Task 1:

Answer - ‘A’:
Most of people believe that information security strategic planning does no longer used now
“

a days because of the change in technical environment and it is most of the time considered
as a comprehensive part of defining requirements. But it is no true, as strategic planning is the
essential part of defining clear cut goals and the ways to achieve those goals. Strategic
planning specifies the long-term goals of the firm, the constraints and the directions
established that will guide to achieve the specified goals. It consists of the capabilities and
assets an organization has, and what more it should need to complete its goals. Following
aspects define the strategic planning made for our organization on the basis of keeping
different views in mind as described. ”

a. Executive summary
First of all, we should learn about the problems and issues we are facing currently in our
“

organization. In order to make an effective and advantageous security planning, all the risk
factors and issues must be identified correctly so that more the issues will be identified, the
stronger strategy could be built in order to overcome those issues and achieve the specified
goals of the firm. Info security faces different challenges as advanced attacks are now
becoming very common. These issues lead to develop more affective and strong strategic
plans in order to solve such issues and overcome the problems for smooth working of the
firm and the systems. First, we will identify all the problems like cost issues, resources, path
to achieve security goals and other tasks which effect those goals. Then we will build a
supportive and effective planning by keeping in sight all the mentioned issues and what
changes could be occur in future. We will work on different modules like risk assessment,
which includes identifying the risk factors, then risk management, then system testing to
check the security planning built is how much effective in actual terms. Then after planning
our security policy would be tested by testers which might be hired for sake of performing an
extra cross check in order to fully optimize and secure the information of the organization. ”

b. Vision
An organizational vision is general term related to the values of the firm or organization for
“

which the plan is being developed. It is related long term path or way to enhance the
reputation and stability of the firm by increasing achieving goals and performing at the stage
of specified goals.
Vision of our organization related to the information security is that the client is totally
ensured about providing their information and the organization provides high level of
protection of the information, their assets and the safety related to personnel. It is our motive
to maintain the safe as well as secure environment for the client’s business interest where he
can operate without any information leak fear. Secondly the vision our organization is to
build strong, innovative and multi-disciplinary teams to address contemporary and future
security or privacy challenges faced by government, industry and individuals. Our
organization will be acceptable in government, scientific and industry as well. ”
c. Mission
Mission is more specific statement as compared to vision as it is based on the issues solving
“

and removing the risk factors related to current situations of the firm. Our organization first
identifies all its issues and vulnerabilities related information risk factors, failures, lack of
resources, assets and time constraint issues and then properly define such problems before
specifying any objectives. The mission of the firm is specified on the basis of specific time
constraints like bringing the firm in top 50 firms assuring information protection and provide
solutions within given time requirements in provided budget. So, for supporting mission
statement in sort of information’s security includes; ”

 developing processes, procedures and policies would be followed for safety of

“

confidential information ”

 identification of security risk factors of information and systems would be made

“

possible to overcome these risks to such level acceptable for the firm ”

 security requirements would be defined based on applicable laws regulations, and

“

other best practices ”

 consultations with the security campus and the users are brought into practice for
“

strong evaluation of processes and products ”

 awareness of the users would be increased and the members by training and
“

communicational sessions in order to work according to specified constraints and

requirements for sake of minimize the information risk factors and build secure
systems ”

d. Values
Management doesn’t consider information security as much advantageous for the
“

improvement and success of IT firm, however if the investment is not properly aligned and
the assets required for the task/project is not specified, it may lead to failure and there might
be chances of information compromise. So, in order to overcome failure risk factors and
increases the chances of success, we add values by preventing and mitigating the risks. It is
vital for our business to protect our customers personal information. Following aspects more
define the values specified for the organization as following; ”

 Restricting access of the data to those who need it, this leads to enhance security and
“

lacks the risk of information leak factors”

 Always stay up to date with the software in order to avoid any sort of threats and
“

vulnerable activity. It’s a good approach to always keep your software up to date so
that latest features of software should be used which improve security and privacy ”

 Data is properly backed-up with different intervals as it always lead to secure the
“

important data so that in case of any threats if attack on the data, the valuable
information could be recovered and does not loss totally ”

e. Goals
Goals specified for the organization in strategy of information security are briefly described
“

as follows; ”

 Application security – Application security strategies protect applications and

“

application programming interfaces (APIs). We use these strategies to prevent, detect

and correct bugs or other vulnerabilities in your applications. If not secured,
 application and API vulnerabilities can be provided a gateway to broader systems,
putting our information at risk. So, that’s the reason why the application security must
kept in mind and proper way is identified to implement application security. ”

 Infrastructure security – leads to protection of infrastructural components, such as

“

servers, clients, mobile devices, data centres etc. The connectivity between different
component like mentioned above and between the others puts the information at great
risks without proper safety measures. So, safety measures would be specified for sake
of making the infrastructure of the organization to much strong level leads to
minimization of risk factor. ”

 Cloud security – Cloud security is concerned with the information and components
“

connected on cloud or cloud information. It also tends to include a focus on

centralizing security management and tooling. This centralization enables our security
teams to maintain visibility of information and information threats across distributed
resources.”

 Incident response – is a set of procedures and tools that we can use to identify,
“

investigate, and respond to threats or damaging events. It eliminates or reduces

damage caused to systems due to attacks, natural disasters, system failures, or human
error. This damage includes any harm caused to information, such as loss or theft. So,
we have to make specific techniques and ways in response of each incident and be
ready for the incidents so that we can stop the threats damaging our security. ”

 Vulnerability management – is a practice meant to reduce inherent risks in an

“

application or system. The idea behind this practice is to discover and patch
vulnerabilities before issues are exposed or exploited. Vulnerability management
practices rely on testing, auditing, and scanning to detect issues. There would be a
team specified to work on the module of vulnerability management in our firm in
order to minimize the data to be exposed or exploited. ”

 Disaster recovery – Disaster recovery strategies are implemented in order to protect

“

organization from loss or damage due to unforeseen events. For example,

ransomware, natural disasters, or single points of failure. Disaster recovery strategies
typically account for how we can recover information, how we can restore systems,
and how we can resume operations. ”

f. Objectives
We should must specify some objectives for information security strategy, and for that the
“

objectives specified are described as follows; ”

 Confidentiality – ensuring the privacy of one is first foremost objective. It involves

“

the access of data to those are authorized and legally have the right to access the data.
Encryption processes and passwords are ways implemented for restricting the data
and confidential security met in this way. ”

 Availability – private information will be present for anyone who is authorized to use
“

that information ”
  Secure and reliable – our basic objective is to provide secure, reliable and cloud
“

stack storage organization-wide and to authorized third parties with the assurance that
the platform is appropriated to process sensitive information. This lead us to secure
and reliability of the data as well as make a trustworthy relation between us and our
client .”

 Recovery – data recovery would be made possible in case of any loss if occurs in
“

information. Information would be saved in different storage devices and backups

would be made. There are several ways which would be used to do such task which
includes cloud backups or keeping copies of data on different local computers in a
firm.
”

Answer - ‘B’:
Actions per objective
Objectives defines the goal for a firm in actual manner. It describes what the company will
“

try to fulfil its mission in appropriate manners. Strategic objectives are usually some sort of
performance goal—for example, to launch a new product, increase profitability or grow
market share for the company’s product. So, every objective is as defined first, so after that,
the objectives are to be worked on and actions should be taken by specific team members of
the employees in the firm to get responsibility for the completion of the assigned objectives.
When comes to the strategic planning of our organization, our objectives are clearly defined
as to provide full information security of clients, members and each personnel pertaining to
the organization. Increase the profitability of the products, increase security measures such as
by creating multiple copies of data on different system, provide data to authorize members
and cloud the data in order to keep it safe for long use.
”

Responsible
Every team member is responsible for the flaws and issues faced in a module assigned to that
“

team. Every employee has to realize his duties and work according to the specified
constraints and perform his duties within specified time frame. Each team in the firm will
provide their best upon certain modules assigned to them for the work. ”

Timeline
Time frame is the most important aspect in order to bring the firm to an acceptable level as
“

the client need the products on time and this encourage the confidence of clients toward the
firm as well as of the employees who worked in the firm. The specified time limit will be met
in order to bring an organization to an acceptable level. ”

Key performance indicators (KPIs)

In the strategic security plan about information, we have to specify some important KPI
sources which use to measure the organization performance and their plans;
 Number of New Contracts Signed Per Period
 Dollar Value for New Contracts Signed Per Period
 Number of Engaged Qualified Leads in Sales Funnel
 Growth in Revenue
 Net Profit Margin
  Gross Profit Margin

Answer ‘C’:
Information Security Policy
An information security policy (ISP) is a set of rules that guide individuals who work with IT
assets.

The Importance of an Information Security Policy

Creating an effective security policy and taking steps to ensure compliance is a critical step to
prevent and mitigate security breaches. To make our security policy truly effective, updating
it in response to changes in our company, new threats, conclusions drawn from previous
breaches, and other changes to our security posture.
Following eight elements are briefly explained to support our executive information security
strategy and they would definitely be targeting our goals in our information security policy;

1. Purpose
First state the purpose of the policy is defined in terms of goals, objectives and audience to
“

whom the policy would be applicable. Audience will be either specific or might be open
based on the category of organization products and services. ”

Purpose of our security policy is to provide a complete information security to client’s

“

information for whom we are working with on different projects. Information security
comptonization leads to failure and will definitely loss our clients as well. So the purpose of
our security policy is to define set of goals which are to secure client information, provide
full customer support in case of information security, and provide access to authorize users to
access the data. ”

2. Audience
The audience to whom the information security policy would be applied is the clients
“

interacting with the firm as by providing the projects. It is known fact that that audience to
which direct or indirect interaction made is responsible for any mishap regarding the
information security and which is out of the scope of information strategy such as staff in
another business unit who used to manage the security separately would not be the part of
security policy”

3. Information security objectives

Team members and employees are properly guided and they would be agreed on well-defined
“

set of objectives in order to bring the information security to acceptance level. They have to
focus on the following main three objectives for sake of managing risk factors in the firm; ”

Confidentiality - which is authorized persons has the right to access the data. As the data is
very important and it must be accessed by authorized user, otherwise the information policy
is of no use if the data is accessible to all
Integrity – Data will be intact, clean and useful in such a way that IT firm would be
operational. The integrity leads to handle any change and update in the information. So, our
security policy includes the setup of data in such a way that the information is flexible and
any change in the future can be integrated with the earlier systems so that any leak hole
should be resisted from the information to get accessible to any unauthorized person.
Otherwise, our information security will be compromised.
Availability – the users must have the feasibility to access the data at any time. These users
can be clients, team members, managers and information security officers. The data would be
available for all the insiders which are authorized and requiring the data for certain use.

4. Data Classification
The data will be classified according to the policy in multiple categories in order to keep
proper checks and keep it in useful information. Following objectives will be kept in mind
while performing classification;
 Data will be ensured not to disclose sensitive data to anyone with low level of
clearance levels. Only authorized person has the access to use the sensitive data. As
some organizations providing projects first made an agreement about not to share the
information regarding the project being developed for them, otherwise it will cost fine
against any information security mishap.
 Protection of all essential information is made possible which is regarding the project,
the team members, the infrastructure, internal data security, all the modules and
departments information is protected and one more thing to keep data flexible for any
future change is that non-useful data should not include any special security measures.

5. Responsibilities, rights, and duties of personnel

Staff members would be appointed to take reviews, education, change management, incident
management, implementation and periodic updates of the security policy. Responsibilities
should be clearly defined as part of the security policy.

Task 2:
Answer:
First I am configuring snort after changing the IP in $HOME_Net variable in snort.conf file
as follows;
After that, I opened cmd as administrator, and then use to move in Snort directory, and listed
the directories as follows;

Then from list of directories given in snort directory, I chose bin directory and inside that I
run the snort.exe file. Following figure shows the snort running and initializing plugins
I configured my VM with the specified IP and added a network as 192.168.138.2/24

After that, I opened security opinion and enabled the adapter networks which I have added
above as clearly seen. Following is how I added the sample.pcap file
Then, clicking on any host in the request, and click right mouse button and select apply as
column
Infections and attacks

Events