2 10 3494 https://omeka.ibu.edu.ba/files/original/30b109a3ee49615f9896aafab096f018.pdf 6f030960731f984f0924cdaadee459bf PDF Text Text     Journal of Economic and Social Studies Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios Muhammad Ishfaq Ahmad Lahore Business School, The University of Lahore m_ishfaq452@yahoo.com   Wang Ghohui Liaoning Technical University gsxy.wgh@163.co   Mudassar Hasan Lahore Business School, The University of Lahore mudassar.hassan@lbs.uol.edu.p Ramiz Ur Rehman Lahore Business School, The University of Lahore ramiz_rehman@gmail.com   Abstract: This paper aims to test whether moving average (MA) investment Keywords:  Individual Stocks, Higher Yields, and timing strategy is applicable on individual stocks, portfolios formed from these Sharpe Ratio. stocks, or  both. Moreover, our objective is to compare the performance of MA Anika Sattar Liaoning Technical University anikasattar@yahoo.com Muneeb Ahmad Liaoning Technical University muneeb452@yahoo.com strategy with a buy-and-hold strategy. The data on individual stocks listed on JEL Classification: G10, London Stock Exchange, United Kingdom (UK) is collected over the period G11and D53 starting from December 31, 1999, through February 29, 2016. For the same period, we use daily values of UK-DS Market-PRICE INDEX and 1-Month Treasury bill rate. The paper follows Han et al. (2013) to peruse our investigation. The study applies both MA and buy-and-hold strategies to individual stocks and portfolios sorted by volatility. Since most results are found insignificant, no evidence is found to support that one strategy is better Article History Submitted:  17.4.2017 Resubmitted: 28.2.2018 Accepted: 18.5.2018 http://dx.doi.org/   10.14706/JECOSS17722 than the other when applied to individual stocks. However, trading behavior and success ratios across groups provide mixed results, hinting slightly towards the failure of MA strategy. The pervasive noise in daily stock return data is the reason why MA strategy consistently produces insignificant results. Moreover, when applied to volatility-sorted portfolios, MA strategy substantially beats buy-and-hold strategy by yielding higher average return and risk-adjusted returns, lower standard deviations, large-and-positive skewness and Sharpe ratios, and much success ratios across portfolios. Both for individual stocks and portfolios, dynamics of returns and especially trading behavior suggest that the performance of MA strategy decreases with rising lag lengths, meaning MA signal weakens for a longer history. Volume 7 | Issue 2 | 5 �Muhammad Ishfaq Ahmad, Wang Ghohui, Mudassar Hasan, Anika Sattar, Muneeb Ahmad, Ramiz Ur Rehman   Literature Review Historically, stock price prediction has received an enormous amount of attention among investors, practitioners, and academicians. Broadly, two classes of analyses have been used for predicting stock prices. These are commonly known as fundamental and technical analyses. Fundamental analysis uses intrinsic properties of an asset, specifically stock, to estimate future price or intrinsic value. On the contrary, in technical analysis historical data of prices is used to drive signals about future prices. Lately, nevertheless, technical trading rules have been commonly used by investors and financial analysts to make investment decisions (Neely, 1997; Taylor and Allen (1992)). More recently, however, (Han, Zhou, & Zhu, 2016) find results that favor the persistent profitability of the MA trading rule. Zhou and Zhu (2013) documents as MA follows the trend. It is further expected to be high profitability in high IU stocks when there is amore extended price continuation. Metghalchi, Marcucci, and Chang (2012) accept that MA scan forecast. Shintani, Yabu, and Nagakura (2012) point out that MA signals are helpful for investment over a longer time horizon. On the other hand, numerous studies provide either mixed or reverse evidence. For instance, (Allen & Karjalainen, 1999) establish that, for US stock market, the technical trading strategy does not perform better than buy-and-hold strategy even after accounting for trading costs. Sullivan, Timmermann, and White (1999) examine US futures market and conclude that, after making snooping bias adjustment, there is no clue supporting the profitability of technical analysis. Hoffmann and Shefrin (2014) find that investors who apply technical analysis as their primary strategy in options trading are biased towards short-term speculative trading decisions that are sub-optimal in the long run. Similarly, studying futures markets, (Roberts, 2005) finds no evidence to support the profitability of technical trading rules. Lukac and Brorsen (1990) point out that the returns of technical trading rules are leptokurtic and exhibit positive skewness. The study also reports that the historical applications of t-test for the returns produced by technical trading rules can be biased. It is worth considering that MA is most popular among a range of technical analysis rules available. Therefore, some literature primarily focuses on moving average; Such as (Hudson, Dempsey, & Keasey, 1996)show that technical analysis rules (especially the MAs) do not perform superior to buy-and-hold strategy when trading is costly; though these rules have predictive power.Wei, Cheng, and Wu (2014) comment that MAs are the trading rules that are most widely known and used by practitioners and financial traders in the markets because MA methods are easily understandable.Brock, Lakonishok, and LeBaron (1992) further examine the 6 Journal of Economic and Social Studies �Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios   application of the MA timing strategy on Dow–Jones Industrial Average and conclude that MA strategy outperforms buy-and-hold strategy. Mills (1997) also demonstrates similar finding while applying the strategy to FT-30 Index. Kwon and Kish (2002) list down the same results for New York Stock Exchange (NYSE). More recently, (Han, Yang, & Zhou, 2013) apply the moving average (MA) timing strategy in US stock market. The main findings of the study are, MA strategy performs significantly better than buy-and-hold strategy when applied to volatility decile groups. Further, it produces significant average and excess returns. Moreover, these returns also hold for when MA is calculated for more considerable lag lengths. Finally, the excess returns are thus produced sufficiently cover the transaction costs. This study primarily replicates the research carried out by (Han et al., 2013) while simplifying, and to some extent differentiating, itself in the following ways. First, it studies the application of MA strategy in UK stock market. Second, it considers five quantile groups of individual stocks rather than portfolios. The groups are sorted based on the volatility of individual stocks. Third, it utilizes Capital Asset Pricing Model (CAPM) solely to test for abnormal returns. Fourth, it confirms the robustness of results by using only two ways, alternative lag lengths, and trading behaviors. Finally, it compares the results of individual stocks with that of portfolios. Overarching the core aim of the study is to explore either moving average (MA) investment timing strategy is applicable on individual stocks or portfolios, for the stocks listed on the London Stock Exchange. Furthermore, our objective is to compare the performance of MA strategy with a buy-and-hold strategy. The following section explains the material and methods which contains the discussion regarding the nature and sources of data and the econometric model's output as well. We conclude the study in the last section under the conclusion head. Material and Methods We collect stock price data of 1,565 stocks listed on London Stock Exchange, United Kingdom (UK) from December 31, 1999, to February 29, 2016 (4,217 days). Daily values of UK-DS Market - PRICE INDEX and 1-Month Treasury Security rate are also downloaded for the same period. The data downloaded from Thomson Reuters’ DataStream. Risk-free rate and market index data are free from missing values. However, since stock price data does have missing values, so we have to replace such values by not available (NA). Initially, we calculate the daily returns for each stock. These are the returns under the buy-and-hold strategy. As part of the cleaning process, we replace all returns greater than 300%with NA before moving further. Then for every day, following Volume 7 | Issue 2 | 7 �Muhammad Ishfaq Ahmad, Wang Ghohui, Mudassar Hasan, Anika Sattar, Muneeb Ahmad, Ramiz Ur Rehman   (Brock et al., 1992) and (Han et al., 2013), a 10-day moving average (MA) price, Ajt,L of each stock is calculated by using the stock prices (Pt) of previous ten days. The MA price formula is given as follows; Ajt , L = Pjt −( L −1) + Pjt −( L −2) + .... + Pjt −1 + Pjt L , (1) where t = a particular day, L= the lag lengths which is 10 in the first case, J = number of stocks; so, j = 1,…,1565. It is quite simple to apply MA strategy once MA prices are obtained. MA strategy is based on the following notion: on a day, if yesterday’s market price (Pt) is higher than yesterday’s moving average price (Ajt,L), invest in the market today; otherwise, invest in the 1-month T-bill today. Mathematically, MA strategy can be expressed as ~ R jt , L = { R jt , r ft if Pjt −1 > A jt −1, L ; otherwise. (2) Where Rj,t = return on a stock, j , under buy-and-hold strategy t = a particular day rft= the daily 1-month T-bill rate on day t. Rjt,L= MA return on a particular day, for a particular stock, and for a particular lag length which is 10 in this case. MAG is defined as the difference between MA and buy-and-hold returns. Once we have MA returns, MAGs can be calculated in the following way; ~ MAG jt , L = R jt , L − R jt . (3) Note that MAGs measure the performance of MA strategy relative to buy-and-hold strategy. The last portion of Table 1 also reports the success ratio of MA strategy. The idea of success ratio can be described as follow. On a particular day, if MA return is equal to the maximum of either buy-and-hold or risk-free return of that day, the day is considered a success-day; otherwise, it is regarded as a failure-day. Finally, the ratio of all success-days to total trading days available is reported as success ratio. 8 Journal of Economic and Social Studies �Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios   Further, to assess the risk-adjusted performance of MAGs, We apply CAPM regression between MAG returns and daily excess returns on the market, rMKT,t, Famaand French (1993) Which can be expressed as, MAG jt ,L = α j + β j , MKT rMKT + ε jt , ,t j = 1 ,..., 1,565. (4) Where αj, βj,MKT are the alpha(risk-adjusted return) and beta on for each stock. Robustness of results is checked by repeating some steps of the methodology mentioned above. For instance, average returns and alphas are calculated in a similar way but with alternative lag lengths. Alternatively, we test MA strategy for 20-day, 50-day, 100-day, and 200-day lag lengths. However, to further test robustness through random switching strategy, only 10-day lag length is considered. The notion of random switching strategy can be explained as follows: a coin is tossed every day, and if by doing so the uniform distribution provides a probability greater than .5, the random strategy is to invest in the market; in risk-free security otherwise. This process is repeated 10 times for every stock. It means under random strategy; first stock has 10 returns against each day. Then daily returns on 30-day T-bill are subtracted from the respective returns of all days, and for all columns, to calculate excess returns produced by random switching strategy. Each column of excess returns thus calculated is regressed upon excess returns on the market to yield 10 regressions, average returns, alphas, and t-statistics. The averages of all these values are reported in last two columns of Table 3. The exact process is reiterated for other random strategy groups. Finally, it is of interest to see how often daily signals help MA strategy to trade. Consider any stock. A trade happens only if, on a particular day, MA return is equal to buy-and-hold return; and, on the previous day, MA return is equal to risk-free return. Alternatively, a trade also occurs when the situation is reversed; that is if, on a particular day, MA return is equal to the risk-free return; and, on the previous day, MA return is equal to buy-and-hold return. After counting for a number oftrades, we can quickly calculate average hold period, a fraction of trading days and breakeven transaction cost (BETC). As a final note, we would like to explain how we sorted all stocks into five quantiles. We construct five quantiles based upon the standard deviation (volatility) of each stock from a buy-and-hold strategy. Similarly, we create a differential quantile whose returns are equal to the difference between returns of stocks in the highest and the lowest quantiles. The stocks belonging to each quantile remain the same throughout the process. So, each reported figure is the average of all stocks into a quantile. Volume 7 | Issue 2 | 9 �Muhammad Ishfaq Ahmad, Wang Ghohui, Mudassar Hasan, Anika Sattar, Muneeb Ahmad, Ramiz Ur Rehman   Results and Discussion Performance of Buy-and-Hold and Moving Average (MA) Strategy a. Descriptive Statistics Table 1: Descriptive Statistics 9.38 (4.02) 34.45 0.61 0.19 (0.89) 3 5.60 43.50 0.82 0.07 1.15 1.99 60.97 2.20 -0.03 99.70 6.05 -10.72 101.21 4.48 (-0.19) 1.34 0.39 19.25 -0.03 6.45 28.27 2.68 0.52 -13.56 (-0.34) 2.55 -0.04 0.38 32.63 -0.45 0.26 0.39 47.15 -1.61 0.33 0.40 77.27 -6.73 0.08 0.40 78.08 -4.91 0.07 0.02 Skewness 25.59 -0.37 12.05 (1.02) 37.69 4.56 0.42 18.16 (1.19) 60.76 6.60 0.04 (0.34) -0.35 0.34 (0.30) (1.56) (0.06) H-L 22.75 (2.01) (0.11) 5(H) 17.60* 16.76 -0.16 -10.48 (1.17) (1.73) (0.54) 4 11.93 Success of MA Strategy 2 2.33 -25.81 -0.49 Sharpe Ratio (0.94) 11.03** 14.27 Sharpe Ratio 0.34 Skewness 0.55 Standard Deviation Sharpe Ratio 22.14 Average Return Skewness 11.54 Standard Deviation MA(10) Timings Quantiles Panel C Performance of MA Investment Timing Strategy MAGs Average Return Volatility Quantiles   Standard Deviation 1(L) MA Investment Timing Strategy Panel B Average Return Ranks   Panel A   Buy-and-Hold Strategy   4.52 (0.29) 61.79 4.52 -0.32 -2.83 (0.07) Table 1 summarizes various aspects of returns (performance) on quantiles, MA (10 days) timing groups, and the respective MAGs. In Panel-A, we report several statistics of returns on five volatility quantile groups under buy-and-hold strategy namely average return, standard deviation, skewness, and Sharpe ratio. Table 1 also represents the performance of differential quantile, the difference between the highest and the lowest quantile, as its last row. The insignificance of average returns across all groups suggests we do not have substantial evidence supporting the performance of the buy-and-hold strategy in either way. Despite the fact, we comment on the results as follows. The rising volatility and decreasing average 10 Journal of Economic and Social Studies �Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios   returns lead to a dipping Sharpe ratio across quantiles. More importantly, increasing skewness across most quantile groups indicates that the groups accompany a higher chance for significant positive returns. Panel-B shows that only the returns of the first, 11.03% per annum, and the third group, 17.6% per annum, are significant. However, relaxing the level of significance a bit, the returns of second and fourth groups, with t-stats 1.73 and 1.56 respectively (reasonably close to 1.96), may also qualify for significance. Now the results of 10days moving average timing strategy make sense in that the average returns on most MA groups are not only higher than that of buy-and-hold strategy but are an increasing function of quantiles, except the fifth and differential groups. However, for all quantiles, the standard deviations of MA groups are substantially lower than buy-and-hold groups. Consider a case of the lowest and the highest groups an example. The annualized standard deviation of the lowest and the highest groups under buy-and-hold strategy are 22.14% and 99.70% respectively; whereas the same groups produce the standard deviations as 14.27% and 60.76% in case of MA strategy. The findings also depict that the average returns of all groups have sizeable positive skewness which ranges between 1.34 and 6.60; though it also shows an increasing trend from the second to the highest group. However, first and differential groups are an exception here. It points out the fact that all MA group returns not only have the chance to produce substantial positive returns, but the volatility enhances this chance for most MA groups indeed. Since four MA quantiles, second, though the highest, enjoy increasing average returns with lower standard deviations, as directly opposed to buy-and-hold groups, they yield positive Sharpe ratios. Although inconsistent across quantiles, most of the findings in Panel-B appear to suggest that MA strategy performs slightly better than buy-and-hold strategy in timing individual stocks. Panel-C shows the superior performance results of MAGs, the difference between MA returns and volatility quantile returns. The average returns across all quantiles are not significant. Therefore, the results provide no evidence supporting the superior performance of MA strategy over buy-and-hold strategy. Additionally, we comment on the remaining results of Panel-C as follow. As compared to volatility groups, MAG groups yield mixed findings regarding lower standard deviations, higher Sharpe ratios, and, most importantly, negative skewness across most of the quantiles. Negative skewness indicates the possibility of significant negative returns by MAGs. When comparing among volatility, MA, and MAG quantiles, we also note that the standard deviations of MAGs fall somewhere between the standard deviations of corresponding MA and volatility quantiles, lower than that of volatility quantiles but higher than MA quantiles. Finally, the success ratios across most Volume 7 | Issue 2 | 11 �Muhammad Ishfaq Ahmad, Wang Ghohui, Mudassar Hasan, Anika Sattar, Muneeb Ahmad, Ramiz Ur Rehman   MAGs, ranging from 34% to 40%, point towards failure instead. Hence, Panel-C does not provide sufficient evidence in support of MA strategy outperforming the buy-and-hold strategy. To conclude the discussion on results presented in Table 1, it is evident that based upon average returns of groups, we fail to conclude that MA timing strategy outperforms the buy-and-hold strategy when applied to individual stocks-despite of the fact that MA strategy yields some higher returns and low standard deviations. Instead, the results of skewness, Sharpe ratio, and success ratio indicate otherwise. However, the results are too inconsistent to draw any conclusion whatsoever. We further attempt to explain MAGs by using a risk-based model that is Capital Asset Pricing Model (CAPM) b. Explanation of MAGs Using CAPM Regression 3 4 5(H) H-L Adj.R2 (%) 2 βMKT 1(L) Α Rank Table 2: CAPM Results 2.38 (1.18) 3.38 (0.32) 12.18 (1.04) 18.39 (1.22) 4.93 (0.30) 8.25 (0.81) -0.15** (-8.53) -0.26** (-11.32) -0.27** (-9.10) -0.22** (-4.83) -0.18** (-2.42) -0.21** (-7.24) 5.05 5.71 4.56 1.64 0.43 3.48 Table 2 shows the results of CAPM regressions run between excess returns on groups (MAGs) and excess returns on the market under theMA-10 strategy. Adjusted r-squares are in percentages. Annualized alphas and betas also accompany t-stats in parenthesis. **, * denote the results are significant at 1% and 5% levels respectively. The sample period is from December 31, 1999, to February 29, 2016. See Data and Methodology Sectionfor calculations and other details. Table 2 reports the results of regression for MAGs produced by 10-day moving average (MA-10) timing strategy. Note again that all risk-adjusted returns, the alphas, are insignificant. At one hand, the betas of all MAG quantiles are negative, highly significant, and range from -.15 to -.26 across quantiles; on the other hand, adjusted R2 for most of the MAGs that varies from .43% to 5.71% across quantiles are extremely low. Low R2 also confirms that stock returns, and ultimately MAGs, are highly volatile. Hence, coupling together results, beta and adjusted R2, MAG 12 Journal of Economic and Social Studies �Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios   returns do not move against the market. Moreover, excess market returns do not explain MAG returns well. Therefore, as the analysis does not offer evidence supporting the profitability of MA timing strategy, we can reasonably conclude that the results of Table 1 and Table 2 support each other. Robustness Checks Now, we test the robustness of these results in following two ways. First, we assess the performance (profitability) of MA strategy by using alternative lags, for instance, lag lengths with 20, 50, 100, 200 days. Then, we investigate the trading dynamics of MA strategy while accounting for transaction costs. a. Alternative Lag Lengths Table 3: MA Strategy Results 1(L) 2 3 4 5(H) H-L Α Random Switching Average Return α Average Return MAG-200 α Average Return MAG-100 α MAG-50 Average Return Α Average Return Rank MAG-20 -0.93 1.81 -1.91 0.79 -2.73 -0.01 -2.75 -0.05 1.76 -0.60 (1.03) (1.03) (0.73) (0.72) (0.55) (0.55) (0.45) (0.45) (0.02) (-0.32) 1.54 2.35 0.27 0.98 -0.51 0.17 -0.07 0.66 5.77 6.52 (0.18) (0.19) (0.00) (0.01) (-0.11) (-0.11) (-0.07) (-0.06) (0.03) (1.04) 9.77 9.93 7.75 7.92 5.99 6.22 5.08 5.31 4.95 10.76 (0.83) (0.85) (0.52) (0.54) (0.36) (0.38) (0.28) (0.30) (0.01) (1.38) 15.62 15.86 12.29 12.54 9.26 9.53 7.79 8.06 -0.88 -7.50 (1.00) (1.03) (0.75) (0.78) (0.55) (0.58) (0.44) (0.46) (0.00) (-0.92) 1.65 2.05 1.78 2.19 2.33 2.78 1.50 1.95 4.75 20.34 (0.15) (0.17) (0.10) (0.11) (0.07) (0.09) (0.04) (0.06) (0.01) (1.16) -4.94 6.40 -3.83 4.88 0.91 3.73 2.22 3.18 3.58 1.92 (-0.03) (0.65) (-0.02) (0.43) (0.02) (0.30) (0.02) (0.24) (0.03) (0.53) Table 3 presents the results of MA strategy when applied for alternative lag lengths namely 20-day, 50-day, 100-day, and 200-day. We also report the results of random strategy.All average returns and CAPM alphas are annualized with t-stats provided in parenthesis. **, * denote the results are significant at 1% and 5% levels respectively. The sample period is from December 31, 1999, to February 29, 2016. See Data and Methodology Section for calculations and other details. Table 3 depicts the average returns and CAPM alphas of MAGs for alternative lag lengths. All alternative lag lengths bring similar findings as lag-10. Unfortunately, we find no average return and alphas as significant. For making a further comparison with MA strategy, last part of Table 3 reports the performance results, the average Volume 7 | Issue 2 | 13 �Muhammad Ishfaq Ahmad, Wang Ghohui, Mudassar Hasan, Anika Sattar, Muneeb Ahmad, Ramiz Ur Rehman   return, and alpha, generated by random switching strategy. The results indicate that the random switching strategy does not produce substantial results because all average returns and alphas are found extremely small and insignificant. Finally, after combining the results of MAG-10 with Table 3, the insignificance of all results provides no evidence to conclude that MA strategy performs better than buy-andhold strategy when applied to individual stocks. b. Trading Behavior Table 4: Trading Behavior BETC Trading Fraction No. of Trades Holding Period MA-200 BETC Trading Fraction No. of Trades Holding Period MA-100 BETC No. of Trades Trading Fraction Holding Period MA-50 BETC Trading Fraction No. of Trades Holding Period MA-20 BETC Trading Fraction No. of Trades Rank Holding Period MA-10 1(L) 127.08 296 0.07 31.75 151.65 202 0.05 43.28 190.80 125 0.03 56.93 223.78 87 0.02 58.19 253.87 59 0.01 64.18 2 41.65 423 0.10 33.20 56.81 285 0.07 43.27 79.48 169 0.04 56.50 102.40 116 0.03 72.61 128.58 76 0.02 97.51 3 34.82 382 0.09 63.23 53.71 255 0.06 84.28 96.06 151 0.04 121.08 115.06 104 0.03 143.56 141.86 70 0.02 164.25 4 35.01 319 0.08 83.14 51.11 214 0.05 106.00 78.87 125 0.03 149.98 103.37 86 0.02 177.40 134.95 58 0.01 242.84 5(H) 31.09 281 0.07 36.59 46.28 196 0.05 42.52 66.49 119 0.03 56.81 94.16 80 0.02 102.74 124.90 56 0.01 158.65 Table 4 states the number of trades, fraction of trading days (trading fraction), average holding period, and BETCs (breakeven transaction costs measured in basis points) for each MA quantile across all lag lengths. The sample period is from December 31, 1999, to February 29, 2016. See Data and Methodology Section for calculations and other details. Table 4 reports the results of the average holding period, no. of trades, a fraction of trading days, and breakeven transaction costs (BETC) of MA strategy for each quantile across all lag lengths. Note that BETC is the transaction cost which makes the MAG average return equal to zero. As discussed in Material and Method section, the fundamental notion of MA strategy is to use daily signals to make trades. Here the primary concern is the frequency of trading since it has to do with transaction costs. The more the strategy trades, the higher the transaction costs would be. Therefore, too many trades can make the survival of abnormal returns vulnerable to transaction costs. It necessitates seeing whether these abnormal returns can still hold after offsetting for transactions costs. As groups are formed based upon volatility, the performance of MA strategy should improve as we move towards groups with higher volatility. That is, for MA strategy to be successful, following results should hold: 14 Journal of Economic and Social Studies �Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios   from the lowest to the highest quantile, no. of trades and a fraction of trading should rise whereas average holding period, and BETC should fall. See how results in Table 4 meet these criteria. Note that no. of trades, trading fraction, and BETC for the second to fourth quantile show opposite trend, except for the highest and the lowest quantiles. One can easily see that irrespective of the lag length, as volatility rises, no. of trades and fraction of trading days tend to decline while BETC rises. However, holding period tends to fall with rising volatility. Despite the fact, all BETCs are relatively large and well above the actual transaction costs in the UK (.45bp to 1.35pb)1,the majority of our results go against the success of MA strategy. Therefore, most of the evidence presented inTable4 lead to the reverse conclusion, that is, across all lag lengths and most quantiles, MA strategy trades less with increasing transaction costs. Therefore, we can finally conclude that when MA investment timing strategy is applied to the individual stocks, most of the results provide no evidence of its superior performance as compared to buy-and-hold strategy. Instead results of trading behavior indicate towards the failure of MA strategy. A Note on Insignificant Results quoted In statistical analysis, as the holding period gets shortened, the likeliness of data showing random noise increases (Brigham & Ehrhardt, 2013), and this may be the reason why most of the results are insignificant. Remember t-stat is also known as signal-to-noise ratio. Here signal and noise are represented by average return and standard error respectively. Notably, Table1 depicts most of the average returns to be quite healthy but having more substantial standard deviations. It leads to more significant standard errors, which substantially lower the t-stats. So, it may be argued that the daily returns on which the whole analysis is based be quite noisy, making the most results insignificant. The comparison of performance results of individual stocks and portfolios is evident in the following section. Portfolios versus Individual Stocks- Performance of MA Strategy Now, we are in a position to compare the results of MA strategy for portfolios and individual stocks.                                                                                                                         1 As quoted by Trading Services Price List (On-Exchange and OTC) published by London Stock Exchange, effective from February 1, 2016. Volume 7 | Issue 2 | 15 �Muhammad Ishfaq Ahmad, Wang Ghohui, Mudassar Hasan, Anika Sattar, Muneeb Ahmad, Ramiz Ur Rehman   0.19 11.93 22.75 1.34 0.39 43.50 0.82 0.07 17.60* 28.27 2.68 0.52 60.97 2.20 -0.03 (4.02) (0.89) 3 5.60 5(H) H-L 1.15 (0.11) 1.99 99.70 6.05 (0.06) -10.72 101.21 4.48 -0.03 -0.35 (-0.19) Portfolios 1(L) 3.33** 5.04* 3.19 8.80 -1.21 -1.51 20.20** 12.83 (6.14) 0.26 0.39 0.04 -0.32 18.16 (1.19) 4.52 (0.29) -2.83 47.15 -1.61 0.33 0.40 77.27 -6.73 0.08 0.40 78.08 -4.91 0.07 0.02 8.39** 3.90 2.91 1.42 0.61 -0.59 2.4 10.34** 7.03 1.94 1.06 0.58 0.16 2.45 14.55** 8.50 1.99 1.37 0.58 0.52 2.74 23.22** 9.45 2.13 2.15 0.60 4.12 22.49** 10.42 1.88 1.88 0.61 1.31 0.30 (8.37) (5.72) (6.67) (9.56) 1.37 46.18** 10.49 1.57 (17.14) 1.35 34.50** 9.93 (13.53) MAPs 3.09 (12.28) 0.51 32.63 -0.45 -0.50 (11.39) 11.86 -1.04 -0.36 21.78** 6.91 23.54** 15.06 -0.22 12.05 (0.07) (11.49) (6.09) H-L 0.25 15.35** 5.20 10.51 -1.11 0.034 17.75** 6.06 (-0.49) 5(H) 0.42 (15.91) (1.18) 4 0.38 MA(10) Timings Strategy -1.70 0.103 11.68** 2.86 (2.23) 3 (1.56) 6.45 60.76 6.60 (0.34) -13.56 61.79 4.52 4.89 (2.66) 2 25.59 -0.37 -0.04 (1.02) 37.69 4.56 (-0.34) Buy and Hold Strategy 2.55 (0.30) (2.01) 19.25 16.76 -0.16 -10.48 0.34 (1.17) (1.73) (0.54) 4 The success of MA Strategy 0.61 9.38 -0.49 Skewness 34.45 (0.94) 2 Sharpe Ratio 0.34 11.03** 14.27 2.33 -25.81 Skewness 0.55 Average Return 22.14 Sharpe Ratio 11.54 Standard Deviation MAGs Average Return MA(10) Timings Strategy Standard Deviation Buy-and-Hold Strategy Skewness Panel C Standard Deviation 1(L) Panel B Average Return Ranks Panel A Sharpe Ratio Table 5: Comparison of Table 1 (8.40) 1.64 3.18 14.10** 8.60 0.60 (6.37) See Table 5 for this comparison. It contains information of portfolios as well as individual stocks. It is evident that applying MA strategy to portfolios brings better 16 Journal of Economic and Social Studies �Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios   results than to individual stocks-which accompany inconclusive evidence. Mostly, MA portfolios not just produce significantly positive and increasing returns, lower standard deviations, and higher Sharpe and success ratios relative to individual stocks-MA groups, but they also perform better than buy-and-hold portfolios. There could be two reasons for this superior performance- noise in daily returns and diversification effect. Impact of noise can easily be seen in the form of higher standard deviations and ultimately lower t-stats for all individual stock groups. Moreover, the better portfolio returns with lower standard deviations may also imply the benefits of diversification. Table 6: Comparison of Table 2 Rank Individual Stock Group MAGs Α Adj.R2(%) βMKT 2.38 -0.15** 5.05 (1.18) (-8.53) 3.38 -0.26** 5.71 (0.32) (-11.32) 12.18 -0.27** 4.56 (1.04) (-9.10) 18.39 -0.22** 1.64 (1.22) (-4.83) 4.93 -0.18* 0.43 (0.30) (-2.42) 8.25 -0.21** 3.48 (0.81) (-7.24) 1(L) 2 3 4 5(H) H-L α 8.47** (10.13) 10.52** (7.72) 14.77** (9.11) 23.45** (12.37) 22.67** (9.45) 14.19** (6.69) Portfolio MAPs βMKT -0.11** (-41.41) -0.24** (-54.77) -0.30** (-56.62) -0.31** (-50.31) -0.24** (-31.05) -0.13** (-18.79) Adj.R2(%) 30.28 43.18 44.82 39.07 19.62 8.19 The Table 6 is highlighting some more features. When comparing with individual stocks, note all portfolio alphas are highly significant and increasing. Similarly, all betas accompany bigger t-stats and with substantially higher adjusted r squares. Table 7: Comparison of Table 3 Groups MAG-20 Rank Average A Return 1(L) 2 3 4 5(H) MAG-50 Average α Return MAG-100 Average α Return MAG-200 Average A return Random Switching Average Α Return -0.93 1.81 -1.91 0.79 -2.73 -0.01 -2.75 -0.05 1.76 -0.60 (1.03) (1.03) (0.73) (0.72) (0.55) (0.55) (0.45) (0.45) (0.02) (-0.32) 1.54 2.35 0.27 0.98 -0.51 0.17 -0.07 0.66 5.77 6.52 (0.18) (0.19) (0.00) (0.01) (-0.11) (-0.11) (-0.07) (-0.06) (0.03) (1.04) 9.77 9.93 7.75 7.92 5.99 6.22 5.08 5.31 4.95 10.76 (0.83) (0.85) (0.52) (0.54) (0.36) (0.38) (0.28) (0.30) (0.01) (1.38) 15.62 15.86 12.29 12.54 9.26 9.53 7.79 8.06 -0.88 -7.50 (1.00) (1.03) (0.75) (0.78) (0.55) (0.58) (0.44) (0.46) (0.00) (-0.92) 1.65 2.05 1.78 2.19 2.33 2.78 1.50 1.95 4.75 20.34 Volume 7 | Issue 2 | 17 �Muhammad Ishfaq Ahmad, Wang Ghohui, Mudassar Hasan, Anika Sattar, Muneeb Ahmad, Ramiz Ur Rehman   Table 7 (Continued) (0.15) H-L (0.10) (0.11) (0.07) (0.09) (0.04) (0.06) (0.01) (1.16) -4.94 6.40 -3.83 4.88 0.91 3.73 2.22 3.18 3.58 1.92 (-0.03) (0.65) (-0.02) (0.43) (0.02) (0.30) (0.02) (0.24) (0.03) (0.53) Portfolios 1(L) (0.17) MAP-20 MAP-50 MAP-100 MAP-200 Random Switching 8.41** 8.48** 7.37** 7.47** 6.64** 6.74** 4.59** 4.8** 2.58 0.65 (8.36) (10.12) (7.37) (9.06) (6.94) (8.48) (5.40) (6.61) (0.04) (0.84) 2 9.93** 10.08** 8.14** 8.36** 7.93** 8.19** 5.23** 5.74** 3.42 1.42 (5.34) (6.24) (4.37) (6.2) (3.16) (4.62) (0.03) (1.08) 3 13.02** 13.2** 11.67** 11.95** 10.45** 10.78** 6.17** 6.84** 2.54 0.51 (2.88) (4.34) (0.02) (0.33) 21.05** 21.24** 17.86** 18.16** 14.49** 14.84** 8.92** 9.69** 0.23 -1.79 (5.88) 4 (8.51) 5(H) (8.22) (11.17) (4.41) (5.12) (9.53) (4.60) (6.69) (7.72) (3.54) (5.11) (0.00) (-0.96) 19.82** 19.97** 14.16** 14.37** 7.47** 7.71** 0.40 0.91 12.81 10.80** (5.10) (5.78) (2.70) (3.11) (0.15) (0.38) (0.07) (4.21) 11.41** 11.48** 6.78** 6.89** 0.82 0.96 -4.19 -3.88 11.12 9.18** (3.1) (0.35) (0.42) (-1.83) (-1.77) (0.06) (4.03) (5.11) (8.3) (7.01) (7.39) (5.62) (7.38) H-L (7.4) (5.37) (2.92) Table 7 also supports the better performance of MA strategy for portfolios as most of the average returns and alphas are significant across all portfolios, overall lag lengths, except random switching which do not provide robust results even in case of portfolios. Table 8: Comparison of Table 4 BETC Trading Fraction No. of Trades Avg. Holding Period MA-200 BETC No. of Trades Trading Fraction Avg. Holding Period MA-100 BETC Trading Fraction No. of Trades Avg. Holding Period MA-50 BETC Trading Fraction No. of Trades Avg. Holding Period MA-20 BETC No. of Trades Trading Fraction Avg. Holding Period Rank MA-10 1(L) 127.08 296 0.070 31.75 151.65 202 0.048 43.28 190.80 125 0.030 56.93 223.78 87 0.021 58.19 253.87 59 0.015 64.18 2 41.65 423 0.100 33.20 56.81 285 0.068 43.27 79.48 169 0.041 56.50 102.40 116 0.028 72.61 128.58 76 0.018 97.51 3 34.82 382 0.091 63.23 53.71 255 0.060 84.28 96.06 151 0.036 121.08 115.06 104 0.025 143.56 141.86 70 0.018 164.25 18 Journal of Economic and Social Studies �Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios   Table 8 (Continued) 4 35.01 319 0.076 83.14 51.11 214 0.051 106.00 78.87 125 0.030 149.98 103.37 86 0.021 177.40 134.95 58 0.014 242.84 5(H) 31.09 281 0.067 36.59 46.28 196 0.046 42.52 66.49 119 0.029 56.81 94.16 80 0.019 102.74 124.90 56 0.014 158.65 MA-10 MA-20 MA-50 MA-100 MA-200 1(L) 9.64 408 0.100 31.22 15.93 246 0.062 51.80 29.14 133 0.034 83.36 60.25 63 0.016 156.39 70.86 52 0.013 127.75 2 8.71 452 0.110 34.74 14.41 272 0.069 55.32 22.19 175 0.044 69.93 52.10 73 0.018 161.32 76.65 48 0.012 157.72 3 8.96 439 0.110 50.33 13.81 284 0.072 69.42 25.52 152 0.038 115.40 56.70 67 0.017 231.55 70.86 52 0.013 171.62 4 9.81 401 0.100 87.92 15.80 248 0.062 128.56 31.24 124 0.031 216.51 45.36 84 0.021 255.97 61.57 60 0.015 215.02 5(H) 10.17 387 0.098 88.23 16.46 238 0.060 126.00 35.50 109 0.027 195.22 44.83 85 0.022 130.39 72.23 51 0.013 11.41 Table 8 which showsthe trading behavior of both strategies brings almost similar results. In both cases, we observe opposite trends across quantile and groups. Instead of increasing, no. of trades and trading fraction tend to fall. On the other hand, BETC rises across portfolios and groups instead of falling, however, remains well above the actual transaction cost in the UK. Conclusion First, we apply MA investment timing strategy to the groups of individual stocks sorted by volatility. The fact that overwhelming majority of results under MA or buy-and-hold strategies are insignificant helps to maintain that there is no evidence to support the superiority of either strategy when applied to individual stocks. However, trading behavior and success ratios across groups provide some mixed results while indicating more towards the failure of MA strategy. We argue that prevalent noise in daily stock return data is the reason for such consistency in insignificant results. Second, when applied to volatility-sorted portfolios, MA strategy substantially beats the buy-and-hold strategy by yielding higher average return and risk-adjusted return, lower standard deviation, large-and-positive skewness and Sharpe ratio, and considerable success ratios across portfolios. Both for individual stocks and portfolios, returns and especially trading behavior suggest that the performance of MA strategy diminishes as we go farther in history; that is, the longer the lag length, the worse the performance. Volume 7 | Issue 2 | 19 �Muhammad Ishfaq Ahmad, Wang Ghohui, Mudassar Hasan, Anika Sattar, Muneeb Ahmad, Ramiz Ur Rehman   References Allen, F., & Karjalainen, R. (1999). Using genetic algorithms to find technical trading rules1. Journal of financial economics, 51(2), 245-271. Brigham, E. F., & Ehrhardt, M. C. (2013). Financial management: Theory & practice: Cengage Learning. Brock, W., Lakonishok, J., & LeBaron, B. (1992). Simple technical trading rules and the stochastic properties of stock returns. The Journal of finance, 47(5), 17311764. Han, Y., Yang, K., & Zhou, G. (2013). A new anomaly: The cross-sectional profitability of technical analysis. Journal of Financial and Quantitative Analysis, 48(5), 1433-1461. Han, Y., Zhou, G., & Zhu, Y. (2016). A trend factor: Any economic gains from using information over investment horizons? Journal of financial economics, 122(2), 352-375. Hoffmann, A. O., & Shefrin, H. (2014). Technical analysis and individual investors. Journal of Economic Behavior & Organization, 107, 487-511. Hudson, R., Dempsey, M., & Keasey, K. (1996). A note on the weak form efficiency of capital markets: The application of simple technical trading rules to UK stock prices-1935 to 1994. Journal of Banking & Finance, 20(6), 1121-1132. Kwon, K.-Y., & Kish, R. J. (2002). Technical trading strategies and return predictability: NYSE. Applied Financial Economics, 12(9), 639-653. Lukac, L. P., & Brorsen, B. W. (1990). A comprehensive test of futures market disequilibrium. Financial Review, 25(4), 593-622. Metghalchi, M., Marcucci, J., & Chang, Y.-H. (2012). Are moving average trading rules profitable? Evidence from the European stock markets. Applied Economics, 44(12), 1539-1559. Mills, T. C. (1997). Technical analysis and the London Stock Exchange: Testing trading rules using the FT30. International Journal of Finance & Economics, 2(4), 319-331. 20 Journal of Economic and Social Studies �Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios   Neely, C. J. (1997). Technical analysis in the foreign exchange market: a layman's guide. Federal Reserve Bank of St. Louis Review(Sep), 23-38. Roberts, M. C. (2005). Technical analysis and genetic programming: constructing and testing a commodity portfolio. Journal of Futures Markets, 25(7), 643-660. Shintani, M., Yabu, T., & Nagakura, D. (2012). Spurious regressions in technical trading. Journal of Econometrics, 169(2), 301-309. Sullivan, R., Timmermann, A., & White, H. (1999). Data‐snooping, technical trading rule performance, and the bootstrap. The Journal of finance, 54(5), 16471691. Taylor, M. P., & Allen, H. (1992). The use of technical analysis in the foreign exchange market. Journal of international Money and Finance, 11(3), 304-314. Wei, L.-Y., Cheng, C.-H., & Wu, H.-H. (2014). A hybrid ANFIS based on nperiod moving average model to forecast TAIEX stock. Applied Soft Computing, 19, 86-92. Zhou, G., & Zhu, Y. (2013). An equilibrium model of moving-average predictability and time-series momentum. Unpublished working paper, Washington University in St. Louis. Volume 7 | Issue 2 | 21 � Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3744 Title A name given to the resource Performance of Moving Average Investment Timing Strategy in UK Stock Market: Individual Stocks versus Portfolios Author Author Ahmad, Muhammad Ishfaq Ghohui, Wang Hasan, Mudassar Sattar, Anika Ahmad, Muneeb Rehman, Ramiz Ur Abstract A summary of the resource. Abstract: This paper aims to test whether moving average (MA) investment timing strategy is applicable on individual stocks, portfolios formed from these stocks, or both. Moreover, our objective is to compare the performance of MA strategy with a buy-and-hold strategy. The data on individual stocks listed on London Stock Exchange, United Kingdom (UK) is collected over the period starting from December 31, 1999, through February 29, 2016. For the same period, we use daily values of UK-DS Market-PRICE INDEX and 1-Month Treasury bill rate. The paper follows Han et al. (2013) to peruse our investigation. The study applies both MA and buy-and-hold strategies to individual stocks and portfolios sorted by volatility. Since most results are found insignificant, no evidence is found to support that one strategy is better than the other when applied to individual stocks. However, trading behavior and success ratios across groups provide mixed results, hinting slightly towards the failure of MA strategy. The pervasive noise in daily stock return data is the reason why MA strategy consistently produces insignificant results. Moreover, when applied to volatility-sorted portfolios, MA strategy substantially beats buy-and-hold strategy by yielding higher average return and risk-adjusted returns, lower standard deviations, large-and-positive skewness and Sharpe ratios, and much success ratios across portfolios. Both for individual stocks and portfolios, dynamics of returns and especially trading behavior suggest that the performance of MA strategy decreases with rising lag lengths, meaning MA signal weakens for a longer history. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Article PeerReviewed DOI Digital object identifier doi: "10.14706/JECOSS17722 " Identifier An unambiguous reference to the resource within a given context ISSN 1986-8499; H Social Sciences (General),HB Economic Theory https://omeka.ibu.edu.ba/files/original/a4acbbf36d796eb8cbba76c83aa65af0.docx 156d72fd351bb766e04eb4f1381219f5 Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3778 Title A name given to the resource Semantic preference and semantic prosody-a theoretical overview Author Author Begagić, Mirna Abstract A summary of the resource. Abstract: Semantic preference and semantic prosody are two notions that were carefully analysed in post-Firthian corpus linguistics and in the past few years there has been a growing interest in them. As corpora have become larger in size, and tools for extracting different lexical items for different purposes have been developed, the two terms have been addressed more frequently by linguists1. Throughout history, semantic preference and semantic prosody have sometimes been used for the same phenomenon but at other times the two were considered different but closely related. Previous corpus-based studies on the two terms have shown that they can be attached to many investigated lexical items. Therefore, this paper aims to present a detailed theoretical overview of the two terms in order to emphasise their immense importance for identifying the meaning of all the lexical items. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Article PeerReviewed Identifier An unambiguous reference to the resource within a given context ISSN 2566-4638 (In Press) P Philology. Linguistics,PA Classical philology https://omeka.ibu.edu.ba/files/original/186831be8e1cb0b34e1be41a2462c77b.pdf 3c0c1c4c723a5af6ffb421922e8395f7 PDF Text Text     Journal of Economic and Social Studies Labour Market Transition Differences between Natives and Immigrants in EU Economies Valerija Botrić The Institute of Economics, Zagreb vbotric@eizg.hr Abstract: The recent economic crisis has had an adverse effect on the labour markets of European economies and certain population groups   have been disproportionally affected by it. Increased migration flows Keywords: immigrant-native gap, labour market transitions, European cross-country differences, crisis. may very well have created further pressures on the labour markets of host countries. The focus of the analysis here is on differences in transitions from unemployment to employment and vice versa between native and immigrant populations in European economies during the 1998-2015 period. The analysis reveals different outcomes to transitions from unemployment to employment, where in certain countries and years, the unemployed natives find JEL Classification: F22, J15 Article History Submitted: 24.5.2017 Resubmitted: 26.2.2018 Accepted:1.6.2018 http://dx.doi.org/10.14706/JE COSS17723 proportionally more jobs, while in other countries and years, it is the immigrants. In most of the countries, however, employed immigrants are more likely to lose a job than natives. In addition to identifying the immigrant-native gap, the characteristics of individuals as potential contributing factors to the gap have also been assessed. The results of this analysis show that similar individual characteristics exert a different influence on the immigrant-native gap in labour market outcomes in different countries. Thus, similar individual characteristics are rewarded differently in different countries, i.e., their labour markets. Volume 7 | Issue 2 | 22 �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Introduction Recent migration flows have overwhelmed European economies and raised numerous political, economic, social and practical questions. Regardless of the origin of immigrants and their reasons for moving to a host country, a key measure of the relative success of the migration process addressed in economic discussions is based on the integration of immigrants into the local labour market (OECD/European Union, 2015). In view of the above, interactions between immigrants and the domicile workforce gain public attention. Although competition between natives and immigrants can be perceived as an important aspect in terms of access to welfare services and education (Senik et al., 2009), the fear of competing for jobs frequently becomes the dominate topic in public discussions. Hence, natives as incumbent workers on local labour market are more likely to oppose increased immigration for fear of losing their jobs or less opportunities for wage growth (Scheve and Slaughter, 2001; Ortega and Polavieja, 2012). Even before the recent migration wave, similar issues have led to heated public discussions on EU enlargement, regardless of the fact that the underlying economic idea of the European Union project is the free movement of all resources (including human). Some studies advocate the macroeconomic benefits of increased mobility, such as an increase in the GDP per capita, increase in the employment/unemployment rate and decrease in inflationary pressures (Blanchflower and Shadforth, 2009; Kahanec et al, 2013; Del Boca and Venturini 2016; Elsner and Zimmermann 2016). Some studies argue that the welfare systems of host countries are not additionally burdened by the arrival of immigrants (Giulietti et al. 2013), predominately due to the fact that the migrant population is usually younger than the average host population and is of working age, and consequently are net contributors to social security systems if integrated successfully in the host country’s labour market. The recent recession has placed additional emphasis on the issue of labour market outcomes of immigrants. An important finding is that immigrants have been more affected by the economic crisis (Barrett and Kelly, 2012 for Ireland; RodríguezPlanas and Nollenberger, 2016 for Spain; Bratsberg, Raaum and Røed, 2018 for Norway). Although relevant literature has identified this problem in individual countries, a comparative cross-country perspective has not as yet been fully explored. The present paper explores differences between transitions from unemployment to employment and vice versa between natives and immigrants in the European Union Old member states during the recent crisis. The emphasis is on transitions, since changes in labour market status reveal whether immigrants face relatively more adverse conditions than native populations. Even though the topic has been Volume 7 | Issue 2 | 23 �Valerija Botric   addressed in the literature before, the main contribution of the paper is that it provides a comparative approach for European economies. Thus, the analysis reveals the immigrant-native gap and examines the contribution of different personal traits to the gap across analysed countries. Due to self-selection of immigrants into different countries, immigrants with different personal traits prevail in different European economies. An interesting investigation is the manner in which the personal characteristics of immigrants explain the immigrant-native gap across Europe. The main contribution of the paper is to provide a comparative analysis of labour market transitions between immigrant and native population during the latest economic crisis. Additionally, in acknowledging the self-selection of immigrants into different economies, the paper seeks to compare the personal traits that contribute to the immigrant-native gap in different European economies. The paper adopts the following structure. The first section briefly reviews the most relevant findings from the literature. The next section discusses the methodology of the empirical analysis in the paper. Section 3 presents the results and provides a discussion, while the last section offers conclusions. Literature Review The population of immigrants in a country at any given point in time depends on a number of very different factors. Hatton and Williamson (2005) examine world migration in a historical perspective and propose that these include a variety of economic and demographic factors. Some of these factors relate to characteristics of home and host countries, such as distance, colonial relationship, trade relationship, differences in economic performance and language similarities. Extant studies focus on the contribution of migration to the receiving country’s economy. On the macroeconomic level, Ortega and Peri (2014) document long-run income per capita growth, driven by total factor productivity, reflecting increased diversity in productive skills and innovation. In that framework, migrants are depicted as workers desirable to local employers, enabling them to combine diversities of native and immigrant labour to increase production. Still, there is no consensus in the literature whether increased immigration will have a relatively small (Grossman, 1982) or diverse and non-negligible effect (Orrenius and Zavodny, 2007) on the natives’ labour market outcomes. The final results may depend on the ability of migrants to adjust to host country conditions. Chiswick (1978) suggested that migrants sometimes lack specific skills, which leads to migrant (self-)selection into low-skilled jobs and cohort effects. 24 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Additionally, both migrants (Chiswick, Rebhun and Beider, 2016) and their families (Föbker and Imani, 2017) face language barriers in host countries. Another type of barrier relates to the national orientation of the educational systems, leading to the question of transferability of qualifications (Chapman and Iredale, 1993).These obstacles imply higher financial costs of integration, which mostly lead to an increased burden for the host country welfare system. On the other hand, welfare systems in host countries may influence the skill composition of immigrants. Borjas (1999) suggested that welfare services may attract immigrants who otherwise would not have migrated, and then discourage them from leaving their country of destination, by acting as a safety net. In this model, the host country will receive positively self-selected migrants as long as the correlation between the return to skills in the two countries is high and the dispersion in the wage distribution is higher in the host country than in the source country. The argument is additionally explained by Peri and Sparber (2009), who suggest that immigrants and natives specialize in different tasks. Consequently, they do not compete for the same job, but their work is considered complementary. However, the question remains whether immigrants voluntarily self-select themselves into manually intensive and relatively unskilled jobs or whether they are forced to seek employment below their qualifications level. The fact that relatively inexpensive labour is available could be desirable to employers, but not so welcomed by incumbent employees. Some authors argue that in the classic insider-outsider labour market framework, immigrants are considered as outsiders, experiencing more difficulties in access to the market than the native population (Marino et al. 2015). For example, Krings (2009) documents that unions frequently campaign against immigration, because in their view this increased supply-side competition increases the bargaining power of employers and undermines incumbent employee rights. This leads to the incumbent worker’s loss of market power and reduces the probability of negotiating a wage increase. Accordingly, some authors argue that anti-immigration campaigns originate for fear of social dumping (Meardi 2012). The question remains whether such actions are additionally aggravated in times of economic downturn and relaxed during phases of economic boom. Aiyar et al. (2016) argue that gaps in activity, employment, unemployment rates and wages between immigrants and natives can be related to the relatively slow integration of immigrants into host country labour markets. The slow integration process is not only due to inadequate or underdeveloped policies in the host Volume 7 | Issue 2 | 25 �Valerija Botric   countries, but also due to the heterogeneity of immigrants. For example, those who arrive on account of family reunification might not have job placement as their primary goal, while those arriving for humanitarian reasons might be prohibited from seeking work for the initial period due to host country regulations. Studies on European economies corroborate findings that immigrants have lower labour force participation, higher rates of unemployment, and are frequently clustered in lower-paid jobs (Heath et al. 2008). Empirical studies investigating the differences in labour market outcomes between immigrants and natives are relatively abundant, but frequently focus on a single country (for example, Corluy and Verbist, 2014; Langevin et al, 2013), although there are estimates that cover employment probability differences across European economies (Dustmann and Frattini, 2011). Some authors argue that the relative outcomes of immigrants change during the different stages of business cycle (Dustmann, Glitz and Vogel, 2010). There is some evidence that the latest crisis exhibited previously undocumented features (de la Rica and Polonyankina, 2013). However, most of the studies emphasize that, regardless of the similarity in characteristics of the immigrant and native population, the differences in their labour market outcomes persist, even in the case of high-skilled immigrants (Grigoleti-Richter, 2017). Since the heterogeneity of immigrants may be partly the answer, the present study focuses on the labour market transitions. The underlying reason is that this approach identifies those individuals who are employed and have documented attachment to a labour market. In similar way, those who are unemployed (the ILO definition assumes that they are actively seeking work) decide to participate in the host country labour market and the reason for the differences in labour market outcomes is not due to self-selection into participation. Some studies show a strong impact of business cycles on immigrant labour market outcomes, due to the differences in sectoral composition of employment in comparison to the native population (Dustmann, Glitz and Vogel, 2010). Also, migrants arriving during a recession encounter difficulties upon arrival, which then persist, even when labour market conditions improve (Åslund and Rooth, 2007, McDonald and Worswick, 1998).In that respect, the literature also notes that immigrants are more likely than natives to end up not just in non-employment, but also in self-employment (for example, Blume, et al (2009) in Denmark). Recently, Garda (2016) analysed labour market transitions in OECD economies using European Community Household Panel data. Significant differences between countries have been found for the analysed period 2005-2012. For example, there are high-transition countries where workers move from employment to joblessness 26 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   (Austria, Finland, Portugal, Spain and Sweden) and low-frequency transition countries (Belgium, the Czech Republic, France, Luxembourg, Poland, the Slovak Republic and Slovenia). The rest of the paper is devoted to exploring the crosscountry differences of labour market transitions across European economies in more detail. Research Methodology The analysis relies on the EU Labour Force Survey data for the period 1998-2015. This data source provides comparable data for analysed countries. The aim of the analysis was to include all the European economies for which the data was available. However, since the dataset contains individual answers to the Survey1, in accordance with the confidentiality threshold, each case that has up to three answers to a specific question is considered as missing observations. Thus, the rest of the paper presents only the data for which sufficient observations were achievable. To distinguish between natives and immigrants, a simple indicator has been utilized – if a person is citizen of a resident country, she is considered a native2. Otherwise, she is considered immigrant. This approach yields different treatment of individuals across countries, since each EU country has a separate regulation for acquiring citizenship (Ritzen and Kahanec, 20017). As Dustmann and Frattini (2011) clarify, there are in general two approaches regarding citizenship. The first refers to AngloSaxon countries which consider immigrants as those born outside their country of residence. The other concept is related to citizenship, when people are born in the country of residence, but are not entitled to citizenship based on the relevant legislation. Regardless of the definition used in a country, the analysis in the paper retains the same definition across the countries in order to maintain comparability. To get additional insight, a different concept has also been applied. A person is considered a native if (s)he was born in the country, while immigrants have been divided into two categories – those born in other EU countries and other                                                                                                                         1 According to the European Commission (2016, p. 6) in the case of LFS data available for scientific purposes “In any reports, including all publications and unpublished papers, three cell size thresholds will be distinguished for LFS results: confidentiality threshold: up to 3 observations (unweighted sample), results must not be published”. 2 This definition is data-specific, since LFS does not contain data on a person’s immigration history. The countries differ in their citizen acquisition policies, EU countries might have different policies towards intra-EU migrants and some changes occurred in the process during the Great Recession (Alarian, 2017). This should be kept in mind when interpreting the results in the present study. Volume 7 | Issue 2 | 27 �Valerija Botric   immigrants3. According to the data, a person arriving from EU countries in the period until 2004 relates to individuals from EU-15 countries, in the period 20052006 refers to individuals from EU-25 countries, in the period 2007- 2013 from EU-27 countries, and after 2013 individual from EU-28 countries. Since this paper focuses on labour market transitions, the sample is restricted to persons aged 15-64. Two labour market transitions are analysed – (i) from unemployment to employment and (ii) from employment to unemployment. In each case the current labour market status is compared to the labour market status of the same individual a year ago. Specifically, LFS contains a question on the current labour market status and the status an individual had a year ago. A transition variable is formed as a comparison between those two statuses. Due to the data source used, other important questions concerning labour market outcomes (such as duration of unemployment once the person losses a job or the frequency of unemployment spells) are not covered in the present research. The descriptive analysis focuses on the last available year (2015) and the evolution of transitions in the period 1998-2015. In addition to the descriptive analysis, an empirical analysis of contributions to the existing gap is performed based on data for the year 2015. The empirical analysis focuses on countries where the descriptive analysis has established that immigrants are in the most disadvantageous position. The case of transitions from employment to unemployment involves those countries exhibiting greatest evidence that immigrants lose disproportionally more jobs than natives. The empirical analysis rests on the well-established Fairlie (1999) methodology. The methodology identifies and decomposes the overall gap between the two subgroups into the contribution of each specific factor considered relevant. It is applied in cases when the outcome is binary, such as in our case when observing whether a person has made a transition or not. The significance of a specific factor for the outcome is estimated in the underlying probit model (Fairlie, 2005). Once the significant variables are identified, the methodology determines the degree to which the gap between the outcomes can be explained by that specific variable. Given that we want to explore transitions between labour market states, many of the traditional variables used in analysing predictions of labour market outcomes are perfectly correlated with changing the labour market status. For example, occupation perfectly explains the transition from unemployment to employment. The same                                                                                                                         3 Due to the previously mentioned confidentiality threshold, the data could not be disclosed for a larger number of country-years. 28 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   argument applies for the economic activity a person worked in/starts working in. The choice of explanatory variables is governed by the data used, but their inclusion is justified by the existing literature. Motivation for the choice of explanatory variables is offered below: • Sex of a person. Studies show that – even though on average women migrate as frequently as men - family reunification is the main cause of female migration to Australia, Canada, Europe, New Zealand, and the United States (Ghosh 2009). Additionally, push factors, such as escaping home country (formal and informal) discriminatory institutions can play an important role in a female’s decision to move (Ferrant, et al 2014). The probability that females will be immediately integrated into the host country labour market is lower, even though gender equality in the workplace in the host country can be a strong pulling factor (Baudassé and Bazillier 2014). Even when participating in the labour market, women face difficulties. Studies have found that migrant women may face double discrimination – as migrants and as women (Ghosh, 2009). To address these issues, we included a dummy variable that equals one if a person is male. Even though studies show that migrant women are more vulnerable on the labour market, the recent crisis had adverse effects on male workers. Studies reveal that women were less affected (Farris, 2015) so our initial assumption is that they will be less likely to lose a job, but we cannot assume that they will be also more likely to gain employment. To the extent that the effect of the crisis had a greater impact on male-related jobs (and in particular in industries where the immigrant workforce is more strongly represented), we expect that the sex of a person will be significant positive factor in explaining the gap in immigrant-native transitions from employment to unemployment. To the extent that the crisis brought about an additional shift towards increased demand for traditional female occupations and thus contributed to the activation of the female labour force, we expect that the sex of a person will be significant negative factor contributing to the gap in immigrant-native transitions from unemployment to employment. • Age of a person. This is a standard predictor for labour market outcomes. Literature provides evidence that European youth have been hit more by the recent economic crisis (Bruno, Marelli, Signorelli, 2014). Even in boom periods, youths frequently change careers (in some countries more frequently than others), meaning that they may have been “in-between jobs” at the time of Survey more so than the mature working-age population. At the same time, older population groups might begin to consider retirement options and in turn employers may be more willing to part with older employees given that they consider them to be less a productive option for future business endeavours. Thus, both population subgroups are at a Volume 7 | Issue 2 | 29 �Valerija Botric   greater risk of losing their jobs, while older persons are also less likely to find a job upon becoming unemployed. Although the same is true for both the immigrant and native population, the question is whether their age structure of immigrant and native can contribute to the explanation of the gap. Given that young persons are more likely to migrate (as recently discussed by Bernard, Bell and Charles-Edwards, 2016) and immigrants from some countries are more likely to have larger families than the host country population, the case may very well be that the immigrant population is disproportionally young. We operationalize this by including dummy variables for each cohort starting from 15-24 to 55-64, with the most working active age cohort 35-44 serving as a reference. Youth have been more adversely affected by the crisis (O’Higgins, 2012). Therefore, the expectation is that migrant youth will face twice as many difficulties – the probability of losing a job will be higher for the migrant youth while the probability of finding a job will be lower. To the extent that the immigrant population belongs disproportionally to the age cohort most adversely affected by the crisis in the host labour market, we assume that this variable will have a significantly positive contribution in explaining the immigrant-native gap in transitions from employment to unemployment and a significantly negative contribution in explaining the gap in transitions from unemployment to employment. • Degree of urbanisation of the area in which a person lives. The labour market is more vibrant in densely populated areas and provides more job opportunities, which in turn is more likely to affect the successful economic integration of immigrants into a host country (Pischke and Velling, 1997; Borjas 2001, Jaeger 2008). Recently, Verdugo (2016) also emphasized the role of public housing (in densely populated areas) as an important factor for immigrants choosing a location within a host country. Hence, the assumption is that immigrants are more likely to choose densely populated areas and are more likely to live in immigration hubs (regardless of whether it is their own choice or by necessity). This may also create additional job prospects, for example, through social network effect and thus ease the transition from unemployment to employment. Similarly, it may also create low job areas with vicious circles of unemployment and poverty, contributing to job loss transitions. We operationalize this situation by including three dummy variables – sparsely, densely and intermediately populated areas, where the dense area is the reference in probit equations. To the extent that immigrants are more concentrated than the native population in densely populated areas, we expect that our explanatory variables will have a significant negative contribution to explaining the gap in the transition from unemployment to employment (due to lower overall labour market demand in less densely populated areas) and a significantly positive contribution in explaining the gap formation in transitions from employment to unemployment 30 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   (due to relatively more adverse labour market conditions for immigrant workers in less densely populated areas). • A person’s education is an important predictor of labour market outcome. Immigrants frequently face obstacles in obtaining recognition of their qualifications in host countries and subsequently end-up taking jobs that are below comparable levels of the native population. This, however, implies that the immigrant population may have lower reservation wages than the native population. Employers may exploit this situation by acquiring more productive workers for lower wages. However, the relationship is not straightforward. The educational attainment may not be easily transferred to work activities in host countries due to numerous obstacles (including language or cultural barriers). Studies have also found that there are important educational attainment differences with respect to second-generation immigrants (Borjas 1992). Hence, the expected role of education is crucial, but the direction of this variable’s contribution remains unclear at first. We included educational attainment using 3 dummy variables – low, medium and high levels of education, where medium is the reference value. To the extent that a country is able to attract immigrants with higher levels of education than the native population and with relatively good labour market integration policies, we expect that the higher education variable is a significant negative contributor of the gap in transitions from unemployment to employment. To the extent that a country is attracting immigrants with lower levels of education than the native population, and immigrants are faced with additional adverse conditions on the local labour market, we expect that the lower education variable is a significant positive predictor of the gap in transitions from employment to unemployment. Results and Discussion Transitions from Unemployment to Employment First, focus is placed on the differences in transitions from unemployment to employment. Specifically, these transitions include persons who were unemployed a year ago but are employed at the time of the Survey. To make comparisons across countries, the data show transitions as percentage of those who are unemployed during the current year in the respective population. The differences between immigrants and the native population for all European Union countries with a sufficient number of observations in the year 2015 are presented in Figure 1, panel A. The transitions are also illustrated for the same countries following country of birth as a distinction between immigrant and native population, with those born in Volume 7 | Issue 2 | 31 �Valerija Botric   the country described as “home”, and the other labels are self-explanatory (Figure 1, panel B). Figure 1: Transition from Unemployment to Employment, 2015 panel A 60 50 40 30 20 Latvia Malta Poland Portugal Sweden Slovenia UK Malta Poland Portugal Sweden Slovenia UK Litva Latvia Immigrants Italy Hungary Greece France Finland Spain Estonia Denmark Czech R. Germany Cyprus Belgium 0 Austria 10 Natives Home EU Litva Italy Hungary Greece France Finland Spain Estonia Denmark Czech R. Germany Cyprus Belgium 70 60 50 40 30 20 10 0 Austria panel B non-EU Source: author’s calculations based on EU-LFS data. 32 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   The data clearly reveal differences among European countries. Regardless of the overall transition rate (which also depends on the characteristics of the local labour market), there are: • Countries where transitions from unemployment to employment are similar for the native and immigrant population: Austria, Belgium, Germany, Spain, Greece; • Countries where unemployed immigrants were more likely to find a job than natives: Cyprus, Czech Republic, Italy, Malta, Poland and UK; • Countries where unemployed natives were more likely to find a job than immigrants: Denmark, Estonia, Finland, France, Hungary, Latvia, Sweden. These differences might not be the same over time, since countries can adopt different policies and/or experience additional immigration flows influencing the ability of local labour market to absorb them. To explore this further, we turn our focus on the evolution of the transition rates from unemployment to employment in the 1998-2015 period. The data presented below refer to the initial definition of immigrants and natives based on citizenship4. Initial analysis captured all European countries, but the data presented in Figure 2 are only for the countries that had enough observations throughout the analysed period. Figure 2 contains separate panels for Belgium, the Czech Republic, Germany, Denmark, Estonia, Finland, Greece, Portugal and the United Kingdom.                                                                                                                         4 The data based on country of birth can be obtained from the author upon request. It has to be emphasized that the evolution of “native” and “country-born” population is virtually the same, since the correlation for the two datasets (for all the countries and all available years) in the case of transition from unemployment to employment is 0.997788. The same comparison for the “immigrant” population is not appropriate, because disaggregating the overall immigrant into EU-born and non-EUborn leads to a larger number of cases where the data cannot be disclosed due to publication threshold restrictions imposed by Eurostat. Additionally, in a number of countries at the beginning of the sample, there was a large proportion of cases with “no-answer” for the country of birth variable. Indeed, as can be noticed from the comparison presented in Figure 1, this “no-answer” issue was carried out throughout the analysed period in the case of Germany. Volume 7 | Issue 2 | 33 �Valerija Botric   Figure 2: Transition from Unemployment to Employment, 1998-2015 34 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Source: author’s calculations based on EU-LFS data. The data reveal different patterns of transitions from unemployment to employment, clearly connected with overall labour market developments. For example, what is noticeable are the deteriorating conditions in the Greek economy which exerted a negative effect on transitions to employment for both immigrant and natives, while the decline for the immigrants was particularly steep at the beginning of analysed period and again in the 2009-2011 period. In some economies – Finland and the Czech Republic - the crisis period (around the year 2008) was associated with increased transitions of immigrant population towards employment, while no similar patterns were recorded for native population. The data presented in the figure also show countries with (almost) continuously different transitions of immigrants and natives. On one side of the spectrum is Denmark, where natives were more likely to make the transition from unemployment to employment throughout the analysed period. On the other side are Portugal and United Kingdom, where since the early 2000s, immigrant transitions from unemployment to employment are higher than for natives. Volume 7 | Issue 2 | 35 �Valerija Botric   For the countries with the largest identified gap, we explore whether the differences in characteristics of native and immigrant population can explain the existing hap. The results of the estimates based on the Fairile methodology are presented in Table 1. Table 1: Contributions to the Gap in Transition from Unemployment to Employment, 2015 Native Denmark Estonia Finland France Hungary Latvia Sweden Slovenia 0.42 0.53 0.25 0.28 0.41 0.46 0.48 0.24 Immigrant 0.28 0.38 0.21 0.22 0.28 0.32 0.37 0.21 Gap 0.14 0.14 0.04 0.05 0.13 0.14 0.12 0.03 % gap explained -3.61 17.11 -45.16 56.34 -15.10 43.74 12.98 63.25 -1.87 0.07 -1.16 29.05* Contributions to the gap (as percentage of the estimated gap) 0.54 0.53 -4.41 1.38* Male Age 15-24 2.70 24.22* -6.33 8.05* 1.27 16.07* 3.88* -2.91 Age 25-34 -3.70 6.51* -24.99* -0.75* 0.14 10.93* -4.02* 1.89 Age 45-54 -1.03 -1.30 Age 55-64 -7.34* 4.76 Inter-urban 0.00 -0.14 Sparse-urb 3.84* Edu-low -3.30* -1.22 Edu-high -1.51 3.21* 4.51 N 2580 751 1135 -1.02 0.91* -2.73* -75.38* -10.59* 17.28* -4.88 1.69 -0.08 -16.97* 8.20* -19.69* -0.05* -0.81* 8.66* 3.53* -0.02 -8.89 5.56* -26.59* 1.64 0.01* 30.71* 43.35* 46.80* -6.69* -0.11 0.49* 41.82* 5.87* -4.27* 1.44* -3.50* 39.55* 33154 13332 2452 6136 4037 -19.31* 25.23* Source: author’s estimates based on EU-LFS data. The important point to notice is that, although the size of the gap differs, in all analysed countries the natives are more likely to make a transition from unemployment to employment than the immigrant population. The transition was most frequent in the case of Sweden, and least frequent for Slovenia – indeed, most countries had higher transition rates for the immigrant population than Slovenia had 36 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   for the native population. This suggests that labour market in Slovenia was rather sluggish5. The analysis reveals that the explanatory variables have various contributions in explaining the existing gap in transitions from unemployment to employment between native and immigrants across countries. The variables jointly provide an explanation for most of the gap in transition from unemployment to employment in Slovenia (63 percent of the gap), France (56 percent of the gap) and Latvia (43 percent). However, the results imply that had the immigrants and natives the same characteristics based on analysed variables, the gap in transitions from unemployment to employment would be even larger in three analysed countries – Finland, Hungary and Denmark. Based on these results the probable assumption is that in these three countries the immigrant population fulfils in specific section of labour market demand. Not a single personal characteristic has been found significant in all of the analysed countries. This implies that each country attracts different types of immigrants and depending on specific labour market integration policies, immigrants with similar characteristics have different outcomes in comparison to native populations. This finding is in line with previous literature, but the results enable us to explore these differences. Even when significant, the same variable does not have the same sign of contribution to the gap. For example, low education contributes to the explanation of the gap for France, Finland and Slovenia. It seems that in these countries, immigrants are on average relatively less educated (or their qualifications are not recognized by the home country education system), thus decreasing their chances of finding a job. However, in case of Slovenia, higher education among immigrants also contributes to a relatively unfavourable outcome for immigrants. Thus, the argument may very well be that, at least in Slovenia, there are important differences in the structure of educational attainment (formal or not) between immigrants and natives that influence respective labour market transitions. Another important example in some countries is age. In the case of Finland, had immigrants been represented in the age cohort 55-64 as much as natives, the gap in the average transition from unemployment to employment would be even larger. Similar results are also valid for Sweden, France and Denmark. However, the differences in this age cohort between immigrants and natives provide an explanation of the existing gap in Hungary, Latvia and Estonia. This also shows that the age                                                                                                                         5 For an overview of labour market indicators in EU economies in 2015 please consult European Union (2016). Volume 7 | Issue 2 | 37 �Valerija Botric   structure of immigrants in comparison to the native population differs among the analysed countries. The overall conclusion is that not only does the gap in transitions differs, but the path of the gap also differs, and the contributions of the variables in explaining the gap differ across European economies. Transitions seem to be idiosyncratic to host country labour markets. To illustrate this, we analyse in which economic activities immigrants and natives found a job. The data in Table 2 are presented as percentages of the respective population that has made the transition from employment to unemployment. Table 2: Percentage of Previously Unemployed Natives in Immigrants According to the Economic Activity of Their Employment, 2015 Denmark NACE I A N 3.4 0.5 14.4 14.0 Estonia France I I N N Hungary Latvia I I N 4.8 4.3 1.8 29.6 20.6 5.7 10.7 16.3 B C 6.9 N 5.2 11.7 16.4 17.0 0.1 29.5 Sweden Slovenia I I N N 1.1 0.8 2.5 0.2 4.0 7.4 D 0.5 0.4 0.4 0.3 1.1 0.4 E 0.7 0.5 0.6 2.5 0.4 0.4 49.1 23.1 0.8 F 3.4 5.7 23.0 15.1 12.2 7.4 7.2 25.9 12.4 4.0 5.0 G 9.6 17.3 6.6 19.0 10.1 12.8 7.0 15.5 15.4 11.2 12.2 12.2 H 7.5 4.6 8.2 4.2 4.2 4.8 3.4 11.2 7.1 7.2 5.0 4.7 I 15.8 5.0 6.6 6.4 7.6 6.5 4.3 0.0 4.4 11.6 5.9 8.0 J 6.2 2.2 1.9 1.3 2.0 0.6 0.0 1.8 3.2 2.8 2.1 1.0 1.5 0.5 0.0 1.1 1.6 0.8 1.7 1.5 0.9 0.3 7.8 2.4 4.0 1.1 3.5 2.6 4.4 0.7 1.7 10.8 5.9 3.9 9.7 6.5 5.1 5.2 2.0 11.1 6.3 2.6 2.3 6.4 33.8 3.9 14.8 4.4 3.9 8.0 5.5 8.0 3.1 5.6 18.8 11.9 8.1 K 1.4 L 1.4 M 3.4 2.9 N 10.3 4.8 O 3.3 4.9 40.7 6.9 P 4.8 10.3 Q 12.3 16.6 3.5 12.7 13.4 3.2 3.6 R 2.1 3.0 1.6 1.1 2.5 1.5 1.9 S 2.7 2.2 2.9 3.2 4.1 1.1 7.2 2.0 0.2 T 8.2 3.4 1.7 15.4 2.4 15.1 9.1 5.9 11.3 7.5 3.1 5.8 4.1 3.6 3.1 3.0 0.6 Source: author’s calculations based on EU-LFS data. 38 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Note: NACE activities are: A – Agriculture, forestry and fishing; B- Mining and Quarrying; C – Manufacturing; D – Electricity; Gas, Steam, and Air Conditioning Supply; E – Water Supply, Sewerage, Waste Management and Remediation Activities; F – Construction; G – Wholesale and Retail Trade, Repair of Motor Vehicles and Motorcycles; H – Transportation and Storage; I – Accommodation and Food Service Activities; J – Information and Communication; K – Financial and Insurance Activities; L – Real Estate Activities; M – Professional, Scientific and Technical Activities; N –Administrative and Support Services; O – Public Administration and Defence, Compulsory Social Security; P – Education; Q – Human Health and Social Work Activities; R – Arts, Entertainment and Recreation; S – Other Service Activities; T – Activities of Households as Employers; U – Activities of Extraterritorial Organisations and Bodies. Based on the data in Table 2, we notice that in Denmark immigrants are most likely to find a job in accommodation and support services. This is also the activity where the difference between immigrant and native transition to employment is the highest. Sweden is another example where immigrants are more likely to find work in this activity than natives. However, for Sweden, it seems that in 2015 most immigrants found employment in education. This is not the case in other economies. Indeed, in most countries education activity employed the native population. The dominant sector for immigrants in Slovenia was manufacturing and public administration in Hungary. In both these countries the number of immigrants that made a transition was rather low. France, a country with a high share of immigrant transition, mostly employed them in construction, and human health and social work. The data in Table 3 explore differences in working conditions between immigrant and native population for the case where they made the transition from unemployment to employment. The questions were related to the quality of job. The data in Table 3 show: percentage of the respective population employed on a permanent contract, percentage of the respective population that declared that their jobs do not involve working in shifts, working during the evening, working during nights, Saturday or Sunday work. Table 3: Working Conditions of Immigrants and Natives Who Made the Transition from Unemployment to Employment, 2015 Country Denmark Permanency No Shift No Evening No Night No Saturday No Sunday I 20.5 87.7 62.3 90.4 67.8 100.0 N 26.1 93.4 65.4 91.9 69.1 74.9 Volume 7 | Issue 2 | 39 �Valerija Botric   Table 3 (Continued) Estonia Finland France Hungary Latvia Sweden Slovenia I 27.9 72.1 60.7 88.5 67.2 73.8 N 13.5 75.6 61.4 93.2 64.6 76.8 I 50.0 71.4 78.6 92.9 92.9 85.7 N 51.3 77.7 68.7 93.2 78.5 80.8 I 66.2 73.9 32.8 36.2 26.5 32.0 N 65.1 76.3 28.7 33.0 22.5 29.3 I 77.8 96.3 88.9 92.6 74.1 77.8 N 63.4 81.4 78.2 87.7 71.4 85.2 I 20.7 71.6 66.4 92.2 62.9 75.9 N 13.2 68.1 69.1 89.2 64.5 74.1 I 66.8 76.8 70.0 88.0 67.6 68.8 N 60.3 74.0 66.8 85.5 65.0 68.1 I 62.3 49.1 58.5 71.7 43.4 64.2 N 71.7 56.3 58.4 84.0 43.3 71.1 Source: author’s calculations based on EU-LFS data. Contrary to initial expectations, the immigrant population on average does not always end up in jobs associated with more adverse working conditions. For example, a higher percentage of immigrants made the transition to permanent jobs in Sweden, Latvia, Hungary and Estonia. A higher percentage of immigrants found employment not involving shift work in Hungary, Latvia and Sweden. Moreover, a higher percentage of immigrants found employment not involving Sunday work in Denmark, Finland, France and Latvia. Transitions from Employment to Unemployment Next we turn our attention to analysing differences in transitions from employment to unemployment. We define the transition as occurring if a person who has been employed a year ago is currently unemployed. The differences between immigrants and the native population for all European Union countries with a sufficient number of observations for the year 2015 are presented in Figure 3, panel A. The Figure 3 in panel B also contains information on the transition from employment to unemployment by country of birth – home country, EU country and non-EU country. 40 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Figure 3: Transition from Employment to Unemployment, 2015 Source: author’s calculations based on EU-LFS data When comparing these results with those presented in Figure 1, it becomes evident that transition rates from employment to unemployment are lower than those from unemployment to employment. This is as expected. The most obvious explanation is Volume 7 | Issue 2 | 41 �Valerija Botric   that the number of employed is always larger than the number of unemployed, hence the base of the second transition rate is larger, yielding a smaller percentage. A more substantial explanation is that rigidity of labour market institutions influence both hiring and firing procedures. Thus, the more rigid is the labour market, the costlier it will be for employers to fire employees, and thus they are more likely to sustain an above-optimal employment level even during times of crisis. Bassanini and Garnero (2013) found that the more restrictive the regulation, the smaller is the rate of within-industry job-to-job transitions, in particular towards permanent jobs. However, regulations are not the only explanation. Employers may want to retain for workers an above-optimal employment level during the bust phase given that human capital is scarce and employers are generally aware of the cyclical nature of an economy. In that case, relative attitudes towards immigrant workforce might become more evident. The data clearly suggest that in almost all the countries (with exception of the Czech Republic) transition rates from employment to unemployment in 2015 were higher for immigrants than for natives. This indicates that immigrants are more likely to lose their job and the relative likelihood is highest in France, Spain and Portugal. Other countries also have significant differences – for example, Austria, and Denmark. Again, we explored this issue within a dynamic perspective, to reveal whether these patterns persist in countries. The data presented below refer to the initial definition of immigrant and natives based on citizenship6. The data are again presented only for those countries for which transitions were observable throughout the 1998-2015 period (Figure 4). Figure 4 contains separate panels for Belgium, the Czech Republic, Germany, Denmark, Estonia, Finland, Greece, Portugal and the United Kingdom.                                                                                                                         6 The data based on country of birth can be obtained from the author upon request. It has to be emphasized that the pathway for “native” and “country-born” population is virtually the same, since the correlation for the two datasets (for all the countries and all available years) in the case of transition from employment to unemployment is 0.995794. Given that the number of transitions in this case is lower, there are more cases when the data cannot be publicly disclosed due to the threshold imposed by Eurostat. 42 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Figure no. 4: Transition from Employment to Unemployment, 1998-2015 Volume 7 | Issue 2 | 43 �Valerija Botric   Source: author’s calculations based on EU-LFS data. Evidence shows that for most of the countries (again with the exception of the Czech Republic), immigrants are more likely to lose employment than natives during the analysed period. It may be that immigrants are more likely to be employed in the economic sectors more adversely affected by economic crises (Kogan, 2004). For some countries, – for example, Greece – there is additional effect of the crisis adverse impact on immigrants. For other countries – for example, United Kingdom – the crisis had the effect of the narrowing the gap between immigrants and natives losing their jobs, hence the assumption may be that it had a more adverse effect on the native population. Both transitions reveal that the pathway for the immigrant population is more erratic than for natives. The pathways for transitions of native populations are generally smoother, usually exhibiting spikes during the steepest economic downturns. Thus, it seems that while natives are more likely to lose their jobs in times of crises, the 44 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   immigrant population has more difficulties in predicting their chances of retaining jobs even during favourable economic times. To analyse contributions to the gap, our focus is directed to countries where immigrants have the highest probabilities of losing jobs in comparison to the native population. The analysis again relies on the Fairlie methodology including the same set of initial predictors (Table 4). Table 4: Contributions to the Gap in Transition from Employment to Unemployment, 2015 Austria Denmark France Italy Portugal Sweden Native 0.02 0.02 0.03 0.02 0.03 0.02 Immigrant 0.04 0.05 0.08 0.05 0.06 0.05 Gap -0.03 -0.03 -0.05 -0.03 -0.03 -0.03 % gap explained 22.10 4.07 17.87 26.84 12.40 3.89 Contributions to the gap (as percentage of the estimated gap) Male 0.08 0.31* 0.74* 0.20* 0.31 0.79* Age 15-24 0.87* 1.34* -3.11* 2.96* 5.03* -0.61* Age 25-34 2.65* 2.58 1.55* 7.16* 4.20* 2.65* Age 45-54 1.95* -0.71 2.61* 3.84* 2.38* -0.14 Age 55-64 2.47* 0.82 2.35* 5.65* 3.17* -3.42* Inter-urban 0.00* 0.89* -0.17* 0.90* -0.06 0.59 Sparse-urb 10.44* 3.06* 4.27* 0.89* 2.04* 1.17* Edu-low 1.80* -1.14* 7.68* 3.46* -4.81* 5.51* Edu-high -2.40* -3.10* 1.97* 1.78* 0.15 -2.68* N 79223 49864 193469 192701 63242 76236 Source: author’s estimations based on EU-LFS data. The data in Table 4 show that in all analysed countries, immigrants had higher transition rates from employment to unemployment than the native population. The chosen variables explain the relatively small percentage of the gap in transition from employment to unemployment between the immigrant and native population – the Volume 7 | Issue 2 | 45 �Valerija Botric   highest in Italy (26 percent of the gap), Austria (22 percent) and France (17 percent). For the case of transitions in the opposite direction, the level of significance and the sign of specific predictors differ across the analysed countries. Regardless of the fact that there are no common features, individual analysis at the country level is noteworthy. It is interesting to note that in sparsely populated areas of Austria, immigrants are more likely to lose jobs. Another interesting fact is that in Italy, younger age cohorts of immigrants (25-34) are more likely than natives to lose jobs. In the case of France, a low education is an important predictor for the disproportional job loss among immigrants. Specifically for this country, a comparative analysis of both transitions indicates that educational attainment plays an important role in relative labour market integration of immigrants. A large segment of the gap remains unexplained due to the differences in characteristics between natives and immigrants. This suggests that there are many other factors as to why the immigrants are more likely to lose jobs than natives, more factors than we were able to analyse with the existing dataset. To contribute to a discussion on the potential factors, Table 5 presents the structure of immigrants and natives in the analysed countries based on the economic activity they previously worked in. The data consider only of those individuals who made the transition from employment to unemployment. Table 5: The Structure of Immigrants and Natives Based on the Economic Activity of Their Previous Job, 2015 Austria I A Denmark France I N I N I N 0.8 5.2 1.5 1.9 1.9 4.9 3.2 0.2 16.2 Portugal N B C Italy 18.2 11.1 13.8 8.3 13.2 I Sweden N I N 2.9 4.0 1.1 14.3 7.2 8.4 0.5 13.0 16.5 D 0.7 0.4 0.8 0.5 E 0.5 0.5 1.6 0.9 0.6 1.1 5.4 0.5 0.3 0.5 0.5 F 17.4 12.0 5.2 7.9 21.8 10.1 17.6 14.4 15.2 10.9 7.2 7.9 G 13.4 18.2 13.3 15.2 10.1 14.9 5.8 17.7 9.8 18.6 11.2 11.1 H 4.2 4.8 4.4 5.6 4.5 4.2 2.3 5.1 5.4 3.5 3.2 4.9 I 16.4 11.2 22.2 5.2 8.3 6.7 11.3 12.0 30.4 12.3 16.0 6.2 J 1.2 2.7 3.7 3.6 1.8 2.6 1.6 2.7 4.6 K 1.0 2.1 2.0 1.8 1.0 1.4 1.3 1.2 1.4 0.5 1.1 0.5 0.6 1.2 4.1 3.4 3.9 4.2 3.4 L M 46 3.7 4.1 3.7 1.0 4.0 7.8 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Table 5 (Continued) N 9.7 5.9 O 1.2 3.2 P 1.7 3.0 Q 5.2 5.6 R 3.5 S 2.2 14.8 5.2 9.2 4.7 3.6 1.7 4.7 1.4 5.9 7.8 4.3 5.6 3.1 6.7 15.5 7.0 10.2 3.4 3.6 2.2 2.1 1.7 2.6 0.6 2.0 2.8 2.3 1.6 3.3 2.5 2.4 1.4 0.5 31.6 2.3 T U 4.1 5.4 4.3 4.5 12.0 9.4 4.9 3.2 4.9 4.3 6.7 12.8 9.8 5.4 6.1 9.6 9.9 6.5 1.6 3.3 2.5 3.2 2.3 0.1 Source: author’s calculations based on EU-LFS data. Note: NACE activities are: A – Agriculture, forestry and fishing; B- Mining and Quarrying; C – Manufacturing; D – Electricity; Gas, Steam, and Air Conditioning Supply; E – Water Supply, Sewerage, Waste Management and Remediation Activities; F – Construction; G – Wholesale and Retail Trade, Repair of Motor Vehicles and Motorcycles; H – Transportation and Storage; I – Accommodation and Food Service Activities; J – Information and Communication; K – Financial and Insurance Activities; L – Real Estate Activities; M – Professional, Scientific and Technical Activities; N – Administrative and Support Services; O – Public Administration and Defence, Compulsory Social Security; P – Education; Q – Human Health and Social Work Activities; R – Arts, Entertainment and Recreation; S – Other Service Activities; T – Activities of Households as Employers; U – Activities of Extraterritorial Organisations and Bodies. The data in Table 5 show that in Austria most immigrants had previously worked in construction, followed by accommodation and food services and manufacturing. For natives, manufacturing is also an economic activity that sheds a large labour force. This clearly indicates that manufacturing is undergoing restructuring and immigrants are not the ones who are particularly vulnerable in this economic activity. Construction is another segment heavily affected by the latest economic crisis and it is evident that in most of the analysed economies this has had a more severe impact on the immigrant population (Austria, France, Portugal and Italy). Accommodation and food services is one of the activities where immigrants also experienced higher percentage job losses in Portugal, Sweden and Denmark. It is interesting to note that in Italy the highest percentage of immigrants who lost jobs come from activities of households as employers. These findings once again confirm that immigrants frequently find jobs in economic sectors that are more prone to labour shedding during economic downturns. Once losing their jobs, immigrants may find it more difficult to find a new job, which is reflected in the different durations of job searching. Table 6 presents the structure of the immigrant and native population based on the duration of search, and only for those who have made the transition from employment to unemployment. Volume 7 | Issue 2 | 47 �Valerija Botric   Table 6: The Percentage of Immigrants and Natives Who Made the Transition from Employment to Unemployment According to the Duration of Unemployment, 2015 Country less than 6 months 6-11 months 1 year and longer I 68.2 29.4 2.5 Austria N 68.0 27.3 4.7 I 63.7 27.4 8.9 Denmark N 69.4 25.0 5.6 I 45.1 25.3 26.4 France N 46.5 29.4 18.4 I 51.3 36.0 12.7 Italy N 53.4 29.8 15.6 I 58.7 25.0 16.3 Portugal N 54.5 31.8 13.7 I 57.6 27.2 5.6 Sweden N 64.1 25.3 3.8 Source: author’s calculations based on EU-LFS data. The data in Table 6 reveal that natives are more likely to have shorter unemployment spells (Denmark, France, Italy and Sweden). France has the largest share of immigrants with long spells of unemployment, but the indicator for the native population is also the highest. Hence, although immigrants do encounter adverse labour market conditions, they do so along with the native population. Conclusions The recent economic crisis has had an adverse effect on the labour markets of European economies. Additionally, Europe has recently faced increased immigration flows. Both immigration and the crisis have exerted additional pressures on labour markets. The studies frequently indicate that, even without such pressures, immigrants fare worse on the labour markets of host countries than natives. This study re-examines this question for the period covering the most recent European history. The analysis in this paper focuses on differences in transitions from unemployment to employment, and employment to unemployment between native and immigrant populations in European economies during the 1998-2015 period. Transitions, 48 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   rather than outcomes, have been chosen for the analysis to avoid a discussion on different labour market participation motivation for subgroups of immigrant populations. Thus, the focus of the analysis is both on immigrants and natives who were participating in the labour market – either through employment or actively seeking employment. The analysis reveals that outcomes differ when it comes to transitions from unemployment to employment – in some countries/years the natives find proportionally more employment, while in others it is the immigrants. In most of the countries, however, immigrants are more likely to lose a job than natives. Similarly, in most countries, a connection can be made between crisis and increased job loss for natives. Immigrants are also more likely to experience adverse effects of the crisis, but the probability that they will lose a job is also higher in other periods. In addition to identifying the immigrant-native gap, the characteristics of individuals as potential contributors to the gap have been assessed. The results of this segment of the analysis show that similar characteristics exert a different influence on the differences in immigrant-native labour market transitions in the analysed countries. This finding supports previous claims in the literature that there is certain selfselection of immigrants into different host countries, according to different socioeconomic factors. While this has been previously established, we address this issue here in regard to the labour market. Since the heterogeneity of immigrants has been documented once more, this time focusing on a narrow segment of labour market transitions, it seems that calls for a unified approach to policy discussions that have been heard during the recent migrant wave in Europe might be displaced. The policies should also consider path dependency and adjust measures so as to be best suited for the population on their particular territory. The results do not claim that this is important for all segments of migration integration policies, but they do suggest that it is important for labour market integration, even for cases where migrants are already active on the host country labour market. The paper has documented the increased vulnerability of immigrants on the host markets of European countries. Yet, due to the period analysed, it has not fully captured the effect of the most recent increased immigration flows arriving into territories of the European economies. Future research efforts should be devoted to the importance of integrating these immigrants and a comparative analysis of the policy approaches undertaken by different countries in dealing with increased migratory pressures. Volume 7 | Issue 2 | 49 �Valerija Botric   References Aiyar, S., Barkbu, B., Batini, N., Berger, H. Detragiache, E., Dizioli, A., Ebeke, C., Lin, H., Kaltani, L, Sosa, S., Spilimbergo, A., & Topalova, P. (2016). The Refugee Surge in Europe: Economic Challenges, IMF Staff Discussion Note SDN/16/02, Retrieved from https://www.imf.org/external/pubs/ft/sdn/2016/sdn1602.pdf. Alarian, H.M. (2017). Citizenship in hard times: intra-EU naturalisation and the Euro crisis. Journal of Ethnic and Migration Studies, 43(13), 2149-2168. Åslund, O., & Rooth, D.O. (2007).Do when and where matter? Initial labour market conditions and immigrant earnings.Economic Journal, 117(518), 422-448. Barrett A., & Kelly, E. (2012).The impact of Ireland’s recession on the labour market outcomes of its immigrants. European Journal of Population, 28(1), 99-111. Bassanini, A., & Garnero, A. (2013). Dismissal protection and worker flows in OECD countries: Evidence from cross-country/cross-industry data. Labour Economics, 21(C), 25-41. Baudassé, T., & Bazillier, R. (2014). Gender Inequality and Emigration: Push Factor or Selection Process?. International Economics, 139(October), 19-47. Bernard, A., Bell, M., & Charles-Edwards, E. (2016). Internal migration age patterns and the transition to adulthood: Australia and Great Britain compared. Journal of Population Research, 33(2), 123-146. Blanchflower, D. G., & Shadforth, C. (2009). Fear, unemployment and migration. The Economic Journal, 119(535), F136-F182. Blume, K. Ejrnæs, M., Skyt Nielsen, H., & Würtz, A. (2009). Labor market transitions of immigrants with emphasis on marginalisation and self-employment. Journal of Population Economics, 22(4), 881-908. Borjas, G.J. (1992). Ethnic capital and intergenerational mobility. Quarterly Journal of Economics, 107(1), 123-150. Borjas, G. J. (1999). Immigration and Welfare Magnets. Journal of Labor Economics, 17 (4/1), 607-637. 50 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Borjas, G.J. (2001). Does immigration grease the wheels of the labor market?. Brookings Papers on Economic Activity,(1), 69-119. Bratsberg, B., Raaum, O., & Røed, K. (2018).Job Loss and Immigrant Labour Market Performance. Economica, 2018 (85), 124-151. Bruno, G., Marelli, E., & Signorelli, M. (2014).The Rise of NEET and Youth Unemployment in EU Regions after the Crisis. Comparative Economic Studies, 56(4), 592-615. Chapman, B.J., & Iredale, R.R. (1993). Immigrant Qualifications: Recognition and Relative Wage Outcomes. The International Migration Review, 27(2), 359-387. Chiswick, B.R. (1978). The effect of Americanization on the earnings of foreignborn men. Journal of Political Economy, 86(5), 897-921. Chiswick, B. R., Rebhun, U., & Beider, N. (2016).Linguistic and Economic Adjustment among Immigrants in Israel, IZA Discussion Paper Series, No. 10214.Retreived from: http://ftp.iza.org/dp10214.pdfhttp://ftp.iza.org/dp10214.pdf. Corluy, V., & Verbist, G. (2014). Can education bridge the gap? Education and the employment position of immigrants in Belgium. ImPRovE Discussion Paper No. 14/02. Antwerp: Retrieved from: http://www.centrumvoorsociaalbeleid.be/ImPRovE/Working%20Papers/ImPRovE %20WP%201402_1.pdf. Del Boca, D., & Venturini, A. (2016). Migration in Italy is backing the old age welfare. In M. Kahanec & K. F. Zimmermann (Eds.), Labor migration, EU enlargement, and the great recession(pp. 59-84). Berlin: Springer. De la Rica, S., & Polonyankina, T. (2013). The impact of Immigration on Occupational Specialisation among Natives in Spain: Does the Business Cycle Matter?. Revista de Economía Aplicada, 21(63), 51-74. Dustmann, C., & Frattini, T. (2011). Immigration: The European Experience. CReAM Discussion Paper No 22/11, Retrieved from http://www.ucl.ac.uk/~uctpb21/doc/CDP_22_11.pdf . Volume 7 | Issue 2 | 51 �Valerija Botric   Dustmann, C., Glitz, A., & Vogel, T. (2010). Employment, Wages and the Economic Cycle: Differences between Immigrants and Natives. European Economic Review, 54(1), 1-17. Elsner, B., & Zimmermann, K. F. (2016). 10 years after: EU enlargement, closed borders, and migration to Germany. In M. Kahanec & K. F. Zimmermann(Eds.), Labor migration, EU enlargement, and the great recession (pp. 85-102). Berlin: Springer. European Commission. (2016). Access to Confidential Data for Scientific Purposes (Scientific Use Files): Guidelines for Publication. European Union. (2016). Labour Market and Wage Developments in Europe: Annual Review 2016, Luxembourg: Publications Office of the European Union. Fairlie, R.W. (1999). The Absence of the African-American Owned Business: An Analysis of the Dynamics of Self-Employment. Journal of Labor Economics, 17(1), 80-108. Fairlie, R. W. (2005). An Extension of the Blinder-Oaxaca Decomposition Technique to Logit and Probit Models. Journal of Economic and Social Measurement, 30(4), 305-316. Farris, S.R. (2015). Migrants’ regular army of labour: gender dimensions of the impact of the global economic crisis on migrant labor in Western Europe, The Sociological Review, 63(1), 121-143. Ferrant, G., Loiseau, E., & Nowacka, K. (2014).The Role of Discriminatory Social Institutions in Female South‐South Migration. OECD Development Centre, Paris. Retrieved from https://www.oecd.org/dev/developmentgender/SIGI%20and%20Female%20Migration_final.pdf. Föbker, S., & Imani, D. (2017). The role of language skills in the settling-in process – experiences of highly skilled migrants’ accompanying partners in Germany and the UK. Journal of Ethnic and Migration Studies, 43(16), 2720-2737. Garda, P. (2016). The Ins and Outs of Employment in 25 OECD Countries, OECD Economics Department Working Papers No.1350, OECD Publishing, Paris. 52 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Ghosh, J. (2009). Migration and Gender Empowerment: Recent Trends and Emerging Issues. Human Development Research Paper 04, United Nations Development Programme, Human Development Report Office, New York. Giulietti, C., Guzi, M., Kahanec, M., & Zimmermann, K. F. (2013). Unemployment benefits and immigration: Evidence from the EU. International Journal of Manpower, 34(1), 24-38. Grigoleit-Richter, G. (2017). Highly skilled and highly mobile? Examining gendered and ethnicised labour market conditions for migrant women in STEM professions in Germany. Journal of Ethnic and Migration Studies, 43(16), 2738-2755. Grossman, J.B. (1982). The substitutability of natives and immigrants in production. Review of Economics and Statistics, 64(4), 596-603. Hatton, T.J., & Williamson, J.G. (2005). What fundamentals drive world migration?. In G. Borjas & J.Crips(Eds.),Poverty, International Migration and Asylum (pp. 15-38).UK: Palgrave-Macmillian for WIDER. Heath, A. F., Rothon, C., & Kilpi, E. (2008). The second generation in Western Europe: education, unemployment, and occupational attainment. Annual Review of Sociology, 34, 211-235. Jaeger, D.A. (2008). Green Cards and the Location Choices of Immigrants in the United States, 1971-2000. Research in Labor Economics, 27(1), 131-183. Kahanec, M., & Zaiceva, A. (2008). Labour Market Outcomes of Immigrants and Non-Citizens in the EU: An East-West comparison, IZA Discussion Paper No. 3420. Kahanec, M., Zimmermann, K. F., Kurekova, L., & Biavaschi, C. (2013). Labour migration from EaP countries to the EU – Assessment of costs and benefits and proposals for better labour market matching. IZA research report no. 56. Krings, T. (2009).A race to the bottom? Trade unions, EU enlargement and the free movement of labour. European Journal of Industrial Relations, 15(1), 49-69. Kogan, I. (2004).Last hired, first fired? The unemployment dynamics of male immigrants in Germany. European Sociological Review, 20(5), 445-461. Volume 7 | Issue 2 | 53 �Valerija Botric   Langevin, G., Masclet, D., Moizeau, F., & Peterle, E. (2013).Educational Attainment, Wages and Employment of Second-Generation Immigrants in France. Center for Research in Economics and Management, Working Paper 2013-27, Retrieved from http://perso.univrennes1.fr/david.masclet/Educational%20attainment%20.pdf . Marino, S., Penninx, R., & Roosblad, J. (2015). Trade unions, immigration and immigrants in Europe revisited: union’s attitudes and actions under new conditions. Comparative Migration Studies, 3(1), 1-16. McDonald, J.T., & Worswick, C. (1998). The earnings of immigrant men in Canada: job tenure, cohort, and macroeconomic conditions. Industrial and Labor Relations Review, 51(3), 465-482. Meardi, G. (2012). Union immobility? Trade unions and the freedoms of movement in the enlarged EU. British Journal of Industrial Relations, 50(1), 99-120. Peri, G., & Sparber, C. (2009).Task Specialization, Immigration, and Wages. American Economic Journal: Applied Economics, 1(3), 135-169. OECD/EuropeanUnion. (2015). Indicators of Immigrant Integration 2015: Settling In. Paris: OECD Publishing. O’Higgins, N. (2012). This Time It’s Different? Youth Labour Markets during ‘The Great Recession’. Comparative Economic Studies, 54(2), 395-412. Orrenius, P.M., & Zavodny, M. (2007). Does immigration affect wages? A look at occupation level evidence. Labour Economics, 14(5), 757-773. Ortega, F., & Peri, G. (2014). Openness and income: The roles of trade and migration. Journal of International Economics, 92(2), 231-251. Ortega, F., & Polavieja, J. G. (2012).Labour-Market Exposure as a Determinant of Attitudes toward Immigration. Labour Economics, 19(3), 298-311. Pischke, J.S., & Velling, J. (1997). Employment effects of immigration to Germany: An analysis based on local labor markets. The Review of Economics and Statistics, 79(4), 594-604. 54 Journal of Economic and Social Studies �Labour Market Transition Differences between Natives and Immigrants in EU Economies   Ritzen, J., & Kahanec, M. (2017).A Sustainable Immigration Policy for the EU.IZA Policy Paper No. 126. Rodríguez-Planas, N., & Nollenberger, N. (2016). Labor market integration of new immigrants in Spain, IZA Journal of Labor Policy, 5: 4.Retreived from https://doi.org/10.1186/s40173-016-0062-0. Senik, C., Stichnoth, H., & van der Straten, K. (2009). Immigration and Native’s Attitudes towards the Welfare State: Evidence from the European Social Survey. Social Indicators Research, 91(3), 345-370. Scheve, K., & Slaughter, M. (2001). Labor Market Competition and Individual Preferences over Immigration Policy. The Review of Economics and Statistics, 83(1), 133-145. Verdugo, G. (2016). Public housing magnets: public housing supply and immigrants’ location choices. Journal of Economic Geography, 16(1), 237-265. Volume 7 | Issue 2 | 55 � Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3745 Title A name given to the resource Labour Market Transition Differences between Natives and Immigrants in EU Economies Author Author Botrić, Valerija Abstract A summary of the resource. Abstract: The recent economic crisis has had an adverse effect on the labour markets of European economies and certain population groups have been disproportionally affected by it. Increased migration flows may very well have created further pressures on the labour markets of host countries. The focus of the analysis here is on differences in transitions from unemployment to employment and vice versa between native and immigrant populations in European economies during the 1998-2015 period. The analysis reveals different outcomes to transitions from unemployment to employment, where in certain countries and years, the unemployed natives find proportionally more jobs, while in other countries and years, it is the immigrants. In most of the countries, however, employed immigrants are more likely to lose a job than natives. In addition to identifying the immigrant-native gap, the characteristics of individuals as potential contributing factors to the gap have also been assessed. The results of this analysis show that similar individual characteristics exert a different influence on the immigrant-native gap in labour market outcomes in different countries. Thus, similar individual characteristics are rewarded differently in different countries, i.e., their labour markets. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Article PeerReviewed DOI Digital object identifier doi: "10.14706/JECOSS17723 " Identifier An unambiguous reference to the resource within a given context ISSN 1986-8499, H Social Sciences (General),HD Industries. Land use. Labor https://omeka.ibu.edu.ba/files/original/8dbf9cfbf5dc993d0e0ac30a004712d4.docx 13b3ea68948d9cd98a2f21c3998205db Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3779 Title A name given to the resource Bilingualism in Kuwait – a linguistic landscape approach Author Author Brdarević Čeljo, Amna Zolota, Sead Abstract A summary of the resource. Abstract: This paper examined the linguistic landscape of the Governorate of Farwaniya, the biggest governorate in the State of Kuwait, by means of public and private signs displayed in the city center and side streets. A corpus of 150 photos of diverse signs, both official and non-official, was collected, categorized, analyzed and discussed. The results point to an undeniable representation of the Arabic language in both public and private spheres of life as well as to a substantial presence of the English language on a wide range of signage therefore confirming the imprint the process of globalization has made on this EFL context. The findings also indicate that some other world languages, namely Bengali, Hindi, and Chinese, are represented in the linguistic landscape of Kuwait but rather poorly. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Article PeerReviewed Identifier An unambiguous reference to the resource within a given context ISSN 2566-4638 (In Press) P Philology. Linguistics,PA Classical philology https://omeka.ibu.edu.ba/files/original/c39d4fcf4127d4c98fe50761be78b4e5.pdf f9a3edaf624ec2bf00cc0d37b8a9e78b PDF Text Text     Journal of Economic and Social Studies Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia Snježana Brkić School of Economics and Business University of Sarajevo snjezana.brkic@efsa.unsa.ba Abstract: The paper focuses primarily on intra-industry trade (IIT) which is researched in the context of country-specific characteristics. A three-decade-long academic research of IIT phenomena suggests that IIT is likely to be more intensive and mostly of horizontal type between countries that are at a similar stage of economic development, with the same level of trade openness and with intensive and significantly liberalized mutual trade. Geographical proximity of countries, especially their common border, as well as their similarities in some non-economic characteristics such as history, culture, language, also contribute to IIT intensity. Bosnia and Herzegovina (BH) and Croatia match most of Keywords:  : Intra-Industry Trade (IIT), Grubel-Lloyd Index (G-L Index), Country Characteristics, Bosnia and Herzegovina (BH), Croatia JEL Classification: F10, F14, F15 Article History Submitted: 11.9.2017 Resubmitted: 20.4.2018 Accepted: 26.7.2018 these criteria for intensive and increasing IIT. The aim of the research is to check aforementioned thesis on IIT on a case study of BH in its trade with Croatia over the period from 2003 till 2016. Research is focused http://dx.doi.org/10.14706/JECO SS17726 on IIT characteristics – intensity, trend and structure, both at aggregate level (based on calculating corrected and uncorrected Grubel-Lloyd indices) and at division level of Standard International Trade Classification – SITC (based on calculating standard Grubel-Lloyd index and relative unit values of export and import). The research findings indicate a continuously rising, although lower than expected, intensity of IIT, taking into account similarities between given countries in comparison with other important trading partners of BH and taking into account a high level of data aggregation. In BH trade with Croatia inter-industry trade still prevails while high intensive IIT appears in a very low number of product groups, coupled with the dominance of vertical IIT. However,at the same time a growing trend and a significant increase of IIT intensity in trade with Croatia have been identified. Volume 7 | Issue 2 | 100 �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   Introduction Empirical research into intra-industry trade (IIT) of a series of countries indicates the existence of a significant IIT share and a greater presence of the horizontal type of IIT in the mutual trade between countries with similar economic and non-economic characteristics. The dominant IIT, mostly of horizontal type, is more likely to develop between countries that are geographically close (particularly the neighboring ones), and that are similar by size, economic development, trade openness, culture and language, and have the common history, countries that intensively trade with each other and belong to the same economic integration. The aim of the paper is to establish whether the intensity and structure of IIT between Bosnia and Herzegovina (BH) and Croatia develop in line with the theoretical hypotheses and empirical findings on IIT between countries of given characteristics. Upon comparing economic and other characteristics of the two countries, the research focuses on measuring the share of BH IIT at an aggregate level and determining the trend of IIT in BH trade with the world, Croatia and other significant trading partners. The last section of research pertains to measuring the IIT intensity in the BH trade with Croatia by industries, in order to determine the number of product groups where IIT prevails, and a more common IIT type having in mind the product differentiation (vertical or horizontal). The IIT analysis is based on the calculation of aggregate Grubel-Lloyd indices, both uncorrected and corrected for trade imbalance, and Grubel-Lloyd indices at the industry level. For the purpose of this research the industry, i.e. the product group has been defined at the level of divisions of the Standard International Trade Classification (SITC) rev. 3, i.e. at a two-digit aggregation level 1 , and IIT was measured based on the data by industries which registered exports and /or imports in BH trade with Croatia over the observed period. The observed time period covers fourteen years, from 2003 to 2016. It is the longest period with available data at a two-digit SITC level for BH from an unique national source and with a satisfactory degree of reliability.2 This period can be divided into two parts: the period of free trade between the observed countries from 2003 to 2013, and the period from 2014 to 2016, when the degree of liberalization was taken back to a lower level due to Croatia’s accession to the European Union (EU). Volume 7 | Issue 2 | 101 �Snježana Brkić   Literature Review As opposed from the inter-industry trade which implies trade in products of different industries and which is still the prevailing trade type in the structure of international trade flows, intra-industry trade (IIT) is a kind of trade where products of the same classification are simultaneously found in the structure of exports and structure of imports of the trading countries. In simpler terms, IIT is the international trade of products within the same industry. Probably the shortest, although comprehensive enough definition says that IIT is a two-way trade in products related in demand and/or supply (Brkić, 2012). The explanation of the IIT phenomenon is based on a few theoretical concepts and models, primarily those included in the modern theory of international trade and based on imperfect competition, increasing returns and product differentiation. Germs of the contemporary explanation of IIT are already found in the first modern theories of international trade – Linder’s concept of demand similarity (1961) and Vernon’s theory of product life cycle (1966). The first “true” IIT models based on increasing returns and product differentiation were constructed by Krugman (1979) and Lancaster (1980). The development of IIT model has led to the differentiation between its horizontal and vertical component. The theoretical basis of horizontal IIT was developed in models by Lancaster (1980), Krugman (1981), Helpman (1981, 1987), Eaton and Kierzkowski (1984), and Bergstrand (1990), while the theoretical basis of vertical IIT type rests upon papers published by Falvey (1981), Shaked and Sutton (1984), Falvey and Kierzkowski (1987), and Flam and Helpman (1987). Research into the factors affecting IIT resulted in distinguishing IIT determinants related to country characteristics (general and specific) on the one hand, and IIT determinants related to industry characteristics on the other. The most common general country characteristics include: size, economic development level, geographic distance, trade barriers/degree of openness and trade intensity. Specific country characteristics may include: common border, membership in same economic integrations, similarity of culture and language, political ties, common history, etc. One of the first theoretical concepts to implicitly offer the explanation of IIT phenomenon based on country characteristics was developed by Linder (1961), who introduced the hypothesis of similarity of demand. Some twenty years later, Linder’s thesis was to be elaborated by Krugman (1980), and Helpman and Krugman (1985); their papers led to a few claims about the determining role of country characteristics. In a few papers of the 1980s3, Balassa highlighted the importance of countries’ size and their mutual geographical distance for all types of international trade. Falvey 102 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   (1981) and Falvey and Kierzkowski (1987), and then Davis (1995) as well developed concepts that relate IIT with factor endowment, which had previously been exclusively considered as an inter-industry trade determinant. Leamer (1988) and later Harrigan (1994, 1996) related IIT with policies, pointing to the significance of market openness for the growth of international trade in general, and IIT in particular. Numerous empirical studies also dealt with studying the correlation between IIT and trade policy such as Pagoulatos and Sorensen (1975), Loertscher and Wolter (1980), Caves, (1981), Bergstrand (1983, 1989, 1990), Havrylyshyn and Civan (1983), Balassa (1967, 1986c) Balassa and Bauwens (1987), Torstensson (1996), Sharma (2000, 2002, 2004), Lee and Sohn (2005), Veeramani (2009), and others. Most researchers reached the identical conclusion that IIT intensity inversely varies compared to the level of trade restrictions. Trade liberalization between trading countries in general, and particularly within higher degrees of economic integration, is a significant determinant of IIT. Experiences of developed economic integrations in the world, particularly of the EU point to the conclusion that economic integration leads to an increase in intra-, rather than interindustry trade. The reason includes greater possibilities for production and trade in differentiated products. The positive effect of regional economic integration on IIT was determined in a number of studies: Balassa (1966, 1979); Grubel and Lloyd (1975); Drabek and Greenaway (1984); Balassa and Bauwens (1987); Greenaway (1987); Havrylyshyn and Kunzel (1997); Matthews (1998); Manger (2015); and others. A special interest of IIT researchers, starting from the already mentioned Balassa, was aroused by the size and economic development of trading countries. According to Lancaster (1980) and Bergstrand (1990), the larger the market size, the more space there is for product differentiation and a greater import demand for differentiated products, and the market size is therefore expected to be in the positive correlation with IIT. Krugman (1979, 1980), and Helpman and Krugman (1985) find arguments in the fact that a larger market presents a greater possibility for achieving the economy of scale, which leads to a greater IIT. In empirical literature there are a number of confirmations of the hypothesis on the impact of average size of trading countries on IIT, starting from Balassa and Bauwens (1987), Bergstrand (1990), Guell and Richards (1998) to more recent research by Durkin and Krygier (2000), Kandogan (2003) and others. In the context of these considerations, one can expect a greater IIT between countries of similar economic size. Due to the similarity in the level of economic development between countries, which is typically expressed through the similarity in the level of income p/c, one can also expect a greater intensity of mutual IIT, which was established in the studies by Balassa and Bauwens Volume 7 | Issue 2 | 103 �Snježana Brkić   (1987), Bergstrand (1990), Stone and Lee (1995), Nilsson (1999), etc. Similarity in the level of economic development between countries indicates the similarity in their ability to manufacture differentiated products and similarity in the size and pattern of their demand for differentiated products. Certain studies focused on the correlation between geography and IIT showed that an increase in distance leads to a decrease in IIT far faster than in inter-industry trade since, besides transport costs, some other factors such as the availability of product information, which decreases as the distance increases, are also of a great significance for the former trade type.4 Strong empirical evidence of IIT dependence on geography can be found in literature – in papers by Loertscher and Wolter (1980), Bergstrand (1983), Balassa (1986b), Balassa and Bauwens (1987), Culem and Lundberg (1986), Hummels and Levinson (1995), Stone and Lee (1995), Amiti and Venables (2002), Venables, Rice and Stewart (2003), Jambor and Torok (2013), etc. Historical, political and cultural ties are also significant for a decrease in the so-called unfamiliarity costs in international trade, and thus for an increase in the IIT share. Rauch (1999) stressed the significance of ethnic ties in international trade, particularly in the trade in differentiated products, which are frequently subjects of greater IIT. Finally, IIT intensity is also affected by trade intensity which measures the volume of trading between countries. If two countries mutually trade to a significant degree, it is more likely that, due to the spurred specialization, the share of differentiated industrial products in the trade, and thus the trade overlap, will grow. Together with the development of theoretical explanation and modeling of IIT, ways of its measurement were developed. A number of authors proposed different measures of IIT intensity, change and structure: from static ones, such as the initial Grubel-Lloyd index (Grubel and Lloyd, 1971, 1975), which evolved further and reached its aggregate form and the form corrected for the impact of trade imbalance, alternative indices created by Aquino (1978), Loertscher and Wolter (1980), Glejser, Gossens and Eede (1982), to indices expressing change in IIT that can be considered dynamic, such as Hamilton-Kniest index (1991), and marginal IIT index (Brülhart, 1994). 104 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   Applied Methodology Values of the individual IIT indices were calculated, expressed and interpreted either for each year of the period and/or as an average for the entire observed period and/or for the selected years of the period. Measuring the IIT share by countries (for all industries in total and for manufacturing industry in particular) used the aggregate Grubel-Lloyd index (G-L index) first in its uncorrected form: ∑ (Χ + Μ ) − ∑ Χ − Μ = ∑ (Χ + Μ ) i Βj i i i i 0 ≤ Bj ≤ 1 i i i (1) i Bj – aggregate G-L index for a given country „j”, i.e. the IIT share; Xi – exports of industry „i” from a given country; Mi – imports of industry „i”from a given country; i = 1,..., n – the number of industries. Since IIT measurement using the aggregate G-L index is affected by the size of trade imbalance between partners (Grubel and Lloyd, 1975) in the direction of IIT underestimation, corrected G-L indices were calculated in the same time. Cj = ∑ (X i ∑ (X i i + Mi )− ∑ Xi − Mi i + Mi )− i ∑ X − ∑M i i 0 ≤ Cj ≤1 (2) i i Measurement and comparison of IIT share by industries used the standard GrubelLloyd index (Grubel and Lloyd, 1975). Bi = (X i + M i ) − Xi − Mi Xi + Mi 0 ≤ Bi ≤ 1 (3) (4) for X i = 0 ili M i = 0 ⇒ X i − M i = ( X i + M i ) ⇒ Bi = 0 (5) Volume 7 | Issue 2 | 105 �Snježana Brkić   for X i = M i ⇒ X i − M i = 0 ⇒ (X i + M i ) − 0 Xi + Mi = 1 ⇒ Bi = 1 (6) If the index value equals 1, it means that there is a total overlap between exports and imports of the given industry, and that the entire trade in industry “i” is of intraindustry type. If the value of index is 0, foreign trade of industry “i” is entirely the inter-industry trade. For most product groups, the value of G-L index is between the two extreme values. Values of IIT index can be classified into four categories, which facilitates the interpretation of research results (Brkić, 2012): - Bi ∈ [0.00; 0.25] – value of G-L index in this interval indicates strong interindustry tendencies; - Bi ∈ [0.26; 0.50] – value of G-L index in this interval means the existence of weak inter-industry tendencies; - Bi ∈ [0.51; 0.75] – value of G-L index in this interval reflects the dominant IIT, though relatively weaker intra-industry tendencies; - Bi ∈ [0.76; 1.00] – value of G-L index in this interval signifies the existence of prominent dominance of IIT. Industries where vertical or horizontal IIT respectively prevails were identified using the most frequently applied methodology in the empirical literature on IIT, which was developed by Greenaway, Hine and Milner (1995). The methodology is based on the assumption that the relative gap between unit values of exports and imports reflects the difference in the quality of products traded between two countries. UV X UV M HIIT : RUV ∈ [(1 − α ), (1 + α )] VIIT : RUV ∈ [(1 + α ),+∞] or RUV ∈ [0, (1 − α )] RUV = (7) (8) (9) UVX – unit value of exports; UVM – unit value of imports; α – arbitrarily fixed dispersion factor ( = 0.15). Horizontal IIT exists if the ratio between unit values of exports and imports (the relative unit value – RUV) ranges in the interval from 0.85 to 1.15. If the relative unit value is beyond this interval, the trade is identified as vertical IIT: vertical IIT in higher-quality products in case the ratio exceeds 1.15 (which means that quality of exports is higher than that of imports) or vertical IIT in lower-quality products in case the ratio is below 0.85 (which means that quality of exports is lower than that of imports). 106 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   Comparison of the size of observed countries used data on annual nominal GDP expressed by current prices in US dollars (USD), and the estimates of economic development used data on GDP per capita in US dollars, from a single source for the entire period – World Economic Outlook Database by the International Monetary Fund (IMF, 2017). The trade intensity was calculated as the share of partner country’s market in the overall foreign trade of the observed country. TI = X j +Mj ∑ X j + ∑M j (10) TI – trade intensity; Xj – exports of a given country to country „j”; Mj – imports of a given country from country „j”; ∑Xj – total exports of a given country; ∑Mj – total imports of a given country; In economic studies, geographical distance is very often expressed as a direct straightline distance in kilometers between capitals of the observed pair of countries, which was used in this research as well. The distance between the BH capital and capitals of its trading partners indirectly “measures” the effects of transport, transaction and information costs on trade, and on the IIT share. Data Analysis and Results Country Characteristics The analysis of geographic orientation and the volume of export and import flows of BH reveals that the trade between Croatia and BH is particularly intensive in the entire period. In the absolute expression, exports gradually grew, and in 2016 were twice as great as in the beginning of the observed period. Imports from Croatia grew until 2008, when it began to decrease gradually (Appendix Table 7). Croatia is the most significant BH trading partner, extremely important both as an export destination and as a country of import origin. The average share of Croatia in the foreign trade with BH, i.e. the average intensity of BH trade with Croatia in the observed period amounts to 15.34%. Almost over the whole period (until 2014) Croatia was ranked first by its significance for BH imports, although the share of Croatia began to decrease more significantly after 2009 (e.g. from 18.28% in 2009 to 14.44% in 2012, and 10.02% in 2016) (Appendix Table 3). Croatia is also very significant for BH as an export market. Over the first seven years of the observed period Croatia absorbed BH exports more than any other country, and from 2010 it Volume 7 | Issue 2 | 107 �Snježana Brkić   was mostly ranked second, after Germany. On the other hand, BH was a significant export destination for Croatia as well – the average share of BH in Croatian exports amounts to 13.5%, which ranks BH second, after Italy (Appendix Table 4). The significance of exports from BH for Croatia is far smaller – the average share of BH in Croatian imports is only about 3.1%; however, BH is still among the “top ten” countries of origin in Croatian imports over the most part of the analyzed period, and the first among CEFTA countries which Croatia imports from. Geographic proximity and common border of the observed countries undeniable contribute to mutual trade. For BH, Croatia is the second closest trading partner (after Serbia 5 ) – distance between Sarajevo and Zagreb equals 291 km (CEPII, 2013). Both countries have the longest shared land border compared to borders with other neighboring countries: the border between BH and Croatia is over a half (61%) length of the entire BH border – it is as much as 931 km long6 out of 1,537 km in total (Federal Ministry of Environment and Tourism, 2017). The length of Croatian land border equals 2,374.9 km; the length of border with BH is almost twice as long as the border with the other Croatia’s neighbor, Slovenia (Croatian Bureau of Statistics, 2015). The common state in the past, special political ties and a similar language and culture are essential determinants of the overall economic, and therefore trade relations between BH and Croatia. The common state and the single market have existed in these regions for over 70 years – roots of the common state date back as early as to the First World War. Countries that used to be in the common state for a few decades inevitably share a number of economic, cultural, ethnic and other features and ties, significant for mutual trade in general, and for IIT in particular. Two decades ago they had the same official language (Serbocroatian), and the present Croatian language, which is the official language in the Republic of Croatia is also one of the official languages in BH, since Croats are one of the three constituent ethnic groups of BH. The described elements – common state in the past, geographic proximity and common border, and political and cultural ties between the two countries – are certainly significant for the mutual trade, as well as significant prerequisites for closer economic integration. The history of trade liberalization between BH and Croatia, as two sovereign states, is almost two decades long. The first free trade agreement signed by independent BH in March 1995 was an agreement with the Republic of Croatia. This agreement was valid for the following six years, when it was replaced by a new one, made under the auspices of the Stability Pact for Southeastern Europe, and within a network of bilateral free trade agreements in the region. The new 108 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   agreement which established a bilateral free trade area between BH and Croatia was in force from 1 January 2001 to the point when the two countries became members of the regional free trade area, the so-called CEFTA 2006 (The Central European Free Trade Agreement), which further improved free trade.7 The early trade liberalization in the relations between the two countries (from 1995, i.e. 2001), the two decades of the existence of a free trade area between the two countries, together with the significant unilateral opening of BH toward the world in general (over a few years, BH foreign trade coefficient ranged from 84 to 93%8) points to a potential for a high IIT share in their mutual trade. In the period from 2001 to mid-2013, when Croatia became the EU member-state, the two countries had the mutual duty-free trade, without quantitative restrictions and other measures of equivalent effect, which primarily resulted from the bilateral free trade agreement and, from 2007, from the creation of the regional free trade area. Since 2013, some trade restrictions in bilateral trade were re-introduced or increased due to Croatia’s withdrawal from CEFTA in 2006; however, the mutual trade is still liberal to a high degree. Measured by the nominal gross domestic product (GDP), Croatia is a three times economically larger country than BH.9 In the context of IIT analysis, this difference in the economic size could result in a lower intensity of BH IIT with Croatia than in the case of countries of approximately same size. However, it should be noted that the other significant BH trading partners, in economic terms, are countries far larger than BH – Slovenia and Serbia, same as Croatia, have two to three times larger economies than BH, while the differences in the size of BH and other trading partners are extremely great (Appendix Table 1). BH and Croatia also reveal a certain difference in the level of economic development, although not to the degree to which the two countries differ from their significant trading partners from the EU. Croatia had almost three times higher GDP per capita (p/c) than BH over the entire observed period.10 The average GDP p/c amounted to USD 3,970.6 for BH and USD 12,469.1 for Croatia while, for instance, the average GDP p/c of Germany and Austria amounted to USD 41,478.6 and USD 45,020.81 respectively. (Appendix, Table 2) If we compare gross national product (GNI), or GNP p/c calculated according to the World Bank Atlas method, we will see that both countries belong to the group of upper middle income countries11, although Croatia, as opposed to BH is on the upper limit of the interval in the group (World Bank, 2016). Volume 7 | Issue 2 | 109 �Snježana Brkić   Intensity and Trend of Bilateral Intra-Industry Trade The largest part of trade in goods between BH and Croatia is of the inter-industry character, while approximately 37% (0.37) on average is the IIT. The average share of IIT in the trade between BH and Croatia is lower than the average IIT share in the BH overall trade, which amounts to 45% (Appendix, Table 5). According to the average IIT intensity measured in the period 2003-2016, Croatia is ranked fourth among the most significant BH trading partners, after Serbia 12 (0.42), Slovenia (0.39) and Italy (0.38), and before Austria (0.34) and Germany (0.31) (Appendix, Table 6). IIT indices in BH trade with larger trading partners over the past few years were fairly uniform, except for a significant increase of IIT with Austria. Figure 1: Trend of Intra-Industry Trade of BH with Croatia (G-L Index) 0.70 0.60 0.50 0.40 0.30 0.20 0.10 0.00 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 IIT - all industries (SITC 0-9) IIT - manufacturing (SITC 5-8) Source: Author's own work based on data of Agency for Statistics of BH (2017) However, over the entire observed period, IIT index in the trade with Croatia showed a moderately increasing trend (except in 2011, when a sharp decrease of a few percentage points was registered), and significantly increased compared to the beginning of the period. (Figure 1) From the level of 0.25 in 2003, IIT index reached the level of 0.45 in the last three years, and thus surpassed all the other trading partners except Austria (Appendix, Table 6). IIT indices in the manufacturing industry products show even more prominent rising trend, particularly after 2011. The analysis of the manufacturing industry only (sectors SITC 5-8) reveals that the share of BH IIT with Croatia is by 10 percentage points higher – 0.47 on average 110 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   over the observed period, which is expected due to a few times empirically proven claim that IIT is larger in the trade of manufacturing industry products than in the products of resource-based industries or in agricultural products. Both in the case of the index of BH IIT with Croatia by years and as an average for a given period, both for all industries and for manufacturing industry only, the prevalence of inter-industry trade is always evident. The situation changes only if the standard aggregate G-L index is replaced with the index corrected for trade imbalance – the IIT index value then enters the zone of weaker intra-industry tendencies. Since it has been proven that trade imbalance results in the underestimate of the IIT degree calculated using the G-L index, and that in its trade with Croatia BH registers a significant trade deficit every year (BH imports from Croatia exceeded BH exports to the country for a number of years13), it is reasonable to assume a negative impact of trade imbalance on the measured IIT share. Compared to other significant BH trading partners, the use of correction for trade imbalance is most justified in case of its trade with Croatia. Although Croatia is the most significant foreign trade partner of BH, it is in the trade with this country that almost the lowest import coverage by exports is registered compared to the other significant partners 14 . After 2010 15 , import coverage by exports with Croatia mostly ranged between 52 and 55% (except for 60% in 2016)16, as opposed to the trade with Austria, where it amounted to over 90% in the same period (even to 142% in 2014), with Slovenia also over 90% after 2012 (97% in 2015), with Germany and Italy to over 70% (MOFTER, 2011, 2013, 2015, 2016, 2017)17. The repeated measurement of IIT with correcting the trade imbalance (using the socalled corrected or adjusted G-L index at the aggregate level) resulted in indices that were by 14-25 percentage points higher and that, except in 2006, entered the area of dominant (though less intensive) IIT. The average of corrected G-L index for the observed period amounted to 0.5718 (Table 1). Table 1: Intra-Industry Trade of BH with Croatia IIT Share 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Aver. Standard 0.25 0.26 0.31 0.29 0.31 0.33 0.37 0.45 0.40 0.43 0.43 0.45 0.45 0.45 0.37 G-L index Corrected 0.57 0.50 0.53 0.43 0.51 0.56 0.62 0.66 0.58 0.62 0.57 0.66 0.62 0.60 0.57 G-L index Source: Author's own work based on data of Agency for Statistics of BH (2017) Volume 7 | Issue 2 | 111 �Snježana Brkić   In the period after Croatia’s accession to the EU, which implied a somewhat changed foreign trade regime, no significant changes regarding the IIT index were observed. In 2014, the increasing trend of IIT continued, while by 2016 stagnation in the overall IIT and a slight increase (1-2 percentage points) of the manufacturing industry IIT were observed. IIT analysis by industries defined as SITC divisions showed the dominance of interindustry trade in over two-thirds of the total number of industries which registered trade with Croatia. However, the number of industries with very low G-L indices 0≤GL≤0.25 (industries with prominent dominance of inter-industry trade) significantly decreased over the observed period, while the number of industries in the category of highest G-L indices (extremely intensive IIT) slightly increased (Figure 2). Figure 2: Number of Product Groups by G-L Index 40 35 30 25 20 15 10 5 0 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 0.00-0.25 0.26-0.50 0.51-0.75 0.76-1.00 Source: Author's own work based on data of Agency for Statistics of BH (2017) Generally viewed, the number of industries where IIT prevails (GL>0.50) gradually increased. In 2003, it amounted to 19, while over the last few years (starting from 2009) it ranged in the interval between 24 and 28. Besides, after 2009 the number of industries in the category with lowest G-L indices (0≤GL≤0.10) – decreased significantly – from 20 product groups in the beginning of the period to 12 at the end of the period (Appendix, Table 8). The analysis of relative unit values of exports and imports for the purpose of differentiating vertical from horizontal IIT revealed a weak presence of horizontal IIT, which serves as an indicator of convergence of the observed economies. 112 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   Horizontal IIT was observed in a small number of industries – the number mostly ranged between 7 and 10 industries out of total 63-6519, except in 2013 and 2014, when it increased to 14 and 15 industries respectively (Table 2). Table 2: Number of Product Groups, by Dominant IIT Type IIT type HIIT VIITh VIITl noRUV20 Total Number of Product Groups 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 7 13 10 9 7 11 6 8 8 9 14 15 9 10 17 14 6 16 10 9 14 12 12 12 9 9 13 10 35 35 43 36 44 42 40 40 41 40 37 34 35 38 4 3 5 3 3 2 3 4 3 2 5 6 6 5 63 65 64 64 64 64 63 64 64 63 65 64 63 63 Legend: HIIT – horizontal IIT; VIITh – vertical IIT with high quality export of BH; VIITl – vertical IIT with low quality export of BH; RUV – relative unit value; Source: Author's own work based on data of Agency for Statistics of BH (2017) In more than ¾ of the total number of industries which BH and Croatia trade in, the vertical type of IIT is encountered, mostly with exports of lower-quality products from BH. This phenomenon typically occurs in the trade of countries which differ by size and development more than BH and Croatia do. Discussion and Policy Implications In general, the paper contributes to empirical research of IIT in transition countries, especially because of its focus on South East European countries – research of IIT of these countries still are lacked in the empirical literature. More concretely, the research results are of a special interest for BH in the context of the country's trade relations with its main trading partners and the future EU membership. Results of analysis of IIT trend and pattern serve both as an indicator of sectoral similarity of observed economies and for approximation of intensity of factor-market adjustment pressures caused by trade expansion and economic integration. The research indicates a continuous growth in IIT between BH and Croatia suggesting the process of structural converegence – given economies have become more similar in terms of their sectoral structure. However, the observed relatively low intensity of IIT associated with prevalence of vertical IIT with BH low quality exports indicates weaker structural convergence than expected in case of similar countries. More quality advantages of Croatia suggest the need to develop sectoral policies in BH aiming at increase in product quality level and technological intensity. Among others, attracting of foreign direct investment to BH manufacturing sector could contribute to reduction in quality and technological differences between countries and changing trade structure toward horizontal IIT. Adequate sectoral Volume 7 | Issue 2 | 113 �Snježana Brkić   policies will lead to catching-up not only with Croatia than also with some other EU members that are more different from BH in terms of their size, income per capita and other characteristics. Because of less mobile production factors within vertical differentiated industries than in horizontal ones (Brülhart and Elliott, 2002), dominancy of vertical IIT does not speak in favor of so called “smoothy-adjustment hypothesis”21. In case of a deeper economic integration it is expected that vertical IIT will have more implications on adjustment process in terms of higher economic and social costs. Conclusion Based on the three-decade-long theoretical and empirical research into IIT, certain regularities were observed regarding relationship between some country characteristics and this phenomenon. In general, the literature indicates that similarity between countries in size and level of economic development, intensive mutual trading, geographic proximity, existence of common border, economic integration, as well as similarity of culture and language, result in greater mutual IIT, particularly of horizontal type (Brkić, 2012). The analysis of IIT of BH with Croatia for the period 2003-2016 revealed a trade pattern which is not fully consistent with the described theoretical theses on IIT between countries with given characteristics. This is a case of neighboring countries with strong mutual historical, economic, political and cultural ties, countries which were tied with a free trade agreement for two decades, seven years out of which within the same regional integration, due to which they have been intensely trading with each other for a long period of time, and transition countries with no significantly different macroeconomic performance. Therefore, the existence of intensive and growing mutual IIT was assumed compared to IIT with other significant trading partners (except for Serbia, which also has a few similarities to BH), with a greater presence of horizontal IIT. However, the research identified BH foreign trade with Croatia as primarily interindustry one, both at the aggregate and sectoral level (in most industries that register the mutual trade), except in the analysis of manufacturing industry only over the last four years. In the same time, most industries showed the dominant vertical type of IIT. The measured IIT shares in the trade with Croatia become more significant when compared with IIT shares in BH trade with other important trading partners and with the world, as well as in case of index correction for trade imbalance. Actually, the dominance of inter-industry trade was also discovered in BH trade with other important partners, with IIT indices in the trade with Croatia being among 114 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   the highest (after Austria) over the last few years, due to the continuously rising trend. The explanation of a lower IIT level with Croatia than expected is also helped by the existence of prominent bilateral trade imbalance. The use of corrected IIT indices at the aggregate level identified a turning point in the direction of slight IIT dominance in BH trade with Croatia since 2007. The used methodology does not allow the determination of the impact of individual characteristics of given countries on their mutual IIT. However, if we understand IIT as an indicator of an economy’s competitiveness and its convergence with other countries’ economies, an explanation of what seems to be an insufficient consistency between empirical findings and the theoretical assumption on IIT of countries with certain characteristics, could be probably found in unsatisfactory competitiveness of BH economy in general and its insufficient convergence with Croatian economy in particular. References Agency for Statistics of BH (2017). Statistic database. Retrieved from http://www.bhas.gov.ba/index.php?option=com_publikacija&view=publikacija_preg led&ids=2&id=7&n=Vanjska%20trgovina Amiti, M. & Anthony J. V. (2002). The Geography of Intra-Industry Trade. In: Lloyd, P. J. & Lee, H.-H. (Eds.). (2002). Frontiers of Research in Intra-Industry Trade. Hampshire and New York: Palgrave Macmillan Ltd., 87-106 Aquino, A. (1978). Intra-Industry Trade and Intra-Industry Specialisation as Concurrent Sources of International Trade in Manufactures. Tübingen. Weltwirtschaftliches Archiv, 114(2), 275-295 Balassa, B. (1966). Tariff Reductions and Trade in Manufactures among Industrial Countries. American Economic Review, 56 (June), 466-473 Balassa, B. (1967). Trade Liberalization among Industrial Countries: Objectives and Alternatives. New York: McGraw-Hill Balassa, B. (1979). Intra-Industry Trade and Integration of Developing Countries in the World Economy. World Bank Staff Working Paper, 312 Balassa, B. (1986a). Intra-Industry Specialisation: A Cross-Country Analysis. European Economic Review, 30, 27-42 Volume 7 | Issue 2 | 115 �Snježana Brkić   Balassa, B. (1986b). IIT among Exporters of Manufactured Goods. In: Greenaway, D. &. Tharakan P. K. M. (Eds.). (1986). Imperfect Competition and International Trade. Brighton: Wheatshef Balassa, B. (1986c). The Determinants of Intra-Industry Specialization in United States Trade. Oxford Economic Papers. New Series, 38(2), 220-233 Balassa, B. & Bauwens, L. (1987). Intra-Industry Specialisation in a Multi-Country and Multi-Industry Framework. The Economic Journal, 97, 923-939 Bergstrand, J. H. (1983). Measurement and Determinants of Intra-Industry International Trade. In: Tharakan, P. K. M. (Ed.). (1983). Intra-Industry Trade: Empirical and Methodological Aspects. Amsterdam: Elsevier Science Publisher, 202235 Bergstrand, J. H. (1989). The Generalized Gravity Equation, Monopolistic Competition, and the Factor-Proportions Theory in International Trade. Review of Economics and Statistics, 71, 143-153, DOI: 10.2307/1928061 Bergstrand, J. H. (1990). The Heckscher-Ohlin-Samuelson Model, the Linder Hypothesis and the Determinants of Bilateral Intra-Industry Trade. The Economic Journal, 100 Brkić, S. (2012). Intra-industry Trade: Theoretical and Empirical Aspects. Sarajevo: School of Economics and Business University of Sarajevo Brkić, S. (2010). Determination of Intra-Industry Trade: Impact of CountrySpecific Characteristics. Sarajevo Business and Economics Review, 30, 516-541 Brülhart, M. (1994). Marginal Intra-Industry Trade: Measurement and Relevance for Pattern of Industrial Adjustment. Tübingen: Weltwirtschaftliches Archiv, 130(3), 600-613 Brülhart, M. (2008). An Account of Global Intra-Industry Trade, 1962-2006. Research Paper Series on Globalization, Productivity and Technology, 2008/08, Nottingham: University of Nottingham 116 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   Brülhart, M. & Elliott, R. J. R. (1998). Adjustment to the European Single Market: Inferences from Intra-Industry Trade Patterns. Journal of Economic Studies, 25(3), 225-247 Brülhart, M. & Elliott, R. J. R. (2002). Labour-Market Effects of Intra-Industry Trade: Evidence for the United Kingdom. Weltwirtschaftliches Archiv, 138(2), 207– 228 Caves, R. E. (1981). Intra-Industry Trade and Market Structure in the Industrial Countries. Oxford Economic Papers, 33(2), 203-223 Centre d’études prospectives et d’informations internationales – CEPII. (2013). Distance Database. Retrieved from http://www.cepii.fr/anglaisgraph/bdd/distances.htm Croatian Bureau of Statistics. (2015). Statistical Yearbook 2015. Retrieved from https://www.dzs.hr/hrv_eng/ljetopis/2015/sljh2015.pdf Croatian Bureau of Statistics. (2016). PC-Axis Database: Foreign Trade in Goods 2010-2012 and 2013-2016. Retrieved from https://www.dzs.hr/default.htm Culem, C. G. & Lundberg, L. (1986). The Product Pattern of Intra-Industry Trade: Stability among Countries and Over Time. Review of World Economics,12(1), 113130 Davis, D. R. (1995). Intra-Industry Trade: A Heckscher-Ohlin-Ricardo Approach. Journal of International Economics, 39, 201-226 Drabek, Z. & Greenaway, D. (1984). Economic Integration and Intra-Industry Trade: The EEC and CMEA Compared. Kyklos, 37(3), 444-469 Durkin, J. T. Jr. & Krygier, M. (2000). Differences in GDP Per Capita and the Share of Intraindustry Trade: The Role of Vertically Differentiated Trade. Review of International Economics, 8(4), 760-774 Eaton, J. & Kierzkowski, H. (1984). Oligopolistic Competition, Product Variety, and International Trade. In: Kierzkowski, H. (Ed.). (1984). Monopolistic Competition and International Trade. Oxford: Clarendon Press, 69-83 Volume 7 | Issue 2 | 117 �Snježana Brkić   Falvey, R. E. (1981). Commercial Policy and Intra-Industry Trade. Journal of International Economics, 11(4), 495-511 Falvey, R. E. & Kierzkowski, H. (1987). Product Quality, Intra-Industry Trade and (Im)Perfect Competition. In: Kierzkowski, H. (Ed.). (1987). Protection and Competition in International Trade. Essays in Honor of W. M. Corden. Oxford: Blackwell, 143-161 Federal Ministry of Environment and Tourism (2017) General Data. Retrieved from http://www.fmoit.gov.ba/bh_chm/osnovni_podaci_o_BiH.pdf Flam, H. & Helpman, E. (1987). Vertical Product Differentiation and North-South Trade. American Economic Review,77(5), 810-822 Glejser, H., Gossens, K. & Eede, V. (1982). Inter-Industry versus Intra-Industry Specialization in Exports and Imports. Journal of International Economics, 12, 363369 Greenaway, D. (1987). Intra-Industry Trade, Intra-Firm Trade and European Integration: Evidence, Gains and Policy Aspects. Journal of Common Market Studies, XXVI (2) Greenaway, D., Hine, R., & Milner, Ch. (1995). Vertical and Horizontal IntraIndustry Trade: A Cross Industry Analysis for The United Kingdom. The Economic Journal, 105, 1505-1518 Grubel, H. & Llyod, P. J. (1971). The Empirical Measurement in Intra-Industry Trade. The Economic Record, 47(120), 494-517 Grubel, H. & Lloyd, P. J. (1975). Intra-Industry Trade: The Theory and Measurement of International Trade in Differentiated Products. London: The Macmillan Press Guell, R. C. and Richard, D. G. (1998). Regional Integration and Intra-Industry Trade in Latin America, 1980-90. International Review of Applied Economics, 12(2), 283-300 Hamilton, C. & Kniest, P. (1991). Trade Liberalization, Structural Adjustment and Intra-Industry Trade: A Note. Weltwirtschaftliches Archiv, 127, 365-367 118 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   Harrigan, J. (1994). OECD Imports and Trade Barriers in 1983. Journal of International Economics, Elsevier, 35(1-2), 91-111 Harrigan, J. (1996). Openness to Trade in Manufactures in the OECD. Journal of International Economics, Elsevier, 40(1-2), 23-29 Havrylyshyn, O. & Civan, E. (1983). Intra-Industry Trade and the Stage of Development: A Regression Analysis of Industrial and Developing Countries. In: Tharakan, P. K. M. (Ed.) (1983). Intra-Industry Trade: Empirical and Methodological Aspects. Amsterdam: North-Holland, 111-140 Havrylyshyn, O. & Kunzel, P. (1997). Intra-Industry Trade of Arab Countries: An Indicator of Potential Competitiveness. IMF Working Paper Helpman, E. (1981). International Trade in the Presence of Product Differentiation, Economies of Scale and Monopolistic Competition: A Chamberlin-HeckscherOhlin Approach. Journal of International Economics, Elsevier, 11 (3), 305-340 Helpman, E. (1987). Imperfect Competition and International Trade: Evidence from Fourteen Industrial Countries. Journal of the Japanese and International Economies, 1, 62-81 Helpman, E. & Krugman, P.R. (1985). Market Structure and Foreign Trade (8th ed). Cambridge: The MIT Press Hummels, D. & Levinsohn, J. (1995). Monopolistic Competition and International Trade: Reconsidering the Evidence. The Quarterly Journal of Economics, 110(3), 799836 International Monetary Fund (IMF) (2017). World Economic Outlook Database. April 2017 Edition. Retrieved from http://www.imf.org/external/pubs/ft/weo/2017/01/weodata/index.aspx Jambor, A. & Torok, A. (2013). Intra-Industry Agri-Food Trade of the Baltic Countries. Paper presented at the 87th Annual Conference of the Agricultural Economics Society, University of Warwick. Retrieved from https://ageconsearch.umn.edu/bitstream/158684/2/Attila_Jambor_Jambor_Torok_ Warwick.pdf Kandogan, Y. (2003). Intra-Industry Trade of Transition Countries: Trends and Determinants. William Davidson Working Paper, 566 Volume 7 | Issue 2 | 119 �Snježana Brkić   Krugman, P. R. (1979). Increasing Returns, Monopolistic Competition and International Trade. Journal of International Economics, 9(4), 469-479 Krugman, P. R. (1980). Scale Economies, Product Differentiation, and the Patterns of Trade. American Economic Review, 70, 950-959 Lancaster, K. (1980). Intra-Industry Trade Under Perfect Competition. Journal of International Economics, 10(2), 151-175 Monopolistic Leamer, E. E. (1988). Measures of Openness. NBER Chapters in: Trade, Policy Issues and Empirical Analysis. National Bureau of Economic Research Inc., 145-204 Lee, H.-H. & Sohn, Ch.-H. (2005). South Korea’s Marginal Intra-Industry Trade and the Choice of Preferential Partners. Asian Economic Papers, 3(3), 94-116 Linder, S. B. (1961). An Essay on Trade and Transformation. New York: John Wiley & Sons Loertscher, R. & Wolter, F. (1980). Determinants of Intra-Industry Trade: Among Countries and Across Industries. Weltwirtschaftliches Archiv, 116, 280-293 Manger, M. (2015). PTA Design, Tariffs and Intra-Industry Trade. In: Dür, A. & Elsig, M. (Eds.). (2015). Trade Cooperation: The Purpose, Design and Effects of Preferential Trade Agreements. Cambridge: Cambridge University Press, 195–217 Matthews, K. (1998). Intra-Industry Trade: An Australian Panel Study. Journal of Economic Studies, 25(2), 84-97 Ministry of Foreign Trade and Economic Relations of BH (MOFTER) (2011). Analysis of Foreign Trade of BH for 2010. Retrieved from http://www.mvteo.gov.ba/izvjestaji_publikacije/izvjestaji/default.aspx?id=3332&lang Tag=bs-BA Ministry of Foreign Trade and Economic Relations of BH (MOFTER) (2013). Analysis of Foreign Trade of BH for 2012. Retrieved from http://www.mvteo.gov.ba/izvjestaji_publikacije/izvjestaji/default.aspx?id=5477&lang Tag=bs-BA 120 Journal of Economic and Social Studies �Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   Ministry of Foreign Trade and Economic Relations of BH (MOFTER) (2015). Analysis of Foreign Trade of BH for 2014. Retrieved from http://www.mvteo.gov.ba/izvjestaji_publikacije/izvjestaji/Archive.aspx?langTag=bsBA&template_id=96&pageIndex=2 Ministry of Foreign Trade and Economic Relations of BH (MOFTER) (2016). Analysis of Foreign Trade of BH for 2015. Retrieved from http://www.mvteo.gov.ba/izvjestaji_publikacije/izvjestaji/default.aspx?id=7897&lang Tag=bs-BA Ministry of Foreign Trade and Economic Relations of BH (MOFTER) (2017). Analysis of Foreign Trade of BH for 2016. Retrieved from http://www.mvteo.gov.ba/izvjestaji_publikacije/izvjestaji/default.aspx?id=8622&lang Tag=bs-BA Nilsson, L. (1999). Two-Way Trade between Unequal Partners: The EU and the Developing Countries. Review of World Economics, 135(1), 102–127 Pagoulatos, E. & Sorensen, R. (1975). Two-way International trade: An Econometric Analysis. Weltwirtschaftliches Archiv, 111(3), 454-465 Rauch, J. E. (1999). Networks versus Markets in International Trade. Journal of International Economics, 48, 7-35 Shaked, A. & Sutton, J. (1984). Natural Oligopolies and International Trade. In: Kierzkowski, H. (Ed.). (1984). Monopolistic Competition and International Trade. Oxford: Oxford University Press, 34-50 Sharma, K. (2000). The Pattern and Determinants of Intra-Industry Trade in Australian Manufacturing. The Australian Economic Review, 33(3), 245-255 Sharma, K. (2002). How Important Is the Processed Food in Intra-Industry Trade? The Australian Experience. Journal of Economic Studies, 29 (2/3), 121-130 Sharma, K. (2004). Horizontal and Vertical Intra-Industry Trade in Australian Manufacturing: Does Trade Liberalization Have Any Impact? Applied Economics, 36, 1723 -1730 Stone, J. A. & Lee, H.-H. (1995). Determinants of Intra-Industry Trade: A Longitudinal, Cross-Country Analysis. Review of World Economics, 133(1), 67-83 Volume 7 | Issue 2 | 121 �Snježana Brkić   Torstensson, J. (1996). Can Factor Proportions Explain Vertical Intra-Industry Trade? Applied Economic Letters, 3(5), 307-309 Venables, A. J., Rice, P. G., & Stewart, M. (2003). The Geography of Intra-Industry Trade: Empirics. Topics in Economic Analysis & Policy, 3(1), 1-23 Veeramani, C. (2009). Trade Barriers, Multinational Involvement and IntraIndustry Trade: Panel Data Evidence from India. Applied Economics (Routledge), 41, 20, 2541-2553 Vernon, R. (1966). International Investment and International Trade in the Product Cycle. The Quarterly Journal of Economics, 80(2): 190–207. DOI: 10.2307/1880689 World Bank. (2016). Data: World Bank Country and Lending Groups. Retrieved from https://datahelpdesk.worldbank.org/knowledgebase/articles/906519. 122 Journal of Economic and Social Studies �2003 2,197.1 32,176.9 8,048.9 30,785.6 27,527.4 14,906.0 2,836.5 2004 2,611.8 36,754.6 9,365.6 34,657.5 31,319.7 17,282.6 3,315.3 2005 2,789.9 38,319.4 10,224.2 35,239.9 32,066.4 18,222.6 3,504.3 2006 3,178.9 40,469.9 11,359.5 37,020.4 33,486.0 19,777.1 4,145.0 Gross domestic product per capita (GDP p/c), in USD 2007 2008 2009 2010 2011 2012 3,912.4 4,784.5 4,508.2 4,404.4 4,788.8 4,430.5 46,652.9 51,629.7 47,785.6 46,757.1 51,192.6 48,381.4 13,544.0 15,889.1 14,142.3 13,505.0 14,538.0 13,234.7 42,531.4 46,681.1 42,576.3 42,641.7 46,853.2 44,089.7 37,890.2 40,953.9 37,130.2 35,969.2 38,379.3 34,918.7 23,959.2 27,784.0 24,785.1 23,499.6 25,040.5 22,517.1 5,486.5 6,689.0 5,820.5 5,353.6 6,424.0 5,656.3 Volume 7 | Issue 2 | Source: Prepared by the author on the basis of IMF World Economic Outlook Database (2017) Country BH Austria Croatia Germany Italy Slovenia Serbia Table 2: Gross Domestic Product Per Capita of BH and Its Most Important Trading Partners Source: Prepared by author on the basis of IMF World Economic Outlook Database (2017) 2013 4,681.9 50,533.3 13,573.7 46,545.1 35,706.6 23,170.3 6,351.7 2014 4,784.8 51,390.0 13,468.7 47,978.6 35,456.7 24,069.3 6,199.1 2015 4,206.7 43,749.6 11,578.5 41,197.4 30,032.1 20,746.9 5,244.3 123 2016 4,308.2 44,498.4 12,095.5 41,902.3 30,507.2 21,320.2 5,376.3 Gross domestic product (GDP), in billion USD Country 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 BH 8.48 10.16 10.94 12.46 15.32 18.71 17.60 17.16 18.63 17.21 18.16 18.52 16.25 16.61 Austria 261.22 300.26 315.19 334.60 386.00 429.64 398.60 390.94 429.43 407.68 428.38 439.07 377.16 386.75 Croatia 34.66 41.57 45.42 50.44 60.08 70.45 62.64 59.67 62.24 56.49 57.77 57.08 48.68 50.44 Germany 2,510.53 2,823.07 2,866.31 3,005.08 3,444.72 3,770.15 3,426.67 3,423.47 3,761.14 3,545.95 3,753.69 3,885.44 3,365.29 3,466.64 Italy 1,572.65 1,800.76 1,855.83 1,944.34 2,206.11 2,402.06 2,190.70 2,129.02 2,278.38 2,073.97 2,131.16 2,155.15 1,825.82 1,850.74 Slovenia 29.74 34.50 36.40 39.62 48.17 55.85 50.37 48.10 51.34 46.28 47.70 49.61 42.80 44.01 Serbia 21.22 24.74 26.08 30.72 40.50 49.17 42.61 39.04 46.49 40.73 45.52 44.21 37.16 37.75 Table 1: Gross Domestic Product of BH and Its Most Important Trading Partners Appendix Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   �2003 17.87 1 18.27 1 18.12 2004 20.15 1 18.40 1 18.83 2005 20.50 1 16.87 1 17.79 2006 18.69 1 17.10 1 17.59 2007 18.36 1 17.78 1 17.96 2008 17.24 1 17.06 1 17.11 2009 17.07 1 18.28 1 17.90 14.38 2.10 6,11 1.62 5.44 2004 13.91 2003 2.44 6.25 14.32 2005 2.79 5.99 12.63 2006 2.84 6.59 14.41 2007 2.67 6.66 15.32 2008 2.67 6.04 12.83 2009 0.26 0.40 0.25 0.39 2004 0.32 0.44 0.31 2005 0.36 0.42 0.29 2006 0.44 0.44 0.31 2007 0.46 0.44 0.33 2008 0.46 124 3.05 6.22 11.61 0.50 0.37 0.46 0.45 2011 0.46 0.43 2012 0,50 3.34 6.64 12.24 2011 14.65 2 14.47 1 14.53 Journal of Economic and Social Studies 0.44 0.40 IIT Share (G-L Index) 2009 2010 2011 0.45 0.49 0.49 Source: Author's own work based on data of Agency for Statistics of BH (2017) IIT with Croatia, all industries (SITC 09) IIT with Croatia – manufacturing (SITC 5-8) IIT with the world 2003 0.30 Table 5: Intra-industry Trade of BH with the World and with Croatia 2010 15.09 2 15.12 1 15.11 2010 Source: Author's own work based on data of Croatian Bureau of Statistics (2016) Share of BH in Croatian export % Share of BH in Croatian import % Trade Intensity Table 4: Trade Intensity of Croatia in Trade with BH Source: Author's own work based on data of Agency for Statistics of BH (2017) Share of Croatia in BH export,% Rank of Croatia in BH export Share of Croatia in BH import,% Rank of Croatia in BH import Trade intensity Table 3: Trade Intensity of BH in Trade with Croatia Snježana Brkić   2012 6.95 3.50 2013 0.50 0.43 6.72 3.52 12.23 2013 14.25 2 12.90 1 13.38 2013 0.50 12.76 2012 14.83 2 14.44 1 14.57 2014 0.55 0.45 2014 0.50 6.12 2.69 11.80 2014 11.00 3 11.43 2 11.28 2015 0.57 0.45 2015 0.53 5.39 2.68 9.73 2015 10.29 3 10.56 4 10.46 2016 0.58 0.45 2016 0.54 5.29 2.91 9.09 2016 10.46 3 10.02 4 10.19 0.47 0.37 Average 0.45 3.11 6.19 11.31 Average 15.75 1 15.19 1 15.34 Average �0.21 0.26 0.27 0.13 0.25 0.29 0.36 0.19 0.42 Country Austria Croatia Germany Italia Slovenia Serbia 0.32 0.30 0.42 0.23 0.31 0.28 2005 0.39 0.33 0.47 0.28 0.29 0.29 2006 0.36 0.44 0.50 0.31 0.31 0.29 2007 0.37 0.44 0.50 0.35 0.33 0.29 2008 0.41 0.44 0.41 0.37 0.37 0.28 2009 44.51% 41.61% 41.81% -671.80 Volume 7 | Issue 2 | 52.00% -505.32 53.62% -532.74 52.89% -530.48 61.06% -389.47 51.58% -458.44 -829.87 595.66 2014 0.38 0.46 0.37 0.47 0.45 0.34 2015 -694.89 615.82 2013 0.39 0.47 0.40 0.43 0.45 0.34 2014 946.75 547.40 2012 0.37 0.43 0.44 0.36 0.43 0.35 2013 1,252.26 1,421.35 1,154.53 1,052.72 1,148.56 1,126.14 1,000.28 482.73 2011 0.41 0.44 0.41 0.38 0.43 0.35 2012 488.31 591.48 557.37 2009 0.41 0.45 0.37 0.37 0.40 0.32 2011 610.81 2008 2007 Source: Author's own work based on data of Agency for Statistics of BH (2017) 2003 2004 2005 2006 Exports to Croatia, mil EUR 218.64 310.37 396.45 493.53 Imports from Croatia, mil EUR 779.58 885.31 964.51 995.44 Trade balance, mil EUR -560.94 -574.93 -568.05 -501.91 Export/import 28.05% 35.06% 41.10% 49.58% coverage % Table 7: Trade Balance of BH with Croatia 2010 0.42 0.43 0.39 0.35 0.45 0.33 2010 IIT Share (G-L Index) Source: Author's own work based on data of Agency for Statistics of BH (2017) 0.35 0.24 0.40 2004 2003 Table 6: Intra-industry Trade of BH with Its Most Important Trading Partners 55.29% -382.44 855.47 473.03 2015 0.34 0.44 0.40 0.50 0.45 0.36 2016 125 60.91% -323.31 827.11 503.81 2016 0.38 0.39 0.42 0.34 0.37 0.31 Average Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia   �2004 31 /16 14 11 9 65 2003 35 /20 10 11 8 63 28 /17 16 11 9 64 2005 26 /19 16 14 8 64 2006 30 /16 14 11 9 64 2007 29 /16 14 10 11 64 2008 21 /12 16 14 12 63 20 /13 19 13 12 64 23 /14 17 13 11 64 20 /13 16 11 16 63 Number of Product Groups 2009 2010 2011 2012 22 /14 15 11 17 65 2013 22 /13 15 15 12 64 2014 21 /14 16 11 15 63 2015 126 Journal of Economic and Social Studies Note: Second number in every cell of the first row (after slash) indicates the number of product groups with 0≤GL≤0.10. Source: Author's own work based on data of Agency for Statistics of BH (2017) 0.26-0.50 0.51-0.75 0.76-1.00 Total Interval GL 0.00-0.25 Table 8: Number of Product Groups, by G-L Index Snježana Brkić   21 /12 17 13 12 63 2016 25 /15 15 12 12 Av. �Journal of Economic and Social Studies                                                                                                                               1  Empirical studies of IIT typically use industry definitions at a three-digit SITC level, since it is believed that it is a category closest to the economic definition of industry. However, reliable data at this aggregation level were not available for BH trade with Croatia in the BH national statistics over a long time period (all until 2008). Using and combining data from other sources (other countries' statistics, international organizations and groups' databases) would affect the reliability and comparability of input „values“in the analysis and the validity of obtained results. 2 The inclusion of data from the period before 2003 into the analysis would mean using data collected and processed by means of different methodologies in BH entities, or combining data from international sources. Since 2003, due to the adoption of appropriate legal documents, it has been possible to merge data on BH foreign trade at a country level, i.e. to collect and express them according to the unique methodology for both BH entities (The Federation of Bosnia and Hercegovina and the Republic of Srpska), and the Brčko District. 3 Balassa (1986a, 1986c) 4 A significant part of IIT in the world pertains to differentiated products for the purchase of which, as opposed to the purchase of standardized products, it is essential that buyers are well informed on varieties' characteristics. Greater proximity leads to an increase in informartion availability – contacts between companies, and between companies and consumers intensify, and thus lower the costs of providing information to buyers, facilitate trade and make it less expensive (Brkić, 2010). 5 Distance between Sarajevo and Belgrade equals 193 km, between Sarajevo and Vienna 510 km, between Sarajevo and Ljubljana 395 km, between Sarajevo and Rome 532 km, and between Sarajevo and Berlin 1,033 km (CEPII, 2013). 6 According to the Croatian Bureau of Statistics (2015), the length of land border between Croatia and BH, including borders on rivers, amounts to 1,011.4 km. 7 CEFTA agreement was signed on 19.12.2006. Croatia became its member in 2006, and BH in 2007 (BH ratified the Agreement on 27.09.2007). 8 Trade coefficient is calculated as a share of foreign trade of a given country in its GDP. 9 In the beginning of the analyzed period, Croatian GDP was four times higher than BH GDP, so that the difference decreased in the meantime. 10 In 2003, Croatian GDP p/c amounted to USD 8,048.9 compared to USD 2,197.1 in BH, while in 2016 it amounted to USD 12,095.5 compared to 4,308.2 in BH (Appendix, Table 1). 11 Countries of this group have incomes p/c between USD 3,956 and USD 12,235 for 2016. 12 Until 2014, IIT index pertains to Serbia and Montenegro together, since the two countries were in a state union at the time. 13 Appendix, Table 7. 14 Except for Serbia. According to the analyses of the Ministry of Foreign Trade and Economic Relations of BH, import coverage by exports in the trade with Serbia decreased to approximately 50% after 2010 and 2011, when it amounted to over 60%. Volume 7 | Issue 2 | 127 �Snježana Brkić                                                                                                                                                                                                                                                                                                           15 Before 2010, it typically amounted to approximately 41% (Appendix, Table 7). Appendix, Table 7. 17 Data from publications on analysis of BH foreign trade issued by Ministry of Foreign Trade and Economic Relations of Bosnia and Herzegovina in the following years; 2011, 2013, 2015, 2016, 2017. 18 These results are usually not taken as completely accurate, due to certain weaknesses of the use of corrected G-L index. It is however irrefutable that due to the trade imbalance in the mutual trade of these countries, the IIT share is to a degree underestimated. 19 According to parameter ±0.15. 20 Note: „no RUV “means that RUV could not be calculated because of one-way trade i.e. only export or only import registered in a given industry. 16 21 “Smooth-adjustment hypothesis” refers to realocation of production factors (labour and capital) between different product lines within a given sector rather than between sectors. Adjustment in terms of temporary unemployment and wage disparities is “smoothy” if expanding product lines and declining product lines belong to the same sector (Brülhart & Elliot, 1998).     128 Journal of Economic and Social Studies � Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3755 Title A name given to the resource Bilateral Intra-Industry Trade in Country Characteristics Context: The Case Study of Trade of Bosnia and Herzegovina with Croatia Author Author Brkić, Snježana Abstract A summary of the resource. Abstract: The paper focuses primarily on intra-industry trade (IIT) which is researched in the context of country-specific characteristics. A three-decade-long academic research of IIT phenomena suggests that IIT is likely to be more intensive and mostly of horizontal type between countries that are at a similar stage of economic development, with the same level of trade openness and with intensive and significantly liberalized mutual trade. Geographical proximity of countries, especially their common border, as well as their similarities in some non-economic characteristics such as history, culture, language, also contribute to IIT intensity. Bosnia and Herzegovina (BH) and Croatia match most of these criteria for intensive and increasing IIT. The aim of the research is to check aforementioned thesis on IIT on a case study of BH in its trade with Croatia over the period from 2003 till 2016. Research is focused on IIT characteristics – intensity, trend and structure, both at aggregate level (based on calculating corrected and uncorrected Grubel-Lloyd indices) and at division level of Standard International Trade Classification – SITC (based on calculating standard Grubel-Lloyd index and relative unit values of export and import). The research findings indicate a continuously rising, although lower than expected, intensity of IIT, taking into account similarities between given countries in comparison with other important trading partners of BH and taking into account a high level of data aggregation. In BH trade with Croatia inter-industry trade still prevails while high intensive IIT appears in a very low number of product groups, coupled with the dominance of vertical IIT. However,at the same time a growing trend and a significant increase of IIT intensity in trade with Croatia have been identified. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Article PeerReviewed DOI Digital object identifier doi: "10.14706/JECOSS17726 " Identifier An unambiguous reference to the resource within a given context ISSN 1986-8499, H Social Sciences (General),HB Economic Theory https://omeka.ibu.edu.ba/files/original/e4bfd31774208becfe0269abe98a4ae0.pdf 4c79705625710cec4cfc2b2adff216b8 PDF Text Text ���Ilda Kovačević Sanin Džidić HIGH - RISE BUILDINGS STRUCTURES AND MATERIALS Sarajevo, 2018 �Authors: Ilda Kovačević Sanin Džidić Publisher: International BURCH University Sarajevo Critical Review: Assoc. Prof Dr. Amir Čaušević, University of Sarajevo, Faculty of Architecture Assoc. Prof. Dr. Nerman Rustempašić, University of Sarajevo, Faculty of Architecture Assist. Prof. Dr. Emina Zejnilović, International BURCH University, Faculty of Engineering and Natural Sciences, Department of Architecture Proofreading: Dijana Misaljević, MA Desktop publishing: Authors Date and Place: February 2018, Sarajevo, Bosnia and Herzegovina Copyright International BURCH University Sarajevo, Bosnia and Herzegovina, 2018 Reproduction of this Publication for Educational or other non-commercial purposes is authorized without prior permission from the copyright holder. Reproduction for resale or other commercial purposes prohibited without prior written permission of the copyright holder. Disclaimer: While every effort has been made to ensure the accuracy of the information, contained in this publication, the publisher will not assume liability for writing and any use made of the proceedings, and the presentation of the participating organizations concerning the legal status of any country, territory, or area, or of its authorities, or concerning the delimitation of its frontiers or boundaries. _________________________________________________________ CIP - Katalogizacija u publikaciji Nacionalna i univerzitetska biblioteka Bosne i Hercegovine, Sarajevo 725.222(075.8) KOVAČEVIĆ, Ilda High-rise buildings [Elektronski izvor] : structures and materials / Ilda Kovačević, Sanin Džidić. El. knjiga. - Sarajevo : International Burch University, 2018. - 175 str. : ilustr. Način dostupa (URL): http://eprints.ibu.edu.ba/3717. - Nasl. s nasl. ekrana. - Izvor opisan dana 23.1.2018. - Bibliografija: str. 163-175. ISBN 978-9958-834-59-2 1. Džidić, Sanin COBISS.BH-ID 24918278 ���TABLE OF CONTENT Preface ......................................................................................................................... 7 List of Figures ............................................................................................................ 9 List of Tables ........................................................................................................... 15 Introduction .............................................................................................................. 17 High-Rise Buildings through World Architecture ................................................... 25 High-Rise Buildings in Bosnia and Herzegovina ..................................................... 43 Structures of High-Rise Buildings ........................................................................... 59 Classification of the Structures of High–Rise Buildings .......................................... 65 Frame System ........................................................................................................... 69 Shear Walls System .................................................................................................. 71 Outrigger System ...................................................................................................... 75 Tube System ............................................................................................................. 79 Diagrid System ......................................................................................................... 85 Space Truss System, Exo–Skeleton System and Super Frame Structures ............... 87 Hybrid Structures ..................................................................................................... 91 Steel as Structural Material for High-Rise Buildings ............................................... 93 Concrete as Structural Material for High-Rise Buildings ...................................... 105 High-Strength Concrete (HSC) as Structural Material for High-Rise Buildings ... 119 Composite Steel-Concrete Structures for High-Rise Buildings ............................. 133 Risk of Progressive Collapse in High-Rise Structures ........................................... 143 References .............................................................................................................. 163 ��PREFACE High-rise buildings present a challenge; they present a challenge for architects, engineers, occupants as well as observers. They attract the viewer's eye. They are our monuments and often become city landmarks and tourist attractions. City views from the tops of the buildings are also extremely appealing. People either praise them or criticize them, but they are indeed an important part of urban landscape in every modern city. They are here, present, and can be found in every metropolis or city that intends to become one. Sometimes they stand in awe, and sometimes they stretch above. For all they are, or for all they are not, their builders are the culprits responsible for these magnificent structures. This book is the result of a serious research, and it is intended to become a textbook for the "High-Rise Buildings" course held at the Master's Degree Program at the Department of Architecture at the Faculty of Engineering and Natural Sciences of the International BURCH University in Sarajevo. However, students of other architectural faculties or departments of architecture, students of structural engineering, as well as architects and structural engineers in design and construction themselves may find this book helpful. Parts of the book, or the entire book may also be of interest for a common reader. As the human body is composed of brain, skeleton, muscles, organs, blood and nervous system, all of which have their own functionality and appearance, the organism we call a high-rise building is also composed of load-bearing structure, different materials applied, and various embedded functional systems that allow for comfort and serviceability of these structures. Their appearance catches the observer’s eye and causes different emotions; sometimes these emotions are positive, sometimes not so much, but essentially everything that initiates any emotion in a person becomes a truly memorable experience. This book attempts to simultaneously analyze high-rise buildings from several aspects - form, appearance and beauty, and in the next step, their architectural and structural functionality and comfort. But no project is possible without the actual materialization and functional load-bearing structure. Like a human being, each building has its own requirements and expectations, as well as its needs to properly behave in dangerous situations that may happen in one’s lifetime, or in the case of buildings, in a service life. Every high-rise building should adequately respond to common situations, and those that are not so common, but also be prepared to those that are entirely unexpected. This book will try to explain the symbiosis and causative consequential relationships and synergy of architecture, load-bearing structure and applied materials. If this synergy did not exist, it would be difficult to talk about a successful 7 �project, but if it existed, then the story about that building would be shared and passed on. Readers of the book will decide if we succeeded in our attempt; if we contributed to the improvement of one’s knowledge in this field of expertise, then we succeeded as authors. If we caught up your interest in the subject, we did it again. If not, forgive us, because we had the best possible intention of doing so. However, we will look for the opportunity to improve and redeem ourselves through some other future projects. We use this opportunity to thank our reviewers for their remarks, recommendations and suggestions. We’d like to thank mr. Elmir Halebić for the design of the book cover, and also to everyone who has in any way contributed to the process of publishing this book, at the mutual pleasure of readers and authors. Authors 8 �LIST OF FIGURES Figure 1 - Around the World in Tall Buildings – Current Location of the Top 100 [94]................................................................................ 18 Figure 2 – Comparison of Historical High–Rise Structures, Pyramids of Giza and Colosseum, Rome ................................................................ 25 Figure 3 – Notre – Dame Cathedral, Reims, France 1211 – 1311 [108, 5] .......... 26 Figure 4 – First Steel Framed Skyscraper, Home Insurance Building, Chicago 1884-85 [155] ....................................................................................... 28 Figure 5 – First Safe Elevator in Crystal Palace, E.G. Otis, 1853 [145] .............. 29 Figure 6 – New York (up) Compared to Paris (down), Period of 1915 [69, 93] ... 30 Figure 7 – Le Corbusier’s Radiant City [162] ....................................................... 31 Figure 8 – Chrysler Building, Manhattan – Steel Frame [112] ........................... 32 Figure 9 – Empire State Building [186] ................................................................. 33 Figure 10 – World Trade Center (left) and Sears Tower (Willis Tower) (in the middle and right) [135, 146] ..................................................... 34 Figure 11 – Ingalls Building, Cincinnati – Concrete Structure [11] ...................... 34 Figure 12 – Petronas Towers, Kuala Lumpur, Malaysia, 452 m [163] .................. 35 Figure 13 – Shanghai, China, Landscape [113] ..................................................... 36 Figure 14 – Structural Material for High-Rises in Shanghai [187] ........................ 36 Figure 15 – Shanghai Tower [187] ......................................................................... 37 Figure 16 – Dubai – 1991(left) and Dubai – 2016 (right) – with World’s Highest Building Burj Khalifa (829,9 m height) [90] ....................................... 37 Figure 17 – Illustration: “Would you like to live in a vertical city?” [197] ..................................................................... 39 Figure 18 – Shanghai – Pudong District (left) – Vertical Living, Land Consumption and Low–Rise Settlement in Less Developed Areas of Shanghai (below) [149, 153] ................................................................ 39 Figure 19 – Shanghai Tower – during Construction Phase – Showing the Structural Design of the Building (left) and Characteristic Floor Plan of Shanghai Tower (right) [133, 97] ........................................... 40 Figure 20 – Wind Turbines at the Top of the Residential Building, Indigo Building, Portland Oregon – Renewable Energy Source (left) and Breathable Double Elevation on Shanghai Tower Enables Natural Building’s Ventilation, Saving Costs and Use of Electric Energy (right) [141, 168] ................................................................................. 41 Figure 21 – Burj Khalifa, Dubai [148, 159] ........................................................... 41 Figure 22 – Capital City of BiH – Sarajevo 1900 (above) and Sarajevo (1950) (below) [72, 166] ................................................ 43 9 �Figure 23 – First High–Rise Building in BiH, “Vakufski neboder” after Last Renovation [129] ................................................................. 44 Figure 24 – Apartment Blocks at the Miljacka River Bank in Sarajevo, 1962 [39] . 45 Figure 25 – Faculty of Natural Sciences and Mathematics in Sarajevo, 1966 [76] . 45 Figure 26 – Residential Block of High–Rise Buildings, Čengić Vila [119] ............. 46 Figure 27 – Prefabricated High–Rise Buildings – Alipašino Polje [77] ................. 46 Figure 28 – National Parliament - J. Neidhardt (left) and UNITIC Office Buildings - I. Štraus (right) [80, 101] .................................................. 47 Figure 29 – Banja Luka after Devastating Earthquake in 1969 [110] .................... 48 Figure 30 – ”Incelov neboder” or “Čajavčev neboder”, Banja Luka [152] ........... 49 Figure 31 – Zenica – Residential Blocks at River Bank (left) and Lamela – Highest High–Rise Building in Zenica (right) [131, 125] ................................. 50 Figure 32 – Tuzla’s Settlement of High–Rises – Sjenjak [73] .................................. 50 Figure 33 – Bijeli neboder (White Skyscraper), Bihać’s Highest High–Rise [120] ........................................................ 51 Figure 34 – UNIS Office Building in Sarajevo, Burning, Last War (1992) [138] ... 52 Figure 35 – Bosmal City Centre Sarajevo [156] ....................................................... 53 Figure 36 – New Generation of BH High–Rises in Sarajevo [188] ........................ 53 Figure 37 – Avaz Twist Tower [124, 150] ............................................................... 54 Figure 38 – Sarajevo City Center (SCC) [158] ........................................................ 55 Figure 39 – Administrative Building of the Government of the Republika Srpska [99] ........................................... 55 Figure 40 – Mellain Complex, Tuzla under Construction (left) and Constructed (right) [125, 130] ...................................................... 56 Figure 41 – Franciscan Church and its Bell Tower–Symbol of Peace, Mostar [140] ......................................................................................... 57 Figure 42 - Frame (left) and Braced Frame (right) ................................................. 61 Figure 43 - Detail of Figure 42 ................................................................................. 61 Figure 44 - Hearst Magazine Building - 2004, NYC (left), Hotel de las Artes – 1992, Barcelona (right) [87, 100] ....................... 62 Figure 45 - Classification of the Structures of High–Rise Buildings according to F.R. Khan (steel structures) [1] ........................................................... 65 Figure 46 - Classification of the Structures of High–Rise Buildings according to F.R. Khan (concrete structures) [1] ..................................................... 66 Figure 47 - Classification of the Structures of High–Rise Buildings according to Mir M. Ali (interior structures) [1] ............................................................. 66 Figure 48 - Classification of the Structures of High–Rise Buildings according to Mir M. Ali (exterior structures) [1] ............................................................ 67 Figure 49 - Rigid Frames of High–Rises, Combination of the Displacement due to Sway and Bending [177] ...................................................................... 69 10 �Figure 50 - Lake Shore Apartments – Rigid Steel Frame Structure (left) and Stanhope Building – Rigid Concrete Frame Structure (right, axonometric) [179] ................................................................... 70 Figure 51 - Common Type of Bracings ..................................................................... 70 Figure 52 - Variations of Interruptions in Shear Walls [176] .................................. 71 Figure 53 - Axonometric View of Shear Walls System, Example (left) and Characteristic Floor Plan of the National Commercial Bank, Showing the Symmetry in Arrangement of Shear Walls (right) [180] . 72 Figure 54 - Casselden Place, Melbourne – Concrete Shear Walls + Steel Frame, 43 Stories (left) and 311 South Wacker Drive – Concrete Shear Walls + Concrete Frame, 75 Stories (right) [102, 104] ...................... 73 Figure 55 - Shanghai’s Tower Structural System [139] ............................................ 75 Figure 56 - Bending Moment Diagram under Applied Wind Load on Shear Core and Frame Structure (above) and Bending Moment Diagram under Applied Wind Load on Outrigged Structure System (below) ................ 76 Figure 57 - Variation of Tubular Structures ............................................................. 79 Figure 58 - Characteristic Arrangement of the Structural Elements for Framed Tubes in Plan (left) and Diagram of Shear Lag Effect (right) [1] ....... 80 Figure 59 - De Witt Chestnut Apartment Building in Chicago, F. Khan, Characteristic Floor Plan Showing Perimeter Column Arrangement (left), and De Witt Chestnut Apartment Building Constructed (right) [178, 137] ............................................................................................. 80 Figure 60 - John Hancock Centre, Representative Example of Braced Tube Structure [79] ....................................................................................... 81 Figure 61 - Sears Tower, Chicago (left), Schemes of Modular Floor Configuration (mid and right) [67, 181] .............................................. 82 Figure 62 - Different Plan Configuration for Bundled Tube Structures ................... 82 Figure 63 - 181 West Madison Street, (left), Characteristic Floor Plan (right) [144, 143] ............................................................................................. 83 Figure 64 - Hearst Headquarters Centre in New York (left), and 30 St. Mary Ave in London (right) [170, 96] .................................................................. 85 Figure 65 - Variations of Diagrid Geometry [62] ................................................... 86 Figure 66 - Concrete Diagrid, O-14 Building Dubai (left) and Construction of Diagrid (right) [161, 167] ................................... 86 Figure 67 - China Tower of 1990 (left) and View on Buildings Structure from Interior of the Building (right) [160, 64] ............................................. 87 Figure 68 - Hotel de las Artes, Exo – Structure at Main Structural System (left) and View on Detail of Elevation, Structure Connection to the Buildings Volume (right) [128] ............................................................ 88 11 �Figure 69 - Parque Central Tower, Caracas, Venezuela, Concrete Super Frame Structure, under Construction (left), on fire (mid), Renovated (right) [91, 134, 132] ................................... 88 Figure 70 - Chicago Ultra–High Building, Proposal for Steel Super Framed Structure, Elevation (left) and Characteristic Floor Plans (right)[71] 89 Figure 71 - Belvedere Building, Rotterdam - Horizontal Forces Scheme (left), Inclined Strut (mid), Constructed Building (right) [41] ....................... 91 Figure 72 - Bessemer Steelmaking Process (illustration of furnace) [142] ............. 94 Figure 73 - Contemporary Steel Making Process, Combination of Blast Furnace Top Gas Recycling and Blast Oxygen Furnaces, Highly Reduces Steelmaking Emissions (illustration) [151] .......................................... 94 Figure 74 – UK Hot – Rolled Steel Open Sections [191] ......................................... 96 Figure 75 – Tubular Steel Sections [191] ................................................................. 97 Figure 76 – European Steel Sections [123] .............................................................. 97 Figure 77 – Standard Z and C Cold Rolled Steel Sections [117] ............................. 98 Figure 78 – Stress – Strain Diagram for a Steel in Tension [85] ............................. 99 Figure 79 – Schematic Expression of Steel’s Ductile Failure Phases [183] .......... 100 Figure 80 – The Influence of Temperature on Loss of Toughness [154] ............... 101 Figure 81 – Home Insurance Building, Chicago, World’s First High–Rise Building Steel Structured [192] ......................................................... 101 Figure 82 – World Trade Centre I and II, Results of the Attack High Fire Demolished or “Burnt” Steel Structure of High–Rises, September 11, 2001 [194] .................................................................. 102 Figure 83 – John Hancock Building - Elevation (left) and in Urban Context (right) [109, 88] ............................................. 103 Figure 84 – Pantheon, Rome, Interior (left) and Exterior (right) [193, 81] .......... 105 Figure 85 – Ingalls Building, First Concrete High-Rise (left) and Hoover Dam right [105, 111] ..................................................... 106 Figure 86 – Concrete Compressive Strength in Relation to W/C Ratio [165] ....... 108 Figure 87 – Importance of the Aggregate Grading – Single Sized Aggregates (left), Poorly Graded Aggregates (middle) and Well Graded Aggregates (right) [175] ........................................ 109 Figure 88 – Reinforcing Steel – Textured Rebar and Meshes [121] ...................... 110 Figure 89 – Difference in Behaviour of Reinforced Concrete and Prestressed Concrete under Applied Load [11] .................................................... 111 Figure 90 – Concrete Cylinder and Cube Test Samples [75] ................................. 113 Figure 91 – Concrete Compression Strength Development in Relation to Conditioning of Test Specimens [164] ............................................... 114 Figure 92 – Tangent and Secant Modulus of Elasticity of Concrete [126] ............ 114 Figure 93 – Creep of Concrete [89] ....................................................................... 115 12 �Figure 94 – Concrete Shrinkage Development [38] ............................................... 115 Figure 95 – Petronas Tower- Characteristic Floor Plan Showing Concept and Structure [66] ..................................................................................... 117 Figure 96 – Burj Khalifa (left), Petronas Twin Tower (mid) and Ingalls Building (left) [82] ................................................................. 118 Figure 97- The Last Completed Super High–Rise, Burj Khalifa, 2010 (left) and the First Completed High- Strength Concrete High–Rise, Outer Drive East.1963 [83] ............................................................... 120 Figure 98 - Common Mineral Admixtures – Supplementary Cementitious Materials for High-Strength Concrete [103] .................................... 124 Figure 99 - Eureka Tower Characteristic Floor Plans, 26-52 Storeys(left–top), 53-65 Storeys(left – mid), 66-88 Storeys(left – bottom), Black Hatch Stands for High–Strength Structural Elements and in 2006 (right) [78] ..................................................................... 127 Figure 100 - Baiyoke Tower 2 [118, 60] ................................................................ 128 Figure 101 - Characteristic Floor Plan of Trianon Building (left–top), Schematic Scenario of Possible Collapse (left–bottom) and Trianon Building, 1992, completed (right) [199, 200] .................................................... 129 Figure 102 - Altieri Spinelli Building, Brussels, Belgium [157] ............................ 130 Figure 103 - Summary of the Representative HSC High–Rises [136] ................... 131 Figure 104 - Rolled Beam Enchased with Concrete, Section through Railway Bridge (Kommerell) [28] ................................................................... 133 Figure 105 - Composite Steel Beam Patented by Julius Khan, 1926, USA [28] .... 134 Figure 106 - Composite Beam with Shear Connection between Steel Beam and Concrete Slab, with Diagrams of Stress Distribution in Cross Section [68] .............................................................................. 136 Figure 107 - Composite Columns Types, a) Steel Section Fully Enchased with Reinforced Concrete, b) Steel Section Partially Enchased with Reinforced Concrete, c) Steel Section Partially Enchased with Concrete [70] ..................................................................................... 136 Figure 108 - Composite Column Types, d) Rectangular Hollow Steel Section Filled with Concrete, e) Circular Hollow Steel Section Filled with Concrete, f) Circular Hollow Steel Section Filled with Concrete with Embedded I Steel Section [70] ........................................................... 137 Figure 109 - Components of Composite Slab, Casting and Installation Principle [190] ........................................................ 137 Figure 110 - Shapes and Dimensions of Shear Connectors, Angle, Circular Hexagonal or Circular Headed and Channel Section [174] ............. 138 Figure 111 - Composite Structured High–Rises on the List of the World’s Tallest High–Rises in 2011 by CTBUH [188] ............................................ 139 13 �Figure 112 - Taipei 101 - Schematic View of Characteristic Plans and Elevation [14] ............................................................................. 140 Figure 113 - Taipei 101 – Composite Structure Compared to the Petronas Towers–Reinforced Concrete Structure in Terms of Perimeter Columns [189, 14, 98] ........................................................................ 141 Figure 114 - Types of Structural Loads on High-Rise Structure [185] .................. 145 Figure 115 - Progressive Collapse, Schematic Presentation of the Progressive Collapses of World Trade Centre (9/11) [61] .................................... 146 Figure 116 - Illustrative Presentation of Permanent and Variable Actions [122] . 147 Figure 117 - Effect of the Wind on Snow Load Distribution on Roof Top [115] ... 148 Figure 118 - Flat Roof with Ponding Issue [116] .................................................. 149 Figure 119 - Burj Khalifa, Model for Wind Tunnel Testing, Scale 1:500 [84] ...... 150 Figure 120 - Schemes of Possible Aerodynamic Solutions in Architectural Forms of High–Rise Buildings Caused with Drastic Plan Variations from Floor to Floor [65] ............................................................................ 151 Figure 121 - Wind Behaviour - Characteristic Floor Plans of Burj Khalifa [159] 152 Figure 122 - Taipei 101’s 728 Ton Tuned Mass Damper, World’s Largest Tuned Damper, and the Only One Visible to the Public and Opened for Visits [95,127] .................................................................................... 153 Figure 123 - Damping System Types for High–Rise Buildings - Classification [5] ............................................................................................................ 153 Figure 124 - Diagram of Seismic Action Distribution, with Respective Increase of the Buildings Height [184] .............................................. 154 Figure 125 - Progressive Collapse of Residential 17-Storey High–Rise, Caused by the Earthquake in Taiwan, February, 2016 [173] ........... 154 Figure 126 - World Trade Centre – 9/11 [107, 172, 92, 86] .................................. 155 Figure 127 – Progressive Collapse of the World Trade Centre in 6.5 seconds [171] ........................................................................... 156 Figure 128 - Exterior Blasts– Explosion Next to the Building [182] ..................... 157 Figure 129 - Collapse Simulation, High–Rise Building Exposed to Interior Explosion, Where the Structure Does Not Resist for the Applied Blasts, and Continues with Progressive Collapse [198] .................... 158 Figure 130 - Mandarin Oriental Hotel, 2/9/2009, Beijing, 44 Storey, Composite Concrete and Steel Framed Structure, was Entirely Affected by Fire Remained without Structural Collapse [195,63] ................... 159 Figure 131 - Grenfell Tower, the Most Recent Fire Incident on the High–Rise in Such Large Scale, June 15, 2017 [102] ............................................. 159 Figure 132 - Grenfell Tower, Cross Section Pointing on Place of Fire Start, with Characteristic Floor Plan Pointing out the Only Staircases Down the Centre of the Building [74] ................................................ 160 14 �LIST OF TABLES Table 1 – Steel Classification according to Carbon Percentage Presence ............... 98 Table 2 - Concrete Classification according to Compression Strength of Concrete ......................................................... 112 Table 3 - Concrete Classification according to Unit Weight of Concrete .............. 112 Table 4 - Concrete Classification according to Admixtures Used in Concrete ...... 113 Table 5 - Classification of Structural Systems of High–Rises Interior Structures [1] ...................................................... 161 Table 6 - Classification of Structural Systems of High–Rises Exterior Structures [1] ..................................................... 161 15 ��INTRODUCTION Race and desire in constructing tall and high exist since periods of early civilizations. The architectural heritage and remains from early civilizations, are undeniable evidences that constructing high and massive is not innovation and reflection of the contemporary society. Looking back at Egyptian pyramids, Greek and Roman temples which introduced high, massive columns, human desire to express the power and wealth through building high and tall continued with European churches, towers and castles back in Late Middle Ages and Renaissance period lasting up to the contemporary ultra–high–rise buildings and skyscrapers. However, turnkeys for high– rise buildings we are familiar with, were innovation of the mechanism for safe vertical transportation-elevator and new structural materials in late 19th century. Since late nineties of the 19th century and early twenties of the 20th century, high–rise buildings and structures are becoming daily challenge and new direction for architectural, constructional and material technology development. For contemporary societies worldwide, high–rise structures are becoming common thing and inevitable part of new living style. Whether high–rise buildings function as commercial, residential or educational use of these forms of vertical architecture is becoming more and more popular. “Today it is almost impossible to imagine a major city without tall buildings. As the most important symbols of today’s cities, tall buildings have become a source of faith in technology and national pride, and have changed the concept of the modern city along with its scale and appearance. Despite the fact that tall buildings have moved city life away from the human scale, in general it is accepted that these buildings are an inevitable feature of urban development.” [14] Even though, high–rise buildings occupied architectural and construction scene and do play an important role for solving excessive land consumption problems and problems of accommodation in overpopulated zones, architectural critic are generally describing high–rises as gigantic hazards in urban areas and tools to show off the prestige, power and wealth; which do create environment oversized if compared to human scale and do cause harmful influences on environment. As everything, highrise buildings do have its advantages and disadvantages, but one is sure, high–rise buildings are accepted by mass population. It is common for every urban area to have structures and buildings which are characterized as high–rise because they outstand among other buildings in surrounding, primarily by height. 17 �Figure 1 – Around the World in Tall Buildings – Current Location of the Top 100 [94] High–rise buildings are landmarks of the present and do form urban identity in form of grandiose unique skylines. However, not always high–rise buildings are to be successful, whether failure may happen during construction or service life of the structure. Thus, along with increase in building’s height, breath-taking futuristic architectural forms and concepts, awareness of necessity for highly advanced structural systems and materials in order to respond greater loads increases as well. Those advances sought for higher safety, stability, resistance and prevention of possible progressive collapses due to possible accidental occasions. In terms of these advanced technologies, high–rise buildings were celebrated on the cast iron and steel load–bearing structural elements which were designed to form rigid frame. More slender structural elements, larger spans more open floor plans presented steel as material of future, while concrete as structural material was at the beginning mostly excluded as option in structuring of high–rises. Neither concrete’s high fire resistance, nor its high resistance to very aggressive environments, abrasion and corrosion could overcome the problem of large and massive structural elements, in the eyes of the architects, designers etc. Early advanced technological developments and experimental studies tried to overcome the problem of massiveness of the concrete structures and at the end of the day all efforts resulted in form of material with better properties with focus on compression strength. For better understanding, at that time, the concrete with greater strength, high–strength concrete, referred to the concrete’s with compressive strengths 18 �up to 35 – 51 MPa. Even though, nowadays, such compressive strength is considered as conventional normal strength concrete, than it was sufficient to initiate use of the concrete in structuring high–rise buildings. Second half of the 20th century, was the period of both structural materials steel and concrete development. In this period upgrading weaknesses of one material with powers of another one, developed new concept of composite steel–concrete structures. Steel, high–strength concrete and composite materials, were three subjects to material technology development in structuring of high–rise buildings. At the same time, keeping up with newest technological achievements of material, structural engineers, architects and designers were developing numerous different structural systems which could relate between desired heights and environmental conditions which causes the most severe loads for high–rise buildings (wind load, seismic actions, etc.). However, real turnover in structuring of high rise buildings whether it is about structure or structural material happened at early 21st century. Unfortunately, fires that affected few of the world’s famous and the tallest high–rises in large scale showed weaknesses of steel structures. Rapid progressive collapse, material used which had low fire resistance, insufficient time for secure evacuations resulted in irreplaceable losses. These events, exposed one of the concrete’s greatest advantage in high–rise resistance and initiate greater use of the concrete, and high–strength concrete for structuring of high–rises. Nowadays, around developed urban areas which are living high–rise, there are concrete plants which daily produce concrete with compressive strengths up to 95 MPa. Bosnia and Herzegovina and Balkan area were undergoing rapid urbanisation and development during late fifties and early sixties of the last century. Sarajevo, Zenica, Tuzla, Bihać, Mostar were enriched with numerous high–rises. Unlike World’s scene where the high–rises represented office and commercial blocks, high–rises in former Yugoslavia were strictly functioned as residential with few exceptions, and generally were structured with concrete. For the country at the beginning of industrialisation process, where large migrations were toward urban zones, high–rise residential settlements were logic solution to prevent excessive land consumption and to form urban and spatial plans. The last war (1992–1995) stopped technological development in all fields in Bosnia and Herzegovina, and the years after the war were dedicated to reconstructions and repairs of damaged buildings, infrastructures etc. High – rises suffered many accidental impacts during the war years. However the resistance of concrete structures, largely saved many buildings. Lately, Bosnia and Herzegovina is being enriched by new samples of the high–rise buildings with more architectural valued high–rises. However, low material 19 �technological development is not enabling the possibility for any of futuristic worldwide seen structures. Structural engineers, architects and designers in Bosnia and Herzegovina are still rather choosing the concrete than any other material, but concrete technology is still remaining at conventional–normal strength concrete. Thus, there are numerous rigid frame structures with oversized columns, beams, and overuse of raw material, meaning on aggregate, cement, and superplasticizer while there are domestic materials which are sufficient for the first researches on high– strength concrete and later on productions. Presently, there are numerous easy ways to find out about newest technologies and knowledge. This book is being concerned at the high–rise buildings, from what are the most successful high–rises worldwide, its structural, architectural, mechanical design, its resistance as physical object in different environments, at different loadings and actions to the situation in Bosnia and Herzegovina and ability to catch up with new concrete technologies using domestic materials. Concepts and forms of the high–rise buildings are under constant change. Specific and detailed analysis of phenomena, high–rise buildings, rises different questions, opinions and understandings, both supportive and those critical ones. Along with the idea of high–rise buildings, there is mostly dose of scepticism after announcement of its primary design due to oversize when compared to human scales. However high– rise buildings are widely becoming accepted as part of the lifestyle and represent great urban development, national pride and construction, which is undoubtedly environmental friendly and efficient at least in decrease of land overconsumption. Even though this book is concerned on contemporary high–rise building’s structures and material technology development, it also includes historical analysis of what, when and how society ended up with these monumental structures. According to the short documentary published by New York Times “A Short History of the High-Rises” by Katerina Cizek, the historical analysis of high–rise begins back in 2500 BC. This documentary contain four parts “Mud”, “Concrete” , “Glass” and “Home”, which express the power of vertical living and variety in materials used for high-rise construction from mud and dusty sands in Yemen to advanced high–strength materials (steel and concrete) with curtain glass walls all around the world. Documentary “A Short History of High-Rises” gave excellent insight toward phenomena of high–rise buildings. However, turnkey for high–rise buildings and forms we are familiar with nowadays according to Mark Sarkisian are large fires which burnt large area of the Chicago and initiate diverse thinking in both designs and technologies. In his book, “Designing Tall Buildings, Structure as Architecture” he wrote: 20 �“The fire of 1871 devastated the city of Chicago but created an opportunity to re-think design and construction in an urban environment, to consider the limits of available, engineered building materials, to expand on the understanding of others, and to conceive and develop vertical transportation systems that would move people and materials within taller structures.“ [33] To enrich the collected data with situation in the area of Bosnia and Herzegovina, literature includes vision and perception of one of the most important modernist architect of former Yugoslavia, Ivan Štraus. His book, “The Architecture of Bosnia and Herzegovina, 1945–1991”, [39] informs us about the most successful high–rise buildings in entire area of Bosnia and Herzegovina through this period. However, as the architect and architectural critic, Štraus had chance to choose those building which outstand among the others and represent valuable architectural object partially expressing subjective opinion. Such approach to analysis of architecture in Bosnia and Herzegovina was more than supportive for high–rises, because exactly high–rises were main tool for directing architecture and urbanism for the above mentioned period. Another source, which explains the historical development at the Bosnian territory, is “Arhitektura Bosne i Hercegovine (The Architecture of Bosnia and Herzegovina)” [27] by Prof. dr. Amir Pašić, which as the Štraus tended to explain how and in what directions Bosnian architecture and urban areas were developing during the 20th century. Conducted historical analyses express rapid and advanced development of high–rises. By textual and visual sources, it is possible to analyse how societies worldwide were experiencing taller and taller structures year by year, and how the architects and engineers were pushing the limits of structural, mechanical and material technologies. Each phenomena interconnected with high–rise building is subjected to CTBUH, Council on Tall Building and Urban Habitat. [106] CTBUH in criteria for defining and measuring of tall buildings, evokes the concept and form of the high–rise building, indicates architectural (form, concept and function), structural (structural systems, accent on specific actions on structure, structural material) parameters. Thus, to satisfy world accepted criteria, literature focuses on structural system, new actions and hazards to high–rise structures and as final ability in materialisation of the structure. Classification of structural systems in high–rise buildings was initiated by Fazlur Khan, which considered height and structural efficiency. Such classification was not supporting rapid classification and variety of new systems. Thus in 1972/3 [1], he modified and delivered new classifications with accordance to the material used. Unlike Fazlur Khan, Mir M. Ali and Kyoung Sun Moon, in their study “Structural Developments in Tall Buildings: Current Trends and Future Prospects” [1] invites 21 �the new way of understanding and analysing the structural systems. Key role in their classification was location of main structural system, where the structures can be interior or exterior. In catching up with contemporary trends and futuristic approaches, this classification on exterior and interior structures seems as updated, and shows Khan’s classification as highly confusing and hard to incorporate with contemporary advanced material technologies which are more integrating composite structures, than steel or concrete individually. Due to extreme heights, high–rise structures are to be well designed to give the occupants or inhabitants comfort and safety. Mehmet Halis Günel and Hüseyin Emre Ilgin, worked on book “Tall Buildings, Structural Systems and Aerodynamic Forms” [14] where main focus is at the power of the wind forces which are influencing the design and which require complex approaches and design to overcome possible displacements, bending or sway of the building. According to the authors, architectural design approach should be aerodynamic and structure based, structural approach should integrate the structures with mega columns, outriggers, mega come and tube systems as important as this two is mechanical approach which refers to damping systems for additional stability. M. H. Günel and H. E. Ilgin, developed the high–rise structuring with accordance to way of structure’s responding to the loads and design ability and approaches to reduce load actions on structure. In their work materials do not play an important role which do not lead the structural development. Although, statistical data which are mentioned in their book, taken from CTBUH, clearly show that concrete as structural material is overtaking steel’s popularity. Such turnover in choosing structural materials happened at the period when steel showed its greatest weakness in fire resistance, at early 21 century. According to report, “Tall Buildings and Sustainability” [26], by authors Will Pank, Herbert Girardet and Greg Cox, concrete is leading material in structuring. “Conventional–normal strength concrete which was initially use is extremely harmful for environment and is guilty for 5–7 percent of world’s CO2 emission. For instance 1 tonne of cement uses 4000–7500 MJ energy, and releases 1–1.2 tonnes of CO2.“ [26] However if high–strength concrete is considered, with use of silica fume, fly ash or slag as substitute for cement then is a concrete much more environmental friendly. At the same time concrete has better properties to answer the needs for structuring of high–rises. As additional literature for deeper study on high–strength concrete is the book “High–Strength Concrete” [3], by Michael A. Caldarone, and “Journal of Mechanical and Civil Engineering” Volume 10 [2], which discusses the high–strength concrete properties, mix and proportioning, constituent materials. 22 �In Bosnia and Herzegovina there is not much interest, researches or studies on high– strength concrete. However there are highly qualified constituent materials which can be used for high–strength concrete, unfortunately those physical resources are still insufficiently used in Bosnia and are waiting on architects, engineers to take their advantageous properties. 23 ��HIGH – RISE BUILDNGS THROUGH WORLD ARCHITECTURE Even in early civilisations, high–rise structures and buildings, represented the power, strength and development of the specific civilisation. Dating back to 2500 BC, high– rise structures originated in Egypt. High, massive structures, such as pyramids, were made for pharaoh’s afterlife, in order to show off his greatness and power to his inheritors. Those pyramids, are nowadays taken as the greatest heritage of the Egyptian Civilisation to the field of architecture and they still raise many question about the way they were built and what the construction technologies and abilities Egyptians had in order to support such structures. Another historical and architectural achievement, world known and valued, high–rise readable structure, is the Colosseum, Rome. Unlike the pyramids, the Colosseum’s function was not to worship kings, rulers or God, but to serve and reflect the development of the society. It is also lower than the pyramids, but structural system, construction and architectural principles, are clearly defined, constructed and readable in scale of the Colosseum and are worthy of examining even today. Figure 2 – Comparison of Historical High – Rise Structures, Pyramids of Giza and Colosseum, Rome As already stated, the Colosseum was built for public use; new amphitheatre was built for public to enjoy the gladiatorial fights. The construction lasted for 10 years, which seems like a short period of time when we consider the building’s structural system that has clearly defined columns, precise arches and exceptional openings–doors, with symmetrical and regular repetitions of the same which add a great value to the Colosseum. What makes Colosseum stand out from other structures from that period, besides the mentioned structural values, is its location. Located in Rome, Italy, Colosseum is situated at one of the highest seismic zones in Europe. The most valued examples of the architecture through history are defined with inherited high–rise structures, which serve as the undeniable evidences that constructing upward, high, nearer to sky presented a mirror image of the greatness, wealth, strength, and the leader position. However, in the Late Middle ages and the 25 �Renaissance, high-rise structures and buildings, were reserved only for the churches, mosques, observatory towers, castells etc. This leads to the conclusion that churches and other specific buildings were focal point, or monument of the specific area which could easily be seen from the distance. Figure 3 – Notre – Dame Cathedral, Reims, France 1211 – 1311 [108, 5] While still meeting the accommodation needs, living spaces and business zones were constructed low–rise, and were spreading horizontally. Causes for such development and construction appear to be the lack of construction abilities, the lack of fast vertical communication through buildings, and fast evacuation which was impossible in the case of emergency. Construction abilities and knowledge of the mid–19th century show the high–rise buildings as very expansive and impractical. Commonly used masonry structures were very rigid, with load bearing walls that were too thick at the lower floors because of the design structural elements that could transfer loads from higher floors. Clustered interior spaces that were produced by these massive structural systems made high rise buildings undesirable places to work in or live in. Real turnover for the high–rise structures, which became high–rise buildings that humanity is familiar with nowadays happened with the introduction of steel structures. Load–bearing systems became much lighter in weight, and created open, breathable interior spaces, and also made facades of the buildings much lighter and more diverse. Former limits of construction were broken, making a complete shift and creating a new field for the architects, designers and engineers. Experiments with steel structured 26 �high–rise buildings started in the United States of America, in the Chicago School of Architecture. Filled with curiosity of what the abilities of this new structural material were, designers, architects and engineers, designed and constructed first high–rise building made entirely out of steel. By making a brief skim through global history of architecture, it becomes clear that each great civilisation or each period of architecture has some remarkable monumental high–rise structure. It clearly shows that those high–rise structures and buildings are becoming closer and closer to the population as time goes by. Today the overall development of the high–rise buildings, both in design and construction, made high–rise buildings to become a new sustainable living style, solving the problems such as overpopulation, or lack of the horizontal space and area for spreading in the urban, metropolitan areas. The analysis of the high–rise structures shows that even in distant past humans had a desire to build large and high. It does not matter whether we mention the pyramids in Egypt, thin towers which became focal points of the cities, Roman’s amphitheatres, religious buildings such as churches and mosques, mansions of former leaders etc., it is clear that during the history, architects and builders tended to build as high and big as the circumstances allowed for. The term high–rise building was first used to refer to tall building in Chicago. If we consider the pyramids in Egypt as one of the oldest high–rise structures which made Egypt as motherland of the high–rise structures, United States of America can be considered the motherland of the modern high–rise buildings, skyscrapers and tall skylines of the cities. The Great Chicago Fire of 1871 lasted for two days, burning down the whole city which was built out of wood; this event forced the technological development in construction and introduction of the new material, the one that could have better resistance in such situations. Owners of the Home Insurance Building in New York City wanted a new office building in devastated Chicago, and they demanded high building that could accommodate numerous offices; the most important and greatest challenge for the construction was to find the material which would have greater fire resistance than timber has. The Chicago School of Architecture and the representative engineer William Le Baron Jenney designed a steel framed building for the contest and won it, primarily for the material's fire resistance properties. With this project and design, Jenney was the first to introduce and welcome steel structure to the world, publicizing the material that supported the first high rise building we are familiar with nowadays. Home Insurance Building, Chicago, the first high–rise building, was a 10 storey building with steel framed structure. The whole building weighted one third than it 27 �would weight if it were made out of stone. In 1884–1885, Home Insurance Building, evoked scepticism with numerous experts, but nevertheless this building serves as the first example of such construction, and its’ great design opened and forced a new movement in architecture and construction during the late 19th century and early 20th. Figure 4 – First Steel Framed Skyscraper, Home Insurance Building, Chicago 1884-85 [155] Since the high–rise buildings started to develop, the experts claimed Home Insurance Building as the pioneer in upward building; it represents a great achievement, and it is for sure the tallest structure of the period. However questions such as, What is the high–rise building? What are the parameters?, What are the definitions of high–rise buildings? remained. While there are different fields of expertise closely connected to this field of architecture and civil engineering, there are also numerous definition of the high – rise buildings with the shortest one stating that the high–rise building is a building that is 23 to 30 m high, depending on the floor height; that is 7 to 10 storeys building, where the height of the building can have a great impact on the evacuation. The Home Insurance Building could be seen as a great breakthrough in the development of the high–rise structures from the design point of view; however the actual revolution happened with the growth of the construction technology, and with 28 �the development of the elevators and their improvement. Thus, the flourishing of the construction of the high–rise buildings may be defined through two main occurrences:  The first occurrence may refer to the steel structures that replaced the heavy stone structures or the weaker forerunners of steel, cast iron and timber structures, which were thick and massive. Steel proved to be a much lighter material, more durable and more fire–resistant more than any other known material suitable for high–rise constructions. Due to its lightness, and at same time its stiffness, steel as a main structural material enabled buildings to be constructed higher than ever before;  The second occurrence is the great innovation of the Elisha Graves Otis, the American innovator who invented the first safety elevator. Elevator as a main transportation in vertical direction enabled people to travel safely to upper floors and provided faster communication with higher floors, when compared to using stairs (walking). Figure 5 – First Safe Elevator in Crystal Palace, E.G. Otis, 1853 [145] Construction technology and architectural concepts, both in volume of the building and interior spaces, started to flourish after 1885. High–rise buildings became more available to the mass population; rapid and fast growth of the high–rise buildings dramatically changed the urban layouts through the cities of the United States of America, forming new skylines of the city. This period of the late 19th and 20th century, period of Modernism, might be seen as the Renaissance of the high–rise buildings. 29 �North America experienced and forced this trend of high–rise buildings to the fullest, while Europe still tried to keep their traditional and historical landmarks. Figure 6 – New York (up) Compared to Paris (down), Period of 1915 [69, 93] While Europe tried to keep skylines and landmarks of their cities, few great European modernists were developing the idea of ideal cities; their concept included new designs of the cities filled with vertical buildings, and they were taking any chance they could to experiment and realize all the potentials of the upward building. Le Corbusier, Swiss–French architect, created a hypothesis according to which buildings were nothing but sleeping machines. This meant that buildings were in a 30 �way like cars, whose main function was to transport people from one place to another, and to reduce time needed for travel. Also, the buildings should not take up much space, but rather spread vertically and still serve their function. Le Corbusier, in his concept of Ideal cities designed the buildings as high–rise units, serving different functions, but strictly separated hotels, and business and residential buildings. This idea was different from what was actually happening in the cities of the United States and the Ideal city would have taken bigger area between the high–rise buildings, while across the ocean, high– rise buildings were growing uncontrollably, creating forests of the high–rise buildings. Figure 7 – Le Corbusier’s Radiant City [162] On the other hand, majority of modernists were traveling to the United States of America, exploring the abilities for new designs, new technological development and new building materials. The early 20th century was marked by the steel frame construction and steel tubular construction, where the main focus was to use the steel and to use all the advantages of one material. Thin structural elements made out of steel were leaving the elevations of the buildings opened for free design, including openings which could be filled with glass, or in the early 20th century, non load– bearing brick wall. Chrysler building, located in Midtown of Manhattan, is the tallest steel–framed brick building, with total height of 319 m, with 77 storeys. Construction of the building was finished in 1931, showing how perception of high–rise building changed during the period of 45 years. Construction technology development in the next 45 years showed huge improvement, and the buildings nowadays can achieve seven times the height of the pioneering high–rise building. With the development of high–rise buildings, new materials and systems developed as well; glass facades, glass walls, or the system of enveloping the building’s structures etc. 31 �Figure 8 – Chrysler Building, Manhattan – Steel Frame [112] Larger spans of steel columns wrote the parameters of the modernist period, such as open floor plans, multifunctional areas, movable wall systems, free positioning of the partitioning walls, opening the opportunity for easier and more usable space. Steel and development of steel structures, played the greatest role in the construction of high– rise buildings. Steel as a material was new and unexplored, opening the opportunities for engineers, architects and designers to experiment with it. The tallest building in the world from 1931-1972 was Empire State Building in New York. Originally, it was 381 m high, but in 1951, a broadcasting antenna was added to the building, increasing total building height to 443 m. It is steel framed structure with masonry infill. Excavation began on January 22, 1930 with actual construction on March 17, 1930. Construction took just over 18 months. The building incorporates 10 million bricks, 1,886 kilometers of elevator cables, 6,400 windows, and weighs 331,000 tons. It was constructed with 60,000 tons of structural steel. The facade is composed of more than 200,000 cubic feet of Indiana limestone and granite, and utilizes several setbacks to offset the optical distortion of its 102-story height. [186] 32 �Figure 9 – Empire State Building [186] In 1973, it was completed a construction of the World Trade Center in New York. The World Trade Center was more than its signature twin towers: it was a complex of seven buildings on 6.5 ha. The towers, One and Two World Trade Center, rose at the heart of the complex, each climbing more than 30 m higher than the silver mast of the Empire State Building. Architect Minoru Yamasaki was selected to design the project; architects Emery Roth & Sons handled production work, and, at the request of Yamasaki, the firm of Worthington, Skilling, Helle and Jackson served as engineers. Yamasaki and engineers John Skilling and Les Robertson worked closely, and the relationship between the towers' design and structure was clear. Faced with the difficulties of building to unprecedented heights, the engineers employed an innovative structural model: a rigid "hollow tube" of closely spaced steel columns with floor trusses extended across to a central core. The columns, finished with a silver-colored aluminum alloy making the towers appear from afar to have no windows at all. When complete, the Center met with mixed reviews, but at 417 and 415 m and 110 stories each, the twin towers were the world's tallest, and largest buildings until the Sears Tower in Chicago surpassed them both in 1974 by approximately 30 m. [135] 33 �Figure 10 – World Trade Center (left) and Sears Tower (Willis Tower) (in the middle and right) [135, 146] However, the reinforced concrete was another option for high–rise structures. Construction technology development of steel was faster than the development of the RC structures due to fact that steel structural elements (columns and beams) were pre– made, and more accurate for load designs, but also steel had better capacity for tension forces, than RC structures. Figure 11 – Ingalls Building, Cincinnati – Concrete Structure [11] 34 �While the first steel high–rise building was built in 1885, the first concrete high–rise building was built in 1903. The Ingalls Building in Cincinnati, Ohio was a 16 storeys tall building, which was constructed out of concrete columns, beams, floors and stairs; it was suspected both by public and engineers alike, that the removal of the supports, the wind load or just its weight, would lead to its collapse. The architect of the building, Alfred Oscar Elzner, received a reward for this building (for the concrete structure of the building), which surpassed the steel frames in fire resistance and cost savings. The Ingalls Building was declared a National Historical Civil Engineering Landmark in 1974 and was added to the National Register of Historic Places in 1975 in USA. [11] Number of high–rises worldwide are being created, the highest one at the moment being in the development process and construction may last for another year. Even though high-rise buildings were “born” in the United States, Asian countries are becoming leaders in the high–rise construction. The centres and urban areas in Asia are undergoing a transformation into vertical expansion rather than the horizontal. Figure 12 – Petronas Towers, Kuala Lumpur, Malaysia, 452 m [163] 35 �The greatest example of such expansion is Shanghai. There are currently 141 completed high rises buildings and eleven under construction with height above 150 m, and five constructed and one under the construction above 300 m. Figure 13 – Shanghai, China, Landscape [113] The analysis [187] on high-rises above 150 m in Shanghai shows that structures of high rises are dominantly made of concrete (54 percent) and composite structures (38 percent). Figure 14 – Structural Material for High-Rises in Shanghai [187] The Shanghai Tower is currently the highest building in Shanghai and Asia and second tallest in the world (632 m). 36 �Figure 15 – Shanghai Tower [187] Another undeveloped area, with infrastructure, and construction, but with no defined zones of urban areas, such as Singapore or Dubai are designed to function with high– rise buildings. Figure 16 – Dubai – 1991(left) and Dubai – 2016 (right) – with World’s Highest Building Burj Khalifa (829,9 m height) [90] Since their beginnings up to today the high-rise buildings can be classified into three categories, based on the material used for their construction or the abilities of the construction technology:  The first category, is the high–rise building with exterior walls built out of bricks or stone, with columns and beams cast out of iron and steel, and were mostly unprotected. Floors were wooden, with unenclosed elevators. Most 37 �of these buildings were demolished due to lack of standards for steel and iron protection which made them, a risk to use;  The second category of high–rises are frame structures, where the skeleton of the building is made out of steel. The steel columns and beams are protected, by casting them in concrete, which makes them different from the first category. This created a higher level of structure’s protection. These high–rise structures, used non-combustible materials, and greatly reduced the possibility of collapse in case of an impact action on structure, or in case of fire.  The third category of high–rises was developed after World War II. In the case of structure, there are steel–framed constructions, reinforced concrete construction, as well steel–framed concrete constructions or composite structures. Numerous standards created a normative in order to serve and bring new level of safety for high–rise uses. [6] To be precise, demand for high–rise buildings is constantly growing; desire to build upwards is going to be a necessity for the humanity. High–rise buildings are becoming more of a living style, than the modernist experiment. The constant growth of population and economic growth of urban areas made humanity to face problems of the horizontal spreading of the constructed areas, be it for accommodation, business or industries, and infrastructures brought the rapid destruction of the natural environment, at same time causing natural disasters and climate changes. Thus, contemporary architecture and engineering within futuristic conceptual designs are creating new ways of vertical living and working, where high–rise buildings and skyscrapers, are entering a new era, and where sustainability is becoming the new parameter that has to support the vertical expansion rather than horizontal one. Vertical cities, also called the sky cities, in their simplest definition refer to high–rise buildings and skyscrapers. On one hand, some people are stunned by this attractive living style, while others are still debating about these ideas, deeming them unideal and do not support this way of development. However, the global community is confronted with problems of overpopulation and destruction of natural environment in order to accommodate growing population on daily basis, and the only solution seems to be in the form of vertical living. European countries haven’t faced such problem yet, and haven’t felt necessity to build upwards; on the other hand, certain areas of America and Asia have already been opening, creating and exploring the conceptual designs of vertical living. High–rise buildings are already becoming multi–functional, defined by their verticality. So it is not rare to have buildings that function as offices, retail or hotels, with underground 38 �garages, and safe storages etc. But just how safe this environment is in the case of an emergency? And are these buildings sustainable and energy efficient? Do they have positive sociological impact on humanity? Figure 17 - Illustration: “Would you like to live in a vertical city?” [197] If consider the urban planning, high–rises take as little square meters of the ground as possible, leaving the open space or keeping the natural environment. Phenomena of Vertical Cities, with detailed spatial planning is clearing infrastructures of the urbanized area. Figure 18 - Low – Rise Settlement in Less Developed Areas of Shanghai (left) and Shanghai – Pudong District (right) – Vertical Living [149, 153] Also, we have to take into consideration that structure of such buildings is built out of the material which may resist various loads depending on the area where it is located; buildings that were built in the last few years, have used the best and the most developed technology in order to meet all the needs of the construction. Turnover for the use of such material for construction of these structures happened because of the incidents which took place in New York, USA; the World Trade Centre on 9/11 showed that, steel structures were not sufficient enough to resist impact loads and fire, 39 �and completely collapse. All this lead to the switch from steel material to concrete, and with rapid technology development of concrete’s variations which proved to be more economic, sustainable and most importantly more resistant or with higher resistance to intruded loads. In other words, the importance of safety for the inhabitants grew with technological development of the materials, which also lead to the development of structural design, into core hybrid structures which had the capability to transfer lateral loadings. Figure 19 - Shanghai Tower – during Construction Phase – Showing the Structure of the Building (left) and Characteristic Floor Plan of Shanghai Tower (right) [133, 97] Technology has, more or less, developed material and structures that are well designed for constructions of vertical cities, but have they taken sustainability or energy efficiency into considerations? To construct a high–rise that could function as a city inside the building, it would have to consume more energy than a low – rise building would. High-rises are under the impact of strong winds on the upper floors, and instead of strengthening the structure, wind serves as a natural source of ventilation; also, wind turbines are being built, to get renewable energy which can sustain the building. With this safe and sustainable way of working and functioning, vertical cites, apropos high–rises, are becoming the new way of living. 40 �Figure 20 - Wind Turbines at the Top of the Residential Building, Indigo Building, Portland Oregon – Renewable Energy Source (left) and Breathable Double Elevation on Shanghai Tower Enables Natural Building’s Ventilation, Saving Costs and Use of Electric Energy (right) [141, 168] In Asia and America this is a living style that has certain tradition, and where we can talk about some super high buildings, ranging from 300 up to 500 m in height, with the highest example being Burj Khalifa, Dubai, 829.9 m. Figure 21 – Burj Khalifa, Dubai, [148, 159] In these areas, sociological impact is not something that plays a great role nowadays; almost all living population have experienced the vertical living since their childhood. On the other hand Europe, one of the more developed continents, does not have the culture of vertical living in such scale; buildings in Europe range from 150 to 300 m 41 �in height, and still requires the safety and sustainability in order to give and to receive positive sociological aspect to their inhabitants. Despite the initials and constant scepticism of the public and expertise towards the high–rise buildings, the construction technology development has brought high–rise buildings to a new level, where it is not the one building in question, but the entire system of liveable cities. This rough history of the high–rises had numerous turnovers in the use of structural materials, systems and vertical communications, and they were basically all leading to constructing a safer environment for tenants, providing more resistant structures that were well designed, variable, impact and wind loads resistant, and seismic and fire resistant. 42 �HIGH – RISE BUILDNGS IN BOSNIA AND HERZEGOVINA By the time world got its first high–rise building, Bosnia and Herzegovina was going through fundamental changes in urbanization, taking the principles of urbanization and construction technology of Austro–Hungary (1878 – 1917), and inhabitants of Bosnia were slowly abandoning the way of living of the previous years. It was previously mentioned that Europe lagged behind the United States of America in terms of high–rise construction due to European politics that wanted to preserve landmarks from early periods and the cities skylines. This politics lead to high–rise buildings being still unfamiliar in Bosnia and Herzegovina. However, it is important to mention that Austro–Hungarian period in great measure created overall skyline of Bosnian cites by constructing mostly residential buildings up to four, five storeys high, infrastructures and numerous monumental buildings in the cities. Flourishing of Austro–Hungarian plans for development of Bosnian territory was stopped by escalation of the World War I. Urbanized and constructed areas of Bosnia and Herzegovina were not devastated in great scales, but poverty of the after World War I period stopped development of any new buildings or technology in Bosnia and Herzegovina, and this situation remained for the next two decades ending together with the World War II. Figure 22 - Capital City of BiH – Sarajevo 1900 (above) and Sarajevo (1950) (below) [72, 166] After the World War II, Bosnia and Herzegovina became one of the six republics in The Socialist Federal Republic of Yugoslavia (SFRY). With development and strengthening of the SFRY, Bosnia and Herzegovina became a place of opportunities in various fields, where architecture and engineering took high position in terms of development interests. Such situation, and new opportunities were extremely 43 �interesting for numerous highly educated professionals from European schools of architecture. The capital city of the Republic of Bosnia and Herzegovina, Sarajevo, was the centre of new technological achievements, and it is not surprising that the first high–rise building was constructed in Sarajevo. Reuf Kadić, assisted by Muhamed Kadić, both architects that brought modernism in Bosnia from the Prague Academy, were designers of the first Bosnian high–rise building. The first high–rise building, named “Vakufski neboder”1, was 12 storeys high building, with underground level that served as a foundation of the building. Figure 23 - First High – Rise Building in BiH, “Vakufski neboder”, after Last Renovation [129] Despite the concrete construction, outer walls were in large scale enclosed with large windows, which introduced new interior spaces than those inhabitants of Bosnian buildings were used to. Even though the building was designed in 1930, the construction of the building was completed in 1947, and it was 40 meters tall. 1 Endowment Skyscraper–Investor of this building was Endowments Directorate of Bosnia and Herzegovina, and the building was named after directorate, Endowment Skyscraper/ Vakufski Neboder, commonly known by name JAT – ov neboder. 44 �Period of the late fifties and early sixties of the 20th century was period of the great expansion of architectural achievements, both in terms of horizontal and vertical constructions. This period is best perceived through residential blocks at the Miljacka river bank dating back to 1962; the group of 4 residential buildings, cubic in shape, with clear white facade were 13 storeys high, with concrete structures, and to a great degree, they introduced the new culture of living in apartment blocks in this area. Figure 24 - Apartment Blocks at the Miljacka River Bank in Sarajevo, 1962 [39] The first 12–storey high–rise buildings in this area that served a specific function was a Faculty of Natural Sciences and Mathematics of the University of Sarajevo in Sarajevo; the construction of the building was finished in 1966. Figure 25 - Faculty of Natural Sciences and Mathematics in Sarajevo, 1966 [76] Shortly after, the culture of high–rise living was accepted by the inhabitants of Sarajevo, and it proved to be the only possible way to accommodate all the new population that was migrating from the rural areas to Sarajevo. The demand for high– 45 �rise buildings in Sarajevo continued with the expansion of city which continued to create a neighbourhood of high-rise buildings; the area of Čengić Vila, with residential block of four high-rises, each being 17 storeys high, pushed the limits and improved the technology of the construction in the period of the late sixties. Figure 26 - Residential Block of High – Rise Buildings, Čengić Vila [119] However, the analysis of the functions of high–rise buildings in Sarajevo, showed that they were mostly used as residential blocks. This situation lead to restrictions in the SFRJ laws, where high–rise building could be designed or built only with a purpose to accommodate the influx of population. Such trend continued throughout the next decade in Sarajevo, and by the early eighties, new settlements or forests, of high–rise buildings were constructed in Sarajevo. Winter Olympic Games in 1984, were also one of the stimulating factors for rapid high-rise construction, and this rapid construction and large demand for high-rises, resulted in a great number of similar buildings, with variation ranging from 12-18 storeys, built as concrete structures, or prefabricated concrete structures. Figure 27 - Prefabricated High – Rise Buildings – Alipašino Polje [77] Just before the Winter Olympic Games in 1984, previously mentioned government restriction were cancelled in order to build and design remarkably important buildings 46 �to represent modern Sarajevo to the world. One of the most successful designs is building of National Parliament of Bosnia and Herzegovina and the building of State Administration in Sarajevo, 1980, where the complex was designed by an architect, academic and professor, Juraj Neidhardt back in 1955. Even though the building was designed with horizontal volume and vertical as unity back in 1955, construction was disposed in two parts, where vertical volume was constructed in first. With 21 storeys, it is still at the top ten highest high–rises in Bosnia and Herzegovina. Among all these examples of high–rise buildings built in the period of SFRY, it is impossible not to mention UNITIC Office Block building in Sarajevo, designed by the academic Ivan Štraus. UNITIC Office Block, known as “Momo and Uzeir”, is designed as two equal high– rises. It’s design showed great protection for the future actions undertaken on these buildings; it is also enclosed by reflective glass envelope facade and it changed city’s skyline making it unique. Even though UNITIC Office buildings were constructed in 1986, its technological achievements and designs of modern architecture, as well as its height, can compete with the new generation of high–rises in Bosnia and Herzegovina. Figure 28 - National Parliament - J. Neidhardt (left) and UNITIC Office Buildings - I. Štraus (right) [80, 101] Despite the evidence that Sarajevo was the centre with the highest rate of development in the period of SFRY, other cities like Zenica, Tuzla, Bihać, and Banja Luka also 47 �resembled a large construction site and deserve to be mentioned for the examples of high–rise constructions that can be seen in these areas. All these cities were under different forces that required fast and rapid development in short periods of time. The strict law restriction in spatial planning and construction of SFRY, could be a reason why the architecture in these cities didn’t have examples of notable architecture. Numerous high–rises buildings, mostly had accommodation function for the arriving labour population that was migrating during the industrial development. At the list of Bosnian largest cities, Banja Luka, is immediately after Sarajevo as Bosnian second largest city. However, there aren’t many examples of high–rise construction; even in the period of the great expansion of the cities in SFRY, Banja Luka was primarily oriented toward low–rise buildings. That phenomena was unique for Banja Luka and surrounding areas due to the location of the city on the very seismic area. Back in the late sixties, when the rest of the country was developing, Banja Luka was damaged by two devastating earthquakes. Fifteen people lost their lives and more than thousand were injured in the earthquake in 1969, and significant number of the buildings were damaged or destroyed. Figure 29 - Banja Luka after Devastating Earthquake in 1969 [110] Newer buildings were concrete structured which proved to have more favourable transfer of the lateral forces. This was a case with ”Incelov neboder” or “Čajavčev neboder” constructed in 1967 in very close urban core, 14–storey tall. Besides its height, this building located at “Krajina Square,” outstands in its surrounding with characteristic architecture of socialist period. 48 �Figure 30 -”Incelov neboder” or “Čajavčev neboder”, Banja Luka [152] However, Banja Luka recovered and rebuild fast, but as a low-rise city, where nature has proven more powerful that the current technological capabilities. Another urban core in Bosnia and Herzegovina is Zenica, where all high-rises still resemble those examples of the residential blocks in Sarajevo, from the same period. Cubic shaped towers with openings in one vertical line with nothing striking to show, but already seen and recognizable architecture. Also, the construction principles were those that were already seen with the concrete structure, designed as a frame system. However, high–rise named “Lamela”, served the inhabitants and local government as a representation of their power and strength. The building was designed as a complex of six cubic vertical forms, set one next to another from the lowest to the highest. In the initial project the highest cubic was designed to be 30 storeys high, but the lack of construction technology and problems with water supply and other mechanical systems, reduced the number of storey to 27, with final height being 101.9 m. Building was designed by an architect Slobodan Jovandić, and it took five years to finish the construction (1971-1976), due to the utility problems of the building, but not the structure itself. 49 �Figure 31 - Zenica – Residential Blocks at River Bank (left) and Lamela – Highest High– Rise Building in Zenica (right) [131, 125] Along with Sarajevo and Zenica, Bihać and Tuzla also had large income; Tuzla as the industrial city, and Bihać as military city were developing rapidly. Even though both of these areas had problematic load bearing soil in terms of quality and strength, urban cores still have examples of high–rise structures. Like Sarajevo, Tuzla experienced birth of new high–rise buildings growing as new defined settlements, where high–rise buildings formed group of detached high–rises with courtyards, which served as gardens and parking lots. What is Alipašino Polje and high–rises for Sarajevo, Sjenjak settlement is for Tuzla. Structure and function of both settlements are not much different, but variation of the storeys constructed exist. However, in the psychological perception of the people living in these cities, Sjenjak was and still is an elite settlement, while Alipašino Polje, for most architectural critics represents an area of the sleeping units. Figure 32 - Tuzla’s Settlement of High–Rises – Sjenjak [73] 50 �The centre of the northwest of the republic Bosnia and Herzegovina was Bihać. Construction of the largest military airport in SFRY and industrialisation of Bihać, were turnover for new investments in construction in order to accommodate the influx of population, military and otherwise. Bihać, unlike other cities, was not one of the cities with newly constructed high – rise settlements. Somehow, most of the buildings were up to 5 storeys high, which shows awareness of former architects and engineers about the quality, strength and stability of the load bearing soil, as well as their attention to seismic forces, due to the fact that Bihać lied at very seismically active area. Figure 33 - Bijeli neboder (White Skyscraper), Bihać’s Highest High–Rise [120] In spite of this, there are examples of the high–rises in Bihać, but in smaller scales than those in other Bosnian cities. Highest high-rise in Bihać reaches 16 storeys, and it functioned as residential building with commercial at the first two floors, commonly known as Bijeli Neboder (The White Skyscraper), and it is recognizable for its finishes on the outer walls and its facade, where the whole solid area of the facades is cladded with “Bihacit2” stone tiles, which was an unusual example during this period. The period of constant development, rapid construction and acceleration in the development of construction technologies in this areas was stopped in the early nineties when war broke out in the area. Period of devastating war and vandalism lasted from 1991 to 1995. During this period, that what was built in the era of rapid 2 Bihacit is a clean granular, gravelly and cavernous limestone, created at the tertiary freshwaters basin around Bihać 51 �development was under daily destruction and bombing. Sarajevo was the city with the longest siege of the modern period. During this period, buildings that were valued as greatest achievements, became military targets. Neither the building of the BH Parliament, nor UNITIC Office Building, among numerous others were spared. Reason for the survival of pre–war high–rises was their solid structure that actually resisted devastating fires and preserved the high–rises in their volume. July 7, 1992 was the day when images of the twin high–rise on fire spread as sun light worldwide, and the day when architect Ivan Štraus wrote in its diary the best description of that period: “…Tonight, barbarian burned one of two glass towers of UNIS Office Building, at Marijindvor. Both of them were already damaged in large scale, but now one of them is burning. With immeasurable sadness, I was watching it being helpless with flames breaking out of its windows, while my minds were filled with memories of construction days and how actually I was proud of them. The rest of the night I spent in basement, sleepless, lying at improvised bed, watching game of black cobweb pieces and their shadows at cracked off – white ceiling, counting latticework and span between them. However image of the tower burning as torch, I could not expel“ [39] After the last war, Bosnia and Herzegovina was devastated in large scale; there was not a single building that was not damaged. Most of the country’s infrastructure, roads and bridges, were highly destructed or demolished, so was the economy. Reconstruction of everything that was built before the war was set priority and inevitable for rehabilitation of the whole country. Figure 34 - UNIS Office Building in Sarajevo, Burning, Last War (1992) [138] 52 �While the years after the war were mostly cited as the period of stagnation, it would seem unfair to dismiss efforts that were done to bring back the old shine of great and fast development. However, early 21st century for high–rises in Bosnia and Herzegovina represented a new generation of high-rise buildings. Pioneer of the new generation of high–rises in BH is Bosmal City Centre, conceptually designed as a city within a city, or more precisely, a city within a building. Bosmal City Centre consists of two buildings, used for residential, commercial and other functions. Figure 35 - Bosmal City Centre Sarajevo [156] Construction of the BCC started in 2001 and lasted for 5 years, the predicted and designed height of the Centre was 118 m, which would give it a title of the highest residential building in the area of Balkans. Shortly after Sarajevo became birthplace of another high–rise building that would become the highest among high–rises at the area of south–east Europe. Figure 36 - New Generation of BH High – Rises in Sarajevo [188] 53 �Located at Marijindvor, by 2006, the construction of high–rise Avaz Twist Tower had started. Avaz Twist Tower was designed as a concrete high–rise, 40 storeys high, with final height of 175 m, enveloped with twisted glass curtain wall. Figure 37 – Avaz Twist Tower [124, 150] Few years later, Marijin Dvor hosted construction of new business and commercial complex. Sarajevo City Centre (SCC) with two tall volumes, was promising remarkable piece of tall architecture. With 74 meters SCC for sure did not reach the heights already seen in Sarajevo, but rather expressed playful forms with strongly defined broken lines which states for unique example of high–rise architecture in Sarajevo and wider area. Its exterior construction was completed in 2013, however interior of the towers is still under construction. And nowadays if observed Marijin Dvor appears to be neighbour of the most representative high–rises in Sarajevo including, UNITIC Office Blocks, National Parliament, Avaz Twist Tower and Sarajevo City Centre. Besides the mentioned buildings, there are other newly constructed or under construction high–rises filling the contemporary Sarajevo’s skyline. 54 �Figure 38 – Sarajevo City Center (SCC) [158] On the other hand other cities that were trying to catch up with the capital city in pre– war years, in terms of rapid high–rise construction, in the following years and nowadays were dealing with dramatic reduction in demand for high–rises. However, positive example of the new generation of high–rises in BiH, besides Sarajevo is the administrative building of Government of the Republika Srpska, located in Banja Luka. In comparison to the previous periods, this was a greatest step forward in high–rise construction in this area. Previously mentioned area of Banja Luka is marked as intense seismic zone, which makes it obvious why there are not many examples of high–rises in Banja Luka as there are in other cities in Bosnia and Herzegovina. Figure 39 - Administrative Building of the Government of the Republika Srpska [99] 55 �Administrative building of the Government of the Republika Srpska was constructed in 2007, 18 storeys high (ground floor + 17, 70 m high), enveloped with glass facade, cubic shaped tower, and was nothing new worth of high praise for architecture in Bosnia and Herzegovina, due to the fact that period of 2005/7 was marked with the highest building in the Balkan area, Avaz Twist Tower. However, this high–rise is worth mentioning in the analysis of high–rises in BiH due to its location in intense seismic zone, if nothing else. Besides Sarajevo and Banja Luka, other BiH cities Tuzla and Mostar also have examples of new–generation of high–rises. Tuzla recently became a place of few new high–rises, the most impressive being Mellain building; large scaled, massive complex of four attached buildings, where three of them are high–rises. Building is designed as multi–functional, where the design of volumes was used to enhance each function. When observed from the main street, this complex seems as three united high–rises. Focus was added to the central high–rise, whose function reflects in hospitality, and at the same time this is the highest part of the complex with the height of 96.45 m, and 21 storeys high. Facade design differs, from the previously mentioned buildings, glass curtain walls were used to enhance the main entrances and to add a touch of glamour. Other two high–rises, are identical residential blocks, one on the left, and other on the right side of the complex, resembling as wings of the strongly stated central high–rise, which is 19 storeys high. Figure 40 - Mellain Complex, Tuzla under Construction (left) and Constructed (right) [125, 130] 56 �Mostar’s skyline is enriched with high–rise building that serves a unique function, unlike other cities in Bosnia and Herzegovina, Mostar’s highest building serves to religious purposes, as well as touristic attraction. As celebration of the new millennium in Mostar, an idea to design and construct a bell tower as part of the reconstructed Franciscan Church was born. Cubic, pure concrete tower, with 107.20 meters height, was designed by an architect Davor Smoljan. The tower was defined as a symbol of peace, and its design was divided in two phases. First phase was to construct the height of 75 meters which is used as an observation tower of Mostar’s landscapes and natural environment. In order to reach the observation floor, vertical communication was designed as elevator and stairs, which was however finished in 2016. Second phase, was to establish International Art Gallery of “Peace”, from the ground level up to the observatory. After the construction was completed, it became obvious that compared to this building all other Mostar’s high–rises buildings looked like dwarfs. Figure 41 - Franciscan Church and its Bell Tower – Symbol of Peace, Mostar [140] Even though BIH scene of high rise buildings and their construction, started some 50 years later than the rest of the world’s scene, it is more than obvious that architects and engineers in Bosnia and Herzegovina achieved great success in the last 70 years. In the beginnings, high–rise buildings in this area were mostly defined as sleeping units, with few exceptions. Increased number of rural population migrating to urban zones required fast solution in accommodation. High–rise buildings in this case proved to be as the best solution for fast construction and low land consumption. As main structural material, architects, designers and engineers chose reinforced concrete structures, or prefab concrete structures, rather than other materials, which proved to be one of the greatest advantages in the design of high-rises. Era of constant, rapid and mass development of Bosnia and Herzegovina as part in the SFRY was all of a 57 �sudden interrupted and stopped by the war. It was impossible to find a building in Bosnia and Herzegovina that was not partially of fully damaged both by heavy artillery or fires. High–rise buildings were “easy targets”, and what saved most of them from complete demolition to the ground was high–fire resistance of concrete. In large scale, the war slowed down the construction of new high rises; after the war, a period of restauration, conservation and reconstruction of demolished and damaged buildings followed. First years of the 21st century, brought new ideas and attempts of construction of new high-rises. Pioneers of the new–generations of high–rises in Bosnia and Herzegovina, still kept concrete structures, while breaking the limits of previous heights. Also, the function of the new high-rises was not reserved only for residential purposes anymore; with few exceptions, new high – rises in Bosnia and Herzegovina followed new living style, and most of the buildings are multifunctional, accommodating residential zones, hospitality, business etc. 58 �STRUCTURES OF HIGH - RISE BUILDINGS Architecture depends on many factors, which greatly vary from initial concepts, functionality of designed spaces, its proportions both to human perception and urban context, and structural support and technological capabilities to support desired concept. Thus, any analysis of the above stated factors that architecture depends on, as its final result shows that crucial factor among these is structural support, which has to maintain the stability of the building. Scholar proficiency in architectural structures mostly focuses on basic structural systems which are common within different structural materials and within different volumes of the buildings, however reality is more than complicated, especially if we consider high–rise buildings, or buildings designed by architects such as Frank Gehry, Daniel Libeskind or Zaha Hadid. However, high–rise buildings are completely another and specific field with longer technological development history than those new contemporary buildings that show futuristic designs and which are defined with curved volumes and elongated elements. In high–rises, increased safety for the inhabitants of the building, greater resistance of the structure to various actions, and necessity for decreased overuse of structural materials and overdesigned load-bearing structural elements, as well as economic benefit, forced the development of structures of high-rise buildings since their beginnings. Structures of high–rise buildings are analysed and grouped by different approaches, focusing on structural material or the composition of the structural elements. However numerous divisions and subdivisions of structures of high–rises and an an excellent start for understanding complex issue of high-rise structures might lay in the definition approved by many critics and The Council of Tall Buildings and Urban Habitat, which states that high–rise is: “A building whose height creates different conditions in the design, construction and use than those that exist in common building of a certain region or period.” As an example that supports this statement is a remarkable contemporary high–rise Burj Khalifa, which rises 829.9 meters above Dubai. Even its urban context is created by numerous high–rise buildings, the height of Burj Khalifa creates a vision that the rest of the high–rises are just common buildings in this area. Opposite to this, one of the highest building in the area of south–east Europe, Avaz Twist Tower, rises 175 meters above Sarajevo, where achieved height is outstanding compared to other buildings in this urban context. So it is more than obvious that these two buildings required different treatments, different structural systems and technological requirements, even though they were built around the same period, and both have the title of the highest buildings in their areas. 59 �Despite various contemporary requirements and technological developments of high– rise building’s structural systems, history and beginnings of high–rises were less complicated and simple when compared to nowadays technology. During the period of the first–high rise building, widely in use and best known were massive load bearing masonry structures, rigid thick shear walls with small perimeter openings with low resistance to lateral forces which are crucial for structural design of high–rise buildings. Masonry structures were replaced with an iron and steel structures which created larger spans between columns, creating more open areas at the building’s perimeter for the windows, and it also facilitated the construction. At that time, terms such as load–bearing systems, in shape of rigid steel frames and non–load bearing structural elements, such as separation walls, or fill–in brick non–load bearing walls between the columns at the perimeter of the buildings that were not glass surfaces, were introduced to structural design. Non–load bearing elements and cladding materials were carrying nothing but self–weight and lateral wind load in their areas. Development in this range was more than sufficient for designers and investors to start racing for expansion in vertical dimensions. High rate in increase in height of the buildings was not equally accelerated with technological development of the structural systems and designs. With tendency to go higher, while keeping the same steel frame systems braced to resist wind loadings, made high–rises of the late 19th century and early 20th century were very expensive due to overuse of structural materials in order to construct overdesigned structural elements. At this point, initial forces that created an idea of high–rises, reflected in economic benefits of the investor, expecting that desired height could reduce cost on low land consumption, proved to be pure imagination. However, a turnover for fast development occurred in the second half of the 20th century; strong economy forced and supported technological developments, and even the new generation of computers and software helped in the development of more efficient structural systems. Innovative structural systems, enacted use of tubular forms, outriggers, diagrids and megastructures, reduced the overuse of material and low scaled the dimensions of the structural elements. Each of these structures had to satisfy four primary structural requirements, and in following order: static equilibrium, stability, strength and rigidity of the structure. Static equilibrium, as the first requirement is to test the structure in order for it to respond to designed loads acting at the structure, which should go without major displacements of the structure, where sum of forces in the foundation could resist the designed loads. Stability refers to the structure in equilibrium which has to avoid major changes in shape of the structure. In the case of high–rise buildings the structure is more exposed to strong lateral forces, wind and seismic loads; in this case, static equilibrium and stability of the structure are strongly connected. Structure 60 �of the high–rises requires adequate treatment to exclude possible sway of structure or even collapse. In the figure below, in the left scheme we can see rigid frame of high– rise structure, in static equilibrium but deformed, while the scheme on the right side shows braced frame of high–rise structure, where bracings added axial respond to lateral load providing static equilibrium and stability. Figure 42 - Frame (left) and Braced Frame (right) Figure 43 - Detail of Figure 42 61 �Figure 43 on the left shows sway of the high–rise frame structure upon lateral wind loads which disturbed the stability of the building, while the right side shows distribution of the axial forces in braces, which improved the stability remaining with in static equilibrium. Once the static equilibrium and stability are satisfied, the question of required strength of the elements comes to the table, which has to determine the internal forces, the best material for the structure depending on its strength and to design the structural element, the element sufficient enough to respond to internal forces. Last requirement for the structure is rigidity. The first two requirements are closely connected, the last two are also, both strength and rigidity depend on the material used and cross sections of the structural elements. Elements designed in such way are supposed to exclude excessive deflection in respond to loadings. Notwithstanding fact that major requirements crucial for the structure are to meet equilibrium, stability, strength and rigidity, which should not tolerate any other design requirements, structures itself are nevertheless in architectural sense becoming an additional aesthetic value for a building supporting the concept. Structural diagrids, tubes, braces of the frame system, space trusses etc., commonly represent structural systems that bring an additional aesthetic value to high–rise buildings. An excellent example of the high–rises with an exposed structures (megastructures) is Hearst Magazine Building, tower designed by Norman Foster in New York City. Figure 44 - Hearst Magazine Building - 2004, NYC (left), Hotel de las Artes – 1992, Barcelona (right) [87, 100] 62 �It is an outstanding high–rise in neighbourhood of high–rises, due to the specific exposed steel structure–diagrid, which even reduced the structural material consumption, due to its geometrical disposition of the structural elements, when compared to the braced steel frames. Unlike the Hearst Magazine Building whose diagrid is full–filled with glass walls, structure of the Hotel de las artes was practically attached to the building volume; an exo–structure was attached by design at the building perimeter in order to resist lateral forces. Being hidden or exposed, it is more than obvious that evolution and development of structures contributed to the overall architectural expression. Also, the structures are not heavy anymore; there are no massive barriers in interior spaces, but there is a variety of aesthetic forms of architecture. 63 ��CLASSIFICATION OF THE STRUCTURES OF HIGH – RISE BUILDINGS Architectural structures of the high–rise buildings have been a new field for various scientific researches, analysis and classifications ever since their rapid developments in the sixties. Structures were classified according to the use of structural material in ratio with economic benefits and heights, whether they were visible (at the perimeter of the building, supporting architectural expression, exterior structures) or invisible (such cores, or structures hidden in interior of the building, interior structures). However, each of the classification is greatly upgrade of the previous one, in an effort to find a place for a newly developed structural system of the high–rise. According to F.R. Khan, back in 1969, high–rise structural systems were classified according to the efficiency relating to their height. As a final result of such attempt to classify structures upon these factors, diagrams “Heights for the Structural Systems” were created. [20] However, this era of rapid development in order to catch up with desired heights and economic benefits brought necessity for upgrade of the existing diagrams. In 1972/73, new schematic diagrams were created for classification of structural systems, based on the structural material used, concrete or steel. With these diagrams, Khan enhanced the close relationship between progressive demand for height and economic benefits, while the decision not to use steel structures in buildings under 20 storeys, in order for it to be the most sufficient, is not surprising. According to Khan, doable systems were frames, shear walls, framed trusses and tubular forms. Figure 45 - Classification of the Structures of High–Rise Buildings according to F.R. Khan (steel structures) [1] 65 �Figure 46 - Classification of the Structures of High–Rise Buildings according to F.R. Khan (concrete structures) [1] With such accelerated evolution of the structural systems, high–rise structures required more updated classification. In 2007, Mir M. Ali developed new classification guided by lateral load resisting capabilities. According to Mir M. Ali, each structure had a major structure which was capable to resists lateral actions (wind and seismic actions), and minor one which was not as dominant as major, but did have capacity to resist lateral actions. Figure 47 - Classification of the Structures of High–Rise Buildings according to Mir M. Ali (interior structures) [1] 66 �If the major structure was placed at the inner part of the building, while minor structural elements were positioned at the perimeter of the building, structure was classified as interior structure. If the major structure was positioned at the perimeter of the building and minor at the interior, structure was classified as exterior structure. Figure 48 - Classification of the Structures of High–Rise Buildings according to Mir M. Ali (exterior structures) [1] 67 ��FRAME SYSTEM Frame system was pioneering system in structuring and maintaining the concept of high–rises as physical objects. The first generation of high–rises were structured with rigid frames. Such system appeared as regular grid, with girders as horizontal elements and columns as vertical elements, rigidly connected. Rigid frame structure, primarily resisted loadings through flexural stiffness of the members, where vertical members of the frames were designed upon the gravity actions (permanent and variable actions), while the girders, horizontal members were designed to withstand possible deflection under permanent and variable actions, and were also designed to resist lateral sway of the structure under lateral actions. Figure 49 - Rigid Frames of High–Rises Combination of the Displacement due to Sway and Bending [177] However, if the span between the columns was larger, which was the actual case due to necessity for more open space, girders and columns were respectively increasing in cross–sectional dimensions in order to ensure overall stability of the structure. The same goes with the height increasing, where the columns that were close to the ground or foundation was wider in cross section than columns at the upper floors. Rigid Frame System can be made out of both structural steel and concrete. However, prevalent material for these structures is structural steel, which accelerates the construction and proves as very efficient for the high–rises up to 30 storeys, while the concrete is efficient up to 20 stories but high fire resistance of concrete is what made concrete the number one choice in structural material for rigid frame systems. 69 �Figure 50 - Lake Shore Apartments – Rigid Steel Frame Structure (left) and Stanhope Building – Rigid Concrete Frame Structure (right, axonometric) [179] The subcategory, described as developed method of rigid frame is braced rigid frame system. Unlike rigid frame, braced frame system was more economic and efficient steel structure; bracings minimizes or exclude bending of the columns and beams in such a way that, axial stress in bracings mimics the rest of the lateral forces. By bracings the structural elements such as girders and columns became more slender and overall structure got a geometry of vertical trusses, where columns appeared as chords. There are various ways of bracing systems, most common being: single diagonal, double diagonal and bracings in appearance of letter “K”. Such structural system might be used for building up to 40 storeys high. Figure 51 - Common Type of Bracings 70 �SHEAR WALLS SYSTEM Even though load–bearing walls, forerunners of shear wall system, were main break for high–rise construction, development and change to a more efficient structural material such as reinforced concrete (and other strengthened types of concrete) resulted in development of shear wall system. Shear walls, plane structural elements extended from the foundation to the final height, proved to be the greatest advantage in bracing of high-rise buildings that could resist lateral actions (wind and seismic). Large in plane, shear walls had great stiffness and strength. However if the shear walls were interrupted in order to build windows or doors, stiffness of the overall structure respectively decreased in ratio of solid to void areas; similarly, if two shear walls were connected with a beam, two walls acted as one unit, and such system was named coupled shear walls. Figure 52 - Variations of Interruptions in Shear Walls [176] Figure 52, shows different percentage of shear wall interrupted, the first version shear wall is interrupted with small openings, not largely affecting the stiffness of the wall, the second however has larger opening which in ratio of solid void decreased overall performance of the shear wall–coupled shear walls, and the third figure shows the void area that fully separated wall to two smaller plane areas noticeable decreasing overall structural stiffness. In statics, shear wall might be described as cantilever beam, fixed at the foundation, extending up to the final height of the building. Such system is chosen when constructing in highly seismic zones, due to its greater stiffness because “cantilevered” vertical beams transfer seismic lateral loading to the foundation. 71 �Arrangement in the plan of shear walls, in any case, should be symmetrical; if not, the structure can undergo torsion. Such proposal for symmetry of the shear walls arrangement imposes mirrored floor plans, and debatable flexibility of the space. This might be additional plus in the design of hotels, dormitories or residential buildings in terms of creating shafts for the rooms, or apartments; otherwise in architectural design, shear walls system is considered highly inefficient and creates various limitation. However use of the shear walls to create cores, and shafts for stairs and elevators, mostly located in the centre of the floor plan axis, partially solves problem of the space’s flexibility. With such approach, a new sub category was developed as structure of shear walls + frame system. Figure 53 - Axonometric View of Shear Walls System, Example (left) and Characteristic Floor Plan of the National Commercial Bank, Showing the Symmetry in Arrangement of Shear Walls (right) [180] In terms of height, shear wall system can reach the height of 35 storeys in order for it to be economic, while the use of reinforced concrete will still be used effectively. On the other hand, when combined with a frame system, possibility of steel or concrete framing of shear walls lead to more storeys, but also proved to be more economic and efficient, which means that concrete shear wall and steel rigid frame can reach up to 60 storeys, while concrete shear walls and concrete frame systems goes up to 70+ storeys high. 72 �Figure 54 - Casselden Place, Melbourne – Concrete Shear Walls + Steel Frame, 43 Stories (left) and 311 South Wacker Drive – Concrete Shear Walls + Concrete Frame, 75 Stories (right) [102, 104] 73 ��OUTRIGGER SYSTEM Outrigger structures are generally a unity of the core, outriggers, belt trusses and mega columns. Shear cores are mostly designed at the axial centre of the floor plan; however it is not impossible for it to be located at either one side of the building. Commonly in a form of concrete cores or rarely in a form of steel trusses, shear cores do act as vertical cantilevered beam fixed at the foundation. Outriggers, might be in a form of steel trusses or concrete walls, and depending on the design the outriggers are approximately 1 to 2 storeys deep. Depending on the position of the core, outriggers may extend from both sides if the core is centrally positioned or from one side if the core is placed on one side of the building. The role of the outriggers is to reduce moment in the structure’s core by acting as the stiff headers that transfer the moment from the core, to the mega columns generally located at the perimeter of the building by stimulating a tension–compression couple in mega columns. Belt trusses connect the mega columns at the perimeter of the building, reducing the elongations in tensile zone and shortening in compression zone of mega columns, while also being capable to resist a shear load, which can cause bending. Even though, the columns and belt trusses are capable of taking over lateral actions, the design of major structure is interior core and outrigger, which classifies this structure as interior structure. Figure 55 - Shanghai’s Tower Structural System [139] 75 �Outrigger structures are lately becoming very popular in super high-rise buildings, where outriggers trusses or walls advance shear wall/core system in resisting lateral actions in a form of re–distribution of shear forces. With outriggers in buildings higher than 70 storey, bending caused by overturning is highly resistant. Figure 56 - Bending Moment Diagram under Applied Wind Load on Shear Core and Frame Structure (above) and Bending Moment Diagram under Applied Wind Load on Outrigged Structure (below) Besides valued advantages, in terms of additional stiffness, stability, higher resistance of the structure to crucial lateral loads, high performance and efficiency in use of the materials and design, the main disadvantage is perceived in occupied rentable space reserved for outriggers. If consider that 1 or 2 storeys are required per one outrigger, it becomes obvious that the greater height leads to the percentage of occupied stories respectively increasing as well. However if well planned and designed, outrigged stories can be used as mechanical floors; such approach excludes “waste” of space. Considering structural material, this structure might be designed as steel structure or 76 �concrete, or in most cases as composite structure. Due to the high fire resistance requirements, cores are mostly designed in concrete, which adds to the safety for occupants of the building in the case of emergency. However, lightness of structural steel makes steel preferable in comparison to heavy concrete for outriggers and belt trusses, such structure and relation between materials and structural elements, is showed as efficient when constructing 150 storeys high buildings. 77 ��TUBE SYSTEM One of the most spread exterior structures of high–rise buildings is tube structure. Lateral actions in such structure are resisted with the structural element positioned at the perimeter of the building. As one of the greatest innovation in the sixties, tube structure was designed by F. Khan back in 1961. It was delivered as an actual structure with De Witt Chestnut Apartment Building in Chicago. Construction was finished by 1963, with 43 storeys height, and in arrangement of framed tube. Figure 57 - Variation of Tubular Structures Frame tube structure was the first example of tubular approach for construction of in high–rise buildings. It is designed as hollow cantilever, fixed at the foundation to the ground, in order to resist lateral loads. It consists of closely arranged columns, while the span between central axes of columns’ cross section is approximately between 1.5 to 4.5 meters and spandrel beams being rigidly connected. The depths of beams vary between 60 and 120 cm. Term framed tube structures is closely related to, shear lag effect, which means that within this type of structure corner columns experience the largest axial forces, which are not distributed linearly along the direction perpendicular or parallel to the wind. Frame tube can be designed both out of, steel or concrete, with efficiency up to 80 storeys. 79 �Figure 58 - Characteristic Arrangement of the Structural Elements for Framed Tubes in Plan (left) and Diagram of Shear Lag Effect (right) [1] For architectural functionality or aesthetics such system strongly leads the overall composition, dynamic and geometry of the elevation, while at the same time decreases costs for the additional curtain wall or fill in walls, but also reduces daily light penetration to the building. Figure 59 - De Witt Chestnut Apartment Building in Chicago, F. Khan, Characteristic Floor Plan Showing Perimeter Column Arrangement (left), and De Witt Chestnut Apartment Building Constructed (right) [178, 137] A type of tube structure, braced tube, also called truss tube, was first used back in 1970 in Chicago, at John Hancock Centre. Such structure developed as newly evolved frame tube. Instead of closely arranged columns, required structural stiffness was achieved by diagonal bracing. Braced tube overcame the problem of progressive inefficiency in over 60 storey high buildings which was the case with frame tube. With bracing, perimeter frames acted as stiffener and the braces overtook floors’ gravity 80 �actions. Each joint of the diagonals and columns, in structure of braced tubes, eliminated effect of shear lag by being tubular in framework. Besides structural advantages of braced truss tubular structure, larger spans between columns that were provided by bracings, created larger areas for the openings glass areas increased the interior quality and at the same ratio, the glass areas increases themselves. Also, the braces which were left as visible by design, enhanced and gave a character to each elevation. Figure 60 - John Hancock Centre, Representative Example of Braced Tube Structure [79] Unlike other tubular structures, bundled tube system, made high–rise buildings structured with this system a vertical play of the various volumes, which differentiated it from the cubic shaped towers. In this variation of tube structural system, couple of tubes were interconnected and acted as one unit. Back in 1974, Sears Tower was the first bundled structure, with 9 tubes at the base level, which created regular grid of 3 rows and 3 columns, while still following the principle of bundled structure; as the final storey was not cubic. Approach of the bundled structures, concept and the overall design of structure reduced the elements of the lower storeys, slandering lower structural elements, when compared to those that would be required for other type of structure. 81 �Figure 61 - Sears Tower, Chicago (left), Schemes of Modular Floor Configuration (mid and right) [67, 181] Bundled concept, unlike others structure’s concepts gives variety of characteristic floor plans in areas, with greater lower storeys and those smaller at the upper storeys. There are different geometrical shapes in grid plan, such as: rectangular, triangular, hexagonal etc., which mould vertical volume of the high–rise tube. Bundled tube structures, efficiency is up to 110 storeys, with possibility of steel or concrete as main structural material. Even though such composition reduces shear lag and enables slenderer structural elements, the configuration of tubes may have created limitation in arrangement of the interior space. Figure 62 - Different Plan Configuration for Bundled Tube Structures 82 �One of the safest tubular structures due to resistance to the impact loads, besides its high stiffness of structure in resisting lateral and gravity loads is tube in tube structure. It is usually composed of two tubes, one larger at perimeter and smaller inside perimeter of building, however it may be designed with more tubes within a tube if it is required due to higher safety and if such attempt and concept shows as efficient. An example of tube in tube structure is 181 West Madison Street in Chicago, which has 52 storeys. Figure 63 - 181 West Madison Street, (left), Characteristic Floor Plan (right) [144, 143] Such structure effectively resists lateral actions with both tubes due to its system that inner core (inner tube) and outer tube with slabs, which makes both core and cube able to resist lateral actions. As far as the structural material is concerned, both exterior and interior tubes can be designed as concrete or steel cores or frame tubes. In terms of height, tube in tube system is efficient up to 80 storey high buildings. However, such structures excludes a high demand for numerous columns in interior design, inner core if not used with specific purpose as elevators, stairs, mechanic installations core, can develop limitation in arrangement of interior space. 83 ��DIAGRID SYSTEM Diagrid is an exterior structural system used in high–rise buildings, which is even though entirely exposed at the elevation, both in architectural and structural fields of science and art, defined as extremely aesthetic. Unlike, diagrid braced tubular structure, which may be seen as a forerunner of diagrids, it is mostly degraded by expertise and critics. Entirely braced John Hancock Centre in Chicago, was one of the pioneers in braced tube structures; despite the improved structural efficiency, new aesthetic style, innovation, structure exposed through all four elevations was not welcomed. However, a decade later, newly named form of diagrid, gained full attention. Dating back to 1980’s Sir Norman Foster, proposed diagrid solution for the Humana Headquarters composition. Even though diagrid was not a best solution for Sir Norman Foster, Hearst Headquarters Centre in New York and 30 St. Mary Ave in London received praise and become monuments of Sir Norman Foster, and were closely related to diagrid structures. Figure 64 - Hearst Headquarters Centre in New York (left), and 30 St. Mary Ave in London (right) [170, 96] In diagrid structures, the whole structure depends on diagonal members. Due to stored shear by axial forces in diagonal members diagrid structures reduces and minimize shear deformation. 85 �Diagonal members of diagrid were also capable of carrying gravity actions, and its triangulated configuration of diagonals could resist for lateral actions. As structure, diagrid did not seek for shear rigidity cores, because diagrid had high bending and shear rigidity at the perimeter’s diagonals. Figure 65 - Variations of Diagrid Geometry [62] Diagrid structures are commonly steel structures, with very complicated joints of the diagonals, however they are efficient in up to 100 storeys buildings, and represent regular geometry in diagrids. Lately diagrids are designed and constructed out of concrete, as main structural material, which is far different from steel diagrid, with more irregular and organic shape, which lead to the new futuristic architectural aesthetics. Concrete diagrid structures, require expensive formwork and the construction. An example of such design is reflected in O–14 Building in Dubai. Figure 66 - Concrete Diagrid, O-14 Building Dubai (left) and Construction of Diagrid (right) [161, 167] 86 �SPACE TRUSS SYSTEM, EXO–SKELETON SYSTEM AND SUPER FRAME STRUCTURES Besides Tube and Diagrid, exterior structures that resist lateral actions and structures that supports high–rise buildings in physical world include, Space Truss, Exo Skeleton and super frames. An example of Space Truss structure can be seen in China Tower of 1990, in Hong Kong. In appearance, space truss is described as braced tube with modified diagonals that penetrates from the exterior to the interior of the building. That is at the same time greatest difference between the two, braced tubes diagonals and chords members are connected in plane areas, while space trusses diagonals have third direction toward to the interior space. Axial forces of the space truss members, resist lateral actions, while space trusses are steel structures which are efficient up to 150 storeys. Diagonals that penetrate the interior of the building are one of the crucial elements for structure’s resistance, however if not well designed they might appear as obstacle in interior of the building. Figure 67 - China Tower of 1990 (left) and View on Buildings Structure from Interior of the Building (right) [160, 64] Unlike all other structural systems, Exo–Skeleton is located on the outside of the building, which means that the actual lateral load resisting structure is located outside of the building and its elevation plane. An example of this structure is Hotel de las Artes, in Barcelona, Spain. Due to such exposed structure, buildings volume and elevations are catchy and act as identifiers. Main structural material for this structure is steel. However, fire proofing for this exterior structure is not highly demanded as 87 �for the other structures, because it is solely responsible for resisting lateral actions, and its failure should not initiate progressive collapse of the entire building. However, due to ever–lasting exposure of the structure to weather conditions, corresponding thermal bridge should be carefully designed. This structure hasn’t got any obstacles in interior space and it is efficient for up to 100 storeys high buildings. Figure 68 - Hotel de las Artes, Exo – Structure at Main Structural System (left) and View on Detail of Elevation, Structure Connection to the Buildings Volume (right) [128] Super frame structures are ideal for the concepts of skyscrapers or ultra–high buildings. Super frames are efficient for up to 160 storeys, but there are buildings structured with super frames, with lower numbers of storeys, and example of such structure is Parque Central Tower (Caracas, Venezuela), which has 56 storeys, while an even higher buildings structured with the use of super frames, is designed but still not built – the Chicago World Trade Centre, with 170 storeys. Figure 69 - Parque Central Tower, Caracas, Venezuela, Concrete Super Frame Structure, under Construction (left), on fire (mid), Renovated (right) [91, 134, 132] 88 �Super frame building reacts as tubular structure in order to resist lateral actions. Such structure consists of vertical structural truss in a shape of mega columns, arranged at each corner, where this position of the mega columns imposes that highest efficiency for resisting wind actions is at the corners. Unlike vertical, horizontal like trusses are linking mega columns, after every 12 to 14 storeys respectively. The major disadvantage for architectural design and form of the high–rise with this structure, is that the structure is actually leading the form of the high–rise. Super frames could be both steel and concrete, where more efficient material is steel, with efficiency up to 160 storeys, unlike concrete where efficiency stops at 100 storeys. Figure 70 - Chicago Ultra – High Building, Proposal for Steel Super Framed Structure, Elevation (left) and Characteristic Floor Plans (right) [71] 89 ��HYBRID STRUCTURES After the period of modernism, architectural aesthetics imposed more irregular shapes, conceptually designed as unity of more different geometrical volumes, with more curved lines, inclined elevations, bridges, buildings etc., which made none of the previously known individual structures able to support such volumes. As a solution for this concept, an idea of hybrid/mix structural systems in form of combination of advantages of different structural systems and materials, and in order to maximise structural efficiency of the building. Such structures, were mostly mix of a composite structures and materials, however it is important to distinguish these two structures, because of their difference in load resisting capabilities. While the composite materials, present two or more materials combined in order to form a new material, more efficient one, in hybrid structures, structural materials may perform their properties individually, or together in order to get the highest performance and efficiency of materials. As long as hybrid structures engaged variations of different structural systems, principle of the load bearing and resisting was hard to explain with the unique principle. However evolution in the production of the concrete, in form of innovative HSC (High-Strength Concrete), certainly reduced deformation of the columns, increased axial load capacity of the material, and in same time decreased self –weight when compared to conventional concrete. Figure 71 - Belvedere Building, Rotterdam - Horizontal Forces Scheme (left), Inclined Strut (mid), Constructed Building (right) [41] 91 �Sloping tower “Belvedere” in Rotterdam, designed by an architect Renzo Piano is one of the most representative example of hybrid structures. Inclined design of the eastern elevation represented great challenge for structural design. Even though, columns were positioned in optimum arrangement, horizontal forces were too high to be resistant by any of the ordinary structural systems, like core, tubes, or shear walls. Strut, which was actually part of the overall building’s concept, became part of the structural system in case of an emergency and in order to resist horizontal forces. [41] 92 �STEEL AS STRUCUTURAL MATERIAL FOR HIGH–RISE BUILDINGS Steel, as structural material has dominated worldwide for a long period of time, enabling various achievements in both architecture and construction. Due to its mechanical properties and construction abilities, steel encouraged development of high–rise buildings, bridges, towers and other structures, which required lighter material, but with at least the same or higher bearing capacity than masonry structures allowed. Steel, an iron alloy, is basically manufactured in steel factories in high– advanced conditions; that way it is more predictable in its behaviour than materials such as concrete or other manmade materials. Strength, uniformity, light weight, ease of erection and prefabrication, in demand for rapid construction made the steel a material of the future. It could be said that the history of steel can be traced back up to 4000 years in the past. Due to its strength being greater than that of a bronze, iron started to replace the use of bronze for weapons and various tools. However in the 6th century B.C., Chinese were the first to use blast furnace in order to work with cast iron. What Chinese started doing in the 6th century B.C., Europe developed in the Middle Ages; their attempts and experiments almost clarified most of the iron properties, with one of the main explanation being that carbon is affecting iron’s workability. Cast iron in that period was in great measure strong material, despite high level of carbon varying from 2.5 to 4.5%, which lead to the problem of brittleness. Although this was an obvious problem, solution wasn’t developed until few centuries later. Solution was an innovation of puddling furnaces offered in the 18th century by Henry Cort. Despite efforts of different metallurgist, puddling furnace and cast iron were the greatest achievement in the development of technology. Higher interest for the development of steel was evoked by 19th century. In 1856, Henry Bessemer introduced process of inducing oxygen into iron in order to reduce the amount of carbon. Process was named after Bessemer but it did not succeed as it was planned due to the portion of induced oxygen, which was not easily defined, creating iron with too much reduced carbon, containing overdosed remains of induced oxygen. Shortly after, in 1860s, new process of steel production and carbon reduction was disclosed with success, known as Open Heart Process. 93 �Figure 72 - Bessemer Steelmaking Process (illustration of furnace) [142] After these innovations, vast iron or earliest steel were a turnover for spread of steel structures. With the development of steel, idea of high–rise structures and high–rise constructions was born. Along with that, Chicago became place of the world’s first high–rise building. Home Insurance Building, 1884/85, the first worlds’ high–rise constructed with cast iron and pioneering steel. Figure 73 - Contemporary Steel Making Process, Combination of Blast Furnace Top Gas Recycling and Blast Oxygen Furnaces, Highly Reduces Steelmaking Emissions (illustration) [151] 94 �After the first high–rises, it is hard to separate whether the development of material was rapid due to the necessity for high–rise constructions, or high–rises were designed and constructed in order to achieve and push the steels’ abilities and limitations. However, it was sure that the world was undergoing a revolution of steel industry, parallel with the race for high constructions. Different requirements developed new steel manufacturing processes, Electric Arc Furnaces and latest oxygen steelmaking. The latest widely used steel manufacturing process is oxygen steelmaking, with the basic oxygen furnaces being developed back in 1960, and is still remains one of the 66% of world production of steel. Although steel has been used in various ways, and has many representative achievements in construction, its low fire resistance and high maintenance costs, are reasons why steel is taken with reserve, and reasons why there are more composite structures rather than single steel structures. Steel’s properties as structural material are mostly taken as its advantages. As a material that can answer most of the architectural requirements on its own, with wide range of shapes and excellent properties, steel was declared as a material of future architectural concepts and future high–rises, long span constructions. However, steel weaknesses were not treated well in earlier buildings, so events of collapses, damages or maintenance issues with buildings made steel less desirable as major structural material. However, steel as a structural material has significant advantages and are as follows:  High–strength material, with equal resistance both in tension and compression stresses;  High–strength/ weight ratio declare steel suitable for high–rise structures, long span bridges due to slenderness of structural elements compared to concrete structures;  Prefabrication – factory made material with the best conditions and high quality control of the production and processing of steel elements;  Time – schedule of the structure erection;  Predictable material in its behaviour;  Ductile material, steel can undergo large plastic deformation before failure; and  Fatigue strength. 95 �Steel disadvantages are also important for consideration:  Unlike concrete rigid connection, in steel structures weakest point may occur in joints/ connections;  Cost of steel structures – in general steel structures are much more expensive than other structural materials;  Fireproofing costs – steel has low fire resistance which is mostly one of the weakest point in steel structures, especially if there is word about high–rise buildings with no sufficient time to evacuate the building; however, there are different fire proof coats which highly increase total cost of structure, but elongate time for fire resistance;  Maintenance costs – maintenance may request same or even higher costs in time. Besides fireproofing coatings, steel structures require additional coatings to prevent corrosion; due to different environmental conditions, constant humidity may cause corrosion which reduces cross sections and durability;  Buckling as much as the slenderness of steel element is one of its greatest advantages and desirable in architectural expressions, steel columns are subjected to the buckling of steel columns due to columns slenderness, which explains why steel columns are mostly avoided and replaced at closest composite concrete steel columns. Steel sections used in construction are classified according to the way they are formed, or manufactured. However steel is also classified according to its chemical compositions, that is, according to the percentage of carbon present, type of the alloys or stainless. Figure 74 – UK Hot – Rolled Steel Open Sections [191] 96 �What lead to some of the newly developed ways of classification of steel is development of steels with highly increased strengths, so classification of steel based on its physical strength is now also a common thing. Numerous types of steel section are produced by hot rolling, with different shape, weight or size. For instance, open sections in UK are defined as universal beam (UB), universal column (UC), and parallel flange channel (PFC) or angle section. Tubular hollow sections have circular or rectangular shape (CHS and RHS), and proved to be a better solution for buckling resistance of structural elements. There are two types of steel hollow sections and they are distinguished by the method of production: cold formed hollow sections and hot formed hollow profiles. Figure 75 – Tubular Steel Sections [191] There are also so called European Steel Sections with appropriate tables for all the steel sections, with their dimensions, properties, classification, resistance and buckling resistance values according to Eurocode 3, EN1993-1-1:2005. The tables are extended to welded section with dimensions. The designers can select section type e.g. IPE, HE etc. Figure 76 – European Steel Sections [123] On the other hand, cold formed sections are mostly used as secondary elements in structures or in light steel frames. Typical cold formed section are C and Z sections, produced by cold rolling from galvanized strip steel, with 1.2 to 3.2 mm in thickness. 97 �Figure 77 – Standard Z and C Cold Rolled Steel Sections [117] Another important classification of steel is also in accordance of steel’s chemical compositions, which influences its properties and dedicates its purpose. Table 1 - Steel Classification according to Carbon Percentage Presence CARBON STEEL TYPE Low – carbon steel (Mild steel) CARBON PERCENTAGE APPLICATION  various shapes from flat sheets to structural beams 0.04 % - 0.30 %  other chemical elements are added or increased to achieve desired properties.  manganese 0.06% - 1.65 % Medium – carbon steel 0.31 % - 0.60 %  stronger than low carbon steel  more difficult to form, cut and weld High – carbon steel (Carbon tool steel) 0.61 - 1.50 %  once threated with heat becomes very hard and brittle Alloy steels are reserved for pipelines, car parts, electric motors, power generators etc. They contain elements such as silicon, copper, chromium, titanium, nickel, aluminium in order to improve steel’s properties. Although not used as structural steel, stainless steels is an important category itself, which contains 10-20 % of chromium, and is 98 �valued for high corrosion resistance. However, its costly production is not economical for construction of building’s structures. For structural steel, the most important strength property is its yield stress (fy). However it in great measure depends on steels’ chemical constitutes, among which carbon and manganese increase yield stress. For yield stress, the heat treatment and amount of rolling process in production and shaping is important for instance, thinner plates, which were more processed, have higher yield stress than thicker ones. The minimum yield stress is identified individually for different steel classifications, depending on chemical compositions and heat treatments, where yield stress is defined in accordance to the results of a standard tension tests. Howsoever, yield stress allowable for design is listed in different tables, with specific characteristics of specific steel. Figure 78 – Stress – Strain Diagram for a Steel in Tension [85] Steel’s yield stress determined for uniaxial tension is usually also accepted for uniaxial compression. This means that tensile strength of the steel is also referring to compression strength. Another steel property is very important for the behaviour of structures and elements, particularly for resisting the shock loadings, such as seismic or impact load. This is ductility. Steel ductility is responsible for avoiding brittle fracture, meaning that steel can undergo great plastic deformation before failure. 99 �Figure 79 – Schematic Expression of Steel’s Ductile Failure Phases [183] Steel’s minimal ductility is expressed by:  Elongation after fracture at the measurement length of 5.65√A0 (where A0 is the initial surface of cross section). According to Eurocode 3, the elongation after fracture should not be less than 15 %; [35]  fu /f y ratio of a specified minimum strength, fu , and a specified minimum yield strength fy . According to Eurocode 3, the minimum value should be fu /f y ≥ 1.10. [35] According to this, steel with greater yield stress is limited to the smaller elongation. There is a possibility for all materials to develop some defects during a production, curing and erecting time, or during its service life. Such defects may take any forms, but in case of steel, the smallest crack is sufficient to result in brittle fracture of structure, due to its acceleration in spreading through the specific element. Brittle fracture stands for undesirable sudden failure, without expresses the plastic deformation of material. Risk of steel’s brittle fracture increases with thickness of the element, tensile strength, or cooler temperature. Steel toughness is its ability to resist brittle fracture after loaded, and is defined as quantity of energy pre unit volume. This is determined by means of the Charpy test, where energy–temperature curve is derived. Due to this, steel toughness is influenced by temperature, loading speed, cold–forming and thickness of material. 100 �Figure 80 – The Influence of Temperature on Loss of Toughness [154] Steel celebrated the phenomena of high–rise construction, where structural properties of steel enabled larger and higher buildings than those structured with timber or stone. So without any overstatement it is safe to say, that steel structures are foundation of high–rise structures. Figure 81 – Home Insurance Building, Chicago, World’s First High – Rise Building Steel Structured [192] 101 �The Home Insurance building, in Chicago was entitled the first high–rise building in 1885. Cast iron and steel were the only materials used in structure which framed this 10–storeys high–rise. The building gained a lot of attention and succeeded as new architectural concept, which initiated a race of high–rise construction. All steel high– rises and buildings, were also characterized with large open surface of the facades, which indicated the role of steel in large spans and slender elements, columns and beams, which was innovation for the earliest high–rises. To express the earliest success of steel in high–rise buildings, according to the researches of CTBUH, in 1930, 96% of the world’s highest high–rises were steel structured. Sears Towers, World Trade Centre I and II, Empire State Building, Chrysler Building, John Hancock Centre are the examples of World’s highest high–rise buildings, although it is interesting that all these building were constructed before 1990. Evidence of a great decrease in high–rise buildings constructed of steel is repeated CTBUH researches in 2000, where among world’s 10 tallest high–rises only 4 of them are steel structured, along with devastating data of researches from 2011, where among 10 tallest buildings there is only 1 steel structured buildings, Willis Towers (Sears Tower, 1974). So, it is hard to see these results and not to raise a question of why steel structures lost their role in structuring of the high–rise buildings. Figure 82 – World Trade Centre I and II, Results of the Attack High Fire – Demolished or “Burnt” Steel Structure of High–Rises, September 11, 2001 [194] 102 �The answer certainly lies in steel’s weaknesses, among which its low fire resistance is crucial for the decrease in demand for steel structures. In the late nineties and at the beginning of the new millennium, few high–rises were attacked and/or caught by fire. Unfortunately, steel’s low fire resistance did not provide enough time for evacuation of the many people that were inside the building, so the results and losses were huge, and the human lives were irreplaceable. One of the most known and valued steel high–rises is John Hancock Centre in Chicago. The 100–storey building was designed by Bruce Graham and F.R. Khan. Trussed–tube steel system, with tough integration of architectural aesthetics, entitled J. Hancock Centre as one of the most recognizable and unique high–rises. J.H. Centre, became an icon of Chicago. Its sloping form, narrowing as it rises and its continuous mega cross bracings of trussed–tube system, enhanced harmony between architecture and structure created, an outstanding piece. Figure 83 – John Hancock Building - Elevation (left) and in Urban Context (right) [109, 88] Mega X–braces on facades are designed as truss element with 45o angle, which support large percentage of wind load, while sloping structure and volume of the high– rise also reduce wind effect at higher storeys. 103 ��CONCRETE AS STRUCUTURAL MATERIAL FOR HIGH–RISE BUILDINGS Concrete, the name of the artificial stone, is one of the most spread structural material worldwide. Even though it is the most valued for construction of buildings (structural systems, slabs, walls and foundations), it is not fair to neglect its merits in the construction of bridge decks, piers, grandstands, chimneys, pipes and also urban furniture. The most common definition of concrete states that concrete is a mixture of sand, gravel, crushed rock or other aggregate held together in a rocklike mass with a paste and water. Besides these basic materials mentioned in the definition above, technological and chemical development of concrete industry created various admixtures that worked to improve concrete’s properties and its main strengths compared to other structural materials, such as durability under hostile environments, high resistance to water etc. The first appearance of concrete is often thought to be many centuries ago, which in one hand may be true. Dating back to the Roman period, their approach in design and material mixing technology may take a role of contemporary concrete’s forerunner. Romans used domestic material, pozzolana–sandy volcanic ash, found near volcanic areas in Italy. Pozzolana was mixed with water and quick lime, sand and gravel, and when it hardened, it was used as a building material. Most of the Roman’s impressive buildings were built with this material. Even though from this point of view such mixture may be equal to very weak contemporary concrete, Roman buildings still remain intact, with one of the most outstanding being Pantheon with its impressive great dome, located in Rome. Figure 84 – Pantheon, Rome, Interior (left) and Exterior (right) [193, 81] 105 �After, to say, Roman’s pioneering in this building material, concrete technology was stagnant until the late eighteenth century. In 1796, natural cement rock named after the Roman cement was discovered in England. Similar cement rock was found throughout Europe and America and was used for several decades. Patent for Portland cement was received by Joseph Aspdin in 1824, in England. Cement was produced through long and various experiments of pulverizing clay and limestone into a fine powder. Even though Portland cement was accepted in Europe and America at a slower rate, it could be seen as a turning point for further development of concrete. Francois Le Burn, Joseph Lambot and Joseph Monier were the first to present concrete to mass public. Le Burn built concrete house (1832), school (1834) and church (1835). Lambot introduced concrete boat, reinforced with wires and bars back in the middle of the 19th century. However, back in 1867, Monier invented widely known reinforced concrete. Along with these three names, great credits should be given to Francois Coignet for publishing a book on the application of concrete, with conclusion that too much water greatly reduces concrete’s strength together with designing ribbed iron bars as reinforcement and patenting. In early 20th century, rediscovered and improved concrete was used to build the first high–rise building. Back in 1903, Ingalls building was the first high–rise with 16 storeys in Cincinnati that was built out of concrete. Besides high – rise buildings, various engineering infrastructure and facilities were constructed with concrete due to its high water resistance and the most magnificent example is Hoover Dam, with height of 221 meters, finished in 1936. Figure 85 – Ingalls Building, First Concrete High- Rise (left) and Hoover Dam right) [105, 111] Thus, concrete similar to the contemporary one, dates back to the 19th century. Since then, concrete became structural material that underwent constant technological 106 �development and improvement in its greatest advantages and its physical properties, and concrete became applicable everywhere, becoming the “universal material”, suitable for low–rise and high–rise buildings, megastructures, architectural aesthetics, tubes, grandstands (stadiums) etc. As any other material concrete has it strong and weak points, advantages and disadvantages; high compressive strength of a widely known concrete is its one of the greatest advantages, while its tensile strength is just approximately 10% of its compressive strength. Due to its weakness in tension, concrete is combined with steel reinforcing, where steel upgrades concrete’s weakness. Concrete advantages are:  High compressive strength;  High fire resistance and water resistance – during the fire, it suffers only surface damages, and in constant touch with water concrete proves to be as almost immutable material;  Compared to other materials, concrete requires lowest maintenance;  Concrete structures are very rigid;  Concrete has long service life, without decreasing in bearing capacity;  Concrete can be produced almost everywhere out of domestic materials (sand, gravel, water);  In demand for footing, pillars, basement walls, concrete becomes the only economical solution;  Cast in situ concrete, does not require highly skilled labour;  Prefabricated concrete may be derived in any desired shape and volume, creating shells, arches, domes etc. Concrete disadvantages are as follows:  Very low tensile strength;  Necessity for formwork, whose costs can go from 1/3 to 2/3 of total cost of the structure, however forms are in most cases reusable, where if handled correctly may be economically profitable;  Properties of concrete may vary, due to different proportions od used material;  Placing and curing cannot be controlled as for other materials, such as steel; 107 � Weak in large spans, where structural elements requires large cross sections, so it can create situation that self-weight of concrete elements become one of dominate loads on the structure. Portland cement is one of the concrete’s main components, where cement paste influences concrete’s workability. Raw materials that are crushed and blended at high temperatures in a rotary kiln are: lime, silica, alumina and iron oxide. When cooled, clinker is mixed with gypsum in order to get fine powder cement. There are many types of cement, whose use depends on the environmental conditions.  Type 1 – Common type, all purposes cement;  Type 2 – Rapid hardening Portland cement  Type 3 – Low heat Portland cement  Type 4 – Sulphate – resisting Portland cement. Cement mixed with water creates cement paste, which has function to bind, or in other words to glue other components of the concrete to form a unique mass. Cement paste, or in other words, the water/cement ratio is the important property of concrete, where w/c ratio role influences compressive strength, permeability of concrete and other characteristics. Meaning, the lower w/c ratio is, concrete appears to be more durable and much stronger. Figure 86 – Concrete Compressive Strength in Relation to W/C Ratio [165] In concrete volumes, aggregates occupy about three thirds. Aggregates are much cheaper than cement, and due to economical profitability, there is a need for as much of aggregates as possible. In concrete production, coarse aggregates, gravel - 4 mm 108 �and larger in sizes crushed rocks, and fine aggregates, sand less than 4 mm in diameter are used. Rock types classify as natural aggregates, such as limestone, quartz, dolomite, granite etc. whereas they should be clean, hard and durable. In the case of fine aggregates used in concrete production, it is important to avoid sea sand due to the high percentage of salts which may react with reinforcement and create corrosion. Well graded aggregates, lead to a better compressive strength and low permeability. Besides the grade of aggregates, aggregate shapes and surfaces, fine/coarse aggregate ratios, and aggregate/cement ratio are crucial. For higher concrete workability, spherical shaped aggregates with smooth surfaces showed as a better choice, while angular shaped aggregates with rough surfaces resulted with lower control, but with better mechanical properties and bonds in the concrete mixtures. However, if the cohesiveness needed to be increased, it appeared that the most effective, way was to increase fine/coarse aggregates ratio. On the other hand increased aggregate/cement ratio provided higher stiffness, compressive strength and at same time improved concrete’s stability due to the reduction of shrinkage and creep. Figure 87 – Importance of the Aggregate Grading – Single Sized Aggregates (left), Poorly Graded Aggregates (middle) and Well Graded Aggregates (right) [175] Indispensable part of the contemporary concrete technology are various admixtures. Being added to concrete during or before mixing, admixtures improve concrete’s performance, both in fresh or hardened state. For example, concrete workability may be affected by air entraining agents, or fly ash, while the strength may be improved by silica fume. Most common admixtures are: 109 � Accelerating admixtures, accelerate concrete’s early strength development, reduce time of curing with earlier removal of formworks. An example: calcium chloride;  Air – entraining admixtures, used to increase concrete’s resistance to freezing and thawing and decrease its damage;  Retarders, retarding admixtures, prolong the plasticity of concrete, slow the setting of concrete and retard temperature increases. An example: various acids, or sugar and sugar derivatives;  Superplasticizers are used to keep water – cement ratio constant, while using less of cement. They are mostly derived from organic sulfonates;  Waterproofing materials, exclusion among other admixtures due to their appliance to hardened concrete, but might also be in fresh concrete, to assist retard the penetration of water into concrete. An example: various soap or petroleum products. Plain concrete is material with high compressive and very low tensile strength; therefore plain concrete does not have major role in building construction. Reinforcement in concrete overtakes tensile forces and presents a revolution in the success of Reinforced Concrete (RC). Most common reinforcement material is steel, whose characteristic yield strength (fy), ultimate tensile strength (fu), ductility, bendability and weld ability are design requirements in RC structures. Figure 88 – Reinforcing Steel – Textured Rebar and Meshes [121] 110 �Steel reinforcement for concrete is available in two forms: steel rebar and steel meshes, all with fyk = 500 MPa (N/mm2) in Europe, which are manufactured in three grades due to different ductility. Manufactured steel rebar are textured in order to achieve better bond between rebar and concrete. As composite material with various mix designs, wide range of application and high technology development, concrete is classified according to different criteria. Concrete is classified according to the construction technology applied, on cast in situ concrete and prefabricated concrete and at the chosen way of reinforcing the concrete, conventionally reinforced concrete (steel bars, meshes) and pre–stressed concrete elements. Figure 89 – Difference in Behaviour of Reinforced Concrete and Prestressed Concrete under Applied Load [11] Generally, concrete can be classified based on its properties in compressive strength, unit weight or according to concretes admixtures and additives. One of concrete’s greatest advantage lies in its compressive strength. Concrete’s primary property, characteristic compressive strength (fck) is affected by various factors: water/cement ratio, cement type, type of aggregate, age of concrete and curing time and type of admixture, if used. 111 �Table 2 - Concrete Classification according to Compression Strength of Concrete CONCRETE TYPE COMPRESSIVE STRENGTH fck (MPa) Low – strength concrete < 20 Moderate – strength concrete 20 < MSC < 50 High – strength concrete Ultra – high strength concrete 50 < HSC < 150 APPLICATION  mass concrete structures  subgrade of roads  partitions  buildings  bridges     150 < UHS high – rise buildings bridge towers shear walls not widely used, only few foot bridges and some structural segments, girders Table 3 - Concrete Classification according to Unit Weight of Concrete CONCRETE TYPE UNIT WEIGHT (kg/m3) Ultra – light – weight concrete < 1200  non–structural members Light – weight concrete 1200 < LWC < 1800  non–structural members  structural members Normal - weight concrete ~ 2400  infrastructure  buildings > 3200     Heavy - weight concrete 112 APPLICATION special structures laboratories hospitals nuclear plants �Table 4 - Concrete Classification according to Admixtures Used in Concrete CONCRETE TYPE ADMIXTURES Fibre reinforced concrete include steel, glass, polymers and carbon fibers MDF – Macro defect free incorporate large amount of water soluble polymer DSP large amount of silica fume Polymer concrete polymer APPLICATION  improve tensile property, to enhance toughness shrinkage control and decoration  improve tensile and flexural properties of concrete  provide an excellent abrasion resistance to produce machine tools and industrial moulds  polymer–binder  polymer–impregnated into Portland cement concrete members  polymer–admixture in Portland cement concrete In almost entire Europe and some other parts of the world, concrete is designed based on rules of Eurocode 2. The characteristic compressive strength refers to uniaxial compressive strength measured by compression tests, done on test samples being concrete cylinder 15 x 30 cm or cube 15 x 15 x 15 cm, 28 days of age. Test samples are conditioned in a room temperature with high specified humidity level. Figure 90 – Concrete Cylinder and Cube Test Samples [75] 113 �Conditioning of the tests samples significantly affects the concrete compressive strength as presented in Figure 91. Figure 91 – Concrete Compression Strength Development in Relation to Conditioning of Test Specimens [164] Modulus of elasticity is an important property of concrete used for stiffness and deflection determination; however concrete does not have unique and clear linear modulus of elasticity. It varies due to the age of concrete, different compressive strength, stress level, type of loadings, characteristics and properties of cement and aggregates, whereas it’s important to point out aggregate type in high–strength concrete where type of coarse aggregates is crucial. Concrete is characterized as non– linear stress–strain curve, where modulus of elasticity is defined by being tangent or secant to stress–strain curve in range of elastic strain. Figure 92 – Tangent and Secant Modulus of Elasticity of Concrete [126] 114 �Concrete will continually keep deforming during time and under continual compressive load. The additional deformation that comes after the initial one is called creep or plastic flow. In other words creep refers to plastic time dependent deformation that occurs under continual stress. Figure 93 – Creep of Concrete [89] Creep is related to hydration process in cement paste; therefore, concrete with the highest percentage of cement paste ratio (water/cement ratio) will have the highest creep. This leads to the conclusion that high–strength concrete with lower w/c ratio will undergo decreased or very low creep compared to normal strength concrete. Once concrete is cured and starts to dry, excess of chemically unbounded water starts to evaporate; the result of this leads to the shrinking and cracking of concrete. Such cracks reduce shear strength and tensile strength and that cracking may leave reinforcement unprotected which can start to corrode due to different environmental factors. Even though shrinkage occurs during a long period of time, 90% of it happens during the first year. Figure 94 – Concrete Shrinkage Development in Ordinary Concrete [38] 115 �During construction of structures of high–rise buildings almost any structure may be derived and erected out of reinforced concrete; with strong, durable and highly resistant, rigid concrete structures, if well designed, it may overcome all the struggles in high–rise construction. Use of concrete in construction of high–rise buildings has been rapidly increasing in the last few decades, where the main factor includes chemical industry admixtures in concrete mix design, better curing abilities, and better technology for concrete pumping to higher storeys in high–rise buildings. Back in 1903, the first idea for concrete high–rise building, was not widely accepted. For most experts, critics and public, such idea evoked doubtfulness. However, 16– storey concrete high–rise was constructed in Cincinnati. Ingalls building was designed as very rigid structure, enveloped by the 20 cm thick walls, structured with rigid concrete frame of 76 x 86 cm columns up to the 10th storey, and 30 cm x 30 cm for the rest of the storeys, connected with concrete beams. In Ingalls building, slabs and stairs were also made of concrete. Such massive elements were not welcomed by architects and designers. Unfortunately, during that period concrete technology was only familiar with types of concrete of lower strength, and large cross sections of the elements were a necessity. When concrete was discovered as a material with high potentials in various fields, the reinforced concrete technology quickly started to develop concrete with high–strengths, improved by various admixtures which also upgraded properties of concrete. In high–rise buildings, safety and time of evacuation is one of the most important factors, which follow immediately after its load bearing design. High fire resistance of concrete was also one of the encouraging factors for the further use of concrete in high–rises. In favour of reinforced concrete application of the structures of high–rises are Petronas Twin Towers. Back in 1998, the world’s highest buildings were Petronas Twin Towers in Kuala Lumpur, two identical towers with heights of 452 m and diameter of 46.3 m. Mega structure of these towers consists of 16 perimeter columns varying in diameter from 2.40 m from the ground to 1.20 m on the top of the towers. With the decrease in columns cross section, reinforced concrete core is respectively decreases from the bottom from 22.9 x 22.9 meters to 18.9 x 22 meters, while beams are about 79 cm in depth. Petronas Twin Towers were developed with high–strength concrete of 80 MPa in compressive strength of the columns of lower floors, however middle floors had the compressive strength of 60 MPa and upper floors of 40 MPa. As latest achievement in reinforced concrete structure of high–rise building is definitely Burj Khalifa, Dubai. Burj Khalifa, was designed in shape of Y; such form of the building maximises the exterior view, but also derives a newly supported core named buttressed core. 116 �Figure 95 – Petronas Tower- Characteristic Floor Plan Showing Concept and Structure [66] The material used for structure materialisation was high–strength concrete, varying from 60 MPa to 80 MPa. Although use of steel in this 829.9 meters high building was not fully excluded, major structure is erected out of high–strength concrete. The Ingalls Building, Petronas Twin Towers and Burj Khalifa are chosen as representative examples of reinforced structures, with different aesthetics, volumes achievements in vertical direction due to the period of their designs. However, all of these structures are in a way key points for the development and achievements of reinforced concrete, despite the fact that the only common point for these buildings is their RC structure. To summarize, an imposing fact is that with contemporary technology, concrete excluded the adjectives massive, clustered and large structural elements for RC structures in high–rise buildings and became more desired material in construction. 117 �Figure 96 – Burj Khalifa (left), Petronas Twin Tower (mid) and Ingalls Building (left) [82] 118 �HIGH STRENGTH CONCRETE (HSC) AS STRUCUTURAL MATERIAL FOR HIGH–RISE BUILDINGS It is hard to define high–strength concrete (HSC) with one unique number, or create any strict border between conventional normal strength concrete and high–strength concrete. As long as achieved concrete or target strength is about the same quality as the local material, curing conditions, size and age of testing specimens, it imposes the fact that nor unique nor unified definition of high–strength concrete is neither possible nor necessary. Another factor in defining ranging lines of high–strength concrete is also a demand for specific strengths or performances of concrete. In the specific case of the USA or some rapidly growing Asian country or city, 95 MPa high–strength concrete is available in most of concrete plants, and at same time it is economically and cost efficient. On the other hand, situation in Balkan area is totally opposite. Abilities to use highstrength concrete in this area is not even adequately researched, and the top limit of concretes’ strength may appears to be up to 60 MPa, which corresponds to weak economical and cost efficiency. However, in different standards there are some differences in classifications of concrete up to the characteristic compression strengths. According to EN 206:2013, normal–weight and heavy–weight concretes are divided into sixteen classes according to their compressive strengths; high– strength concrete is in range between C55/67 and C100/115. Terms high–strength concrete and high–performance concrete were commonly used as synonyms, which was acceptable at the early beginnings. However, in the contemporary concrete technology, this interchangeable use of the two terms is not acceptable. High–strength concrete commonly refers to the increase in compressive strength of concrete, while high–performance concrete refers to the increase of all concrete’s properties, with accent on mechanical properties, durability, workability, permeability etc. which is more than just increase of strength. Commonly, the periphrastic high–strength concrete is introduced as new material or as a result of new technological development. Although such periphrasis may be taken as correct, term high strength concrete and practice of creating high–strength concrete occurred many decades ago. Dating back to 1950s, concrete with compressive strength of 34–35 MPa, was considered to be high–strength concrete. However, when compared to contemporary daily routine in concrete solutions, designed compressive strength of 34–35 MPa, at 28th day of age is one of the most common examples of conventional or so called normal strength concrete. 119 �Figure 97- The Last Completed Super High–Rise, Burj Khalifa, 2010 (left) and the First Completed High- Strength Concrete High–Rise, Outer Drive East 1963 [83] More specific and more scientific approach to the subject of high strength concrete occurred in the 1960s. Newly developed high–strength concrete with compressive strength of 41 to 52 MPa, rapidly spread through the construction sites across the USA. For high–strength concrete technology, sixties of the last century were crucial turning point because all experimental studies of technological development were aiming for the achievements of the desired results. In the early sixties, Japan was a place where the first superplasticizers were developed. Formaldehyde condensates of beta naphthalene sulfonates, were developed by Dr Hattori. These superplasticizers had primary function to reduce water demand in production of high–strength concrete. Product created was named Mighty 150, which could decrease water usage up to 30 percent. Along with superplasticizers, use of 120 �another supplementary material for high–strength concreting developed in this period was silica fume or so called microsilica; micro–filler in between cement particles, a by-product of Ferro–alloy industry was first introduced by German Doctor Aignesberger. Although invention of superplasticizers and silica fume took place in Japan and Germany, most of the credits in HSC development for wide use went to Chicago, United States. During the early sixties, Chicago was a place which accelerated development of high–strength concrete and increased that day available concrete’s compressive strength of 35 MPa to 41 MPa for 40–storeys high–rise buildings. An engineering step forward pioneered the use of high–strength concrete in Chicago on the Outer Drive East high–rise building The USA, also constructed numerous bridges, river dams, marina piers and terminals; however their main focus was on structuring of high–rise buildings, multi–storey garages, shopping malls etc. For instance, it was almost mandatory for high–rise buildings in Chicago to be structured with high–strength concrete. In 1972, from previous 41 MPa, concrete’s strength already increased to 52 MPa for structuring of 52–storey Mid–Continental Plaza. It is important to mention that production and application of high–strength concrete used to structure Mid-Continental Plaza, was more of an economical choice rather than a solutions. Achievable strength of concrete and all performances of concrete were increasing year after year with correspondence to cost efficiency, and due to the development of chemical admixtures and other supplementary materials; the result was of 74–storeys Water Tower Palace, in 1976. Water Tower Palace, was the world’s highest high–rise structure in that period, designed as concrete structure reaching compressive strength of 62 MPa. After all, American Concrete Institute can take all credits for the rapid development of high–strength concrete and actual exposing of high–strength concrete to a wider market for application in most of the high rise buildings worldwide. Nowadays, high–strength concrete is in wide use all around the developed world, and it is more than common to find concrete plants which can catch up with the production of concrete with compressive strength of 95 MPa, on daily basis. High–strength concrete was developed as better and as structural material of higher quality when compared to normal strength concrete. Therefore it has many benefits, both in performance and cost efficiency, so HSC advantages are as follows:  Reduction in structural element size; 121 � Reduction in amount of longitudinal reinforcement and compression members, focusing on slenderer columns;  Higher strength and better performance leads to larger spans and decrease of total number of beams, columns etc.;  Decreased time necessary for concrete’s formwork due to early strength development;  Decrease in concrete cover due to lower permeability;  Long performance under the most critical action combinations;  Lower creep and shrinkage with higher resistance for freezing and thawing;  Increased resistance to very aggressive environments;  Decreased axial shortening, buckling of supporting elements;  Increased rentable space, due to slenderer and thinner elements, but also decreased number of supporting elements due to larger spans;  Decreased permanent action of self–weight of structure;  Decreased maintenance and repair costs;  Greater stiffness due to higher modulus of elasticity with high compressive and flexural strengths. Although high–strength concrete has many advantages as a material, it also has disadvantages which may occur due to some impurities or even as a consequence of some advantages mentioned above. High strength concrete disadvantages are:  Bond strength between cement paste and aggregate does not increases with the same acceleration as compressive strength;  High–vibration are required for better compaction, and to exclude possible segregations;  Minimal concrete cover for reinforcement protection may prevent the use of maximum benefits in reduction of element sizes;  Available prestressing may be inadequate for the maximum use of high– strength concrete’s strength; 122 � High–strength concrete requires very detailed, precise and careful material selection and does not accept any impurities;  Due to low W/C ratio, high–strength concrete requires special curing and installation or placement;  There is a possibility of decrease in stiffness, whereas modulus of elasticity does not respectively increase with concrete’s strength, therefore use of high–strength concrete may provide slenderer elements but with lower stiffness which may lead to stability problems, whereas solution lays in very precise choice of structural systems. Like a conventional normal–strength concrete, HSC also contains constituents, or in other words raw materials. Materials which participate in high–strength concrete proportioning are: supplementary cementitious materials, fly ash, silica fume and some other mineral admixtures, aggregates of the best quality, and of high compressive strengths which include dolomites, granites, quartz etc., as well as superplasticizers or some other types of chemical admixtures. It is important for high–strength concrete to have raw materials of the highest quality without any compromises for marginal or lower qualities. If raw high quality materials are well proportioned and combined, it is possible to produce high–strength concrete with long lasting compressive strength and other mechanical properties. Generally, all types of Portland cement proved to be suitable in production of concrete of compressive strength up to 60 MPa at the 28th day of age. However, to achieve higher strength with respective increase in performance and workability it is necessary to design and study reactions between additional chemical and mineral admixture. Along with Portland cement, use of Blended hydraulic cement in production of high– strength concrete is common. Blended hydraulic cement is mixture of Portland cement and other supplementary cementitious materials, also named mineral admixtures. Benefits of Blended hydraulic cements lay in lower rate of heat development, higher strength, lower permeability, increased durability and overall performances. Credits for accelerating the development of high strength concrete technology go to the mineral admixtures, usually denoted as supplementary cementitious materials (SCM). These are the materials which developed and increased concretes’ performance and strength of both fresh and hardened concrete. Generally, mineral admixtures are siliceous and alumina siliceous materials which with the addition of water chemically react with calcium hydroxide in order to perform cementitious properties. 123 �The most common types used in preparation of high–strength concrete are fly ash, cement slag and silica fume, while less in use are ultra-fly–ash, volcanic ashes, metkaolin, diatomaceous earths and calcined natural pozzolans. Benefits of blended hydraulic cement in lower permeability, higher strength, and lower heat of hydration are also benefits of mineral admixture (SCM). Figure 98 - Common Mineral Admixtures – Supplementary Cementitious Materials for High-Strength Concrete [103] Fly ash is the most common type of SCM and by–product of combustion of pulverized coal; it is spherically shaped and glassy residue. Fly ash is commonly added to all concretes for higher performances. When combine fly ash and slag cement with Portland cement, it may create concretes with compressive strengths of 70 MPa. Silica fume or micro silica is a by–product of silicon metals and ferrosilicon alloys, generated during reduction of quartz in the production of silicon metals and ferrosilicon alloys. This ultra–fine non–crystalline by–product, enabled widespread of high–strength concrete and the ability to produce ultra–high–strength concrete at all. Generally, silica is described as grey to black dust. Silica fume is available in forms of raw powder, water based slurry, densified or palletized. Silica fume in form of densified powder is the most common practice of adding silica directly to concrete mix. Silica fume grains are approximately 100 times smaller than Portland cement grains with sizes of 0.1 to 0.3 μm. Although silica fume or micro silica has numerous advantages, its fineness may require higher percentage of water which may cause a decrease in workability and other desired properties if high–range water reduction admixtures are not added. 124 �The principle of micro–filling with silica fume benefited in strengthening the bond between coarse aggregate and concrete paste, with the ability of achieving compressive strength of over 105 MPa. Silica fume also tends to be efficient in reduced demand of other cementitious materials, for instance 1 kg of silica fume may replace 2 to 5 kg of cement, while the remaining content of water. Production of high–strength concrete would be impossible without superplasticizers such as high–range water reducers, retarders etc. As SCM (supplementary cementitious materials/ mineral admixtures), chemical admixtures improve both fresh and hardened concrete. Without chemical admixtures, even the ability for transport, placement and curing of conventional normal–strength concrete would be questionable, and therefore lack of chemical admixture in high–strength concrete would make high–strength concrete impossible. High–range water admixtures as more common superplasticizers (HRWR) decrease W/C ratio, but it is important to determine correct dose and type of the admixture. Thus, HRWR increase strength, with decrease W/C ratio, while maintaining slump constant, but also increase slump while maintaining W/C ratio. When compared to conventional normal–strength concrete, W/C ratio in high– strength concretes is lower varying from 0.22 to 0.40. However, it is important to analyse whether the certain decrease in W/C ratio is necessary and whether it leads to the requested increase of concrete’s strength and performance. The highest percentage of concrete’s volume goes to aggregate volume. Selection of the appropriate aggregate is very important; in high–strength concrete, the best quality and the strongest aggregates are required. What effects aggregate is its density, grain size composition, shape and texture of the aggregate surfaces. In high–strength concrete rough textured and angular aggregates increase mechanical cement paste– aggregate bond and therefore such aggregates are more workable in high–strength concrete. Trap rock, granite, dolomite and quartzite are mineralogy types of aggregates, suitable for high-strength concrete. Although high–strength concrete has lower fire resistance than normal strength concrete, it still has higher fire resistance than any other structural materials’ and becomes economically efficient solution able to improve its fire resistance. According to the most of the nowadays standards, high–strength concrete and ultra– high-strength concrete are leading concretes with compressive strengths of above 50 MPa and 150 MPa respectively. Many countries are somehow limited to maximum concrete strengths up to 50–60 MPa due to lack of demand for higher performance and higher strength concretes or because of the lower rate of development. However, 125 �areas under rapid and constant construction and development in vertical directions, routinely produce concretes with compressive strengths of over 80 and 100 MPa. The USA, Canada, Singapore, China, Malaysia, UAE are countries and areas with the highest usage of high–strength concrete. Such fact is not surprising because these are the areas with the largest construction sites dedicated to high–rise construction and way of living. In circumstances, where daily human habits are lifted way above the ground, safety comes first. High–strength concrete showed its power in ensuring necessary safety in high–rise buildings, providing safety and comfortable living environment, with its high rate of resistance to any possible structure’s daily displacements due to wind actions, seismic actions, or high–rate of resistance in cases of emergencies such as fire or progressive collapse, where the structure itself enables sufficient time for safety evacuation. Possibilities in structuring of high–rise buildings out of high–strength concrete are best described on examples of Burj Khalifa, Petronas Twin Towers, Taipei 101 (composite structure–steel and high–strength concrete), etc. Magnificent architecture and breath-taking heights were enabled without any concessions by virtue of high– strength concrete. High–strength concrete in these examples showed limitless abilities in concrete technology, and at same time provided sufficient safety to occupants and inhabitants. Besides mentioned, there are numerous examples of high–rise buildings which represent great examples of concrete technology development. Eureka Tower in Melbourne, Australia, a 91–storey tall high rise building is structured as outrigger system, and entirely erected with high–strength concrete. It is designed with central core, perimeter columns, shear walls and continuous outrigger with thickness of 30 cm. This choice of high–strength concrete as structural material, decreased cross sections of structural elements and increased rentable area of floor plans. Core walls for the first 15-storeys are 75 cm thick, made of high–strength concrete with compressive strength of 80 MPa, while perimeter columns were erected with concrete of compressive strength of 100 MPa. As the height of the building increased, characteristic compressive strength of used concrete decreased. Thus, structural elements near the top of the building were made with concrete of 40 MPa for shear walls, and 60 MPa for perimeter buildings. 126 �Figure 99 - Eureka Tower Characteristic Floor Plans 26-52 Storeys(left – top), 53-65 Storeys(left – mid), 66-88 Storeys(left – bottom), Black Hatch Stands for High–Strength Structural Elements and in 2006 (right) [78] Another example is Baiyoke-2 Tower in Bangkok, Thailand, a 90–storeys high–rise building which was designed with the desire to break the world record as the tallest hotel and the tallest high–strength concrete building. This 90–storeys structure was constructed with high–strength concrete, and represented turning point in concrete technology seen up to that day in Thailand. Concrete columns, and concrete central core, as well as concrete slabs, were built out of high–strength concrete with compressive strength of 60 MPa up to 65–storey. Final 25 storeys were constructed out of concrete with compressive strength of 50 MPa. 127 �Figure 100 - Baiyoke Tower 2 [118, 60] Although Europe is a few steps behind the USA, Canada, China and others in vertical expansion, Holland, Finland, Germany, Denmark and Norway are European countries which have practice in production and use of high–strength concrete for specific purposes in construction of high–rise buildings. Germany pioneered the use of high–strength concrete through the Trianon, high–rise building in the Westend of the Frankfurt am Main, in 1992. This high–rise building with final height of 186 meters has 47 storeys above and 4 storeys below the ground level. High strength concrete B 85, was used for four main columns 54 cm wide and partially for shear walls. The rest of the structure was erected with concrete B 45. The use of the high–strength concrete proved to be very economically efficient due to reduced dimensions of structural elements and reduced demand for the further use of reinforced steel. Concrete mixture for Trianon building contained fly ash, superplasticizer and retarders. These concrete cube specimens taken for the compression tests showed that average compressive strength of B85 after 56 days was 112 MPa. 128 �Figure 101 - Characteristic Floor Plan of Trianon Building (left–top), Schematic Scenario of Possible Collapse (left–bottom) and Trianon Building, 1992, completed (right) [199, 200] Altieri Spinelli Building, formerly called D3 building with its 24 storeys represents remarkable achievement in concrete technology in Europe; Altieri Spinelli Building is part of the complex of the parliament buildings in Brussels. High–strength concrete was used as a material for prefabricated columns in storeys that were reserved as garaging space. Target strength for these columns was 80 MPa, which was achieved by the addition of superplasticizers, reduced W/C ratio and the use of fly ash. Such concrete mixture and ability for prefabrication, resulted in accelerated construction and higher economic efficiency, smaller structural elements in this specific case of columns, left more free space than it would have if any other material was used. 129 �Figure 102 - Altieri Spinelli Building, Brussels, Belgium [157] To summarize, successful examples of high–rise buildings mentioned and described earlier are obvious evidences that the use of high–strength concrete is nowadays reality in construction worldwide. Whether focus on high–rise buildings up to 15– 24 storeys, or the super tall high–rise buildings that are few hundred of storeys high, high–strength concrete of different qualities is the unavoidable choice in search for structural material. If technology development and economic efficiency opened up a gate to high–strength concrete towards wider market, high–rise buildings for sure enhanced benefits and abilities of high–strength concrete as commonly available structural material. Use of such environmental friendly, structurally safe and very resistant material enabled previously mentioned idea and concepts of vertical cities and vertical living. 130 �Figure 103 - Summary of the Representative HSC High–Rises [136] 131 ��COMPOSITE STEEL–CONCRETE STRUCTURES FOR HIGH–RISE BUILDINGS Composite structure is term which refers to the use of different materials within one structural element, where these two materials act as one material. Even though composite structures may refer to composition of any two or more structural materials, due to common use in composite structures it generally refer to the steel–reinforced concrete structures. Composite elements might be beams, columns and slabs, where it is important to enable composite acting of two materials with sufficient shear connection between materials’ bonding surfaces. Philosophy of composite materials seeks for enhancement of single materials’ strength and cutting down of its weaknesses and disadvantage, by combining it into new material. Back in the late 19th century, earliest form of composite structure referred to the composite material commonly known as reinforced concrete. However, it did not take long until the advantages of combining steel sections with reinforced concrete defined new way in construction of buildings, bridges, urban garages structures etc. Early 20th century introduced steel and reinforced concrete in composite structures as flexural members, although lack of shear connection between the two materials resulted in lateral slipping of one material from another. In 1911, O. Kommerell was the first to use transversal steel bars for his bridge design to connect steel beams and concrete in order to prevent lateral slipping; although he solved the problem of the lack of shear connection between the two materials, the function of shear connectors were still not explained. However, few decades later, L. Combournac was the first to explain the function and design principles with shear connectors. Figure 104 - Rolled Beam Enchased with Concrete, Section through Railway Bridge (Kommerell) [28] 133 �In composite structures, earliest forms were composite beams or span girders for the bridges, with low application for high–rise buildings. In composite beams, steel section and reinforced concrete shear were connected and worked together to resist bending moments. Next ability in composite structures was in the shape of composite columns, where steel’s slenderness and concrete’s fire and buckling resistance resulted in more economical and structurally efficient element. Figure 105 - Composite Steel Beam Patented by Julius Khan, 1926, USA [28] Such columns were used for high–rise buildings. In the eighties, composite structures were enriched, combining steel sections and cast in situ concrete deck. Main advantage of composite deck was reduction of formwork, and more efficient and faster construction. Nowadays, composite structures are commonly used, especially for bridges and high–rise buildings, with same working philosophy, just following the innovative technology of steel and reinforced concrete as hybrid material, while taking all its advantages. Design philosophy of composite structures is to use advantages of both steel and concrete, while enhancing them in order to provide higher resistance, strength and durability of the structure. Besides utilization of both individual material advantages, composite structures reduce or exclude material’s disadvantages and weaknesses. Advantages of composite structures:  Ability for larger spans, creating more usable space;  Reinforced concrete appears in compression and steel appears in tension zone, taking the best of both materials; 134 � Shorter construction – schedule due to fabricated steel elements;  Coating steel with concrete adds protection layer toward environmental conditions, which prevents corrosion and increases fire resistance;  Greater stiffness is achieved, with the decrease in bending and deflection of structural beams and columns (buckling);  Better resistance to seismic forces;  Lighter structure when compared to the RC structures due to smaller cross section of structural elements;  Reduced cost for the formwork; and  Shallower beams, which can reduce building’s height. Disadvantages of composite structures are:  If not well done, low strength of shear connectors or any deformation of shear connectors may enable sliding between concrete deck and steel girder;  Additional subcontractor needed for shear connector installation; and  Time consuming due to installation of shear connectors. First composite elements were composite beams, designed as steel beams with shear connectors at the top flange, encased with reinforced concrete slab, or lately composite slabs. Crucial for composite beams are shear connectors, which exclude the possibility for the two materials to behave independently with lateral slipping. When shear connectors unify steel beam and RC or composite slab, the structure acts as composite structure. For the analysis of the structure’s behaviour, composite beam is taken as the behaviour of the cross section of T shaped beams. Concept of composite beams lays in the use of concrete in compression zone in order to achieve better stiffness of the structure, and in order to prevent deflection and buckling, while steel takes place in tensile zone to behave elastically and prevent brittle failure. Composites are more economical for the same span and combination of actions, where composite beams weight and depth are reduced when compared to steel structures. 135 �Figure 106 - Composite Beam with Shear Connection between Steel Beam and Concrete Slab, with Diagrams of Stress Distribution in Cross Section [68] Composite columns overcome the problem of intensive buckling of steel columns, as the RC column’s large cross section. Composite steel–concrete column is erected by two principles; the first steel sections are fully or partially enchased with concrete, while other principle lies in filling steel’s hollow sections with concrete. Figure 107 - Composite Columns Types, a) Steel Section Fully Enchased with Reinforced Concrete, b) Steel Section Partially Enchased with Reinforced Concrete, c) Steel Section Partially Enchased with Concrete [70] An important difference lies in the lack of need for the additional reinforcement of filled hollow steel section, unless there is a necessity for higher fire resistance of the reinforced concrete. The greatest advantage of the composite columns lies in greater fire resistance compared to the steel’s fire resistance, as well as in better corrosion protection of enchased composite columns. Another advantages is in the reduced use 136 �of formwork, because filled hollow steel sections’ formwork is excluded, it increases stiffness of the columns, reduces slenderness and increases buckling resistance. Figure 108 - Composite Column Types, d) Rectangular Hollow Steel Section Filled with Concrete, e) Circular Hollow Steel Section Filled with Concrete, f) Circular Hollow Steel Section Filled with Concrete with Embedded I Steel Section [70] Composite columns are mostly used for construction of high–rise buildings, where the reinforced concrete structures require large cross section elements, using much of the rentable space and where steel column require high maintenance cost and high cost of fire and corrosion protection, which isn’t economical, while composite columns proved to be a more economical solution. Composite slabs consists of steel decking shear connected with concrete slabs. Technology of composite slabs developed new, stiff, light weight and economical slabs. Metal decking in composite slabs exclude necessity of formwork and also acts as a tension member. Steel decking is available in various shapes, with various surface textures and may vary in decking thickness. Figure 109 - Components of Composite Slab, Casting and Installation Principle [190] 137 �The most commonly used is decking with deformed ribs, which results in stronger bond between metal decking and concrete, however, composite slabs, as other composite elements, require shear connectors. Number of shear connectors per surface area and its installation, along with the type of shear connection is designed according to the principles of Eurocode 4 (EC4) – Design of composite steel and concrete structures. In composite structures, a natural bond between concrete and steel exists, however, required bond is not available without any other strengthening method. Shear connector, in shape of steel bars or sections is installed at steel decking or section to achieve desired strength. This leads to the role of the shear connector, which is to resist horizontal slipping between the steel and reinforced concrete, and in the same time, to prevent vertical separation of concrete between steel sections. Dimensions, shapes, types or numbers required to resist horizontal movement are designed according to the design rules of EC4. Composite structures have three types of shear connectors: rigid type, flexible type and bond or anchorage type connectors. Figure 110 - Shapes and Common Dimensions of Shear Connectors, Angle, Circular, Hexagonal or Circular Headed and Channel Section [174] Rigid type of shear connectors can be found in various shapes, short bars, angles or tees welded on steel girder or steel decking. Failure of such connectors occur in terms of cracking of concrete. Flexible type of shear connectors appears in the shape of studs, channels welded to structural beam or decking. As long as these connectors resist bending of the connectors, failure occurs when yield stress in the connector is exceeded. 138 �Bond or anchorage type of shear connectors consists of inclined bars with one end welled to the steel’s top flange, while other is bent and enhanced with concrete. High–rises structures, besides concrete and steel as main structural material, are also constructed as composite structures. Composite structures in case of high–rises strictly refers to steel and concrete, where advantages of both materials are utilized to create one new, high resistant and stiff material. Use of composite structures in high–rise buildings varies from entirely composite structure to specific use of composite columns, beams or slabs. Even though philosophy of composite structures and its advantages in favour of high–rises, composites were not a choice for high–rise buildings until 1970. After the seventies, composite structures took an important role in construction of high–rises and multi–storey buildings, however, the focus was on composite columns, whose principle was to overcome disadvantages and weaknesses of steel and concrete columns. According to the CTBUH, Franklin Centre–North Tower (1989, Chicago) and Bank of China Tower (1985, Hong Kong) were placed among world’s ten tallest high–rises up until 1990. However, the first composite structured high–rise that was entitled the world’s tallest high–rise is building Taipei 101, 2004, with its height of 508 meters. In addition the success of composite structures in terms of high–rise buildings is shown in the latest CTBUH’s researches, where among top ten world’s tallest structure in 2011, six of them were composite structures, Taipei 101, Shanghai World Financial Centre, International Commerce Centre (ICC), Zifeng Tower, Kingkey 100 and Guangzhou International Finance Centre. Figure 111 - Composite Structured High–Rises on the List of the World’s Tallest High–Rises in 2011 by CTBUH [188] 139 �According to the design philosophies, the most critical elements for high–rise buildings have to correspond to wind and seismic actions, where seismic actions are increased with buildings’ weight and height. When compared to RC structures, steel structures acted better in terms of dimension of the cross-section of the structural elements, weighing less and having slenderer elements, making them more resistant; on the other hand concrete had better stiffness and higher resistance to any deflection and buckling of columns. As solution to such problem are composite structures as they remain the best option for structuring of high–rises. Composite structures have better bending and buckling resistance than steel structures, but also weigh less when compared to RC structures. World’s tallest building of 2004, and at the same time the first building that is over half the kilometre tall and has 101 storeys, is Taipei 101, designed by C. Y. Lee and Partners. Figure 112 - Taipei 101 - Schematic View of Characteristic Plans and Elevation [14] 140 �This composite structure is conceptual interpretation of bamboo, where volume is divided following vertical axis. The first part is pyramidal shaped volume with height of 25 storeys, and the last part of vertical division is rectangular shaped 12 storeys, while the rest of the inner storeys are divided in inverted pyramidal shape and have 8 storeys. Located in windy area, structure of this tall building had to be designed to resist constant wind action, whose velocity achieves 156 km/h. Overall building design had to correspond to large wind actions, and the use of composite structure together with volume concept made it able to resist strong winds without suffering any serious deflection or damages. Building is enclosed with 8 perimeter composite columns and 16 core columns, all composed of rectangular steel hollow section, filled with high strength concrete of 70 MPa, where the ground columns are 2.4 x 3 meter in cross section. Figure 113 - Taipei 101–Composite Structure Compared to the Petronas Towers–Reinforced Concrete Structure in Terms of Perimeter Columns [189, 14, 98] If compare concrete structure of Petronas Towers, where the height of 452 meters is achieved, and which has high strength concrete columns with diameter of 2.4 meters (80 MPa), but also located in less windy environment to composite structure of Taipei 141 �101, it is evident that composite structures are more efficient. Being taller, located in much windier environment, meant greater lateral actions on structure happened, and the use of high–strength concrete of lower strength, 70 MPa, than it was used for pure concrete structure enhanced the success of composite structure in the case of Taipei 101, when compared to RC structure of Petronas Towers. 142 �RISK OF PROGRESSIVE COLLAPSE IN HIGH–RISE STRUCTURES Architectural design focuses on aesthetics and functionality of designed spaces in accordance with anthropological measurements in order to satisfy users and inhabitants. Following this philosophy buildings’, structures fit right into architectural design and concepts as well. It is possible to apply this philosophy due to its greatest aim in providing comfortable and rentable spaces. Structures following the architectural plans, concepts and ideas represent a common design principle in any type of buildings, low-rise buildings allow fast and secure evacuation in cases of emergencies accepting this as proper practice. However, in the specific case of high–rise buildings, structures don’t compromises on architectural design, but rather combine its advantages to preform unique aesthetic values of the high–rise volume concepts. Main responsibility of the structure is to be capable to resist failure or collapse of building under various and the critical combination of actions, meaning that the structure should have efficient performance as long as the building’s service life. In high–rise structures, vertical elements columns and walls are designed to resist and transfer all actions to the foundation ground. Design process of high–rise buildings is important in order to provide efficient structure and in resisting various actions with efficiently designed composition of structural elements which would provide rentable and functional space. Structural design should be economical in selection of structural material and required time of the erection. Worldwide accepted design method for building’s structural design is limit states design method, where limit states refer to the structure’s behaviour at different limit states, providing necessary safety against all limitations. Such design is based on probability that a structure will not collapse or become unusable due to various deflection, cracking, etc.; in other words that structure will not reach any limit states under the critical combination of any action. In the mid–20th century, previously working stress method was replaced by the limit states design method. With more precise and more economical designs, and increased safety of the building, limit states design method became worldwide accepted method in structural design. Working stress methods (WSM) follows Hook’s law, considering that stress–strain diagram is linear. In WSM, stresses in structural elements are received through working loads when compared to permissible stress. For WSM, ultimate load carrying capacity is not accurate, as it is for ULS, so generally working stress method is uneconomical due to structural elements being overdesigned than it is actually required. On the other hand, limit states design considered stress–strain diagram as non–linear and more 143 �acceptable principle, with stresses received from designed loads in comparison to designed strength. Partial safety factors appear to be crucial for limit states design, which varies up to action type and action predictability and refers to material type. With partial safety factors, possible errors in constructional inaccuracies, design assumptions and stress redistribution are covered in structural design. There are two limit states:  Ultimate limit state (ULS) – state for the structure in which it must not collapse under maximum design loads up to which it is designed. This means that it must satisfy ultimate state criteria for flexure, compression including stability, tension, shear or combined stresses; and  Serviceability limit state (SLS) – which focuses on governing building service life, most importantly refers to deflections, durability, crackings and fatigue. Limit States Design is defined in Europe in Eurocodes. Basis of design explains the definition classification and principles of limit states designs. This means that limit states designs, according to Eurocodes are in correspondence to structural material type and design of the structure, or in other words, they are in correspondence to a building type. In Eurocodes, term load is practically replaced with the term action, which refers to a load but with wider meaning, where actions are being classified as:  Direct actions, forces or loads applied to the structure; and  Indirect actions, deformation imposed on structure, by temperature change shrinkage, settlement of foundation etc. In structural design, there are three types of design situation; persistent situation which corresponds to a normal design use, transient situation which happens during the construction phase, and accidental situation which occurs in case of earthquake or fire which is also greatly influenced by structural system and material type. According to Eurocodes, along with these three designed situation there are also three main types of actions:  Permanent action (K), self–weight of a structure, or so called dead loads;  Variable action (Q), wind snow or any imposed load, including live load;  Accidental action (A), impact from vehicle, explosion, fire etc. 144 �Besides Eurocodes’ classification of actions, actions may be classified according to direction of acting on gravity actions, lateral actions and special action cases. Gravity actions include permanent actions, variable actions and snow loads, while lateral actions are crucial for high–rises and include seismic and wind actions, which respectively increase with the buildings’ height requiring more precise analysis in estimating them, and special action cases which include impacts, blasts, fire etc. Figure 114 - Types of Structural Loads on High-Rise Structure [185] Generally, no structure is designed to respond to one single action, but up to the critical possible combinations of estimated actions. What differs high–rise buildings form low–rises is necessity for high quality wind control and tests due to the increase of wind actions which happen along with the increase of height. Basic principles of action combinations are reflected in taking permanent actions in any action combination at any structure, and that each variable action is the leading action depending on building’s service type and function. Even though limit states design in analysis takes the critical combinations of all loads and the critical distribution combinations, accidental actions, such as impact loads, explosion and fire, can cause reaching of the structure’s limit state, or in other words failure of the structure will occur. Another issue that structure is dealing with is localisation of that specific failure and prevention of progressive collapse. Progressive collapse is collapse of the whole structure or large part of it, initiated by failure of one or more structural elements or part of the structure. Such failure or damage of one structural element or part of it initiates chain reaction, comparable to domino effect and failure of other structural damages resulting in total collapse of the structure. 145 �Figure 115 - Progressive Collapse, Schematic Presentation of the Progressive Collapses of World Trade Centre (9/11) [61] Few decades ago design for progressive collapse was taken into account only partially or was entirely neglected; however, recent happenings in the USA and Asian countries, whether discuss the attacks or gas explosion, forced accelerated and more detailed structural design to prevent progressive collapses. The regulations of high– rise buildings mostly require addition of redundant members and additional tie of structural elements in order to provide more robust structures, strong, ductile and capable of redistributing accidental loads. In such design requirements new high strength and high performance materials greatly assist, whether it is the case of concrete structures or composite steel and concrete structures. Both of the mentioned materials provide more slenderness, and with slenderness lighter structures with higher resistance to fire and explosions, which are main actuators of progressive collapse when compared to normal strength or conventional concrete. Gravity actions are group of possible actions which act perpendicularly to the slab surfaces, including all actions which are induced by gravity. In high–rise buildings, gravity actions do not differ from those acting on low–rise buildings. Exceptions occur in addition of permanent actions from increased number of storeys, therefore permanent actions of high rises when compared to those form low–rises increase as many times as the number of storeys increases. Gravity actions are permanent loads such as self-weight of structure, densities etc., variable actions – which include service actions, actions during execution, various of vibrations and snow load, where the environmental characteristics define average degree of snow loadings. Unlike any other action types, permanent action may be precisely determined and designed. Permanent actions remain constant and in the same position throughout 146 �buildings’ service life, including weight of the structure and weight of the various attachments which are permanently attached. For the design of permanent action, it is important to have a defined type of the structural material and its density, where exact sizes and weights of the structural elements are derived through presumption and structural analysis. Permanent actions include structural system, frames, walls, floors, slabs, ceilings, stairways, elevators roofs and plumbing, which can be constructed and made from various materials. All of possible materials have specific and characteristic approximate weights required for the design of permanent actions. In limit states design due to high accuracy of permanent actions design and calculation, safety factors are lower than those of other action types. While structural materials in high–rises structures are mostly concrete, steel or composite materials; concrete with greater density seeks for larger structural elements such as columns, beams etc., while on the other hand very light and slender structures can be achieved with steel. Variable actions vary in their value and position of acting on structure. Variable actions include actions during execution, service load such as furniture, users, inhabitants, equipment, and many others with shearing property of being movable and being induced by gravity to the structure. Figure 116 - Illustrative Presentation of Permanent and Variable Actions [122] 147 �Variable actions, besides these occupancy weights, include traffic vibration of the vehicle movements in garages, car ramps etc., in the specific case of high–rise buildings, but also the accelerations of elevators has to be well calculated as type of variable action However, practice of the Eurocodes declares specific action values for various occupancy of the buildings. For instance, National Annex to Eurocode 1, BAS EN 1991-1-1 in Bosnia and Herzegovina [49] specifies service load for residential, office, commercial, hotel and university buildings from 2 kN/m2 for residential buildings, to 3-5 kN/m2 in office buildings, and finally to max. 7 kN/m2 in department stores and commercial buildings. Different global climate conditions develop different environmental impacts and actions on structure. All of the environmental actions are considered to be variable actions due to constant change in climate conditions. Among environmental actions, snow and rain loads are the ones that are being induced by gravity to the structure. Areas with long winter season, where the snow remains for few months, require specific roof designs up to the snow load. Snow load is defined in national annexes to Eurocode 1 – Part 3, from country to country with correspondence to data of average snow amounts during the last few decades, nevertheless roof design and type (flat, gable, hip etc.,) play an important role with the degree of roof slope, windy areas or areas with no wind, snow type, single or multiple snow. Single snow refers to the areas where snow remains for few days, and thaws before the new cycle of snow in following days, however multiple snow refers to the areas where first snow does not thaw before the new cycle of snow arrives, causing multiplicity of the load acting on structure. For multiple snow type, presence of wind and direction in specific environment is also important, which dictates whether the snow load is uniformly distributed, or it accumulates on one side of the structure. Figure 117 - Effect of the Wind on Snow Load Distribution on Roof Top [115] 148 �Cases of high–rises showed that practice in roofing reflects on flat roofs, or slightly sloped roofs, which indicates another issue of snow remaining until it is being physically removed or until the sun solves the problem, which happens due to lack of slopes and possibility of snow sliding down. Along with the common issues of snow remaining, on the top of the roofs, there is high possibility of rainwater accumulation on flat roofs which can also create problems, commonly called ponding. Ponding however, may be caused by accelerated snow melting on flat roof types. Nevertheless, problem of ponding can be solved by proper drainage systems, but in case it is missing, problem of ponding may be solved by installation of water tanks at the roof of the high–rises which have a capacity to collect rainwater at the rooftop area. Amount of value of this kind of load is also defined according to the data of national meteorological institutes of specific environments and areas, which shows the average rainwater fallen per square metre in the last few decades. Collected water is later recycled and reused in water supplies of the higher floors, due to natural fall which excludes the necessity for strong pumps to pump the water from the ground to the top floors. Figure 118 - Flat Roof with Ponding Issue [116] When discuss the lateral actions, their effects are major factors for high–rise structures. Lateral actions, such as wind and seismic actions increase with buildings’ height and become main problem which may make building unstable, unusable, with the critical case scenario of building’s collapse or over turning. Design of the buildings up to 10–storeys high, is affected by lateral actions with diminished effect, but also capable to cause deformations, cracking, deflections etc. However, with buildings over ten storeys high, lateral actions become crucial in structural and architectural design. In such cases, structural elements increase in cross sections, and design requires additional redesigning and arrangement of structural elements. At the early 149 �beginnings of high–rises in the late 19th century, wind actions and seismic actions were not the main focus of design, due to large, massive and stiffened structural elements and structures. However, with the development of high–strength structural materials, lighter and slenderer structures, possibility of deflection and sway became daily problems for engineers. Such situation enhanced the necessity for wind and seismic design in order to prevent collapses, loss of money, economy destruction and prevention of loss of numerous lives. One of the most important issues of high–rise structures is wind action. Lighter, slenderer and more flexible structures are prone to sway, movement, and shake due to wind loadings. As the building’s height increases, importance of wind load design increases respectively. Under the effects of wind high–rises might have different motion and direction of movements, such as, motion along wind, motion across wind and torsional motion. Due to excessive heights and great wind actions, high–rise buildings can be tested in wind tunnels, which determine intensity and nature of wind acting upon a building. Wind tunnel test actually represents behaviour of the structure’s scaled model with its urban context in specific environmental loading, wind. Usually, scale is 300–400 decreased, where the case of the Burj Khalifa required scale was 1:500. Figure 119 - Burj Khalifa, Model for Wind Tunnel Testing, Scale 1:500 [84] Ever since wind became one of the most important factors in high–rise structures, techniques, methods and approaches multiplied and different categories were discovered, which had different focuses in order to achieve better resistance to wind 150 �actions. Approaches for wind design include architectural design approach, structural design approach and mechanical design approach. Architectural design approach has its foundations in aerodynamic based designs and structure based designs. Aerodynamic architectural design is based on various factors such as: building’s position–orientation, plan variations/modifications in height, aerodynamic forms and aerodynamic tops. Each of these approaches may decrease wind effect up to 50%. Effective design, if considering building positioning or orientation at the site is prevailing wind direction. However if the shape or urban context of the site itself allows the correct positioning, effects of wind upon structure may decrease up to 20 per cent. Burj Khalifa, one of the masterpieces in aerodynamic approach to high–rise design, where successfully the building with its butterfly structure resists six types of the wind. Plan variation, as it says, is a variations in characteristic floor plans and height, and it may reflect in reduction of floor plan area or changes in geometrical shapes. In 1973, F. Khan [21] proved in his studies that at the high–rise, which has 40–storeys, and sloped facade of 8 per cent, reduced lateral drift for 50%. Along with plan variation, aerodynamics may be developed through architectural modification, which refers to the modified rectangular in plan of high–rises, whose corners may appear to be notched, slotted, rounded, recessed etc., all in order to reduce across wind motion on the high–rise building. Figure 120 - Schemes of Possible Aerodynamic Solutions in Architectural Forms of High–Rise Buildings Caused with Drastic Plan Variations from Floor to Floor [65] 151 �Aerodynamic form, mostly refers to various cylindrical, conical, twisted or elliptical forms, proved to be the most efficient forms and methods in reducing wind loadings. For instance, choosing circular plan form, rather than rectangular form at the initial phase of the design decreases possible wind actions by 20 percent. However, aerodynamic volumes are still perceived as the monumental in architecture and uncommon for high–rises; the most common of the aerodynamic forms lays in aerodynamic top approach. Such design is based on tapering the structure’s upper part, following the practice of creation of the openings in between 80 and 90 percent of buildings total height; such example may be seen in Shanghai World Financial Centre, Shanghai. Along with aerodynamic based design, structure based design is also important for architectural design approach. In such design symmetrical, circular, elliptical and triangular plans have high structural efficiency and higher response to wind action. Figure 121 - Wind Behaviour on Characteristic Floor Plans of Burj Khalifa [159] Structural design should respond to resist any wind displacement which makes building undesirable and uncomfortable for use. Shear frame systems, core systems, mega frames, tubular systems, mega columns and outrigger systems are structural approaches in resisting wind. Within mechanical design approach, engineers usually take some inherent damping in order to estimate serviceability under lateral actions, which are induced by both seismic and wind actions. Structural systems, structural materials, non–structural 152 �materials, soil structure connection and its interaction, all affect damping which makes it difficult to measure. The installed damper reduces wind or seismic effects. Figure 122 - Taipei 101’s 728 Ton Tuned Mass Damper, World’s Largest Tuned Damper, and the Only One Visible to the Public and Opened for Visits [95,127] Dampers are divided into four groups: passive and active systems, semi–active and hybrids. In the case of high–rises, passive dampers are generally used and may be installed initially or later as retrofit, in order to upgrade buildings with low design for wind or seismic actions. Figure 123 - Damping System Types for High–Rise Buildings - Classification [1] There are many territories worldwide which are described as seismic zones, with different degree of seismic actions. Seismic actions are result of the buildings’ dynamic response to the shaking ground. As rule for lateral actions is that it increases 153 �with the height of the structure and seismic action as class of lateral action has the same impact on high–rise structures. Until the mid 20th century, most of the buildings and infrastructural constructions were not adequately designed for seismic actions due to lack of technology and scientific approaches. Figure 124 - Diagram of Seismic Action Distribution, with Respective Increase of the Buildings Height [184] There are evidences worldwide how even a low earthquake may cause damages or even collapse of structures. One of the latest case of progressive collapse of high–rise building due to earthquake took place in Taiwan, in February 2016, on 17–storeys high residential building. Figure 125 - Progressive Collapse of Residential 17-Storey High–Rise, Caused by the Earthquake in Taiwan, February, 2016 [173] 154 �Commonly, the main issue of collapses reflects in weak structural design and inadequately designed structures. The seismic action depends on building’s mass, ground acceleration, type of foundations, structure, and also load–bearing soil. So far, high–rise structures, showed that accidental actions are the hardest to predict and toughest to resist if they occurs. In structural design, accidental actions refer to all possible actions which are the result of accident, impact or blast which can occur in exceptional circumstances. Accidental actions include blasts such as explosions, detonations and bombs etc., impacts which take vehicle into consideration such as aircraft impact etc., and include fire incidents, which are the possible result of previously mentioned two load types, but is also possible to be caused by anything else. Such actions are not commonly treated and considered within structural design, but rather with variations of passive protection systems. Impact happens at the moment when a body with known velocity hits structure and applies impact action. This kind of dynamic effect is mostly short but inflict a hit that causes further damages, cracking etc. When discuss the crucial impacts, those include aircraft impacts in the air and vehicle impacts on the ground. Figure 126 - World Trade Centre – 9/11 [107, 172, 92, 86] 155 �Aircraft impacts, became one of the greatest hazards for high–rise structures in the last decade. Because of their height, high–rise structures are easy targets. The most known recent aircraft impact on high–rise structures is impact on World Trade Centre, where the possibility of progressive collapse and fast fire expansion happened with the worst case scenario. Although, if we exclude aircraft attacks that happen on purpose, chances for any aircraft impact is reduced to the minimum. Figure 126 shows how an aircraft impact and bomb attack at the World Trade Centre, Manhattan, New York City, initiated fire with progressive collapse of the whole structure, where the attack did not demolish only the targets, World Trade Centre twin towers, but surrounding buildings as well; this case proved the necessity of designing the structure able to resist such or similar impacts. Figure 127 – Progressive Collapse of the World Trade Centre in 6.5 seconds [171] Along with the aircraft impacts, urban areas have to deal with issues of vehicle impacts as well, which cause less destructive load for structures with partial or local damages. Lower velocity achieved by the vehicle is crucial for decreasing the possibility of great injuries on the structure. However, other factors which can be taken into consideration in order to reduce the risk of vehicle actions are distance of the building from the traffic road, direction of the impact, weight of the vehicle as the velocity at the moment of impact. If location and urban context of the structure require design for accidental actions, impacts are generally analysed through modelling of possible impact, evaluation of structural safety after the impact, and rate of fire expansion after the impact if there is any possibility of fire. Blasts include bomb and gas explosions, which refers to blast with condensed high explosive of hot gasses with maximal pressure of 300 kilo bars and temperature of 3000˚ C. Such pressure and expansion form waves with greater velocity than the velocity of sound. 156 �Figure 128 - Exterior Blasts– Explosion Next to the Building [182] Bomb and gas explosions are difficult to take into design consideration and it is almost impossible to erect the structure which is immune to their effects. Some special laboratories and other buildings that deal with hazardous materials are constructed with special techniques and materials which are not cost efficient for wider use in construction of residential buildings, offices, commercial buildings, etc. Gas explosions, as weaker type of blast load, generally happen due to weak and improper installation of gas pipeline in building’s heating systems or mishandling of gas appliances. At the same time the most common accidents are caused by gas explosions, which is not surprising due to the fact that gas is most common fuel used for building’s heating system and that there are other auxiliary necessities that run on gas. Even though gas explosions are localised and cause small damages, they may also initiate fire or grater damages and cracking. Blast that initiates the worst case scenario is caused by bomb explosions which are created on purpose to injure, devastate and demolish a target. Such actions have their targets, but to design a building able to resist such power is questionable. Bomb detonations create shock waves, which expands with velocity of 1 km/s. Bomb explosions may happen next to the structure (exterior) or inside the structure (interior). Common exterior explosion scenarios includes, broken windows and wall or column failure on the buildings’ perimeter due to the pressure waves acting upon it, waves than move further into the building where ceilings and floors become borders, which are also under pressure. Floor generally falls due to large area being under excessive pressure. However, in the case of high–rise structures, losing floor and beams means losing the lateral stiffness and support which indicates collapse. 157 �Figure 129 - Collapse Simulation, High–Rise Building Exposed to Interior Explosion, where the Structure does tot Resist for the Applied Blasts, and Continues with Progressive Collapse [198] On the other hand, interior explosions may be localised due to floor systems above the detonation, with load bearing walls made of concrete or masonry, which results in some local damages and possible failure of non–structural elements; however it still depends on the amount and strength of the bomb explosion. Fire has been a main problem for construction, since the beginnings of the first more complex buildings and structures. Along with all the merits that fire enabled, there were much more damages and injuries that happened accidentally or on purpose. It is almost impossible to find a city or any urban zone, with high concentration of buildings and infrastructure that did not undergo at least partial fire expansion through city. Fire was and still is one of the greatest weapons one can have. Lately, fire became mankind’s weapon with purposes to resolve disagreements; however a fire may be caused by an earthquake or any other natural disasters. Bosnia and Herzegovina and Sarajevo witnessed many of the pre–war monumental buildings and the greatest achievements from many different periods in architecture caught fire in the last war (1992-1995). However, almost all of the reinforced concrete structures remained and resisted fires, most of the reinforced concrete buildings that were on fire were reconstructed after the war. On the other, hand steel structures that were affected by fire during the war, collapsed and were demolished in most cases, with remains relocated and locations still waiting for their new purposes. World Trade Centre and many other builidngs indicate that structural engineers should be more 158 �responsible for fire protection and structures’ resistance to fire, which unfortunately was not the case previously. Figure 130 - Mandarin Oriental Hotel, 2/9/2009, Beijing, 44 Storey, Composite Concrete and Steel Framed Structure, was Entirely Affected by Fire Remained without Structural Collapse [195, 63] First design for fire safety were prescriptive–based designs, where the whole design was based on fire resistance of materials used in structure, while new design is based on the performance design, including evaluated strength and stiffness for a fire safety design, coupled stress–thermal analysis, specialized design for fire effects and use of fire retardants. In addition, new design for fire safety deal with advanced structural analysis in the shape of temperature–time curves, which derive structural responses during heating or cooling phases during fire. The most terrifying recent fire which affected high–rise building, was Grenfell Tower, in London. Scenes from Grenfell Tower over flooded world, with scenes of 24–storey high–rise building disappearing in oversized flame, spreading through the entire height of the building’s elevation. Figure 131 - Grenfell Tower, the Most Recent Fire Incident on the High–Rise in Such Large Scale, June 15, 2017 [102] 159 �Building was built in 1974, designed as concrete residential high–rise structure. Initiator of fire and architectural and mechanical failures in fire protection on one side, besides structural design, structure’s resistance to high fire and its concrete structure prevented progressive collapse. It can be seen in characteristic floor plans that this tall high–rise had only one staircase down the centre of the building, with two elevators which didn’t seem helpful in the case of fire. One staircase unfortunately, showed insufficient for fast and secure evacuation, as well as lack of fire–resistant doors on staircase’s entrance, and lack of building’s firefighting equipment, and maintenance of the existing resulted in loss of many lives. Figure 132 - Grenfell Tower, Cross Section Pointing on Place of Fire Start, with Characteristic Floor Plan Pointing out the Only Staircases Down the Centre of the Building [74] In conclusion, constructing building that are able to resist fire does not only mean to have right choice of the structural material and structure, which indeed are crucial and which is the case with Grenfell Tower, but also an integration of fire–resisting mechanical and technical equipment, active and passive fire protection measures, relying on fire resisting doors, sprinkler systems, early smoke detector etc., all play a crucial role. Well planned architectural design takes in consideration all fire compartments, with correspondence to the maximum number of inhabitants or occupants at any given moment, because accidental actions are not planned and not predictable. 160 �Studies on structural systems defined up to date classification of structures, with systematic approach based on exposure of major structures which were conducted by Mir M. Ali. [1] In general, all of the structures have their advantages and disadvantages, but commonly opens up a possibility to choose the main structural material, depending on many factors such as domestic material, ease of erection, time required, accessibility and safety both during construction and during service life. Table 5 - Classification of Structural Systems of High–Rises Interior Structures [1] Table 6 - Classification of Structural Systems of High–Rises Exterior Structures [1] 161 ��REFERENCES [1] Ali M.M, Moon K. S, 2007, "Structural Developments in Tall Buildings: Current Trends and Future Prospects", Invited Review Paper of Architectural Science Review, Volume 50.3, University of Sydney, AU, pp 205-223; [2] Annadurai A, Ravichandran A, 2014, "Development of Mix Design for High Strength Concrete with Admixtures", IOSR Journal of Mechanical and Civil Engineering (IOSR-JMCE), e-ISSN: 2278-1684,p-ISSN: 2320-334X, Volume 10, Issue 5, pp 22-27; [3] Caldarone M. A, 2009. “High-Strength Concrete - A Practical Guide”, Taylor & Francis Group, London and New York, UK and USA, ISBN10: 0-41540432 (hbk), ISBN 13: 978-0-415-40432-7 (hbk); [4] Chen W. F, Liew J. Y. R, 2003. “The Civil Engineering Handbook – Second Edition”, CRC Press LLC, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431, USA, ISBN 0-8493-0958-1; [5] Ching F. D. K, Jarzombek M, Prakash V, 2011, "A Global History of Architecture I", 2nd Edition, Wiley, New Yersey, USA, ISBN: 978-0-47040257-3; [6] Craighead G, 2009. “High-Rise Building Definition, Development and Use”, Butterworth-Heinemann is an imprint of Elsevier, 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA, Linacre House, Jordan Hill, Oxford OX2 8DP, UK, ISBN 978-1-85617-555-5; [7] Dawson S, 2003. “Cast in Concrete”, Architectural Cladding Association, 60 Charles Street, Leicester, LE1 1FB, UK; [8] Deplazes A, 2005. “Constructing Architecture: Materials, Processes, Structures – A Handbook”, Birkhäuser – Publishers for Architecture, Basel, Switzerland, Part of Springer Science+Business Media, ISBN-10: 3-76437189-7, ISBN-13: 978-3-7643-7189-0; [9] Ding J, Chao S, Chen J, 2005. “Design and Research for a Tall Buildings of Concrete Filled Square Steel Tube.”, Tall Buildings (from Engineerng to Sustainability), Hong Kong:, World Scientific Publichinf Co. Pte. Ltd., pp 739 – 742; 163 �[10] Džidić S, “Otpornost betonskih konstrukcija na požar”, International BURCH University Sarajevo, Bosnia and Herzegovina, ISBN 978-9958-834-47-9; COBISS.BH-ID 22444550; [11] Džidić S, Okugić H, Bajramović E, 2017. “Studije o betonu 2015-2016”, CIP 624.012.4, ISBN 978-9958-834-57-8; COBISS.BH-ID 24495622; [12] Ellingwood B, R, Smilowitz R, Dusenberry D.O, Duthinh D, Lew H.S, Carino N. J, 2007. “Best Practices for Reducing the Potential for Progressive Collapse in Buildings, NISTIR 7396, National Institute of Standards and Technology, Technology Administration, U.S. Department of Commerce; [13] Gardner L, Grubb P. J, 2010, “Eurocode Load Combinations for Steel Structures”, Steel Construction Institute, Silwood Park, Ascot. SL5 7QN, ISBN 1850730636, 978185073063; [14] Günel M. H, Ilgin H. E, 2014. "Tall Buildings: Structural Systems and Aerodynamic Forms", Routledge, New York, NY, USA, ISBN 13: 978-1315-77652-1(ebk); [15] Hrasnica M, 2005, “Seizmička analiza zgrada”, Građevinski fakultet Univerziteta u Sarajevu, ISBN 9958-9461-8-X; [16] Hrasnica M, 2012, “Aseizmičko građenje”, Građevinski fakultet Univerziteta u Sarajevu, ISBN 978-9958-638-31-2; [17] Johnson R. P, 2004. “Composite Structures of Steel and Concrete; Beams, Slabs, Columns and Frames fo Buildings”, Blackwell Scientific Publications, Oxford UK and Malden, MA, USA, ISBN 1-4051-0035-4; [18] Johnson R.P, 2004. “Designer Guide to Eurocode 4 Design of Composite Steel and Concrete Structures”, Ice Publishing, London, UK, ISBN10 072774173X , ISBN13 9780727741738; [19] Kelly A, 1994. “Consise Encyclopedia of Composite Materials”, Pergamon Press Oxford, UK, ISBN SBN 0-08-034718-5; [20] Khan F. R, 1969. “Recent Structural Systems in Steel for High-Rise Buildings“, Proceedings of the Conference on Steel in Architecture, British Constructional Steelwork Association, London, UK; [21] Khan F. R, 1973. “Evolution of Structural Systems for High-Rise Buildings in Steel and Concrete”, in J. Kozak (ed.), Tall Buildings in the Middle and East Europe: Proceedings of the 10th Regional Conference on Tall Buildings 164 �Planning, Design and Construction, Czechoslovak Scientific and Technical Association Bratislava, Czechslovakia; [22] Mahendran M, 1996. “The Modulus of Elasticity of Steel Is It 200 GPa?” 13th International Specialty Conference on Cold-Formed Steel Structures, Missouri S&T, St. Louis, Missouri USA, pp. 641-648; [23] Martin O, MacDonald C. M, 2007. “Advances in Structural Design for High -Rise Residential Buildings in Australia”, CTBUH 2007, 7th World Congress, New York, USA; [24] Mei N, 2005. “A City Beyond Tall Buildings - Rediscover City Value and People Value”, Sixth International Conference on Tall Buildings, Mini Symposium on Sustainable Cities, Mini Symposium on Planning, Design and Socio-Economic Aspects of Tall Residential Living Environment, Hong Kong, China, pp 49-55; [25] Mosley B, Bungey J, Hulse R, 2007. “Reinforced Concrete to Eurocode 2”, Houndmills, Basingstoke, Hampshire Palgrave MacMillan, RG 21 6XS, UK and New York, USA ISBN-13 978-0-230-50071-6, ISBN-10 0-230-50071-4; [26] Pank W, Girardet H, Cox G, 2002. “Tall buildings and Sustainability”, London: Corporation of London, UK, Dewey Number 720.483094212; [27] Pašić A, 2010. “Arhitektura Bosne i Hercegovine 1918–1992”, Arhitektonski Fakultet Univerziteta u Sarajevu, Sarajevo, Bosnia and Herzegovina; [28] Pelke E, Kurrer K. E, 2015. “On the Evolution of Steel - Concrete Composite Constructions.”, 5th International Congress on Construction History, Chicago; USA, 5ICCH Proceedings [Volume 3], The Construction History Society of America, ISBN-13: 9781329150355, pp 107-116; [29] Portland Cement Association, 1994, “Concrete Technology Today, HighStrength Concrete”, Volume 15/Number 1, 5420 Old Orchard Road, Skokie, Illinois 60077-1083, USA; [30] Rana E. N, Rana S, 2014. “Structural Forms Systems for Tall Building Structures.”, SSRG International Journal of Civil Engineering (SSRG-IJCE) – Volume 1, Issue 4, ISSN: 2348 –8352, pp 33–35; [31] Rashid M. A, Mansur, M.A, 2009. “Considerations in Producing HighStrength Concrete.” Journal of Civil Engineering (IEB), 37(1) (2009), pp 5363; 165 �[32] Sivakumar N, Muthukumar S, Sivakumar V, Gowthaw D, Muthuraj V, 2014. “Experimental Studies on High-Strength Concrete by Using Recycled Coarse Aggregate”, International Journal of Engineering And Science Vol.4, Issue 01 (January 2014), ISSN(e): 2278-4721, ISSN (p):2319-6483, pp 27-36; [33] Sarkisian M, 2012. “Designing Tall Buildings - Structure as Architecture”, Routledge, New York, USA, ISBN 978-1-138-88670-4; [34] Skazlić M, Tomičić I, 2006. “Arimiranobetonski elementi od betona visokih čvrstoća naprezani savijanjem”, GRAĐEVINAR 58 (2006) 8, Journal of the Croatian Association of Civil Engineers, Zagreb, Croatia, ISSN 1333-9095, pp 631 - 640; [35] Skejić D, Androić B, Dujmović D, 2012. “Selection of Steel Based on Ductility.” GRAĐEVINAR 64 (2012) 10, , Journal of the Croatian Association of Civil Engineers, Zagreb, Croatia, ISSN 1333-9095, pp 805815; [36] Smith B. A, Coull A, 1991. “Tall Building Structures: Analysis and Design”, John Wiley & Sons, New York, USA, ISBN 0471512370 9780471512370; [37] Soja E, Wade C, Ducan C, Clampett J, 2000. “Fire Protection for High-Rise Buidlings”, Building Control Commission, Melbourne, Victoria, Australia, ISBN 0-9577-638-3-2; [38] Šahinagić-Isović, M, Markovski G, Ćećez M, 2012. “Shrinkage Strain of Concrete - Causes and Types”, GRAĐEVINAR, 64 (2012) 9, Journal of the Croatian Association of Civil Engineers, Zagreb, Croatia, ISSN 1333-9095, pp 727-734; [39] Štraus I, 1998. “The Architecture of Bosnia and Herzegovina 1945 – 1995; Printing and Publishing House “Oko” Inc, Sarajevo, Bosnia and Herzegovina, ISBN 9958-43-034-7; [40] Vakufska direkcija Sarajevo, 2014. “Vakufi sa područja općina Stari Grad i Centar Sarajevo, nekad i sad”, Islamska zajednica u Bosni i Hercegovini, Vakufska direkcija Sarajevo, Bosna i Hercegovina; [41] Vambersky, J. N. J. A, 2004. “High-Rise Buildings in the Netherlands: Hybrid Structures and Precast Concrete”, CTBUH 2004 - Seoul Conference, Seoul, Korea, pp 136 – 143; [42] Wu D, Sofi M, Mendis P, 2010. “High-Strength Concrete for Sustainable Construction”, Proceedings of the International Conference on Sustainable 166 �Built Environment, (ICSBE-2010), University of Moratuwa, Society for the Promotion of Science, Kandy, Japan, pp 434 – 442; [43] Zils J, Viise J, 2003. “An Introduction to High-Rise Design” Structure Magazine”, National Council of Structural Engineers Associations (NCSEA), ASCE’s Structural Engineering Institute (SEI) and the Council of American Structural Engineers (CASE), November 2003, pp 12–16. STANDARDS [44] BAS EN 12390-1:2013 Testing hardened concrete - Part 1: Shape, dimensions and other requirements for specimens and moulds, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [45] BAS EN 12390-2:2010 Testing hardened concrete - Part 2: Making and curing specimens for strength tests, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [46] BAS EN 12390-3:2010 Testing hardened concrete - Part 3: Compressive strength of test specimens, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [47] BAS EN 12390-4:2003 Testing hardened concrete - Part 4: Compressive strength - Specification for testing machines, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [48] BAS EN 1991-1-1:2015 Eurocode 1 - Actions on structures: Part 1-1: General actions - Densities, self-weight and imposed loads for buildings, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [49] BAS EN 1991-1-1/NA:2016 Eurocode 1 - Actions on structures: Part 1-1: General actions - Densities, self-weight and imposed loads for buildings National annex, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [50] BAS EN 1991-1-2:2015 Eurocode 1: Actions on structures - Part 1-2: General actions - Actions on structures exposed to fire, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [51] BAS EN 1991-1-3:2015 Eurocode 1: Actions on structures - Part 1-3: General actions - Snow loads, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; 167 �[52] BAS EN 1991-1-4:2015 Eurocode 1: Actions on structures - Part 1-4: General actions - Wind actions, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [53] BAS EN 1991-1-5:2015 Eurocode 1 - Actions on structures - Part 1-5: General actions - Thermal actions, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [54] BAS EN 1991-1-5/NA:2017 Eurocode 1 - Actions on structures - Part 1-5: General actions - Thermal actions - National annex, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [55] BAS EN 1992-1-1:2017 Eurocode 2: Design of concrete structures - Part 11: General rules and rules for buildings, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [56] BAS EN 1993-1-1:2017 Eurocode 3 - Design of steel structures - Part 1-1: General rules and rules for buildings, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [57] BAS EN 1994-1-1:2006 Eurocode 4 - Design of composite steel and concrete structures - Part 1-1: General rules and rules for buildings, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [58] BAS EN 1998-1:2017 Eurocode 8: Design of structures for earthquake resistance - Part 1: General rules, seismic actions and rules for buildings, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina; [59] BAS EN 206:2014 Concrete - Specification, performance, production and conformity, Institut za standardizaciju Bosne i Hercegovine, Istočno Sarajevo, Bosna i Hercegovina. INTERNET RESOURCES [60] http://1.bp.blogspot.com/_hDq5sbmfrSY/TIg7rmnA3yI/ AAAAAAAABI k/wWROTiN1FmY/s400/BaiyokeTowerII-BangkokThailand.jpg [61] http://911review.com/myth/crumbling.html [62] http://ae390g6diagrid.weebly.com/parameters.html [63] http://aparaskevas.blogspot.ba/2009/02/fire-engulfs-under-constructionbeijing.html 168 �[64] http://arcspace.com/feature/bank-of-china-headquarters [65] http://article.sapub.org/10.5923.j.arch.20140403.01.html [66] http://aspiretoinspiredesign.blogspot.ba/2010/10/petronas-towers.html [67] http://blog.endpoint.com/2016/04/how-to-build-skyscraper.html [68] http://eurocodes.jrc.ec.europa.eu/showpage.php?id=134 [69] http://faculty.kirkwood.edu/ryost/stereographs/WWI%20Illustrations/ Seeing%20New%20York/Seeing%20NY,%20Times%20Square%20(1915). gif [70] http://fgg-web.fgg.unilj.si/~/pmoze/ESDEP/media/wg10/f0810001.jpg [71] http://fgg-web.fgg.uni-lj.si/~/pmoze/ESDEP/master/wg14/l1500.htm/ [72] http://ibac2013.org/ [73] http://img849.imageshack.us/img849/4573/sjenjak2.jpg [74] http://latestnewsnetwork.com/stringent-provisions-are-in-place-canadiancities-well-prepared-for-highrise-fires-say-fire-officials/ [75] http://learnandearnd5.blogspot.ba/2017/05/concrete-cube-and-cylinderstrength13.html [76] http://mapio.net/pic/p-2439410/ [77] http://mapio.net/pic/p-84469909/ [78] http://openbuildings.com/buildings/eureka-tower-profile-3730/media [79] http://openbuildings.com/buildings/john-hancock-center-profile-1408/media [80] http://radiobet.eu/wp-content/uploads/2016/12/zgrada-parlament-bih590x330.jpg [81] http://romeonsegway.com/10-facts-about-the-pantheon/ [82] http://skyscraperpage.com/diagrams/?searchID=79165401 [83] http://skyscraperpage.com/diagrams/?searchID=79170701 [84] http://skyscraper.org/EXHIBITIONS/TEN_TOPS/engineering.php 169 �[85] http://stementor.tistory.com/entry/The-12%EC%9E%AC%EB%A3%8C%EC%97%AD%ED%95%99%ED%8E%B8 -312 [86] http://thegreaterpicture.com/9-11.html [87] http://thethreetomatoes.com/developing-architectural-appreciation [88] http://watchdogpm.com/blog/watchdog-long-weekend-guide-great-lakes [89] http://civil-online2010.blogspot.ba/2015/02/creep-of-concrete.html [90] http://whatson.ae/dubai/2013/11/35-years-of-whats-on-dubai/ [91] http://wikimapia.org/37860/Parque-Central-East-Tower [92] http://world-visits.blogspot.ba/2012/03/world-trade-center-911.html [93] http://ww1blog.osborneink.com/?p=5612 [94] http://www.agcs.allianz.com/assets/PDFs/risk%20bulletins/SupertallBuildings-Bulletin.pdf [95] http://www.amusingplanet.com/2014/08/the-728-ton-tuned-mass-damperof-taipei.html [96] http://www.archilovers.com/projects/406/30-st-mary-axe.html [97] http://www.architectural-review.com/buildings/chinese-developments-arebeginning-to-show-a-concern-for-more-sensitive-design/8691351.article [98] http://www.archute.com/2016/01/28/petronas-towers-worlds-tallest-twintowers-cesar-pelli) [99] http://www.arths-studiocubra.com/portfolio-item/republic-of-srpskagovernment-building [100] http://www.aviewoncities.com/gallery/ showpicture.htm?key=kvesp4754 [101] http://www.balkanforum.info/f20/sarajevo-sarajewo-bosnien-herzegowinabosna-i-hercegovina-bih-88035/index57.html [102] http://www.bbc.co.uk/news/uk-england-london-40272168 [102] http://www.casselden.com.au/image-gallery/ [103] http://www.civilengineeringforum.me/supplementary-cementing-materials/ [104] http://www.chicagoarchitecture.info/Building/1055/311-South-WackerDrive.php 170 �[105] http://www.concretecontractor.com/concrete-construction-projects/ingallsbuilding/ [106] http://www.ctbuh.org/TallBuildings/HeightStatistics/Criteria/tabid/ 446/language/en-US/Default.aspx [107] http://www.dailymail.co.uk/news/article-2365931/Larry-Silverstein-WorldTrade-Center-owner-trying-sue-airlines-billions-9-11-attacks.html [108] http://www.discoverfrance.net/France/Cathedrals/Paris/Notre-Dame.shtml [109] http://www.gettyimages.com/detail/illustration/iconic-buildings-of-chicagoroyalty-free-illustration/166055120 [110] http://www.historija.ba/d/35-zemljotres-u-banja-luci/ [111] http://www.history.com/topics/hoover-dam [112] http://www.hoffarch.com/assets/Chrysler-full.jpg [113] http://www.infocampo.com.ar/wp-content/uploads/2017/08/ShangaiPudong.jpg [114] http://www.kakanjcement.ba/ [115] http://www.kdietrich.com/thesis/d9aresearch/section%202%20science/section%202-0%20science.htm [116] http://www.mainlandroofing.com/Sloping%20a%20flat%20roof.html [117] http://www.metalandtech.com/cold.html [118] http://www.oocities.org/topsyturvy_6051/Baiyoke2con.html?201711 [119] http://www.panoramio.com/photo/46370626 [120] [121] http://www.panoramio.com/user/274162?with_photo_id=1311558 http://www.pcwirestrand.com/pcwirestrand/deformed-steel-bar.html [122] https://www.pitsco.com/content/?art=28&ap= [123] http://www.runet-software.com/documents/SteelSectionsEC3ENG.pdf [124] http://www.sac.net/images/stories/avaz_twist_update/visual/avaz_twist_tower_ads_studio. jpg 171 �[125] http://www.sa-c.net/images/stories/TZ__Mellain_Center/04.mart.2013/DSC_0036.jpg [126] http://www.scielo.br/scielo.php?script=sci_arttext&pid=S198341952012000500001 [127] http://www.slate.com/blogs/atlas_obscura/2014/11/17/ the_tuned_mass_damper_of_taipei_101_in_taiwan.html8 [128] http://www.skyscrapercenter.com/building/hotel-de-las-artes/3720 [129] http://www.skyscrapercity.com/showthread.php?page=239&t=918678 [130] http://www.skyscrapercity.com/showthread.php?t=1822957&page=6 [131] http://www.skyscrapercity.com/showthread.php?t=267607 [132] http://www.skyscrapercity.com/showthread.php?t=28656 [133] http://www.skyscrapercity.com/showthread.php?t=391698&page=505 [134] http://www.skyscrapercity.com/showthread.php?t=548892&page=2 [135] http://www.skyscraper.org/TALLEST_TOWERS/t_wtc.htm [136] http://skyscraperpage.com/diagrams/?searchID=79174628 [137] http://www.streetervillehomes.com/common/images/260chestnut/1.jpg [138] http://www.telegraph.co.uk/news/worldnews/europe/ serbia/9270654/ plotted-to-raze-Sarajevo-to-the-ground.html [139] http://www.thestructuralmadness.com/2015/10/outriggers-in-tallbuildings.html [140] http://jetsettingfools.com/visit-mostar-21-things-to-do// [141] http://www.wind-works.org/cms/index.php?id=539 [142] [143] https://aehistory.wordpress.com/1855/10/07/1855-bessemer-steel-process/ https://app.vts.com/properties/181-west-madison [144] https://bomaelevatorspeech.wordpress.com/2012/04/27/cre-news-whatwere-reading-the-week-of-april-23/ [145] https://booksite.elsevier.com/samplechapters/9781856175555/02~ Chapter_1.pdf [146] https://en.wikiarquitectura.com/wp content/uploads/2017/01/Sears_Tower 172 �[147] https://historicconstructions.blogspot.ba/2014/11/beroemde-gebouwenfamous-buildings.html [148] https://image.slidesharecdn.com/burjkhalifa-150516084413-lva1app6892/95/burj-khalifa-16-638.jpg?cb=1431766190 [149] https://inhabitat.com/swaying-shanghai-tower-handles-peak-wind-loads-of114-mph [150] https://i.pinimg.com/originals/50/5a/85/505a850c20290066 d28cb3a7cd243cbf.jpg [151] https://myassignmenthelp.com/free-samples/advanced-persistent-threatimpacts [152] https://myspace.com/banjaluka4ever/mixes/classic-stare-fotografije-oldphotographies-banja-luka-506905 [153] https://readingdevelopment.files.wordpress.com/2013/10/china.jpg [154] https://sassda.co.za/the-mechnical-properties-of-stainless-steel/ [155] https://science.howstuffworks.com/engineering/structural/first-steel-framedskyscraper.htm [156] https://upload.wikimedia.org/wikipedia/commons/4/44/ Bosmal_City_Centar.jpg [157] https://upload.wikimedia.org/wikipedia/commons/7/70/Belgique__Bruxelles_-_Parlement_europ%C3%A9en_-_01.jpg [158] https://upload.wikimedia.org/wikipedia/commons/thumb/8/80/ Sarajevo_City_Center_Summer_2015_%281%29.jpg/1200pxSarajevo_City_Center_Summer_2015_%281%29.jpg [159] https://upload.wikimedia.org/wikipedia/en/9/93/Burj_Khalifa.jpg [160] [161] https://www.archdaily.com/153297/ad-classics-bank-of-china-tower-i-m-pei https://www.archdaily.com/273404/o-14-reiser-umemoto [162] https://www.archdaily.com/411878/ad-classics-ville-radieuse-le-corbusier [163] https://www.askideas.com/media/37/Petronas-Towers-Malaysia-Picture.jpg [164] https://www.bayt.com/en/specialties/q/118811/what-is-the-curing-period-ofreinforced-concrete 173 �[165] https://www.buildotechindia.com/development-of-self-compactingconcrete-using-fly-ash/ [166] https://www.delcampe.net/en_US/collectibles/postcards/bosnia-andherzegovina/ak-sarajevo-capaje-bo-1950-298006755.html [167] https://www.e-architect.co.uk/dubai/o14-tower [168] https://www.e-architect.co.uk/shanghai/shanghai-tower-development [169] https://www.emaze.com/@AQFFRLRF/Final-copy1 [170] https://www.fosterandpartners.com/projects/hearst-headquarters [171] https://www.infowars.com/building-7-implosion-the-smoking-gun-of-911/ [172] https://www.nbcnewyork.com/news/local/911-Plane-Part-Moved-GroundZero-Mosque--205586781.html [173] https://www.ndtv.com/world-news/7-dead-after-powerful-taiwanearthquake-fells-buildings-1274373 [174] https://www.researchgate.net/figure/264143713_fig1_Fig-3-Compositebeams-and-shear-connectors [175] https://www.quora.com/What-is-the-practical-use-of-controlling-thegrading-of-concrete-aggregate [176] https://www.slideshare.net/chuhonsan/l3-vertical-structure-p [177] https://www.slideshare.net/chuhonsan/l3-vertical-structure-pt1-1 [178] https://www.slideshare.net/chuhonsan/l5-vertical-structure-pt-3 [179] https://www.slideshare.net/chuhonsan/l5-vertical-structure-pt-3-3341134 [180] https://www.slideshare.net/joymeer/high-rise-structure-cor [181] https://www.slideshare.net/neel1104/sears-tower [182] https://www.slideshare.net/SoumyabrataSaha1/blast-load-and-its-analysis [183] https://www.slideshare.net/varunteja7330/mi-291-chapter-4-learning-fromfailure [184] https://www.slideshare.net/WolfgangSchueller/lateral-stability-of-buildingstructures-58620763 [185] https://www.slideshare.net/zabihullahnasiri/type-of-high-rise-building 174 �[186] https://www.skyscrapercenter.com/building/empire-state-building/261 [187] https://www.skyscrapercenter.com/city/shanghai [188] https://skyscraperpage.com/diagrams/?searchID=79165808 [189] https://skyscraperpage.com/diagrams/?searchID=79165954 [190] https://www.steelconstruction.info/Design_of_composite_steel deck_floors_for_fire [191] https://www.steelconstruction.info/Steel_section_sizes [192] https://www.studyblue.com/notes/note/n/midtermid-s/deck/2065592 [193] https://www.studyblue.com/notes/note/n/test-2/deck/11434458 [194] https://www.theatlantic.com/photo/2011/09/911-the-day-of-theattacks/100143/ [195] https://www.thebeijinger.com/blog/2014/02/09/five-years-ago-today-cctvhotel-tower-burns [196] http://www.thestructuralmadness.com/2015/10/outriggers-in-tallbuildings.html [197] https://www.theurbandeveloper.com/would-you-live-in-a-vertical-citysuperskyscrapers-of-the-future/ [198] https://www.youtube.com/watch?v=GbiUR57w4pA [199] https://books.google.ba/books?id=24CMQS09MUcC&printsec=frontcover &hl=hr#v=onepage&q&f=false [200] http://www.skyscrapercenter.com/building/trianon/2102 175 ���� Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3717 Title A name given to the resource HIGH - RISE BUILDINGS STRUCTURES AND MATERIALS Author Author DŽIDIĆ, Sanin KOVAČEVIĆ, Ilda Causevic, Amir Rustempasic, Nerman Zejnilovic, Emina Abstract A summary of the resource. High-rise buildings present a challenge; they present a challenge for architects, engineers, occupants as well as observers. They attract the viewer's eye. They are our monuments and often become city landmarks and tourist attractions. City views from the tops of the buildings are also extremely appealing. People either praise them or criticize them, but they are indeed an important part of urban landscape in every modern city. They are here, present, and can be found in every metropolis or city that intends to become one. Sometimes they stand in awe, and sometimes they stretch above. For all they are, or for all they are not, their builders are the culprits responsible for these magnificent structures. This book is the result of a serious research, and it is intended to become a textbook for the "High-Rise Buildings" course held at the Master's Degree Program at the Department of Architecture at the Faculty of Engineering and Natural Sciences of the International BURCH University in Sarajevo. However, students of other architectural faculties or departments of architecture, students of structural engineering, as well as architects and structural engineers in design and construction themselves may find this book helpful. Parts of the book, or the entire book may also be of interest for a common reader. As the human body is composed of brain, skeleton, muscles, organs, blood and nervous system, all of which have their own functionality and appearance, the organism we call a high-rise building is also composed of load-bearing structure, different materials applied, and various embedded functional systems that allow for comfort and serviceability of these structures. Their appearance catches the observer’s eye and causes different emotions; sometimes these emotions are positive, sometimes not so much, but essentially everything that initiates any emotion in a person becomes a truly memorable experience Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Book PeerReviewed NA Architecture https://omeka.ibu.edu.ba/files/original/1a2e31136c575fce1eef8c541f556a9e.pdf 483d48d892292b8f93f25af7943e1caa https://omeka.ibu.edu.ba/files/original/cdae919ff6bb6b828a68ac51dc93a183.pdf 8509d7ae6ab2386b6bd97b2c1639e521 PDF Text Text CONCRETE STUDIES 2017 CONCRETE STUDIES 2017 SANIN DŽIDIĆ | ILDA KOVAČEVIĆ | SABINA KOZLICA DŽIDIĆ | KOVAČEVIĆ | KOZLICA SARAJEVO, 2018 � Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3731 Title A name given to the resource Concrete Studies 2017 Author Author DŽIDIĆ, Sanin KOVAČEVIĆ, Ilda Kozlica, Sabina Causevic, Amir Sahinagic Isovic, Merima Abstract A summary of the resource. The first study is “Comparison of Fire Resistance of RC Slabs Determined according to Different Methods“. We construct our buildings and facilities to last 50, 100 or even 200 years. There is a high probability that fire will eventually occur during the service life of practically every structure. Fire can happen anytime and anywhere. This study explores fire resistance of RC slabs that are the most sensitive concrete elements in fire situation. We compared the results of determination of fire resistance according to four different methods. We got some conclusions, but also opened an area for new research on fire resistance of some other concrete elements. Concrete is principal construction material in Bosnia and Herzegovina. It is very common. However, concrete of high compression strength is almost unknown in Bosnia and Herzegovina. The study of “High-Strength Concrete (HSC) and Possibilities for Production in Bosnia and Herzegovina“ discusses the recent history, advantages and disadvantages, application and benefits of it, as well as the constituent materials, mix design and proportioning and properties of high strength concrete. Experimental part of this study proves that it is feasible to produce highstrength concrete of slightly modified ordinary concrete mix improved by domestic admixtures and additives at minimal cost. This study aims to encourage concrete factories to produce it and engineers to apply it in their designs and actual construction. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Book PeerReviewed TA Engineering (General). Civil engineering (General) https://omeka.ibu.edu.ba/files/original/615f8b4038e76bfd8159ff65dc0a5c45.pdf 4111745c7351fa7364c87bdf60ba2688 Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3733 Title A name given to the resource Concrete studies 2018 Author Author DŽIDIĆ, Sanin KOVAČEVIĆ, Ilda Kozlica, Sabina Abstract A summary of the resource. We love concrete! We love it because it is concrete. We love it because it is reliable. We love it for it is steady and durable. We love it because it is mysterious. We would like to discover some of its mysteries and share them with you! That is why the “Concrete Studies“! Actually, this is a continuation of “Concrete Studies 2015-2016“ and hopefully predecessor of some other future concrete studies. Again, we present you with the additional three studies conducted at the International BURCH University Sarajevo and University of Bihać in Bosnia and Herzegovina. The first study is “Comparison of Fire Resistance of RC Slabs Determined according to Different Methods“. We construct our buildings and facilities to last 50, 100 or even 200 years. There is a high probability that fire will eventually occur during the service life of practically every structure. Fire can happen anytime and anywhere. This study explores fire resistance of RC slabs that are the most sensitive concrete elements in fire situation. We compared the results of determination of fire resistance according to four different methods. We got some conclusions, but also opened an area for new research on fire resistance of some other concrete elements. Concrete is principal construction material in Bosnia and Herzegovina. It is very common. However, concrete of high compression strength is almost unknown in Bosnia and Herzegovina. The study of “High-Strength Concrete (HSC) and Possibilities for Production in Bosnia and Herzegovina“ discusses the recent history, advantages and disadvantages, application and benefits of it, as well as the constituent materials, mix design and proportioning and properties of high strength concrete. Experimental part of this study proves that it is feasible to produce highstrength concrete of slightly modified ordinary concrete mix improved by domestic admixtures and additives at minimal cost. This study aims to encourage concrete factories to produce it and engineers to apply it in their designs and actual construction. In his book “Advanced Concrete Technology“1 , Dr. Zongjin Li said: “Fresh concrete requires considerable care, just like a baby.” With 28 days of age, we consider concrete to be mature. However, to get concrete quality as required by design after 28 days, the curing procedure requires a whole set of steps, controls and tests. Unfortunately, concrete quality control in Bosnia and Herzegovina is usually related just to testing of concrete compression strength. The study of “Concrete Quality 1 Li, Zongjin, 2011, “Advanced Concrete Technology“, (John Wiley & Sons, Inc., Hoboken, New Jersey, USA ISBN 978-0-470-90239-4 (ebk), 8 Control according to European Standards –Case Study– Construction of the Waste Treatment Plant in Bihać“ presents a unique example of Quality Assurance Program for construction project in Bosnia and Herzegovina, but with particular attention to concrete works in details. Testing of fresh concrete, testing of hardened concrete, and testing of steel reinforcement were integral parts of the QA Program during the implementation of the project. The approach presented in this study and implemented in the actual project could serve as a model, or at least for concrete quality control according to European Standards for other large construction projects in Bosnia and Herzegovina. Lessons learned from this project are important and experiences are tremendous. We believe that engineers, architects, designers, construction and project managers, contractors, clients and students can gain and find useful some of our experiences based upon the critical approach and thinking, and also keeping in mind that knowledge, same as seed, cannot be just transplanted anywhere without a detailed analysis of each piece of the land, climate, and many other factors - and in this case any individual project. We do hope that findings from these studies can serve as a reference for your future endeavors. We use this opportunity to thank our reviewers for their remarks, recommendations and suggestions. We’d also like to thank Ms. Dijana Misaljević for English proofreading that made this text better and Mr. Elmir Halebić for the design of the book cover. We also appreciate any effort and support by everyone who has in any way contributed to the process of publishing this book. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Book PeerReviewed TA Engineering (General). Civil engineering (General) https://omeka.ibu.edu.ba/files/original/b64076f8673c3e9c29558ece9d1b2b06.pdf ba708e5b169703ff79fd3c8bb3dfe09c PDF Text Text Cyber Security Audit in Business Environments Kemal Hajdarevic �II �Cyber Security Audit in Business Environments Kemal Hajdarevic Sarajevo, 2018 III �Author: Dr. Kemal Hajdarević Proofreading Pat Allen & Ana Tankosić Publisher: International Burch University Editor-in-Chief: Dr. Kemal Hajdarević Reviewed by: Prof. Dr. Colin Pattinson Prof. Dr. Mario Spremić DTP & Design: Dr. Kemal Hajdarević DTP and Prepress: International Burch University Circulation: Electronic document Place of Publication: Sarajevo Copyright: International Burch University, 2018 Reproduction of this Publication for educational or other non-commercial purposes is authorized without prior permission from the copyright holder. Reproduction for resale or other commercial purposes prohibited without prior written permission of the copyright holder. Disclaimer: While every effort has been made to ensure the accuracy of the information, contained in this publication, International Burch University will not assume liability for writing and any use made of the proceedings, and the presentation of the participating organizations concerning the legal status of any country, territory, or area, or of its authorities, or concerning the delimitation of its frontiers or boundaries. ----------------------------------CIP - Katalogizacija u publikaciji Nacionalna i univerzitetska biblioteka Bosne i Hercegovine, Sarajevo 004.056:658 HAJDAREVIĆ, Kemal Cyber security audit in business environments [Elektronski izvor] / Kemal Hajdarevic. - El. knjiga. Sarajevo : International Burch University, 2018, XVI,160 str. : ilustr. ; 25cm About author: str. 161. Način dostupa (URL): http://eprints.ibu.edu.ba/3776/1/Cyber%20Security%20Audit%20in%20Business%2 0Environments_ 12.12.2018.pdf. - Nasl. sa nasl. ekrana. - Opis izvora dana 19. 12. 2018. ISBN 978-9958-834-64-6 COBISS.BH-ID 26733830 ----------------------------------- IV �V �VI �Table of Contents Author’s Preface .......................................................................................................XIII ORGANISATION OF BOOK SECTIONS ....................................................................... XV LEARNING TRACKS ............................................................................................... XVI IMPORTANT DEFINITIONS ..................................................................................... XVI 1. Introduction ......................................................................................................... 1 CHAPTER ABSTRACT .................................................................................................. 1 ONE VIEW ON THE HISTORY OF DOCUMENTING PAST EVENTS.................................. 1 ONE VIEW ON DIGITAL TRANSFORMATION ............................................................... 3 DIGITAL TRANSFORMATION CYBER SECURITY CHALLENGES .................................... 5 PURPOSE OF THIS BOOK.............................................................................................. 6 CYBER SECURITY ........................................................................................................ 8 CYBER SECURITY MANAGEMENT ............................................................................... 9 SUMMARY ................................................................................................................ 10 KNOWLEDGE ACQUIRED .......................................................................................... 11 REVIEW QUESTIONS.................................................................................................. 11 FURTHER READINGS ................................................................................................. 11 2. Security of cyber and information system components ............................... 13 CHAPTER ABSTRACT ................................................................................................ 13 NETWORK COMPONENTS AND INFRASTRUCTURE................................................... 13 NETWORK RELIABILITY REQUIREMENTS .................................................................. 14 COMMUNICATION MODEL ....................................................................................... 14 OSI REFERENCE MODEL AND TCP/IP SUITE ........................................................... 15 TCP/IP protocol suite .......................................................................................... 15 ISO / OSI reference model ................................................................................... 16 NETWORK TOPOLOGIES ........................................................................................... 17 CLIENT – SERVER COMMUNICATION MODEL.......................................................... 18 VII �PEER-TO-PEER COMMUNICATION MODEL............................................................... 19 INFRASTRUCTURE AND AD-HOC COMMUNICATION MODEL................................... 19 NETWORK COMMUNICATION MEDIA ...................................................................... 20 Wired communication media ............................................................................... 20 Wireless communication media ........................................................................... 22 Weaknesses associated with communication media ............................................. 22 NETWORK COMMUNICATION DEVICES ................................................................... 23 Hubs ..................................................................................................................... 23 Bridges ................................................................................................................. 23 Switches ............................................................................................................... 24 Network TAPs ..................................................................................................... 25 Routers ................................................................................................................. 26 Firewalls ............................................................................................................... 26 Intrusion detection and prevention systems ........................................................ 27 VOIP and PBX .................................................................................................... 27 NETWORK TYPES ...................................................................................................... 28 BAN ..................................................................................................................... 28 PAN ..................................................................................................................... 28 LAN ..................................................................................................................... 28 SAN ..................................................................................................................... 28 WAN .................................................................................................................... 28 MAN .................................................................................................................... 29 NETWORK TERMINAL DEVICES ................................................................................ 29 Supercomputers ................................................................................................... 29 Mainframes .......................................................................................................... 29 High-end and midrange servers ........................................................................... 29 Personal computers .............................................................................................. 30 Thin client computers .......................................................................................... 30 Laptop computers ................................................................................................. 30 Smartphones and handheld computers ................................................................ 30 IoT ........................................................................................................................ 31 NETWORK SERVICES ................................................................................................. 31 NFS ...................................................................................................................... 31 DHCP .................................................................................................................. 31 E-mail................................................................................................................... 32 Print service ......................................................................................................... 33 VIII �RAS ...................................................................................................................... 34 Directory services................................................................................................. 34 Peer-to-Peer services and applications ................................................................. 35 FTP ...................................................................................................................... 35 Telnet ................................................................................................................... 36 VPN ..................................................................................................................... 36 Communication ports used .................................................................................. 37 NETWORK MANAGEMENT ....................................................................................... 38 Passive monitoring .............................................................................................. 38 Active monitoring ................................................................................................ 39 History of network management .......................................................................... 39 OSI model and framework for network management........................................... 40 SUMMARY ................................................................................................................ 43 KNOWLEDGE ACQUIRED .......................................................................................... 44 REVIEW QUESTIONS.................................................................................................. 44 FURTHER READINGS ................................................................................................. 45 3. Cyber security landscape ................................................................................. 47 CHAPTER ABSTRACT ................................................................................................ 47 FUNDAMENTAL ASPECTS OF CYBER AND INFORMATION SECURITY........................ 47 CYBER SECURITY INCIDENTS AND MOTIVATIONS .................................................... 48 Common cyber threats ......................................................................................... 49 Malicious software – history and types................................................................ 50 PASSIVE AND ACTIVE ATTACKS ............................................................................... 52 Masquerading ...................................................................................................... 53 Man in the middle attacks .................................................................................... 53 Message modification ........................................................................................... 53 Eavesdropping ...................................................................................................... 53 Intrusion attacks .................................................................................................. 54 Packet reply .......................................................................................................... 54 Spoofing ............................................................................................................... 54 Pharming ............................................................................................................. 54 War dialling ......................................................................................................... 54 War driving ......................................................................................................... 55 War walking ......................................................................................................... 55 War chalking ........................................................................................................ 55 IX �Code injection....................................................................................................... 55 Interrupt attacks .................................................................................................. 55 DoS, DDoS, flood attacks .................................................................................... 56 Flood attacks......................................................................................................... 57 Protocol specific attacks ....................................................................................... 57 DNS attacks ......................................................................................................... 57 ARP attacks ......................................................................................................... 58 DHCP attack ........................................................................................................ 59 Alteration attacks ................................................................................................. 59 Botnets ................................................................................................................. 59 Fraud .................................................................................................................... 59 Salami .................................................................................................................. 60 Phishing ............................................................................................................... 61 DEEP WEB, DARK WEB ............................................................................................ 61 Deep Web ............................................................................................................. 61 Dark Web ............................................................................................................. 61 Dark Net .............................................................................................................. 62 TOR operation ..................................................................................................... 63 PENETRATION TESTING, ETHICAL HACKING, AND INTRUSIONS ............................. 63 Common intrusion steps, techniques, and tools ................................................... 65 SUMMARY ................................................................................................................ 73 KNOWLEDGE ACQUIRED .......................................................................................... 74 REVIEW QUESTIONS.................................................................................................. 74 FURTHER READINGS ................................................................................................. 75 4. Cyber security incident cases .......................................................................... 77 CHAPTER ABSTRACT ................................................................................................ 77 CHAPTER SECURITY INCIDENTS ............................................................................... 77 CENTRAL BANK OF BANGLADESH ........................................................................... 77 RETAIL CHAIN TARGET ............................................................................................ 80 SONY ENTERTAINMENT COMPANY ......................................................................... 81 HILLARY CLINTON’S PRESIDENTIAL CAMPAIGN ..................................................... 83 WEBSTRESSER ........................................................................................................... 86 SUMMARY ................................................................................................................ 89 KNOWLEDGE ACQUIRED .......................................................................................... 89 REVIEW QUESTIONS.................................................................................................. 89 X �FURTHER READINGS ................................................................................................. 90 5. Cyber security controls ..................................................................................... 93 CHAPTER ABSTRACT ................................................................................................ 93 INFORMATION TECHNOLOGY USAGE RELATED TO CYBER RISK .............................. 93 RISK MANAGEMENT ................................................................................................. 93 Risk analysis ........................................................................................................ 94 Risk assessment .................................................................................................... 94 Risk treatment ...................................................................................................... 94 INTERNAL CONTROLS .............................................................................................. 95 Purpose of internal controls ................................................................................. 95 Control objectives ................................................................................................. 96 ISO 27001 ............................................................................................................ 97 3E's ...................................................................................................................... 99 COBIT 5............................................................................................................. 100 PREVENTIVE CONTROLS ......................................................................................... 101 DETECTIVE CONTROLS ........................................................................................... 101 CORRECTIVE CONTROLS ........................................................................................ 101 GENERAL CONTROLS ............................................................................................. 101 SPECIFIC CONTROLS ............................................................................................... 102 SPECIFIC CONTROLS EXAMPLES ............................................................................. 102 Business continuity and Disaster recovery related controls .............................. 102 Bring Your Own Device (BYOD) controls ....................................................... 104 SUMMARY .............................................................................................................. 105 KNOWLEDGE ACQUIRED ........................................................................................ 105 REVIEW QUESTIONS................................................................................................ 105 FURTHER READINGS ............................................................................................... 106 6. Cyber security audit........................................................................................ 108 CHAPTER ABSTRACT .............................................................................................. 108 ORGANISATION DEFENCE MODEL ......................................................................... 108 THE THREE LINES OF DEFENCE MODEL .................................................................. 109 The first line of defence: Operational management ............................................ 109 The second line of defence: Compliance and Risk Management......................... 110 The third line of defence: Internal audit ............................................................. 110 ORGANISATION RESPONSIBILITIES IN SECURITY GOVERNANCE ............................ 111 CYBER SECURITY AUDIT ......................................................................................... 113 XI �Performing an audit ........................................................................................... 113 Audit objectives .................................................................................................. 114 Types of audits ................................................................................................... 114 Risk-based auditing and audit risk .................................................................... 116 Qualitative risk-based approach ......................................................................... 116 Semi-quantitative risk-based approach .............................................................. 116 Quantitative risk-based approach ...................................................................... 116 Audit risk types .................................................................................................. 117 Evidence collection ............................................................................................. 117 Condition, Criteria, Cause and Effect of Internal Auditing .............................. 118 ENTERPRISE ARCHITECTURE AND AUDITING ........................................................ 119 HARDWARE AUDIT................................................................................................. 119 OPERATING SYSTEM AUDIT .................................................................................... 120 DATABASE AUDIT................................................................................................... 121 NETWORK INFRASTRUCTURE AUDIT ..................................................................... 122 INFORMATION SYSTEM AUDIT OPERATION AUDIT ................................................ 123 SCHEDULING AUDIT............................................................................................... 125 PROBLEM MANAGEMENT REPORTING AUDIT ........................................................ 126 TIMELINE FOR CYBER SECURITY AUDIT .................................................................. 126 SUMMARY .............................................................................................................. 128 KNOWLEDGE ACQUIRED ........................................................................................ 129 REVIEW QUESTIONS................................................................................................ 129 FURTHER READINGS ............................................................................................... 130 7. Conclusions ...................................................................................................... 131 CHAPTER ABSTRACT .............................................................................................. 131 CYBER SECURITY OVERVIEW .................................................................................. 131 CYBER SECURITY AUDIT OVERVIEW ....................................................................... 132 List of Figures ........................................................................................................... 133 List of Tables ............................................................................................................. 135 Acronyms .................................................................................................................. 137 References ................................................................................................................. 141 Index .......................................................................................................................... 158 About author ............................................................................................................ 161 XII �Author’s Preface Everyday reports reveal numerous cyber security incidents, while many more are never uncovered due to the risk of jeopardising the reputation of the attacked systems. One definition of risk of this sort is: “feasible determinable outcome of an activity or action subject to hazards” (Stamatelatos, 2000). A more holistic and comprehensive definition, which is available in the NIST Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessment, defines risk as: „Adverse impact(s) that could occur... to organisational operations (including mission, functions, image, reputation), organisational assets, individuals, other organisations... due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems.“ As such, databases, as the active and passive components of computer networks and the building blocks of computer infrastructures, became a point of focus for every business in the world. Unlike 30 years ago, many households nowadays rely on Internet access and available services to support their everyday life. The Internet and World Wide Web (WWW) resources are accessible through various web browsers. The concept of web browsing can be traced back to Sir Timothy John Berners-Lee, who XIII �in March 1989 wrote a proposal in which he proposes a unique way to access web resources, using three components: Hyper Text Markup Language (HTML), Hyper Text Transfer Protocol (HTTP), and Unique Resource Locator (URL) (History of the Web, 2018). The new and important role of computer network infrastructures, and information technologies supported by computers and computer communication networks, produced user who depend and trust in the reliability and security of their operations. Every day, media and news report on different criminal activities or misconducts in which information technology assets were involved. It is well known that high-tech companies, organisations, and banks are not the only victims of cyber-crime, but that every sphere of business and life can be subject to cyber security incidents. Information security encompasses the field of information security, where information refers to both electronically stored or transferred information, as well as information that is written on paper or spoken in conversation. Cyber security also has a narrower meaning that includes only information and data stored or transferred electronically. In 1948, Norbert Wiener defined cybernetics as the science of control of and communication with animals and machines (Norman J., 2018), while the term cyberspace was used by William Gibson in his 1984 book “Neuromancer” (Gibson W., 1984). In the 21st century, this term implies control of any system using technology. In this book, cyber security is constrained to computer architectures and infrastructures, network components such as routers, switches, servers, and VOIP PBXs, as well as other active and passive devices and equipment which are part of every modern business environment. XIV �This book is intended for cyber and information security auditors, practitioners, and students, or as supplementary documentation for students of computer communication, network administration courses, network security, ethical hacking, or network forensics courses, who have the intention to manage or be a part of cyber and information security management and audit processes. These days, universities are trying to modernise their syllabi by creating new programs and courses that will cope with current cyber and information security challenges. However, in most cases university programs cannot change as dynamically as cyber security players in cyber arenas which demand constant changing. Students and scientists have to be aware of risks associated with fraud (English Oxford Dictionaries, 2018), different technologies, IoT devices, and the deep and dark web where criminals are at large and crime connected to the real world is happening. That is why universities in most cases still lead a losing battle when it comes to preparing information technology students for real world challenges in managing and auditing information and cyber security. Another important goal that audit process have to accomplish, if possible, is to proactively inform stake holders regarding the state of operations, using systems of dashboards located in one place which will sound an alert in case of important cyber security issues. Organisation of book sections The book is divided into seven sections: 1. Introduction 2. Security of cyber and information system components 3. Cyber security landscape 4. Cyber security incident cases XV �5. Cyber security controls 6. Cyber security audit 7. Conclusions While reading, it is possible to follow different tracks as proposed below. Learning tracks It is possible to acquire specific skills and knowledge on certain paths through different chapters in the scheme shown below. For internal auditors, the order of reading book chapters is 1, 2, 3, 4, 5, and 6. For ethical hackers, the chapters can be read in the same order, excluding chapter 6. For network managers, the chapter order is 2, 3, and 5. Finally, for members of law enforcement agencies important chapters are 3, 4, and 5, while for Chief Information Security Officers the order of chapters to be read is 2, 3, 4, and 5. Important definitions Information System (IS) Security - Refers to the activities, processes, methodologies, frameworks, and standards used for the maintenance of information and information assets confidentiality, integrity, and availability. (Techopedia, 2018) IT Controls - Refers to procedure policies that provide a reasonable assurance that information technology (IT) operations are reliable and compliant with applicable laws and regulations. (Mar S., et. al., 2012) IT Auditing – Refers to an examination of the Information technology (IT) infrastructure controls established by management. (Mar S., et. al., 2012) XVI �1. Introduction Chapter abstract Chapter goals: To present early advancements in reviewing past events, and primarily the French war campaign against Russia. To introduce core information security principles. To introduce and explain the relationship between information and cyber security. To introduce the concept of digital transformation and the risks associated with the usage of digital technology in digital transformation. Learning outcomes: Knowledge of core principles of information security and cyber security. Cyber security assets that have to be supported through cyber security management processes. One view on the history of documenting past events Charles Joseph Minard (27 March 1781 – 24 October 1870) was one of the first contributors in the field of information graphics and a historian of civil engineering and statistics. Minard was working as Inspector General of Bridges and Roads (Mason B., 2017), and he is well known for his graphic work from 1869 where he presented Napoleon's disastrous military campaign against Moscow from 1812 to 1813 (Mason B., 2017). By analysing the graph shown below, it is possible to notice that Minard analysed the causes and consequences of the campaign within a single graph, which is why this document can be seen as an early sample of audit finding documentation. All findings in audit reports have to have references based on hard evidence. �As it can be read from Minard’s map, the campaign started on the 24th of June 1812. The retreat from Moscow began on October 18, and ended on December 14. The graph shows the number of soldiers lost during advances to Moscow and the following return to France. In the same graph we may find information concerning the temperature during one phase of retreat, equal to -37.5 C. This graph is probably one of the earliest flow maps containing quantitative information ever created. In literature (Maswerk, 2013), the graph is known as “The map that made a nation cry” because Napoleon started his campaign to Moscow with 422,000 soldiers from Niemen, France in 1812, with only 10,000 returning alive. Figure 1. Charles Joseph Minard: Napoleon's Retreat from Moscow (The Russian Campaign 1812-1813), Mason B., (2017) That means that only 2.37% of soldiers returned alive. Up to this point, Napoleon’s army was the largest army ever in the history of warfare. This graph presents a quantitative perspective of disastrous events which shows a lack of logistics, military planning, organisation, and transportation. Graph above is a 2 �presentation of many different types of data in one visual form, so the relationship between them can be seen. From that point onwards, warfare strategists used available information and experience to avoid similar situations through better planning and organization. Napoleon's Retreat from Moscow looks like a non-interactive dashboard with a lot of useful information. An interactive graphic dashboard version (Maswerk, 2013) where different data reported by Minard can be analysed is available online. Graphic maps and dashboards provide intuitive insight into multiple sets of data, facts, and information, all presented within one graphic view. By graphically documenting past events with time scales from which conclusions can be drawn, we can learn from history and available resources with the goal of preventing future unfortunate events or to improve existing activities and processes. Minard published his famous map 56 years (referenced above) after the events that changed history forever. In today's electronic or digital era we encounter activities, events, vulnerabilities, and incidents which have to be solved as soon as possible, and sometimes within minutes, hours, or days, since any unnecessary delay in time can produce serious negative consequences. One view on digital transformation Digital business transformation through digital technologies provides different services to a large number of people in different parts of the globe. This dominant technology creates a large dependency on digital technology in every sphere of business and life for the population at large. Services such as mPesa, which started operating in 2007, allow users (20 million) mostly in Africa to exchange money and use it as a payment mechanism (Spremic, 2017). 3 �In Sweden 95% of all transactions are performed without physical banknotes, and in Denmark from 2016 there is law that allows shops to require only electronic payment and to refuse to accept physical banknotes (Spremic, 2017). The Netflix service, which started as a DVD movie renting company, now provides online movie rental services to more than 80 million users in more than 200 countries. Wal-Mart and Macy use the Facebook „like“ option to decide which products will have a lower price or which products are most preferred among customers, Spremic (2017). Airbnb is a service which allows customers to lease or rent shortterm lodging, including cottages, apartments, homestays, hostel beds, or hotel rooms. More bookings are done by Airbnb than through official hotel chains. Airbnb does not have physical offices for their customers across the world. The same is true for Uber, the biggest global taxi service which is supported and run exclusively through the Internet (Spremic, 2017). Data and information in today’s business environments are the most valuable assets, immediately after the people who are responsible for managing information and maintain the security, confidentiality, integrity, and availability of information (CIA). Business sustainability depends on well-managed cyber and information security. Whenever technology is used to improve business operations, there is risk that malicious individuals, such as cyber criminals, will attempt to harm the implemented technology. While information security deals with the security of information, CIA treats information not only in their digital form, but in printed form as well, as well as any information that can be stored or transmitted in electronic form. 4 �Digital transformation cyber security challenges It was apparent that cyber security quakes were on agenda during and after the US elections which ended in January 2017. Cyber events including Hilary Clinton’s leaked e-mails (Zurcher A., 2016), and the Russian influence reported by (LaFraniere S, 2018) throughout the campaign, still reverberate through the US political arena at the time when this book was in the process of writing, in the spring and summer of 2018. Other notable cyber incidents include the Central Bangladesh Bank heist (Ruma P., 2018), which took place in February 2016, where Dridex malware was used for an attack against the local SWIFT infrastructure (Thomson I., 2016). Hackers tried to steal $951 million, succeeding in stealing around $80 million (Ruma P., 2018). The exact amount is not known, but the hackers used existing device vulnerabilities, such as operating systems which were not patched, and did not have proper antivirus intrusion detection and firewall protection. The future will most certainly bring new unseen incidents, since we are generally only informed about incidents related to financial frauds and malicious attacks in banking industry in the news. We already witnessed incidents related to technology or military espionage and attacks on elements of vital national infrastructure, such as the attack on nuclear power plants using Stuxnet (Mueller P. and Yadegari B., 2012). It is a question of great concern what will happen in the future when food and pharmaceutical companies become the target of cyber-attacks once all tasks are automated, including, for example, the addition of chemical ingredients and determination of dosage levels. Attacks on any computer network infrastructure, such as food processing facilities, could be conducted via communication channels, servers, data bases, and applications. 5 �These kinds of attacks can severely affect human health or even cause deaths. As such, we realise the danger of underestimating risks associated with cyber and information security, especially by individuals responsible for security. While key persons and top management in most working environments will most probably be able to recognise the importance of cyber and information security as one of the top strategic goals, when it comes to real world situations there are many existing problems and challenges. The nature of information is such that it can exist in different forms, or it can be communicated using different communication channels. Information can be written on paper, stored on hard disks in data bases, or transferred via wired or wireless communication channels. Purpose of this book The purpose of this book is to provide insight into cyber security landscapes, and it is intended for students, teachers, administrators, information security auditors, forensic staff, security consultants/professionals, professional penetration testers, and everyone else who plans to use it for ethical reasons. This book can be used as a review manual for cyber and information security, or as supplemental documentation related to computer security, digital forensics, and ethical hacking courses. The book is also necessary in areas where it is important to monitor the performance and compliance of information systems, and to report the status to management or regulatory bodies in the form of a specific type of operational feedback. Feedback is a well-known term and mechanism from the 18th century, used in different fields including engineering (mechanical, electrical, electronic, software), dynamical systems, climate science, control theory, finance and economy, biology, 6 �social science, and even medicine as a self-regulated mechanism. Ramaprasad (1983) defines it as: “Information about the gap between the actual level and the reference level of a system parameter“ Business environments are supported by computer and network infrastructures that are used for collaboration, data processing, internal and external communication, reporting, and many other purposes. As such, cyber and information security auditors have to be aware of approaches presented here which can make their jobs easier. This book can also be used as a quick reference guide in addition to other referenced sources for practitioners who are delegated or are in the process of information system, cyber, and information security audit. It can be used as supplemental material for students of computer communications and network management courses, information management system courses, system and network administration courses, and cyber and network security courses. In essence, this book is for cyber security specialists who want to learn more about the process of auditing, using available standards and controls applicable to today's architectures with active components such as switches and routers. While university programs offer technical knowledge about cyber and information security management through courses, there is a clear need to educate students about the organisational aspects and functions which include auditing. This book can be used as supplemental material for students and practitioners to grasp the scope of expertise they will need, and to understand what standards, methods, and tools can be used to successfully perform future tasks in cyber and information security arena, with a particular focus on auditing tasks. 7 �The focus of this book is on principles of auditing, applicable standards, controls, and risk management processes. Another contribution of this book is the visualisation of trends and the presentation of the current state of the field of auditing. Cyber security Cyber security is limited to electronically stored data or information, as well as data and information which is transferred through communication channels, real time operational instructions, network devices, communications links, servers ant other similar devices which stores and transports the data. The management of information security covers cyber related information, as well as physical media such as paper and spoken word. As shown in the figure below, cyber security is considered a subset of information security. Information security Cyber security Figure 2. Cyber and information security realm 8 �Cyber security management Cyber security management is possible through implementation and constant monitoring and improvement check-ups. Check-ups can be implemented in various forms using the existing standards. As we saw from the well-known cases in the media, the root of many cyber and information security incidents stems from basic administrative flaws such as unpatched operating systems, unimplemented antivirus solutions, or cheap unmanaged switches separating network traffic. It is a common mistake on the part of the management to believe that information security is only information technology (IT) security or that cyber security is something that only IT experts have to handle. The real-life cases show us that more broader approaches, methods, and standards have to be considered, implemented, and used. A successful response to cyber security threats has to involve key players and decision makers who can contribute to cyber security in key areas. For cyber security management, IT related activities are key to cyber and information security management for the whole organisations. IT supports data infrastructures through communication signalisation (which can be wired or wireless), with passive (cables, trunks and patch cabinets) and active network components (such as switches and routers), data bases, files, applications, media servers, or clouds. Unmanaged access rights, weak network controls, weak antimalware update policy, no Bring Your Own Device (BYOD) policy, no cryptographic controls, no media disposal or Universal Serial Bus (USB) policy, will all likely jeopardise organisation security. 9 �Information security has several additional responsibilities for information assets to manage, including:  Human resources security that would include security issues during the hiring, employment, and termination process. It should include cyber and information security awareness programs for employees and third parties.  Physical security that would include security of physical perimeters around information processing facilities. The focus of physical security should be physical access rights, video surveillance, and physical alarm systems.  Legal issues that would include licensing and intellectual rights.  Common affairs that would include tendering processes, utility concerns such as power supplies from the electric grid, redundant power supplies that would include UPSs, generators, fuel supplies, equipment services, and water and gas supplies. Summary Cyber security is a subset of information security that deals with the security of information stored in digital form and transferred over communication links. A great part of information security related standards deals with cyber security issues. Almost daily, media reports reveal cyber security related incidents. By learning from history, we can conclude that we will see an increase in incidents of this type, especially as more services and users use digital technology in everyday work and life. 10 �Knowledge acquired The difference between information and cyber security, information and key cyber areas of management. Digital transformation challenges related to cyber security. Review questions 1. Explain the difference between information and cyber security? 2. What are the key areas of information security? Further readings - Digital transformation: online guide to digital business transformation https://www.i-scoop.eu/digitaltransformation/ - The Cyber Security Management System: A Conceptual Mapping, SANS Institute InfoSec Reading Room https://www.sans.org/readingroom/whitepapers/basics/cyber-security-managementsystem-conceptual-mapping-591 - What Is Cybersecurity? https://www.cisco.com/c/en/us/products/security/what-iscybersecurity.html 11 �12 �2. Security of cyber and information system components Chapter abstract Chapter goals: To present Shannon’s communication model, as well as the essential network standards related to the ISO OSI referenced model and the TCP/IP suite. To define network topologies, and present network communication devices, network types, and network terminal devices. To present network services and associated protocols, to explain core network management principles, and to explore the purpose of active and passive monitoring. Learning outcomes: Knowledge of core principles in computer communications and operation of active computer communication network devices, protocols, and services. Essential knowledge concerning network management processes. Network components and infrastructure Network infrastructures in terminal devices such as client computers, laptops, smart phones, and servers, provide a large number of users access to different services. All these infrastructures are supported by active and passive devices such as modems, hubs, bridges, switches, routers, firewalls, intrusion detection and prevention systems, and other communication devices and communication links that guarantee reliable and secure communication. For an internal auditor it is important to understand and have enough knowledge of available technology 13 �to be able to conduct audits and identify the points of improvement for audited systems. Network reliability requirements With the goal of providing reliable network support, network operations have to satisfy specific requirements to be able to support everyday business functions such as: Interoperability, which means that different network technologies have to be interconnected. Availability, which means that the network architecture and services have to be available 24-7-365. Flexibility, which means that new network segments can be added and expanded as new needs are introduced. Manageability, which means that networks can be well managed from a single point of management. Communication model The client–server model is one of the most common communication models available, drawing roots from Shannon and Weaver’s communication model presented in the 1940's (Shannon & Weaver, 1949). Information source Information transimter (Coding) Communication channel Signal / Message Information receiver (Decoding) Information Destination Figure 3. Shannon’s communication model This model contains communicative highlights components such as information source and information destination as the most important parts of communication. With the goal of transmitting 14 �information from source to destination, a communication channel (wired or wireless) with transmitters and receivers implemented as hardware or software components is needed. All these components are the building blocks of the core communication model relevant for today’s communications. OSI reference model and TCP/IP suite The TCP / IP protocol is the standard Internet protocol used, and the latest version of the TCP/IP protocol is version 6 (IPv6, 2018), but version 4 is still widely in use. TCP/IP protocol suite In the late 1960s, the United States Department of Defence financed a project known as ARPANET (Featherly K., 2018) with the goal of developing communication protocols which would enable computers to communicate. The initial network started working in 1969, with a set of protocols. In 1974, specifications for the TCP protocol were published, and they were tested in the following years as the fourth version of TCP/IP (Pelkey, 2007). In 1977, first tests were conducted between Stanford and University College of London (TCP/IP Internet Protocol, 1981). Application Transport Internet Link Physical Figure 4. TPC / IP protocol suite layers 15 �ISO / OSI reference model The idea of standardizing computer protocols was initiated in the 1970s when two bodies for the establishment of international standards independently began working on their reference models. These were the International Standardisation Organisation (ISO) and the International Telegraph and Telephone Consultative Committee (CCITT acronym, French version of the name ) (Pelkey , (2007) Chapter 9 Standards: 1979-1984. Application Presentation Session Transport Network Data Link Physical Figure 5. ISO / OSI reference model The two documents which were created by these two bodies were merged in 1983 and published in 1984 under the name The Basic Reference Model for Open Systems Interconnection. ISO named their version of the standard ISO 7498 (ISO 7498:1984, 1984) and CCITT named it ITU-T (Telecommunications Standardization Sector of the International Telecommunication Union) x.200 (x.200, 1995). The goal of this model was to provide a fundamental design for future protocols which will be used for international 16 �communication for the industrial, educational, and commercial purposes. This model never fully came to life as, unlike TCP/IP, it was not practically implemented in the real world of communications. The OSI reference model is used as a model for educational purposes in order to understand the general principles of the protocol used for computer communications. The OSI reference model has seven layers, as is shown in the figure above. Network topologies An important aspect of computer networks is network architecture. Within network architecture, the physical layout of computer networks is called network topology. Ring Star Line / Tree Mesh Bus Point-to-point Full mesh / Point-to/point Figure 6. Network topologies Network topology determines how the network and the networked devices are interconnected. While network topology 17 �was primarily used as a hardware setting, with computer networks and Internet, different applications were developed which use elements from physical topologies, such as client-server and peerto-peer applications. Client – Server Communication model This model represent the earliest Internet building blocks where on the service side there was a server, and on the user side was a client. PC PC PC SERVER Client - Server PC PC PC Peer-to-Peer PC PC PC PC Figure 7. Client-Server and Peer-to-Peer communication models 18 �Peer-to-Peer communication model The Peer-to-Peer (P2P) model was originally concerned with how computer hardware and computer communication were interconnected. Infrastructure and ad-hoc communication model With the arrival of wireless communication, two types of communication models were introduced. The first one is infrastructure, where a wireless access point is needed as a gateway for users to use network resources such as the Internet. In this way, the network is configured in a hierarchical infrastructure. Internet PC PC PC PC Figure 8. Infrastructure of the wireless communication model The ad-hoc model is used so that devices are interconnected with each other in point-to-point topology. PC PC PC PC PC Figure 9. Ad-hoc wireless communication model 19 �Network communication media A communication channel is needed to transfer data from a sender to a receiver over certain communication media. Communication media can be wired or wireless. Wired communication media Wired communication media that can be used consists of copper based pairs, coaxial cables, or fibre optic cables. Twisted pairs made of copper are used for WAN and LAN technologies. These cables are produced as Unshielded Twisted Pairs (UTP) and Shielded Twisted Pairs (STP). Coaxial cables, called thin net and thick net, can be used to transfer data. Because copper cables are prone to electromagnetic interference, STPs with a metal shield around twisted pairs are used to reduce external noise. With the goal of providing higher frequencies and data transfer speeds, different categories of twisted pair cables are introduced, which allows for high data rate transfer over Ethernet segments as shown in the table below. CATEGORY SHIELDING TRANSMISSION SPEED 100 METERS SEGMENT FREQUENCY Cat 3 UTP UTP UTP UTP / STP STP STP 10 Mbps 16 MHz 10/100 Mbps 100 MHz 1000 Mbps / 1 Gbps 100 MHz 1000 Mbps / 1 Gbps 250 MHz 10000 Mbps / 10 Gbps 500 MHz 10000 Mbps / 10 Gbps 600 MHz Cat 5 Cat 5e Cat 6 Cat 6a Cat 7 Table 1. Ethernet cable performance (Ethernet, 2018) Enhanced twisted pair categories and electronics allow higher frequencies and faster data rates as is shown in Table 2. 20 �Experimental Ethernet 1973 2.94 Mbit/s over coaxial cable (coax) bus Ethernet II 1982 10 Mbit/s over thick coax. IEEE 802.3 1983 10BASE5 10 Mbit/s over thick coax. 802.3a 1985 10BASE2 10 Mbit/s over thin Coax 802.3e 1987 1BASE5 or StarLAN 802.3i 1990 10BASE-T 10 Mbit/s over twisted pair 802.3j 1993 10BASE-F 10 Mbit/s over Fiber-Optic 802.3u 1995 100BASE-TX, 100BASE-T4, 100BASE-FX 802.3y 1998 100BASE-T2 100 Mbit/s 802.3z 1998 1000BASE-X Gbit/s Ethernet over Fiber-Optic at 1 Gbit/s 802.3ab 1999 1000BASE-T Gbit/s Ethernet over twisted pair at 1 Gbit/s 802.3ae 2002 10 Gigabit Ethernet over fiber 802.3an 2006 10GBASE-T 10 Gbit/s 802.3aq 2006 10GBASE-LRM 10 Gbit/s Ethernet over multimode fiber 802.3bm 2015 100G/40G Ethernet for optical fiber 802.3bp 2016 1000BASE-T1 – Gigabit Ethernet over a single twisted pair 802.3bs 2017 200GbE (200 Gbit/s) over single-mode 802.3bw 2015 100BASE-T1 – 100 Mbit/s Ethernet over a single twisted pair 802.3by 2016 Optical fiber, twinax and backplane 25 Gigabit Ethernet[6] 802.3bz 2016 2.5GBASE-T and 5GBASE-T – 2.5 Gigabit Table 2. Ethernet standards (Ethernet IEEE 802.3 Standards, 2018) 21 �Fibre optic cables are used for faster and more reliable communication than with twisted pairs. There are two types of fibre optic cables: single-mode and multi-mode. Single-mode cables use lasers as the source of light for data transmission while multimode cables use light emitting diode (LED) as a source of light. Single mode cables provide faster communication data rates. Wireless communication media For wireless communication Radio Frequency (RF), laser, or infrared signals can be used. Weaknesses associated with communication media Below presented are the weaknesses associated with technology used as communication media. Radio communication and copper based communication media are weaker than fiber optic media because of their physical characteristics. Technology Coaxial Cable Weakness Easy to Tap Distance sensitive Difficult to modify Easy to Tap Easy to splice Cross talk interference Twisted pair Fiber Optics Microwave radio and Radio links Satellite radio link Easy to Tap Interference Noise Easy to Tap interference Noise Table 3. Communication media weaknesses 22 �Network communication devices Because network mechanisms such as protocols provide reliable end to end communication, their functions are delivered through all seven layers in the case of the ISO/OSI model, or five layers in the TCP/IP protocol suite. Aapplication Data Podatak Application layer Data Data Application layer Presentation layer Data Data Presentation layer Application Session layer Data Data Session layer Transport layer Data Data Transport layer Network layer Data Data Network layer Data link Layer Data Data Data link Layer Physical layer Physical layer Physical medium Hub Switch / Bridge Router Gateway Figure 10. Encapsulation process and communication devices on layers Every layer of the TCP/IP protocol suite (Figure 4.) has a unique task and that is why special devices were developed to support specific tasks at specific communication layers. Hubs Hubs are devices that regenerate and amplify received frames (Protocol Data Unit -PDU at data link layer (InetDaemon, 2018)) and then send them to all device ports. This device is considered as a device which operates on a physical level. Bridges Bridges are devices responsible for interconnecting different network technologies, such as IEEE 802.3 and IEEE 802.5, and different network segments with different physical media, such as copper cable networks with coaxial cable networks. Bridges are 23 �devices that collect knowledge using internal media access control MAC (InetDaemon, 2018) address tables, which helps them distinguish which device is part of which network segment, thus limiting unnecessary traffic in-between network segments. These devices cannot limit collisions in the network, but can send notifications about existing collisions. Switches Switches are, in essence, multiport bridges, and they operate on both the physical and data link level. While early bridges were computers with appropriate software, switches are hardware devices able to provide connections for many computers, where they can send frames in full-duplex mode. Switches separate network segments into different collision domains. They do this using MAC addresses (InetDaemon, 2018) to forward frames, and their major task is to forward and filter traffic. For network monitoring purposes, a switch can be configured to forward all traffic to one specific port called the SPAN port. Traffic gathered in this way can be analysed frame by frame or can be used to create usage statistics for a specific protocol, application, and other network management purposes explained in later chapters. PC PC SPAN Port Switch PC Monitoring device PC Figure 11. Typical SPAN port deployment in a simplified network diagram 24 �Network TAPs A Network Terminal Access Point (TAP) is a specialized device used to intercept network communication for the purposes of analysis known as „traffic analysis“. It is a device dedicated to intercepting network traffic. At minimum it has three ports: a port for incoming traffic, a port for outgoing traffic, and a port to attach the computer which is used to capture and analyse network traffic. This device is usually placed on network segments, such as backbones, where major network traffic flows, so that all traffic can be captured or monitored. Specialized traffic analysis software, such as Wireshark (2018) for wired networks and Kismet for wireless networks together with Wireshark (2018), can be used. The usage is explained in later chapters of the book. PC PC Tap PC Switch PC Monitoring device Figure 12. Typical Tap location in network A network TAP device that can be placed on a UTP network and Fibre optic network segments is shown in the figure below. This specific device has two ports where two monitoring devices can be attached. 25 �Figure 13. Network TAP, Dualcomm (2018) Routers Routers are devices that operate on the network or IP level, as they separate network segments into multiple broadcast domains. Routers operate with logical or IP addresses. They are equipped with software that allows routers to work with routing protocols which route routed protocols and manage routes so that packets can reach their destinations. Firewalls Firewalls are devices which, when deployed between different network segments, are seen as network devices, whereas if they are deployed on client computers, they are called personal firewalls. Their goal is to protect local resources from security breaches. 26 �The primary task of firewalls is to limit access to sensitive internal resources, monitor and record communication, encrypt packets, and provide end-to-end encryption using Virtual Private Networks (VPN) (CISCO, 2018). There are different types of firewalls (CISA, 2015, pp.368), including packet filtering firewalls, stateful firewalls, application based firewalls which can be implemented through screened-host firewalls, dual-homed firewalls, and hardware based appliances. Intrusion detection and prevention systems Firewall intrusion, detection, and prevention systems (IDS/IPS) can be implemented as network-based or host-based systems. The logic which can use these devices includes signature-based, statisticalbased, or neural networks as mechanisms for the detection of malicious activities. IDS/IPS is considered an additional mechanism for detecting malicious attempts against protected and valuable network resources. These systems have sensors and detection logic that is used to detect malicious activities. VOIP and PBX Voice over IP is becoming a dominant form of technology, replacing old PSTN analogue services available from 1920s onwards. VOIP is well-known for its Internet application, using different VOIP services, such as Skype or Viber. The VOIP private box exchange (PBX) are computer-based switches which are installed at organisation premises with the purpose of switching telephone calls in and out of the organisation. 27 �Network types There are different classification types for computer communication networks, but the most common is one that recognises coverage for interconnected devices. BAN Body area networks that are limited to one meter, and are typically wireless technology used to connect smart phones with smart watches, and sensors inside wearables such as clothes or shoes. PAN Personal area networks are limited to 10 meters, and are used to connect nearby devices, such as Bluetooth enabled devices. LAN A typical local area network segment spans 100 meters, but can be extended up to 400 meters using hubs, bridges, and switches, and even further using routers. Wireless LAN (WLAN) can be used to connect access points below 100 meters, but using point links these networks can be interconnected over tens of kilometres. SAN Storage area networks (SAN) or network area storage (NAS) are used to provide data storage on LANs for users. These devices can be configured to have locally managed users or they can incorporate an already available authentication scheme. WAN A Wide area network is considered a network which is used to connect all type of IT devices across a wide area in different regions in a country or even between countries. Internet is usually referred to as a WAN network 28 �A special type of WAN is wireless LAN (WLAN), which uses wireless technology to interconnect communication sites within same town. MAN Metropolitan area network is used to interconnect LANs across a city to connect different buildings of, for example, a university campus with parts of the university located in the same town on fiscally different location. Network terminal devices Network terminal devices are devices where communication ends. They are also a well-known part of Claud Shannon’s communication model (Businesstopia, 2018), called sendingreceiving stations. Supercomputers Supercomputers are computers dedicated to a specific problem or application where huge processing power is needed. The need dictates the high prices of these computer systems, and as such they are mostly used by research or military organisations. Mainframes Mainframes are computers which are used by thousands of users, and which usually have dedicated operating systems. Usually these computers support multiprocessor architectures. High-end and midrange servers These servers use operating systems such as UNIX, Linux, and Windows. They are cheaper than mainframes, but share some capabilities of mainframes. Supercomputers, mainframes, and servers have to be located in airconditioned rooms with uninterruptable power supply (UPS), 29 �electric generators, and redundant power supply from independent supply grids which are apart from the primary power grid. It is because all critical components have to be available all the time if possible. Personal computers Personal Computers are designed for single users. They use microprocessor architecture with almost all the components that servers have, such as a hard disk and multiprocessors, but with weaker performances than servers. They are used for word processing, access to common business applications, and network resources such as printing services or intranet. Thin client computers Thin client computers have limited hardware capacity, and are often without hard disks. They use network storage from servers or dedicated network area storage devices. They are, much like personal computers, used for personal use to common applications. Laptop computers Laptops are smaller, lightweight personal computers, suitable to be carried in a suitcase. Smartphones and handheld computers Smartphones, tablets, and other handheld computers are devices lighter than laptops with high processing power, usually without keyboards to make for easier carrying. They can be used as telephones, organisers, PCs, tablets, as means of communication, voice messages, or as a VOIP communicator using Skype, Viber, and other similar tools. 30 �IoT Internet of Things describes all devices connected to the Internet which are not considered as conventional as PC, laptop, or smartphones. These devices are, for example, IP cameras, VOIP telephones, and even household devices, such as refrigerators, which have an Internet connection that allows users to interact with the devices. Network services Network services enables network users to access network resources as they are locally available. They run as daemons on Linux/Unix platforms, or as a service on Windows platforms. NFS Network File Systems (NFS) allows users of computer networks to access files over network resources. DHCP Dynamic Host Configuration Protocols (DHCP) enable devices which do not have manually configured IP addresses to obtain an IP address, subnet masks, default gateways, and IP address DNS servers from the DHCP service which can be located on the server or on another device, such as a router. Client devices have to be configured as a DHCP client which initial DHCPs discover as a broadcast request to which available DHCP servers reply with the offer of an IP address, subnet mask, default gateway, or DNS addresses. After that, the client requests one of the offered addresses, and the DHCP acknowledge the given and accepted set of addresses. 31 �DHCP Discover DHCP Offer DHCP Request DHCP Client DHCP Acknowledge DHCP SERVER Figure 14. Simple DHCP architecture and modus operandi E-mail E-mail service provides the service of exchanging e-mail messages on intranets and Internet using SMTP, IMAP, and POP3 protocols. Common server programs send mail on Unix/Linux servers or MS Exchange servers. A typical email architecture contains three types of agents (an agent in this context is the software which provides a specific function for somebody): Mail User Agent (MUA) MUA is software installed on end-user devices or accessed as a web service (webmail such as Gmail), which is used to read and compose emails Mail Transfer Agent (MTA) MTA is software on the server side of the application which receives emails from MUA and checks with MDA if the recipient is in the local mail address box. If not , the email is sent to another receiving MTA based on the DNS name and the resolved IP address. All emails are transferred using the Simple Mail Message Protocol (SMTP) which uses TCP port 25. 32 �Sender MUA Recipient MUA MTA / MDA MTA / MDA Figure 15. Simple MUA, MTA, MDA architecture Mail Delivery Agent (MDA) MDA is software responsible for delivering emails to local mailboxes, so that local users can use MUA to access emails. Mails accessed by MUA to MDA use POP3 or IMAP protocols. Print service Print services allow users to use network printers in the organisation in accordance with the given promotions. This type of service provides better management of resources from a single management point. Printers are of communicating via IP, and all status messages such as low toner or paper can be sent directly to administrators, so that problems of missing resources can be resolved proactively. Users of print services can choose which printer they want to use, such as black and white or colour printers. Print server Black and White printer Colour printer Figure 16. Simple network printing service 33 �Print servers allow the storage of printed files for a specific amount of time so that documents can be printed later, again, or to check what was already printed. RAS Remote Access Service (RAS) provides direct access to local network resources to authorized users. This access was popular from the beginning of the computer network era when access was provided with WAN technologies, usually via Public Switched Telephone Networks (PSTN), and later with Integrated Switched Telephone Networks (ISDN). Modem WAN Circuit Modem RAS Server Figure 17. Simple RAS architecture Nowadays, due to available Internet connections, the Internet and VPNs are a common way of securely connecting to remote networks. Directory services Directory service provides user authentication and access to network resources such as shared files, directories, printers, applications, and other network resources. 34 �Peer-to-Peer services and applications With the expansion of the Internet, P2P models were used with common applications that share files, such as music, videos, and other resources. One of the pioneering peer-to-peer (P2P) file sharing services was Napster (2018), established in 1999. Figure 18. Napster (2018) Napster was specialized in sharing mp3 music files and had about 80 million registered users. According to (Lamont T., 2013) “The digital music revolution started with Napster” but the service was closed in 2001 due to a lawsuit for illegal sharing of copyrighted materials. FTP File Transfer Protocol (FTP) is used to store or retrieve files and folders from and to FTP servers. 35 �Control Port 21 FTP Client Data port 20 FTP Server Figure 19. Simple FTP architecture FTP uses TCP protocols with two ports, 20 and 21. FTP is most frequently used to transfer username and password in clear text if additional encryption is not used. Telnet Telnet is a service used to access remote devices via TCP/IP using TCP port 23. Port 23 Telnet Client Telnet Server Figure 20. Simple Telnet architecture It allows for two-way bidirectional communication. The protocol was developed in 1969 and is still used today by many communication and terminal devices. VPN Virtual Private Networks provide confidentiality and integrity of data over unsecured networks, such as Internet, by providing point-to-point data encryption. 36 �VPN TUNNEL Figure 21. Simplified VPN connection Communication ports used Every service that acts as a server in the client/server architecture has a predefined port, i.e. a specific service use which the client application can use to connect. Application / Service Acronym Port Simple Network Management Protocol SNMP 161, 162 Domain Name System DNS 53 Hypertext Transfer Protocol HTTP 80 Simple Mail Transfer Protocol SMTP 25 Post Office Protocol POP3 110 Telnet Telnet 23 Dynamic Host Configuration Protocol DHCP 67 File Transfer Protocol FTP 20, 21 Table 4. Applications / Services and standard ports used 37 �Network management Network management provides capabilities of reactively and proactively maintaining network components. ISO published a standardized approach to network management which contains the architecture and modelling known as the ISO model and Telecommunications Management Network (TMN) framework (Overview of TMN Recommendations, 2001) for network management (Sahin T. et. al., 1988). There is also the IETF IP Performance Management (IPPM) (IPPM, 2018) Working Group (WG) which developed a number of standards and metrics for IPbased networks. In essence, there are two types of network monitoring which are part of network management: passive and active network monitoring. These two approaches are complementary. However, when performing passive monitoring, active monitoring should be turned off, because it will otherwise produce additional network traffic. Using both approaches, monitoring results are more accurate. Passive monitoring Passive monitoring can be done using SPAN ports and Tap devices to capture/sniff and analyse network traffic using software such as Wireshark (2018). Another way of gathering valuable information is by using Simple Network Management Protocols (SNMP) to poll devices such as routers, switches, and servers that have installed SNMP agents with the Management Information Base for information on traffic, such as the number of IP, TCP, and UDP packets. It is possible to configure devices to send trap messages when specific events occur. Netflow is a passive monitoring mechanism which is able to provide the network manager with valuable statistical information. 38 �RMON is also a passive monitoring mechanism which is used to manage devices on network segments with limited bandwidth capacities. Active monitoring The IETF IP Performance Management (IPPM, 2018) Working Group (WG) was formed in 1997 with the task of developing metrics as Key Performance Indicators (KPI) and standards for active monitoring in the performance management of IP networks History of network management Three major organisations ISO, IETF, IETF, developed approaches and protocols specific for network management with the different focus to reach specific goals. Each organisation set up their own goals presented below in each row of the table. ISO ITU-T Powerful Management Object Oriented Reliable transport Define management architecture only Using OSI protocol (CMIP & CMIS) Out-of-band exchanged Management Information IETF Simple Management Variable Oriented Unreliable transport Table 5. ISO, ITU-T, IETF basic principles ISO developed model and framework for network management based on five functional areas: Fault, Configuration, Accounting, Performanse, and Security (FCAPS). Based ond FCAPS model, newer FAB model is defined in the Business Process Framework (eTOM, 2018). ITU-T developed Telecommunications Management Network (TMN) for managing open systems in a communications network. Goal was to automate process of detecting and resolving problems in telecommunication networks. 39 �IETF defined set of standards that defined SNMP and application layer protocol, data objects, and database schema. OSI model and framework for network management This model recognises five areas of functional management: Fault, Configuration, Accounting, Performance, and Security (FCAPS) (Nuangjamnong C, 1998). Figure 22. Network Management history IETF, ISO Network Management architecture and model (Nuangjamnong C, 1998). 40 �Additionally, it proposes an organisation model which contains a manager, an agent, and an object. OSI FCAPS model turned out to be used for education purposes just as ISO OSI communication model. Network Management Station with Network Management Software Trap receiver SNMP poll SNMP poll Agent Agent MIB MIB Managed device Managed device SNMP poll SNMP poll Agent Trap Agent MIB Managed device MIB Managed device Figure 23. Network Management architecture using SNMP, (Nuangjamnong C, 1998). The communication protocol used for Telecommunications Management Network (TMN) is the Simple Network Management (SNMP) protocol which can access SNMP agents on devices such as switches, routers, servers, and personal computers. SNMP agents send their queries locally to the Management Information Base (MIB) which contains information on running services, applications, status of connections, and other useful information. Poll (Get-Request, Get-Next-Request, Set-Request) Get-Response Trap Figure 24. Network Management surrounding 41 �A Network management station (NMS) with the appropriate network management software uses SNMP protocols to periodically poll data from managed resources or to receive traps if the predefined event occurs on the managed device. Using SNMP protocols equipped with command sets, NMS can collect information from MIB using different commands. SNMP uses UDP and port 161 for poll requests, and port 162 for Traps. Rmon Groups (1.3.6.1.2.1) Statistic Group (1) Traffic Matrix Group (6) History Group (2) Filter Group (7) Alarms Group (3) Capture Group(8) Hosts Group (4) Events Group (9) Host Top N Group (5) Table 6. RMON Groups (Cisco Remote Monitoring, 2018) As mentioned, when it comes to networks with limited bandwidth capacities, RMON is used to minimize the SNMP poll impact on bandwidth resources. This mechanism allows periodic access to already locally prepared reports about reports, most frequently used protocols/application/devices and network resources, and other useful information. RMON-MIBs Network Management Station WAN Circuit Figure 25. Simple RMON architecture 42 RMON-MIBs �SNMP version 3 is equipped with the following set of commands: get, getnext, set, getresponse, trap, getbulk, notification, inform, report. MIB OID Device IP (local PC) with SNMP agent Requested data Figure 26. Example query using iReasoning MIB Browser Information in MIBs can be accessed using different tools. The lightest ones are MIB query tools such as iReasoning, (shown above) which is used for querying the system description of the local PC. Summary Cyber and information components and infrastructures which use the TCP/IP protocol suite provide common services such as VOIP, NFS, DHCP, E-mail, Print, RAS, and Directory services. Services 43 �are supported by different network technologies such as BAN, PAN, LAN, SAN, WAN, and MAN. Network infrastructures are built using network communication devices such as Hubs, Bridges, Switches, Routers, PBX and Firewalls, and protected using intrusion detection and prevention systems. All network devices can be managed by implementing network management solutions such as the ISO Telecommunications Management Network (TMN) model and an appropriate framework for network management. Knowledge acquired In this chapter, the reader can gain knowledge about network topologies, network media, protocols and services, and network devices and their interoperation. The reader can also learn about network management purposes and activities that can help in dayto-day network operations meant to support cyber security. Review questions 1. Explain the difference between active and passive monitoring? 2. What is a TAP device and what is it used for? 3. What is a SPAN port and what is it used for? 4. Define the network functional model, and explain each management area? 5. Explain the difference between polls and traps? 6. What is a communication port? 7. Describe weaknesses associated with communication media? 8. Explain the role of MUA, MTA, and MDA in e-mail communication? 44 �9. Explain the operations? difference between HUB and Switch 10. Explain the difference between infrastructure and the adhoc wireless communication model? 11. What is network topology? Further readings - ISO/IEC 27000 family - Information security management systemshttps://www.iso.org/isoiec-27001-informationsecurity.html - TCP/IP vs. OSI: What’s the Difference Between the Two Models? https://community.fs.com/blog/tcpip-vs-osiwhats-the-difference-between-the-two-models.html - Network Topology https://study.com/academy/lesson/how-star-topologyconnects-computer-networks-in-organizations.html - Communication Media (Data Communications and Networking) http://what-when-how.com/datacommunications-and-networking/communication-mediadata-communications-and-networking/ - Communication device https://www.computerhope.com/jargon/c/communicationdevices.htm - Network Taps, Regenerator Taps, and Tap Aggregators https://www.ixiacom.com/products/network-tapsregenerators-and-aggregators 45 �- What Is a Firewall? https://www.cisco.com/c/en/us/products/security/firewalls/ what-is-a-firewall.html - What is IDS and IPS? https://www.juniper.net/us/en/products-services/whatis/ids-ips/ - Network Management System: Best Practices White Paper https://www.cisco.com/c/en/us/support/docs/availability/highavailability/15114-NMS-bestpractice.html - 46 What’s on Your Network? The Need for Passive Monitoring http://www.tomsitpro.com/articles/network_monitoringnetflow-it_security-networking-snmp,2-561-2.html �3. Cyber security landscape Chapter abstract Chapter goals: To explain core information security principles, to define cyber security incidents and motivations, to present common cyber security threats, to define cybercrime, to present different malicious software and distinguish passive from active attacks, to explain what is fraud and present the deep and dark web, and to present tools used, such as TOR, and their operations. Finally, to explain penetration testing principles and ethical hacking techniques and tools. Learning outcomes: Acquiring knowledge of information security and understanding the aspect of information security related to cyber security. Raising awareness of cyber threats and possible mitigations and strengthening organisation resilience using ethical hacking techniques. Fundamental aspects of cyber and information security The fundamental aspects of information security are usually divided into Confidentiality, Integrity, Availability, Authenticity, and Non-Reputability. Because information can be stored and transferred in different shapes, its security depends on the security of tools, utilities, people, hardware, software, and means of transfer. All of them are considered information assets, and are subject to fundamental security aspects. As stated in the introduction, ISO 27000 27000 (ISO 27001:2013, ISO 27005:2008, and other) standards consider Confidentiality, Integrity, Availability as the fundamental aspects of information security, whereas some other formal approaches and authors (Vigila et al., 2015) consider 47 �Authenticity, and Non-Reputability as important aspects for managing information security. Information security principle Confidentiality Integrity Availability Description core Information assets can be electronic, non-electronic, or spoken. Information can be stored or can be transferred over communication links. In any state, the confidentiality of information can be jeopardized if not protected. Information can be changed or destroyed by an unauthorized person or information assets can be destroyed. This is connected to integrity principles of information security. That is why all information transferred over communication lines and stored on hard disks and other media has to be protected so that integrity is guaranteed by technical and organisational mechanisms and internal controls. Information and information assets have to be protected so that they are available for access and use. Information processing facilities have to be protected so that the business is resilient to minor and major possible outbreaks due to internal or external impacts. Authenticity Authenticity has to guarantee the truthfulness of the origin of information. Non-Repudiation This principle is related to the authenticity of information so that the creator originator of specific information cannot deny that specific information originates from a specific person. Table 7. Information security core principles (ISO 27001:2013 and Vigila et al., 2015) Cyber security incidents and motivations Financial theft, access to resources, competitive advantage (economic, political), personal grievances, vengeance, intellectual or other curiosity, mischief, personal or group attention (CNSCENTER, 2000), and fraud, are some of the most common reasons for cyber and information security criminals to conduct their criminal acts. In all attacks, it is clear that the attackers have a specific goal which depends on motivations. Attackers have 48 �dangerous and destructive goals of stealing money and data, or destroying the victim’s data and other digital resources, as well as some less dangerous goals motivated by curiosity, intellectual challenge, or learning about system resources Because of potential destructive consequences, every attempt or preparation for attack has to be seriously considered by examining all the early indicators of unpatched equipment, uncontrolled areas of infrastructure, lack of monitoring logs, or unexpected events in the area of administration. Many organisations can survive cyber and information security attacks due to their nature and position explained below, but many privately owned companies are not that lucky and their businesses get terminated or seriously damaged. On a personal level, it is almost certain that individuals responsible for cyber and information security will be object of disciplinary or other legal action. Common cyber threats It is clear that cyber threats affect different victims, including individuals, corporations, and critical and vital national infrastructures. There are different types of threats used for different purposes. Cybercrime is a connected criminal activity which uses digital technology to commit criminal activity such as ransomware, data theft, and virus creation and distribution. These types of attacks are performed by individuals or groups. Cyber industrial espionage is performed against corporations and institutions with the goal of stealing data and producing damage. Cyber warfare is usually conducted on critical state infrastructure, including such examples as the Stuxnet (2010), (Mueller P. and 49 �Yadegari B., 2012) virus, or attacks on Iranian or Estonia’s critical national infrastructure (Iasiello E, 2013). Malicious software – history and types As explained by Microsoft, (2003) malware is short for malicious software which includes viruses, macro viruses, worms, Trojans, logic bombs, ransomware, rogue adware, adware, and spyware. Malwares are created to infect as many computer resources as possible, to perform specific tasks such as stealing data, deleting data, or even stealing money. Malicious software has its roots in automated organisations proposed in John von Neumann's article, "Theory of self-reproducing automata“(Von Neumann, J., and Burks, Arthur W., 1966) A Virus is malicious program able to replicate itself with the goal of infecting other files after it is executed. Viruses can affect computer systems in different ways, such as file deletion, change, or sending spam mails. The concept of self-replicating software was proposed "Theory of self-reproducing automata“(Von Neumann, J., and Burks, Arthur W., 1966) Macro viruses appeared in mid-nineties with the goal of infecting Microsoft files created in Word, Excel, and other Microsoft created documents. Worm, as a term connected to computers, was first mentioned in The Shockwave Rider, written by John Brunner (Brunner J., 1975). Brunner used the word "worm" for a program which can propagate through a computer network by itself. The first worm that was spread over the Internet was created by Robert Morris (Eisenberg T.et al, 1989). Below is a table created based on Wikipedia (2018) with a short history of software related to malicious software. 50 �1949 1971 1973 1974 1975 1981 1983 1986 1987 1988 1989 1990 1992 1993 1994 1995 1996 1998 1999 2000 2001 2002 2003 John von Neumann's article on the "Theory of self-reproducing automata“ published. Experimental self-replicating program The Creeper. Michael Crichton movie Westworld mentions the concept of a computer virus. The Rabbit (or Wabbit) virus ANIMAL Elk Cloner The term "virus" is coined by Frederick Cohen in describing self-replicating computer programs. The Brain boot sector virus is released. Vienna virus, Lehigh virus, Jerusalem virus, SCA virus, Christmas Tree EXEC, The Morris worm, created by Robert Tappan Morris, Ping-Pong virus, CyberAIDS and Festering Hate Apple ProDOS AIDS Trojan, the first known ransomware, Ghostball, Vienna and Cascade, Form viruses, The Michelangelo virus Leandro or Leandro & Kelly and Freddy Krueger OneHalf The first Macro virus, called "Concept" "Ply" Boza, Laroux, Staog the first Linux virus attacks Linux machines CIH virus The Happy99 worm, The Melissa, The ExploreZip worm, The Kak worm The ILOVEYOU worm, The Pikachu The Anna Kournikova, Sadmind worm, The Sircam worm, The Code Red worm, The Nimda worm, The Klez worm The Simile virus, Mylife The SQL Slammer worm, Graybird is a trojan horse, ProRat trojan horse, and worms: The Blaster, The Welchia (Nachi), The Sobig, Swen worm, The Sober, Agobot, Bolgimo 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Bagle, The MyDoom worm, The Netsky worm, The Witty worm, The Sasser worm, Caribe or Cabir, Nuclear RAT backdoor trojan, Vundo, or the Vundo Trojan, Bifrost, Santy, Zotob, The Zlob Trojan The Nyxem worm, OSX/Leap-A or OSX/Oompa-A, Brontok, Starbucks,Stration or Warezov worm Storm Worm, Zeus Mocmex is a trojan, Torpig Trojan horse, Rustock.C, Bohmini.Ar trojan, The Koobface computer worm, Computer worm Conficker W32.Dozer, Daprosy Worm, Source code for MegaPanzer Waledac botnet, The Psyb0t worm is discovered, Alureon Trojan, Stuxnet, a Windows Trojan, "VBMania", Kenzero SpyEye and Zeus, The Morto worm, the ZeroAccess rootkit, Duqu is a worm May: Flame or Flamer, sKyWIper, and Skywiper, Shamoon NGRBot The CryptoLocker Trojan horse, The Gameover ZeuS Trojan, Linux.Darlloz The Regin Trojan horse The BASHLITE, Linux.Wifatch Ransomware Locky, Tiny Banker Trojan, Mirai The WannaCry ransomware attack, The Petya (malware) attack, Kedi RAT (Remote Access Trojan) Spectre and Meltdown Flaws Table 8. Short timeline of major malicious software appearance based on Wikipedia (2018) information 51 �Trojan is a program that was first created in 1975 as a nonmalicious program. In 1989 the first known ransomware Trojan was created (Lord N., 2018). In the late nineties, Trojan was used to create backdoors on computer systems which were then used by attackers to exploit systems and system resources. Spyware are programs that infect computer systems and collect information about user behaviour with the goal of offering products or steal data such as usernames, passwords, and bank account details. Logic bombs can be software on their own or incorporated into existing applications. They are software that accomplishes malicious intents when specific conditions are met. A typical example would be when a disgruntled programmer incorporates malicious software into the existing organisation’s application that deletes files or do other harm to organisation’s information technology resources when the following criteria in the database is met: „programmer’s name and surname“ is locked as a result of termination from the company (CISA 2015, pp. 349). Ransomware is a malware that encrypts user’s files and on behalf of the attacker request ransom to be paid for a key to decrypt the encrypted files Cowing J. (2015). Passive and Active attacks Passive attacks are used to intercept communication between two ending nodes which participate in communication. Passive attacks are different across wired and wireless networks, since for wired networks a tap device which is physically placed on a network segment is needed to the capture packets, whereas for wireless networks appropriate software and hardware with antenna is needed. The goal of passive attacks is gathering specific information, such as passwords and data in transit. That is why the 52 �main objective of passive attacks is to target confidentiality of information in transit (CISA 2015, pp 380). Active attacks include active actions meant to harm specific systems by intruding in or interrupting system operations. Whilst the goal of passive attack is to jeopardize confidentiality only, active attacks target integrity (change of data and information), availability, and confidentiality as well (CISA 2015, pp. 350). Masquerading Masquerading is an active type of attack by presenting the identity of somebody else with the goal of accessing resources in an unauthorised way by impersonating people or machines (CISA, 2015. pp 350). Man in the middle attacks Man in the middle attacks (MITM) target the communication between two communicating entities by secretly relaying and possibly altering that communication. In MITM, the attacker is attempting to play an active part in the communication (CISA 2015, pp. 349). Message modification Message modification is an active type of attack where the attacker changes the content of the message, such as a bank invoice or payment transaction (CISA 2015, pp. 350). Eavesdropping Eavesdropping is a passive type of attack where the attacker gathers information from network with the goal of acquiring data related to login and password sessions (usernames and passwords), e-mail content, and keystrokes. This type of activity provides the attacker with credentials to access sensitive resources (CISA 2015, pp. 348). 53 �Intrusion attacks Intrusion attacks are active types of attacks where the goal is to make an active impact on the targeted system, such as to find system passwords and manipulate (change or steal) data. Packet reply This type of attack has attributes of both active and passive attacks. It is conducted by listening (sniffing) to the network traffic and recording it, which is the passive aspect of the attack. The active aspect of the attack is to send the recorded network traffic, usually for the purpose of authentication, sending encrypted passwords, and to continue to use authenticated sessions avoiding decrypting passwords (CISA 2015, pp. 350). Spoofing Attackers use this method to masquerade their presence on the network as somebody else by falsifying data, such as the IP address, to gain privileges or data such as passwords (CISA 2015, pp. 349). Pharming This type of attacks redirects requests from a web site to other web sites which were prepared by the attacker. For example, a web site which looks like the exact or genuine web site of the attacked person’s client web site. The attacker’s intention is to steal user’s credentials such as username and password. This type of attack is possible through changing local host files or DNS settings (CISA 2015, pp. 350). War dialling In War dialling, the attacker is checking the availability of modems that can be reached through Remote Access Systems (RAS) available via Public Switched Telephone Networks (PSTN), 54 �Integrated Switched Digital Networks (ISDN), and through remote access devices such as modems and routers. War driving Similar to War dialling, except this type of attack is used for attacking wireless networks by using equipment (laptop, wireless antenna, software) and vehicles to gather information on weak encryption and open wireless access networks by driving around buildings and other physical objects (CISA 2015, pp. 351). War walking An identical type of attack as war driving where instead of using a vehicle, the attacker walks around a building with the equipment for identification of vulnerable access points (CISA 2015, pp. 351). War chalking War chalking is the process of marking buildings and physical objects to notify of open wireless networks. Purpose of war chalking is to notify other users who wants to use wireless access to the Internet at no cost (CISA 2015, pp. 351). . Code injection Code injection relies on program errors which, when they receive data or code from the attacker, change the course of execution. There are different types of code injection techniques, such as SQL injection, HTML script injection, Dynamic evaluation vulnerabilities, Object injection, Remote file injection, Format Specifier Injection, and Shell injection. Interrupt attacks These types of attacks are used to insert specific and malicious routines in running operating systems using system calls to interrupt other operating system executions (CISA 2015, pp. 349). 55 �DoS, DDoS, flood attacks These kinds of attacks have the goal to disrupt or block all communication to and from the attacked network. Denial-of-service attack (DoS attack) is an active type of cyberattack with the goal of making the targeted system temporarily unavailable. . A typical approach is to flood the targeted network with large amounts of packets or misuse the TCP/IP stack with syn flood attacks that misuse the vulnerability of the three-way handshake mechanism. Typical attacks include ICMP ping flood, Smurf attack, Syn flood attack, and Teardrop attack. Internet Attacked system Attacker Figure 27. DoS attack A special type of DoS attack is permanent DoS or PDoS or plashing, with the goal of damaging hardware and in this way prolonging the recovery of the attacked system. Distributed Denial-of-service attack (DDoS attack) is a special type of DoS attack where many machines on the Internet are used to amplify the strength of the attack. Machines used to amplify the attack are called agents or botnets. 56 �Compromised host Compromised host Internet Attacker Compromised host Attacked system Compromised host Compromised host Figure 28. DDoS attack Flood attacks Flooding the network with large amounts of traffic disables the communicative channels of the attacked network, and as such, these attacks are DoS or DDoS variants. Protocol specific attacks Due to a weak protocol design and implementations during a course of time, different types of attacks were launched. DNS attacks Most prominent attacks on DNS services include DNS spoofing or hijacking, DNS rebinding, DNS Denial-of-service attack, and DNS Amplification attacks. DNS attacks are common ground or starting point for other types of attacks because DNS services provide users with vectors and directions of communication similar to routing protocols. The difference is that DNS is easier to attack because it relies on enduser insecurity such as unpatched operating systems, un-updated 57 �antivirus software, weak firewall and/or intrusion detection policies, and/or lack of network segmentation. ARP attacks ARP protocol are part of the TCP/IP protocol suite of Ethernet types of network, which is used by network operating systems to determine the MAC address of a device’s IP address so that communication on the LAN segment can be initiated and finished with the communication peer. When initiating IP communication, the computer needs the MAC address of the device so that the sending and receiving device can communicate using data link layers. Once the initiating computer learns the MAC address of the computer with which communication is needed, as is the case when using DNS service on DNS servers, communication continues using IP protocols. 1 1 ARP request 6 3 IP Traffic IP Traffic ARP reply ARP reply 2 5 Attacker IP Traffic IP Traffic 2 ARP request 1 ARP request Gateway ARP request 4 1 DNS Sefver Figure 29. ARP operation and ARP attack Attackers use techniques called ARP spoofing, ARP poison routing, or ARP cache poisoning, which is a subtype of MITM attacks which are used to send ARP replies to confuse the 58 �communication initiator and to “persuade” the communication initiator that traffic should pass via the attacker’s computer. Implementing this scenario, the attacker is able to record traffic and get passwords, credit card numbers, and even change user data in packets. DHCP attack As previously explained, the DHCP service provides dynamic IP addresses. Attackers install malicious software on infected computers or use other techniques or even hardware to offer IP addresses to computers that require the IP address. The malicious DHCP service and server where it is installed is called a rogue DHCP server attack. The attacker sends the victim an IP address, subnet address, default gateway address, and IP addresses of DNS and WINS servers, which allows the attacker to hijack all communication initiated from the victim’s computer. Alteration attacks This kind of attack is used to modify data or program codes, thus affecting the integrity of data. Botnets Botnets are networks of compromised computers running malicious software to amplify attacks such as DDoS, spam, and other massive types of attacks. Fraud Fraud is defined by the Oxford dictionary as: “wrongful or criminal deception intended to result in financial or personal gain” 59 �Figure 30. Fraud triangle Opportunity to commit fraud is created by the following conditions: misuse of privileges and entrance into the system, lack of established monitoring activities, collaboration between coworkers, and established four eyes controls, as well as keeping access rights through changing organisation positions (Sandwith L. 2006). Rationalisation represents another part of the fraud triangle. It is based on a self-morally defensible justification for fraud which could be in the form of medical or social programs available for all citizens (Sandwith L. 2006). Motivation or pressure to commit fraud, as the third part of the triangle arises when there is a need for additional income, expensive health interventions, nursing care, and previously undetected frauds (Sandwith L. 2006). Salami This type of a fraud attack uses the technique of taking small amounts of money from accounts and sending it to other accounts 60 �which usually belongs to attackers. This type of attack is common in banking institutions (CISA, 2015, pp. 350.). Phishing Phishing is cyber fraud whose goal is identity theft. This type of attack is performed when criminals send messages which seem genuine to victims (their bank e-mail address, or other legitimate organisation addresses) persuading them to submit confidential information such as credentials or other information (CISA, 2015, pp.349). Deep Web, Dark Web Search engines such as Google, Bing, YouTube, Wikipedia, and other similar services, represent available Internet resources which are used for legitimate purposes. On the other hand, resources available through the Deep and Dark Web (2018) are generally considered illegal, offensive, and in focus and interest of law enforcement agencies for detecting, preventing, and documenting criminal activities. Deep Web The phenomenon known as Deep Web contains illegal information such as web sites with medical records, published scientific reports, and papers stored and transferred from services which require a special fee for accessing those files. Dark Web The Dark Web is a part of the Internet used for drug trafficking, illegal information, political protests, and private communications usually supported with certain types of browsers such as The Onion Router (TOR, 2018) which encrypts traffic. 61 �Dark Net The Dark web uses Dark Net to transfer data and route traffic over the Internet. This network uses hidden services available only through web browsers such as TOR. As explained on the TOR website, TOR protects its users against “traffic analysis.” Figure 31. TOR (2018) Figure 31. shows TOR’s automatic configuration for using proxy servers before the web request reaches the Internet. Many sources claim that TOR was developed by the United States National Security Agency (NSA) (Lee T. B. 2013) to provide covert communication for activists in countries with censored Internet. However, it was used against NSA when WikiLeaks (Lee T. B. 2013) published a great amount of data which were transferred using TOR. TOR as a technology is used as a service for anonymous communication by many on the Internet. 62 �TOR operation TOR operates through three steps explained on the TOR support web-site. Figure 32. TOR modus operandi, TOR (2018) In the initial phase, the local TOR browser searches for TOR nodes from the directory server. Afterwards, it selects a random path for each request. Communication between TOR nodes is encrypted, while only the final hop (communication the between TOR node and the requested destination) is not encrypted. This type of operation was used before in P2P communication where resources from other nodes were used by Napster (2018), Gnutela (Mitchell B. 2018), Donkey (2018), and other similar tools. Penetration testing, ethical hacking, and intrusions Intrusion attacks on a critical infrastructure are common security problems in the cyber space. Critical infrastructures must be on the Internet to offer services to users. Because of that, it is necessary to test critical infrastructures against potential intrusion attacks as they would be performed in reality. These types of security tests 63 �are called penetration testing and ethical hacking, and are performed by ethical hackers. Ethical hackers, known as white hat hackers, are security professionals who know how to find and exploit vulnerabilities in different systems. They must have same technical knowledge and skills as malicious hackers, better known as black hat hackers. Ethical hackers use skills in a legitimate and lawful way to try to find vulnerabilities and propose improvements before black hat hackers can get there and try to break in. Penetration testing and ethical hacking became very important for organisations because they improve security. As such, educational institutions designed courses in an attempt to teach their students ethical hacking skills. One of the best known ethical hacking programs is the Certified Ethical Hacker (CEH, 2018) certification scheme developed by EC-Council, which is an organisation headquartered in Albuquerque, New Mexico available at https://www.eccouncil.org. Penetration tests follow similar or same steps as real intrusions. There are three major approaches to penetration testing (CEH, 2018) explained below. White box – in this approach, an ethical hacker has access to a lot of information, such as IP addresses, running services, and operating systems, available applications, etc. Grey box – some of the information is not given to the ethical hacker, but rather it is left for the test team in order to discover information needed for intrusion. Black box – no information is given to the ethical hacker, but it is his task to discover information needed for intrusion. 64 �Common intrusion steps, techniques, and tools Figure 33. shows that in the time scale, there are more points which come before successful intrusion. This knowledge can be used to detect intrusion attempts and stop intrusion. It is very important to know that there were months of cyber-attack preparations in cases explained in previous sections. Preparation points could be detected earlier if proper malware protection, intrusion detection, fraud detection, and event monitoring activities exist. In order to protect the local system, it is clearly important that early signs of malicious attempts be recognised. Bejtlich (2004) suggests common points in time when cyber-attacks could be recognised. Reconnaissance is used to gain knowledge of the targeted system state which includes but is not limited to hardware platforms, operating systems, open ports, and running services. Reconnaissance Exploitation, Abuse, Subversion, System breach Reinforcement Consolidation Pillage Figure 33. Common steps of intrusion attacks (Bejtlich, 2004) 65 �Performing ethical hacking, penetration testing, or executing a cyber-attack is a similar act to engaging in war. Following this logic, it is crucial to gain knowledge on strengths and weaknesses of the targeted system. Network port scanning and war driving for wireless networks (a technique known as war dialling in the modem communication era) provide information for attackers or ethical hackers about open and closed ports, versions of operating systems, encryption used for wireless networks, and used certificates. During the reconnaissance phase, attackers collect valuable information on the security state of any system. This phase in ethical hacking terminology uses methods such as footprinting, port scanning, and enumeration. In this phase, collected data can reveal system vulnerabilities which can be used against the system. The main aim of this is to improve the approach used by the attacker with which system vulnerabilities can be exploited. Tool groups.google.com Whois (whois.net or arin.net) SamSpade (http://www.majorgeeks.com) White Pages (www.whitepages.com) OWASP Zed Attack Proxy (ZAP) (https://www.owasp.org/) Function Search for posting technical or nontechnical newsgroups. Can be used as IP address gathering tool. Application for gathering domain information. Retrieve phone and address information Discovers web server information and possible vulnerabilities. Table 9. Short timeline of major malicious software appearance Reconnaissance and foot printing tools In the reconnaissance phase, the attacker or the ethical hacker uses non-intrusive and intrusive methods to gather information of physical and logical location of the targeted system. 66 �Furthermore, the tester or attacker gains knowledge on open ports, operating systems, and available resources, such as shares on the network, user names, groups assigned on the network, and the last time the user logged on. Sometime, an organisation’s (which is object of recognisance and footprinting) web-site can reveal phone numbers, responsible persons, employees’ biographies, as well as the e-mail address format which can be used to guess e-mail addresses of other employees. Figure 34. Reconnaissance phases (CEH, 2018) The SampSpade (2018) tool can be used to investigate Zone Transfer, SMTP Relay Check, Scan Addresses, Crawl website, Browse web, Fast and Slow Traceroute, S-Lang command, Decode URL, and Parse e-mail headers. It can give an attacker information about users and a system or particular host which is object of the attack, or it can be used to examine a server or web site security on the Internet. 67 �Figure 35. SamSpade (2018) Another tool used for reconnaissance purposes is Nmap/Zenmap (2018), available for Linux and Windows systems. Figure 36. Nmap / Zenmap (2018) Google site groups.google.com can be used as a tool to find corporate employees’ information. 68 �Whois is a commonly used tool for gathering IP addresses and domain information that attackers can use. Figure 37. Whois output for www.mit.edu ZAP (2018) can be used to discovered web server information and find possible vulnerabilities and weaknesses. Figure 38. ZAP (2018) All gathered information can be used for social engineering purposes or the technical exploitation phase for the next phase of the attacks. 69 �Figure 39. Wireshark window with captured traffic Tools such as Wireshark (2018) can be used to sniff network traffic from wired network segments closed using Tap devices or Switches and SPAN ports. Wireless networks, compared to wired networks, make surveying network traffic easier. This is because there is no possibility to physically protect the network flow, and the only protection is the encryption mechanism. Based on the historical overview, weak implementations of encryption mechanisms lead to vulnerabilities exploited by attackers. Software such as Kismet (2018) in combination with Wireshark (2018) can be used to analyse captured wireless traffic. 70 �Figure 40. Kismet (2018) System hacking or exploitation phase include abuse, subversion, or system breach which comes after the reconnaissance stage (foot printing, port scanning, and enumeration) because reconnaissance phase has to provide enough information for abuse. Figure 41. System hacking steps (CEH, 2018) In the abuse stage, an attacker is able to log on to legitimate services by utilizing previously used techniques such as brute force or 71 �password cracking. Password cracking is one of the earliest hacking techniques for accessing privileges. Passwords Passive Online Wire sniffing SAM NTLM Kerberos MITM Active online Replay Hash injection Trojan – Spyware Guessing Phishing Figure 42. Password cracking techniques (CEH, 2018) Passwords have to be stored somewhere in order to authenticate users. They are encrypted for security reasons. One approach towards identifying one’s password represents stealing the password or entire password files for decryption. This process is known as password cracking. Password cracking can be used as a password strength checking tool in ethical hacking, technical testing, or for audit purposes. Common tool used in this approach are John the Ripper (2018), Cain & Abel (2018), and other similar tools. 72 �Figure 43. Cain & Abel (2018) captured traffic Subverting phase of system mechanisms has the goal to perform actions needed for escalating privileges which go into the reinforcement stage. In the reinforcement stage, an attacker is able to use additional privileges by installing Trojans and opening backdoors for easier access, which is then used in the consolidation phase that leads to pillage, where attackers steal sensitive data and misuse other system privileges, hiding files, and covering tracks. Summary The cyber and information security landscape is changing constantly, and old threats become more sophisticated, while criminal motivations remain the same. The aforementioned passive and active attacks are realised through specially crafted intrusion attacks, code injection, DoS and DDoS, man in the middle attacks, malicious software, hacking tools, fraud, and phishing. Efforts in securing the infrastructure can be invested through 73 �testing security via performing common intrusion steps as part of penetration testing, and ethical hacking techniques explained in this chapter. Knowledge acquired In this chapter, it is possible to learn about ethical hacking steps and tools, cyber security threats and different attacks on application and communication protocols, and malware threats and the history of malware. Review questions 1. Explain common steps of intrusion attacks. 2. What is ethical hacking? 3. What is TOR? 4. Explain what is the Deep and Dark Web. 5. Explain the elements of the fraud triangle. 6. Explain ARP, DHCP, DNS attacks. 7. Explain the difference between DoS and DDoS attacks. 8. Explain the difference between Virus and Trojan. 9. What is system hacking? 10. What tools can be used for traffic sniffing on wireless and wired networks? 11. What are password cracking techniques? 12. Name and explain three approaches for penetration testing. 74 �13. What is fraud? 14. Explain common cyber threats. 15. What is spoofing? Further readings - Cyber Attacks – What are the Financial Impacts? https://www.countercept.com/our-thinking/how-muchshould-you-care-about-cybersecurity/ - Six Cyber Threats to Really Worry About in 2018 https://www.technologyreview.com/s/609641/six-cyberthreats-to-really-worry-about-in-2018/ - A Brief History of Malware — Its Evolution and Impact https://www.lastline.com/blog/history-of-malware-itsevolution-and-impact/ - The Difference Between Passive & Active Attacks on a Computer https://www.techwalla.com/articles/the-differencebetween-passive-active-attacks-on-a-computer - Distributed Denial of Service Attacks – The Internet Protocol Journal; Volume 7, Number 4 https://www.cisco.com/c/en/us/about/press/internetprotocol-journal/back-issues/table-contents-30/dosattacks.html - What is the difference between the dark web and the deep web? https://www.quora.com/What-is-the-difference-betweenthe-dark-web-and-the-deep-web - Ethical Hacking Academy https://academy.ehacking.net/ 75 �- 76 Hacker Tools Top Ten Our Recommended Pentesting Tools and Hacking Software for 2018 https://www.concisecourses.com/hacking-tools/top-ten/ �4. Cyber security incident cases Chapter abstract Chapter goals: To present cyber incident cases and discuss presented incidents in appropriate timelines to show that proactive detection and prevention of incidents would have been possible if standards and controls had been implemented. Learning outcomes: Knowledge of cyber incidents and important breaking points in time when incidents could be proactively resolved. Chapter security incidents Only cyber incidents with a great loss are reported in media. Almost every year, we face multiple cyber incidents which marked the cyber security arena. Graphics in this section show only a few causes of failures, and explain when it would be possible to spot attacks on time by using Minard's idea (Mason B., 2017) of graphical documentation of unfortunate events. Central bank of Bangladesh According to Reuters (2016), and (Krishna N. Das, and Jonathan Spicer, 2016), hackers tried to steal $951 million through multiple bank account orders using primarily the SWIFT messaging system in the first two weeks of February 2016. The attack was well prepared via installed malware on the inside network of the Central Bangladesh Bank, and sent via e-mail to one of the 77 �employees with access to the SWIFT system. In media reports, it has been revealed that cheap communication switches were used to connect different network parts. The attack began in late Thursday afternoon on February 4th, when attackers started transferring the $951 million Reuters (2016) and (Krishna N. Das, and Jonathan Spicer, 2016). The attackers accessed almost 1 billion dollars in the account of Central Bangladesh Bank located in New York. Federal Employees stopped the transfer of $850 million by asking the Central Bangladesh Bank for more information about the transaction. However, SWIFT messages never reached the recipient because attackers diverted all messages from New York Fed to the Central Bangladesh Bank, which was not aware of the attack. The rest of the money ($101 million) was not stopped, so it was transferred via Rizal Commercial Banking Corporation (RCBC) in Sri Lanka. However, $20 million which was supposed to go to the bank account in the Philippines was stopped by the Deutsche Bank because they noticed a spelling mistake. Thursday 4th of February 2016 Friday 5th of February 2016 Weekend 6th and 7th Monday 8th of of February 2016 February 2016 Tuesday 9th of February 2016 $31 million $951 million 35 orders Via SWIFT $101 million 5 orders $850 million blocked total of 30 orders No malware detection $81 million total of 5 orders $29 million $21 million $20 million blocked intended to NGO Shalika Foundation No malicious traffic detection Figure 44. Time Scale of Central Bangladesh Bank Heist 2016 (Reuters, 2016) and (Krishna N. Das, and Jonathan Spicer, 2016) 78 �Attackers misspelled the name of the recipient of the NGO called “Shalika Foundation,” and wrote “Fundatioin” instead of “Foundation.” The rest of the money ($81 million) was sent to bank accounts in Sri Lanka. On Friday morning of February 5, Central Bangladesh Bank noticed a problem with the SWIFT system, because it was not possible to send or receive messages via the SWIFT system. In addition to that, printing any kind of payment orders was not possible. However, personnel did not pay much attention to that because in the Central Bangladesh Bank it is a custom that after Friday midday, employees who pray do not have to come back to work after prayer. On Saturday morning of February 6th, it was clear for the Central Bangladesh Bank SWIFT operation personnel that something was wrong, thus, they tried to contact New York Fed. However, it was not possible to reach it because it was a non-working day for New York Fed personnel. On Monday of February 8th, the Central Bangladesh Bank realized that money was transferred to the Philippines, but it was not possible to contact the bank personnel there. The reason is because in Philippines, February 8th is a holiday and a non-working day. The stolen money was transferred to RCBC bank account and further sent mostly to casinos in Philippines (Krishna N. Das, and Jonathan Spicer, 2016). No one was arrested or charged for this theft. The Bangladesh police partially blamed SWIFT because there was no written document which explains what should be done to safeguard the local SWIFT infrastructure. The Bangladesh police admitted that information technology equipment of the Central Bank of Bangladesh was outdated. After the attack, SWIFT visited the Central Bank of Bangladesh and refused to take any 79 �responsibility for the incident, stating that the Central Bank of Bangladesh had to resolve recognised technical and organisational security issues on its own. As a result of this incident, Bangladesh’s central bank governor, Atiur Rahman, resigned (Reuters, 2016). in one of the largest cyberheists in history and Bangladesh’s Prime Minister, Sheikh Hasina, accepted his resignation one month after the incident on March 15, 2016. Retail chain Target As reported in the media (Vijayan, 2014), in the beginning of 2014, a large retail chain – Target was the victim of a large scale cyber breach, when data from up to 40 million credit and debit cards of Target’s shoppers was stolen. In the cyber-attack analysis reports, it was revealed that the Target retailer failed to properly segregate systems which handled sensitive payment card data from the rest of the internal network. Friday 15th of November 2013 27th of November 2013 hackers tested malware on small number of cash registers No malware detection Sunday 15th December 2013 of 40 million credit and debit cards data stolen No malicious traffic detection Figure 45. Time Scale of Target retail chain Cyber Attack, 2013 It was reported (Vijayan, 2014), that hackers made an intrusion through the supplier’s network, and that of the air conditioning systems maintenance company. This company had access to Target's network with the goal of maintaining equipment and 80 �remotely monitoring energy consumption and temperature in Target's stores. Attackers gained access to Target's network on November 15, 2013, and began collecting data and uploading and installing malware on Target's network, or more specifically on the company's Point of Sale (POS) systems. Before the execution of this large-scale attack, which happened between November 27 and December 15, 2013, hackers tested the malware on a small number of cash registers. When they were certain that they will be able to steal a large amount of data, they carried out the attack on about 40 million debit and credit cards of Target’s customers from the U.S., Brazil, and Russia. Sony Entertainment Company On November 24, 2014, a group of hackers called "Guardians of Peace" (GOP) (GOP, Paul 2014) released 100 TB of confidential information from the Sony Entertainment Company. A member of GOP claimed that they had the access a year before they released data. The Sony Entertainment Company received warnings from hackers on November 21st, demanding "monetary compensation." However, this e-mail was ignored and treated as spam. Attackers were never brought to justice and early investigations suggested that hackers from North Korea were to blame because Sony was about to release the comedy film “The Interview,“ about an assassination attempt against Kim Jong-un. Later analysis suggested some other sources of attacks. Figure below shows that users of Sony Entertainment Company were informed about the attack on November 24, 2014. They could have seen a warning message on their screens or web-sites of the services which they used. The confidential information contained personal information of employees, social security numbers, personnel family information, passwords of Hollywood stars, employees’ medical confidential reports, confidential information about new movies and music projects, released movies that were still not published, contracts already signed and contracts that were prepared. 81 �Figure 46. "Guardians of Peace" (GOP), Paul 2014 Sony reported that direct financial loss was $15 million. That money was spent only for the analysis and collection of information on losses. Intrusion started in 2013 Hackers intrude into system and tested malware No malware detection Friday 21th of November 2014 Monday 24th November 2014 Hackers sent blackmail warning 100 TB data released of No malicious traffic detection Figure 47. Time Scale of Sony Entertainment Company Cyber Attack, 2014 82 �Reputation risk that includes data loss of partners, users, relationships, and other indirect losses, was immeasurable. Hillary Clinton’s presidential campaign The US presidential campaign from 2016 still causes tremors in internal and external politics. One of the major topics was Senator Clinton's leaked e-mails. Senator Hilary Clinton ordered her engineers to set up an e-mail server at her home in New York, while she was the U.S. Secretary of State. Clinton's private e-mail system development began in June 2008, when an Apple technician installed and configured an e-mail server in Clintons' New York Chappaqua home (FOX NEWS, 2016). Private mail system set up for governmental use 2008 No malware detection Confidential governmental information stored on private mail server Email server configured to use google as backup server 2012 Hackers realised confidential e-mail 2013 November 2015 FBI started with official investigation No intrusion detection Mails were not encrypted Figure 48. Time Scale of Private mail server usage for exchange of confidential governmental information Two domains were created with a unique DNS names, namely presidentclinton.com & wjcoffice.com. Later that same year, Bryan 83 �Pagliano, an IT specialist, was hired to set up an additional e-mail server. In 2009, Hilary Clinton was appointed as the Secretary of State. In March 2009, Bryan Pagliano and Justin Cooper transferred all e-mails from the Apple computer to a newly established e-mail server (Clinton Email Investigation Timeline, 2018). The old Apple computer that served as e-mail server was given to a household staff member as a personal computer (Clinton Email Investigation Timeline, 2018). In November 2012, the private e-mail server was configured to use Google as the backup server, and a month later, investigators asked Hilary Clinton if she used a personal e-mail for classified e-mails (CNN, 2016), (Clinton Email Investigation Timeline, 2018).. From media reports it was obvious that e-mails were not encrypted, nor were they digitally signed. The reason was the lack of complying with available security standards and the best practices for official e-mail communication. In March 2013, a hacker named "Guccifer" widely distributed emails sent to Clinton (The Smoking Gun, 2013). In November 2014, a special committee asked Clinton to release e-mails about terrorist attacks on the U.S. Consulate in Benghazi, so she released e-mails from her private and official .gov e-mail accounts (Kalvapalle R, 2016). On 10th of July 2015, the FBI formally began an investigation to determine whether a private e-mail server was used for storing or transmitting classified information by Hillary Clinton and her associates. In that way they wanted to check if she violated federal criminal statutes. On 26th of July 2015, Clinton denied that she used her private server to send classified e-mails while she was the Secretary of State (Scott E., 2015): "I am confident that I never sent nor received any information that was classified at the time it was sent and received," On September 23, 2016, FBI released 200 pages (LoBianco T., 2016) from its investigation of Clinton's private e-mail server. On 28th of 84 �October, the story about Clinton's private e-mail server culminated when FBI director James Comey announced (Silver N., 2017) his letter (Comey Letter, 2016), where he stated that e-mail server contains “emails that appear to be pertinent to the investigation.“ Figure 49. Comey Letter (2016), (Silver N., 2017) This letter had a significant impact on Senator Clinton's presidential election outcome since indicator polls (Silver N., 2017) 85 �of popularity declined and never recovered again. The US presidential election was held 12 days after Comey's letter, on Tuesday, November 8, 2016. Figure 50. Polls show Clinton’s popularity declined after FBI director letter was released (Silver N., 2017) Webstresser On April 2018, law enforcements from Britain, Croatia, Canada, Serbia and other countries (Cimpanu C., 2018) arrested administrators responsible for establishing the web service webstresser (webstresser.org and webstresser.co) in 2015. This service whose monthly subscription costed 15 Euros provided its users the ability to launch DDoS attacks on selected Internet targets. Even inexperienced users could have used this service to launch devastating attacks (Eyerys, 2018). 86 �It was assumed that attackers used botnets to amplify attacks on the targeted system. The service was looking for botnets which were later used to initiate the attack on specified targets. 2015 2016 Webstresser services has started 2018 2017 Different types of attacks were offered as service Webstresser was shut down Figure 51. Webstresser existence time line This is one of the newer types of hacking attacks where malicious attacks offered hacker's web service. Figure 52. (Eyerys, 2018) According to Washington Post (Shaban H., 2018), this service had 136,000 registered users who performed 4 million attacks. As a result of the law enforcement action, webstresser hardware was 87 �seized in the United States, the Netherlands, and Germany. The mastermind of this hacker service was a 17-year-old Croatian citizen from a small town near the Croatian capital, Zagreb, with other hackers from Serbia, Canada, and Britain (Shaban H., 2018). Figure 53. Locked http://webstresser.org/ address accessed 01.07.2018 Law enforcements locked one of the webstresser's web pages. 88 �Summary All the mentioned threats and attacks in this chapter resulted in numerous known and unknown cyber and information security incident cases. Fewer well-known cases covered by media and presented in this book happened to the Central Bank of Bangladesh, the retail-chain Target, the Sony Entertainment Company, and during the 2016 US Presidential Campaign. Presented cases could have been avoided if appropriate cyber and information security controls had been implemented, monitored, and audited. In previous chapters are given explanations of security of cyber and information system components that play important role in shaping cyber security landscape. Core of the explained cases have roots in improper configuration and administration of information components. In some cases such as Webstresser case we can understand that criminals were not aware of consequences after they create technical solutions for automated attacks for any person who is willing to start attack. It is clear that general knowledge of cyber security is problem as well because attack organisers in many cases think that they will not be caught. Knowledge acquired In this chapter, it is possible to gain knowledge about well-known cyber incident cases reported by many resources and media, which further show why cyber security must be treated as one of the top priorities. Review questions 1. What are key attack motivations in presented cases? 2. How could e-mail and data encryption help in preventing hacker attacks in presented cases? 3. For which of presented cases could antimalware protection prevent attack escalation? 89 �Further readings 90 - India bank hack 'similar' to $81 million Bangladesh central bank heist https://www.reuters.com/article/us-city-unionbank-swift/india-bank-hack-similar-to-81-millionbangladesh-central-bank-heist-idUSKCN1G319K - Before massive Bangladesh heist, New York Fed feared such cyber attacks https://www.reuters.com/article/usbangladesh-heist-fed-insight-idUSKCN0XX28F - Bangladesh to sue Manila bank over $81-million heist https://www.reuters.com/article/us-cyber-heistbangladesh/bangladesh-to-sue-manila-bank-over-81million-heist-idUSKBN1FR1QV - Bangladesh Bank Attackers Hacked SWIFT Software https://www.bankinfosecurity.com/report-swift-hackedby-bangladesh-bank-attackers-a-9061 - The Bangladesh Bank Heist: Lessons in Cyber Vulnerability http://theonebrief.com/the-bangladesh-bank-heist-lessonsin-cyber-vulnerability/ - Target cyber breach hits 40 million payment cards at holiday peak https://www.reuters.com/article/us-target-breach/targetcyber-breach-hits-40-million-payment-cards-at-holidaypeak-idUSBRE9BH1GX20131219 - Specialty retailer becomes target of cyber-attack https://www.chainstoreage.com/article/specialty-retailerbecomes-target-cyber-attack/ - Supply Chain Attacks on Retail – What Happens When Trusted Channels Can’t be Trusted? https://www.rsaconference.com/blogs/supply-chain- �attacks-on-retail-what-happens-when-trusted-channelscant-be-trusted - The Untold Story of the Target Attack Step by Step https://aroundcyber.files.wordpress.com/2014/09/aoratotarget-report.pdf - Target Confirms Point-of-Sale Malware Was Used in Attack https://www.securityweek.com/target-confirms-point-salemalware-was-used-attack - Sony to pay staff $8m compensation over cyber-attack http://www.bbc.com/news/entertainment-arts-3493148 - The Attack on Sony https://www.cbsnews.com/news/northkorean-cyberattack-on-sony-60-minutes/ - Clinton campaign 'hacked' along with other Democratic groups http://www.bbc.com/news/election-us-2016-36927523 - How Russia-linked hackers stole the Democrats' emails and destabilised Hillary Clinton's campaign http://www.abc.net.au/news/2017-11-04/how-russianshacked-democrats-and-clinton-campaign-emails/9118834 - Exclusive: Clinton campaign also hacked in attacks on Democrats https://www.reuters.com/article/us-usa-cyber-democratsinvestigation-exc/exclusive-clinton-campaign-also-hackedin-attacks-on-democrats-idUSKCN1092HK - 2016 Presidential Campaign Hacking Fast Facts https://edition.cnn.com/2016/12/26/us/2016-presidentialcampaign-hacking-fast-facts/index.html 91 �- https://www.independent.co.uk/life-style/gadgets-andtech/news/webstresser-internet-ddos-europol-ncacybersecurity-a8321751.html - WebStresser.org site linked to global cyberattacks is shut down https://www.irishtimes.com/news/world/europe/webstress er-org-site-linked-to-global-cyberattacks-is-shut-down1.3478112 - DDoS-for-Hire Service Webstresser Dismantled https://krebsonsecurity.com/2018/04/ddos-for-hire-servicewebstresser-dismantled/ - Video for Webstresser operation: https://www.youtube.com/watch?v=-a9roduqf4I 92 �5. Cyber security controls Chapter abstract Chapter goals: To present the Risk management process, define internal controls, and control objectives for which standards such as the ISO 27000 family 27000 (ISO 27001:2013, ISO 27005:2008, and other) and COBIT 5 framework can be implemented. Furthermore, the chapter explains and distinguishes between preventive, detective, corrective, general, and specific controls. Learning outcomes: Gaining knowledge on risk management processes and the type of standards and frameworks which can be used for the establishment of internal controls to manage cyber security. Understanding different types of controls. Information technology usage related to Cyber risk In the present business environments, Information Technology (IT) is used to improve business operations and performances. Usage of IT in everyday operations is susceptible to unavoidable risks explained in the previous chapter. Risk management Every organisation has to manage risks associated with information technology usage. This process contains steps such as risk analysis, risk assessment, and risk treatment. 93 �Risk analysis Risk analysis helps in the identification of threats, vulnerabilities, likelihood, and the impact of unwanted events. Risk assessment In the risk assessment phase, information assets (people, information, services, hardware, software, network, site, organisation, and intangibles) have to be identified. Identified threats, vulnerabilities, likelihood, and impact have to be determined and calculated for the recognised information assets. The following phase is the risk treatment plan, and it has several strategies. Figure 54. Risk management process Risk treatment Risk treatment can be done using the following strategies:  94 Risk mitigation through implementation controls to reduce risk. � Risk acceptance by accepting risk without taking any kind of control.  Risk avoidance through avoiding the execution of an action which can cause risk.  Risk transfer through transferring risk to somebody else, e.g. suppliers of web hosting service, taking insurance, etc. Internal controls Goals of internal controls have a dual nature – what should be achieved and what should be avoided. Internal controls are implemented through organisational policies, procedures, practices, and organisational systematization and structure with the goal of managing organisation's risks. Internal controls are applicable at all levels of any organisation. Management is responsible for strategic decisions in introducing internal controls into the organisation culture. There are three classes of internal controls: preventive, detective, and corrective. Purpose of internal controls The essential logic of audit is to investigate whether internal controls exist, how it is implemented, and whether it is monitored on regular basis. If internal controls do not exist, internal auditors suggest their implementation. A typical risk in business is the neglecting of the need for internal controls when new technology is introduced, since all technology is implemented with the goal of having faster or cheaper operations. In essence, all technology has the risk of usage, and those who implement new technology usually overlook all associated risks. This is because they are preoccupied with core needs and benefits of implemented technology and do not consider all associated risk with the specific technology. 95 �There are eight review areas Information Systems Audit and Control Association (ISACA), (CISA 2015, pp. 295) which can also be used in auditing: 1. Enterprise architecture and auditing 2. Hardware audit 3. Operating system audit 4. Database audit 5. Network infrastructure audit 6. Information system operation audit 7. Scheduling audit 8. Problem management reporting audit Control objectives Information system control objective has to be established with the goal to provide assurance that business objectives will be reached through selection of applicable controls which will be implemented and monitored. Internal control requirements could be established to fulfil some or all aspects: 96  Confidentiality  Integrity  Availability  Effectiveness  Economy � Efficiency  Non-repudiation  Reliability  Accountability Internal controls should use a goal for criteria which can be an accepted standard and technique, best practice, or framework. Figure 55. CIA Triad ISO 27001 The above requirements are common for standards such as ISO 27001 (ISO 27001:2013) which acknowledges three aspects of information security, namely Confidentiality, Integrity, and Availability (CIA). Implementation of the information security using the ISO 27001 standard (ISO 27001:2013) suggests that Information Security Management System (ISMS) has to be established and maintained 97 �through the Plan-Do-Check-Act (PDCA) process of improvement (ISO 27001:2013). In the Plan phase, the project border agreement is established, thus, physical locations and systems are included or excluded form the scope. Afterwards, the overall information security policy is established and approved by the top management. The following stage entails the collection of information from information assets through process mapping and GAP analysis. D P Project border agreement Implementation of controls Training and awareness Information security policy approved Statement of applicabiloity Record collections Process mapping Asset evaluation Audit C GAP analysis Risk assesent Improvements A Figure 56. ISMS PDCA cycle In the Do phase, risk assesent (ISO 27005:2008 standard for security risk management is developed suitable for ISO 27001:2013 implementation) is conducted through asset evaluation vulnerabilities, threats, likelyhood, and impact. After this stage, statement of applicability is created with a goal to approve plan for 98 �implementation of controls. Last come training and awareness and collection of records. In the Check phase, information security audits are performed, folowing the previosly explained General scheme of the auditing process. After detecting space for improvements in the check phase, the Act phase ensures that improvements are actually made. The purpose of the PDCA cycle is to constantly improve system performances through constant improvements. ISMS as a system can be certified by the external certification body which will additionally improve the system performance. 3E's The 3E's approach KPMG (2018) of excellence is used for measuring performances of any organisation: Economy – reducing costs of inputs, Efficiency – the right effort allocation, Effectiveness –achieving determined goals. Lowest cost for acquisition of resources keeping quality level Economy Efficiency Effectiveness Obtaining maximum outputs from given minimum of inputs Ratio of obtained outputs or goals compared to planned Figure 57. Business performance measurement using 3E’s (KPMG, 2018) 99 �COBIT 5 ISACA developed Control Objective for IT (COBIT 5) framework with five major principles (ISACA, 2012): 1. Meeting stakeholders’ needs – every organisation exists due to its stakeholders, thus business must use IT to meet stakeholders’ needs. 2. Covering enterprise end-to-end – covering not only IT but all issues which encompass everyone and everything. 3. Applying single integrated framework – because there are many IT related frameworks, COBIT 5 aligns with all other frameworks and standards. 1. Meeting stakeholders needs 5. Separting govrenanace from management 4. Enabling holistic approach COBIT 5 2. Covering enterprise end-to-end 3. Applying single integrated framework Figure 58. ISACA's COBIT5 (ISACA, 2012): 4. Enabling holistic approach – COBIT 5 defines seven categories of enablers which support governance and management of enterprise (CISA 2015, pp.154.):  100 “Principles, Policies, and Frameworks � Processes  Organisational Structures  Culture, Ethics, and Behaviour  Information  Services, Infrastructure, and Applications  People, Skills, and Competencies” 5. Separating governance from management – Governance and management, according to COBIT 5, have a recognisable distinction. Preventive controls Controls are established to avoid errors and interruptions, to segregate duties by implementing mechanisms such as four-eye, and to monitor for potential problems in their early stages. Detective controls Detective controls have to be established to detect malicious events, failures, and errors. Corrective controls Corrective controls are used to correct errors, interruptions, detected problems, and bottlenecks. General controls General controls are controls related to all parts of organisation, such as controls related to physical and logical security policies, accounting, proper use of assets, and tracking transactions, as well as administrative controls, and other related controls (CISA 2015, pp. 45.). 101 �Specific controls General controls can be used to create specific controls. From the perspective of information system controls with a goal of managing information and cyber security following areas can be used to create specific controls:  Business continuity and disaster recovery planning;  Access to information resources such as databases, configuration files, and communication devices;  BYOD policy. Specific controls examples Following are few examples of areas which appear as particularly interesting for the implementation of specific controls. Business continuity and Disaster recovery related controls Business continuity and disaster recovery management addresses availability of information and information assets. Physical security, utilities, and environment are needed so that equipment and employees are safe at work. Controls have to be established, so that security perimeters and backup communication links exist, and that backup power supply from secondary grid is available. Disaster recovery planning is related to hardware, software, and infrastructure which support business operations (Everest D., et. al., 2008). 102 �Business continuity planning is related to business operations and relies on infrastructure, software, and hardware (Everest D., et. al., 2008). All mentioned aspects are needed to give resilience to business operations in a specific business surrounding. Before the digital age, business operations were possible without hardware and software. However, in today’s business world, business is not possible without computers. As such, DRP has to support BCP (Everest D., et. al., 2008). Figure 59. BCP DRP triangle Risk assessment is a crucial part of BCP / DRP management process where Recovery Time Objective (RTO) and Recovery Point Objective (RPO) have to be determined (Everest D. et al, 2008). RTO represents how quickly operations have to be restored, while RPO shows the amount of unavailable operations and data, which could consequently cause problems. 103 �Based on the risk, appetite management is willing to spend additional money for the implementation of strategies that specific technologies and facilities can support. Every business process has to be supported by appropriate plans with conducted Business Impact Analysis (BIA). BCP / DRP plans have to be tested at regular intervals, and recognised weaknesses in test process have to be resolved. All the aforementioned areas are fields for the implementation of internal controls to monitor effectiveness of implementations. Disruption RTO RPO Time Time No time No time Hardware Hardware No or frame for frame for available available minimal Hardware Hardware with loss delivery delivery limited but facility but facility processing exist exist power Redundant system, active clustering Confidence Hot site, hot stand by Service bureau Cold Replacement site, cold stand by Strategies Money spent Figure 60. RTO / RPO relation Bring Your Own Device (BYOD) controls The Bring Your Own Device (BOYD) policy implements new types of security risks. The reason is because new personal devices are 104 �brought by people who use systems on production networks which are allowed by policies of many organizations. Tests for security weaknesses and risks have to be rigorous for this type of devices. This task is not easy because personal devices are not installed uniformly and usually have different software such as operating systems and application. These devices have to be taken care of by preventing infection with malware, and by making sure they are patched. A BYOD device has to be configured so that when it is lost all data is deleted and information confidentiality remains intact. If appropriate controls are not deployed, usage of these kinds of devices can increase security risks and produce negative consequences for the system in which they are brought. Summary Cyber and information security controls are needed as a management tool for setting up internal control mechanisms. This has to be done through appropriate risk management, such as risk analysis, risk assessment, and risk treatment. For this purpose, control objectives have to be defined. Control objectives can be classified as preventive controls, detective controls, corrective controls, general controls, or specific controls using available standards such as ISO 27001 (ISO 27001:2013), NIST, and COBIT 5. Knowledge acquired In this chapter, it is possible to gain knowledge about risk management process, different approaches for conducting risk assessment, and different risk management approaches. Review questions 1. Explain the risk management process. 2. What are risk treatment options? 105 �3. What are internal controls? 4. What are control objectives? 5. Explain PDCA cycle and for what purpose it is used. 6. Name possible preventive controls. 7. What can be a specific control? 8. Name possible specific controls. 9. What is BCP? 10. What is DRP? 11. Explain the meaning of RTO and RPO. 12. What is the risk analysis? 13. What are five major principles of the COBIT5 framework? Further readings 106 - About Risk Management https://www.theirm.org/the-risk-profession/riskmanagement.aspx - Risk Treatment https://www.enisa.europa.eu/topics/threat-riskmanagement/risk-management/current-risk/riskmanagement-inventory/rm-process/risk-treatment - 5 Types of Risk https://simplicable.com/new/risk-treatment - INTERNAL CONTROLS http://www.accaglobal.com/gb/en/student/exam-support- Treatment �resources/fundamentals-exams-studyresources/f1/technical-articles/internal-controls.html - ISO/IEC 27000 family - Information security management systems https://www.iso.org/isoiec-27001-informationsecurity.html - Economy, Efficiency, http://www.en.valuemex.com/node/23 - ARE YOU USING THE 3 E’S OF MANAGEMENT TO MEASURE YOUR PERFORMANCE? https://www.jhmriskmanagementservices.co.uk/blog/areyou-using-the-3-es-of-management-to-measure-yourperformance/ - What is COBIT https://www.youtube.com/watch?v=Y8kqh9q3Jwg - Business Continuity and Disaster Recovery for InfoSec Managers https://www.sciencedirect.com/science/book/978155558339 2 - BRING YOUR OWN DEVICE... HOW TO STAY IN CONTROL https://www.clearswift.com/sites/default/files/documents/ pdf/bring-your-own-device-how-to-stay-in-control.pdf Effectiveness 5? 107 �6. Cyber security audit Chapter abstract Chapter goals: To present the three lines of defence model, organisation responsibilities in security governance, and cyber security audit. To present audit objectives, types of audits, and risk-based auditing. Chapter also aims to explain audit risk, and different types risk-based approaches such as qualitative and quantitative. Furthermore, it will introduce audit risk types and structure of audit reports which includes condition, criteria, cause, and effect of Internal Auditing. Based on ISACA guidelines, it is possible to perform cyber security audit for following areas: hardware, operating systems, databases, network infrastructure audit, information systems, scheduling audit, and problem management reporting. Learning outcomes: Gaining knowledge of three lines of defence model and the role of internal audit in the organisation defence. Becoming acquainted with audit risk types and risk associated to audit process. Understanding areas and topics that can be object of auditing. Organisation defence model To perform audit of computer network infrastructure which supports organisation processing facilities, it is necessary that Internal Auditor (IA) has a good knowledge of the operation of equipment explained in previous chapters. An auditor has to ask questions verbally or in a documented way using questionnaire, and check the list to determine state of information security in the organisation so that she or he can provide audit assurance state of the information security. Organisations such as financial institutions (commercial services and regulatory organisations), military capacities, nuclear power plants which are considered as 108 �vital infrastructures can bring whole countries and regions into hard and challenging incident situations. That is why it is important to have well-defined lines of defences in digital surroundings at all levels. If the object of protection is communication lines, it is necessary to have more defence perimeters such as demilitarised zones, internal and external firewalls, network intrusion detection systems, host intrusion detection systems, and anti-malware software. In addition to engineers, multiple levels of defence precautions, specific organisational measures, and defence perimeters are needed. The well-known three lines of defence (TLoD) model implements a systematic approach to manage risk. The Institute of Internal Auditors (IIA, 2013) recognised three lines of defence as following:  First line of defence: Operational management  Second line of defence: Risk management and compliance function  Third line of defence: Internal audit The three lines of defence model There is a well-known saying which says: “divide and conquer”. This saying is applicable to governing of cyber and information security. Explanation and modelling of the three levels of defence mechanisms acquired all over the globe and brought by IIA (2013) are given in the following paragraphs. The first line of defence: Operational management The first line of defence are managers, because they control and manage risks. Furthermore, managers implement internal controls and perform corrective actions. Operational management is placed in the first line of defence, because all operations that are supported 109 �for example by IT functions must be conducted at this level. Additionally, this defence includes controls against active and passive attacks, anti-malware protection, and definition and reinforcement of password policies. Figure 61. The three lines of defence model (IIA, 2013) The second line of defence: Compliance and Risk Management Goal of this defence level is to provide risk management framework by identifying risk areas and manage risk. This defence level is also responsible for monitoring effectiveness of internal controls, and adjusting internal operations with laws and regulatory requirements. The third line of defence: Internal audit In this model, internal audit is placed in the third defence line, and its function is to provide independent assurance using international standards. In its operations, internal audit function has to provide reports to audit committee and governing board about state of specific business area that was an object of audit. 110 �Purpose of internal audit is to provide independent assurance regarding business operations and according to IIA (2013) to:  Evaluate and report on degree of alignment;  Evaluate and report on corporate risk management practices and results;  Evaluate and report on efficiency;  Evaluate and report on degree of effectiveness of measures in place and metrics in use;  Evaluate and report on efficiency, effectiveness or resource management; According to ISACA, auditors’ task at management level is to evaluate and report on degree of alignment, while in strategic alignment, their task is to evaluate and report on corporate risk management practices and results. In the risk management process auditors need to evaluate and report on efficiency and to evaluate and report on degree of effectiveness of measures in place and metrics in use in organisation value delivery. Furthermore, their role in performance measurement is to evaluate and report on efficiency or resource management, and to evaluate and report on effectiveness of assurance processes performed by different areas of management compared to other organisational roles, as it is shown in Table 10. Organisation responsibilities in security governance Below is Brotby, (2006): in Information Security Governance: Guidance for Information Security Managers. 111 �Management level Board Directors Strategic Alignment Require demonstrabl e alignment Executive management Institute processes to integrate security with business objectives Steering committee Review and assist security strategy and integration efforts Ensure that business owners support integration. Develop the security strategy, oversee the security program and initiatives, and liaise with business process owners for ongoing alignment. Evaluate and report on degree of alignment. CISO/ information management Audit executives Risk Management Establish risk tolerance Oversee a policy of risk management Ensure regulatory compliance. Ensure that roles and responsibilities include risk management in all activities. Monitor regulatory compliance Identify emerging risks, promote business unit security practices and identify compliance issues. Value delivery Require reporting of security costs. Performance measurement Require reporting of security effectiveness. Resource Management Oversee a policy of knowledge management and resource utilization. Process Assurance Oversee a policy of assurance process integration. Require business case studies of security activities. Require monitoring and metrics for security initiatives Ensure processes for knowledge capture and efficiency metrics. Provide oversight of all assurance functions and plans for integration Review and advise on the adequacy of security initiatives to serve business functions. Review and advise whether security initiatives meet objectives. Review processes for knowledge capture and dissemination . Identify critical business and assurance providers. Direct assurance integration efforts Ensure that risk and business impact assessments are conducted, Develop risk mitigation strategies. Enforce policy and regulatory compliance. Monitor utilization and effectivene ss of security resources Develop and implement monitoring and metrics approaches, and direct and monitor security activities. Develop methods for knowledge capture and dissemination , and develop metrics for effectiveness and efficiency. Liaise with other assurance providers. Ensure that gaps and overlaps are identified and addressed. Evaluate and report on corporate risk management practices and results Evaluate and report on efficiency. Evaluate and report on degree of effectiveness of measures in place and metrics in use. Evaluate and report on efficiency or resources management. Evaluate and report on effectivenes s of assurance processes performed by different areas of managemen t Table 10. Relationship matrix in organisation structure of security governance Brotby, (2006): Table 10. shows the way in which relationship in organisation structure of security governance could become clearer. 112 �Cyber security audit Cyber and information security audit is important for adding value to organisation, conducting audits, and reporting management on findings from conducted audits. Performing an audit Audit has to be performed through predefined steps with the goal of providing provide evidence of findings gathered during audit. Plan the audit Audit 1 Audit 2 Scheduled audit (n) Audit n Start audit Conduct audit Complete audit Scheduled next audit Generate report Share Figure 62. General scheme of audit process, (ISACA CISA 2015 pp. 42.) Following steps are part of an audit process:  Plan the audit engagement, by considering audit goals and risks associated with the object of audit.  Build the audit plan with detailed goals of audit in a time line. 113 � Plan the execution according to an audit plan.  Monitor project activity through reporting progress of an audit. Audit objectives Audit objectives are goals that are set up for each audit project and based on the selected audit type. Types of audits An information security auditor can perform different types of audits which are briefly explained below: 114  Compliance audits are related to well-known standards such as ISO 27001, PCI DSS, HIPPA, and other related standards of specific industry and field of operation.  Financial audits are performed to test correctness of financial reports.  Operational audits are performed to assess specific controls of organisation processes, e.g. controls in implementation of BYOD policy.  Administrative audits are performed to assess operational productivity effectiveness of an organisation.  Information security audits can be used to assess the state of overall information security management system through an entire organisation. If Information Security Management System (ISMS) is implemented, limited or overall scope of the system can be an object of auditing. One of the examples is conducting limited audit scope to access rights, password policies, and segregation in networks where different checks and tests can be performed against infrastructure to provide assurance of implemented controls on network and �operating systems which represent a foundation of every infrastructure.  Specialized audits can be conducted to assess third party services by using special standards and regulations related to specific industry.  Integrated audits can include more types of audit, such as financial, operational, and information system and security audit. Financial Audit Operational Audit Information system and security audit Figure 63. Integrated audit, (ISACA CISA 2015, pp. 62.)  Forensic audits are performed after detecting fraud or a crime (CISA 2015, pp. 391.). Their main goal is to collect evidence in controlled environment and deliver it for review by authorities such as police and courts of law. Typical steps to conduct forensic investigations with a goal to prepare evidence admissible at courts are shown in Figure below. 115 �Figure 64. Digital forensic investigation (Ademu I. O., et al, 2011) Risk-based auditing and audit risk When selecting audit goals, it is necessary to understand what is feasible in the risk-based audit’s conduct of risk assessment Chartered Institute of Internal Auditors (2014). Risk assessment can be carried out through qualitative, semiquantitative, or quantitative based risk assessment. Qualitative risk-based approach The simplest and most frequently used risk assessment approach is the qualitative risk-based approach. It uses description markings for likelihood and impacts. Furthermore, it utilizes checklists and ranking with three or four levels of risk: high, medium, and low (or very high, high, medium, low). It is based on a subjective opinion. Semi-quantitative risk-based approach Instead of using descriptive values such as high, medium, and low, these descriptions are also given numerical values. Thus, total weight for a specific area can be aggregated to calculate different factors and monitor outcomes. Quantitative risk-based approach This type of risk-based approach uses numerical values from different sources, such as the number of malware infections, number of unpatched operating systems, specific log events, number of attacks, and the time between patch release and patch implementation. 116 �Audit risk types Audit carries its own risks, some of which are briefly described below (CISA 2015, pp.48):  Inherent risk existing in specific business environments, related to activities, processes, or technology used without any supervision, is considered audit risk.  Control risk is associated with the risk that errors will not be detected on time due to no supervision or as a result of not conducting check-ups.  Detection risk is associated with the risk that a specific error will not be recognised by an auditor.  Overall audit risk associated with the risk that an error will not be detected by an auditor. Evidence collection There are different techniques to collect evidence (CISA 2015, pp. 39.):  through structured interviews with relevant personnel  using questionnaires,  using checklists  reviewing the organisation structure,  reviewing policies,  using relevant standards,  reviewing documentations, system logs, and system settings, 117 � observing business and employee performances  control walk-throughs  statistical and non-statistical sampling  attribute sampling  stop-or-go sampling  discovery sampling  variable sampling Condition, Criteria, Cause and Effect of Internal Auditing In the audit process it advisable to use the Condition, Criteria, Cause and Effect approach (Watkins W., 2014) for the collection and documentation of evidence, as well as for the presentation of findings with audit recommendations. Condition are pieces of evidence of that were found in the audit process. Criteria can be best practice, known ways of doing something, how something should work, policy references, processes, and standards. Cause is the reason that caused the recognised condition. Effect is the impact or risk recognised set by a condition, when there are high probabilities of the condition being met, or the condition has been met already. As already explained, there are eight review ISACA (CISA 2015, pp. 295) areas which can also serve as areas for cyber audit: 1. Enterprise architecture and auditing 118 �2. Hardware audit 3. Operating system audit 4. Database audit 5. Network infrastructure audit 6. Information system operation audit 7. Scheduling audit 8. Problem management reporting audit According to ISACA, environment audit is relevant for information systems and security audits, but is not relevant for cyber security because it is out of the given scope. Here mentioned are only a few issues related to environment audit in reference to information system assets. For each ISACA area of interest there is a set of operational controls to be checked for which different standards were used, such as ISO 27001, NIST, COBIT5, and ISACA CISA (2015) guidelines. The list below, which provides the operational control sets, can be expanded with new risks recognised in the risk assessment process and risk analysis phase. Enterprise architecture and auditing One of the first steps in auditing information system is to review enterprise architecture, connections between branches, network design, and other infrastructure components. Hardware audit When performing hardware audit, it is necessary to check if all precautions are met to comply with available security controls (CISA, 2015 pp. 300): 119 �- Protect hardware by considering different levels of security using security perimeters. - Have a designated owner for each hardware component. - Is the risk assessment for the critical infrastructure performed for confidentiality, integrity, and availability? - Is maintenance performed at regular intervals specified by the vendors? - Check if the BYOD policy is defined, and whether information security principles are satisfied. - Separate power and communication cables, especially copper communication cables, due to possible electromagnetic interference. - Communication cables have to be protected with conduits. Operating system audit When performing operating system audit it is necessary to check if all precautions are met in order to (CISA, 2015, pp. 297): 120 - Restrict and block unauthorised logical access controls. - Prevent unauthorised physical or network access over IP consoles to the system console. - Block capabilities which would enable an unauthorised person to interact with and interrupt the system. - Maintain system patches and up-to-date system software. - Change default passwords. �- Is there documentation where changes (addition, deletion) to access rights can be seen? - Block unsupervised usage of Universal Serial Bus (USB) media. When performing an operating system audit, is necessary to check if all of the following precautions are met to comply with available security controls connected to environment (CISA, 2015, pp. 297): - Establish contracts with external parties for tasks that cannot be carried out with internal resources in process of marinating information system. - Develop a mechanism to control access to critical infrastructure rooms using CCTV camera, biometric door locks, electronic door, or bolting door locks. - Have UPS and electric generators to support constant power supply for computer and network infrastructure. Database audit When performing database audit, it is necessary to check if all of the following precautions are met in order to comply with available security controls (CISA, 2015, pp. 298.): - All tables and views exist in entity relations as separate entities. - All access rights and roles are justified for users and groups - Password policy is established and a regular password change policy is implemented. - Encryption is implemented as a result of the risk analysis. 121 �- Copies of data on test environment are either masked or encrypted. Network infrastructure audit When performing network infrastructure audit, it is important to check if all of the following precautions are met in order to comply with available security controls (CISA, 2015, pp. 299.): 122 - Protect passive and active network components in safe rooms, e.g. server rooms. - Have access control and video surveillance installed on access points and inside server rooms. - Use MAC address filtering on switch ports. - Check whether system is configured to do the following: change default passwords of active communication devices on all devices, force personalisation usernames (every user has a unique username), force password policy (remember last five passwords, change password every n days, request that passwords contain capital and small letters, numbers, and special characters), request the change of password if it is given to a third person, e.g. a maintainer, request an immediate change of password and/or blocking of user account if person who knew the password left the organisation. - Use screen lock-out after specified time when there were no interactions in the established session or log-on to system resources (servers, routers). - Log-on attempts to administrators / supervisor accounts has to be logged. - Check if all log reports are reviewed at a regular basis. �- Make sure that only authorised access is allowed to computer resources, whether via network or stand-alone devices. - Check if appropriate risk analysis is performed to determine if encryption is needed for data in transit or data stored on computer media. - Report when network devices and all computer infrastructure are hardened, so that services and port which are not used are strictly prohibited. - Implement segregation in infrastructure with firewalls. - Implement intrusion detection systems which are updated to recognise latest cyber and information security threats. - Have controls to prevent abuse of PBX for tapping, eavesdropping (silent monitoring), traffic control, user tracking, and fraud. - Document all IP addresses on interfaces. networks for critical Information system audit operation audit When performing an operating system audit, it is necessary to check if all of the following precautions are met in order to comply with the available security controls (CISA, 2015, pp. 300): - Check if information classification is established. - Make sure that overall information cyber and information security of the organisation is delegated by a single position such as Chief Information Security Officer (CISO) or by other person on the manager position. 123 �124 - Implement encryption mechanisms in order to protect personal data. - Implement segregation of duties. Table 11. Shows the Segregation of duties matrix developed by ISACA (ISACA, 2015), where X indicates potential control weakness. - Have incident management system running. - Make sure that responsibilities for information security are delegated to all employees. - Have backup and restore policies in place. - Implement four-eye principle, so that transaction cannot be done by a single person. - Have patch management in place. - Record and monitor all logs at regular intervals to detect potential incident and problems. - Have appropriate anti-malware policy and provide appropriate anti-virus solution. - Have mechanisms and procedures to be able to reconstruct events in cyber and information security incident cases. - Establish change management procedures, so that change activities are performed in line with approved change management procedures. - Report the restore test to confirm that all data can be recovered and validated by data owner. - Establish regular practice of performing in-house security tests and independent penetration testing. �X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Quality Assurance X X System programmer Systems X Network X Database Control group Systems analyst Application programmer Help Desk and Support Manager End User Data Entry Computer Operator Database Administrator Network administrator System administrator Security administrator Systems programmer Quality Assurance Security administrator Have adequate controls of logical access. Computer Operator - Data Entry Have an overall cyber and information security awareness education programme. End User - Help Desk and Support Manager Report that DRP and BCP plans are tested on a regular basis. Application programmer - Systems analyst Establish Disaster Recovery Plans (DRP), and Business Continuity Plans (BCP). Control group - X X X X X X X Table 11. Segregation of duties matrix (CISA 2015, pp. 116.) Scheduling audit When performing audit of job and personnel scheduling, it is necessary to check if all of the following precautions are met to comply with available security controls (CISA, 2015, pp. 301.): 125 �- Business activities are scheduled. - All jobs are performed according to the schedule. - Persons who make changes must be authorized to make changes. - Existing personnel supports scheduled business activities. - There is a priority list of critical applications and infrastructure components that has to be recovered with regard to Recovery Time Objective (RTO) and Recovery Point Objective (RPO). Problem management reporting audit When performing an operating system audit, it is necessary to check if all of the following precautions are met to comply with available security controls (CISA, 2015, pp. 302.): - Functionality of a system allows problems to be reported. - There are responsible persons who monitor problems in the system. - Mechanisms for resolving submitted reported problems exist. - There are defined procedures for escalating recognised incidents. Timeline for cyber security audit Because order of audits can help in a better organisation of findings and the audit effectiveness, there needs to be a planned time scale for cyber security audit (Figure below). 126 �Operating system audit Network infrastructure audit Hardware audit Audit start Audit Finished Time Environment audit Database audit Scheduling audit Information system audit Problem management reporting audit Figure 65. Cyber security timeline audit Every audit has limited resources, such as time, and auditors’ skills. ISACA CISA (2015) guidelines and BCP / DRP triangle (Rouse M., 2018), which has a specific order in establishing business operations (DRP has to come first before BCP to support business operations) are used for the timeline in Figure above. First of all, environment and utility issues, followed by infrastructure with hardware, operating systems, networking, and data base audit need to be checked. Afterwards, information system has to be audited for scheduling, problem and incident management, and reporting. Because of known limitations and possible unknown interruptions and limitations in the audit planning phase, auditors have to determine time windows for each phase. If possible, they should predict the flow of events in the expected timeline. 127 �Duration of audit depends on complexity of organisation that can be couple weeks or couple months. The cyber security audit timeline can be seen as a workflow which uses a set of audit practices and methods to collect information required to complete the audit process. Each step in the workflow might require looping, branching, and repetition of previous steps. The Condition, Criteria, Cause, and Effect approach has to be used to make a clear distinction between current or possible conditions and effect/risk using criteria to detect the cause of condition. Summary Due to risk of cyber security incidents, it is necessary to perform appropriate management tasks to protect information assets. One important part of safeguarding information assets is to conduct regular audits. Because all current or future business models already are or will be supported by electronic ways of communication and processing, cyber security is a crucial part that has to be supported. As the third line of defence, audit is important for the cyber security assurance. Audit needs to be planed according to available standards, and audit objectives need to be well defined. Before and during auditing, type of audit has to be selected. To minimise human intervention in the process of choosing the object of auditing, it is necessary to conduct riskbased auditing. In practise, there are three types of risk assessment (Qualitative risk-based approach, Semi-quantitative risk-based approach, Quantitative risk-based approach), which are related to organisation maturity and to the risk-based management. Audit process has audit risks which have to be acknowledged during performing audits. When auditing, it is wise to use already defined controls to minimize risk of not detecting weaknesses. Additionally, it is important to have a common point of reference which can be used 128 �by auditors and management or operational representatives of organisation's unit which is the object of auditing. Without a common ground reference and risk assessment based audit, one might think that internal auditors reached particular findings and requested internal controls, without understanding that they are international standard requirements. Common ground or reference point in auditing process is called criteria. Criteria are used to compare auditing process with current process condition in order to detect cause and define possible effects and risks. Knowledge acquired In this chapter it is possible to gain knowledge about cyber audit processes. Review questions 1. What are the three lines of defence model? 2. Explain the third line of defence: Internal audit. 3. Name steps of cyber security audit. 4. What are the types of audits? 5. What is an integrated audit? 6. Explain risk-based auditing and audit risk. 7. Explain risk-based approach? 8. What are audit risk types? 9. How can Condition, Criteria, Cause, and Effect of Internal Auditing help in writing audit reports? 129 �Further readings 130 - THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL https://na.theiia.org/standardsguidance/Public%20Documents/PP%20The%20Three%20Li nes%20of%20Defense%20in%20Effective%20Risk%20Mana gement%20and%20Control.pdf - Governance of risk: Three lines of defence https://www.iia.org.uk/resources/auditcommittees/governance-of-risk-three-lines-of-defence/ - What is an Integrated Audit? https://rmas.fad.harvard.edu/faq/what-integrated-audit - INTEGRATED AUDITING https://www.iia.nl/SiteFiles/IIA_leden/Praktijkgidsen/PG% 20Integrated%20Auditing[1].pdf �7. Conclusions Chapter abstract Chapter goals: To summarise book goals and review gained knowledge. Learning outcomes: Gain understanding of cyber security and audit landscape. Cyber security overview Cyber security should be the core of every business which relies on digital technologies. This strong dependence is reflected through success of companies which use latest technologies and incorporate them in their everyday business operations and models which represent only one side of business associated with the usage of information systems in the cyber space. Another side of digital technology is related to cyber incident cases presented in this book – Central Bank of Bangladesh, retail-chain Target, Sony Entertainment Company, Hilary Clinton’s presidential campaign, and Webstresser’s malicious service. One way to prevent incidents is to treat cyber security with respect which it deserves. That could be done by implementing applicable industry standards such as IOS 27001, NIST, CobIT, and performing audit by using ISACA guidelines such as CISA (2015). 131 �IIA’s three lines of defence model should be used in the internal organisation structure for auditing. The first line of defence model is operational management, second is supported by compliance and risk management, and third line of defence is task of internal audit using IIA, and other applicable standards and guidelines. Cyber security audit overview Cyber security audit has to be performed within defined audit objectives and types. Audit has to be based on a risk-based analysis where different types of risk analysis can be used: qualitative, semiquantitative, and quantitative risk-based analysis. Output of the risk analysis has to be used for implementation of internal controls by using relevant international standards. These controls are used by auditors and compared to standard criteria and practices. In this process, auditors collect the evidence which is information used to support auditor’s opinion. Cyber security audit can be performed using ISACA CISA (2015) guidelines which propose eight areas for auditing: hardware audit, operating system audit, database audit, network infrastructure audit, information system audit, scheduling audit, problem management reporting audit, and environment audit. Standards from the ISO 27000 (ISO 27001:2013, ISO 27005:2008, and other) family of standards can be used for the implementation of internal controls. They can also be used for documentation for creating checklists and audit implementation of internal controls. To successfully perform auditing, an auditor should have sound technical knowledge and experience with technological issues which are partially presented in this book. 132 �List of Figures Figure 1. Charles Joseph Minard: Napoleon's Retreat from Moscow (The Russian Campaign 1812-1813), Mason B., (2017) .......................................................................... 2 Figure 2. Cyber and information security realm ..................................................................... 8 Figure 3. Shannon’s communication model .......................................................................... 14 Figure 4. TPC / IP protocol suite layers .................................................................................. 15 Figure 5. ISO / OSI reference model ....................................................................................... 16 Figure 6. Network topologies .................................................................................................. 17 Figure 7. Client-Server and Peer-to-Peer communication models ..................................... 18 Figure 8. Infrastructure of the wireless communication model .......................................... 19 Figure 9. Ad-hoc wireless communication model ................................................................ 19 Figure 10. Encapsulation process and communication devices on layers ......................... 23 Figure 11. Typical SPAN port deployment in a simplified network diagram .................. 24 Figure 12. Typical Tap location in network ........................................................................... 25 Figure 13. Network TAP, Dualcomm (2018) ......................................................................... 26 Figure 14. Simple DHCP architecture and modus operandi ............................................... 32 Figure 15. Simple MUA, MTA, MDA architecture ............................................................... 33 Figure 16. Simple network printing service .......................................................................... 33 Figure 17. Simple RAS architecture ........................................................................................ 34 Figure 18. Napster (2018) ......................................................................................................... 35 Figure 19. Simple FTP architecture ......................................................................................... 36 Figure 20. Simple Telnet architecture ..................................................................................... 36 Figure 21. Simplified VPN connection ................................................................................... 37 Figure 22. Network Management history IETF, ISO Network Management architecture and model (Nuangjamnong C, 1998). ............................................................................ 40 Figure 23. Network Management architecture using SNMP, (Nuangjamnong C, 1998). 41 Figure 24. Network Management surrounding .................................................................... 41 Figure 25. Simple RMON architecture ................................................................................... 42 Figure 26. Example query using iReasoning MIB Browser ................................................. 43 Figure 27. DoS attack ................................................................................................................ 56 Figure 28. DDoS attack ............................................................................................................. 57 Figure 29. ARP operation and ARP attack ............................................................................. 58 Figure 30. Fraud triangle.......................................................................................................... 60 Figure 31. TOR (2018) ............................................................................................................... 62 133 �Figure 32. TOR modus operandi, TOR (2018) ....................................................................... 63 Figure 33. Common steps of intrusion attacks (Bejtlich, 2004)............................................ 65 Figure 34. Reconnaissance phases (CEH, 2018) .................................................................... 67 Figure 35. SamSpade (2018) ..................................................................................................... 68 Figure 36. Nmap / Zenmap (2018) .......................................................................................... 68 Figure 37. Whois output for www.mit.edu ........................................................................... 69 Figure 38. ZAP (2018) ............................................................................................................... 69 Figure 39. Wireshark window with captured traffic ............................................................ 70 Figure 40. Kismet (2018) ........................................................................................................... 71 Figure 41. System hacking steps (CEH, 2018) ....................................................................... 71 Figure 42. Password cracking techniques (CEH, 2018) ........................................................ 72 Figure 43. Cain & Abel (2018) captured traffic ...................................................................... 73 Figure 44. Time Scale of Central Bangladesh Bank Heist 2016 (Reuters, 2016) and (Krishna N. Das, and Jonathan Spicer, 2016) ................................................................ 78 Figure 45. Time Scale of Target retail chain Cyber Attack, 2013 ......................................... 80 Figure 46. "Guardians of Peace" (GOP), Paul 2014 ............................................................... 82 Figure 47. Time Scale of Sony Entertainment Company Cyber Attack, 2014 ................... 82 Figure 48. Time Scale of Private mail server usage for exchange of confidential governmental information .............................................................................................. 83 Figure 49. Comey Letter (2016), (Silver N., 2017).................................................................. 85 Figure 50. Polls show Clinton’s popularity declined after FBI director letter was released (Silver N., 2017) ................................................................................................................ 86 Figure 51. Webstresser existence time line ............................................................................ 87 Figure 52. (Eyerys, 2018) .......................................................................................................... 87 Figure 53. Locked http://webstresser.org/ address accessed 01.07.2018 ................................ 88 Figure 54. Risk management process ..................................................................................... 94 Figure 55. CIA Triad ................................................................................................................. 97 Figure 56. ISMS PDCA cycle ................................................................................................... 98 Figure 57. Business performance measurement using 3E’s ................................................. 99 (KPMG, 2018) ............................................................................................................................ 99 Figure 58. ISACA's COBIT5 (ISACA, 2012): ........................................................................ 100 Figure 59. BCP DRP triangle.................................................................................................. 103 Figure 60. RTO / RPO relation ............................................................................................... 104 Figure 61. The three lines of defence model (IIA, 2013) ..................................................... 110 Figure 62. General scheme of audit process, (ISACA CISA 2015 pp. 42.) ....................... 113 Figure 63. Integrated audit, (ISACA CISA 2015, pp. 62.) ................................................... 115 Figure 64. Digital forensic investigation (Ademu I. O., et al, 2011) .................................. 116 Figure 65. Cyber security timeline audit .............................................................................. 127 134 �List of Tables Table 1. Ethernet cable performance (Ethernet, 2018) ........................................... 20 Table 2. Ethernet standards (Ethernet IEEE 802.3 Standards, 2018) ................... 21 Table 3. Communication media weaknesses.......................................................... 22 Table 4. Applications / Services and standard ports used.................................... 37 Table 5. ISO, ITU-T, IETF basic principles .............................................................. 39 Table 6. RMON Groups (Cisco Remote Monitoring, 2018) .................................. 42 Table 7. Information security core principles (ISO 27001:2013 and Vigila et al., 2015) ............................................................................................................................. 48 Table 8. Short timeline of major malicious software appearance based on Wikipedia (2018) information .................................................................................. 51 Table 9. Short timeline of major malicious software appearance Reconnaissance and foot printing tools ............................................................................................... 66 Table 10. Relationship matrix in organisation structure of security governance Brotby, (2006): ........................................................................................................... 112 Table 11. Segregation of duties matrix (CISA 2015, pp. 116.) ............................ 125 135 �136 �Acronyms ACK Acknowledgement BCM Business Continuity Management BCP Business Continuity Plan BS British standard BSI British Standardisation Institute CERT Centre for Emergency Report Team COBIT Control Technologies Objectives for Information and Related CISA Certified Information Security Auditor CISM Information Security Manager CISP Certified Information Security Professional CISO Chief Information Security Officer CISWG Corporate Information Security Workgroup CSO Chief Security Officer DMZ Demilitarised zone DoS Denial of Service DDoS Distributed Denial of Service 137 �FTP File Transfer Protocol HTTP Hyper Text Transfer Protocol IA Internal Auditor ICMP Internet Control Message Protocol IDS Intrusion Detection System IP Internet Protocol IPPM IP Performance Management Group IPS Intrusion Prevention System IEC International Electrotechnical Commission IEEE Institute of Electrical and Electronic Engineers IPX Internetwork Packet Exchange ISACA Information Systems Audit and Control Association ISM Information Security Manager ISMS Information Security Management System ISO International Standardisation Organisation ISSEA International Systems Security Engineering Association IT Information Technology ITIL Information Technology Infrastructure Library KPI Key Performance Indicator LAN Local Area Network 138 �MIB Management Information Base NIST National Institute of Standards & Technology NMS Network Management Station OID Object identifier OSI Open System for Interconnection PDCA Plan Do Check Act QoS Quality of Service SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SQL Simple query language SPX Sequenced Packet Exchange SYN Synchronize TCP Transmission Control Protocol TNM Telecommunications Management Network UDP User Datagram Protocol UPS Uninterruptable Power Supplies USB Universal Serial Bus VPN Virtual Private Network WAN Wide Area Network XML Extensible Markup Language 139 �140 �References Andress J. and Winterfeld S. (Author)Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, Syngress; 2nd edition (October 1, 2013) Anttila J., Jusila K., Kajava J., Kmaja I., Integrating ISO / IEC 27001 and other managerial discipline standards with processes of management in organisations, 2012 Seventh International Conference on Availability, Reliability, and Security, pp 425 – 436. IEEE Conference Publications. Aversano, Lerina; Bodhuin, Thierry; Canfora, Gerardo; Tortorella, Maria, A framework for measuring business processes based on GQM, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004. IEEE Conference Publications. Aris MashZone (2013) Available from: http://www.mashzone.com/en/mashzone [Accessed on 17.07.2013] Arkalgud Ramaprasad, "On the Definition of Feedback", Behavioral Science, Volume 28, Issue 1. 1983. Available at: http://onlinelibrary.wiley.com/doi/10.1002/bs.3830280103/pdf [Accessed on 08.02.2018] Bejtlich R., (2004) The Tao of Network Security Monitoring, Pearson Education Inc. Second printing 2004 Boehemer W., Cost-benefit trade-off analysis of an ISMS based on ISO 27001, 2009 International Conference on Availability, 141 �Reliability, and Security, pp 392 – 399, IEEE Conference Publications. Brotby W. K., Bayuk J., Coleman C.,Leonardo V.,Henning R. R., Katz Stephen R., Malik W., Parulekar Y., Schwartz E., Tester D., Vael M., (2006) Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Edition, IT Governance Institute, Available from: http://www.isaca.org/KnowledgeCenter/Research/Documents/Information-Security-Govenancefor-Board-of-Directors-and-ExecutiveManagement_res_Eng_0510.pdf [Accessed on 25.07.2018] Brotby W. Krag (2009), Information Security Management Metrics, A definitive Guide to Effective Security Monitoring and Measurement, CRC Press. Brunner J., 1975, The Shockwave Rider, Harper & Row, 1975 Businesstopia, Avaialble at: https://www.businesstopia.net/communication/shannon-andweaver-model-communication [Accessed on 19.10.2018] Cain & Abel (2018), Available from: http://www.oxid.it/cain.html [Accessed on 25.04.2018] Calder Alan and Watkins Steve, (2007) Information Security Risk Management, IT Governance Publishing 2007 Calder Alan and Watkins Steve, (2006) International IT Governance, An executive Guide to ISO 17799 / 27001, Kogan Page 2006 Calder Alan (2006), implementing Information Security based on ISO 27001 / ISO 17799 – A Management Guide, Van Haren Publishing 2006 142 �CEH 2018, Available at: https://www.eccouncil.org. [Accessed on 25.04.2018] CERT vulnerability statistics (2008), Available http://www.cert.org/stats/vulnerability_remediation.html [Accessed on 25.04.2008] from: Charles Joseph Minard, Napoleon's Retreat from Moscow (The Russian Campaign 1812-1813), 1869, Available at: http://www.masswerk.at/minard/, [Accessed on 27.06.2013] Chartered Institute of Internal Auditors (2014), Risk based internal auditing, Available from: https://global.theiia.org/standardsguidance/topics/documents/201501guidetorbia.pdf [Accessed on 25.07.2018] Chevallier, V. (1871) Notice necrologique ´ sur M. Minard, inspecteur gen´ eral ´ des ponts et chaussees, ´ en retraite. Annales de Ponts et Chaussees ´, 2(Ser. 5, No. 15):1–22, 1871. Chew Elizabeth, Clay Alicia, Hash Joan, Bratol Nadya, Brown Anthony, Guide for Developing Performance metrics for Information Security, NIST Special Publication 800-80, 2006 Cimpanu C., 2018, Europol Shuts Down World's Largest DDoS-forHire ServiceEuropol Shuts Down World's Largest DDoS-for-Hire Service, Available from: https://www.bleepingcomputer.com/news/security/europolshuts-down-worlds-largest-ddos-for-hire-service/ [Accessed on: 07.05.2018] CISA (2015) Review manual 26th Edition, ISACA, 2015, ISBN 9781-60420-367-7 Cisco (2018), VPN Services, Available from: https://www.cisco.com/c/en/us/products/security/vpn-endpointsecurity-clients/what-is-vpn.html, [Accessed on: 07.05.2018] 143 �Cisco Remote Monitoring 2018, Available from: http://docwiki.cisco.com/wiki/Remote_Monitoring [Accessed on: 07.05.2018] Clinton Email Investigation Timeline, 2018, Available from: http://www.thompsontimeline.com/tag/justin-cooper/ [Accessed on 24.07.2018] Comey Letter, 2016 Oct. 28 FBI letter to congressional leaders on Clinton email investigation, Available from: https://www.washingtonpost.com/apps/g/page/politics/oct-28-fbiletter-to-congressional-leaders-on-clinton-emailinvestigation/2113/ [Accessed on 01.06.2018] CNN 2016, Available from: https://edition.cnn.com/2016/10/28/politics/hillary-clinton-emailtimeline/index.html [Accessed on 31.05.2018] Cowing J., Ransomware Are You Prepared?, 2018, Available from: http://m.isaca.org/chapters2/sanFrancisco/events/Documents/Ransomware%20ISACA%202018-628%20V0.1.pdf [Accessed on 24.10.2018] Deep and Dark Web (2018), Available from: https://www.thedarkwebsites.com/ [Accessed on 07.05.2018] Donkey (2018) https://www.emuleproject.net/home/perl/general.cgi?l=1 [Accessed on 17.07.2018] Dualcomm, Available from: https://www.dualcomm.com/product-page/dual-gbe-copper-andfiber-network-tap [Accessed on 07.06.2018] Eisenberg T., Gries D., Hartmanis J., Holcomb D., Stuart L. M., Thomas Sant oro The Cornell Commission:On Morris and the Worm, ]une 1989 Volume 32 Number 6 144 �English Oxford Dictionaries, 2018 Available from: https://en.oxforddictionaries.com/definition/fraud [Accessed on 24.07.2018] Ethernet, 2018, Available from: https://www.electronicsnotes.com/articles/connectivity/ethernet-ieee-802-3/cables-typespinout-cat-5-5e-6.php [Accessed on 12.07.2018] Ethernet IEEE 802.3 Standards, 2018 Available from: https://www.electronics-notes.com/articles/connectivity/ethernetieee-802-3/standards.php [Accessed on 12.07.2018] eTOM, 2018, Available from: https://www.tmforum.org/businessprocess-framework/ [Accessed on 12.10.2018] Everest D., Garber R. E., Keating M., Peterson B., 2008, Business Continuity Management, Global Technology Audit Guide (GTAG) https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%2 010%20-%20Business%20Continuity%20Management.pdf Eyerys, Authorities Shut Down One of the World's Largest DDoSFor-Hire Service, Available from: https://www.eyerys.com/articles/timeline/authorities-shut-downone-worlds-largest-ddos-hire-service?page=4#event-a-hrefarticles-timeline-one-fifth-all-enterprise-applications-were-borncloudone-fifth-of-all-enterprise-applications-were-born-in-thecloud-a, [Accessed on 25.04.2018] Featherly K., ARPANET UNITED STATES DEFENSE PROGRAM, Available from: https://www.britannica.com/topic/ARPANET, [Accessed on 25.04.2018] FOX NEWS, 2016, Available from: http://www.foxnews.com/politics/2016/09/02/timeline-clintonemail-server-setup.html Gibson W., Neuromancer, Ace; 1st edition (July 1, 1984) 145 �Gourley Bob (2014) The Cyber Threat: Know the threat to beat the threat, Sep 3, Amazon Digital Services LLC Gregory H.Peter (2016) CISA Certified Information Systems Auditor All-in-One Exam Guide, Third Edition, McGraw-Hill Education; 3 edition (October 26, 2016) Hajdarevic K., Allen P., A New Method for the Identification of Proactive Information Security Management System Metrics, MIPRO 35 Proceedings of the 35th International Convention, Publication Year: 2013, IEEE Conference Publications. Hajdarevic K., Kozaric K., Hadzigrahic J., Architecture and Infrastructure for Governing Information Security in Central Banks, Journal of Central Banking Theory and Practice, Volume 1, Number 2, pp. 5-17, October 2012. Hajdarevic K., Pattinson C., Kozaric K., Hadzic A., Information Security Measurement Infrastructure for KPI Visualization, MIPRO 35 Proceedings of the 35th International Convention, Publication Year: 2012, Page(s): 1543 – 1548, IEEE Conference Publications. Henckler Aron, Waterfall Charts using Excel, Available at: http://chandoo.org/wp/2009/08/10/excel-waterfall-charts/ [Accessed on 24.11.2012] History of the Web, World Wide Web Foundation, Available at: https://webfoundation.org/about/vision/history-of-the-web/ [Accessed on 12.06.2018] IIA Position Paper: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL, JANUARY 2013, Available at: https://na.theiia.org/standardsguidance/Public%20Documents/PP%20The%20Three%20Lines%2 146 �0of%20Defense%20in%20Effective%20Risk%20Management%20a nd%20Control.pdf [Accessed on 23.02.2018] InetDaemon, Available at: https://www.inetdaemon.com/tutorials/basic_concepts/communic ation/frames_packets_n_pdus.shtml [Accessed on 23.09.2018] Ademu I. O., Imafidon C. O., Preston D. S., A New Approach of Digital Forensic Model for Digital Forensic Investigation, (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 2, No.12, 2011 Iasiello E., Cyber Attack: A Dull Tool to Shape Foreign Policy, Available at: https://ccdcoe.org/cycon/2013/proceedings/d3r1s3_Iasiello.pdf [Accessed on 23.09.2018] Internet Protocol Version 6 (IPv6) / IP Next Generation (IPng), Available at: http://tcpipguide.com/free/t_InternetProtocolVersion6IPv6IPNext GenerationIPng.htm [Accessed on 23.02.2018] IPPM, 2018, Available https://datatracker.ietf.org/wg/ippm/documents/ [Accessed 12.07.2018] at: on ISACA (2008) in Information Security Governance: Guidance for Information Security Managers ISACA (2012) COBIT 5, Available https://www.isaca.org/COBIT/Documents/COBIT5Introduction.ppt [Accessed on 20.07.2018] at: ISO 27001:2013 Information technology – Security techniques – information Сеcurity Managamanet System – Requirements, Second edition 2013-10-01, ISO IEC 147 �ISO 27005 ISO 27005:2008 Information technology – Security techniques – information security management, first edition 200806-15, ISO IEC ISO 7498:1984, Information processing systems – Open Systems Interconnection – Basic Reference Model, Available at: https://www.iso.org/standard/14252.html [Accessed on 20.07.2018] LoBianco T., 2016, FBI releases notes from Clinton email investigation, September 24, 2016https://edition.cnn.com/2016/09/23/politics/fbi-investigationhillary-clinton-emails/index.html Jaquith Andrew, Security Metrics, Replacing Fear, Uncertainty, and Doubt. Addison-Wesley, 2009 [Accessed on 23.07.2018] John the Ripper (2018) Available http://www.openwall.com/john/ [Accessed on 08.05.2008] at: Kalvapalle R, 2016 Available at: https://globalnews.ca/news/3035703/hillary-clinton-email-scandaltimeline/ [Accessed on 08.05.2008] Kismet (2018), Available from: https://www.kismetwireless.net/ [Accessed on 08.05.2008] KPMG, Value For Money, Available from: https://home.kpmg.com/sg/en/home/services/advisory/riskconsulting/internal-audit-services/value-for-money.html, [Accessed on 08.10.2018] Krishna N. Das, Ruma Paul, Exclusive: Bangladesh probes 2013 hack for links to central bank heist, Available at: https://www.reuters.com/article/us-cyber-heistbangladesh/exclusive-bangladesh-probes-2013-hack-for-links-tocentral-bank-heist-idUSKCN0YG2UT [Accessed on 08.05.2018] 148 �Krishna N. Das, and Jonathan Spicer, 2016, How millions from the Bangladesh Bank heist disappeared, Available at: https://www.reuters.com/article/us-cyber-heist-philippines/howmillions-from-the-bangladesh-bank-heist-disappearedidUSKCN1011AT [Accessed on 08.05.2018] LaFraniere S., Californian Who Unwittingly Aided Russian Election Interference Gets 6 Months in Prison, Avaialble at: https://www.nytimes.com/2018/10/10/us/politics/richard-pinedosentencingmueller.html?rref=collection%2Fnewseventcollection%2Frussianelectionhacking&action=click&contentCollection=politics&region=stream &module=stream_unit&version=latest&contentPlacement=9&pgt ype=collection [Accessed on Oct. 10, 2018] Lee T. B. 2013, Everything you need to know about the NSA and Tor in one FAQ, Available at: https://www.washingtonpost.com/news/theswitch/wp/2013/10/04/everything-you-need-to-know-about-thensa-and-tor-in-one-faq/?noredirect=on&utm_term=.815bf3f47636, October 4, 2013, [Accessed on 08.07.2018] Lord N., 2018, A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time, April 6, 2018, Available at: https://digitalguardian.com/blog/history-ransomware-attacksbiggest-and-worst-ransomware-attacks-all-time [Accessed on 24.07.2018] Mason B. (2017), The Underappreciated Man Behind the “Best Graphic Ever Produced,” Available at: https://news.nationalgeographic.com/2017/03/charles-minardcartography-infographics-history/ [Accessed on 12.06.2018] Maswerk, (2013), Available at: http://www.masswerk.at/minard/ [Accessed on 10.06.2018] 149 �Mar S., Johannessen R., Coates S., Wegrzynowicz K., Andreesen T., Global Technology Audit Guide (GTAG®) Information Technology Risk and Controls, IPPF – Practice Guide, March 2012 Available: at: https://chapters.theiia.org/montreal/ChapterDocuments/GTAG%2 01%20%20Information%20technology%20controls_2nd%20ed.pdf [Accessed on 16.06.2018] Mitchell B. 2018, Gnutella P2P Free File Sharing and Download Network, Updated February 06, 2018 https://www.lifewire.com/definition-of-gnutella-818024 [Accessed on: 22. 07. 2018] Mission Assurance, 05.04.2000 http://www.hq.nasa.gov/office/codeq/pra.pdf 23.07.2013] Available [Accessed at: on Mueller P. and Yadegari B., The Stuxnet Worm, Available from: https://www2.cs.arizona.edu/~collberg/Teaching/466566/2012/Resources/presentations/2012/topic9-final/report.pdf [Accessed on: 12. 06. 2018] Napster, (2018) Available at: https://www.reddit.com/r/nostalgia/comments/1v98nm/downloa ding_songs_on_napster_with_a_56k_modem/ [Accessed on 23.05.2018] Nimonik (2018) Available at: https://nimonik.com/help/associatea-company-or-public-template-to-a-facility/ [Accessed on 23.05.2018] Norman J, 2018, Norbert Wiener Issues "Cybernetics," the First Widely Distributed Book on Electronic Computing http://www.historyofinformation.com/expanded.php?id=850 [Accessed on 12.06.2018] 150 �Nmap/Zenmap (2018), Available: at: https://nmap.org/zenmap/ [Accessed on 12.07.2018] Nuangjamnong C., Maj S. P., Veal D., The OSI Network Management Model- Capacity and Performance Management, Proceedings of 4th IEEE International Conference on Management of Innovation and Technology . ICMIT 2008. (pp. 1266-1270). Bangkok, Thailand. IEEE Overview of TMN Recommendations, Telecommunications management network M.3000–M.3599 (02/2000), ITU 2001. Available at: https://www.itu.int/rec/T-REC-M.3000-200002-I/en [Accessed on 23.05.2018] Probst W. C., Hunker J., Bishop M., Gollmann D. Insider Threats in Cyber Security (Advances in Information Security), Springer; 2010 edition (August 10, 2010) Passive and active attacks, SECURITY CONCEPTS FOR CORPORATE NETWORKS, Available from: http://www.tc11.unifrankfurt.de/CONF/SEC94/roppl.html [Accessed on 08.05.2008] Paul, December 28, 2014 20:39 New Clues in Sony Hack Point To Insiders, Away from DPRK, Available from: https://securityledger.com/2014/12/new-clues-in-sony-hack-pointto-insiders-away-from-dprk/, [Accessed on: Friday, March 9, 2018] Pelkey J., (2007) Transmission Control Protocol (TCP) 1973-1976, Available from: http://www.historyofcomputercommunications.info/Book/6/6.4TransmissionControlProtocol(TCP)73-76.html, [Accessed on: 18.06.2018] Pelkey J., (2007) Chapter 9 Standards: 1979-1984, ISO/OSI (Open Systems Interconnection): 1979 - 1980, Available from: http://www.historyofcomputercommunications.info/Book/9/9.5_I 151 �SO-OSI-OpenSystemsInterconnection-79-80.html, [Accessed on: 12.06. 2018] Reuters (2016), UPDATE 3-Bangladesh central bank governor resigns over cyber heist, Available from: https://www.reuters.com/article/usa-fed-bangladeshresignation/update-3-bangladesh-central-bank-governor-resignsover-cyber-heist-idUSL3N16N3MB, [Accessed on: 12.06. 2018] Rouse M., Available from: https://searchdisasterrecovery.techtarget.com/definition/businesscontinuity [Accessed on: 12.06. 2018] Ruma P., (2018), Bangladesh to sue Manila bank over $81-million heist, Available from: https://www.reuters.com/article/us-cyberheist-bangladesh/bangladesh-to-sue-manila-bank-over-81million-heist-idUSKBN1FR1QV, [Accessed on: 12.06. 2018] Sahin T., x Omidyar 1988, ;Bauman T.M., 1988, Telecommunications management network (TMN) architecture and interworking designs, May 1988, Page(s): 685 - 696, IEEE Journal on Selected Areas in Communications ( Volume: 6, Issue: 4, May 1988 ) SamSpade, Available http://www.majorgeeks.com/files/details/sam_spade.html [Accessed on 23.05.2018] at: Sandwith L. 2006 Does Internal Audit have an effective game plan to address fraud? Available at: https://www.iia.org.uk/media/1688757/1-internal-audit-gameplan-l-sandwith-.pdf [Accessed on 23.10.2018] Scott E., 2015, Hillary Clinton on emails: “The facts are pretty clear,” Available at: 152 �https://edition.cnn.com/2015/07/25/politics/clinton-confidentnever-sent-classified-emails/index.html, [Accessed on 23.05.2018] Shaban Hamza, Global police just shut down world’s largest marketplace that allegedly disrupted millions of sites, Available from: https://www.washingtonpost.com/news/theswitch/wp/2018/04/25/global-police-just-shut-down-worldslargest-marketplace-that-allegedly-disrupted-millions-ofsites/?noredirect=on&utm_term=.924b110f7630 [Accessed on: Monday, April 9, 2018] Shannon, C.E., & Weaver, W. (1949). The mathematical theory of communication. Urbana: University of Illinois Press. Silver N., The Comey Letter Probably Cost Clinton The Election, Available from: https://fivethirtyeight.com/features/the-comeyletter-probably-cost-clinton-the-election/ [Accessed on: April 5, 2018] Spremić, M, Sigurnost i revizija informacijskih sustava u okruženju digitalne ekonomije, Mario Spremić, 2017, ISBN: 978-953-346-037-6 Stuxnet, Symantec, July 13, 2010, Available from: https://www.symantec.com/security-center/writeup/2010-0714003123-99 [Accessed on: 18. 07. 2018] Stamatelatos Michael, Probabilistic Risk Assessment: What Is It and Why Is It Worth Performing It, NASA Office of Safety and Stoneburner Gary, Goguen Alice, and Feringa, Risk Management Guide for Information Technology Systems, NIST, 2002 Available at: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf [Accessed on 24.11.2012] Syed Aakhtar and Syed Aafsar, Business Continuity Planning Methodology, Sentryx, 2004 153 �TCP/IP Internet Protocol, 1981, Available from: https://www.livinginternet.com/i/ii_tcpip.htm, [Accessed on: 18. 06. 2018] Techopedia (2018), Information Systems Security (INFOSEC), 2018, Techopedia, Available from: https://www.techopedia.com/definition/24840/informationsystems-security-infosec, [Accessed on: 12. 06. 2018] The Smoking Gun, 2013, Available http://www.thesmokinggun.com/buster/sidneyblumenthal/hacker-distributes-memos-784091 [Accessed 23.05.2018] at: on Thomson I., 2016, Meet the malware that screwed a Bangladeshi bank out of $81m, Available at: https://www.theregister.co.uk/2016/04/25/bangladeshi_malware_s crewed_swift/ [Accessed on 02.05.2018] Toigo Jon William, Disaster Recovery Planning Preparing for the Unthinkable, Prentice Hall PTR 2003. TOR (2018) Available https://www.torproject.org/about/overview, [Accessed 23.05.2018] at: on Vasudaven Vinod, Anoop Mangla, Application Security in the ISO 27001 Environment, IT Governance LTD 2008 Vacca R. J., (2013) Cyber Security and IT Infrastructure Protection 1st Edition, Syngress; 1 edition (August 22, 2013) Vigila M., Buchmann J., Cabarcasb D., Weinerta C., Wiesmaierc A., Integrity, authenticity, non-repudiation, and proof of existence for long-term archiving: A survey, Computers & Security Volume 50, May 2015, Pages 16-32, Elsevier 154 �Vijayan Jaikumar, (2014), Available at: https://www.computerworld.com/article/2487425/cybercrimehacking/target-breach-happened-because-of-a-basic-networksegmentation-error.html [Accessed on 23.04.2018] Von Neumann, J., Burks, Arthur W., Theory of self-reproducing automata, Urbana, University of Illinois Press, 1966 Watkins W. (2014), Condition, Criteria, Cause and Effect of Internal Auditing, Available at: https://www.iiafiji.org/resources/bbc5020b-a5ab-4388-b63383813515c797.pdf [Accessed on 24.04.2018] Wireshark (2018) Available at: [Accessed on 01.07.2018] https://www.wireshark.org/, Wikipedia (2018) Timeline of computer viruses and worms, Available at: https://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and _worms [Accessed on 01.07.2018] Wong Caroline, Security Metrics: A Beginner’s Guide, McGraw Hill, 2012 (x.200. 1995), Data Networks and Open System Communications, Open Systems Interconnection - Model and Notation, International Telecommunication Union Yixi, Guo; Hui, Guan, Research on Method of Metrics for Information Ferry in Secret Intranet, International Conference on Intelligent Computation Technology and Automation (ICICTA), 2011 ZAP 2018, Available https://www.owasp.org/index.php/File:ZAPScreenShotHistoryFilter.png [Accessed on 23.05.2018] at: 155 �Zurcher A., (2016). “Hillary Clinton emails - what's it all about?,” Available at: https://www.bbc.com/news/world-us-canada31806907 [Accessed on 12.06.2018] Overview of Digital Forensics, Available at: https://www.isaca.org/KnowledgeCenter/Research/ResearchDeliverables/Pages/overview-of-digitalforensics.aspx, [Accessed on 12.06.2018] 156 �157 �Index A Access control Access control to program source code Active attack Administrator and operator logs Applications Architecture Artificial Assessment Asset Attacker Attributes Audit Audit logging Authenticity Availability B Broadcast Business Continuity Business continuity and risk assessment Business continuity management Business continuity planning framework C Capacity management Capacity management Change control procedures Change management Clock synchronization COBIT Communication Communications and operations management 158 Compliance Computer Confidentiality Continuity Control of internal processing Control of operational software Control of technical vulnerabilities Controls against malicious code Controls against mobile code Countermeasure Crypto D Denial of service Developing and implementing BCP including information security Disaster DMZ Distance vector E Electronic Electronic messaging Electronic commerce Equipment identification in the network Encryption Escalation F Fault Fault logging Firewall Forensic FTP �G Gap analysis Goal, Goals H Hardware Human Human resources HRA HTTP I Incident Including information security in the BCM process Information access restriction Information Backup Information security Information security incident management Information systems acquisition, development and maintenance Infrastructure Input data validation Integrity Interruption Intrusion detection IP address IPX ISMS ISO 27000 ITIL Management, Media Message integrity Metric, Monitoring system use N Network Network controls Network connection control Network layer Network routing control NMS Non-Reputability O OID On-line transactions Output data validation P Key management KPI Passive attack Password management system Performance Physical and environmental security Policy on the use of cryptographic controls Policy on use of network services Privilege management PRA Proactive Procedure Protection of information systems audit tools Protection of log information Protection of system test data Protocol Publicly available systems L Q K Likelihood Limitation of connection time Link state Local area networks QoS Quality Qualitative Quantitative M R MAC address Recovery Regulation of cryptographic controls 159 �Regulatory Remote diagnostic and configuration port protection Responsibilities and procedures Restrictions on changes to software packages Review of user access rights Risk Risk management Router RTGS Unicast UPS Use of system utilities User authentication for external connections User identification and authentication User password management User registration Utilities S Virus Virtual Private Network, Visualisation VPN Vulnerability SABSA Secure disposal Secure log-on procedures Security Security of network services Security of system documentation Security requirements analysis and specification Segregation in networks Separation of development, test and operational facilities Server Session time-out SMTP SNMP Software Spyware SQL Switch SYN System acceptance T TCP / IP Technical compliance checking Technical review of applications after operating system changes Terminal Testing, maintaining and reassessing business continuity plan Threat Trojan U UDP 160 V W WAN Web Wide area networks Wireless Worm X XML Z Zotob �About author Kemal Hajdarevic PhD received B.Sc. from Faculty of Electrical Engineering, University of Sarajevo, Bosnia and Herzegovina, M.Sc. and PhD from Leeds Metropolitan University / Leeds Beckett University, Leeds, UK. He is currently working at the Central Bank of Bosnia and Herzegovina as a Senior Internal Auditor for information Security and IT projects, and he has a teaching position at the Faculty of Electrical Engineering, University of Sarajevo, and International Burch University, Sarajevo, Bosnia and Herzegovina. He teaches Computer Communication and Networks, Network Management, IT Governance, Computer Modelling and Simulations, Ethical Hacking, and Digital Forensics. He is a licensed radio amateur with call sign E71HK. 161 ��Colin Pattinson: “As business organisations of all types and sizes place greater dependence on their information technology to provide their core operational requirements, it is sadly inevitable that there is a growth in the number of malicious individuals attempting to exploit that dependency, whether by unauthorised access to resources, theft of data or by making the systems unusable for their required purpose. Defence against attacks like these, and the many other ways in which systems or information can be compromised, is invaluable, but needs careful planning combined with the tools, knowledge and techniques to carry out those plans. This book explains how those plans should be developed and provides the means by which they can be carried out. It begins from the fundamental basis that knowledge about how any system is configured and how it is behaving are fundamental to the ability to control and manage. The second significant requirement for defence is to know what an opponent is capable of. Identifying which of the potential threats might be realised then leads to an audit of the system to determine the real threats and any gaps in defences. This book covers each of those stages in a logical and thorough manner. After an explanation of the range and types of network and communications technologies likely to be encountered, the book then discusses the potential threats, supported by informative actual cases to show that these are not simply abstract concepts, but that real organisations have suffered real losses though security breaches. The book then provides the reader with the necessary tools and techniques to assess and manage the risks, ending with a comprehensive discussion of the design and conduct of a full cyber security audit, addressing all levels of a typical business IT system. Structured tutorial / revision questions support each chapter, allowing the reader to reinforce their learning at each stage, before moving on to the next chapter. Alternative pathways through the book are identified to allow readers to develop their particular specialist interest. This book meets a demand which is certain to increase in importance in the years to come. Mario Spremic: “As there are not so many quality publications in this area, especially the books like this one with holistic (technology, management, regulation, etc.) approach to cyber security and information system auditing, I do recommend this book for students, researchers and practitioners to gain fundamental knowledge and understanding and broaden their horizons.” 1 � Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3776 Title A name given to the resource Cyber Security Audit in Business Environments Author Author Hajdarevic, Kemal Abstract A summary of the resource. Everyday reports reveal numerous cyber security incidents, while many more are never uncovered due to the risk of jeopardising the reputation of the attacked systems. One definition of risk of this sort is: “feasible determinable outcome of an activity or action subject to hazards” (Stamatelatos, 2000). A more holistic and comprehensive definition, which is available in the NIST Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessment, defines risk as: „Adverse impact(s) that could occur... to organisational operations (including mission, functions, image, reputation), organisational assets, individuals, other organisations... due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems.“ As such, databases, as the active and passive components of computer networks and the building blocks of computer infrastructures, became a point of focus for every business in the world. Unlike 30 years ago, many households nowadays rely on Internet access and available services to support their everyday life. The Internet and World Wide Web (WWW) resources are accessible through various web browsers. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Book PeerReviewed T Technology (General) https://omeka.ibu.edu.ba/files/original/9479c736ca79c280407f40ac4e8a695a.pdf afdbaf6dabe9bf7cdabec1e08fd0ecbe Dublin Core The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/. Extent The size or duration of the resource. 3775 Title A name given to the resource How Does Lending from Commercial Banks Impact Performance of Small Enterprises: A Case Study of District Hafizabad, Pakistan Author Author Janjua, Azhar Ali Hayat, Muhammad Azmat Aslam, Muhammad Abstract A summary of the resource. Abstract: This study examines the impact of lending from commercial banks on performance of small enterprises. Financial data of forty business entities of district Hafizabad have been collected from commercial banks, for the period of 2005 to 2013. “Net profit” in the first model and “sales” in the second model are used as dependent variables. Working capital, accumulated profit, net-worth and lending/financing amount are used as independent variables. The study suggests: Firstly, banks’ lending positively affects the performance of small enterprises. Secondly, financing amount illustrates positive effect on net profits of the firms. Thirdly, the preferred amount of lending to small enterprises is less than two million PKR. Publisher An entity responsible for making the resource available International Burch University Date A point or period of time associated with an event in the lifecycle of the resource 2018 Keywords Keywords. Article PeerReviewed DOI Digital object identifier doi: "10.14706/JECOSS18811 " Identifier An unambiguous reference to the resource within a given context ISSN 1986-8499, HB Economic Theory