COM7005

Information Security Strategy Development:

Assignment Part 1:
Information Security Strategy Development:
Assignment Part 1:
1. Internal and external threats to electronic assets and how to thwart these threats:
A lot of companies do not know about the problems that are present in the company. It should be
necessary to know and realize the problems that are present in the company. In 2015, many
cyber-attacks cause a lot of loss. Cyber threats are the problems in computers by hackers, they
spread viruses into your computers and collect your data from your computer. It is an example of
inner damages and it is very difficult to know about the internal threats. You should be aware of
your workers and management that they are not giving any damage to you and your company.
Your company workers can release your information and it will be very harmful to the company.
It is considered a major mistake to give complete information and provide all resources of the
company to any employee. Some necessary data should be provided to company workers. This
policy is very helpful to avoid internal risks. Which information and data are necessary to work
for a worker can be provided and limited information is given to the employee? Many other
issues are present that are the causes of damage. Many websites and viruses are present which
are used to attack any websites to damage any website and steal data. In the internet world, your
data is not safe because many hackers are present that create many software’s and websites to
harm. You can protect your data from malicious websites by using different methods and using
proper websites. By using the filtering process, you can decrease the chance of loss and chances
of cyber threats, and you can control your employee. In this case, your employee is not free to
leak your information.
It is considered a very important mistake to send all emails into the inbox of users. First filters
the emails to decrease the chances of any interruption and any attacks. By filtering it you can
avoid macro viruses. Hackers hack the computer of an important person that has many pieces of
information about the company. The scanning system is used to decrease and from avoiding loss
from malicious emails. It is a very unique and easy process to handle these issues. You can use
this process and find the person who leaks the data.
External Threats:
External problems are also present in all types of businesses. But these are not more harmful than
the internal problems. In some cases, it will be very dangerous and harmful. The hackers use the
internal source to get information and to leak any data, by using this technology they reached the
target point and access. Any internal source is necessary to hack any website and to open a
website, the hackers used internal threats to collect information. Education and proper training
are necessary to decrease the risks. It is very important for a person working in the company to
be aware of the risks and hackers. The degree and proper education are not necessary for
common threats. Financial issues and legal liabilities are a threat to a company. It is the type of
risk from the outsider but outsiders use insider. The tracking system is used to track the internal
problems and hackers the internal hackers tracked very easily. It is very necessary to choose the
right path and select the best websites and if any problem is present then solve it very quickly. If
you can solve the problems very quickly you can avoid more losses.
What is the best protection?
Protection is necessary to protect your data from hackers. Monitoring is the best way to protect
data. It is necessary to have good management and have a good monitoring system, if some
internal threats are present you can know about them very easily. In this case, if you have the
best monitoring system the chances of risks decrease. Be aware of the risks and the internal
threats. By using the best technology and best monitoring system you can stop hackers to hack
and stop them to leak any information (Abomhara, 2016. p. 77).

2. Legalities of computer forensic phases and impact of legal requirements on overall

information security policy
Cyber services and electronic devices like mobile phones are used to investigate crime.
Computer forensics experts are the best to collect deleted data or damaged data from any
electronic device. It is a very tough process and a tough job because in this work it is necessary
to collect data very quickly. In this job, many skills are required about the computer and cyber-
attacks. A proper degree related to the computer is necessary for computer forensics experts. If
you want to become a computer forensics expert you should improve your skills and it is
necessary to have a master's degree in cybersecurity. Your typing skills must be very fast,
information about work is necessary and you have a clear mind. Documenting and reporting is
very important for computer forensics specialist. The best policy and best management are
required in this work. A person who is professional in his work can work as a computer forensics
expert. It is very important to have all these qualities which we discussed above. Proper
electronic devices and proper hardware and software are necessary for this work. If you use the
best software and hardware, you can work perfectly (Selamat, 2008, p. 175).
3. Boundaries between different services models and operational translations and
analyses associated risk:
Services models and operational translations are similar in many ways but they differ from
each other in working process. In the previous few years, standard data is written in YANG
modeling language for the combination. It is used in the monitoring system and to control
monolithic functions. An example of YANG modeling language is RFC7223. It works on the
base of a hierarchical tree-based structure. YANG modeling language is a data modeling
language and for protocol. NETCONF is used to install or used to delete data from the device.
There are many types of YANG models like a private model, hybrid model, open model, etc.
This model is used to send any information from one device to other and it is used in installing
process. It is also used in the online system and used in paper-driven services. Software defines
networking as a technology used to improve and increase monitoring skills. Three layers are
present in a software-defined network, the application layer, the control layer, and the
infrastructure layer. The nodes are present like leaf nodes and container nodes. The proper proof
is not present that this model provides proper information to the customers (Yusoff, 2011, p. 28).
4. Access control strategy:

Use of information security strategy to provide consultation and coaching through

reporting and communication in a company:

Information security strategy is vital for the management of security risks Information security
strategy is one of the latest and efficient way to provide coaching and consultation via
communication and consultation. Security consultation must include latest ways to assess the
risks at specific time to avoid the harms of security threats. It guarantees precision of the
planning and strategy. It assesses the expenses and security in an accurate way. IT roadmap
should be saved from the danger of systematic information security attacks. There are following
steps that are included in the process of the use of reactive information security strategy to
provide consultation and coaching through reporting and communication in a company:

 Planning of going forward in security strategy development.

 Defining criteria for the initiation of the planning of a project.
  Efficient and readily response of the company to its cyber security attacks is one of the
most important step that should be taken by the company. It helps the company to assess
and eliminate security threats of the company.
 Setting up path through which the ultimate aim can be achieved via efficient planning.
 Analysis of cost and profits are done via information security strategy to assess the
performance of a company. This analysis help the employees to work at week aspects of
the company by making strategies by communicating with each other.
 Analyzing risks and threats via information security in discussions and coaching has
become one of the leading step to provide consultation to the employees of a company.
 Assessment of criteria and ways through which security attackers can penetrate security
architecture of a company is also an efficient way to save the company from security
attacks.
 Design for the solution of security of the company are also important for handling goals
of the business (Bell, 2008, p. 465).
5. Computer media for evidentiary purposes and root cause analysis:

Technology has changed almost every aspect of life. Computer media is one of the major part
of IT and Simulations and animations generated by computers have proved to be very helpful for
the understanding of complex issues that cannot be identified directly by human being.
Simulations and animations are the sources of efficient evidences that help jurors to find out
solutions of very complex cases. So, the decision making becomes easier for the jurors.
Decisions in courts decide the lives of the people. So, these decisions must be accurate and
authentic. Clarity and justice should be assured to make society free from crimes and injustice.
For that purpose computer media is considered as godfather of this era. There are specific
limitations of these evidences that can distract the jurors. But these limitations are known by the
jurors. So, they must act according to the security information through which they can make
accurate decisions. These computer tools can affect the jurors more than expected. So, the jurors
should not be influenced so much by the latest technology.

The courts should know the difference between the standards of admissibility of simulation
and animation. Animations are mostly used for demonstrative purposes. It provides proofs in the
form of visual aids that provide clear evidences. Visual aids also provide witness for court cases.
Simulations are considered as functional evidences. Simulations models are computer generated
models that are based on the principles of Science. While animations provide facts and figures
that can help to evaluate the cases in efficient way. It assures accurate decisions. The courts must
consider the foundational requirements for both the animations and simulations. Animations are
mostly used for demonstrative purposes. It provides proofs in the form of visual aids that provide
clear evidences (Coetzee, 2007, p. n.a.).

6. Development of information security policies by using relevant standards, best

practices and legal requirements:

Information security policies are aimed to protect companies from physical and technical losses
to its assets. It is also responsible for providing the employees of the companies with clear
instructions and information that describes the ways through which resources of data can be
secured. These guidelines and instructions can be changed with the demand of time.

Identification of vulnerabilities via risk assessment is the first and most important step in
developing policy for information security. Information security policies are vital for companies
because these policies help employees to understand and manage confidential information
security. These information should be provided to every individual of the company for its
development. There are some information that should be protected and secured. It should be
decided that who should get these information and who should not get it. Moreover, it should
also be decided that where should it be saved and located. Anti-virus programs and password are
the essential parts of the policies. It is also decided that which parts of the information should be
present in hard copies.

Staff members of the policy makers are responsible for making policies. Dedicated
security groups are also assigned with the task of making policies for information security.
Mostly, ad hoc approach is used by a huge number of companies to develop information security
policies. Malware and virus attacks are the most common dangers for information security.
Organized crimes can deteriorate those large companies that don’t have any efficient information
security policy. Larger organizations are often targeted more than the smaller companies
(Jackson, 1995, 250).

7. Brief security strategy that suits workplace and its business environment:
Strategic plans are vital for the development of the different organizations and companies. The
time when action should be taken is the first and most important step for making security
strategy. After that possible risks are identified and assessed. Information security policies are
vital for companies because these policies help employees to understand and manage
confidential information security. These information should be provided to every individual of
the company for its development. There are some information that should be protected and
secured. It should be decided that who should get these information and who should not get it.
Moreover, it should also be decided that where should it be saved and located. Anti-virus
programs and password are the essential parts of the strategy. Safety of the password and anti-
virus programs are the most important steps in making strategy that suits business as well as
workplace. Moreover, there are following steps that should be taken to make an effective
strategy:

 The employees should be asked to maintain healthy environment inside the company.
Any misbehaves should be identified at once in order to stop further exaggeration
between the employees that can deteriorate the overall performance of the employees.
 Sticking to time is another technique to make a beneficial strategy for the development of
a company or business.
 Learning new things via Information technology and using them for the improvement is
another step that should be taken for the development of company and business (Rhodes-
Ousley, 2013, 897).

References:

Abomhara, M. and Køien, G.M., 2015. Cyber security and the internet of things:

vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, pp.65-

88.
Selamat, S.R., Yusof, R. and Sahib, S., 2008. Mapping process of digital forensic

investigation framework. International Journal of Computer Science and Network

Security, 8(10), pp.163-169.

Yusoff, Y., Ismail, R. and Hassan, Z., 2011. Common phases of computer forensics

investigation models. International Journal of Computer Science & Information

Technology, 3(3), pp.17-31.

Bell, E., Allen, R., Hogan, D. and Martinez, C., 2008. Why risk irrelevance? A translational

research model for adolescent risk-taking data. Journal of Youth Studies, 11(4), pp.461-471.

Coetzee, M. and Roythorne-Jacobs, H., 2007. Career counselling and guidance in the

workplace: A manual for career practitioners. Juta and Company Ltd.

Jackson, S.E. and Schuler, R.S., 1995. Understanding human resource management in the

context of organizations and their environments. Annual review of psychology, 46(1), pp.237-

264.

Rhodes-Ousley, M., 2013. Information security: the complete reference (p. 897). New York:

McGraw-Hill.