Law: Terms of Contract

Terms of Contract

The English contract law refers to a body of law that regulates contracts in Wales and England. These contracts are often legal binding agreements that acknowledges and control the rights and duties of the parties involved. In case of a breach of contract the law grants the affected party access to legal remedies for damages.

The rule of law is a contested concept; it is more concerned about the control of public power through law while protecting an individual. Legality is a core element in the rule of law hence it requires government to act basing on law, and it also sets the requirements by which the law has to adhere to. The government has to act and provide access to fair hearing for individuals. Through the separation of the three powers of government, it ensures that laws are not made with a certain case in mind. The formal elements of rule of law offer protection to individuals to a given extent against the subjective power of government[1].

           Substantive law as a set of written statutory rule approved by the legislature controls how a society should behave. It also defines the set rights and responsibilities for citizens both in criminal and civil law. Hence criminal law comprises offenses that are punishable, this include felonies and misdemeanors that are in contravention to the continental law. The principles and doctrines apply to one’s judgment of crime that qualifies for provision on criminal legislation. This indicates elements of the rule of law that protect individuals to a certain extent against the subjective power of government. The legality of this requirement promotes individual autonomy since it allows individuals to plan their lives. Although the elements of the rule of law are necessary, they are not sufficient to regulate the limits to substantive law.[2]

The incorporation of the human rights protection in the rule of law has the ability to set substantive limitations on substantive law. The main intent of human rights is to protect individuals from the government’s arbitrary power. The international human rights law clearly lists economic, civil, political, cultural and social human rights. Therefore, when the state signs a treaty it is legally expected that it will protect and respect the rights in the contract to ensure that it is realized through the law. Individuals equally have a right to popular participation in conducting public affairs in the legislative, administrative and executive exercise of power as part of an individual’s human right. In addition, the procedural rights set the rule of law principles hence making it part of the law. Participation is not only a valuable end because it can influence the realization of other essential goals like inclusion, self-determination and identity[3].

Legality hence demands the law to encompass democratic heritage which is stated as an element of the rule of law. Though the rule of law and democracy can be differentiated it has similar concepts since they both intend to protect equality as well as the autonomy of individuals. In the European states the rule of law connects with democracy, human rights because they form interrelated concepts of the political tradition of States.  In the UK the concepts of rule of law in relation to democracy is limited by the constitution therefore despite the balance attained, the fundamental rights and democracy differs.[4]

The principles of the rule of law in Western systems include the requirement that the law be clear, public and appropriate. However, these principles of the rule of law vary from the principles of the ordinary which directly controls the legal relations in the immediate address of the law.[5] It includes the moral principle that no individual should profit from their own wrong. The principle of the rule of law thus is direct and constrain to how the law is created and implemented. The second principles of the rule of law are formal; they indirectly serve the primary substantive policies, principles and values that are incorporated in the first principles rules and laws that serve the political and legal values.

           The principles of the rule of law therefore consist of forms of authorized law that correspond to established criteria; the accepted criteria should determine validity of law; the law should be uniform within state borders, be feasible and appropriate.[6] This is applicable to general and definite rules to classes of persons, circumstances, acts, citizens where appropriate; it should be in written form, published or made accessible; in case of changes in the law it should be prospective and not retroactive; the behavioral requirement of law be within the capacity to comply and the law should be made into effect and not regularly changed.[7]

            Participation in decision making is relevant to the success or failure in the efforts to endorse the rule of law. People care about the level of exclusion or inclusion in social groups[8]. Hence exclusion based on race, religion, ethnicity, origin or location carries the risk of violent upheaval or civil war. Therefore, participation in decision making is influential in creating identity, self-determination and inclusion. Citizens are able to participate in decision making through elective processes of representatives who make the decisions on their behalf.

            The influence and impact of legal decision making in the development of concepts and application of law in its practical and commercial setting is expansive and is deemed to be part of an individual’s human right. Individuals are able debate or dialogue to have their views adopted through a proposed law or policy decision. The opportunity to communicate and make decisions that affect them as citizens is vital. One of the impacts of participating in decision making is that their views are considered and the final decision is provided. Through participation self-determination, inclusion and identity are likely to be nurtured.[9] Participation in decision making can help build relations between those who are in government with ordinary citizens who are governed and build on trust.

            In the periods where citizens experience conflict, dictatorship and colonialism, it creates distrust between the citizens and the government. Therefore, there is always need to recreate dynamics and relationships. Participation, dialogue and inclusivity between state and society develop a base for trusting relationships[10]. Participation in decision making can also break conflicts in ethnic or racial divisions. Hence it can play a role in improving legitimacy of government, its policy decisions as well as its actions. Legitimacy is relational hence when relations are deemed to be illegitimate the decisions of government will equally be considered as illegitimate which undermines the compliance of law and its accountability. Consequently, when public deliberation is present the outcome is considered legitimate.


Ashworth, Andrew. (2003). Principles of Criminal Law, 4th ed., (New York: Oxford University Press, 2003).

Belton R K, Competing Definitions of the Rule of Law: Implications for

            Practitioners, (Carnegie Paper No. 55, January 2005).

Bingham L, The Rule of Law, The Sixth Sir David Williams Lecture, Centre for Public

            Law (16 November 2006).

Narayan D, Patel R, Schafft K, Rademacher A, and KochSchulte S. Voices of the Poor: Can Anyone Hear Us? (New York: Oxford University Press 2002).

O’Connor V, INPROL Practitioners’ Guide: Introduction to Common Law and Civil Law Traditions, (Washington, D.C.: INPROL, 2012).

Tamanaha B Z, A Concise Guide to the Rule of Law St. John’s Legal Studies

            Research Paper (2007)

Tyler RT, Procedural Justice (Aldershot: Ashgate Publishing, 2005).

United Nations Development Programme. Strengthening the Rule of Law in CrisisAffected and Fragile Situations; Global Programme (New York: United Nations Development Programme, 2011).

                [1] Rachel Kleinfeld Belton, Competing Definitions of the Rule of Law: Implications for

Practitioners, (Carnegie Paper No. 55 January 2005).

[2] Brian Z Tamanaha, A Concise Guide to the Rule of Law St. John’s Legal Studies

Research Paper (2007).

[3] Tom Tyler, Procedural Justice (Aldershot: Ashgate Publishing, 2005).

[4] Andrew Ashwort and Jeremy Horder, “1. Criminal Justice and the Criminal Law” (Principles of Criminal Law, 2013).

[5] Deepa Narayan, Raj Patel, Kai Schafft, Anne Rademacher, and Sarah KochSchulte, Voices of the Poor: Can Anyone Hear Us? (New York: Oxford University Press, 2002).

[6] Lord Bingham, The Rule of Law, The Sixth Sir David Williams Lecture, Centre for Public

Law (16 November 2006).

[7] Vivienne O’Connor, INPROL Practitioners’ Guide: Introduction to Common Law and Civil Law Traditions, (Washington, D.C.: INPROL, 2012)

[8] United Nations Development Programme, Strengthening the Rule of Law in CrisisAffected and Fragile Situations; Global Programme (New York: United Nations Development Programme, 2011).

[9] Lord Bingham, The Rule of Law, The Sixth Sir David Williams Lecture, Centre for Public

Law (16 November 2006).

[10] Vivienne O’Connor, INPROL Practitioners’ Guide: Introduction to Common Law and Civil Law Traditions, (Washington, D.C.: INPROL, 2012).



Ebola virus disease is a severe, often fatal illness that originates in wild animals and is transmitted to humans and other primates. The virus spreads through direct contact with the blood, secretions, organs or other bodily fluids of infected people.



Ebola virus disease (EVD) is a severe, often fatal illness that originates in wild animals and is transmitted to humans affecting humans and other primates (WHO, 2020a). The virus spreads within the human population through direct contact with the blood, secretions, organs or other bodily fluids of infected people, and with surfaces and materials contaminated with these fluids (WHO, 2020a).

The average EVD case fatality rate is around 50%. Case fatality rates have varied from 25% to 90% in past outbreaks (WHO, 2020a). The first EVD outbreak was in 1976 near the Ebola River in Democratic Republic of Congo (DRC) (Kourtis et al., 2015), see Figure 1, and fruit bats of the Pteropodidae family are thought to be natural Ebola virus hosts (WHO, 2020a). Over the past 40 years, more than 20 outbreaks have been identified in sub-Saharan Africa, Figure 1 (Kourtis et al., 2015; Malvy et al., 2019), with more than 21 000 cumulative confirmed cases with greater than 8500 deaths as of January 20, 2015 (Kourtis et al., 2015).

Figure 1: Outbreaks of EVD in sub-Saharan Africa between 1976 and 2018 ( Malvy et al., 2019)

Microorganism Description

The genus Ebolavirus is composed of single-stranded, enveloped, filamentous RNA viruses, that, together with the Marburgvirus genus, comprise the family Filoviridae (Kourtis et al., 2015). EVD is a hemorrhagic fever virus and its manifestation include coagulation defects, capillary leak and shock (Kourtis et al., 2015). There are currently 5 species in the Ebolavirus genus namely; Tai Forest ebolavirus, Sudan ebolavirus (SUDV), Zaire ebolavirus (Ebola virus, EBOV), Bundibugyo ebolavirus and Reston virus (RESTV) (Kourtis et al., 2015).


EVD is a biosafety level 4 pathogen and requires special containment measures and barrier protection, particularly for health care workers (Rewar and Mirdha, 2014). According to Rewar & Mirdha,(2014) EVD can survive in liquid or material for days and the incubation period is usually 4 to days but can be as short as 2 days and as long as 21 days. EVD transmits by direct contact with infected fruit bats or primates and infected persons’ (dead or alive) blood, secretions, tissues, organs, needles, syringes, and other bodily fluids (including urine, saliva, sweat, faeces, vomit, breast milk, and semen), however, airborne transmissions have not been documented (Rewar and Mirdha, 2014).


EVD runs its course within a period of 14 to 21 days and the patient may have nonspecific flu-like symptoms including fever, myalgia and malaise (Sullivan, Yang and Nabel, 2003). Sullivan et al., (2003) states that as time passes the infected patients start showing symptoms of severe bleeding and coagulation abnormalities, including gastrointestinal bleeding, rash, and a range of haematological irregularities, such as lymphopenia and neutrophilia. Exaggerated inflammatory responses that are not protective result from Cytokines which are releases when reticuloendothelial cells encounter EVD (Sullivan, Yang and Nabel, 2003). Vascular integrity is compromised once microvascular endothelial cells are infected by EVD (Sullivan, Yang and Nabel, 2003). Sullivan et al., (2003) states that hypotensive shock accounts for many EVD deaths and diffuse bleeding is observed in patients during the final stages of EVD.

Signs and Symptoms

WHO, (2020) states that several diagnostic tests have been developed to confirm the presence of EVD as it is hard to differentiate with other diseases that have similar symptoms such as malaria, typhoid, fever and meningitis. EVD symptoms include:

  • Fever,
  • Fatigue,
  • Muscle pain,
  • Headache,
  • and sore throat (WHO, 2020a).

EVD symptoms that follow include:

  • Vomiting,
  • Diarrhoea,
  • Rash,
  • Symptoms of impaired kidney and liver function
  • and in some cases, there may be internal and external bleeding (WHO, 2020a).

Treatment and prevention

WHO, (2020) states that there is no proven treatment for EVD but chances of survival are increased with early diagnosis and interventions, for example, rehydration with fluids and body salts and treatment of specific symptoms. WHO, (2020) further states that hand hygiene is the most effective way to prevent the spread of EVD and an experimental EVD vaccine (rVSV-ZEBOV) has proven to be highly preventative in a major trial that took place during a 2015 major trial in Guinea.

EVD outbreaks in the DRC 2018-2020

Figure 2 contains the EDV number of cases between 2018 and 2019 in the DRC by the week of onset and health zones (Kalenga et al., 2019) and a total of 1600 cases and 1069 deaths were registered in the DRC as of May 7, 2019, resulting in the case fatality rate of 67% (Kalenga et al., 2019). Kalenga et al., (2019) further state that out of all the cases registered, 57% (907) were female and 30% (475) were children.

On July 28, 2018, the EDV outbreak was registered in North Kivu and towards the end July 2018 it spread northwards to the Ituri province but was further contained around August 2018 (Kalenga et al., 2019). In August 2018, the virus was brought eastwards by infected people to Beni and in September 2018, it further spread from Beni south to Butembo and Katwa (Kalenga et al., 2019).  The 2020 EDV outbreak with a case fatality ratio of 66%, as of April 10, 2020, had 3456 confirmed and probable cases and 2276 deaths (WHO, 2020b). Compared to the Marburg hemorrhagic fever (Marburg HF) outbreak between the year 1998 and 2000 in the DRC, which had a case fatality rate of 83%, EDV has fewer fatalities (CDC, 2014). Malaria has the highest deaths yearly in the DRC followed by lower respiratory infections (CDC, 2019).

Figure 2: EDV number of cases between 2018 and 2019 in the DRC by the week of onset and health zones  (Kalenga et al., 2019)


EVD outbreak control measures

Madhav et al., (2018)  states that there are fewer data sources available on cost and cost-effectiveness on pandemic preparedness and response measures. Furthermore, measures put in place for early detection and mitigation are generally low cost, as costs incurred during hospitalization will generally be greater.

Low-cost EVD outbreak control measures in place include:

  • Surveillance,
  • Contact tracing,
  • Screening,
  • Vaccination,
  • Public awareness initiatives.

High-cost EVD outbreak control measures in place include:

  • Laboratory diagnosis,
  • Safe and dignified burials,
  • Case management, and
  • Infection prevention and control.

Kalenga et al., (2019) states that surveillance methods have been toughened up over time in the DRC and 88 to 92% of a 1000 alerts reported are investigated within the first 24 hours. Kalenga et al., (2019) further states that time taken to get an official report is still relatively long as the investigation of alerts and specimen testing have a turnaround time of 6 days. Contact tracing is also used to try and minimize the spreading of the virus by isolating and treating contacts that were exposed to the patients. Kalenga et al., (2019) states that it is a relatively hard process to manage as some patients have very long lists, some hide and refuse to subject themselves to follow-up tests, and others may have travelled too long distant places. The screening was conducted in high-risk areas where more than 200 000 people per day were screened at 80 points of entry and control (Kalenga et al., 2019). Post-exposure vaccination with rVSV-ZEBOV-GP commenced on August 8, 2018, and was carried out in high-risk areas, with about 112, 485 people vaccinated by May 7 2019, (Kalenga et al., 2019). Kalenga et al., (2019) states that most of the patients that died from EVD were given safe and dignified burials, furthermore minimal handling of the corpses, disinfection and allowing the religious and cultural proceedings to take place in a confined area. Attempts were made to continuously decontaminate facilities where cases were identified and to ensure health care facilities and key sites are well equipped with the training, infection prevention and control equipment, including essential hygiene products, such as chlorine, detergents, soap and water (Kalenga et al., 2019).  Kalenga et al., (2019) states that case management is done at the EVD treatment centres where supportive care is given to the patients, which includes aggressive rehydration, electrolyte imbalance correction, and nutritional support. Furthermore, Kalenga et al., (2019) state that on November 24, 2018, three antibody-based therapies (MAb114, ZMapp, and REGN-EB3)  and one antiviral agent (Remdesivir) were used. Lastly, risk communication, community engagement, and social mobilization were done to encourage greater local participation and ownership of initiatives to curb the EVD outbreak (Kalenga et al., 2019).


Marburg HF outbreak between the year 1998 and 2000 in the DRC, which had a case fatality rate of 83%, EDV has fewer case fatalities of about 66% in 2020 outbreak, The top 3 causes of death in the DRC include, malaria in the first position, lower respiratory infections in the second position and neonatal disorders. EDV is regarded as a biosafety level 4 disease and to control the EDV outbreaks effectively, low-cost measures should be strengthened, which includes; surveillance, contact tracing, vaccination and public awareness initiatives.


  1. CDC (2014) Marburg hemorrhagic fever (Marburg HF), Centers for Disease Control and Prevention. Available at: (Accessed: 23 April 2020).
  2. CDC (2019) Global Health – Democratic Republic of Congo, Centers for Disease Control and Prevention. Available at: (Accessed: 23 April 2020).
  3. Kalenga, O. I. et al. (2019) ‘The ongoing Ebola epidemic in the Democratic Republic of Congo, 2018-2019’, New England Journal of Medicine, 381(4), pp. 373–383. doi: 10.1056/NEJMsr1904253.
  4. Kourtis, A. P. et al. (2015) ‘Ebola Virus Disease: Focus on Children HHS Public Access’, Pediatr Infect Dis J, 34(8), pp. 893–897. doi: 10.1097/INF.0000000000000707.
  5. Madhav, N. et al. (2018) ‘Pandemics: Risks, Impacts, and Mitigation’, in Disease Control Priorities, Third Edition (Volume 9): Improving Health and Reducing Poverty. Washington: World Bank Publications, p. 334. doi: 10.1596/978-1-4648-0527-1_ch8.
  6. Malvy, D. et al. (2019) ‘Ebola virus disease’, The Lancet, 393(10174), pp. 936–948. doi: 10.1016/S0140-6736(18)33132-5.
  7. Rewar, S. and Mirdha, D. (2014) ‘Transmission of Ebola virus disease: An overview’, Annals of Global Health. Elsevier Inc, 80(6), pp. 444–451. doi: 10.1016/j.aogh.2015.02.005.
  8. Sullivan, N., Yang, Z.-Y. and Nabel, G. J. (2003) ‘Ebola Virus Pathogenesis: Implications for Vaccines and Therapies’, Journal of Virology, 77(18), pp. 9733–9737. doi: 10.1128/jvi.77.18.9733-9737.2003.
  9. WHO (2020a) Ebola virus disease, World Health Organization. Available at: (Accessed: 19 April 2020).
  10. WHO (2020b) New Ebola case confirmed in the Democratic Republic of the Congo, World Health Organization. Available at: (Accessed: 23 April 2020).


Information Security Strategy Development

Table of Contents

Question 1. 3

Software acquisition models. 3

Relationship between software acquisition and software within the company. 3

Question 2. 3

Policies, Process and Procedures Used in British Telecom company. 3

Issues Raised within the Company Handbook. 4

Question 3. 4

Information Security Strategic Plan. 4

Question 4. 5

Information system External and Internal Threats for British Telecom.. 5

How the British Telecom Company Manages Information Security Threats. 6

Security Assessment Process. 6

Question 5. 7

Access Control Strategy Analysis. 7

Rewriting the Strategic Plan. 8

Best Strategy to Be Used. 8

Question 6. 8

Proper Incident Management Strategy. 8

Implementing Strategy. 9

Question 7. 9

Brief Security Strategy for the company. 9

British Telecom Information Security Strategic Plan. 9

References. 12







Question 1

Software acquisition models

Software acquisition refers to the method related to engineering, funding, management, system deployment, integration and long-term software support. There are three models for software acquisition. Purchasing of software, customising of software and renting a software. In software purchase, an organisation acquires software from vendors, either by buying an existing product or paying developers for software development. Other businesses prefer running software which has been developed within the organisation hence custom-developed software. Finally, an organisation may prefer leasing software for a specified period.

Relationship between software acquisition and software within the company

British telecom Company (BT) uses software which is purchased or leased from different vendors. The company uses a Managed Security Service Provider (MSRP) software for managing the company services. The company has recently migrated to cloud computing by leasing a Service as a Software application which is responsible for data availability for the customers. BT company uses employee monitoring system software which had been customised within the company to monitor the company devices.

Question 2

Policies, Process and Procedures Used in British Telecom company

Every company needs a toolkit that defines how it undertakes its activities, especially on security concerns. British Telecom company has a set of rules described within the handbook. Every company employee is expected to go through the company policies thoroughly to avoid unnecessary issues with the administration.  The handbook is divided and implemented in five sections. The first section talks about the introduction. It defines the security strategy of the organisation, how the company is prepared, and the time it has used before the implementation of the security strategy (Feng, Chen, Feng, Li & Li 2019). The handbook introduction describes the strategic steps implemented.

The second section captures several factors. It involves the analysis of the security strategy being used and the policy statements of the security implemented. The section helps a stakeholder to understand the organisation precisely (Horne, Ahmad & Maynard 2016). It involves risk analysis and assessment in the also has the legal qualifications and regulations for the company’s security.

The third section also encompasses several issues. It involves how the strategy is developed and how it is aligned to achieve the company’s security requirements. It also specifies the mission and vision of the company and how the strategy helps it achieve its security goals. The section has the business and strategy analysis that are aligned as per the performance measurements set by the institution (Azmi, Tibben & Win 2016). It encompasses the total costs that the institution used to implement the information security strategy. The section also contains the attributes to ensure that the business runs smoothly and with continuity of processes. It holds the key issues in strategy development.

The fourth section shows how the institution implemented the strategy. It encompasses organisational culture, organisational structure, and communication strategy implemented. It holds the plans and standards used, workforce, and actions committed. The fifth section bears the strategy reviews, along with all the tools that came in handy during the strategy implementation. The reviews are important in the implementation of the strategy (Tan & Yu 2018). They enable the strategy to be updated as per the requirements of the changing requirements and risks. the reviews made are analysed to determine whether key objectives of the company are met.

To monitor network security, British Telecom company strategy follows several attributes. All the network property and assets of the institution are identified. After that, the network security risks are analysed. The tradeoffs and network security are analysed in the handbook too. After that, a security initiative is developed (Dhillon, Torkzadeh & Chang 2018). The handbook defines multiple network security policies to be met.  The handbook then gives the procedure on how the security policies were applied in the institution network architecture. A functional and technical network strategy is the result.

Issues Raised within the Company Handbook

Despite the company giving its employees handbook describing various policies and security procedures. There are a number of issues raised regarding access control limits within British Telecom Company. The handbook ensures that the institutional security strategy is optimised in all possible ways with the exclusion of defining how internal users and especially the staff members are obliged to do. There is no set standard for staff members to be limited within the security strategy.  Every employee is granted the mandate to integrate into the security strategy, and the diversity of the matter could compromise the entire security strategy (Maynard, Tan, Ahmad & Ruighaver, 2018). The handbook guideline policies do not limit how an employee uses personal devices. An employee could use their devices, such as laptops, to do their tasks. The security strategy does not extend to personal devices, and the risk subjected by this is massive.

The handbook raised multiple legal issues. It describes the health and safety requirements. It also addresses the security vetting of the staff members. It also has a PESTEL analysis to determine if there should be a change in the legislation of strategy implemented (Tu, Adkins & Zhao 2019). It has the financial and cost policies used.

Question 3

Information Security Strategic Plan

An information security strategic plan is the protocol that enables a company to evade, transfer, cherish or deny information risk that may arise in any format, from people, organisation activities, or tech ology used.  An information security strategy is important as it is used to integrate the functions and company’s objectives. A security strategy bears several aspects to improve profits and costs after the implementation of the strategy (Atoum & Otoom 2016). The security strategy bears different securities. It has the well-defined security of people in the organisation that extends to the physical security of them. It has information security clearly defined in the company. It has protection against frauds and blackmails. It has process recovery and business continuity procedures. The strategy has crisis analysis, risk evaluation and management. The strategic security plan entails the corporate governance of the organisation.

Implementation of the company Strategic Plan

The company uses a corporate strategic plan to eliminate security threats and to enhance production in the entire company. It helps maintain factors such as information confidentiality, integrity, and enhancing consistency of the same (Atoum & Otoom 2016). The information security strategic plan is implemented via several steps. The first step is describing and designing consistent methods for the development of the strategy. The second is distinguishing threats that may occur and resolve them. The third step is the restraining resources that are used unnecessarily, such as increased execution time. The fourth is finding alternative architectures to implement the same strategy. The next step is about making rational decisions to deliver the required results. The next step is eliminating redundancy and focusing on the company’s core objectives (Layton 2016). The next step is managing human resources and outsourcing if the need arises. The final step is to unifying different company assets, data, information, and processes.

All these cannot be successful without gap assessment, customising the company’s business plan, and setting required standards. The gap assessment is the basic step to determine how information security strategy would be implemented. The company’s vision, mission, and processes should be analysed for possible loopholes. To implement the strategy needs the company to meet the ISO/IEC 27002 standard (Layton 2016). Setting a business plan helps to set the required security targets to be achieved.

Question 4

Information system External and Internal Threats for British Telecom

Internal threats refer to threats which originate from within the company. On the other hand, an external threat arises from outside the organisation, such as natural threats or other cases such as a company employee operating from outside the company. The most common forms of internal information security threats include malicious cyberattacks, the company employees who are not patriotic to the company operations may decide to deliberately plant a malware program within the system creating havoc within the company (Akbal & Dogan 2018). In other cases, an attacker can gain access to the system by impersonating a company employee to stage an attack. Another form of internal information security threat is through social engineering. An attacker may target the company employees by exploiting their trust nature towards the organisation. Attackers can, therefore, gain vital information for the company such as network security keys which can then be used to stage other related attacks (Gasca-Hurtado et al. 2018). Employees can also provide their personal information through telephone or by clicking phishing emails which can then be used to stage other related offences.

Other accidental methods such as downloading off malicious content from the internet can be a threatening factor to the company data and information. This is a common issue since most employees spend most of their idle time surfing contents from the internet hence threatening data security. An employee can accidentally download a malware or virus application which can introduce destructive payload to the system.

On the other hand, the company faces several external information security threats. The company data centre is located in the United States. The region is subject to occasional hurricanes, floods and earthquakes. Floods or other related external threats can potentially threaten data and information stored within the data centres.

How the British Telecom Company Manages Information Security Threats

The security methodology used within the company ensures all threats which are most likely to affect the company are adequately assessed, and the correct mitigation strategy is implemented. Several steps are followed to ensure both internal threats and external threats are mitigated before the company data is compromised. The company corporate strategy plan incorporates the creation and overseeing IT Risk Management Program. The program ensures all the activities within the company are closely monitored, and any suspicious activity in the network is reported to the top management leading to necessary action to be taken as per the company policy and guideline requirements.

Security Assessment Process

British Telecom Company uses the following risk assessment methodology to identify and mitigate risks: (a) characterisation (b) threat assessment (c) vulnerability assessment (d) risk evaluation and (e) risk treatment as shown below.


Question 5

Access Control Strategy Analysis

The access control strategy is built on technology, requirements and implementation. There are different access controls which have been adopted within the British Telecom Company such as Attribute-Based Access Control (ABAC), Role-Based Access control, mandatory access control and discretionary access control. The organisation has implemented role-based access control (RBAC). Access control within the company is dependent on the responsibilities and roles of an employee operating within an organisation (Sandhu, 2016).  Employees working as engineers can only modify their data and information. The restriction is highly made on accessing other essential and confidential data such as production and project level data (Sandhu, 2013). The role of financial and HR databases is only accessible by the Human resource managers. Due to high employee turnover experienced within the organisation, security is only reinforced using the various roles and responsibilities given to employees. Top executive, however, has root access to all system operation. The company access control strategy can be employed using the following conception framework.

Figure 4-3. A Role-Based Access Control

Rewriting the Strategic Plan

If the British Telecom company’s strategic plan was to be rewritten, the modification could be done on operational continuity section. The company should instead focus on developing a robust system which ensures monitoring of the network traffic within the company. The system will be able to identify any suspicious activity happening within the company. This will include the employee queries to the internet and identification of any remote device trying to connect to the network.

Best Strategy to Be Used

The best strategy for the company to use in this case, would be a proactive model. The proactive approach ensures relevant action is taken towards a specific malicious activity, or recovery method is immediately incorporated, and the system is restored to its operational state (Osborn, Sandhu & Munawer, 2010).


Question 6

Proper Incident Management Strategy

The best incident response strategy in the British Telecom Company can be achieved by increasing the stakeholder’s awareness of security concerns within the organisation. Due to high employee turnover, enhancing the role-based security measures can be put in place. The employees should be made aware of physical computer theft and ensuring all the activities carried within the organisation are by the company guidelines and principles. This will ensure all the human resources within the company activities are regulated at all levels ensuring accountability on the roles and duties as assigned to the individuals. Most security threats occur due to the presence of faults in policy implementation. If an employee is made aware of specific regulation regarding the company’s data security, they are likely to abide by the rules and practice the relevant preventive measures which ensure the safeguarding of the overall system.

Implementing the Strategy

Implementing incident management strategy depending on the employee roles and responsibilities will be a thorough developing policy which ensures all the company employees signs an agreement term towards security implementation strategies set in the organisation. Any employee joining the organisation will be expected to sign the agreement and take an oath of being accountable for any security breach resulting from their misconduct or security-related mistakes.


Question 7

Brief Security Strategy for the company

British Telecom Information Security Strategic Plan

Mission Statement: The Information security office mission is designing, implementing and maintaining information security strategy aimed at protecting the organisation’s system, data and the various services against damage, loss, modification, information disclosure, and unauthorised use. The information security office tries to engage all the organisation activities establishing information strategy for the whole company operation.


The organisation recognises the fact that its data and information are critical aspects for the company and therefore, should be managed appropriately against any illegal access or compromised through negligence or exposing the company data to potential attackers. The company security strategy will be built on the following logical architecture:


Strategic objectives

Data Loss Prevention – all the initiatives made towards this objective will ensure reduction and protection against federally protected information, and information disclosure which may potentially result in data loss.

Services – all the initiative toward this measure provides increased security to essential organisation services.

Proactive risk management- the initiative developed under this method will ensure the overall protection of the company by providing awareness of the company human resource towards the likelihood of information assets and the vulnerability associated with company devices. Identify controls to reduce those risks, and understand what risks remain after any identified controls have been implemented.

Crisis and security incident management- this initiative will promote data recovery and company normal operational state in case an attack happens. The imitative will focus on data recovery techniques such as replication measures and other related methods which ensure the company running operations are not interrupted in case of a security breach.

























Akbal, E., & Dogan, S. (2018). Forensics Image Acquisition Process of Digital Evidence. International Journal of Computer Network and Information Security10(5), 1-8.

Atoum, I., & Otoom, A. (2016). A holistic performance model for cybersecurity implementation frameworks. International Journal of Security and Its Applications10(3), 111-120.

Azmi, R., Tibben, W., & Win, K. T. (2016). Motives behind Cyber Security Strategy Development: A Literature Review of National Cyber Security Strategy.

Dhillon, G., Torkzadeh, G., & Chang, J. (2018, June). Strategic planning for IS security: Designing objectives. In International Conference on Design Science Research in Information Systems and Technology (pp. 285-299). Springer, Cham.

Feng, N., Chen, Y., Feng, H., Li, D., & Li, M. (2019). To outsource or not: The impact of information leakage risk on information security strategy. Information & Management, 103215.

Gandhi, K. I. (2017). Perception-Oriented Model-Driven Development for Designing Data Acquisition Process in Wireless Sensor Networks. International Journal of Computer and Systems Engineering11(5), 552-557.

Gasca-Hurtado, G. P., Arias, J. A. E., & Gómez, M. C. (2018). Technique for risk identification of software acquisition and information technologies. In Global Business Expansion: Concepts, Methodologies, Tools, and Applications (pp. 1337-1352). IGI Global.

Horne, C. A., Ahmad, A., & Maynard, S. B. (2016). Information security strategy in organisations: Review, discussion and future research directions. arXiv preprint arXiv:1606.03528.

Jayasimha, K. R., & Nargundkar, R. V. (2020). Impact of software as a service (SaaS) on software acquisition process. Journal of Business & Industrial Marketing.

Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press.

Maynard, S. B., Tan, T., Ahmad, A., & Ruighaver, T. (2018). Towards a Framework for Strategic Security Context in Information Security Governance. Pacific Asia Journal of the Association for Information Systems10(4).

Osborn, S., Sandhu, R., & Munawer, Q. (2010). Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security (TISSEC)3(2), 85-106.


Sandhu, R. (2016, June). Access control: The neglected frontier. In Australasian Conference on Information Security and Privacy (pp. 219-227). Springer, Berlin, Heidelberg.

Sandhu, R. S. (2013). Lattice-based access control models. Computer26(11), 9-19.

Sen, S. K. (2017). Applying Quality Assurance in Software Acquisition and Development.

Tan, T. H., Maynard, S. B., Ahmad, A., & Ruighaver, T. (2017, July). Information Security Governance: A Case Study of the Strategic Context of Information Security. In PACIS (p. 43).

Tan, X., & Yu, F. (2018). Research and application of virtual user context information security strategy based on intelligent group computing. Cognitive Systems Research52, 629-639.

Tu, C. Z., Adkins, J., & Zhao, G. Y. (2019). A Review of Information Systems Security Management: An Integrated Framework.

Yan, R., Jian, Y., Hao, L. C., Han, X. Y., & Tang, L. L. (2019, August). Research on Automatic Knowledge Acquisition Technology for Software Fault Diagnosis. In 2019 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (QR2MSE) (pp. 901-907). IEEE.













Table of Contents

Question 1  ……………………………………………………………………………………16

Most Typical Scenarios Leading to the Increased Exposure to DoS Attacks  …………….16

Distributed Denial of Service Attack. 16

Application Layer DDoS Attacks. 16

Advanced Persistent DoS. 16

Denial of Service as a Service. 16

Banana attack. 16

Phlashing. 16

Strategies to Incorporated into the British Telecommunications’ Information Security Strategy………………………………………………………………………………………….17

Securing the hardware. 17

Encryption and the backup of data. 17

Having cyber-security insurance. 17

Creating a security-focused workplace culture. 17

Educating the staff on the dangers of using/accessing unsecured networks. 17

Avoiding the use of work devices on unsecured networks. 18

Password sharing should be discouraged. 18

Restricting network administrator rights. 18

Continuing to educate the employees. 18

The use of a robust firewall and antimalware software. 18

Infrastructure Measures of Protection (Preventive Approach)………………………………18

Mechanisms to Mitigate Denial of Service Attacks (Reactive Approach)…………………..19

Using Access Control Lists (ACL) 19

The use of Rate Limiting. 19

Combining the Access Control Lists and Rate Limit features. 19

Automatic Command Insertion using SSH.. 20

Policies and Standards that are to be Put in Place to Either Control or Prevent Denial of Service Attacks……………………………………………………………………………………21

Question 2……………………………………………………………………………………….22

Recovering Deleted Files…………………………………………………………………………22

Extracting Used Passwords……………………………………………………………………….26



Question 1

Most Typical Scenarios Leading to the Increased Exposure to DoS Attacks

Denial of service attack is where the hacker makes the network resources not available/unavailable to the users by disrupting the services of the computer connected to the internet. (Arce, 2004, p. 18). The different DoS that British Telecommunications can face include the following:

Distributed Denial of Service Attack

This is a large scale sensor where the hacker that is to refer to a black hacker, in this case, uses several unique Internet Protocol addresses from thousands of hosts that are infected with malware.

Application Layer DDoS Attacks

The application layer is layer seven of the OSI model. Here the attacker targets the processes that take place in layer 7 by disabling all those functions.

Advanced Persistent DoS

These are threats that are persistent for long periods say, a month or even more. Here, the hacker creates a diversion to evade defensive Distributed Denial of Service countermeasures but aiming to attack only a single victim.

Denial of Service as a Service

Here, stress testing tools are used to perform unauthorised DoS attacks; hence they allow advanced and skilled attackers to access very sophisticated tools of attack.

Banana attack

This Involve the redirection of the outgoing messages from the clients’ back onto the client, thus preventing outside access and flooding the client with packets that are sent


This is also called permanent denial of service attack. This kind of attack causes irreversible damages to the system that it may not function again; thus, a replacement of the system with a new one is required.




Strategies to Incorporated into the British Telecommunications’ Information Security Strategy

Securing the hardware

All hardware devices in British Telecommunications should be protected with complicated passwords, and the password should be with the user of the device/hardware only. The password should be memorised and not written on a piece of paper as it could fall into the wrong hands.

Encryption and the backup of data

Data encryption and backup consist of two elements of strategies, namely preventing access to sensitive data and making sure that you render the data useless in case it falls into the wrong people/ hands. All sensitive data should be encrypted, and the encryption software should be updated all the time. Finally, backing up data and keeping them far away or separately is another way of preventing security breaches.

Having cyber-security insurance

Cybercriminals are tirelessly working, and in case they hack the company’s computer/ system, the loss incurred is enormous. Thus, somehow by insuring your systems and data will help mitigate these losses. Seeking the best specialist for advice on the cybersecurity insurance selection will help minimise the risk. The specialists will advise on the cybersecurity financial impact in case of such an event as a loss of data.

Creating a security-focused workplace culture

Most corporate employees do not know or understand how external threats have occurred and how their daily activities and actions leave the British Telecommunications vulnerable to these attacks. All corporate employees should be trained and educated to ensure that they use their devices carefully to provide sufficient security to British Telecommunications.

Educating the staff on the dangers of using/accessing unsecured networks

Corporate employees should be openly told not and never to use their devices for work while in the corporate buildings. Somehow, by having policies may not work sometimes; thus it is important to teach the staff how and when to use their devices while in the British Telecommunications’ offices to minimise these attacks on the British Telecommunications’ systems.

Avoiding the use of work devices on unsecured networks

Employees should be taught about the benefits of not accessing unsecured websites through the use of work devices. A breach of this rule will lead to cyber-attacks on direct and sensitive data stored in these devices; hence data will be stolen/lost.

Password sharing should be discouraged

Employees should be educated on the risks of sharing passwords or otherwise letting them log in using the Guest Account. Sometimes, the use of protocols to create temporary passwords for employees can also be used to minimise the sharing of passwords.

Infrastructure Measures of Protection (Preventive Approach)

Networking hardware devices such as switches, routers, nano – stations and even servers, should be protected from such attacks. Such attacks, like the Denial of Service attacks, may cripple the normal operations of the British Telecommunications. Software inside these networking devices should be updated automatically, as failure to do so will cause the hardware to be exploited for failures hence giving the attacker an easy way to access the system. It should be noted that once the attacker hacks the server, for example, then the entire British Telecommunications is under his control and sometimes all the British Telecommunications operations will be brought to their knees. This has an impact on the economy. However, companies using Windows Operating Systems should also be conversant enough e as follows these, control the Transmission Control Protocol Internet Protocol (TCP/IP) to prevent SYN flood attacks.

In case of Linux Operating Systems likewise, registers like SYN-Cookies, SYN-Cache and SYN-Proxy are to be set up. Normally, all of the above solutions are installed in separate devices because of their processing requirements. Web application firewalls should be implemented while hosting a website when the server is being set up.

Mechanisms to Mitigate Denial of Service Attacks (Reactive Approach)

Using Access Control Lists (ACL)

These are rules applied to a system to control permissions. The Access Control Lists can be applied to routers to check the incoming Internet Protocol packets. (Browne, 1972, p.6). Only when they satisfy the requirements, it is when they are allowed to pass. For example; there is a file with an ACL, and it contains (Carlister: read, write; Godfrey: read). This kind of ACL will allow Carlister to read and write the file while Godfrey will be given permissions to read-only. ACLs are usually table-like data structures that have entries to specify a single user or groups of users who have rights (Anderson, 1996, n.p).

The use of Rate Limiting

This uses or places a cap and sets up a traffic limit called the threshold to the network interface controller, commonly known as servers so that the server cannot be overwhelmed by too many packets. This prevents “permanent denial of service” attacks.

Combining the Access Control Lists and Rate Limit features

This method is effective as it stops ‘bad traffic’ and that is legitimate. For instance, allowing a web crawler that is not very demanding, and it comes from the Internet Protocol source could be legitimate to that specific crawler. Alternatively, allowing a single client that comes from the directors’ Internet Protocol and that file is already malware-infected, and by accessing it will cause Denial of Service attack? Access Control Lists that are advanced may provide a room of flexibility for the complex conditions. Combining any of these criteria or combining all of these criteria listed below will help:

  • Source of Internet Protocol
  • The rate limit which should include the specific types of content rate limiting.
  • Hypertext Transfer Protocol header and response code
  • Users
  • The packet timeout interval and transaction
  • The Unified Resource Locator
  • Enforcement of the real browsers

If you want to configure the advanced access control rules, here are a few steps to follow:

Go to the web protection, then select advanced protection, then, select custom rule

Accessing the User Interface of this part, your administrators’ access account profiles should provide permissions to read and write in the category of web protection configuration.

Generally, only two issues can be done, but only one is chosen at a time. These two are listed below:

i). Creation of a new rule by clicking ‘Create New’

ii). Creation of a new rule based on predefined rules, then selecting the predefined rules you will want to use, and then finally you click Clone

After these, a dialogue box appears.

iii). When you want to clone predefined rules, a name should be entered for the new rule, then click OK.

In case you need to edit and review the rule settings, you will select the rule then click edit.

iv). After all, these are done configuration of the settings is already complete.


Automatic Command Insertion using SSH

By inserting the SSH to the router makes the network secure and much stronger and does not require updating while it is inserted. The following is a list of basic commands in SSH:

Is Command

This kind of Command lists all the files and all the directories.

Cd Command

Cd means change directory. By typing cd and being followed by the directories name, you will be jumping between directories

Mkdir Command

Mkcdir means Make Directory. This kind of command is used to create directories or simply directories.

Touch Command

This kind of command creates new commands

r m    Command

this command is used to remove directories or choose files

cat Command

if you want to display contents of a file, the use the cat command

pwd Command

This kind of command is used to output the full paths of directories.


cp Command

This command is used to copy folders and files.

mv Command

This type of command is used to move folders and files. It does not copy them.

grep Command

this is a type of command used to look for strings in the files.

find Command

it is a type of command used to search or find the files that have met certain criteria

vi/nano Command

they are used in text editors to open files

history Command

is used to display the commands that were used last.

clear Command

when you want to clear all the text from the screen, use this command

tar Command

this kind of command is used to extract or create.tar.gz files

wget Command

this kind of command is for downloading or fetching files from the internet

du Command

du means Disk Usage. The above command is used to view folders and file sizes in specified directories.


Policies and Standards that are to be Put in Place to Either Control or Prevent Denial of Service Attacks

When companies fail to have policies document, drafting of procedures and processes, they are merely causing a serious mistake that has severe consequences in the future (Hamill,2005, p.469). Policies in an actual sense are high-level principles and requirements, and every department or British Telecommunications must follow as set out or stipulated by the British Telecommunications’ management. These policies could entail, documenting all the policies, procedures, and processes, as well as determining the current monitoring capabilities- the organisation. This will involve the company trying to find out if these policies, procedures and processes are being adhered to, and if each department is following them strictly and daily (Da Veiga, 2010, p.202).

During monitoring, the following questions should be answered; Is there a training curriculum for the new employees hired into British Telecommunications? If it is there, is it being followed and what is the response of the new employees towards the curriculum (Da Veiga, 2010, p.202). Further, the monitoring should answer whether these policies make part of the organisational decision-making process. Finally, British Telecommunications should have policies to determine if the training in existence is adequate while putting forth all the requirements controls and risks, dependencies and all the communication processes.  Say, for example, a British Telecommunications has a policy documented on how to terminate IT access to a staff or employee who has resigned and wants to leave the British Telecommunications. (Dourish, 2002, n.p).

Procedures to be followed alongside other processes of terminating employment and monitoring activities should all be contained therein. The specific functions and objectives should also be outlined. (Evans, 2004, p.60). The inner workings of a business are so complex. Without principles and requirements that are very clear that defines the British Telecommunications’ direction and tone, then it’s difficult for even a smart Executive to understand it (Barford, 2010, p.9). Any corporate body that requires stronger policies, procedures and processes, it must first examine its executive management, the board of directors, and all other stakeholders across the entire British Telecommunications inclusive of its branches if any, and find out who can be involved in the effort of documenting. These documents if at all they existed, then reviewing of these documents should be done manually.

Question 2

Recovering Deleted Files


After installing WinHex, the window appears as indicated in the screenshot below.


After installing WinHex, click on FILE and then select Create Disk Image as shown below:

After clicking Create Disk Image, the screen looks like this one below:



After clicking the OK button on-screen short 3 above, the screen looks as below:



The next screen looks like this.


Copies of Drive C are being copied.


After the file has been successfully copied as an image, it is the image that is then tested for the recovered files.  After it is successful, you close the window and then on desktop, find WinHex and reload it again, now to find the recovered files (Bryne, 2006, p.9). The recovered files will appear at the bottom of the screen. In this case, the recovered files that were deleted were 200KB.  We cannot recover more than 200 KB or rather 100 percentages when using this software.

Extracting Used Passwords

The windows operation systems usually store account of passwords used to log in to the memory of the users. This is to say starting with windows XP all through to Windows 10 use the above method. These passwords are encrypted and cannot be visible in plain text, but they can be searched and decrypted. When the computer hibernates, its windows writes all of its contents to drive C with the following abbreviations; C:\hiberfil.sys. This creates a memory image, and it contains all the encrypted windows passwords and accounts.

When the passwords are in image form and encrypted, we need to use special tools like winhex or boot system into the windows recovery console so that we can access the file. To access the file with winhex, this is the procedure:

Click on Tools to open the Disk and then select the physical disk that has the hibernation file.

Select the windows boot partition, then locate the ‘hiberfil.sys’ in the root folder.

Right-click to select recovery copy and then select the target folder that has the hibernation file.

Because of the hiberfil.sys contains both “hidden” and “system” attributes, we shall be required to change settings in the explorer by clicking on tools then select folders and click to display both system and hidden files.

After the above, we now launch the password kit and then select, analyse memory and decrypt the hard disk options

We then select the windows user option.

The winhex software officially now starts to scan the memory for any hibernation files, including account passwords for Windows users.

A dialogue will show the progress.

After it has finished scanning, it will now display the users and all the passwords used to log in.

This process will normally take between 10 to 20 minutes, depending on the system features of the computer you are using. This method does not depend either on the character set or the strength of the password.

Now extracting used passwords, you load the editor. Log in to some account say facebook. Enter both your user name and password then log in, then log out. Then click on the taskbar then taskbar manager. It will open the windows task manager. In windows task manager, find chrome setup.exe. Click on it and scroll through to create dump file then click on it. Then it will run and then it will ask where you want your files to be dumped. Select ‘Temp’ meaning temporary.  Create a folder on the desktop and paste contents from the temporary file. (Dunn, 1982, n.p). Go back to winhex and open, and the contents will be displayed on the folder you created and on the editor itself. Scroll down to find some similarity in data. Remember to be very careful not to miss and take irrelevant information. There you will find the password.




Anderson, R.H.,&  Hearn, A.C, (1996). An exploration of cyberspace security RD investment strategies for DARPA: ‘The day after… in cyberspace’. RAND.

Arce I., McGraw G (2004) Why attacking systems is a good idea. IEEE Security Privacy 2(4): 17-19

Artail H., Safa H., Sraj M., Kuwatly I., Al- Masri Z. (2006) A hybrid honeypot framework for improving intrusion detection systems in protecting organisational networks. Computers & Security 25: 274-288

Barford P., Dacier M., Dietterich T. G., Fredrikson M., Giffin j., jajodia S. et al (2010) Cyber SA: Situational awareness for cyber defense. Cyber Situational Awareness, Advances in Information security 46: 3-13

Bearavolu, R., Lakkaraju, K., Yurcik, W., & Raje, H. (2003). A visualisation tool for situational awareness of tactical and strategic security events on large and complex computer networks. In paper presented at the military communications conference (MILCOM) 2003, 13-6 )ctober.

Bowen, P., Hash, j., Wilson, M., Bartol, N., & jamaldinian, G. (2006). Information security handbook: A guide for managers. NIST special publication 800-100. Gaithersburg: NIST.

Browne P.S. (1972) Computer security: A survey. ACM SIGMIS Database 4(3): 1-12

Burnburg, M. K. (2003). A proposed framework for business information security based on the concept of defence-in-depth. Master’s Thesis, Springfield: University of Illinois at Springfield.

Bryne P. (2006) Application firewalls in a defence-in-depth design. Network security 9:9-11

Chakrabarti A., Manimaran G. (2002) Internet infrastructure security: A taxonomy. IEEE Network 16(6): 13-21

Cohen, F., & Koike, D. (2004). Misleading attackers with deception. In paper presented at the information assurance workshop, 2004. Proceedings from the fifth annual IEEE SMC, 10-11 June 2004.

Da Veiga A., Eloff J. H. P. (2010) A framework and assessment instrument for information security culture. Computers and Security 29(2): 196-207

Dourish, P., & Redmiles, D. (2002). An approach to usable security based on event monitoring and visualisation. In paper presented at the 2002 workshop on new security paradigms, Virginia Beach, September.

Dunn, T. S. (1982). Methodology for the optimisation of resources in the detection of computer fraud. The University of Arizona.

Evans S., Kyle D. H., Piorkowski J., Wallner J. (2004) Risk-based systems security engineering: Stopping attacks with intention. IEEE Security Privacy 2(6): 59-62

Fowler C., Nesbit R. (1995) Tactical deception in air-land warfare. Journal of Electronic Defense 18(6): 37-79

Hamill J. T., Deckro R. F., Kloeber J. M. Jr. (2005) Evaluating information assurance strategies. Decision Support Systems 39: 463-484

Hu Q., Xu Z., Dinev T., Ling H. (20011) Does deterrence work in reducing information security policy abuse by employees. Communications of the ACM 54(6): 54-60







Windows Network Proposal Fixing Windows


Viewing from this standpoint, it will be to adjusting Windows LLC’s benefit if the Windows Server 2016 is assimilated and integrated into the zones of administration and security in the 3 cities where it has been established. Places such as Dallas, Houston, and Los Angeles with views to advance its spread through the country soon, in specific areas as well. The aim of this proposed network is so that the Win Server 2016 can be engaged to take up administrative details like Group Policy, Remote Services, Active Directory, File Services, and Windows Server Update Services. Also noted in the proposal are how significant sectors like the security of data, names of domains, maintenance of the windows package, and availability to remote offices are to be handled without affecting Fixing Windows LLC’s business targets and aims.

Active Directory

The domain sample of the region of the Fixing Windows LLC structure of an Active Directory is such that a point would be labeled as the forest root while the other points are labeled as the domain trees in the domain design. In this proposal, the Houston office will be taken as the domain root and the 2 others in Los Angeles and Dallas the regional domains, as revealed in Figure 1 below. It creates an avenue for Fixing Windows LLC to keep a balanced terrain with time (Technet).











DD     Domains

Fig. 1

When giving the domain names, since the Houston office stands as the root domain, we would be naming it Houston.corp.Fixing, the positioned office in Los Angeles would be called La.corp.Fixing, and the Dallas office would be called Dallas.corp.Fixing So using a region-based domain model, for a single fresh office lunched in any position, a domain corresponding to it can be made to align the new office with the others in the company (Panek 2018). To reduce expenses, connections that are too many should not be found on the Wide Area Network servers with the aim of not causing traffic and jamming. To accomplish this at each of the three offices, there will be domain controllers, problematic processes to log in will be revised, and increased will be seen in the yield rate. With Houston and Dallas being the main offices, the Los Angeles office will have a Read-only Domain Controller. As given by, these controllers are proficient for office parts that need secure steady, fast, and excellent services to perform authentication. Some of them also have qualities of security that disallow any installation of another controller with a writable domain (Technet). Therefore, the office at Houston will have a controller of the primary domain that has a remote access server while the Dallas office will possess a Read-only Domain Controller with a remote access server.

Group Policy

It is not an excellent idea to have the default password to a system, but it is even more crucial not to access it without a password as a network breach could cost the organization significantly. With Group Policy Objects (GPO), the configuration can be made to check complexities of password, how many times a user can try entering the wrong password before they are locked out of the system, and more. GPOs have the included significance of the alternative of which event log to use in making a report about incidents on the network. The setting up of User Account Control (UAC) for workstations can harden them to discard any malicious software trying to access the machine in the network without the right credential (Panek, 2018). It is always suitable for any default password to be replaced as fast as possible and more vital in this case because a simple hack could bring down the whole Server, which will endanger the company massively.

Domain Name Service (DNS)

Domain Name Service functions by assigning IP addresses to hostnames. To be functional for the company, the Domain Name Service name for external and public use will be Fixing, and for those in the company, it will be intranet.Fixing With this, there is a chance for the Multimaster replication (“How to Install and Configure DNS on Windows Server 2016”, 2017), and the communication of Domain Name Service data is well guarded. Consequently, Domain Name Service is required by Active Directory Domain Service to permit clients to make use of domain controllers (Technet) with ease.

Files Services

The data security is hugely consequential to the company by the type of work done by Fixing Windows LLC. Password and Encryption security will be placed in drives to make sure that data is unreachable in the event of loss or theft. The totality of the network would be set up with New Technology File System security permissions to have files access control. With the usage of the New Technology File System, the hard drive space would be given to clients so they cannot go beyond their space (Panek 2018) and this checks the space usage and makes sure a client is not making use of more space on the storage server than the other. Since there are 3 different points where Fixing Windows LLC is placed and not just in a single location, it might be a necessity for each of the locations to be permitted to view and make use of files from the other 2 locations.

To achieve such a possibility with the location, Distributed File Services will be activated as it permits the alternative to place shared files from several servers in a group and give them to a single appropriate namespace that takes the form of one folder shared among servers and containing different subfolders in it (Technet 2013). Distributed File Services also avails a folder to be given to different servers across the 3 locations. Data from a server is then ordered to sync with that from others by duplicates among them (Kowalski, Dymora & Mazurek, 2017). Users will then be able to access files which their access gives them only with the aid of access based enumeration settings. Distributed File Services has lots of advantages, like a reduction on traffic and ensure smooth connection, the ability to allocate file access at random, to various hard drives to manage the workload on them, and gives a reply when there are many users at the same time (Technet 2013). Distributed File Services gives enhanced access and absorbs fault.

File Server Resource Manager will be fixed to check the disk quota. The File Server Resource Manager is one of the new advancements on the software in the File and Storage Services server group, and it helps the classification and management of data as they are being stored. It gives increase regulation power on folder quotas by giving the ability to examine files and delete undesirable ones and spontaneously creates a report on the storage following conditions and bounds set on it ( Administrators can also utilize operations and functions according to stated limits based on their classification.

The regulation of the type of files users can put in the disk storage is regulated by file screening. It holds that if a specific user is not needed to put individual files of a particular format, with the aid of file screening, he can be choked off from storing them on the servers. Quota management is a desirable alternative to File Server Resource Manager because it records and takes note of space by figures used or by folder. Space of Storage is checked by calculating the number of space left at every point in time, so the real space left is known per time. A message of warning can be sent to the user’s mail when the space they are using up is getting near to their given space or if they are storing up data they are not permitted to or when they forfeit other restrictions stated already in the Server. It is candid for the administrator to take the user’s history log and make a report on their events.

Remote Services

The windows network proposal needs to have protected access distantly connected to the company at Houston for the sales personnel at Los Angeles. To achieve this, a Virtual Private Network will be created and installed on the Windows Server 2016 to connect them through reliable encryption. There are specific 4 criteria to be accomplished in using Virtual Private Network in security access. The Internet Key Exchange version two is the particular 1 to be used for Fixing Windows LLC. It has well specific security and enhanced methods of connection that reestablish active connections online as soon as possible in situations of loss of network. It also makes use of both smart card authentication and certificate authentication. Joined with it are lots of security protocols, including data confidentiality, data reliability, and data source authentication. It also has structures to take out possibilities of Denial of Service attacks and enhances security by utilizing number error modification, sequences, and acknowledgments ( 2016).

A user can be granted access to log in safely from wherever the user is into the network whenever that particular user in the company is to work anywhere outside the company. At one instance or the other, there may be a hack on the Virtual Private Network’s security even though it is secure and encrypted. With such reason, users making use of the Server from a distance should be educated on the catastrophes that can come if they haphazardly leave their device around or in any way gets into the hands of hackers, and they excerpt confidential information from it. Making use of Routing and Remote Access Service assist to control and manage remote access servers. It is candid about setting up and can supervise all the events going on the Server and permitting them access for the purpose of the record and security (Panek 2018).

Windows Server Update Services (WSUS)

Windows Server Update Services permits administrative users to circulate and regulate necessary and essential advances to their windows environment (Panek 2018). It is essential to install Windows Server Update Services so that fresh features from Microsoft servers and Fixing Windows LLC’s servers are unexpectedly utilized and obtained. It allows no chance for the oversight of any significant update from Microsoft software. The practice of new features and essential patches should be examined in a protected space first before it is assimilated for use on the main servers. All of the Update Servers should be programmed to implement and acquire significant updates from Microsoft servers automatically. Clients’ devices can also be programmed to spontaneously get updates directly from the Microsoft update servers, also like the usage of bandwidth is not a deterrent at all on Fixing Windows LLC’s network, and it should be able to grip it.

Windows Deployment Services will be made to install a new server into the network. Administrative users generate Custom images as they make capture boot images. So the established format will be put in use once the purpose for a new server arises to be installed on Fixing Windows LLC’s network. By so doing, time in establishing a new server is saved by the administrative users, and thus, efficiency is maximized as the servers perform their duties properly.

Using Software Defined Networking and High-Performance Network

Enactment must be done using software-defined networking in Windows Server 2016. The center for data management manages the routers, switches, gateways, and virtual network devices through a single console. It tolerates easy control and central management of all devices. It typically entails of 3 layers; the virtual network or physical, the application layer, and the control system (Panek, 2018).

The high-performance networking solution is a central feature of the Windows Server 2016. It acts as a significant role in certifying real-time data processing. It is severe for disaster recovery and confirming high performance through distributed computing (Panek, 2018). High-performing networking is used when there is a call to move a bulk of data with low latency of the network. The high-performance network makes use of techniques such as NIC teaming, quality of service, Datacenter bridging, receive-side scaling and SMB multichannel


In conclusion, the proposal for Fixing Windows LLC to start to make usage of the Windows Server 2016 includes the secure management of Windows Server Update Services, Domain Name Service, Active Directory, Remote Services, and Group Policy. The Houston and Los Angeles locations will be configured to be the domains of the region. All locations are safely and securely connected with end-to-end encryption. All of the 3 locations will have their controller domain with the Los Angeles location possessing a Read-only domain controller.








How to Install and Configure DNS on Windows Server 2016. (2017). Retrieved 15 April 2020, from (2016, March 23). Support: Juniper. Retrieved from×48/topics/concept/vpn-security-ikev2-understanding.html

Kowalski, D., Dymora, P., & Mazurek, M. (2017). Failover clustering in Microsoft Windows Server 2016. Scientific Journals Of Rzeszów University Of Technology, Series: Electrotechnics, 57-65. doi: 10.7862/re.2016.10

Technet. (n.d.). Retrieved from

Technet. (2013, November 13). Retrieved from (n.d.). Retrieved from

Panek, W. (2018). MCSA Windows Server 2016 Study Guide. Newark: John Wiley & Sons, Incorporated.


Evidence-based practice PICOT question







Evidence-Based Practice PITCO Question

Students Name

University Name






PICOT question examines whether a nurse’s application of the LACE scoring index and the Intervention to Reduce Acute Care Transfers (INTERACT) reduces a patient’s readmission in the Skill Nursing Facilities (SNF) and improvement of transition care compared to the non-utilization of the LACE scoring and INTERACT tool. This paper will examine the PICOT question while providing evidence, methodology, and evidence in detail.



Evidence-Based Practice PITCO Question


Rehospitalization of patients is a common issue among hospitals, SNFs, and medical patients. According to Mileski et al., 2017, the majority of the adverse effects leading to patient rehospitalization are preventable. Additionally, among older SNF patient’s fragmentation of care is a risk factor that increases their vulnerability (Wang et al., 2014). This project utilizes the Transition Of Care Model (TCM) to complement the evidence-based protocol approach used to assess the transition of care for patients released from hospices to SNFs. This paper focuses on the efficiency of the LACE and INTERACT tool on (a) the alertness of staff’s nurses to the alteration of a patient’s condition in Advance Practice Provider (APP) to diminish rehospitalization as compared to the non-utilization of these tools (b) improving attention given to high-risk patients by staff nurses.

Clinical Question

The frequency of hospital readmissions occurs within the 30 days of hospital discharge. While working in SNF, treating recently discharged patients from hospitals, I realized the majority have several comorbidities and are frail. Consequently, SNFS nurses fail to timely report alterations in a patient’s health status, thus leading to the high readmission rate (Enderlin et al., 2013). The readmission rate of discharge patients to SNF is 20-25 percent. Furthermore, the SNF lacked a transitional care model which will identify high-risk readmission patients through sign and symptoms, for a timely APP report.

LACE index scoring tool is a strategy used to reduce readmission by identifying preventable readmission. Moreover, it identifies possible deaths within 30 days based on four parameters. The four parameters include (i) L for the length of stay (ii)A is the acuity of admission (iii) C is the comorbidities’ integrating the Charlson comorbidity catalogue and (iv) E is the total sum of emergency appointments within the preceding six months.  In several studies, a higher LACE index reflects a higher patient readmissions rate (Kripalani et al., 2019). To assist older patients in achieving successful care transition, nurses specialize in the care and systematic approach to meet family and patient cognitive, sensory needs, and health literacy. In other words, the systematic approach minimizes unnecessary death and rehospitalization.

The PICOT query is “does the use of LACE and INTERACT tools over a period six months reduces the patient’s readmission rate and advance the transition of care amongst patients admitted in SNFs as compared to patients the non-utilization of the INTERACT and LACE tool. According to a quasi-experimental study, the results revealed that nurse transition care coordinators’ interventions helped to reduce health care costs between the 30 to 90 days period (Kripalani et al., 2019). Mileski et al., 2017) states that the transition of care is effective in the reduction of health care costs and patient rehospitalization between 30 to 90 days period.

Utilizing the INTERACT tool has several advantages, such as resolution and early recognition of fluctuations in elder patients well-being status. In doing so, there are limitations to the potential complications, rehospitalization, and ever-increasing healthcare costs.




Enderlin, C. A., McLeskey, N., Rooker, J. L., Steinhauser, C., D’Avolio, D., Gusewelle, R., & Ennen, K. A. (2013).  Review of current conceptual models and frameworks to guide transitions of care in older adults. Geriatric Nursing, 34(1), 47-52. doi:10.1016/j.gerinurse.2012.08.003

Kripalani, S., Chen, G., Ciampa, P., Theobald, C., Cao, A., McBride, M., Dittus, R. S., & Speroff, T. (2019). The transition care coordinator model reduces hospital readmissions and costs. Contemporary Clinical Trials, 81, 55-61. doi:10.1016/j.cct.2019.04.014

Mileski, M., Topinka, J. B., Lee, K., Brooks, M., McNeil, C., & Jackson, J. (2017). An investigation of quality improvement initiatives in decreasing the rate of avoidable 30-day, skilled nursing facility-to-hospital readmissions: A systematic review. Clinical Interventions in Aging, 12, 213-222.  doi:10.2147/CIA.S123362

Wang, H., Robinson, R. D., Johnson, C., Zenarosa, N. R., Jayswal, R. D., Keithley, J., & Delaney, K. A. (2014). Using the LACE index to predict hospital readmissions in congestive heart failure patients. BMC Cardiovascular Disorders, 14(1). doi:10.1186/1471-2261-14-97





Earthquake implies the sudden movement of the earth’s tectonic plates that trigger shaking of the earth’s surface. The shaking that results from the earthquake can cause significant damages to the earth’s surface; hence are a form of a natural disaster. Notably, not all types of earthquakes are disastrous as some are weak and can quickly go unnoticed, but there are major earthquakes whose magnitude triggers violent effects on the earth’s surface. Earthquakes usually occur in two main areas, the hypocenter depicting a location where the quake starts and an epicenter where he seismic rupture effects begin to show (Allen et al., 2009). The catastrophic nature of earthquakes depends on its magnitude and intensity that is measured using equipment the Richter scale that observes the extent of the seismographs.

Consequently, it is crucial to affirm that earthquakes mostly occur in fault line locations, and the impact of crushing of rocks in the fault line locations leads to massive tremors leading to earthquakes. Earthquakes around the world are located along the edges of oceanic and continental plates, especially along the Pacific Ocean basin that is famously known as the Ring of Fire”. The area witnesses a series of continuous activities ranging from slipping between tectonic plates and faulting of the plates making the region an active hotspot for occurring of earthquakes. The countries around the Pacific basin, including Guatemala, New Zealand, Indonesia, Mexico, and the United States of America, are highly vulnerable to earthquakes, unlike those outside the ring (Stenhouse, 2018). It is also important to note that the area is prone to volcanic eruptions that make the earth surface vulnerable, hence making tectonic and oceanic plates to weaken exposing the earth’s crust to faults that trigger catastrophic effects on the earth surface. It is essential to affirm that earthquakes are highly unpredictable, and it is only through possessing knowledge on the likely risks that persons can overcome the dangers f earthquakes.



Top of Form

Top of Form

Johnson, BjjjAllen,  Allen, R. M et al. (2009). The Status of Earthquake Early Warning around the World: An Introductory Overview. Retrieved from:

Stenhouse, A. (2018). What is the Pacific Ring of Fire? The facts, causes, and countries affected. Retrieved from:

Bottom of Form




Mount Everest is the highest mountain in the world, and it is characterized by 29 029 feet above sea level. The location of the mountain is on the border of Tibet and Nepal. The mountain entails sedimentary and metamorphic rocks that have been slipped southward over continental shell or layer made up of Archean granulites of the Indian Plate throughout the Cenozoic impact of India with Asia (Smethurst, 2000). Mount Everest was formed about fifty-five years ago when the Indian subcontinent smashed together with Eurasia. The disconnect India tectonic plate was moving toward the northward, and it eventually collided against Asia buckled and uplifted to form the mountain.

Mount Kilimanjaro

Mount Kilimanjaro is a colossal stratovolcano that contains three distinct volcanic cones. The volcanic cones are Kibo which is the highest, Mawenzi which is 5, 149 meters, and Shira, which is the lowest with 4, 005 meters. The mountain is familiar across the world for being the highest mountain in the African continent, and it is characterized by 19 340 feet above sea level (Smethurst, 2000). The mountain is located in Tanzania, a nation found in East Africa. Mount Kilimanjaro is the tallest freestanding mountain on earth. The formation of the mountain is dated back to three million years ago when the “Great Rift Valley” was fashioned. The busting of multiple volcanoes around Kilimanjaro area, the eventual retreat of magma from the central vent of the volcano, and a concluding puff of smoke depositing an ideal cone of ash around the brim led to the formation of the mountain.

Mount Pinatubo

The mountain is an active stratovolcano that is situated on the island of Luzon in the Philippines. An altitude of 1486 meters characterizes Pinatubo. The mountain entails dacite and andesite. The formation of the mountain is dated back to one million years ago. The subduction volcanoes that resulted from the Eurasian plate gliding under the Philippine mobile belt along the Manila Trench to the west laid the foundation for the formation of Mount Pinatubo (Smethurst, 2000).


Mount Rainier

Two volcanic craters characterize the summit of the mountain, and each has a diameter of more than one thousand feet. Mount Rainier is synonymous with twenty-six significant glaciers and thirty-six square meters of permanent snowfields. The mountain has the most extensive volcanic glacier cave system around the world. Since its formation, the mountain has been synonymous with frequent eruptions with the last taking place in around one thousand years ago (Price, 2012). Mount Rainier has an altitude of 14, 410 feet. Most geologists trust that the shaping and formation of Mount Rainer stemmed from a mass of solidified lava that resulted from earlier volcanoes.

Mount Cook

In essence, Mount Cook is understood to be the purest alpine since it enclaves permanent snowfields, glaciers, and skyscraping peaks, and all of these features are situated beneath a star-studded sky. From 2014, the altitude of Mount Cook is indicated to be 12, 349 and it is the highest mountain in New Zealand. The formation of the mountain resulted from the tectonic uplifting and pressure as the Pacific and Indo-Australian plates bumped along the island’s west coast (Price, 2012). Each year the uplifting persists to elevate the mountain at an average of seven millimeters.





















Price, F. M. (2012). Mountains of the World. Retrieved from             09_ddc_322a_mountains_of_the_world_2002_-_sustainable_developments.pdf

Smethurst, D. (2000). Mountain Geography: Geographical Review, 90(1):35-56. Retrieved from   



Literary Experience Essay Submit Assignment

Analysis of literature text is part and parcel of our day to day lives. We do analyze literature whenever we read newspapers, follow driving rules, read hospital reports, follow recipes, and so many more. Analysis of literature can be described as the guidelines to reading that involves; one time reading to get the message, comprehension, and close reading and understanding of the text.

For the first time reading I determine whether the text makes sense; whether I understand the basic plot; and whether there are important sections of the text to recognize.  The comprehension process requires understanding features such as characters, settings, and plot. The process entails; exposition, rising action, climax, falling action, and resolution.

Once I am done with the comprehension process what follows is the interpretation of the text. Interpretation involves determining what holds the piece of literature together. It may require that we examine the tone and mood in the text. I may also need to know the motivations of characters in the text. Interpretation involves a deeper exploration of characters, settings, and plot while evaluating the language and literary styles used by the author.

After successfully comprehending and interpreting the text what follows is the creation of an analytical statement about the entire text. This involves pulling together all the information in the text. The creation of an analytical statement could involve studying the author’s choices and commentary, determining how literature reflects on the time frame, studying the themes, studying the history of the text, and determining the author’s background.  The methods of possible analysis are so many and there are no single right means of carrying it out.

All in all, the analysis of texts is a very fundamental process in our daily lives and so it is important to get to know how best to analyze literature work. All the three levels of readers; those who read for enjoyment, those who read-only when they are forced, and those who read for analysis and understanding of the text both need to know the basics of analyzing a text. Therefore, the basics of analyzing a text are fundamental to all three groups of re


The study of literature has been very interesting, perhaps because it gives one an opportunity to dive into other authors minds and understand their creative bearing. Beginning with the coverage of fiction and now moving on to poetry the process is immersive and interesting. To this end, several themes have come up from the course readings that are central to the creative process. In both covered poetic and fictional works common themes have emerged among explored authors. Themes include love, happiness, tragedy, loss, grief, happiness, God, spirituality, memories and milestones. Other major themes that are common in poetry and fiction genres include courage, corruption, power, individual vs. society and even war. As such, based on the readings from the course, themes covered by both genres are connected to the experiences of the author, observations and also issues or matters that affect the society. Hence, it is accurate to state that the various themes identified above are not just an outcome of the authors imaginative process. Rather, these themes are a combination of the authors experiences and complemented by creativity when it comes to presentation. Thus, the themes mentioned above are memorable because they have been dramatized to give the audience a greater connection thus helping them absorb and interact with the material in a more interesting manner.

So far, in the course, we have covered the fiction genre in-depth and now moving forward to the poetry genre. This will be more interesting because, unlike fiction, poetry is wide, diverse, complex, and interesting. As such, with an almost infinite feel as the audience attempts to derive the meaning of compositions. In agreement, the definition to keep in mind is that a poem is a composition where the author gives thought, attention, and meaning to the structure of the text. To this end, poetry and fiction genres share some common themes, including love, war, happiness, disappointment, grief, power, and the struggle between individuality and society. However, a major difference is unlike fictional work; poetry does not follow a predefined structure to allow the audience to follow. For example, a fictional story begins with the introduction of major characters, develops them in the body, and concludes the narration in an orderly fashion. In contrast, while themes are similar, poetry lets the author express artistic authenticity with no predefined chronological structure, which makes poems complex yet very interesting to an audience.