Constitui um conjunto - Free Essay Example

Sample details Pages: 28 Words: 8273 Downloads: 4 Date added: 2017/06/26 Category Statistics Essay Did you like this example? INTRODUO A segurana da informao, especificamente em banco de dados, constitui um conjunto de atividades e tcnicas essenciais para qualquer organizao empresarial. Antigamente, acreditava-se que os investimentos em segurana eram desnecessrios, pois no podiam ser mensurados, sendo considerado um exagero da equipe e profissionais de Tecnologia da Informao (TI) (VIEIRA, 2009). A base de dados de uma organizao pode auxiliar na gerao de informaes importantes para tomada de decises, sendo uma estratgia da empresa para se manter no mercado. Deste modo, o dado considerado como um dos principais ativos que a organizao possui, sendo parte integrante de todos os processos empresariais. Don’t waste time! Our writers will create an original "Constitui um conjunto" essay for you Create order Entre as dcadas de 50 e 70, as empresas tinham como seu maior patrimnio as instalaes, mquinas do setor de produo e o hardware. Com o avano tecnolgico e a produo de software com qualidade seguindo mtodos, ferramentas, procedimentos e com o mercado cada vez mais globalizado, a viso e os objetivos empresariais mudaram, e a gesto do conhecimento por meio do armazenamento e disseminao de dados passaram a ser valorizados (PRESSMAN, 2006). Conseqentemente, as empresas comearam as investir em tecnologia e em profissionais capazes de utilizar tcnicas para proteger os dados, a fim de agregar valor ao negcio tornando o armazenamento de dados mais confivel. Os dados passaram a ser tratado de forma estratgica, refletindo tambm a gerao de informaes importantes para as reas de negcio e gesto empresarial. Portanto, necessrio que todas as empresas procurem implantar uma poltica de segurana adequada e com normas bem definidas, essenciais para atingir o objetivo que se espera, visando proteger a informao e o conhecimento sobre seus negcios e processos. Os Sistemas Gerenciadores de Banco de Dados (SGBD) possuem mecanismos para administrar todas as bases de dados armazenadas. Estes mecanismos e interfaces dos SGBDs possuem como caracterstica principal a capacidade de organizao dos dados, aplicaes e pacotes de aplicaes que auxiliam na segurana. Isto permite facilitar a administrao de dados e do banco de dados por parte do Administrador de Banco de Dados (DBA) e outros profissionais da rea. De acordo com Dewson (2006) as principais ferramentas do SGBD da Microsoft so o SQL Server Databases Services, o Analysis Service, o Reporting Services, Integration Service e a Workstation Components. Tais ferramentas so capazes de administrar o banco de dados com integridade e confiabilidade dos dados. Alm disso, permitem gerenciar cpias de segurana criao de usurios e nveis de acesso. Dewson (2006) descreve ainda que atravs dessas ferramentas sejamos capazes de criar views de tabelas, roles para permisso de acesso, backup e restore dos dados, enfim manipular todas as informaes e realizar aes necessrias para uma administrao confivel e segura que um banco de dados necessita. Outros SGBDs tambm oferecem interfaces e comandos que facilitam a gerencia dos dados e usurios que acessam as bases de dados, podemos citar alguns exemplo de SGBD como Oracle, MySQl entre outros. O Oracle possui uma srie de ferramentas que possibilitam uma maior segurana do seu SGBD como: Oracle Database Vault, Audit Vault, Label Security, Advanced Security, Advanced Compression e Secure Backup. Essas ferramentas so capazes de administrar e garantir a integridade e confiabilidade de um SGBD lder de mercado no mundo coorporativo. Para Maj (2005) o MySQL tem por objetivo atingir o mais alto nvel de segurana em sua instalao, para que isso possa ocorrer, a instalao deve ser executado em um ambiente chrooted. Os processos armazenados no servidor de banco de dados, devem rodar sobre um UID/GID nico, isto , que no seja utilizado por outros processos de sistema, a segurana nos acesso devem ser feitas apenas por acessos locais ao MySQL e como forma de garantir integridade do SGBD a conta de root (superusurio) do deve possuir uma senha difcil de ser quebrada. O DBA tem como premissa principal de segurana renomear a sua conta de acesso e desativar a conta de nobody para que no haja falha no acesso de usurios annimos ao banco de dados (MAJ, 2005). Segundo Maj (2005) o MySQL ainda vem com funcionalidades de segurana como o ACID Transctions para construir aplicativos mais seguros e confiveis para utilizao desse SGBD no mercado. Diante dos recursos e tcnicas de segurana desenvolvidas e oferecidas pelos SGBDs, como implementar rotinas de segurana em banco de dados? Deste modo, este trabalho tem objetivo geral realizar uma pesquisa bibliogrfica a fim de investigar as melhores prticas utilizadas para a segurana da informao no contexto do gerenciamento de banco de dados. Alm disso, este trabalho ter como estudo de caso a implementao de rotinas de segurana em banco de dados seguindo as Normas da Sociedade Brasileiras de Informtica em Sade (SBIS). Como ferramenta para implementao das rotinas de segurana de dados, esta monografia utilizar o SQL Server 2005, por oferecer todas as funcionalidades necessrias para o desenvolvimento deste trabalho, e por ser o SGBD utilizado pelo autor em sua vida profissional. referido trabalho ter os seguintes objetivos especficos: Produzir um texto que descreva a segurana em um SQL Server, demonstrando os conceitos existentes em empresas; Descrever como o mercado de Sade Suplementar est se adequando a uma poltica de segurana a fim de garantir o que de mais importante para uma organizao, ou seja, o valor que tem a informao. Esta monografia est dividida em cinco captulos que so expostos de acordo com a importncia de cada tpico. Capitulo 1 a introduo. Neste captulo apresentada a motivao, finalidade e os objetivos especficos deste trabalho. Captulo 2 relaciona os conceitos de Segurana da Informao, banco de dados e a origem do SQL Server. Discute tambm as principais funcionalidades deste SGBD para o gerenciamento da segurana dos dados. Captulo 3 descreve as medidas utilizadas para garantir a segurana dos dados de acordo com as normas da Agncia de Sade Suplementar (ANS) seguindo a SBIS. Captulo 4 apresenta as tcnicas adotadas para garantir a segurana de dados por meio do SQL Server 2005, baseada nas normas descritas no Captulo 3. Captulo 5 faz as consideraes finais do trabalho. REFERENCIAL TERICO Inicialmente o papel da internet era ser um grande fornecedor de dados. Informaes financeiras, meteorolgicas, educacionais, institucionais, governamentais, alm de texto e imagens sobre uma in-finidade de assuntos, so disponibilizados atravs dos mecanismos de busca atuais. A Internet est em plena evoluo, e alm de dados, agora ela fornece diversos servios. Compra e venda de produtos, leiles, transaes bancrias e financeiras so apenas alguns exemplos de servios que j podem ser contratados on line. Na ltima dcada, setores da indstria, governo e educao tm tentado estabelecer os padres para a produo e a utilizao desse tipo de servios na rede, tambm conhecidos como Web Services. Nos dois primeiros anos do novo milnio, quando a euforia em torno do e-commerce comeou a dar lugar a experincias bem mais modestas do que alardeavam as previses do final dos anos 90, novas promessas sobre o potencial da Internet comeou a ganhar volume. No entanto, os protagonistas dessas novas promessas no foram as ponto-coms e seus propagandistas, mas grandes fornecedores de hardware, software e servios. O que eles vm promovendo ultimamente uma nova abordagem para os sistemas de informao corporativos e que vem sendo proclamada atravs de uma srie de nomes diferentes: a Microsoft a chama de NET; Oracle associa-a aos network services; IBM identifica-a por web services; Sun fala sobre um ambiente de rede aberto. No entanto, a idia central dessa nova abordagem que as corporaes logo iro comprar suas tecnologias de informao como servios providos atravs da Internet. Esses servios, que so genericamente conhecidos por web services, tm alguns atributos peculiares. Diferentemente dos web sites tradicionais, projetados para as pessoas interagirem com informao, os web services conectam aplicaes diretamente com outras aplicaes. E a idia bsica que essa conexo se d sem que seja necessrio efetuar grandes customizaes nas prprias aplicaes. Alm disso, uma das premissas fundamentais que o padro usado pelas conexes seja aberto e independente de plataforma tecnolgica ou linguagens de programao. Conceitos de Web Services De acordo com Breitman (2005), no existe uma nica definio para esse termo. A seguir listamos algumas que julgamos ser bem esclarecedoras: Um web service um aplicativo de software que pode ser acessado remotamente atravs de diferentes linguagens baseadas em XML. De modo geral, um web service definido atravs de uma URL, da mesma forma que qualquer site na Internet. O que distingue um web service o tipo de interao fornecida (Stephen Potts Mike Kopack, 2003) Um web service um sistema de software identificado atravs de uma URI cujas interfaces pblicas e interconexes so descritas em XML. Sua definio publicada de modo a po-der ser descobertaÂÂ ´ por outros sistemas de software. Web services podem interagir com outros sistemas ou web services do modo prescrito em sua definio, utilizando mensagens baseadas no padro XML produzidas atravs de protocolos de Internet (Glossrios do W3C). Web services so um novo tipo de aplicao para a Internet. Eles so autocontidos, autodescritivos, modulares e podem ser publicados, localizados e chamados atravs da rede. Os web services realizam funes que vo das mais simples at processos de negcio complexos. Uma vez tornado pblico, outras aplicaes (ou web services) podem descobrir e fazer uso do mesmo (Tutorial de web services, IBM). Web service uma soluo utilizada na integrao de sistemas e na comunicao entre aplicaes diferentes. Com esta tecnologia possvel que novas aplicaes possam interagir com aquelas que j existem e que sistemas desenvolvidos em plataformas diferentes sejam compatveis. Os Web services so componentes que permitem s aplicaes enviar e receber dados em formato XML. Cada aplicao pode ter a sua prpria linguagem, que traduzida para uma linguagem universal, o formato XML (Wikipdia, a enciclopdia livre) Para as empresas, os web services podem trazer agilidade para os processos e eficincia na comunicao entre cadeias de produo ou de logstica. Toda e qualquer comunicao entre sistemas passa a ser dinmica e principalmente segura, pois no h interveno humana. Essencialmente, o Web Service faz com que os recursos da aplicao do software estejam disponveis sobre a rede de uma forma normalizada. Outras tecnologias fazem a mesma coisa, como por exemplo, os browsers da Internet acedem s pginas Web disponveis usando por norma as tecnologias da Internet, HTTP e HTML. No entanto, estas tecnologias no so bem sucedidas na comunicao e integrao de aplicaes. Existe uma grande motivao sobre a tecnologia Web Service, pois possibilita que diferentes aplicaes comuniquem entre si e utilizem recursos diferentes. Um web service, portanto, um componente de software, ou uma unidade lgica de aplicao, que se comunica atravs de tecnologias padres de Internet. Esse componente prov dados e servios para outras aplicaes. Essa tecnologia combina os melhores aspectos do desenvolvimento baseado em componentes e a Web. Como componentes, representam uma funcionalidade implementada em uma caixa-preta, que pode ser reutilizada sem a preocupao de como o servio foi implementado. As aplicaes acessam os Web Services atravs de protocolos e formatos de dados padres, como HTTP, XML e SOAP. O que os Web Services Fornecem O grande entusiasmo acerca da tecnologia de web services justificado pela promessa de interoperabilidade dos ambientes computacionais. medida que os computadores vo se tomando presentes no s no ambiente profissional, mas tambm em nossas casas, a diversidade de ambientes computacionais (sistemas operacionais e aplicativos de software) cresce quase que exponencialmente. A arquitetura de web services baseada na troca de mensagens XML em um formato especfico, portanto: independente de plataforma; E independente da localidade (do mundo) de onde a mensagem est sendo enviada; independente da linguagem do aplicativo de software do cliente; No exige que o cliente saiba que tipo de processador est sendo utilizado pelo servidor. Os Web Services so identificados por um URI (Uniform Resource Identifier), descritos e definidos usando XML (Extensible Markup Language). Um dos motivos que tornam os Web Services atractivos o fato deste modelo ser baseado em tecnologias standards, em particular XML e HTTP (Hypertext Transfer Protocol). Os Web Services so utilizados para disponibilizar servios interativos na Web, podendo ser acedidos por outras aplicaes usando, por exemplo, o protocolo SOAP (Simple Object Access Protocol). Em suma, essa tecnologia realmente habilita a utilizao da Internet em nvel global. Atravs de web services cada aplicativo de software na rede tem a potencialidade de falar com qualquer ou-tro aplicativo, mesmo que no outro lado do mundo. Se a troca de mensagens entre servios estiver em conformidade com os protocolos de comunicao estabelecidos, possvel que dois aplicativos possam interagir, independentemente de seu sistema operacional, sua linguagem de programao e protocolos internos. Objetivos dos Web Services O objetivo dos Web Services como a comunicao aplicao para aplicao atravs da Internet. Esta comunicao realizada com intuito de facilitar EAI (Enterprise Application Integration), que significa a integrao das aplicaes de uma empresa, ou seja, interoperabilidade entre a informao que circula numa organizao nas diferentes aplicaes como, por exemplo, o comrcio eletrnico com os seus clientes e seus fornecedores. Esta interao constitui o sistema de informao de uma empresa. E para alm da interoperabilidade entre as aplicaes, a EAI permite definir um workflow entre as aplicaes e pode constituir uma alternativa aos ERP (Enterprise Resource Planning). Com um workflow possvel otimizar e controlar processos e tarefas de uma determinada organizao. Como Funcionam os Web Services INTEGRAO DE SISTEMAS CORPORATIVOS Introduo J faz alguns anos que os gerentes de TI se vem frente ao desafio de integrao das diferentes aplicaes corporativas que suportam os processos de negcio nas empresas. Nos ltimos anos observou-se um crescimento, sem precedentes, do nmero de aplicaes, sistemas, repositrios de informaes que coexistem dentro de uma corporao. Por outro lado, intensificou-se o esforo de integrao desses diferentes ativos de sistemas e dados provocados pelos movimentos de integrao e racionalizao dos processos de negcio, pelas estratgias de relacionamento com clientes e pela necessidade de gerao de informaes de apoio a tomadas de deciso. Analisemos o cenrio da TI nas empresas na segunda metade dos anos 90. A corrida contra o relgio fez com que as empresas reavaliassem seus antigos sistemas (legados) e os adaptassem ao fantasma do Ano 2000. Alm disso, as novas tendncias batiam porta das corporaes: milhes de dlares foram gastos no redesenho dos processos e implantao dos grandes sistemas de gesto empresarial (ERP) e de gerenciamento do relacionamento com clientes. Esses novos conceitos migraram o foco do gerenciamento de dados para o gerenciamento dos processos e clientes. Nesse contexto, a necessidade de integrao dos diferentes ambientes, sistemas, plataformas, bases de dados e todos os demais ativos de informao ocupou as mentes dos gerentes de TI. Surgiram com enorme fora os conceitos de EAI (Enterprise Application Integration) e as grandes e caras solues de sistemas de middleware. No entanto, uma revoluo ainda maior ocorria, adicionado mais variveis complexa equao da integrao de sistemas: a Internet. A possibilidade (ou necessidade) de disponibilizar parte das informaes corporativas a usurios ou sistemas que extrapolavam as fronteiras corporativas, fez com que o paradigma se alterasse novamente. O pice das aplicaes cliente-servidor parecia estar com os dias contados. Novos modelos de acesso s informaes foram criados, todos baseados em transaes leves, atravs dos novos protocolos da Web. Alm disso, novos sistemas foram adicionados ao contexto, entre eles, sistemas mais sofisticados de segurana, aplicativos diversos para intranet e extranet, etc. nesse cenrio que as empresas se inserem hoje. A diversidade de sistemas coexistindo nas empresas enorme, indo de grandes pacotes comerciais a aplicaes desenvolvidas sob-medida por diferentes software houses, com diferentes tecnologias (host-centric, cliente-servidor, n-tier, etc), em diferentes plataformas (mainframes, Unix, Windows, etc). J se verificou que a estratgia mais adequada para as empresas efetuar uma integrao dessas aplicaes j existentes ao invs de se tentar uma unificao de ambientes, plataformas e tecnologias, dados ao alto custo, tempo e aos investimentos j realizados com os atuais sistemas. O desafio agora definir o caminho mais adequado para os projetos de EAI. As Vantagens da Integrao de Sistemas atravs de Web Services As solues tradicionais de EAI provem uma mquina de integrao centralizada e monoltica, que usa tecnologias proprietrias para integrar os sistemas, e adaptadores especializados para conectar fontes de dados e sistemas legados. Essa abordagem monoltica tem as seguintes desvantagens: dependente de plataforma requerendo uma nova verso tanto da mquina de integrao quanto dos adaptadores para cada plataforma a ser suportada ou integrada; Introduz uma linguagem proprietria no core da integrao; Resulta num nico ponto de falha; Prov um mtodo de integrao que baseia-se na replicao dos dados dos diversos sistemas ao invs de consolidar os dados das vrias fontes. Alm disso, as solues tradicionais de EAI requerem um investimento inicial substancial, que quando combinado com a complexidade da tecnologia proprietria, gera um alto grau de dependncia do fornecedor. Como resultado, o prprio EAI se transforma em mais um sistema legado. Na verdade, a abordagem dos sistemas tradicionais de EAI, monolticas e centralizadas, no levam em conta a atual dinmica imposta pela Internet, onde os sistemas de uma empresa no podem ser isolados do resto do mundo. E nesse contexto, os requisitos de integrao se alteram constantemente fazendo com que as solues tradicionais tornem-se pouco geis e caras diante de qualquer alterao demandada. Qualquer nova tentativa de se integrar uma nova tecnologia quase to difcil e cara quanto a integrao inicial. No modelo de web services, cada sistema da organizao atua como um componente independente na arquitetura de integrao. Todas as interfaces, transformaes de dados e comunicaes entre componentes so baseados em padres abertos e vastamente adotados, independentes de fornecedores e plataformas. As vantagens de se utilizar essa abordagem so: Simplicidade: mais simples de se implementar que as solues tradicionais que utilizam CORBA ou DCOM; Padres abertos: utilizam padres abertos como HTTP, SOAP, UDDI, ao invs de tecnologias proprietrias; Flexibilidade: alteraes nos componentes so muito mais simples para o sistema como um todo do que alteraes nos adaptadores tradicionais; Custo: as solues tradicionais so muito mais caras; Escopo: cada sistema pode ser tratado de maneira individual, j que para componentiz-lo basta implementar uma camada que o encapsule. Na abordagem tradicional, todos os sistemas devem ser tratados ao mesmo tempo, j que faro parte da mesma soluo monoltica de integrao. Interoperabilidade de Web Services Na prtica, web services no so 100% interoperveis. Ainda existem diversos gaps para realizar a comunicao, mas existe uma organizao, a WS-I, que define os padres de comunicao para padronizao de interoperabilidade de web services. No total existem mais de 50 especificaes de Web services mantidas por trs organizaes (W3C, OASIS, WS-I). O WS-Basic profile 1.1 no cobre todas as especificaes de web services, mas cobre especificaes como SOAP, WSDL, UDDI, XML e HTTP. Nveis de Acesso A caracterstica de definio de acesso ao SGBD e as definies de acesso a determinada Tabela de Dados ou a possibilidade de o usurio obter o direto a um Insert, Select e Update e at mesmo Delete de fundamental importncia para que o SGBD se mantenha seguro e confivel no que diz respeito s normas(CFM e SBIS, 2009). Cada usurio ter um perfil de acesso, indicando os produtos, os arquivos, os aplicativos, as funes dos aplicativos e os dados que podem ser executados, lidos e gravados (UNIMED BRASIL, 2006). Em conformidade com as regras impostas os aplicativos disponibilizados pela Unimed do Brasil as Unimed que aderiram ao seu sistema de Gesto receberam um sistema com capacidade de cumprir as exigncias da TISS segundo a SBIS e o CFM, 2009. Exemplo de um script de restrio de um Formulrio da aplicao para garantir a integridade dos dados do SGBD: SELECT ALL TelosUserUrl.* FROM TelosUserUrl WITH (NOLOCK) WHERE ((TelosUserUrl.Usr = Fabricio) AND (TelosUserUrl.Url = frm:999000530) AND (TelosUserUrl.Application = 28)); UPDATE TelosRole SET TelosUpDt = convert(datetime, 2009-10-24 14:15:36, 120), TelosUpUs = Fabricio, Name = teste WHERE ((TelosRole.AutoId = 21)); DELETE FROM TelosRoleMenu WHERE ((TelosRoleMenu.Role = 21)); INSERT INTO TelosRoleMenu (RegAction, AllowVisualize, RegReport, RegEdit, AllowPrint, RegNew, RegDelete, TelosRgUs, TelosUpDt, AllowSchedule, TelosRgDt, Menu, Role, AllowSearch, AllowNew, TelosUpUs, AllowEdit, AllowSaveOutput, AllowDelete) VALUES (1, 1, 1, 1, 1, 1, 1, Fabricio, convert(datetime, 2009-10-24 14:15:36, 120), 1, convert(datetime, 2009-10-24 14:15:36, 120), 1281, 21, 1, 1, Fabricio, 1, 1, 1); Cpias de Segurana e Restaurao de Dados O primeiro produto da parceria SBIS/CFM foi elaborao da resoluo n. 1639/2002 que aprovou as Normas Tcnicas para o Uso de Sistemas Informatizados para a Guarda e Manuseio do Pronturio Mdico, dispondo sobre o tempo de guarda dos pronturios, estabelecendo critrios para certificao dos sistemas de informao e dando outras providncias. Conforme a SBIS e CFM (2009) a resoluo CFM n 1638/2002 define pronturio mdico e atribui as responsabilidades por seu preenchimento, guarda e manuseio. A Resoluo CFM n 1821/2007 aprova as Normas Tcnicas Concernentes Digitalizao e Uso dos Sistemas Informatizados para a Guarda e Manuseio dos Documentos dos Pronturios dos Pacientes, Autorizando a Eliminao do Papel e a Troca de Informao Identificada em Sade. Essa resoluo aprova o Manual de Certificao para Sistemas de Registro Eletrnico em Sade, verso 3.0 e/ou outra verso aprovada pelo Conselho Federal de Medicina, autoriza a digitalizao de pronturios mdicos conforme normas especficas e estabelece a guarda permanente para pronturios mdicos arquivados eletronicamente, em meio ptico ou magntico e microfilmados, bem como o prazo mnimo de vinte anos para a preservao dos pronturios mdicos em suporte de papel (SBIS e CFM, 2009). De acordo com a SBIS e CFM, (2009) os backups ou a cpia de segurana devem ser feita cpia de segurana dos dados do pronturio pelo menos a cada 24 horas. Recomenda-se que o sistema de informao utilizado possua a funcionalidade de forar a realizao do processo de cpia de segurana diariamente. O procedimento de back-up deve seguir as recomendaes da norma ISO/IEC 17799, atravs da adoo dos seguintes controles: Documentao do processo de backup/restore; As cpias devem ser mantidas em local distante o suficiente para livr-las de danos que possam ocorrer nas instalaes principais; Mnimo de trs cpias para aplicaes crticas; Protees fsicas adequadas de modo a impedir acesso no autorizado; Possibilitar a realizao de testes peridicos de restaurao. Seguindo as normas da SBIS e da Unimed do Brasil elaboramos um descrio da rotina implementada na Unimed Alm Paraba para a realizao e acompanhamento dos Backups e Restores como segue: Para garantir integridade do backup e dos dados (arquivos, sistemas, banco de dados, e-mail, etc.) nos servidores, quando houver necessidade de executar os processos aps os horrios estipulados no item anterior, as reas comunicam ao profissional de TI at as 18h00min. A IMPLEMENTAO DAS PRTICAS DE SEGURANA DE DADOS PERVISTAS NA SBIS USANDO O SQL SERVER 2005 A partir das normas e prticas mencionadas no Captulo 3, este captulo descreve a implementao da segurana de dados em SQL Server 2005, a fim de demonstrar como atender as exigncias que o mercado de Sade Suplementar, respeitando as resolues do CFM e da SBIS. Inicialmente, ser criado um banco de dados de exemplo com nome de CFMSBIS09 e as algumas tabelas como Beneficirio, ModuloBeneficirio e Pessoa, tem por objetivo a breve apresentao de um modelo de Bancos de Dados explicando brevemente cada um dos princpios do CFM e SBIS. Como a criao de Login com a permisso de leitura e a impossibilidade de roles de escrita no SBGBD. Criao de Logins Um dos primeiros passos para acessar o banco de dados CFMSBIS09 a criao de um login que possa ter acesso a todas as tabelas e seus dados. Conforme Script-2, segue a sintaxe de na linguagem Transact-sql para a criao do logins de acesso para utilizao desse usurio ao SGBD e conseqentemente ao Banco de dados CFMSBIS09. CREATE USER [Fabricio] FOR LOGIN [Fabricio] Caso haja necessidade de criar uma senha para o usurio Fabricio, o qual foi criado com objetivo de somente ter acesso ao Banco de Dados CFMSBIS09 e no ao SGBD, pode ser feito por meio da execuo do comando abaixo: Nota-se que a senha anterior desse usurio estava em branco, aconselhvel que voc crie uma senha segura e que no esteja em branco j que a prtica de segurana descrita nos Manuais online do SQL Server recomenda que no seja criado usurio de um SGBD em branco, evitando assim que Worms, Hackers se utilizem essa conta para acessar o SGBD. Esta falta de ateno, caso exista por parte do DBA, se ope s normas de segurana do CFM e SBIS quanto a Confiabilidade, Integridade e Disponibilidade dos dados confidenciais dos beneficirios registrados nos SGBDÂÂ ´s das Operadoras de Plano de Sade. Criao de Nveis de Acesso O SQL Server 2005 consegue realizar inmeros controle capazes de garantir que o sistema fique mais seguro conforme descreve Pichiliani (2003) que os nveis de permisses que podem ser atribudas aos usurios, permitem um controle e gerenciamentos dos dados e objetos de maneira mais especfica sobre as tabelas , dados , e a utilizao de sintaxe de comandos que podem garantir ou inviabilizar a segurana de dados contidos no SGBD , desse modo podemos ento afirmar que a criao dos nveis de acesso para os usurio de extrema importncia , j que a normal do CFM e da SBIS preconiza que todos os sistemas precisam garantir a confiabilidade, integridade e disponibilizar , consideramos que a melhor maneira quanto ao acesso ao banco de dados por parte dos usurios do sistema de gesto das Operadoras e mesmo aqueles que utilizam de alguma forma o SGBD para relatrios , consultas via Transact-sql , precisam estar em ressonncia com as normas aplicadas pelo DBA visando garantir a segurana. A criao dos nveis de acesso no SQL Server 2005 passa pela criao de Schemas e Roles de controles , continuaremos demonstrando como realizar esses controles , utilizando o nosso banco de CFMSBIS09 para criao de Schemas e Roles de acesso ao SGBD. Como exemplo e atribuio de esquemas, os usurios abaixo tero acesso aos SCHEMAS como db_securityadmin,db_datareader,db_datawriter, os quais permitem ao usurio gerenciar permisses e roles , ler e modificar todas as tabelas do SGBD : ALTER AUTHORIZATION ON SCHEMA::[db_securityadmin] TO [Fabricio] ALTER AUTHORIZATION ON SCHEMA::[db_datareader] TO [Fabricio] ALTER AUTHORIZATION ON SCHEMA::[db_datawriter] TO [Fabricio] GRANT ALTER ON SCHEMA::[db_datareader] TO [Fabricio] GRANT EXECUTE ON SCHEMA::[db_datareader] TO [Fabricio] Alm disso, possvel dar as permisses de GRANT e DENY para permitir ou negar uma determinada permisso desses usurios quanto utilizao de comandos atravs da sintaxe Transact-sql, como segue: GRANT INSERT ON SCHEMA::[db_datareader] TO [Fabricio] GRANT SELECT ON SCHEMA::[db_datareader] TO [Fabricio] GRANT UPDATE ON SCHEMA::[db_datareader] TO [Fabricio] DENY DELETE ON SCHEMA::[ db_datawriter ] TO [Fabricio] Essas caractersticas de definio de acesso ao SGBD e as definies de acesso a determinadas Tabelas de Dados ou a possibilidade dos usurios de obterem diretos a executar comando de Insert, Select ,Update e Delete de fundamental importncia para que o SGBD se mantenha seguro e confivel no que diz respeito s normas do CFM e SBIS. Criao da Rotina de Cpias de Segurana Uma das principais atribuies de um DBA zelar pelo bom funcionamento do SGBD e pela sua integridade e segurana dos dados, de nada adianta uma poltica de segurana bem definida se o DBA no utilizar de forma correta a tarefa de Backup e Restaure. Conforme descreve Battisti (2005) a informao o bem mais valioso da sua empresa e estando estas informaes armazenadas no banco de dados da empresa, de fundamental importncia que tenhamos uma estratgia bem definida de proteo deste bem, devemos nos preocupar no somente com as perdas, mas tambm com acesso indevido ou at mesmo com o roubo de informaes. O SQL Server 2005 oferece quatro mtodos de Backups e cada mtodo possui caractersticas e dependncias especficas, que so utilizadas pelo DBA para decidir quando cada um ser utilizado na sua poltica de backup. Estes mtodos so: Full Backup; Differential Backup; Transaction Log Backup; Filegroup Backup; Para garantir que a norma do CFM e da SBIS seja atendida temos que realizar backups de dados periodicamente de todos os Bancos de Dados do SGBD, para isso ser utlizado como exemplo a sintaxe de comando de um mtodo de backup que o Full Backup, sempre usando como exemplo o nosso banco CFMSBIS09. Segue abaixo a sintaxe bsica para a criao de um backup full,ou seja , backup completo do banco de dados: USE CFMSBIS09; Restaurao do Banco de Dados A restaurao de um banco consiste, basicamente, em operaes que recriam os objetos da base de dados at um ponto especfico no tempo.Este ponto o momento em que a criao do backup foi realizada e finalizada e que diferente da criao do backup, o processo de restaurao seqencial. Uma observao importante que deve ser considerada que durante todo o processo de restaurao, o banco fica inacessvel para todos os usurios e volta a se tornar acessvel no momento em que o banco estiver no estado Restored , ou seja, quando o backup j est restaurado. O SQL Server 2005 oferece duas formas para a restaurao de backup: atravs do SQL Server Management Studio ou usando comandos Transact-SQL. Em ambos os casos, possvel restaurar todos os tipos de backups. O SQL Server 2005 atravs da interface grfica possibilita ao DBA de realizar um restore de um banco de dados de forma mais simples e sem a necessidade de conhecimento em Transact-SQL para se utilizar o SQL Server Management Studio. As normas do CFM e a SBIS recomenda que todo o sistema de informao utilizado possua a funcionalidade de forar a realizao do processo de cpia de segurana diariamente e que sejam feitos teste de restore a cada 30 dias. O SQL Server 2005 uma ferramenta capaz de cumprir essas normas, esse sistema adotado por inmeras operadoras de plano de sade garantindo assim o cumprimento as leis e normas as quais esto submetidas. Por meio dos comandos da linguagem Transact-SQL pode-se realizar restore e backup. Mas existe tambm a possibilidade atravs do SGBD de criarmos agendamento desses servios utilizando os JOBs , ou seja, trabalhos agendados pelo SGBD para que a realizao de backups e esses devem ser realizados em horrios em que o sistema menos utilizado. Assim como no processo de backup , o processo de restore no SQL Server 2005 oferece quatro mtodos de Restore. Estes mtodos restauram os seguintes tipos de backup: Full Backup; Differential Backup; Transaction Log Backup; Partial Backup. Utiliza-se o mtodo de restore do Backup Full para restaurar com segurana o backup que criamos atravs do mtodo de backup e para isso utilizarei o nosso banco de dados de exemplo o CFMSBIS09. CONSIDERAES FINAIS No desenvolvimento desse trabalho foi notada a importncia de ser adequar s normas do Conselho Federal de Medicina (CFM) e da Sociedade Brasileira de Informtica em Sade (SBIS) se utilizando de recursos tecnolgicos existentes no mercado, o que antes eram bem menos acessveis e de difcil acesso. Atravs do aprofundamento dos conceitos de segurana utilizando o SQL Server 2005 pode-se concluir que esse documento leva ao DBA, mais especificamente para os DBAÂÂ ´s de uma operadora de plano de sade as diretrizes de como se adequar, quais controles e configuraes devem ser feitas no SGBD e tambm na cultura da empresa quanto a poltica de segurana da informao para garantir a integridade e disponibilidade dos dados. Vale observar que para gerar uma poltica de segurana satisfatrio na empresa necessrio evolver o elo mais fraco, que o ser humano, e de nada adianta uma poltica de segurana bem implementada se os que dela se utilizam no o fazem como deveriam. Muitos empresrios vem a segurana da informao como gastos, tendncia de mercado e outros para serem vistos como visionrios e estarem frente da concorrncia, mas o que realmente importa e desejam no perder recursos financeiros e se para isso for preciso investimento em segurana, que seja feita a vontade do DBA de sua empresa. Em todo o processo de criao dessa poltica de segurana deve-se envolver os conhecimentos tcnicos do DBA e estar sempre em sintonia com os usurios dos sistemas, j que estes so o elo importante para o aprimoramento e continuidade da segurana da informao. Quanto ao SGBD da Microsoft, alvo principal desse estudo a fim de se atender as normas do CFM e da SBIS, pode-se considerar que atualmente o SQLServer 2005 capaz de contribuir para um resultado mais dinmico e veloz na busca por informaes nos nveis tticos e estratgicos. Tais informaes so fundamentais para as empresas se manterem atualizadas no mercado cada vez mais globalizado e sem fronteiras. importante ressaltar tambm que o SQL Server 2005, em comparao com outros bancos existentes no mercado como Oracle, Mysql, Postgres, possui mecanismos de segurana muito eficazes, sendo mais fcil de ser configurado. Em fim a poltica de segurana numa organizao essencial para mante-l segura, j que com essa polcia bem implementada, ainda assim no pode garantir 100% de segurana, imagine sem ela a falta de segurana seria ainda maior. Considera-se ainda, que o SQL Server 2005 possui recursos de segurana suficientes para que os usurios possam seguir corretamente as regras impostas pelo DBA e que se essas regras forem deixadas em segundo plano podem vir a surgir problemas que certamente levaro as empresas a um prejuzo de ordem intelectual, estratgico e financeiro incalculvel. Por fim as empresas devem acompanhar a evoluo tecnolgica, mas sem se esquecer da segurana que garantir a continuidade do negcio e no se limitando a solues paliativas de problemas isolados, deve investir em uma poltica de segurana contnua protegendo o bem mais valioso que a informao. REFERNCIAS ANS Resoluo Normativa n. 153, 2007. Disponvel em https://www.ans.gov.br/portal/site/_hotsite_tiss/pdf/rn153.pdf. Acessado em: 15 de Agosto de 2009. Battisti, Jlio. SQL Server 2005 Administrao Desenvolvimento Curso Completo. Traduo: Gisella Narcisi. 1. ed. Rio de Janeiro: Axcel Books, 2005. Brazo, Adriano. Administrando a segurana no SQL Server parte I Bsico, 2009. Disponvel em https://www.bf.com.br/a rtigo_details.aspx?ID=129. Acessado em: 29 de Agosto de 2009. Chapple, Mike. Microsoft SQL Server 2008 para Leigos For Dummies. Traduo: Lia Gabrieli. 1. ed. Rio de Janeiro: Alta Books,2009. Dewson, Robin. SQL Server 2005 para Desenvolvedores do Iniciante ao Profissional. Traduo: Betina Macedo. 1. ed. Rio de Janeiro: Alta Books,2006. SITES PESQUISADOS: https://www.developer.com/services/ https://www.webservicesarchitect.com/ https://www.w3.org/2002/ws/ https://en.wikipedia.org/wiki/List_of_Web_service_specifications https://www.dextra.com.br/empresa/artigos/webservices.htm Enclicopdia Livre, Wikipdia, Web service, 2009. Disponvel em https://pt.wikipedia.org/wiki/Web_serviceAcessado em: 28 de Dezembro de 2009. FERREIRA, Adriana, Principais Caractersticas do PostgreSQL, 2004. Disponvel em https://www.sqlmagazine.com.br/Artigos /Postgre/01_Caracteristicas.asp. Acessado em: 25 de Setembro de 2009. Leo, Beatriz de Faria, Alves, Cludio Giulliano da Costa e Silva da, Marcelo Lcio e Galvo, Stanley da Costa. Manual de Certificao para Sistemas de Registro Eletrnico em Sade (S-Res), 2009. Disponvel em https://www. cfo.org.br/download/pdf/manual_certificacao_sbis-cfm_2009_v3-3.pdf. Acessado em : 15 de Agosto de 2009. Paiva Pontes, Herleson Criao e Restaurao de Backup no SQL Server 2005 Parte I, 2008. Disponvel em https://www.devmedia.com.br/articles /viewcomp.asp?comp=4417. Acessado em: 19 de Setembro de 2009. Paiva Pontes, Herleson Criao e Restaurao de Backup no SQL Server 2005 Parte Ii, 2008. Disponvel em https://www.devmedia.com.br/articles /viewcomp.asp?comp=6193Acessado em: 19 de Setembro de 2009. Paiva Pontes, Herleson Criao e Restaurao de Backup no SQL Server 2005 Parte III, 2008. Disponvel em https://www.devmedia.com.br /articles/viewcomp.asp?comp=6323 Acessado em: 19 de Setembro de 2009. FREITAS, Andrey, A histria do SQL server Disponvel em https://sqlserversecurity.blogspot.com/. Acessado em: 15 de Agosto de 2009. Resoluo CFM n 1.638/2002, 2002. Disponvel em https://www.portalmedico.org.br/resolucoes/cfm/2002/1638_2002.htm. Acessado em: 17 de Outubro de 2009. Resoluo CFM n 1.639/2002, 2002. Disponvel em https://www.portalmedico.org.br/resolucoes/cfm/2002/1639_2002.htm. Acessado em 19 de Setembro de 2009. Resoluo CFM n 1.821/2007, 2002. Disponvel em https://www.portalmedico.org.br/resolucoes/cfm/2002/1621_2007.htm. Acessado em: 17 de Outubro de 2009. Revista SQL Magazine Edio 22 Backup, 2005. Disponvel em https://www.devmedia.com.br/articles/viewcomp.asp?comp=5900.Acessado em :08 de Agosto de 2009. Revista SQL Magazine Edio 23 Segurana no MySQL, 2005. Disponvel em https://www.devmedia.com.br/articles/viewcomp.asp?comp=6019hl=Acessado em: 31 de Outubro de 2009. Revista SQL Magazine Edio 29 Oracle Fashback, 2006. Disponvel em https://www.devmedia.com.br/articles/viewcomp.asp?comp=6622.Acessado em: 08 de Agosto de 2009. Revista SQL Magazine Edio 59 SQL Server e Oracle, 2008. Disponvel em https://www.devmedia.com.br/articles/viewcomp.asp?comp=11064.Acessado em: 08 de Agosto de 2009 Rosa, Adriana Conceito sobre Banco de Dados, 2008. Disponvel em https://www.adrianorosa.com/artigos.asp?categoria=banco%20de%20dadoscod=495548artigo=conceito-sobre-banco-de-dados Acessado em: 08 de Agosto de 2009. Smola, Marcos. Como ser nossa relao com a informao em 2019?, 2009. Disponvel em https://www.semola.com.br/disco /Coluna_IDGNow_107.pdf. Acessado em: 29 de Agosto de 2009. Smola, Marcos. Em segurana da informao, menos pode ser mais, 2006. Disponvel em https://www.semola.com.br/disco /Coluna_IDGNow_77.pdf. Acessado em: 29 de Agosto de 2009. Smola, Marcos. Segurana em aplicaes public key infrastruture ready, 1999. Disponvel em https://www.semola.com.br/disco /Coluna_IDGNow_14.pdf. Acessado em: 29 de Agosto de 2009. Smola, Marcos. Segurana tolerncia zero, 2006. Disponvel em https://www.semola.com.br/disco/Coluna_IDGNow_72.pdf. Acessado em: 29 de Agosto de 2009. Smola, Marcos. Segurana: muito mais do que tecnologia, 2000. Disponvel em https://www.semola.com.br/disco/Coluna_IDGNow_18.pdf. Acessado em: 29 de Agosto de 2009. Site Oficial da Microsoft, Aprimorando a Segurana de Dados por meio do SQL Server 2005, 2009. Disponvel em https://technet.microsoft.com/pt-br/library/bb735261.aspxAcessado em: 19 de Setembro de 2009. Vieira, Luiz Segurana da Informao: necessidades e mudanas de paradigma com o avano da civilizao, 2009. Disponvel em https://imasters.uol.com.br/artigo/13075/seguranca/seguranca_da_informacao_necessidades_e_mudancas_de_paradigma_com_o_avanco_da_civilizacao/. Acessado em: 25 de Setembro de 2009. Wolf Oselka, Gabriel E Lipke, Ana Maria Cantalice. Resoluo CFM N 1331/89, 2002. Disponvel em https://www.conarq.arquivonacional.gov.br /cgi/cgilua.exe/sys/start.htm?infoid=155sid=55. Acessado em: 22 de Agosto de 2009. Zapater, Mrcio e Suzuki, Rodrigo. Segurana da Informao, 2005. Disponvel em https://www.promon.com.br/portugues/noticias/download /Seguranca_4Web.pdf. Acessado em: 08 Agosto de 2009.

Supply Chain Management By Nature Essay - 788 Words

Trade and Supply Chain Supply chain management by nature depends on the relationships and networks. There are some relationships that play a significant role in attaining supply chain success. The word â€Å"relationship† covers a broad area in supply chain management. Strategic relationship, transactional relationship and internal relationships are just a few of the relationships types in supply chain management. Within the supply chain, there are working relationships between supplier and customers. These relationships are called partnerships. The use of strategic alliances and joint ventures are becoming more popular with a rising number of multinational companies. An alliance is considered an agreement between two or more companies from different countries in supply chain activity ranging from research and development to sales. Supply Chain Relationship between Solomon and Hiram Solomon and Hiram work together to build a temple. 1Kings 5:7 states â€Å"When Hiram received Solomon’s message, he was very pleased and said â€Å"Praise the Lord today for giving David a wise son to be the king of a great nation of Israel†. This is a testament of Solomon and Hiram working together and creating a partnership. This agreement forms a mutual benefit - that is building a temple to honor the name of Lord. Normally when acquisitions occur, another company and its assets are being obtained by the acquiring companies. This sometime leads to unsatisfying employees. It may take years toShow MoreRelatedCompetitive Supply Chain Relationship Management Essay1416 Words   |  6 PagesCOMPETITIVE SUPPLY CHAIN RELATIONSHIP MANAGEMENT PRACTICES IN ORGANIZATIONS PRACTICES THROUGH COMPETITIVE PRIORITIES. Over the years, the competition landscape for most companies has shifted from the highest-quality, lowest priced product or best performing product to the ability to respond to market needs quickly and get the right product at the right time to the right customer. This has in turn forced organizations to compete with their supply chain. Understanding supply chain management and puttingRead MoreRobin Van Persie1682 Words   |  7 PagesGreen Supply Chains * According to Handfield and Nicols 1999, the nature of how supply chains are defined as â€Å"supply chain contains all activities that involve the flow and transformation from raw materials†. Following on from this description I will describe the nature, first of all, the supply chain is a network of facilities that distribute and output the performance from their findings of raw materials that which associates themselves with the products that already exist in supply chainsRead More Apply Chain Management vs Traditional Mananagement Systens Essay1406 Words   |  6 Pagescustomers. (FORMAN WEB 13). Supply chain management and customer relationship management are some of the many systems used by firms to accomplish the aforementioned functions. Before comparing Supply Chain Management and customer relationship management systems to Tradition Systems, a brief description of Supply chain management and the activities it involves is fully warranted. This brief easy attemp ts to compare and contract SCM and CRM systems to traditional management systems in terms of approachesRead MoreManaging the Complexities of the Change Process Relating to Supply Chain Performance1093 Words   |  4 PagesManaging The Complexities of the Change Process Relating To Supply Chain Performance Introduction With every industry facing greater turbulence and uncertainty there is a corresponding urgent need for concepts, frameworks, models and methodologies that provide enterprises with greater intelligence and agility in responding to threats and opportunities. The unique or special series of issues that complicate the change process are detailed in this analysis. Of the many industries faced with theRead MoreCase Study : Supply Chain Management1004 Words   |  5 PagesDiary Flat Highway, Albany, Auckland – 0632. Assignment – 2 Supply chain optimisation Introduction A supply chain management may be defined as the process involving all the activities like planning, organising, implementing and controlling the cost effective flow of goods from the point of origin to the point of consumption. This involves various other activities which is required to add value to the product along the supply chain like procurement, sourcing and conversion of the products. ThereRead MoreSupply Chain Management : Supply Chains1476 Words   |  6 Pages1.3 Supply Chain Supply chains encompass the companies and the business activities needed to design, make, deliver, and use a product or service. Businesses depend on their supply chains to provide them with what they need to survive and thrive. Every business fits into one or more supply chains and has a role to play in each of them. The pace of change and the uncertainty about how markets will evolve has made it increasingly important for companies to be aware of the supply chains they participateRead MoreDHL: Service Quality1646 Words   |  7 Pagesaffects an organization. It is therefore going to help us relate these to DHL as a company, and help us look at ways through which they can be used as a guide to related companies. Question 1: How does service quality relate to the purchasing/supply chain function? Service quality is an important competitiveness determinant, and should be considered by an organization as key to differentiating itself from other organizations. An organization can use service quality to set itself apart from otherRead MoreQuiz Questions On Supply Chain Management1170 Words   |  5 PagesQuiz 1 Supply chain management Supply chain management: It is defined as effective control of flow of material, information and finance in a network consisting of suppliers, manufacturers, distributors and customers. Schematic representation: Effective functioning of supply chain requires †¢ Coordination: proper coordination should exist in supply chain to meet the demands of the customers at right time, right place with right quality †¢ Collaboration: there should be proper collaboration betweenRead MoreSupply Chain Management : Practice, Theory, And Future Challenges Essay999 Words   |  4 Pages Supply Chain Management: Practice, Theory, and Future Challenges Name Institution â€Æ' Abstract Purpose – To analytically assess current changes in the theory and practice of supply management and through this assessment identify possible barriers, and key trends. Design approach – The paper is based on an exhaustive study of eight supply chains which included ten companies in America. Managers from at least four levels of the supply chain were interviewed, and the supply chains were outlinedRead MoreSupply Chain Plan For N S Company1460 Words   |  6 Pages Supply Chain Plan for NS Company Ninderjit Kaur MGMT 444 Supply Chain Plan Availability and quality of suppliers N S is an established organization and the issue of supplies would not really be stressful. However, entry into the new country as a subsidiary company requires the identification of new suppliers for raw materials necessary in the production process. The new market is still within the developed countries and has a stable distribution of supplies necessary for the running

Discipline Its Members Differently Scrutiny â€Myassignmenthelp.Com

Question: Discuss About The Discipline Its Members Differently Scrutiny? Answer: Introducation A companys code of ethics and professional behaviour include the principles every staff member is expected to follow. Such principles are aimed at guiding the decision-making and behaviour at the workplace. Typically, such codes considerably impact workplace practices, as the employees will comply with these principles while working, however, the accounting of impact a code has, is based on how the company uses it. This is because, without strict execution by the business, the employees may not even be aware of the ethics code in the company. Hence, it becomes the responsibility of people in authoritative positions, like a manager, to lead by example so that their subordinates can learn from them and inculcate ethics in their work (Baker Comer, 2011). In the present report, a financial accountant working at a managerial level has been interviewed face-to-face to understand how the code of ethics impact their work life and attitude toward work. This financial accountant is employed w ith a private firm. Besides this, research has also been conducted on a professional accounting body to comprehend the issues that arise from it and how it polices its codes. Series Of Interview Questions As the goal of the present report is to investigate how professional behaviour and ethics impact individuals in their real work life, hence below mentioned interview questions have been formed: Q1. Does your company have a well-documented code of ethical conduct and professional behaviour? Q2. If your answer to the above question is Yes, then what is your awareness level regarding concerned policies and procedures? Q3. Does your company require ethics training? Q4. Are there adequate procedures in place to report an unethical behaviour? Q5. Is ethical behaviour a norm in your company? Q6. If yes, how does it impact your working attitude and professional behaviour? Q7. Is unethical behaviour penalized in your company? What are the implications of breaching the companys codes? Q8. Does the presence of a penalizing system impact how you approach ethics at the workplace? Q9. Is ethical conduct rewarded in the company? Q10. Do the senior managers of the company display high ethical standards? Q11. What is the amount of pressure you feel in your company to get involved in what is deemed as unethical behaviour? Conducting The Interview A1. The company has a properly documented and communicated code of ethics in place. This Code outlines the basic ethical dos and doesn't and it also outlines what a member should do when faced with an ethical dilemma. There are several courses of action; one is required to take as per the Code when faced with some ethical issue. Though this does not provide a complete solution to a problem, it definitely guides in decision-making. A2. My personal awareness level with the companys Code of Conduct policy is very high. I am totally aware of what is expected out of me in terms of my professional conduct and behaviour. Apart from me, I strongly believe that my colleagues and subordinates are also aware of the companys policies because it reflects in their workplace behaviour. Moreover, our organization ensures that every member is introduced with the Code at the time of Induction. A3. Ethics training is given time-to-time because accounting ethics education is seen by our management as a promising remedy for addressing the ethical crisis facing our profession. Despite having a full-proof code of conduct, we also face ethical issues time and again and hence provision of ethics training is imperative. A4. Yes, there are clearly defined procedures for reporting any unethical or illegal behaviour observed in the company. There are whistleblower resources which an employee can use to bring to notice any such act. The identity of the whistleblower is completely confidential, and hence people do not have a second thought about making waves regarding any such unprofessional conduct. In fact, our organization has set up an Office of Ethics and Compliance for overseeing these matters. Hence, employees are always encouraged to report their concerns. A5. I would not say it is 100% a norm, but the majority of us try to embody ethics in our workplace behaviour. Most of the managers try to lead by example, and their subordinates try to follow the lead. However, we have not been immune to any unethical or unlawful act. There have been instances when a few people place their self-interests above the professional requirements. They get induced by gifts, self-interest, self-review or familiarity to the client. A6. Personally, I always stick to ethical norms and rules of professional conduct at work. I stay away from any such thing that can hamper my objectivity and integrity. Moreover, being on a managerial level, I have to set an example for my subordinates. I work with professional competence and due care, always defend the confidentiality of information at hand and comply with applicable rules to avoid doing anything which may discredit my position and profession. A7. Yes, ethical behaviour is definitely penalized at our company. The case is first overseen by the Office of Ethics and Compliance. The people there look at the severity of the misconduct and then decide a suitable punishment. If the breach is regular, then the employee is given a warning and his work is monitored for a long time. If the violation is severe, the Office takes the case to a review panel in the management, or an independent review panel if the management is at fault. The maximum punishment ranges from suspension to expulsion. A8. Although I am naturally guided to work ethically, the presence of a penalty system definitely helps me stay away from even the thought committing a wrongful act. A9. There is a proper mechanism for rewarding people who report unethical misconduct because the information of the whistleblower is kept confidential and hence no one can know reported the issue. However, that individual is definitely appreciated by the management, and this thing is considered during his/her performance evaluation. So, it is not completely the case that there is no motivation behind reporting unprofessional behaviour. A10. To the extent I know, most of the senior people in my company practice and preach ethical and professional conduct. The managers are very cautious about their position in the company and do not want to disparage it. A11. I definitely feel the pressure to not engage in any unethical activity because the people around me are also acting in moral ways plus there is always the fear of negative implications associated with the violation. Ethics issues and codes to police them All through 2001 and 2002, financial scandals in Australia and the USA exhibited how the efficacy of the financial market is underpinned by the assumptions of ethical behaviour and trust of corporate managers. The collapse of firms like OneTel and HIH Insurance in Australia, and Global Crossing, Enron and WorldCom in the US has resulted in a loss of trust in the system of financial accountability and reporting by the investing parties. The CPA Australia was researched to identify the ethical issues facing the accounting profession and how it polices its codes (BPP Learning Media, 2016). In discharging their professional duties, members of the body, i.e. the CPAs are expected to comply with auditing and accounting standards outlined in the AASB respectively. They are also obligated to conform to tax rules promulgated by regulatory and government bodies. Like in other professions, some accountants face ethical dilemmas. Most cases of violations could be categorized as either regular ethical dilemmas which are simple to resolve or as complicated cases who resolutions are difficult to achieve (CPA Australia Staff, 2013). These ethical dilemmas include payroll confidentiality, conflict of interest, fraudulent or illegal activities, pressure from the top to inflate earnings, and customers requesting manipulation of financial records to name a few. Compliance with the basic principles and code of ethics laid down by the Accounting Professional and Ethical Standards Board (APESB) might be potentially threatened by a wide spectrum of circumstances (Leung, Coram Cooper, 2012 ). Several threats belong to the below-mentioned categories: Self-review E.g. discovering considerable error while re-evaluating work of professional accountant; reporting operation of financial systems after being part of their design and/or execution; prepared the initial data utilized for generating records which pertain to the engagement (Marley Pedersen, 2015). Self-interest E.g. monetary interest in a client or having joint monetary interest with a client; contingent fee pertaining to an assurance engagement; having close ties with the client, likely future employment with the client (De Cremer et al., 2011). Familiarity E.g. an engagement team member having immediate family or close relations with client officer or employee, who can exert significant and direct influence on the subject matter; accepting preferential treatment or gifts from client, unless the gift value is evidently immaterial, long-term connection of senior people with assurance client (Shafer, 2013). Advocacy E.g. promoting shares in a listed company when the company is a client; serving as an advocate on the part of an assurance customer in disputes or litigation with third parties (Bazley, Hancock Robinson, 2014). Intimidation - E.g. being coerced with litigation, replacement or dismissal pertaining to client engagement; being forced to decrease the amount of work wrongly to mitigate fees (Cunningham et al., 2014). Exhibit 3 emphasizes the different violations done by practising CPAs. As identified by Tidrick, there were 327 cases where the institute penalized members between 1980 and 1990. Of these: 41 pertained to domain of technical standards 37 concerned failure to cooperate with an inquiry or abide by its requisites 28 related to acts discreditable (CPA Australia Staff, 2013) 21 pertained to breach of general 7 were independence breach 170 ethics cases were identified from Jan 1994 to December 1995 in 32 states in the country by Badawi and Rude who surveyed the bodys CPA letters during that period. The most often breached rules were: Rule 202 Conforming to standards Rule 203 Accounting Principles Rule 501 Acts Discreditable (BPP Learning Media, 2016) Rule 201 A Due Professional Care Rule 201 B Due Professional Care Of these 170 cases, 38 involved crime and criminal-related convictions, spanning from making incorrect claims to a federal agency to mail fraud to conspiracy and bank fraud. Rest of the cases involved everything from hiding assets, impediment of justice, money laundering, bribery and theft, and even murder (Trevino Nelson, 2016). APESB, is an autonomous body which was set up in 2006 by CPA Australia and Chartered Accountants in Australia and New Zealand, to reorganize its Rules of Conduct and set up the APES 110 Code of Ethics for Professional Accountants (Code) in 2006. This is the code that members of this professional body know and follow now. Exhibit 2 states the contents of the Code which has two segments. The first one titled Principles has six articles concerning the basic norms of ideal conduct, widely highlighting the responsibility of accounting profession to the clients, public and other practitioners (Bennie Mladenovic, 2015). This Code is binding on every practising as well as non-practising CPA who is a member of the Institute. They should conform to the majority, but not all, of the norms mentioned in the conduct in every type of engagement or be ready for disciplinary actions. Penalties for violation Besides entering a Joint Ethics Enforcement Program, the CPA Australia, as well as several state CPA societies, have an ethics committee for hearing complaints. Both these societies can also act autonomously on a case or can consent to taking the case to CPA Australia trial board panel. This panel has the authority to: a) acquit the member; b) admonish the member; c) suspend the membership for two years; and d) expel the member (Van Akkeren Tarr, 2014). The CPA Australia bylaws (not the Code) rule automatic expulsion of members who have not file tax returns, committed a crime or assisted in the preparation of fraudulent and false tax returns. CPA Australia penalties for ethical misconduct and wrongdoing range in severity. In several cases, the panel suspends or reprimands a CPA, obligating the member to finish a definite number of hours of continued professional education. The objective is to help the member acquire a suitable degree of professional awareness and competence (Bampton Cowton, 2013). Though aimed at a positive resolution, the CPE demands are same as serving time. People who do not meet these CPE conditions are made responsible for acts discreditable to the professions and debarred as second-time offenders. State accountancy boards also have their individual norms of conduct and panels for enforcing them. These boards can reprimand a member, but, they can also revoke or suspend the license to practice. This is a very severe penalty because the punished individual will no longer be able to use the title CPA and hence will not be able to sign audit reports. On the other end, when the CPA Australia expels a CPA, it does not prevent him/her from continue practising accounting (Abbott, 2014). However, the body can suspend or expel the membership, and the person should eliminate any mention of his/her connection with the CPA Australia or the states CPA society from their website, letterheads and other materials used in the office. CPAs whose violation of ethics need some kind of corrective measures might also be subject to more monitoring by the body. For instance, the CPA may have to recruit an unaffiliated accounting company to audit the formers work, like financial statements he made for a customer. Such monitoring might go on a frequent basis for a long-time period (Henderson et al., 2015). ; Differences And Similarities In Expectations While there are some differences in the way professional bodies and individuals working in accounting profession adhere to codes, there are some similarities as well. It is believed that supported by a robust ethical culture, every accountant could be immensely effective in playing his/her key role drawing on both their comprehension and training of professional ethics, plus their abilities in auditing, assessing and acting on management information to help their companies and clients in achieving long-run sustainability. While some accountants may get induced to go the unethical way, professional bodies are always very strict as far as their rules are concerned (Cameron O'Leary, 2015). Compliance with these rules is their top-most agenda, and they have stringent measures in place to police any wrongful behaviour. On the other hand, some accounting professionals may not keep their interests first before that of their profession and hence not follow the ethical path. It could be alluring to lie low and not respond as required when faced with an ethical issue. However, for accountants with high integrity, they owe it to their profession, career and community to react to breaches they may find rather than being complicit in illegal activities (Knechel, Salterio, 2016). Barriers to proper adherence to codes of professional conduct could be a) the organization does not have a well-documented and communicated code of standards and ethics; b) if there is a code of ethics, it is not advocated by the leaders; c) the individual does not understand the code of ethics and has ethical dilemmas; and/or d) despite awareness of code of ethics, the person chooses to give priority to self-interest (Muzio et al., 2016). Reflection Thinking about my career in the accounting industry, I have come to realize that as an Accountant, I will be handling a broad spectrum of sensitive and privileged data in my routine tasks. Moreover, because I will be working with numbers which may have implications on stock prices and bonuses, I might also be faced with ethical issues. However, I need to make sure that I never let such dilemmas get to me and I always follow the path of ethics. This is because, if during the very beginning of my career, I indulge in fraudulent activities or get induced, I may face serious repercussions like being suspended or even expelled (Sheehan Schmidt, 2015). In order to always perform in the correct interests, if ever I am faced with a dilemma or issue, I will first identify whether it is regulated by policy or law. For this, I would look up the Code established by the APESB plus the policies and procedures book of my employer. These will help me if I am not certain about the ethics of a case I am confronting. Secondly, I would assume an outsiders view, i.e. when I was a student, what I learnt about accounting ethics. Separating the issue from the professional and personal feelings will help me view the issue in a different light (Half, 2017). I will also think about the stakeholders, people or companies that will be impacted by the issue or by my decision to take or not take a certain action. Lastly, if I am required to report an illegal or unethical conduct of my employer or colleague, I would seek legal counsel either from an autonomous firm or in-house or will resort to the whistleblowing resources of my company. Though an in-house protocol may not provide a sure-shot solution, but it will certainly direct my decision making (Baada-Hirche Garmilis, 2016). Conclusion Accounting offers vital and valuable services to both private and public sectors essentially to everyone who utilizes information. These services are normally discharged by honourable, qualified professional with a robust sense of public duty. Nonetheless, similar to other professions, there are unethical professionals whose behaviour must not belittle the whole profession (Mescall, Phillips Schmidt, 2017). For regulating such critical profession and assure its integrity, people licensed to practice accounting are subject to rules and laws of the professional bodies like CPA Australia and State Boards of Accountancy. Such boards are government bodies comprising of non-CPA and CPA officeholders. CPAs who work for private companies are also subjected to the code of ethics of these groups. Although there is not sufficient literature on this matter, violations of accounting codes are being looked into, judged and being exposed publicly. The penalties for violations range from suspensio n to expulsion (Shafer, Simmons Yip, 2016). References Abbott, A. (2014).The system of professions: An essay on the division of expert labor. University of Chicago Press. Baada-Hirche, L., Garmilis, G. (2016). Accounting Professionals Ethical Judgment and the Institutional Disciplinary Context: A FrenchUS Comparison.Journal of Business Ethics,139(4), 639-659. Baker, S. D., Comer, D. R. (2011) Business ethics everywhere: An experiential exercise to develop students ability to identify and respond to ethical issues in business. Journal of Management Education, 36, 95-125. Bampton, R., Cowton, C. J. (2013). Taking stock of accounting ethics scholarship: A review of the journal literature.Journal of Business Ethics,114(3), 549-563. Bazley, M., Hancock, P. Robinson, P. (2014) Contemporary Accounting PDF. Cengage Learning. Bennie, N. Mladenovic, R. (2015) Investigation of the Impact of an Ethical Framework and an Integrated Ethics Education on Accounting Students Ethical Sensitivity and Judgment. Journal of Business Ethics, 127(1), 189-203. BPP Learning Media. (2016) CPA Australia Ethics and Governance: Passcards. BPP Learning Media. Cameron, R. A., O'Leary, C. (2015). Improving ethical attitudes or simply teaching ethical codes? The reality of accounting ethics education.Accounting Education,24(4), 275-290. CPA Australia Staff. (2013) Auditing, Assurance and Ethics Handbook. Pearson Australia. Cunningham, B., Nikolai, L., Bazley, J., Kavanagh, M., Slaughter, G. Simmons, S. (2014) Accounting: Information for Business Decisions. Cengage Learning. De Cremer, D. D., Dick, R. V., Tenbrunsel, A., Pillutla, M., Murnighan, J. K. (2011) Understanding ethical behavior and decision making in management: A behavioral business ethics approach. British Journal of Management, 22. Half, R. (2017) Ethical Issues in Accounting: 4 Pieces of Advice. [Online]. Available through: https://www.roberthalf.com/blog/salaries-and-skills/ethical-issues-in-accounting-4-pieces-of-advice . [Accessed on 26 September 2017]. Henderson, S., Peirson, G., Herbohn, K., Howieson, B. (2015).Issues in financial accounting. Pearson Higher Education AU. Knechel, W. R., Salterio, S. E. (2016).Auditing: Assurance and risk. Taylor Francis. Leung, P., Coram, P. Cooper, B. (2012) Modern Auditing and Assurance Services, Google eBook. John Wiley Sons. Marley, S. Pedersen, J. (2015) Accounting for Business: An Introduction. Pearson Higher Education. Mescall, D., Phillips, F., Schmidt, R. N. (2017). Does the Accounting Profession Discipline Its Members Differently After Public Scrutiny?Journal of Business Ethics,142(2), 285-309. Muzio, D., Faulconbridge, J. R., Gabbioneta, C., Greenwood, R. (2016). Bad barrels and bad cellars: a boundaries perspective on professional misconduct. Shafer, W. (2013) Ethical Climate, Social Responsibility, and Earnings Management. Journal of Business Ethics, 126(1), 43-60. Shafer, W. E., Simmons, R. S., Yip, R. W. (2016). Social responsibility, professional commitment and tax fraud.Accounting, Auditing Accountability Journal,29(1), 111-134. Sheehan, N. T., Schmidt, J. A. (2015). Preparing accounting students for ethical decision making: Developing individual codes of conduct based on personal values.Journal of Accounting Education,33(3), 183-197. Trevino, L. Nelson, K. (2016) Managing Business Ethics: Straight Talk about How to Do It Right. John Wiley Sons. Van Akkeren, J., Tarr, J. A. (2014). Regulation, compliance and the Australian forensic accounting profession.Journal of Forensic and Investigative Accounting,6(3), 1-26.

Terminator and the Matrix Essay Example

Terminator and the Matrix Essay The dictionary term for stereotyping is a fixed image or idea of a type of person or thing that is widely held. Stereotyping was very popular towards women before the 1980s. This was called sexism. Women were treated very badly for instance there was talk of a glass ceiling, this was a term used to describe how women were prevented to reach top positions. Stereotyping can be used in a number of ways. One way was in films, such as Legally Blond and Miss Congeniality. The act of stereotyping in the film Legally Blond is when a woman is portrayed as a Barbie doll. Then takes advantage of her looks and uses it to get what she wants. Soon after she was finally, respected or her brain than her choice of style. However Miss Congeniality is known for a different and unexpected type of stereotyping. This time the main character was shown quite manly. Subsequently she went through a process of becoming very feminine. Those films prove that it might be difficult but woman can do practically anything that men can do. We will write a custom essay sample on Terminator and the Matrix specifically for you for only $16.38 $13.9/page Order now We will write a custom essay sample on Terminator and the Matrix specifically for you FOR ONLY $16.38 $13.9/page Hire Writer We will write a custom essay sample on Terminator and the Matrix specifically for you FOR ONLY $16.38 $13.9/page Hire Writer In both films the Terminator and the Matrix stereotyping has been used frequently and very blatantly. For instance in the film Terminator, Sarah Connor is represented as a typical girlish woman. This is revealed the audience when her only outfits are mostly pink. In contrast to Sarah, Trinity has been represented stereotypically as well, however in the complete opposite of Sarah Connor. For example she has been shown very manly and heroic, this through the CGI which makes trinity perform special powers. Also the choice of Trinitys name is ironic because it is quite feminine, which would be given to someone who is very womanly. Whereas at the, beginning of the film Trinity comes across as a dark and mysterious person. This is given away in different aspects of he the film such as in the intro the soundtrack is very tense and wiry. The director also made the music fast and high tuned during the chase scene between Trinity and Mr Smith. This emphasises the fact that there is action going on. The effect of this can let the viewers really feel and imagine what Trinity is thinking and doing. Following a different area of the film the lighting reveals a lot about Trinitys personality. When introducing the film it is very dark and spooky with a few spot lights from the policemens torches. This achieves the introduction of Trinity to be very dark and tense. It also gives the setting a very scary atmosphere; this edges the reader to anticipate what, might happen next. The lighting, as well, is very dim in the first shot of her. This shows Trinity to be androgynous; it creates a sense of mystery to what sex she is. And as it changes to a close up shot of Trinity confirms that she is a woman. It also reveals in that scene that she is calm and in control, even though there was many police men with guns right behind her. However she still seems to be androgynous through her choice of costume and make up. For instance in a shot of Trinity she is wearing a P.V.C, black cat suit which represents her strength and power. This is also expressed from the bold, strong colour of her black clothes. Even when she goes out, other than wearing a dress, she still dresses down by wearing the same colours and no jewellery. This gives the audience an impression of how mature, independent and strong she is. She is, coincidently as the men around her, this shows the director wanted to present that Trinity is no different to any one else. Her natural use of make-up portrays her as a man, such as the way she always has her hair tied back even in a club. This explains to us that she doesnt look like shes trying to impress or attract any one. I think the director did this whole plain look of Trinity to make people see how different women have different qualities. The special effects used in the Matrix lets Trinity seem very heroic. This done through CGI, computer generate imagery. One example of this is when she could jump a long distance, from one building to another. The CGI used in this is demonstrating that gravity has no effect on trinity. Whereas the police men chasing after her didnt even try to imitate trinity because they knew it was impossible. This proves that Trinity has the ability to do skills that men cant do, let alone skills that are ridiculously not possible to humans. Therefore she is superhuman. For instance Trinity uses her own powers instead of using and relying on guns, which is a contrast to the policemen. This gives the viewers an impression that women can be stronger than men. Another way that showed Trinity to be heroic is when Trinity manages to get out of a situation when she was about to give up. By persuading and forcing her to overcome her fear and carry on. This will most likely inspire women all over the worl d to be just like her. On the other hand Sarah is a complete different character to Trinity. This time, Sarah has been shown different in ways that are quite sexiest. Starting of with the soundtrack, this was very gentle in the introduction of Sarah Connor. I think the director did this so that Sarah can come across very innocent and sweet almost like a child. However as the viewer gets into the film the music changes into heart beat sound while Sarah walks outside by herself at night. This gives a tense atmosphere and makes you feel as if something is going to happen. We also get the sense that Sarah feels the same, thats why she went into a night club. Coincidently it has a lot of people in it. The atmosphere in the club was very jumpy. It had fast music and flashing lights which reveals how desperate Sarah might have felt. The fact that she has to go to a club shows she doesnt have enough confidence and the ability to defend herself. Therefore she is exposed to be a helpless victim. However she also sho ws some intelligence because Sarah probably knew that whoevers behind her has a less chance of capturing her in a crowed place. I think the director used the lighting to make Sarah seem even more ladylike. For instance, in one scene as she goes to work the lighting is very bright and sunny. Also the music almost sounds like s harmony. This emphasises Sarahs feminist side. The directors decision of clothing is very such as in her job, the colours used in Sarahs outfits are very feminine. She constantly wears pink for instance the first shot of her is in a soft pink jacket. This gives the impression of Sarah gentle, calm and soft. Her uniform is quite skimpy and pink as well, which is not a unisex colour therefore the job of waiting in a fast food restaurant was often only meant for women also that Sarah doesnt mind. Finally her nightgown has cartoon characters, of the Jetsons, on it. This tells us that she is immature and childlike. Plus she uses a lot of make-up. I know this from a scene where he adds on more make-up no top of the make-up she already has on just because she is going out. The whole image of he was down so that she portrayed as a dome blond. Since this was made in the 1980s I think women were preceded that way. I n Sarahs case no special effects were used this demonstrate that she is ordinary, normal and just like us. However there were different ways in showing what Sarah is like. In the scene where Sarah is in a night club she tries to call someone. I suppose the phone symbolises how scared she is and how frantic she is for help. Also the scene before she goes to work she talks to a statue, this stresses the point that she is very juvenile and babyish. If we compare the two we find out that they both conflict each other. And they both represent their character in different ways, for instance Trinity is shown to be very independent and strong. Such as in a scene a police man is being patronises towards Trinity by saying whats one little girl going to do. This is ironic because later on Trinity manages to defend herself. By attacking about half a dozen police men, which each had a gun, and out run them to. Also in the club scene, when Trinity meets Neo, Neo is shocked to find out that Trinity was actually a girl. This is made known when he says youre Trinity? This is stereotyping Trinitys abilities, which reveals that Neo is quiet sexist, that he thinks only a job like cracking into computers is done by men. Sarahs character can be known in the scene where her boyfriend cancelled on her up but yet she didnt react like an upset girlfriend would do, this shows a weakness to her personality that she is too lenient. It also seems like they both live in parallel worlds. This highlights the point of how the world has changed from 1980 to the 1990s. And how it has grown from women being stereotyped to them gaining the rights they deserve.