and the reviews all security infractions. Finally the last area of the team structure is the response group. These individuals do the physical trouble shooting and correction of violations, while monitoring the network, which usually involves virtual machine software to provide a real time picture of what is happening. Each member should know individual responsibilities and the team’s as a whole, as defined by the security policy.
Once the preparation stage has been established, the next major step in creating the security policy is the prevention section. This stage can be described as two distinct measures, which are the approval of security modifications and monitoring the network for security violations. Security amends can be described as modifications to network equipment that prove to have a positive impact on the collective security of the network. Every organization will have their own set of unique requirements and need to be written in non-technical terms so that non IT members can easily understand the policy. After reviewing specific network configuration and design issues the team can create and implement required changes to the security policy. The security team does not necessarily need to review all changes but the gaps in security that generate enough risk to the network will receive a priority in implementation. Some examples that the team review include any changes in the following: access control lists (ACL), Simple Network Management Protocol (SNMP) configuration, firewall configuration, and software which is different as of the accepted software alteration catalog. Also a few guidelines that are good to go for network devices are changing passwords regularly, restricting access to an accepted record of persons, and ensuring that software of devices are in regulations with the security configuration requirements. Usually a security team representative will attend change management approval meetings to monitor all changes and deny changes that are not permitted by the security panel.
The other section of the prevention stage is the monitoring of the network security. This can be thought of as comparable to network monitoring, except it is centered on detecting changes in the network that can pose a security threat or violation. With the risk analysis and establishment of approved security changes an idea can be developed on what needs to be monitored and how often. The high risk network devices, such as firewalls, need to be monitored in real time, while others do not necessarily need such monitoring techniques. The security policy ought to define the manner in which the security team is alerted by infractions. Usually the network software initially discovers an infringement and alerts the operation center. The security team is then informed, by pager for example, to go out and resolve the situation.
The last stage of creating a network security policy is the response to security threats and violations. The response stage is dispersed into three distinct parts which are security infringements, restoration, and evaluation. When a breach or violation is discovered, a quick decision can be the determining factor for the ability to defend network equipment, knowing degree of the damage, and recovering back to ordinary function. Having a policy to respond to intrusions helps make decisions ahead of time, this will make the recovery process much more manageable. As soon as the violation is noticed, the security team is notified and follows the security policy to handle the situation. Once the team is aware of the attack, they must decide on what corrective actions should be taken in order to stop and repair the damage. Some basic actions for response is implementing changes to prevent further attacks, isolating effected systems, contact ISP provider to trace attack, use of records to collect evidence, contact authorities, restore systems according to priority list, and notifying management and other authorized personnel. Next any changes able to be carried out with no executive consent in the security policy must be carefully detailed. To verify the degree of the breach, records of the incident such as network packet traces, duplicates of log records, catalog of modern user accounts and system connections must be made. Also to isolate compromised systems disable inactive accounts, terminate network equipment and disconnecting from the internet can limit the damage. Backing up the systems files of the compromised equipment so that a thorough examination of the damage and technique of assault in addition to looking for further symptoms of corruption is the next step. Maintaining and reviewing security device and network monitoring log files is a couple of the final actions to acquire clues to how far the violation has gone. If legal action is a possibility, then have a legal division review the data and work with law enforcement to take action.
The restoration stage of responding to a violation is the return of typical operations and is the main and ultimate objective of any breach in defense. The security policy should be followed in order to carry out, secure, and create standard duplicates. Because every system has its individual measures for backups, the policy must be flexible in explaining how each system should be handled. Finally, detailing all system security environments that call for reinstatement from the backup endorsement is necessary to restore the integrity of the network and systems.
Review is the final step in the response stage and final step in the whole security policy practice. The three objectives that need review are policy, posture, and practice. One major aspect of a security policy is to understand that it is a living document that needs constant change and modification to keep it current and continue to protect the network. To help ensure this, constant review of the policy against known best practices, is a must in order to keep the network up to date. Also hiring outside firms that conduct penetration testing actions against the network can provide further insight to vulnerabilities to the network. This will analyze the overall security of the network as well as the response of the security team, which can be done on an annual basis. Practice like these will help and continue to give insight into new types of attacks and help prevent breaches against such attacks.
In conclusion, a good security policy includes three essential stages which are preparation, prevention, and response. The preparation stage contains building usage policy declarations, performing of a risk analysis, and the set up of a security team structure. Prevention is the approving of security adjustments and supervising of network functions. The final response stage is actions to be taken when security violations occur, restoration of the network, and review of the incidents to help prevent future attacks. These all combine to make up the much needed security policy for networks all around the world.

Similar Documents

Free Essay

Sec 402 Wk 8 Assignment 2 Implementing Network

...SEC 402 WK 8 ASSIGNMENT 2 IMPLEMENTING NETWORK To purchase this visit here: http://www.activitymode.com/product/sec-402-wk-8-assignment-2-implementing-network/ Contact us at: SUPPORT@ACTIVITYMODE.COM SEC 402 WK 8 ASSIGNMENT 2 IMPLEMENTING NETWORK SEC 402 WK 8 Assignment 2 - Implementing Network and Personnel Security Measures Write a four to five (4-5) page paper in which you: 1. Create an information flow diagram, using Visio or Dia, which: a. Illustrates how remote users will securely connect to the government agency’s network. b. Illustrates the patch of network devices that data packets must travel to get from server to remote user’s device and back to server. Note: The graphically depicted solution is not included in the required page length. 2. Provide an equipment list of network security devices that would be needed to ensure the integrity and sensitivity of private information. In this list: a. Propose at least two (2) vendor brands per each device and the associate costs required to procure these items. b. Identify the functionality each device serves and the expected benefits the government agency should experience upon the successful installation of this equipment. 3. Develop a maintenance plan that should be recommended to the government agency to ensure having the latest security measures available within the network in which you: a. Describe the risks associated with not fulfilling the activities outlined within your maintenance plan...

Words: 832 - Pages: 4

Premium Essay

Sec 402 Wk 8 Assignment 2 - Implementing Network and Personnel Security Measures

...SEC 402 WK 8 Assignment 2 - Implementing Network and Personnel Security Measures To Purchase Click Link Below: http://strtutorials.com/SEC-402-WK-8-Assignment-2-Implementing-Network-and-Personnel-S-SEC4024.htm SEC 402 WK 8 Assignment 2 - Implementing Network and Personnel Security Measures The security consulting firm that you work for has been awarded a contract to implement a new IT Security Infrastructure to secure the Information Technology data assets of a local government agency. This agency has many remote workers that are in the field and need to connect back to the agency’s system servers. The remote workers use a wireless network infrastructure to connect their electronic pads to servers located within the local government’s facility. The remote workers have needs to access property records, cite zoning violations electronically, and validate building permits. The public demand to expand IT services has grown faster than its ability to provide an adequately secured infrastructure. In fact, this government entity was previously featured on the news for having minimal security controls and methods for accessing property tax information of citizens. The inadequate security allowed many construction trade businesses to illegally access property records and zoning violations. Your role in this project is to enhance and optimize the security mechanisms for accessing these systems. Write a four to five (4-5) page paper in which you: 1. Create an information...

Words: 415 - Pages: 2

Premium Essay

Getting Started with Research Cases

...resources available for you to conduct research, download financial statements, and increase your general knowledge about current accounting issues. In Cases 2 and 3, you will solve unstructured problems like you will do in the real-world. 2. HOW DO I USE THE DATABASES? Download the Accounting Research Handbook that is now available on WebCampus. Included in this booklet are detailed instructions on how to use these databases. This handbook will give you enough information to get you started. (The following pages may be turned into me – you do not need to type up your responses in a separate document. If you are working with a partner, make sure BOTH of your names appear on the assignment). ACCOUNTING RESEARCH CASE 1 – PART A: SEC EDGAR DATABASE This first exercise involves EDGAR, the SEC’s database. You will use EDGAR to find out information about one company. Your company is based on the first letter of your last name. Using the table below, determine which company you are assigned. At the EDGAR home page (www.sec.gov), go to “Company Filings Search” under the heading “Filings.” On the new screen, search by company name (EDGAR is picky about the exact form of the company name, so you may want to click the “contains” button.)...

Words: 1137 - Pages: 5

Premium Essay

Cost of Capital for Coff Computer, Inc.

...The Cost of Capital for Goff Computer, Inc. BUS650: Managerial Finance (MAH1209A) Dr Charles Smith March 18, 2012. The Cost of Capital for Goff Computer, Inc.: 1. Most publicly traded corporations are required to submit 10Q (quarterly) and 10K (annual) reports to the SEC detailing their financial operations over the previous quarter or year, respectively. These corporate fillings are available on the SEC Web site at www.sec.gov. Go to the SEC Web site, follow the “Search for Company Filings” link, the “Companies & Other Filers” link, enter “Dell Computer,” and search for SEC filings made by Dell. Find the most recent 10Q and 10K and download the forms. Look on the balance sheet to find the book value of debt and the book value of equity. If you look further down the report, you should find a section titled either “Long-term Debt” or “Long –term Debt and Interest Rate Risk Management” that will list a breakdown of Dell’s long-term debt. Answer:          The book value of a company's equity is the same as stockholder's equity, which can be computed by subtracting the total value of liabilities from total assets. (Total Assets) = (Total) Liabilities + Stockholder's Equity (book value of equity). Stockholder's Equity (book value of equity) = Total Assets –Total Liabilities. The book value of the company’s liabilities and equity was found from the site http://www.sec.gov . I found Dell’s Form 10K, dated January 28, 2011, and snap shot is attached here with. Dell’s...

Words: 1887 - Pages: 8

Free Essay

Mmmmmmmmmm

...Perceptual Map Situation Analysis The Situation Analysis will help your company understand current market conditions and how the industry will evolve over the next eight years. The analysis can be done as a group or you can assign parts to individuals and then report back to the rest of the company. An online version of the Situation Analysis is available in the Getting Started area. (customers want better performing products) and for size is -0.7 (customers want smaller products). At the end of Round 1 the center of the Traditional segment will have a performance of 5.7 and a size of 14.3. 5.0 + 0.7 = 5.7 and 15.0 - 0.7 = 14.3 Table 2 displays the segment center locations at the end of each round. Print the Perceptual Map Form in the Industry Conditions Report then use Table 2 to find the location of each segment center for Rounds 1 through 8. Mark the approximate locations on the form (see the example in Figure 1). Remember, the locations in Table 2 are the centers of the segment circles, not product positions. Product positions are reported on page 4 of The Capstone Courier. The exercises require two reports: The Industry Conditions Report and The Capstone Courier, which are available from the website’s Reports link. The Courier is also available from the Capstone Spreadsheet’s Reports menu bar. The Courier available at the start of Round 1 displays the results for Round 0, when all companies are equal. If you access the report from the website, use the Round 0...

Words: 2822 - Pages: 12

Free Essay

Google's Business Case

...is encapsulated in the SEC filing statement “to organize the world’s information …. and make it universally accessible and useful”. Google explains that it believes that the most effective, and ultimately the most profitable, way to accomplish our mission is to put the needs of our users first. Offering a high-quality user experience has led to strong word-of-mouth promotion and strong traffic growth. Read further details on the culture and ethics of Google in their Ten Things Manifesto. Notable tenets of the Google philosophy are: Focus on the user and all else will follow. It's best to do one thing really, really well. You can make money without doing evil (the founders are well known and chastised for making this statement). Putting users first is reflected in three key commitments illustrated in the Google SEC filings: “1. We will do our best to provide the most relevant and useful search results possible, independent of financial incentives. Our search results will be objective and we will not accept payment for inclusion or ranking in them. We will do our best to provide the most relevant and useful advertising. Advertisements should not be an annoying interruption. If any element on a search result page is influenced by payment to us, we will make it clear to our users. We will never stop working to improve our user experience, our search technology and other important areas of information organization”. In the Google Annual SEC filings (the best source...

Words: 410 - Pages: 2

Premium Essay

Netw320

...have both sets of results. Expand DB Query and Select DB Query Response Time (sec). Hit the Show button. Zoom into the last half portion of the graph for better granularity and to avoid start up oscillation time to stabilize. Copy and label this graph to your lab report and answer the following: 1.) Which run has a better (lower) DB Query Response time? The scenario that runs the silence suppression (red line on my lab) has the best DB query response time. 2.) In regard to your answer to part a, approximate how much faster (in seconds or milliseconds) of a response time the better scenario has. The faster scenario that runs silence suppression is approximately 0.2 seconds faster. 2. Expand E-mail and select Download Response Time (sec). Select Show and zoom into the last half portion of the graph for better granularity and to avoid start up oscillation time to stabilize. Copy and label this graph to your lab report and answer the following: 3.) Which run has a better (lower) e-mail Download Response time? The scenario that runs the silence suppression (red line on my lab) has the lower email download response time. 4.) In regard to your answer to part a, approximate how much faster (in seconds or milliseconds) of a response time the better scenario has. The scenario that runs silence suppression is approximately 0.4 seconds faster. 3. Expand HTTP and select Page Response Time (sec). Select Show and zoom into the last half portion of the graph for better granularity...

Words: 1098 - Pages: 5

Premium Essay

Net320

...Suppression Lab Report 1. On the Results Browser, make sure you are on Current Project so you have both sets of results. Expand DB Query and Select DB Query Response Time (sec). Hit the Show button. Zoom into the last half portion of the graph for better granularity and to avoid start up oscillation time to stabilize. Copy and label this graph to your lab report and answer the following: 1. Which run has a better (lower) DB Query Response time? This shows the silent suppression has a lower db time. 2. In regard to your answer to part a, approximate how much faster (in seconds or milliseconds) of a response time the better scenario has. Its .22 seconds faster. 2. Expand E-mail and select Download Response Time (sec). Select Show and zoom into the last half portion of the graph for better granularity and to avoid start up oscillation time to stabilize. Copy and label this graph to your lab report and answer the following: 3. Which run has a better (lower) e-mail Download Response time? Again it’s the silent suppression that had a email response. 4. In regard to your answer to part a, approximate how much faster (in seconds or milliseconds) of a response time the better scenario has. It was .4 seconds faster. 3. Expand HTTP and s elect Page Response Time (sec). Select Show and zoom into the last half portion of the graph for better granularity and to avoid start up oscillation time to stabilize. Copy and label this graph to your lab report...

Words: 726 - Pages: 3

Premium Essay

Unit 9 Assignment: Case Study

...Course: LS311: Business Law I Instructor: Prof. Jeffery Hazard Unit 9 Assignment: Case Study Name: Bridget Okpobia Date: 12/19/2012 This essay will explain the following four questions. First, would registration with the SEC be required for Dakota Gasworks securities? Second, Did Emerson violate Section 10(b) of the Securities Exchange Act of 1934 and SEC Rule 10b-5? Third what theory or theories might a court use to hold Wallace liable for insider trading? Finally, under the Sarbanes-Oxley Act of 2002, who would be required to certify the accuracy of financial statements filed with the SEC? Would registration with the SEC be required for Dakota Gasworks securities? Why or why not? Reliant Energy has registered securities and faces a takeover attempt, or third party tender offer, then the SEC’s tender offer rules will apply to the transaction. The filings required by these rules provide information to the public about the person making the tender offer. The company, Dakota Gasworks, is experiencing the takeover so they must file with the SEC its responses to the tender offer. These rules set time limits for the tender offer and provide some protection to shareholders. Did Emerson violate Section 10(b) of the Securities Exchange Act of 1934 and SEC Rule 10b-5? Why or why not? Moreover, Emerson did violate rule 10b-5 of the Securities exchange act, in where it protects against insider trading; which is the purchase or sale by person with access to information not available...

Words: 576 - Pages: 3

Premium Essay

Commerical Law Exam 1

...CH. 32 1. Know the term fiduciary in the context of agency, and the requirements of a fiduciary relationship. “the fi duciary relation [that] results from the manifestation of consent by one person to another that the other shall act in his [or her] behalf and subject to his [or her] control, and consent by the other so to act.” When used as a noun, it refers to a person having a duty created by his or her undertaking to act primarily for another’s benefi t in matters connected with the undertaking. When used as an adjective, as in the phrase fi duciary relationship, it means that the relationship involves trust and confi dence. 2. Know the criteria used by courts to determine a worker's status as employee or independent contractor. Why does this determination make a difference? How much control does the employer exercise over the details of the work? Is the worker engaged in an occupation or business distinct from that of the employer(If so, this points to independent-contractor,) Is the work usually done under the employer’s direction or by a specialist without supervisionDoes the employer supply the tools at the place of work? (For how long is the person employed? What is the method of payment—by time period or at the completion of the job? What degree of skill is required of the worker? ( 3. Know the 4 ways an agency relationship can be created. An agency relationship can arise in four ways: by agreement of the parties, by ratifi cation, by...

Words: 2988 - Pages: 12

Free Essay

Gekko

...The Gekko was used influence tactic to Bud in the movie. Such as influence tactic about the film is push pressure tactic, upward appeal, exchange, pull the inspirational appeal, pull the personal appeal, pull ingratiation, and pull conclusion. The first influence tactic type was pushed the pressure Bud. For example, Bud had a lot of responsibility. Gekko pressured him to find out insider information that he needed to make specific decisions. Without those information, Gekko was not happy because he didn’t generate money from it. The second influence tactic types were upward appeal. Bud’s didn’t report anything to his boss. Also, Bud provides Gekko some inside information. For example, Bud pitches him stocks, but is unimpressed. Desperate, Bud provides him some inside information about Bluestar Airlines. The third influence tactic types were exchange. When began Bud told to him inside information, so Gekko wants Bud to spy on British CEO. Because he wants to make big money, if Bud don’t want to join him. Bud will be lose anything. The four pull influence tactic types was inspirational appeal. Just like movies Bud always looked up to Gekko before even meeting him. He aspired to be as successful as Gekko was in Wall Street. Because of this, Bud was easily influenced to go against his father’s beliefs became of he will success from knowing inside information. Bud would stop at nothing to impress the one who inspired him. The influence tactic types were pulled personal...

Words: 421 - Pages: 2

Free Essay

Chapter 4 Albert

...1. Identify the ethical and legal issues of which Albert needs to be aware. There were many ethical issues within this case study. They included: * Albert and his wife took advantage of the “players” at the parties they attended. Seeping information from them while they were intoxicated. Soon both of them started to use this strategy to increase their profits and build upon their portfolios. * Albert and his wife used their uncle, a janitor to gain information from the law offices he cleaned to gain information on companies. With this information Albert and Mary had an inside track in the market. * Barry putting Albert or Mary’s trade before the client order, this is called spinning and is considered unethical. And you have Barry demanding insider information on several companies. * Mary used insider information from her father who worked for a major health care company to initiate a hostile takeover for benefits towards her portfolio and her selected friends and colleges. * Buy stock for boss and boss’s friends, and they’ll give him a bonus. The only legal issue I noticed was the emails that Mary received. 2. Discuss the advantages and disadvantages of each decision that Albert could make and has made. Many advantages were: * Due to the information that he received from the players and his uncle, Albert had inside information which helped him to become successful within the market. * Assisting Barry helped Albert get...

Words: 441 - Pages: 2

Premium Essay

Violation of Sec Rule 10-B-5 of the Federal Statue

...Memorandum To: Reader From: Date: July 11, 2014 Re: Violation of SEC Rule 10-b-5 of the Federal statue Summary Aquaman is president of a marine research company called "Underwater Leagues, Inc." On April 1, the research director of Underwater Leagues tells Aquaman that they've come up with "Oxygum," a means of breathing underwater by chewing a special kind of gum. Aquaman knows a great product when he hears it. He delays announcing the invention to the public so that he can buy all the stock he can get his hands on. He buys 50,000 shares of Underwater Leagues, at $10 a share. After the announcement, the share price skyrockets to $50 per share. a) If the shareholders bring a derivative action against Aquaman, what federal law should they accuse Aquaman of having violated (i.e., which federal statute)?  b) Did Aquaman actually violate that statute? Explain.  c) If Aquaman were found to have violated that statute, what remedy would the shareholders be able to seek (i.e., how much money would Aquaman be liable for. Issue First issue: (1) Pursuant to what federal statute would the shareholders claim Aquaman violated, and was he truly in violation of that statute? Rule Section 10(b) of the Securities Exchange Act,  Rule 10b-5, 17 C.F.R. § 240.10b, prohibit any person, directly or indirectly, from committing fraud in connection with the sale or purchase of securities. 17 CFR § 240.10b-5 (2014) is entitled “Employment of Manipulative and Deceptive Practices...

Words: 1473 - Pages: 6

Free Essay

Hr Term

...AIG was at the center of the financial crisis and probably without AIG the subprime crisis would not be as severe as we seen. AIG was used as an instrument to fuel the housing boom. The AIG executives were running the financial product unit ethically but not efficiently. From the email communication one thing is apparent that the executive were very optimistic and they never priced in the risk effectively. The assumption that there will be no calls from counterparties to execute the credit default swaps related to subprime market were not unethical and may have been completely driven by the amount of revenue generated by the credit default swaps for the financial product division. The situation was unprecedented and except very few no one was able to predict the extent of the mortgage defaults in USA. There was lack of the risk assessment standards within AIG that is apparent from the communications. The person who was running the Financial Product division Cassano did very poor job for adapting to the changing market conditions. Again AIG could have limited the losses by pricing the credit default swaps correctly by integrating in it the changing market conditions. If we look at the conduct when it happened the situation did not seem like violation of ethical conduct. Back than when AIG was making big profits no one realized the post effect of the failure of these complex securities and AIG was one of the preferred investments due to performance of its financial product unit...

Words: 518 - Pages: 3

Premium Essay

Martha Stewart

...Martha Stewart Martha Stewart is an author, editor, and a homemaking advocate. Over the last two decades Stewart has held a prominent position in the American publishing industry. She was the author of several books, hundreds of articles on the domestic arts, editor of a national homekeeping magazine, host for two popular daytime television programs, and commercial spokeswoman for K-Mart (Wikipedia). At the height of her career, Stewart’s success came to an abrupt hault as she encountered many hardships that were responsible for her undesireable reputation and diminished trust in the business world. In December 2001 Stewart held 3,928 shares in ImClone, a New York-based biotech firm. On the morning of December 27, Aliza Waksal, the daughter of the firm's CEO, Sam Waksal, told Douglas Faneuil, the assistant to Stewart’s Merrill Lynch broker, Peter Bacanovic, to sell the ImClone shares in her account. Soon after, Sam Waksal's accountant tried to sell Sam's shares as well. Faneuil told Bacanovic about the Waksals' desire to sell, and Bacanovic quickly called Stewart, leaving a message that ImClone's stock was going to start trading downward. Stewart sold her ImClone shares on the afternoon of the 27th. The following day, December 28th, The Food and Drug Administration reported publicly that ImClone’s promising cancer drug Erbitux was not going to be approved. After the announcement, ImClone’s stock fell sharply and Martha Stewart saved around $45,000 by selling early (Henwood)...

Words: 1445 - Pages: 6