‫بسم هللا الرحمن الرحيم‬

Assessment two
SYBER CESURITY TRAINING/COMPLIANCE
DEPARTMENT
BY:DALIA ALKHATEEB

Exercise one:
There are many reasons to adopt ISO / IEC27001 in the e-
scooter company, including we found that its mobile
applications contain security flaws that put users' personal and
financial data at risk, therefore controls must be implemented
that address the specific risks they face to maintain the
confidentiality, integrity and availability of information assets.
Hackers can steal electric scooters and modifying the main
panels of bicycles by changing their custom programs and
preventing servers from connecting to bicycles, which made
these scooters their own, which leads to huge financial losses.
Hacker can modify the information to harm the company's
reputation when a strong security system is implemented that
makes us avoid many of the risks mentioned.

Exercise two: scope ISMS

 Mark developed the application and coded it himself from its
initial development until version 1.3, after the company grew,
contracting with new developers to develop new features.
App versions:
1.Google play store
2. IOS APPSTORE
The companies that deal with it:
1.Amazone web service: that worked to provide data storage
service
2. Bank IT : a company that provides an electronic payment
service, worked to put all the services it provides in one
platform.
Design:
Designed a safer enclosure for the motherboard without visible
screws, and more sensors were added to detect theft and
damage to motorbikes.
The network has two servers in the internal network
infrastructure:
1. a database server that stores company data such as
information stored by the human resources department and the
accounting department
2. Another server is used by the software development team.
There are also two main cloud servers that handle the back-end
operations of their application and a server. Their cloud
blockchain that stores all the information transmitted by the
sensors.

Exercise three:
The main goal of the company e-Scooter is the development
and growth in the work by creating their own application that is
easy to use and simplified, improving the user interface and
providing new features. Therefore, there must be instructions
for information security controls and the protection of
personally identifiable information by using the ISO / IEC27001
standard, and dealing with companies Reliable and eliminate
some features that could be exploited to cause harm and set
rules to prevent unauthorized access to data and develop
electronic payment services to expand their services throughout
the continental United States.
There are two sources for the company's compliance
requirements: 1. The Quality Assurance Team that reviews
application codes 2. The software development team that
accesses the basic code for previous versions of the application
as well as the current version code to review the old code when
adding new features.
The most important information assets for the company are
 1. the blockchain server because it contains many important
information such as location, battery level, time, end user, etc.
2. Developers to improve the user interface in the application
and create a smooth and easy experience for end users and
provide them with many new features for the special
application Company