Child Abuse and maltreatment Assignment Example | Topics and Well Written Essays - 250 words

Child Abuse and maltreatment - Assignment Example This article will address child abuse that is encountered by preschool children. There are colossal type of child abuse at this age but the common ones are, physical, emotional, neglect and sexual. The physical abuse incorporates all the aspects of physical harm like slapping, caning or beating a child as well as any physical punishment that is inappropriate to the Childs age. Child neglect is when a caregiver or the parent fails to provide for the child basic needs like clothing’s, shelter, food and supervision. Emotional abuse involves humiliating, name-calling, telling a child worthless he is among others. Sexual abuse includes sexual activity with a child, and it is sad to note that it usually done by a person the child trust. Some cultural health practices may be misidentified as maltreatment. For example, giving a child herbal medication to treat disease rather than the conventional medicine (Johnson, 2004). The earlier a child abuse is identified, the better for the Childs recovery. Warning signs include extremely passive child, tantrum throwing, unexplained physical injuries, being afraid to go home, filthy clothing and trouble in walking in sexually abused children. Reporting a child abuse case involves calling the local police, documenting everything that the witness saw, having the child evaluated at child assessment centre, investigation launch into the allegation, getting an attorney and call children justice office for further assistance (Asnes & Leventhal, 2010). Asnes, A. G., & Leventhal, J. M. (2010). Managing child abuse: general principles. Pediatrics in Review / American Academy of Pediatrics, 31, 47–55. Johnson, C. F. (2004). Child sexual abuse.

Reflective learning report Essay Example | Topics and Well Written Essays - 1500 words

Reflective learning report - Essay Example I also ensured that I led the accounting department as a team. Team work certainly helped us since; we could generate ideas more quickly and also come up with solutions to various problems faced in the course of work. This had a lot of impact on the people I was working with since; they also learnt to be hard working and relate well with their colleagues. The impact on the outcome of work was also positive since, through my department, the organization made investments that were successful and profitable. The learning model that was hugely beneficial in my work is the experimental psychology model (Knowles, 2012, 9). I had drawn down the model and purposed to follow it step by step in order to achieve my desired objectives. I was self-motivated and was also motivated by the goals and objectives that I had set for myself and the company. My fellow colleagues also motivated me to work harder in order to achieve the set goals. My perception also profoundly affected my way of work since; at times I perceived things different from the rest of the employees and thus ended up making mistakes. I also purposed to acquire all the necessary skills for my work in order to achieve my set goals. I then assessed my performance through analyzing the improvements of the company. This way, I would know that I had made an impact on the workplace and other people too. Substantive Topic Applied: Team Work Team and group work immensely assisted in the success of work at Vital Company. This is because; with the accounts of the company being so vast, we had to divide ourselves into different groups in order to meet the time limit of preparing the financial statements. Members decided to form groups consisting of ten members each in order to accommodate all the members. Each group had a leader to coordinate it and a secretary to take notes. Each group would then set its own goals which it wanted to achieve at the end of the financial period. However, all groups agreed to be meeting at the same time in order to ensure that each group met. After a certain period, each group analyzed its performance and development through analyzing its forming, storming, norming and performing areas (Belbin, 2012, 65). Team work also assisted in the success of the company since; there was a better decision making, and coverage of large quantity of work within a short period (Maddux & Wingfield, 2003, 11). Cooperation among the group members also promoted colleague relations thus, leading to high quality work. My punctuality and social skills also increased and I learnt how to present ideas to a multitude of people. I also learnt on how to handle disagreements among a large group of people. There was also effective problem solving in the groups. Team work also made the performance feedback more meaningful because; everyone understood what was expected and could monitor the performance against the expectations. In addition, group discussions encouraged members to test their abilities and try out new ideas. This stimulated individuals to become stronger performers. In the future, one thing that I would change is the way of handling conflicts in the groups; I would ensure that conflict resolution is done by the members themselves and not by the leaders or some of the members (Cohen & Bailey, 1997, 249). I would also ensure that there is the sense of commitment in groups such

Security models

Security models EXECUTIVE SUMMARY One of the most essential part of securing access to data, information, security, as well as computer organization is by having security policy. A computer security policy consist of a clearly defined and precise set of rules, for determining authorization as a basis for making access control decisions. A security policy captures the security requirements of an establishment or describes the steps that have to be taken to achieve the desired level of security. A security policy is typically stated in terms of subjects and objects, given the desired subject and object there must be a set of rules that are used by the system to determine whether a given subject can be given access to a specific object. A security model is a formal or an informal way of capturing such policies. Security models are an important concept in the design of a system. The implementation of the system is then based on the desired security model. In particular, security models are used to test a particular policy for completeness and consistency document a policy help conceptualize and design an implementation check whether an implementation meets its requirements We assume that some access control policy dictates whether a given user can access a particular object. We also assume that this policy is established outside any model. That is, a policy decision determines whether a specific user should have access to a specific object; the model is only a mechanism that enforces that policy. Thus, we begin studying models by considering simple ways to control access by one user. In this paper, we would briefly explain about two main security models that have already known and been used in securing a system. The two of them are BIBA and Bell La-Padula. Basically this two known system have been used widely in the world and it is essential for us as security technology students to understand and implement it in the future system. We highly hope that this paper can help the student to understand the security policy that being implemented by the BIBA and Bell La-Padula model. CATEGORY OF SECURITY MODELS Biba Model The Biba integrity model was published in 1977 at the Mitre Corporation, one year after the Bell La-Padula model (Cohen ). As stated before, the Bell La-Padula models guarantees confidentiality of data but not its integrity. As a result, Biba created a model use address to enforcing integrity in a computer system. The Biba model proposed a group of integrity policies that can be used. So, the Biba model is actually family of different integrity policies. Each of the policies uses different conditions to ensure information integrity (Castano). The Biba model, in turn, uses both discretionary and nondiscretionary policies. The Biba model uses labels to give integrity levels to the subjects and objects. The data marked with a high level of integrity will be more accurate and reliable than data labeled with a low integrity level. The integrity level use to prohibit the modification of data. Access Modes The Biba Model consists of group access modes. The access modes are similar to those used in other models, although they may use different terms to define them. The access modes that the Biba model supports are: Modify: allows a subject to write to an object. This mode is similar to the write mode in other models. Observe: allows a subject to read an object. This command is synonyms with the read command of other models. Invoke: allows a subject to communicate with another subject. Execute: allows a subject to execute an object. The command essentially allows a subject to execute a program which is the object Policies Supported by the Biba Model The Biba model can be divided into two types of policies, those that are mandatory and those that are discretionary. Mandatory Policies: Strict Integrity Policy Low-Water-Mark Policy for Subjects Low-Water-Mark Policy for Objects Low-Water-Mark Integrity Audit Policy Ring Policy Discretionary Policies: Access Control Lists Object Hierarchy Ring Mandatory Biba Policies The Strict Integrity Policy is the first part of the Biba model. The policy states:  § Simple Integrity Condition: s ∈ S can observe o∈ O if and only if i(s) ≠¤ i(o).  § Integrity Star Property: s ∈ S can modify to o∈ O if and only if i(o) ≠¤ i(s).  § Invocation Property: sâ‚  ∈ S can invoke sâ‚‚ ∈ S if and only if i(sâ‚‚ ) ≠¤ i(sâ‚  ). The first part of the policy is known as the simple integrity property. The property states that a subject may observe an object only if the integrity level of the subject is less than the integrity level of the object. The second rule of the strict integrity property is the integrity star property. This property states that a subject can write to an object only if the objects integrity level is less than or equal to the subjects level. This rule prevents a subject from writing to a more trusted object. The last rule is the invocation property, which states that a subject sâ‚  can only invoke another subject sâ‚‚, if sâ‚‚ has a lower integrity level than sâ‚ . The strict integrity policy enforces â€Å"no write-up† and â€Å"no read-down† on the data in the system, which is a subject, is only allowed to modify data at their level or a low level. The â€Å"no write up† is essential since it limits the damage that can be done by malicious objects in the system. On the other hand, the â€Å"no read down† prevents a trusted subject from being contaminated by a less trusted object. Specifically, the strict integrity property restricts the reading of lower level objects which may be too restrictive in some cases. To combat this problem, Biba devised a number of dynamic integrity polices that would allow trusted subjects access to an un-trusted objects or subjects. Biba implemented these in a number of different low-water mark policies. The low-watermark policy for subjects is the second part of the Biba model. The policy states:  § Integrity Star Property: s ∈ S can modify o∈ O if and only if i(o) ≠¤ i(s).  § If s ∈ S examines o ∈ O the i†² (s) = min(i(s),i(o)), where i†² (s) is the subjects integrity level after the read.  § Invocation Property: sâ‚ Ã¢Ë†Ë† S can invoke sâ‚‚ ∈ S if and only if i(sâ‚‚ ) ≠¤ i(sâ‚  ). The low-watermark policy for subjects is a dynamic policy because it lowers the integrity level of a subject based on the observations of objects. This policy is not without its problems. One problem with this policy is if a subject observes a lower integrity object it will drop the subjects integrity level. Then, if the subject needs to legitimately observe another object it may not be able to do so because the subjects integrity level has been lowered. Depending on the times of read requests by the subject, to observe the objects, a denial of service could develop. The low-watermark policy for objects is the third part of the Biba model. This policy is similar to the low-watermark policy for subject. The policy states:  § s ∈ S can modify any o ∈ O regardless of integrity level.  § If s ∈ S observe o ∈ O the i†² (o) = min(i(s),i(o)), where i†² (o) is the objects integrity level after it is modified. This policy allows any subject to modify any object. The objects integrity level is then lowered if the subjects integrity level is less than the objects. This policy is also dynamic because the integrity levels of the objects in the system are changed based on what subjects modify them. This policy does nothing to prevent an un-trusted subject from modifying a trusted object. The policy provides no real protection in a system, but lowers the trust placed in the objects. If a malicious program was inserted into the computer system, it could modify any object in the system. The result would be to lower the integrity level of the infected object. It is possible with this policy that, overtime; there will be no more trusted objects in the system because their integrity level has been lowered by subjects modifying them. The low-watermark integrity audit policy is the fourth mandatory policy under the Biba model. The policy states:  § s ∈ S can modify any o ∈ O , regardless of integrity levels.  § If a subject modifies a higher level object the transaction is recorded in an audit log. The low-watermark integrity audit policy simply records that an improper modification has taken place. The audit log must then be examined to determine the cause of the improper modification. The drawback to this policy is that it does nothing to prevent an improper modification of an object to occur. The Ring Policy is the last mandatory policy in the Biba Model. This policy is not dynamic like the first three policies. Integrity labels used for the ring policy are fixed, similar to those in the strict integrity policy. The Ring Policy states:  § Any subject can observe any object, regardless of integrity levels.  § Integrity Star Property: s ∈ S can modify o∈ O if and only if i(o) ≠¤ i(s).  § Invocation Property: sâ‚  ∈ S can invoke sâ‚‚ ∈ S if and only if i(sâ‚‚ ) ≠¤ i(sâ‚ ). The ring policy is not perfect; it allows improper modifications to take place. A subject can read a low level subject, and then modifies the data observed at its integrity level (Castano). Advantages Disadvantages Advantages: Ø Easy to implement So, It is no harder to implement the strict integrity policy. Ø Provides a number of different policies If the strict integrity property is too restricting, one of the dynamic policies could be used in its place. Disadvantages: Ø The model does nothing to enforce confidentiality. Ø The Biba model does not support the granting and revocation of authorization. Ø This model is selecting the right policy to implement. Bell La-Padula Model The Bell La-Padula model is a classical model used to define access control. The model is based on a military-style classification system (Bishop). With a military model, the sole goal is to prevent information from being leaked to those who are not privileged to access the information. The Bell La-Padula was developed at the Mitre Corporation, a government funded organization, in the 1970s (Cohen). The Bell La-Padula is an information flow security model because it prevents information to flow from a higher security level to a lower security level. The Bell La-Padula model is based around two main rules: the simple security property and the star property. The simple security property states that a subject can read an object if the object is classification is less than or equal to the subjects clearance level. The simple security property prevents subjects from reading more privileged data. The star property states that a subject can write to an object, if the subjects clearance level is less than or equal to the objects classification level. What the star property essentially does is it prevents the 2 lowering of the classification level of an object. The properties of the Bell La-Padula model are commonly referred to as â€Å"no read up† and â€Å"no write down†, respectively. The Bell La-Padula model is not flawless. Specifically, the model does not deal with the integrity of data. It is possible for a lower level subject to write to a higher classified object. Because of these short comings, the Biba model was created. The Biba model in turn is deeply rooted in the Bell La-Padula model. There is a slightly embellished Mealy-type automaton as our model for computer systems. That is, a system (or machine) M is composed of  § a set S of states, with an initial state s0 2 S,  § a set U of users (or subjects in security parlance),  § a set C of commands (or operations), and  § a set O of outputs, Together with the functions next and out:  § next: S Ãâ€" U Ãâ€" C → S  § out: S Ãâ€" U Ãâ€" C → O Pairs of the form (u, c) 2 U Ãâ€" C are called actions. We derive a function next*: Ø Next*: S Ãâ€" (U Ãâ€" C)* → S (The natural extension of next to sequences of actions) by the equations Ø Next*(s, Λ) = s, and Ø Next*(s, ÃŽ ± ââ€" ¦ (u, c)) = next (next*(s, ÃŽ ±), u, c), Where Λ denotes the empty string and ââ€" ¦ denotes string concatenation. Based on these two primitive types of access, four more elaborate ones can be constructed. These are known as w, r, a, and e access, respectively: w : write access permits both observation and alteration, r : read access permits observation but not alteration, a : append access permits alteration, but not observation, and e : execute access permits neither observation nor alteration. In order to model formally this internal structure of the system state we introduce a set N of object names, a set V of object values, the set A = {w, r, a, e} of access types, And also the functions contents and current-access-set: contents: S Ãâ€" N → V , current-access-set: S → P(U Ãâ€" N Ãâ€" A) (where P denotes power set) with the interpretation that contents(s, n) returns the value of object n in state s, while current-access-set(s) returns the set of all triples (u, n, x) such that subject u has access type x to object n in state s. Observe that contents captures the idea of the value state, while current-access-set embodies the protection state of the system. Thus, we introduce functions alter, and observe: alter : S → P(U Ãâ€" N), and observe : S → P(U Ãâ€" N) with the definitions: observe(s) def = {(u, n) | (u, n,w) or (u, n, r) Є current-access-set(s)}, and alter(s) def = {(u, n) | (u, n,w) or (u, n, a) Є current-access-set(s)}. That is, observe(s) returns the set of all subject-object pairs (u, n) for which subject u has observation rights to object n in state s, while alter (s) returns the set of all pairs for which subject u has alteration rights to object n in state s. Definitions of Bell La-Padula Definition 1 (Simple Security Property) A state s Є S satisfies the simple security property if Є N: Ø (u, n) Є observe(s) clearance (u) ≠¥ classification(s, n). A rule r is ss-property-preserving if next(s, u, r) satisfies the ss-property whenever s does. Definition 2 (*-property) Let T U denote the set of trusted subjects. A state s Є S satisfies the *-property if, for all un-trusted subjects u Є UT (we use to denote set difference) and objects n Є N: Ø (u, n) Є alter(s) âŠÆ' classification(s, n) âŠÆ' current-level(s, u), and Ø (u, n) Є observe(s) current-level(s, u) âŠÆ' classification(s, n). A rule r is *-property-preserving if next(s, u, r) satisfies the *-property whenever s does. Note that it follows from these definitions that: Ø (u, n, a) Є current-access-set(s)current-level(s, u), Ø (u, n, r) Є current-access-set(s) classification(s, n), And Ø (u, n,w) Є current-access-set(s) classification(s, n) = current-level(s, u). Also, as a simple consequence of the transitivity of ≠¥, if a state s satisfies the *-property and u is an un-trusted subject with alteration rights to object n1 and observation rights to object n2 (in state s), then Ø classification(s, n1) ≠¥ classification(s, n2). The original formulation of the *- property was somewhat different than that given above in that it did not employ the notion of a subjects current-level. The formulation of the *-property given in [1, Volume II] is, u Є TU, and m, n Є N: Ø (u,m) Є observe(s) ^ (u, n) Є alter(s) âŠÆ' classification(s, n) âŠÆ' classification(s,m). Definition 3 (Security) A state is secure if it satisfies both the simple security property and the *-property. A rule r is security-preserving if next(s, u, r) is secure whenever s is. We say that a state s is reachable if Ø s = next*(s0, ÃŽ ±) for some action sequence ÃŽ ± Є (U Ãâ€" C)*. A system satisfies the simple security property if every reachable state satisfies the simple security property. A system satisfies the *-property if every reachable state satisfies the *-property. A system is secure if every reachable state is secure. Applications of Bell La-Padula Bell and La Padula demonstrated the application of their security model by using the results of the previous section to establish the security of a representative class of 11 rules. These rules were chosen to model those found in the Multics system. 1. Get-Read (rule 1 of [2]) A subject u may call the rule get-read(n) in order to acquire read access to the object n. The rule checks that the following conditions are satisfied. clearance (u) ≠¥ classification(s, n) If u is not a trusted subject (i.e., u Є UT), then o current-level(s, u) ≠¥ classification(s, n) If both these conditions are satisfied, the rule modifies the protection state by setting  § current-access-set(s0) = current-access-set(s) {(u, n, r)}, where s0 denotes the new system state following execution of the rule. Otherwise, the system state is not modified. The security of get-read follows directly from Corollary 9. 2. Get-Append, Get-Execute, Get-Write (rules 2 to 4 of [2]) These are analogous to get-read. 3. Release-Read (rule 5 of [2]) A subject u may call the rule release-read(n) in order to release its read access right to the object n. No checks are made by the rule, which simply modifies the protection state by setting  § current-access-set(s0) = current-access-set(s){(u, n, r)}, where s0 denotes the new system state following execution of the rule. The security of release read follows directly from Theorem 10. 4. Release-Execute, Release-Append, Release-Write (rule 5 of [2]) These are analogous to release-read. 5. Change-Subject-Current-Security-Level (rule 10 of [2]) A subject u may call Change-Subject-Current-Security-Level(l) in order to request that its current-level be changed to l. The rule checks that the following conditions are satisfied. clearance(u) ≠¥ l (i.e., a subjects current-level may not exceed its clearance). If u is an un-trusted subject (i.e., u Є UT) then assigning l as the current level of u must not cause the resulting state to violate the *-property—i.e.,n Є N:  § (u, n) Є alter(s) âŠÆ' classification(s, n) ≠¥ l, and  § (u, n) Є observe(s) âŠÆ' l ≠¥ classification(s, n). If both these conditions are satisfied, the rule modifies the system state by settingcurrent-level (s0, u) = l, where s0 denotes the new system state following execution of the rule. Otherwise, the system state is not modified. 6. Change-Object-Security-Level (rule 11 of [2]) A subject u may call Change-Object-Security-Level(n, l) in order to request that the classification of object n be changed to l. The rule checks that the following conditions are satisfied. current-level(s, u) ≠¥ classification(s, n) (i.e., no subject may change the classification of an object which is currently classified above its own level). If u is an un-trusted subject (i.e., u Є UT), then current-level(s, u) ≠¥ l and l ≠¥ classification(s, n), o (i.e., untrusted subjects may not â€Å"downgrade† the classification of an object). v Є U, (v, n) 2 observe(s) âŠÆ' current-level(s, v) ≠¥ l (i.e., if any subject has observation rights to the object n, then the current level of that subject must dominate the new classification of n). Assigning l as the classification of n must not cause the resulting state to violate the *-property. If these conditions are satisfied, the rule modifies the system state by setting classification (s0, n) = l, where s0 denotes the new system state following execution of the rule. Otherwise, the system state is not modified. There are several limitations of BLP: Restricted to confidentiality No policies for changing access rights; a general and complete downgrade is secure; BLP is intended for systems with static security levels. BLP contains covert channels: a low subject can detect the existence of high objects when it is denied access. Sometimes, it is not sufficient to hide only the contents of objects. Also their existence may have to be hidden.

J Sainsbury PLC :: Business and Management Studies

J Sainsbury PLC INTRODUCTION J Sainsbury PLC is one of the leading food retailers in the UK and also has interests in financial services. It comprises of Sainsbury's Supermarkets, Bells Stores, Jackson's Stores and Sainsbury's Bank. There are currently 583 Sainsbury’s supermarkets throughout the UK employing over 145,000 people, offering over 34,000 products and serving over 11 million customers a week. It is for these reasons that careful management of operations within each of the stores is vital to ensure that all processes are kept running smoothly so that customers can be served and products can be replenished. PERFORMANCE OBJECTIVES Customers want a quality service when they shop. A quality service is defined as ‘a service that consistently meets or exceeds a customers expectations’. The supermarket needs to look at the current value of a customer – how can they make this person spend as much money as possible in the store. They also need to look at the future value of the customer – how can they make sure that this person will return, when they will spend more. The objectives of the supermarket need to be looked at and worked towards very carefully. The diagram below shows the main performance objectives that are worked towards in the supermarket. Things operations should do†¦ Objective Provide error free goods and services Quality Minimise lead time Speed Keep delivery promises Dependability Adapt to change in circumstances Flexibility Minimise cost Cost Dr Andi Smart, University of Exeter For the customer to have a hassle free shopping experience then most, if not all, of these objectives need to be met. The first, and arguably the most important, objective in the store is quality. It is important because it is the most visible part of what operations do and therefore customers are easily able to make judgements on quality. In real terms inside the supermarket this means ensuring that products are in good condition, that the store is clean, that the interior decorations are appropriate and of a good standard and ensuring that staff are polite and friendly. Quality is managed very carefully within the store. The floor manager is responsible for overseeing the operation as a whole and controls the managers from each section of the store. These managers in-turn oversee staff in their own section and control stock rotation, cleanliness of the isles and goods and ensure that all fixtures are maintained. This top-down approach to the operation ensures that quality is maintained successfully within the store. The next objective is speed – ensuring a short transaction time at the checkout and making products readily available is the only way that speed can be managed within the supermarket. A checkout manager controls the checkouts, increasing and reducing the number of staff on

Alternative Courses of Action

For SK-II line of skin care products, Procter and Gamble should have stood more firmly. Instead of denying the allegation, they should have explained and stressed more clearly that the small amount of those banned chemicals in the SK-II skin care products are not hazardous to health. They should have sought all the help and legal assistance of the concerned departments needed to prove their case.In that way, they would not need to voluntarily offer refunds to consumers as it has been announced lately by the Chinese authorities that the banned substances did not pose a health hazard. In this way, though image and trust had been tainted because of negative publicity and perception, there will be no significant loss financially as they would not need to offer refunds anymore. In addition, the incident of returning counterfeit products and cases of violence would have been avoided as well.The moment Procter and Gamble decided to voluntarily offer refunds to consumers, they have acknowled ged that they have lapses on their part which created instances for consumers to behave that way. †¢For Gillette products in Russia, Procter and Gamble should have anticipated the fluctuation of Russian ruble. They should have prepared countermeasures when Russian ruble plummet which had happened. They should have expected this kind of problem the moment they have decided to merge with Gillette Company.In this particular instance, I can say that Procter and Gamble had overlooked planning causing this kind of failure. †¢For disruption of sales in certain countries, Procter and Gamble should have anticipated this as well. The moment they have decided to merge with Gillette Company, they should have expected that this problem will happen. They should have studied the market of these certain countries more intensively so they can plan how to deal with this considerable overlap.

Computer Science Essay

Internet Information Services (ISS) has become one of the mostly used technologies in the Information Systems to handle Hypertext Transfer Protocol (HTTP) requests. However, hackers have greatly targeted these IIS. Moreover, some viruses such as the Nimbda and Code Red have caused severe damages on IIS servers. This paper highlights on the various steps which IIS administrators ought to put into consideration in order to ascertain security for their corporations’ IIS servers by locking down their IIS web servers. Securing the IIS Web Servers The IIS is used to create, manage and secure websites and is included in the Windows New Technology Operating Systems. To ensure that the IIS server is secured, firstly, the IIS administrator must make sure that he has the system installed with latest updated service pack and the most current IIS packets. Additionally, other packets that are necessary for Windows 2000 must also be availed. In order to maintain the server operating steadily, the administrator has to register for the automatic security updates. Afterwards, the HiSecWeb package has to be unpacked in order to configure the computer well for IIS security. The IIS configuration settings are located in metabase, which is a data storage area. The metabase has a hierarchical organization structure, which depicts the IIS installation structure. After successful installation of the latest updated operating system and the IIS, the process of securing then gets on the move. This process begins at the network layer (Novick, 2010). In order to lock the network, the router, firewall and switch have to be configured to specifically allow external networks’ traffic pass to the Transmission Control Protocol (TCP) port. In the web server’s Internet Protocol (IP) address, the TCP is port 80 but when using the Secure Socket Layer (SSL), it is port 443. This configuration, though not complicated, bars the attack of the web server by any malicious external intruders. Securing the network only protects the web server. Therefore and as aforementioned, after testing the security updates of the operating system and the IIS patches, automatic updates is scheduled. In adding security and removing vulnerabilities to the IIS application, the administrator has to rename, disable or delete the IUSR account and recreate it. The IUSR account refers to an anonymous user in the web. For faster and straightforward securing of this account, the IIS Lockdown Tool, which is a product from Microsoft, is run. This tool uses the New Technology (NT) and IIS existing facilities in protecting the IIS server from the earlier mentioned viruses and other known and mysterious attacks. The use of this tool qualifies the account to become a member of the local group of the web anonymous users. Moreover, the Lockdown tool involuntarily dispenses the web anonymous users’ local group Deny Write or Deny Execute authorizations to the corporation’s directories on the web. Likewise, adding these group users to be members of the local group will give the same results. UrlScan Security tool is also found within the Lockdown tool and it helps, in conjunction with the former tool, in eliminating web extensions that are considered to be dangerous and of no consequence and checking any attempts to run EXE, IDA and HTA file extensions that are restricted. Furthermore, they put a ceiling on the HTTP request types to be processed by the IIS server (Novick, 2010). Disabling socket pooling also plays a pivotal role in IIS securing. The technique of connection pooling allows many sites to share TCP sockets. Consequently, disabling this enhancement will ensure that the IIS server is not in a position run services that are using ports with similar port numbers. Since the socket pooling option is by default enabled, the administrator renders it inoperative by configuring the DiasbleSocketPooling, an option in the llisWebServer classes and llsWebService. The IIS web server can further be secured by implementing various logon methods by applying basic authentication realms. For instance, web server user privileges. This strategy assigns a user name and password that ensures only the users having them are the ones who can physically access the server. Another logon procedure is the use of password pass through. The server only authenticates the user after having entered his/her credentials which have to be entered for each subsequent page in the web (Kozicki, 2003). To further the security of the server, an encryption connection may also be used. However, this option of securing the IIS server has some loopholes since the username and the password are passed over the internet in each log in thus becomes exposed to hackers. Therefore, in order to increase the security levels of the IIS server, modification can be made. These include employment of authentication methods that are interactive, application authentication and authentication of the network that has the capability to preserve the user credentials. Since IIS servers are highly exposed to public internet, the IIS security checklist provided by Microsoft is also reliable. This provides an extensive security function to the server through the numerous steps of installation and application settings for maximum functionality. However, most of the implementation procedures and steps are more or less similar to those of the UrlScan and the IIS Lockdown tool.