Green Building Certification in Malaysia

Green Building Certification in Malaysia ABSTRACT Green Building is very famous in advanced country like USA, Australia, Europe, Japan and Korea. These countries started to develop green building ratings since 20 years ago. However, Malaysia had recently launched of Green Building Index (GBI) but it is still early stage. This introduction signifies a new benchmark for Malaysia building and industry. This research purpose is to find out the implementation green building certification in Malaysia. Three main research objectives are addressed: i) the benefits of green building in Malaysia. ii) the barriers of implementation of green building in Malaysia, and iii) the potential of green building development in Malaysia. Questionnaire has been distributed to the different developer firm to get respondents answer. Throughout the surveys, the view of advantages of green building has been identified. Besides that, the barriers and solutions of implementing green building in Malaysia also have been identified. CHAPTER 1 1.0 INTRODUCTION 1.1 Title A study on Green Building Certification in Malaysia 1.2 Problem Statement Green Building is very famous in advanced country like USA, Australia, Europe, Japan and Korea. These countries started to develop green building since 20 years ago. However, the recent launch of the Green Building Index (GBI) in Malaysia, it is still in the early stage. Due to the reason that green building is a new concept in Malaysia, therefore, a research was conducted in order to study on green building certification in Malaysia. 1.3 Aim and Objectives 1.3.1 Aim To study the implementation of Green Building Certification in Malaysia 1.3.2 Objectives The objective is to: To determine the benefits of green building in Malaysia To determine the barriers of implementation of green building in Malaysia To identify the potential of green building development in Malaysia 1.4 Background Environmental activists have called us to go green for years. The typhoon that recently hit the Philippines and a series of earthquakes that rocked Indonesia are also clear indications that we need to put much more effort into going green to ensure Earths sustainability. Malaysia has recently introduced Green Building Index; it is the first certification tool. The green rating system is to give opportunity for the developers to design and construct green, sustainable building that can provide energy savings, water savings, a healthier indoor environment, better connectivity to public transport and the adoption of recycling and greenery for their projects. 1.5 Scope of Study The research study will be focus on the implementation of green building certification in Malaysia. Aware benefits of green building, the barriers and how to make it successful and potential of green development in our country. The designed questionnaires will be sent to the company in Malaysia. 1.6 Research Methodology In order to achieve the objectives, primary and secondary source like relevant books, journal, articles, conference paper and newspaper are important for information collection. All these information can be sourced from TARC library and internet website. Next, the questionnaires will be sending by postal mail, by hand or email to relevant companies in Malaysia. Figure 1 refers the flow chart methodology for the research. CHAPTER 2 2.0 Green Building Certification in Malaysia 2.1 Introduction This chapter discusses on the definition of green building and follow by the benefits of construct green building. Then, the following will discuss about what the green building certification is and what the assessment rating systems in some developed countries are. After that, this chapter also will briefly introduce the Malaysia Green Building Index (GBI) and also examples of success green building in Malaysia. Besides that, the barriers of implementation green building in Malaysia will be discussed in this chapter. 2.2 Definition of green building There are few definitions for green building. The United State Green Building Council (2009) had defined green building is a high performing home thats energy and water efficient, has good indoor air quality, uses environmentally sustainable materials and also uses the building lot or site in a sustainable manner. Besides, according to Thomas (2008) green building refers as a building that provides the specified building performance requirements while minimizing disturbance to and improving the functioning of local, regional and global ecosystems both during and after its construction and specified service life. According to Stacey (2008), in her article she defines green building is a home-building concept that uses design, construction and maintenance to create more energy-efficient and environmentally friendly. By referring to The Star Newspaper (7 September 2008) defines green building are designed to save energy and resources, recycle materials and minimize the emission of toxic substances throughout its life cycle, harmonies with the local climate, traditions, culture and the surrounding environment, able to sustain and improve the quality of human life whilst maintaining the capacity of the ecosystem at local and global levels, buildings make efficient use of resources and have significant operational savings and increases workplace productivity. So, green building can be summarize as also refers to sustainable or high-performance building, means having a significantly reduced impact on the Earths resources compared to conventional building. It is also means creating building that is healthier and more comfortable for its occupants, consequently enhancing productivity. 2.3 Benefits of Green Building Green is an opportunity to use natural resources efficiently while creating healthier building that improve human, build a better environment and provide cost saving. A green building are designed to meet certain objectives such as protecting occupant health, improving employee productivity, using energy, water and resources more efficiently and reducing the overall impact to the environment (Aysin, 2000). By referring to Freed (2008), green building offer to help protect the planets natural resources. A green building has the potential to provide a healthier and more comfortable environment, improve long-term economic performance, incorporate energy and water efficient technologies, reduce construction and demolition waste, bring higher resale value and building valuations, use renewable energy to lower the cost of electricity and improve indoor air quality and occupant satisfaction. Besides that, all these benefits can save long term cost. Some potential benefits of green building can include environmental benefits, economic benefits and social benefits. These benefits summarized as below: Environmental benefits: Enhance and protecting ecosystems and biodiversity Improve air and water quality Reduce solid waste Preserve natural resource Economic benefits: Reduce operating costs Enhance asset value and profits Improve employee productivity and satisfaction Optimize life-cycle economic performance Social benefits: Enhance occupant comfort and health Improve air, thermal, and acoustic environments Minimize strain on local infrastructure Contribute overall quality of life 2.4 Green Building Certification 2.4.1 What is Green Building Certification? Green building certifications were conceived to assist Architect, Engineer, Designers, Builder, Developer and users make to understand the choice that can be make the design of the building and to reduce the negative impacts of environment. 2.4.2 What are those available? As Ting (2009) notes in his articles, there are more than 100 types of environmental rating tool available globally. Green building is very famous in developed country such as United Kingdom, United State, Australia, Hong Kong and Japan. These countries started to develop green building since 20 years ago. Ding (2007) named a number of assessment rating systems in some developed countries. The below discuss the existing well-known rating system. United Kingdom: Building Research Establishment Assessments Method (BREEAM) This Building Research Establishment (BRE) Program was created over a decade ago in United Kingdom to assess the environmental performance of both new and existing buildings. BREEAM assesses performance of buildings in the areas of management, energy use, health and comfort, pollution, transport, land use, ecology, materials, and water. Credits are awarded in each area based on upon performance. Buildings are rated Pass, Good, Very Good, and Excellent. BREEAM can apply to offices, homes, industrial units, and school. United States: Leadership in Energy and Environmental Design (LEED) LEED is developed by the U.S. Green Building Council. It is consensus-based national standard for developing high-performance, sustainable buildings. LEED rating system are available or under development for new commercial construction and major renovations (NC), existing building operations (EB), commercial interiors (CI), core and shell projects (CS), homes (H), and neighborhood development (ND). LEED provides a complete framework for assessing building performance and meeting sustainability goals. Based on well-founded scientific standards, LEED emphasizes state-of-the-art strategies for sustainable site development, water savings, energy efficiency, materials selection, and indoor environmental quality. United State: Energy Star The Energy Star program is a voluntary government and industry partnership that seeks to make it easy for businesses and consumers to save money and protect the environment. This program for Buildings awards a plaque to buildings that achieve a rating of 75 or higher and have been professionally verified to meet current indoor environmental standards. By using the programs benchmarking tool, a buildings performance on a scale of 1 to 100 relative to similar buildings nationwide is obtained. Hong Kong: Hong Kong Building Environmental Assessment Method (HK-BEAM) HK-BEAM is a voluntary system to measure, improve, and label the environmental performance of the buildings. The system has been used on 100 buildings to date. The system applies to both new and existing buildings. In the category of materials topics such as: the efficient use of materials (building reuse), selection of materials (renewable and recycled), and waste management (demolition and construction waste). Japan: Comprehensive Assessment System for Building Environmental Efficiency (CASBEE) The system is a cooperative development of academic, industrial, and government agencies. The systems assessment tools include a pre-design assessment tool, a design for environmental tool, an eco-labeling tool, and a sustainable operation and renovation tool. Netherlands: Eco-Quantum The Eco-Quantum is the only method that explicitly and comprehensive based on life-cycle assessment. Asses the environmental burden of a complete building on the basis of LCA. It also compares the environmental performance of various measures concerning energy-saving installations, water-saving techniques, material choice, design and location. The Eco-Quantum is only applicable to single residential buildings. Australia: Green Star The Green Star Environmental Rating System for Buildings was created to set a standard of measurement for green buildings in Australia. The rating system is a voluntary national program that evaluates the environmental performance of buildings. Green Star Rating Systems have been developed for commercial buildings only. Each of the rating systems includes the following categories: management, indoor environmental quality, energy, transport, water, materials, land use, site selection and ecology, and emission. Each category contains credits awarded based on achieving the required level in the building. Credits in the materials category are awarded for providing storage for recycling waste, reuse of facade, reuse of structure, shell, and core, recycled content of concrete, recycled content of steel, PVC minimization, and use of sustainable timber. 2.5 Malaysia Green Building Index (GBI) After some studies in different green building rating schemes around the globe, Malaysia set up a rating scheme to suit the local market; it is called Green Building Index (GBI). Malaysian GBI is an environmental rating system for buildings developed by Green Building Index Sdn Bhd under the supervision of the Malaysian Institute of Architects (PAM) and Association of Consulting Engineers Malaysia (ACEM).The Malaysia GBI was first introduced in January this year and launched in May 2009. This introduction signifies a new benchmark for the Malaysia building and industry. 2.5.1 What is GBI? According to Chin (2009), the GBI is Malaysias industry recognized green rating tool for building and it is intended to promote sustainability in the built environment and raise awareness among Developers, Architect, Engineers, Planners, Designers, Contractors and Public about the environmental issues and our responsibility to the future generations. GBI rating tool gives an opportunity for developers to design and construct green building that would provide energy savings, water savings, a healthier indoor environment, better connectivity to public transport and adoption of recycling and greenery for the projects and reduce impact of environment. GBI will be the only rating tool for the tropical zones other than Singapore Governments GREENMARK. Besides that, GBI is expected to be applied to new buildings in Malaysia. 2.5.2 GBI Rating System Referring to Chen (2009), the projects or building would be assessed and rated based on six keys criteria. These criteria will be discussed as follow:- Energy Efficiency Indoor Environmental Quality Sustainable Site Planning Management Material and Resources Water Efficiency Innovation 2.5.2.1 Energy Efficiency Use of renewable energy, lighting zoning and low energy consumption 2.5.2.2 Indoor Environmental Quality (IEQ) Mould and air pollutants prevention, thermal comfort, natural lighting. These will involve the use of low volatile organic compounds-free paints and formaldehyde-free composite wood, particle boards and plywood. 2.5.2.3 Sustainable Site and Management site selection with planned access to public transport, community services, open spaces and landscaping, redevelopment of existing sites and Brown fields (abandoned land or former industrial sites), avoidance of environmentally sensitive sites, construction management (proper earthworks and pollution control) and storm water management 2.5.2.4 Materials and Resources Use of environment-friendly, recycled materials and sustainable timber; storage and collection of recyclables; construction waste management; and reuse of construction formwork 2.5.2.5 Water Efficiency Rainwater harvesting, water recycling and water-saving fittings 2.5.2.6 Innovation Innovative design and initiatives 2.5.3 GBI Rating Tools The rating system is comprised of two separate tools, namely the GBI Residential and Non-Residential respectively. 2.5.3.1 GBI Residential The GBI Residential Rating tool evaluates the sustainable aspects of residential buildings. This includes linked houses, apartments, condominiums, townhouses, semi-detached and bungalows. This tool places more emphasis on sustainable site planning management, followed by energy efficiency. This serves to encourage developers and home owners to consider the environmental quality of homes and their inhabitants through better site selection, provisions of public transport access, increased community services and connectivity, as well as improved infrastructure. Such achievement will help reduce the negative impact to the environment and create a better and safer place for residents and the community as a whole. (Chen, 2009) 2.5.3.2 GBI Non-Residential The GBI Non-Residential Rating tool evaluates the sustainable aspects of buildings that are commercial, institutional and industrial in nature. This includes factories, offices, hospitals, universities, colleges, hotels and shopping complexes. Of the six criteria that make up the GBI rating, emphasis is placed on energy efficiency and indoor environmental quality as these have the greatest impact in the areas of energy use and well-being of the occupants and users of the building. By improving on the efficiency of active (mechanical and electrical) systems as well as incorporating good passive designs together with proper sustainable maintenance regimes, significant reductions in consumed energy can be realised. This can lead to a reduced carbon footprint and also offers long-term savings for the building owners. (Chen, 2009) 2.6 Green Building in Malaysia There are some success low energy buildings achieved by Malaysia government. They are LEO (Low Energy Office) building and ZEO (Zero Energy Office). 2.6.1 LEO Building The LEO (Low Energy Office) Building located in Putrajaya, which houses the Ministry of Energy, Water and Communication (MEWC). The LEO building demonstrates a complete integration of the best energy efficiency measures, optimised towards achieving the overall best cost or effective solution, with a targeted energy consumption of 135 W/m2/year. (Lim, 2007) Danish Agency for Development Assistance (DANIDA) and local experts had in cooperation with Malaysia architects and engineers optimised the overall design of the building and its energy systems for minimum energy consumption since 2001. (UNDP, 2006) Characteristic of LEO building discusses as below:- Most of the LEO building glazing windows installed facing north and south to minimize heat gain from the sun radiation before entering the building interior. This means that it can reduce cooling load. The roof has been insulated with 100mm of polystyrene foam and the installation of a second roof provides shade to the building. 2.6.2 ZEO Building The ZEO (Zero Energy Office) Building is an administration-cum-research office for Pusat Tenaga Malaysia (Malaysia Energy Centre), following the success of LEO building which hosted the MEWC in Putrajaya while the ZEO building was located in Bandar Baru, Selangor. By referring to PV database (2006), the ZEO building is a demonstrator building which marked another milestone towards greater promotion and adoption of sustainable building concept in the Malaysia building sector. ZEO is the only such building in Malaysia that integrates the energy efficiency and renewable energy in one working demonstrator building. The ZEO building was designed to be very energy efficient, thus consuming very little fossil fuels with energy index of 65 kWh/m2/year. It was built on a concept which focused on the green technology innovation to minimize energy demand load, efficient use of fossil fuel via taking into account the environmental concern, the usage of renewable energy but without compromising user comfort and safety. Some of the amount of energy used by the building is counter balanced by the amount of energy generated by its own renewable energy power generation system. According to Roxul Asia Sdn Bhd (2009), the super low energy characteristic is achieved by using passive and active energy efficient elements and renewable energy elements as follows:- The design of the ZEO building only allows double glazing windows installed on faà §ade facing north and south. The windows are consists of two pane glass which functioned to filter heat from the sun radiation before entering the building interior. This means that only cold daylight entered and giving free lighting to the buildings. Besides that, it also means that artificial electric light can be turned off during the day hence reducing the energy load of the building. Almost 100% lighting requirements are from this free source. The buildings cooling system is unique because it is a combination of radiant cooling and air convection system. The radiant cooling and ice storage was charge at night and stored at the floor slabs and ice storage tank respectively. The entire building was controlled with a Building Energy Management System where all buildings system operation is controlled automatically. The system also functions to monitor all energy consumption activities and energy generation in ensuring the building operates efficiently. 2.7 Barriers to green building implementation in Malaysia The following points contributed to the lack of implementation of green building in Malaysia. Lack of knowledge regarding green building Green is still a relatively new concept for the construction industry in developing countries of South-East Asia like Malaysia. Hence the greatest barriers are the lack of understanding of the need for green design. Many Fewer developers undertake green building projects Many developers are not aware of the concept of green building and so are naturally fewer developers undertake the green building projects. Besides that, to build green building takes too much time to learn and design. Expensive Client or developer unwilling to spend money because the initial cost is high although has proved that green building can save long term cost. The green building has its price the costs of green building are expensive as compare to normal building. 2.8 Conclusion To provide sustainable, green, or low energy developments is an important way forward for Malaysia. Although Malaysia has adopted some of these aforementioned measures but most are still at voluntary stage and needs further enforcements. All fractions of society from politicians, authorities, professionals, NGOs, educators, contractors, developers and the public at large must take concerted and swift actions to share the responsibilities to sustain our limited resources for future generations. CHAPTER 3 3.0 RESEARCH METHODOLOGY 3.1 Introduction This chapter explains about the method that have been use to carry out this research, in order to achieve the objective of the research. Instead of achieving information through primary and secondary source like textbook, journal, conference papers, report and questionnaires will be carried out. Then the data need to be analyzed and presented in a form of table, pie chart and graph, so it is easy to understand and readable. 3.2 Research Methodology The research will go through several phases:- Identify the objectives Literature Review Data Collection Method of Analysis Example of calculation Conclusion 3.2.1 Identify the objective and mission of the research GBI is a rating tool to promote environment-friendly buildings for the future of Malaysia. Therefore, it is important to identify the important of green building, the difficulties and solutions of implementation green building and also the potential in the development in green building. 3.2.2 Literature Review Literature review also known as secondary data. Secondary data is a data that we get before a research has been carried out. It is important to help us for better understand about the research. The information for the literature review can be achieve through primary and secondary source like textbook, journal, conferences papers, report and questionnaires will be carried out. Based on the literature review, we can prepare for the questionnaire in order to collect the primary data. 3.2.3 Data Collection Process of collection primary data is one of the important phase in achieve the objectives of the research. The first step is to get response from the construction firm such as developer. This method is more practical, easy and the ideas from the respondent can be easily identified. 3.2.3.1 Questionnaire Data collection process started with the preparation of questionnaire form. It is important to get the response from the respondent. The questionnaire had been sending by post or by hand or email to the respondent. The questionnaire consists of 5 questions which are related to the objectives. The rationales for each question will be discussed as follows: Question 1: Did your company involve in any project which is classified as Green Building? Rationale: The purpose of asking this question is to determine that whether the respondents company had involving in the green building construction project. Besides, this question also can know whether in future our country will have another green building or not. Question 2: In your opinion, what is the best to address the important of green building? Rationale: This is rated question, is set in likert scales, which respondents need to answer the question whether is strongly agree, agree, neutral, disagree and strongly disagree. This question is intent to know what are the criteria is the best to address the important of green building in Malaysia. Question 3: What are the difficulties of implementation green building in Malaysia? Rationale: The rationale of asking this question is to find out what are the barriers of implementation green building in Malaysia. Question 4: What are the ways to speed up implementation of green building in Malaysia? Rationale: The purpose of asking this question is to find out the solutions of implementing the concept of green building in Malaysia. Question 5: In your opinion, do you think Malaysia has high potential in the development of green building? Rationale: The purpose of asking this question is to find out the future green building development in Malaysia whether is positive or negative. 3.2.4 Method of Analysis After findings have been obtained from the questionnaire surveys, an appropriate analysis and presentation of the survey results will be done in Chapter 4. Basically, two main types of analysis method are used. They are: 3.2.4.1 Descriptive statistics method Descriptive statistics are used to explore the data collected and to summarize and describe the data. They provide simple summaries about the sample and the measures. The results will later analyze and presented in a form of table, pie chart and graph to analyze the response in percentage and this is the simplest method of and it is easy to understand and readable. This type of analysis is used to analyze closed-ended and ranking questions. (Naoum, 1997, p103) Question other than Question 2 will be analyzed using this method. 3.2.4.2 Using Formula The average index is calculated based on the 5-Likert Scale Formula as follows. (Tam et. al., 2001) 5-Likert Scale Formula (5N5 + 4N4 + 3N3 + 2N2 + N1 ) Important Index = 5(N5 + N4 + N3 + N2 + N1 ) Where, N1 = Total respondents choosing strongly disagree N2 = Total respondents choosing disagree N3 = Total respondents choosing neutral N4 = Total respondents choosing agree N5 = Total respondents choosing strongly agree This method is particularly useful to analyse the ranking or rating data which is normally uses integers in ascending or descending order. The results will tabulated into table form stated the ranking possesses by each option for the question. In the questionnaire conducted, Question 2 will be analysing using the said method. 3.2.5 Conclusion Put simply, the process of research methodology utilized can be simplified as shown in the figure below:- CHAPTER 4 4.0 DATA ANALYSIS AND DISCUSSION 4.1 Introduction The study focuses on the construction firm in Malaysia. A set of questionnaires were prepared for the respondents. The respondents were developers. The questionnaires are sent either by postal mail, email or by hand to the respondents. The questionnaire survey takes months for distributing and collecting back from respondents. Unfortunately, most of the construction firms concerned do not show their co-operation in answering the questions surveyed, since there are only 20 copies out of 50 copies (30 by email, 3 by hand , and 17 by postal mail) collected back. Therefore, it equals to only 40% of the respondents replied to the said survey. For instances, majority of the top management in the company does not have time (either busy or other personal reasons) to take part in the survey and normally will command their staff to take over in answering the survey questionnaires. Besides, industry fatigue and unconcern is so obvious in the sense that they do not pay attention to academic surv ey conducted by student even though they have been approached to the doorstep or postal mail attached with return stamped envelope. Chart 1 below shows the feedback from the respondents. 4.2 Result and Analyse Question 1: Did your company involve in any project which is classified as Green Building? All of the respondents have answer that they are not involving in any project which is classified as green building. This answer clearly to tell us that there are no green building been construct in Malaysia. Question 2 In your opinion, what is the best to address the important of green building in Malaysia? As shown in Chart 3, 60% of the respondents agreed that the difficulties of implementing the green building in Malaysia are lack of knowledge regarding green building. 30% of the respondents have the view that the cost of green building is expensive and 10% of them think that there are fewer developers undertake green building projects. 60% of respondents think that lack of knowledge regarding green building is the barriers of implementation green building. Green building is very famous in other country but not in Malaysia. There is only few green building in Malaysia thus there were less people know about the importance of constructing green building. 30% of the respondents in the opinion that the difficulty of implementing green building in Malaysia is there is 10% of the respondents in the opinion that the difficulty of implementing green building in Malaysia is there were fewer developers undertake green building. Question 4 What are the ways to speed up implementation of green building in Malaysia?

Evidence Collection Policy Essay

1.What are the main concerns when collecting evidence? That you are thorough, collect everything, do it in the proper and official manner, and that you do not tamper with or alter anything. 2.What precautions are necessary to preserve evidence state? Usually what is done is all of the evidence is duplicated several times and any processes involved with the investigation are done with the duplicates to ensure that the actual evidence isn’t altered in any way. 3.How do you ensure evidence remains in its initial state? It is duplicated and then stored in climate controlled conditions. 4.What information and procedures are necessary to ensure evidence is admissible in court? Whoever conducts the investigation does so in a previously mandated, official, and legally recognized manner. Information Systems Security Incident Response Policy I. Title A. Name: Information Systems Security Incident Response Policy B. Number: : 20070103-secincidentresp C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer) D. Status: Approved E. Date Proposed: 2005-10-24 F. Date Revised: G. Date Approved: 2007-01-03 H. Effective Date: 2007-01-16 II. Authority and Responsibility Information Systems and Computing is responsible for the operation of Penn’s data networks (PennNet) as well as the establishment of information security policies, guidelines, and standards. The Office of Audit, Compliance and  Privacy has authority to develop and oversee policies and procedures regarding the privacy of personal information. These offices therefore have the authority and responsibility to specify security incident response requirements to protect those networks as well as University data contained on those networks. III. Executive Summary This policy defines the response to computer security incidents. IV. Purpose This policy defines the steps that personnel must use to ensure that security incidents are identified, contained, investigated, and remedied. It also provides a process for documentation, appropriate reporting internally and externally, and communication so that organizational learning occurs. Finally, it establishes responsibility and accountability for all steps in the process of addressing computer security incidents. V. Risk of Non-compliance Without an effective incident response process, corrective action may be delayed and harmful effects unnecessarily exacerbated. Further, proper communication allows the University key learning opportunities to improve the security of data and networks. Individuals who fail to comply are subject to sanctions as appropriate under Penn policies. VI. Definitions Confidential University Data includes: * Sensitive Personally Identifiable Information–Information relating to an individual that reasonably identifies the individual and, if compromised, could cause significant harm to that individual or to Penn. Examples may include, but are not limited to: Social Security numbers, credit card numbers, bank account information, student grades or disciplinary information, salary or employee performance information, donations, patient health information, information Penn has promised to keep confidential, and account passwords or encryption keys used to protect access to Confidential University Data. * Proprietary Information–Data, information, or intellectual property in which the University has an exclusive legal interest or ownership right, which, if compromised could cause significant harm to Penn. Examples may include, but are not limited to, business planning, financial information, trade secret, copyrighted material, and  software or comparable material from a third party when the University has agreed to keep such information confidential. * Any other data the disclosure of which could cause significant harm to Penn or its constituents. Security Incident. There are two types of Security Incidents: Computer Security Incidents and Confidential Data Security Incidents. * A Computer Security Incident is any event that threatens the confidentiality, integrity, or availability of University systems, applications, data, or networks. University systems include, but are not limited to: servers, desktops, laptops, workstations, PDAs, network servers/processors, or any other electronic data storage or transmission device. * A Confidential Data Security Incident is a subset of Computer Security Incidents that specifically threatens the security or privacy of Confidential University Data. User. A Penn user is any faculty, staff, consultant, contractor, student, or agent of any of the above. VII. Scope This policy applies to all Users. It applies to any computing devices owned or leased by the University of Pennsylvania that experience a Computer Security Incident. It also applies to any computing device regardless of ownership, which either is used to store Confidential University Data, or which, if lost, stolen, or compromised, and based on its privileged access, could lead to the unauthorized disclosure of Confidential University Data. Examples of systems in scope include, but are not limited to, a User’s personally owned home computer that is used to store Confidential University Data, or that contains passwords that would give access to Confidential University Data. This policy does not cover incidents involving the University of Pennsylvania Health System (UPHS) information systems, which has a separate incident response policy. ISC Information Security will coordinate with UPHS as appropriate when UPHS computing devices, data, or personnel are involved. VIII. Statement of Policy A. Overview of Penn’s Incident Response Program All Computer Security Incidents must be reported to ISC Information Security promptly. See Section B below. All Confidential Data Security Incidents must: a. Generate the creation of an Immediate Response Team, as designated by the  Information Security Officer (ISO), on a per incident basis. See Section C below. b. Follow appropriate Incident Handling procedures. See Sections C and D below. iii. ISC Information Security, under the direction of the Vice President for Information Systems and Computing (VP-ISC) is responsible for logging, investigating, and reporting on security incidents. See Sections D and E below. B. Identifying and Reporting Computer Security Incidents i. Users and Local Support Providers (LSPs). In the event that a User or an LSP detects a suspected or confirmed Computer Security Incident, the User must report it to his or her Local Security Officer or IT Director for issues including but not limited to viruses, worms, local attacks, denial of service attacks, or possible disclosure of Confidential University Data. ii. Local IT Management. Local IT Management must notify ISC Information Security of all Computer Security Incidents, except for categories of incidents that ISC Information Security may designate in Appendix I of this policy. iii. ISC Information Security. ISC Information Security shall notify appropriate systems administrators and other personnel of all emergency and attack incidents, as well as all suspicious activity incidents when it believes that an administrator’s system is at risk. The system’s administrators will then work with ISC Information Security to properly address the incident and minimize the risk of future occurrences. C. Immediate Response Team i. Purpose. The purpose of each Immediate Response Team is to supplement Penn’s information security infrastructure and minimize the threat of damage resulting from Computer Security Incidents. ii. Per Incident Basis. An Immediate Response Team shall be created for Confidential Data Security Incidents. iii. Membership. Membership on the Immediate Response Team shall be as designated by the ISO. In most cases, members shall include a representative from ISC Information Security and from the affected School or Center’s technical and management staff. iv. Responsibilities. Responsibilities of the Immediate Response Team are to assess the incident and follow incident handling procedures, appropriate to the incident as determined by the ISO. v. Confidentiality. Immediate Response Team members will share information about security incidents beyond the Immediate  Response Team only on a need-to-know basis, and only after consultation with all other team members. D. Incident Handling. For incidents requiring the formation of an Immediate Response Team, the following is a list of response priorities that should be reviewed and followed as recommended by the ISO. The most important items are listed first: i. Safety and Human Issues. If an information system involved in an incident affects human life and safety, responding to any incident involving any life-critical or safety-related system is the most important priority. ii. Address Urgent Concerns. Schools and Centers may have urgent concerns about the availability or integrity of critical systems or data that must be addressed promptly. ISC Information Security shall be available for consultation in such cases. iii. Establish Scope of Incident. The Immediate Response Team shall promptly work to establish the scope of the incident and to identify the extent of systems and data affected. If it appears that personally identifiable information may have been compromised, the Immediate Response Team shall immediately inform the VP-ISC and the Chief Privacy Officer (CPO). iv. Containment. Once life-critical and safety issues have been resolved, the Immediate Response Team shall identify and implement actions to be taken to reduce the potential for the spread of an incident or its consequences across additional systems and networks. Such steps may include requiring that the system be disconnected from the network. v. Develop Plan for Preservation of Evidence. The Immediate Response Team shall develop a plan promptly upon learning about an incident for identifying and implementing appropriate steps to preserve evidence, consistent with needs to restore availability. Preservation plans may include preserving relevant logs and screen captures. The affected system may not be rebuilt until the Immediate Response Team determines that appropriate evidence has been preserved. Preservation will be addressed as quickly as possible to restore availability that is critical to maintain business operations. vi. Investigate the Incident. The Immediate Response Team shall investigate the causes of the incident and future preventative actions. During the investigation phase, members of the incident response team will attempt to determine exactly what happened during the incident, especially the vulnerability that made the incident possible. In short, investigators will attempt to answer the following questions: Who? What? Where? When? How? vii. Incident-Specific Risk  Mitigation. The Immediate Response Team shall identify and recommend strategies to mitigate risk of harm arising from the incident, including but not limited to reducing, segregating, or better protecting personal, proprietary, or mission critical data. viii. Restore Availability. Once the above steps have been taken, and upon authorization by the Immediate Response Team, the availability of affected devices or networks may be restored. ix. Penn-Wide Learning. The Immediate Response Team shall develop and arrange for implementation of a communications plan to spread learning from the security incident throughout Penn to individuals best able to reduce risk of recurrence of such incident. E. Senior Response Team (SRT). If the ISO or CPO in their judgment believe that the incident reasonably may cause significant harm to the subjects of the data or to Penn, each may recommend to the VP-ISC or Associate Vice President for Audit, Compliance and Privacy (AVP-OACP) that a Senior Response Team be established. The Senior Response Team shall be comprised of senior-level officials as designated by the VP-ISC or AVP-OACP. The Senior Response Team shall: i. Establish whether additional executive management should be briefed and the plan for such briefing. ii. Determine, with final approval by the General Counsel, whether Penn shall make best efforts to notify individuals whose personal identifiable information may have been at risk. In making this determination, the following factors shall be considered: a. legal duty to notify b. length of compromise c. human involvement d. sensitivity of data e. existence of evidence that data was accessed and acquired f. concerns about personnel with access to the data g. existence of evidence that machine was compromised for reasons other than accessing and acquiring data h. additional factors recommended for consideration by members of the Immediate Response Team or the Senior Response Team. iii. Review and approve any external communication regarding the incident. F. Documentation i. Log of security incidents. ISC Information Security shall maintain a log  of all reportable security incidents recording the date, School or Center affected, whether or not the affected machine was registered as a critical host, the type of Confidential University Data affected (if any), number of subjects (if applicable), and a summary of the reason for the intrusion, and the corrective measure taken. ii. Critical Incident Report. ISC Information Security shall issue a Critical Incident Report for every reportable security incident affecting machines qualifying as Critical Hosts, or other priority incidents in the judgment of ISC Information Security describing in detail the circumstances that led to the incident, and a plan to eliminate the risk. iii. Annual Summary Report. ISC Information Security shall provide annually for the VP-ISC and AVP-OACP a report providing statistics and summary-level information about all significant incidents reported, and providing recommendation s and plans to mitigate known risks. IX. Best Practices A. Preserving Evidence: It is essential to consult Penn Information Security when handling Computer Security Incidents. However, if Information Security is not available for emergency consultation, the following practices are recommended: i. Generally, if it is necessary to copy computer data to preserve evidence for an incident, it is a good idea to use bit-wise file-system copy utilities that will produce an exact image, (e.g.UNIX dd) rather than to use file level utilities which can alter some file meta-data. ii. When making forensic backups, always take a cryptographic hash (such as an SHA-1 hash) of both the original object and of the copied object to verify the authenticity of the copy. Consult your System Administrator if you have questions. iii. Assigning members to an Immediate Response Team: In cases where an incident involves an investigation into misconduct, the School or Center should consider carefully whom to assign to the Immediate Response Team. For example, one may not wish to assign an IT professional who works closely with the individual(s) being investigated. X. Compliance A. Verification: ISC Information Security and the Office of Audit, Compliance and Privacy will verify any known computing security incidents as having been reported and documented as defined by this policy. B. Notification: Violations of this policy will be reported by ISC Security  and the Office of Audit, Compliance and Privacy to the Senior Management of the Business Unit affected. C. Remedy: The incident will be recorded by ISC Information Security and any required action to mitigate the harmful affects of the attack will be initiated in cooperation with the Business Unit Security Officer/Liaison. D. Financial Implications: The owner of the system shall bear the costs associated with ensuring compliance with this policy. E. Responsibility: Responsibility for compliance with this policy lies with the system administrator, system owner, and Business Unit’s Senior Manager. F. Time Frame: All incidents involving critical hosts systems and networks must be reported immediately. All other incidents should be reported within one business day of determining something has occurred. G. Enforcement: Compliance with this policy will be enforced by disconnecting any machines that may compromise the University network, or other machines with Confidential University Data. Workforce members not adhering to the policy may be subject to sanctions as defined by University policies. H. Appeals: Appeals are decided by the Vice President for Information Systems and Computing. XI. References 1. PennNet Computer Security Policy at www.net.isc.upenn.edu/policy/approved/20040524-hostsecurity.html 2. Critical PennNet Host Security Policy at www.net.isc.upenn.edu/policy/approved/20000530-hostsecurity.html 3. Policy on Computer Disconnection from PennNet at www.upenn.edu/computing/policy/disconnect.html 4. Adherence to University Policy at www.hr.upenn.edu/policy/policies/001.asp 5. Policy on Security of Electronic Protected Health Information (ePHI) at www.upenn.edu/computing/security/policy/ePHI_Policy.html Appendix I The following category of incidents need not be reported to Penn Information Security: * Unsuccessful network scans

Ethics of Engineering Essay

Risk can be defined in many different versions basing on the specified use and situational context. It can simply means the future negative circumstances that can be prevented or mitigated, rather than day to day that calls for immediate attention. When it comes to risk management, the word hazard can be used to define a situation that would lead to harm while the word risk would mean a probability of anything occurring. This concept was applied at planning of delta works in the nineteenth century, which is a flood preventing project in western country. The type of risk analysis is now common in sites like chemical industry and nuclear power. Determining engineering risk is somewhere hard especially in industries where there is production of toxic materials. The way forward to measure individual life cost caused by the loss differs basing on the aim or purpose. Most measures entail what individuals are able to give to insure against death (National Academy of Engineering & National Academies Press (US), 2004). Categories of risk -financial risk; is mostly termed as the unplanned variability of returns which covers bad-than-unplanned as well as good-than-desired returns. Basing on statistics risk is always placed to the probability of a number of outcomes that are mostly undesirable (Morse & Babcock, 2009). Often the probability of the event and various assessment of its perceived harm need to be joined into a believable outcome, which joins a group of risk, regret and pay probabilities in a desired value for that same outcome. Risk is therefore assessed as a task of three variables namely – the probability that there might be a negative warning, the presence of vulnerability and finally potential improvement in business. The first two probabilities are joined together and sometimes called likelihood, if any of the named variables above almost results to zero, the whole risk results to zero. Risk can further be defined as a state of lacking complete certainty where a number of possibilities entail a loss or various unexpected outcome. Measurement of risk; a group of possibilities with which each has a quantified probability and quantified losses From the text above it is vital for one to have uncertainty with no risk but not have risk without uncertainty. People can be uncertain concerning who will be the winner in a contest but unless they hold individuals stake in it, they hold no risk (Martin & Schinzinger, 2005). If people bet some finances on the results of the contest, then it is true they have a risk. In this similar occurrences there are different outcome. The value of uncertainty only defines the probabilities kept for outcomes, as the calculation of risk calls for the two outcomes that is probability and quantified (National Academy of Engineering & National Academies Press (US), 2004). Insurance and heath risk – insurance is a type of risk lowering investment whereby the customer gives some agreed amount to be safer incase a negative issue arises. In this way, the customer will be so sure a loss has not occurred. Buying a lottery ticket is a high-risk investment with a possibility of minimal reward but with a high chance of getting a loss (Moriarty, 2008). Banking some funds at a specific rate of interest is also taking a risk although the return is less but guaranteed. Some risks like in individual’s health could be minimized through primary prevention habits that lowers early occurrence of diseases or by secondary avoidance habits once an individual has been exposed to early symptoms and signs that could be a risk factor. Tertiary avoidance lowers the negative outcome of a disease that is already established by minimizing illness- associated complication and restoring the functions. Every medical professional needs clear discussions about risk factors with an individual client to acquire informed consent concerning tertiary and secondary avoidance efforts however the entire medical health efforts in primary avoidance needs education of the public group at risk (Martin & Schinzinger, 2005). In each circumstance, excellent communication concerning any risk factors, predicted results and certainty should differentiate between causal circumstances that need to be reduced and associated circumstances which might be consequences rather than causes (Baura, 2006). Safety It can be defined as a situation of being secure, out of danger injury or risk or in other terms, it means events that call to lower or do away with hazardous situations that can lead to injury of the body. Categories of safety †¢ Occupational safety – it is mainly based with risks in locations where individuals work that is in building and construction, business industries and organizations. †¢ public safety – it deals with hazards in premises, journeys, touring and recreation, and in other various circumstances which is not within the category of occupational safety †¢ Marketing safety – this entails security in purchasing of goods and even in producing. One must be sure the services offered will not lead to a negative outcome (Baura, 2006). On the other hand, the producers themselves should not risk in making a loss for this can cause the closure of a business. †¢ Insurance risk – this avoids a great loss in business or in individuals investment incase an accident or an injury arises, that means the owner is secured. In case of an accident, it is always advisable to analyze the employees’ status of safety measures, which could be affected by outward working environment, attitudes directed to security and accident avoidance work and also leaders’ commitment in security promotion. Such kind of factors could be linked to work stress and risk behavior (Moriarty, 2008). The perceived risk behavior affects negative outcomes like accidents and near misses, while the possibility that discourages improvement in transforming a person’s risk perception towards embracing safety is still not yet clear (Martin & Schinzinger, 2005). Competent verses incompetent A competent engineer is one whose work is recommendable and excellent; he evaluates, assesses and organizes the employees to work with an aim of meeting the company’s goals and objectives. He works under minimal supervision from the seniors, seeks for advice in times of difficulty and consults other professionals to add skills and knowledge (Harris et al 2008). Unlike incompetent engineer who might have no knowledge of his work and his end results after working are disgusting. Maintaining a competent engineer could be challenging unlike the incompetent one. A good engineer has most of the qualification required in his area of assignment; works well to produce excellent results while a good person is generally pleasing and manifests good characters but may be lacking qualifications in his work (National Academy of Engineering & National Academies Press (US), 2004). A person may be competent but lacks good morals this can be evidenced by most of the employers who employ workers on condition to get ‘something’ in return. This is mostly happening in the modern world where most competent individuals have no integrity or character. In conclusion, it is better to risk taking an action despite of the unknown results rather than being safe in a condition whose guaranteed results are negative for example banking money to gain small interest instead of keeping it with you. Reference Baura, G. (2006). Engineering ethics: an industrial perspective. New York: Academic Press. Harris, C. , Pritchard, M. & Rabins, M. (2008). Engineering Ethics: Concepts and Cases, 4th Ed. New York: Cengage Learning. Martin, M. & Schinzinger, R. (2005). Ethics in engineering, 4th Ed. New York: McGraw-Hill Publishers. Moriarty, G. (2008). The engineering project: its nature, ethics, and promise. New York: Penn State Press. Morse, L. & Babcock, D. (2009). Managing Engineering and Technology: An Introduction to Management for Engineers, 5th Ed. New York: Prentice Hall Publishers. National Academy of Engineering & National Academies Press (US). (2004). Emerging technologies and ethical issues in engineering: papers from a workshop, October 14-15, 2003. New York: National Academies Press.

Descartes Cogito Ergo Sum And Ontological Arguments

In this paper I intend to show that Descartes’ cogito ergo sum and ontological arguments both rely on the method of doubt and follow from the premise that essence implies existence. The cogito ergo sum is different from the latter one, however, from the fact that it did not contain the premise regarding the cause and effect of an idea having objective reality. The main problem with this argument is that while essence and existence were said to be inseparable, it does not happen to be the case. First of all, Descartes’ cogito ergo sum rests on the method of doubt, and it’s only true because it appears to him as most clear and distinct, and thus cannot be doubted. He said that, â€Å"What of thinking? I find here that thought is an attribute that belongs to me; it alone cannot be separated from me† . So what Descartes is saying here seems to mean that thinking is a quality that he possesses, and that he cannot exist without having this quality, which means t hinking is what justifies his being at this moment. He adds that, â€Å"I am, however, a real thing and really exist; but what thing? I have answered: a thing which thinks†. I take this to mean that the essence Descartes suggests here is him being a thinking thing. He is sure that he is a thinking thing because when he thinks that he is a thinking thing, it is impossible to say that he is not thinking, which is an attribute he claims to be a part of him in the beginning. The idea of this essence is pushed further in his waxShow MoreRelatedRene Descartes Ontological Argument957 Words   |  4 Pagesâ€Å"Cogito ergo sum† (â€Å"I think, therefore, I am†) (Descartes, Miller, Miller, 1983). Renà © Descartes was a philosopher of the 17th century who made major contributions to the field. Everything from his metaphysical arguments of existence of man to his proofs for the existence of God are still discussed and debated today. In the field of religion, most famous is his Ontological proof for the existence of God. In other words, proof that one can know God a priori, with no experience whatsoever. FollowingRead More Descartes Meditations Essay2147 Words   |  9 PagesDescartes Meditations In Descartes’ meditations, Descartes begins what Bernard Williams has called the project of ‘pure enquiry’ to discover an indubitable premise or foundation to base his knowledge on, by subjecting everything to a kind of scepticism now known as Cartesian doubt. This is known as foundationalism, where a philosopher basis all epistemological knowledge on an indubitable premise. Within meditation one Descartes subjects all of his beliefs regarding sensory data and evenRead More Comparing Knowledge in Descartes’ Meditations on First Philosophy and Hume’s An Enquiry Concerning876 Words   |  4 PagesComparing Knowledge in Descartes’ Meditations on First Philosophy and Hume’s An Enquiry Concerning Human Understanding, Rationalists would claim that knowledge comes from reason or ideas, while empiricists would answer that knowledge is derived from the senses or impressions. The difference between these two philosophical schools of thought, with respect to the distinction between ideas and impressions, can be examined in order to determine how these schools determine the sourceRead MoreEssay about Rene Descartes Faith and Reason1292 Words   |  6 PagesRene Descartes Faith and Reason The sixteenth and seventeenth centuries witnessed a colossal transition in the scientific view of the universe. During this period a profound rethinking of scientific theory as well as moral and religious matters took place. Traditional ideas were reconsidered by religious thinkers. Philosophers began applying rational scientific thought to problems that they considered. The main concept of the Scientific Revolution was to question everything. The ScientificRead More Descartes Essay1269 Words   |  6 Pages In the early 17th century a philosopher named Descartes, questioned his existence. His life was dedicated to the founding of a philosophical and mathematical system in which all sciences were logical. nbsp;nbsp;nbsp;nbsp;nbsp;Descartes was born in 1596 in Touraine, France. His education consisted of attendance to a Jesuit school of La Fleche. He studied a liberal arts program that emphasized philosophy, the humanities, science, and math. He then went on to the University of Poitiers whereRead MoreAnalysis Of Rene Descartes s Meditations On First Philosophy 1399 Words   |  6 PagesEssay 1 Rene Descartes was born in in La Haye, France, in 1596 and he studied at La Fleche Jesuit College and University of Poitiers. Descartes also lived in Germany, Holland and Sweden. He then worked in the army as a private councillor and then as a court philosopher. Descartes book ‘Meditations on First Philosophy’ was first published in 1641. The edition used to write this essay was edited by John Cottingham and was published by the Cambridge University Press in 1996. Descartes was the firstRead MoreEssay on Descartes Meditations1018 Words   |  5 PagesDescartes Meditations Descartes meditations are created in pursuit of certainty, or true knowledge. He cannot assume that what he has learned is necessarily true, because he is unsure of the accuracy of its initial source. In order to purge himself of all information that is possibly wrong, he subjects his knowledge to methodic doubt. This results in a (theoretical) doubt of everything he knows. Anything, he reasons, that can sustain such serious doubt must be unquestionable truth, andRead MoreEssay about Descartes Wax Passage1096 Words   |  5 PagesDescartes Wax Passage How do we know what we know? Ideas reside in the minds of intelligent beings, but a clear perception of where these ideas come from is often the point of debate. It is with this in mind that Renà © Descartes set forth on the daunting task to determine where clear and distinct ideas come from. A particular passage written in Meditations on First Philosophy known as the wax passage shall be examined. Descartes thought process shall be followed, and the central pointRead MoreDescartes s Argument On The Existence Of God1834 Words   |  8 PagesIn A Discourse on the Method, Descartes attempted to prove the existence of God in a priori manner. He did not trust his own senses when trying to prove the existence of God and therefore he relied on the ontological argument. By making the same assumption made by Anselm, which was that an ontological argument assumes that existence is a predicate of God, Descartes is able to conclude that ‘God exists’ is true by definition beca use the subject ‘God’, who already contains all perfections, alreadyRead MoreRationalism - Descartes, Spinoza and Leibniz1731 Words   |  7 Pagesthe world. The three major rationalists, Rene Descartes, Baruch Spinoza and Gottfried Welhelm Leibniz, used this idea in order to defy skepticism and expose the true nature of reality. However, each philosopher is frequently in disagreement. The idea for ‘God’, and what constitutes substance, matter and reality are the four key structural beliefs that aid each rationalist in the forming of their arguments. Yet, it is these four concepts and the arguments behind them that cause the inconsistency found