Computer and Information System

Coursework Assessment
202110

Course CIS 4203 IT Strategy and IT Governance

Assessment Method Group Project

Date of Assessment 19 Sept, 2021 Duration / Deadline(s) 23 Nov, 2021

Maximum Mark 100 Percentage of Final Grade 25%

Instructions to Students

1. This assessment has maximum of 12 pages including the cover page, references and annexures.
2. Each student is required to submit the project deliverables individually onto Blackboard.

Academic Honesty Statement

In accordance with HCT policy LP201- Academic Honesty

• Students are required to refrain from all forms of academic dishonesty as defined and explained in HCT procedures and
directions from HCT personnel.

• A student found guilty of having committed acts of academic dishonesty may be subject to one or more of the
disciplinary measures as outlined in Article 33 of the Student and Academic Regulations.
‫إفادة األمانة األكاديمية‬

‫ األمانة األكاديمية‬LP201 - ‫وفقًا لسياسة كليات التقنية العليا‬

‫ والتوجيهات‬،‫ كما هو مبيّن وموضح في السياسات واإلجراءات الخاصة بكليات التقنية العليا‬،‫• يُطلب من الطلبة االمتناع عن كافة أشكال سوء األمانة األكاديمية‬
.‫الصادرة من موظفي الكليات‬

‫ من‬33 ‫• في حالة ارتكاب الطالب أي شكل من أشكال سوء األمانة األكاديمية سوف يتعرض الى واحد أو أكثر من التدابير التأديبية على النحو المبين في المادة‬
.‫األنظمة األكاديمية‬
Table of Contents
PART 1.......................................................................................................................................................3

Section 1: Introduction and Company Background.................................................................................3

INTRODUCTION...................................................................................................................................3

COMPANY’S BACKGROUND.................................................................................................................3

Location...............................................................................................................................................3

Business vision.....................................................................................................................................3

Mission................................................................................................................................................3

Business objectives..............................................................................................................................3

Application Profile...............................................................................................................................4

Section 1.1:..........................................................................................................................................4

Section 2: IT Situation Assessment.........................................................................................................5

Section 3: Major IT & Business Gap Analysis........................................................................................7

Section 4: STRATEGIES AND ACTIONS.............................................................................................7

Possible alternative.............................................................................................................................7

THREE SOLUTIONS FOR EACH GAP......................................................................................................8

TWO KPIS FOR THE SELECTED SOLUTIONS:.........................................................................................9

PART 2......................................................................................................................................................10

Section 1: Possible Frameworks............................................................................................................10

TOGAF................................................................................................................................................10

ITIL.....................................................................................................................................................10

COBIT.................................................................................................................................................11

NIST...................................................................................................................................................11

ISO 27000..........................................................................................................................................11

TOGAF VS ISO 27001..........................................................................................................................11

Section 2: Why ISO 27001....................................................................................................................11

ISO 20000(20071-20072) FRAMEWORK OVERVIEW.................................................................13

Section 3: Enterprise Architecture.........................................................................................................13

 ISO 27001 COST & SCHEDULE MANAGMENT:.........................................................................13

ISO 27000 FRAMEWORK IMPLEMENTATION...........................................................................14

Conclusion.................................................................................................................................................18

References.................................................................................................................................................18

PART 1

Section 1: Introduction and Company Background

INTRODUCTION
In this Project we by analyzing Emirates background and identifying the gaps from the SWOT
analysis and the impact on the business from those gaps, also by noticing the gaps we by
discussing multiple frameworks will justify why Emirates needs ISO 27000 to fill out it’s gaps to
reach organizational goals.

COMPANY’S BACKGROUND
Emirates is the national carrier of the UAE, which was founded in October 1985. Emirates is the
world's biggest airline and one of the world's fastest in growth, with a network that spans the
globe. The airline has a widebody fleet and is the world's Biggest operator of the A380 Airbus
aircrafts t. Emirates operates a vast network of services throughout the Middle East, as well as to
Africa, Asia, North America, the South Pacific, South America and Europe, from its hub at
DXB Airport. Emirates SkyCargo is Emirates' air freight subsidiary, which serves more than 50
locations. (Emirates,2021)

Location
Dubai, United Arab Emirates, serves as Emirates headquarters and major hub. For both local
and international flights, Dubai Airport serves as the city’s starting point. The airport is
considered the busiest airport in the world, which implies it’s not only one of the greatest
airports in the middle east it also has a big financial impact on Dubai.
Business vision
Maintain international recognition, become one of the world's leading aviation and security
service companies, and set a benchmark in the industry.
Mission
Emirates maintains its international reputation as one of the world's aviation giantssets the
standard in the industry. Emirates strives to increase mobility and connecting people all over the
world.
• Commit to ensuring the safety of all customers, employees, and assets by conducting regular
reviews, training, and education.
• Commit to ensuring the safety of all customers, employees, and assets by conducting regular
reviews, training, and education.
• The first step in achieving organizational commitment is to hire a devoted team and provide
them with tools and training.
• Respect and care for people of all backgrounds and cultures while promoting Emirates Airlines
values and hospitality.
• To continue delivering excellent customer service, the company must preserve its financial
stability while quickly expanding.

Business objectives
Emirates Airways' business goals are as follows:

• Provide a high quality customer services

• Improving brand image globally

• Cost effectiveness in all its operations

• To be financially stable and remain profitable.

• To be a modern, innovative, and customer-oriented aviation company.

Application Profile
Applications produced Emirates as part of their electronic smartphone application series are used
by the airline. With these apps, customers may simply follow up with the airline while still
having access to their service needs.
The second application is email. e-mail is utilized extensively by both consumers and airline
personnel in this circumstance. In addition, Emirates offers a choice of technologies for
communication through smart phones.

Section 1.1:
IT SWOT Analysis
SWOT analysis of Emirates will help us maximize strengths, minimize weaknesses, take
advantage of new market possibilities, and avoid overlooking dangers.

Strengths
 Customized service will continue.

 Prompt replies to requests for assistance from a local support desk

 The ability to be adaptable while responding to demands

 With the addition of new shows

 Technicians are always learning new techniques.

  Consultation services were provided for the purchase and delivery of equipment.

Weakness
 Ineffectiveness
 There is a lack of preparedness in the event of a crisis
 IT staff must fulfil their responsibilities even though there is inconsistency in their
knowledge.
 There is no school-wide information technology compliance organization that can aid
with policy enforcement.
 There are no standard computer networks.
Opportunities
 Virtualization and the use of the new product
 Creating virtual servers from server systems
 the establishment of committees to advise on devices and analyses
 Web-based applications
 The connecting of several electronic components.
Threats
 A hostile environment for security
 Rogue IT staff
 On-demand or cloud computing
 A large number of gadgets are available to assist with the use of internet services
 Taking Responsibility for One's Own Behavior

Enhancing the efficiency of performance

With our fuel efficiency initiative, Emirates is enhancing the quality of aviation travel. Aircraft
weight and fuel consumption may be reduced, as can the introduction of novel techniques to
minimize carbon emissions and fuel consumption. Increasing the efficiency of air routes.
Reinforcement for customer service.

Developing innovative human resources

Emirate’s management must be familiar with the fundamentals, such as task evaluation, to
maintain track of Human Resources. Having a clear understanding of what their staff are doing
helps Emirates keep track of how their actual success compares to their desired outcomes. The
organization of jobs, departments, and work processes, as well as the creation of priority lists,
would be possible for the corporation. After hiring staff, they should immerse themselves in the
culture of the company. After being employed, employees may learn about the company's
culture. Additional advantages include both internal and external ones. Establishing confidence
in the pay system by conducting job analysis, role evaluation, and compensation studies is a key
component.
Section 2: IT Situation Assessment
IT SITUATION ASSESSMENT
As through the SWOT analysis we got to know about the technical weaknesses of Emirates
airways from where we can say Emirates is in a vulnerable state because of following
weaknesses as per the SWOT analysis; lack of preparedness in the event of a crisis,
inconsistency in their knowledge of I.T staff, no standard computer networks, and
ineffectiveness. Because of all the weakness above we can witness the GAPS in I.T sector of
Emirates which can lead the company towards big tragedies, to fix out such GAPS and
weaknesses Emirates must implement the framework i.e., ISO 27000.

IT Organization Profile:
Emirates has a very complex Information technology processes, as an example Emirates
application which allows you to manage your booking which includes booking new flights and
canceling flights.

IT SERVICE MANAGEMENT
To operate, control information and provide technology services to customers Emirates is having
a web application and mobile application through where a customer can book his/her ticket,
check status of the ticket, book hotel, rent a car and also, they provide online check-in for their
stakeholders.

IT GOVERNANCE
Under the governance of Alex alexander being the Group Chief Technology in Emirates,
to give the best services to their customers Emirates by controlling critical information
technology capabilities decisions is monitoring everything and following domains like delivery
of high quality, alignment of strategy, management of performance and management of
resources and risk.

ENTERPRISE ARCHITECTURE:
Emirates Cargo is committed to delivering their services in accordance with the division's
Quality Management System across their operations. To accomplish so, they ensure that all
safety and security rules are followed to the letter. They work hard to ensure that our products
and services meet and exceed international and industry quality standards. Emirates adhere to
their operational, commercial, and quality rules and processes with enthusiasm, and they strive
for continuous improvement to provide outstanding service to our customers and also employees.
As an ISO 9001:2015 accredited organization, Emirates is committed to implement Quality
Policies.
Section 3: Major IT & Business Gap Analysis
After conducting a SWOT analysis of Emirates, we concluded that in order to achieve its goals
and objectives, the company must address the technological gaps and weaknesses which are
listed below:

I. Ineffectiveness

II. Lack of crisis preparedness

III. IT not fulfilling responsibilities despite inconsistency in their knowledge

IV. The lack of a school-wide information technology compliance organization that can assist
with policy enforcement, and the lack of standard computer networks.

Section 4: STRATEGIES AND ACTIONS

Possible alternative
Developing new application
Customers may sign up at any time and from any location thanks to a streamlined registration
process. The department of enrolled clients and staff creates databases for customers, which
saves them time. It saves the amount of time spent inputting data, maximizes HR resources,
and so on.

Providing access to online training

With the use of web-based training, students learn how to do certain activities better. These
classes may also be needed by your employer. Asynchronous, self-guided instruction may be
provided by training specialists using the gadget. A course is assigned to pupils, and they are
expected to finish it one step at a time. Collaborative effort, feedback, and interactive material
have all been shown to help students learn more effectively when they're given the opportunity
to do it on their own.

Providing access to IT service management

Improved quality, efficiency, and customer satisfaction, as well as cost savings through
improved resource use, improved visibility of assets and expenses, and better management of
market risk and service disruption or disruption are all benefits IT service management can
provide to a business. Additionally, having access to IT service management for the whole
company is an IT goal that aligns with the business goal of boosting efficiency and dependability
in the workplace. It is in accordance with the goal of reviving interest in the legal system on a
local and international level by providing access to online teaching.

THREE SOLUTIONS FOR EACH GAP

To fill out the gaps I’ll highly prioritize following solutions:

1)Utilize ‘hidden’ digital capabilities

Emirates can take use of digital capabilities that employees can use outside of the workplace. For
example, certain employees may use digital technology in ways that you'd like to see implemented in
the workplace. They may, for example, maintain a website, write a blog, build apps, or use new digital
technologies to communicate with pals in their spare time. Perhaps one of your employees has relevant
digital know-how that they could share with their coworkers? It's worthwhile to find out.

2)Getting their staff into the right mindset

Emirates can adopt all of the above steps, but they will still struggle to bridge their digital skills gaps if
their culture does not embrace transformation and does not develop a change-adaptive workforce.

Employees that are quick to adapt to new processes or ways of working will embrace digital change.
Rather of fighting the need to learn new skills, they are enthusiastic about the prospect of upskilling and
will actively seek out opportunities to apply their new skills.

Employees need to understand why their job is changing before they can commit to learning new skills,
therefore communication is often at the heart of a successful upskilling effort. So, convey the benefits of
new technological development, what's required of them, how their day-to-day work will be impacted,
and how you'll assist their upskilling to all employees clearly and on a frequent basis.

It's also critical to empower employees so that they feel appreciated. This will encourage them to give it
their all. Employees, after all, must understand their role in any new digital adoption, which can only be
accomplished in a culture that values trust, openness, and clear communication.

3)Giving skills to employees

Digital skills gaps can arise regularly due to the rapid pace of technological progress. As Emirates pivots
and new objectives and requirements emerge because of the interruption, the airline will need to
analyse and address their deficiencies on a regular basis. For it they need to train their employees by
enrolling them into new technological courses through Coursera and Udemy.

TWO KPIS FOR THE SELECTED SOLUTIONS:

For solution one I’ll prioritize two following KPIs:

Job Skill Acquisition

In KPIs for Job Skill Acquisition Emirates will be able to evaluate learning effectiveness by looking at the
advancement and development of acquired skills of their I.T workers by exploiting hidden digital
capabilities of their employees. This can assist them in identifying the value of training and personnel
with transferrable abilities that they may require.

Employee Training Satisfaction Rates

If Emirates will be asking their employees to evaluate the training course they are completing or have
completed will be beneficial for the organization. Getting direct feedback from the people who are
interacting with Emirates employee training course will be very helpful. Employees can pinpoint what is
working and what's not working within the course structure, content, and delivery style and it will surely
help Emirates to utilize hidden knowledge of their employees.

For solution two I’ll prioritize two following KPIS;

Job Competence by Department

Numbers don't lie in Job Competence KPIs, yet they can be interpreted based on the measurements
used by Emirates to evaluate their training programme. Increases in internal hiring, employees who
begin to perform better in their jobs, higher customer service satisfaction, and other indicators can
indicate that your training course, which will help Emirates achieve the learning objectives they've set,
will assist Emirates in achieving the desired learning objectives they've set.

Average And Final Course Scores

Tracking average and final scores provides insight into the course's efficiency and impact on learners' on-
the-job performance. A student who actively participates with the course, completes it sooner than
expected, and improves their job productivity may demonstrate good performance throughout the
course and a high final score, demonstrating that the Emirates employee is on the correct track or
mindset.
For solution three I’ll prioritize two following KPIS;

Course Participation Percentage

The higher the number of Emirates employees who enroll in and finish a training course, the more
effective the training session will be, according to the Course Participation Percentage KPI. Although
attendance alone is not a reliable indicator of course success, it does indicate that Emirates is doing
something right. By providing employees with skills and courses through platforms such as Coursera and
Udemy, Emirates will see a significant boost in their employees' ability to deal with all technology issues,
allowing the company to meet its business objectives.

Training Fulfillment Percentage

Emirates is a company based in UAE. It's crucial to keep track of how many people complete the course.
This information will aid in determining whether or not learners are actively engaged with the topic. A
high satisfaction rate indicates that the course was beneficial to the employee. A poor completion rate,
on the other hand, may indicate that users are dissatisfied with the course and that adjustments are
needed to encourage learners to complete it.

PART 2

Section 1: Possible Frameworks

To solve this project, we’ve got to know about following frameworks:

TOGAF
Is Open Group Architecture Framework, which provides an approach for developing, planning,
implementing, and regulating an enterprise information technology architecture, is the most
widely used framework for enterprise architecture as of 2020. TOGAF is a high-level design
technique.

ITIL
The Information Technology Infrastructure Library is a collection of detailed practices for IT
tasks like IT service management and IT asset management, with a focus on aligning IT services
with business objectives.
COBIT
Control Objectives for Information and Related Technologies are defined. COBIT, or Control
Objectives for Information and Related Technologies, is a framework that intends to assist
organizations in developing, implementing, monitoring, and improving IT governance and
information management.

NIST
The NIST Cybersecurity Framework is a series of principles released by the US National
Institute of Standards and Technology for mitigating organizational cybersecurity risks. It is built
on existing standards, guidelines, and practices.

ISO 27000
ISO 27000 is a framework and an accreditation that can be used to certify that a business
satisfies a specific degree of information security maturity, similar to ISO's 9000 series, which
focuses on quality. The 27000 series is divided into six segments, each dealing with a distinct
aspect of an Information Security Management System (ISMS).

TOGAF VS ISO 27001

The disadvantage of TOGAF is that it deceives the uninitiated. TOGAF is an activity and
deliverable framework. It specifies or recommends the use of particular activities and
deliverables in the development of an architecture, on the other hand by Implementing ISO
27001 Emirates will gain a competitive advantage by winning new business, will avoid the
financial and reputational consequences of data breaches, will maintain and improve your public
image, will comply with all corporate, legal, contractual, and regulatory obligations and at the
end Emirates will witness Improved attention and structure to target business goals.

Section 2: Why ISO 27001

We’ve chosen ISO 27001 for filling out the gaps and weakness of Emirates because of Increased
system and information security and reliability. Confidence among customers and business
partners will be increased. Business resiliency will be improved. Alignment with the needs of the
consumer. Management processes in Emirates will be improved, and corporate risk strategies
will be integrated in Emirates which will result huge boost in the business of Emirates.
ISO 27000(27001|ISO27002)
The worldwide standard for information security, ISO 27000 (27001|27002), provides the ideal
framework for Emirates IT governance. Data protection management systems are laid forth in
this document (ISMS). It is easier for companies to handle their data when they use the
information security management system standard's best-practice approach.
According to ISO 27001 certification, the ISMS is in compliance with information security best
practices; ISO 20000 certifications are issued to corporations, and organizations must meet all of
the standards of ISO-2000 in order to get an ISO-2000 certificate.

Reduce information security and data protection risks to organization

When it comes to your own personal data or that of your customers, poor data preservation may
be expensive. The GDPR and the Data Protection Act share many of the standards of the ISO
27001 standard, boosting overall knowledge assurance. ISO 27001 shows authorities that the
company is sensitive about protecting customer information.
If you are worried about GDPR penalties, an Information Security Management System (ISMS)
may assist lower the chance of a violation and enable you to respond more quickly to them, as
well as explain the protections that are in place to mitigate these security concerns.
New customers will flock to your business, and existing ones will remain loyal. Having an ISO
27001 certification means that the people with whom you wish to do business feel comfortable
and calm in the knowledge that you (as an ISO 27001 certified corporation) will protect their
financial assets and information protection.

ISO 27001 means saving time and money

In a crisis, why spend even more money to remedy an issue (e.g., customer information loss) if it
costs just a fraction of that to be better prepared in advance?" There is a continuing need for
customers to be assured that their personal information is protected.
During a typical transaction, your sales team is probably well aware of the high volume and long
length of "requests for information" they deal with, as well as how this number is continually
rising. Unnecessary costs are being added to the company's 'cost-of-sale'. If you obtain ISO
27001 accreditation, the quantity of information you need to submit will be decreased.

Boost reputation and builds trust in the organization

Things don't get much worse when a firm discovers that its systems have been hacked and that
customer data has been exposed and changed. If you utilize an ISO 27001 information security
management system, you'll be better equipped to identify and prevent infiltration risks. As in
many other fields, trust is essential in the workplace. However, you must be able to show that
you are self-sufficient.
Benefits
With an ISO 27001 certification, Emirates will be able to compete for business in areas where
information security is critical and bidders seek confidence that information assets accessed and
processed while work is being carried out are secure. Promoting qualification to an
internationally recognized level of information security will be advantageous and make Emirates
more appealing to prospective customers and stakeholder groups.

Success
More and more IT consulting firms are using ISO-20000, which is a standard for improving
security, dependability and high-quality services. Some well-known ISO 2000 recognized bodies
are listed below (27001-27002)
 A-LIGN
 NSF International
 Russian Register
 Coal fire
 NSAI Inc
 CEPREI

ISO 20000(20071-20072) FRAMEWORK OVERVIEW

Principles
 ISO 20000 accreditation requires Emirates to conform to the following principles:
 A focus on the customer's needs.
 To be a leader, you must have:
 Public participation.
 A systematic approach is required.
 Systematic management approach.
 Consistent progress is required.

Components/Domains
Main components and controls of ISO 20000 are as follows:
• Information management rules and regulations
• The structure of computer security is outlined.
• The safeguarding of human capital
• The safeguarding of one's assets
• Monitoring of access
• Cryptography
• The protection of the physical and natural worlds
• Safety of operations
• Data protection through the Internet
• Purchasing, manufacturing, and maintaining systems
• Supplier-customer relations
• Management of information security incidents

Section 3: Enterprise Architecture

ISO 27001 COST & SCHEDULE MANAGMENT:
Emirates can expect to attain ISO 27001 certification in around 6 months with the cost of
accreditation of ISO 27001 around $48,000. 6 months are needed for the correct preparation
because of the size of organization. For this purpose, Emirates will have to hire an ISO 27001
specialist to complete the process to save time.

ISO 27000 FRAMEWORK IMPLEMENTATION

ISMS (information security management system) compliance is difficult to achieve.
However, as the saying goes, "nothing good comes cheap," and ISO 27001 is certainly one of
those things.
A nine-step checklist has been put up to help those who are new to ISO 27001.

Step 1: Assemble an implementation team

Choosing a project manager to oversee the ISMS implementation is the first step.
Knowledge of information technology is required, as well as the ability to manage a team and
communicate with superiors (whose departments they will need to review).
Assisting the project director may need the involvement of a group of people. Senior
management selects the squad.
They should write a project mandate after the team is formed. Answers to the following
questions may be found here:

1. To what end do we aspire?

2. How long do you estimate it will take?
3. How much money would you have to spend?
4. Is the project being supported by upper-level management?

Step 2: Develop the implementation plan

The next step is to begin preparing for the actual implementation.
Information security policies and procedures would be outlined in further depth by the
development team, depending on its project mandate.
Defining high-level policies for information security management systems that include
the following:
1. The roles and responsibilities.
2. guidelines for ensuring its long-term evolution.
3.What may be stated to raise awareness of the project?
Step 3: Initiate the ISMS
As soon as the plan is in motion, it's time to decide on the best quality management system to
apply.
Rather of proposing a technique, ISO 27001 suggests a "process solution." Basically, this is a
Plan-Do-Check-Act approach.
As long as the criteria and processes are clearly specified, carefully executed, and exposed to
regular evaluation and improvement, any model may be employed.
An ISMS policy is also required.
Only a brief description of what the team wants to accomplish and how they intend to do it
should be included in this document.
It must be approved by the board before it can be finished.
Your paper's structure will now be the focus of your attention. A four-tiered method is being
considered.

• Defining the organization's stance on matters such as permissible usage and password
protection from the top down

• Methods for enforcing the rules.

• Employees are given job instructions outlining the processes they must follow so that they
may adhere to the company's regulations.

• Procedures and work instructions are documented in documents.

Step 4: Define the ISMS scope

Further study of the ISMS mechanism is necessary for this stage. Clauses 4 and 5 of the ISO
27001 standards define the procedure for doing so.
Assessing your ISMS's complexity and its potential influence on your everyday operations are
critical steps in this approach.
Because of this, you must identify all aspects of the organization that are important to the ISMS.
Your project's success depends on its ability to spread.
The danger of disclosing critical information and risking your company's safety increases if you
restrict your reach. Your ISMS might become unmanageable if your scope is too broad.

Step 5: Identify your security baseline

Protection baseline is the least level of service that a firm must provide in order to do business in
a safe manner.
In the course of your ISO 27001 risk assessment, you will determine your security benchmark.
As a result, you will be able to identify the company's most critical security flaws and the ISO
27001 control that will help you mitigate the risk.

Step 6: Establish a risk management process

It is the main function of an ISMS to identify and mitigate risk.
Every business implementing ISO 27001 must have the capacity to conduct a risk assessment.
Organizations that use ISO 27001's risk-based approach must have a thorough understanding of
the threats they face and how to mitigate them.
Risk management methods may be defined in accordance with the Standard. Each technique has
been designed to assess the dangers posed by distinct properties:

1. Create a risk management plan.

2. Recognize the threats

3. Examine the potential risks.

4. Assess the potential risks.

5. Decide on a risk management approach.

Next, establish risk acceptability criteria that incorporate the threat's ability to do harm and its
probability of happening.
Managers also utilize a hazard matrix to rate risks, the higher the number, the bigger the danger.
To determine if a hazard should be handled, they would then devise criteria.
You have four options when faced with a risk:

• Be willing to take a risk.

•Control the risk by implementing safeguards

• Take the risk out of the equation entirely by avoiding it;

• Share the burden of risk (with an insurance policy or via an agreement with other parties).

Organizations may complete a Statement of Applicability (SOA) explaining the controls they
have selected and omitted from ISO 27001, as well as why they did so.

Step 7: Implement a risk treatment plan

Design and development of a firm or business's information security procedures is known as
danger implementation.
To guarantee the effectiveness of these controls, you must ensure that staff will work and interact
with them, and that everyone is aware of their duties.
Additionally, a mechanism for determining will be necessary.
Step 8: Measure, monitor and review
We won't know whether the ISMS is in place until we take a closer look at it.
If you want to stay on top of environmental and market changes, you should review your risk
profile at least once every year.
The next stage is to determine the requirements that must be included in the project's objectives.
quantitative research, in which you give a numerical value to your findings, is one of the most
used methods for measuring progress.
It applies to everything that costs money or requires time. /This should be applied to anything
that has worth.
Instead of qualitative studies, there are quantitative ones, in which judgement is used in the
process of collecting data.
"Qualitative" research is acceptable when evaluations provide additional information about how
"large, medium, and low" that information is.
It is also possible to conduct internal assessments in addition to regular ISMPP monitoring of
your ISMS inspections.
Performing an ISO 27001 audit on one department at a time is not possible, but you may select
the one that interests you and devote all of your attention to it.
Reduces large casualties and helps prevent them from occurring in a wide range of locations.
To acquire the reports you need, you need to get the task done swiftly, thus you should endeavor
to have it done as quickly as possible.

Step 9: Certify your ISMS

In order to acquire an ISO 27001 audit after your ISMS has been implemented, you may wish to
pursue the credential.

An on-site audit is the first step.

The first step is to verify that the organization's Information Security Management System
(ISMS) meets the standards of the ISO 27001 standard. To determine if the audit was successful,
an in-depth review will be conducted.
Please continue if you are confident in your skills until you have received certification. There is a
penalty if you go forward even if you are doubtful about your abilities.

What credential body you work with is an additional factor to consider.

You must be a member of the National Forensic Associations if you want to use a typical
shooting range training facility that may be found around the country (International
Accreditation Body).

This assures that the evaluation of the security policy's efficacy meets the standards of the
Standard 27001, unlike recognized companies that generally make strong promises about
issuance independent of compliance methods.

If we assume the cost of the audit, it must not be the sole consideration when selecting an
approval body, thus the expenditure must be minimal. In contrast to SECMSs, ISMSs are An
inspector must thus be familiar with the requirements of the organization that created the IS in
order to conduct a proper inspection.

Conclusion
By doing this project we have concluded that how much it’s important to have effective technical staff,
how important it is for an organization to train their employees, how important it is for an organization
to put their employees on the right mindset and at the end how important it is for the organization to
choose and implement the right framework to obtain Its business goals and objectives. If an organization
will not be considering these things, then organization can face severe problems which will be witnessed
by both internal and external stakeholders.

References
Alsumairi, M., & Tsui, K. W. H. (2017). A case study: The impact of low-cost carriers on
inbound tourism of Saudi Arabia. Journal of Air Transport Management, 62, 129- 145.

Balakrishnan, M. S., Jayashree, P., & Michael, I. (2011). Etihad: contributing to the UAE vision
through Emiratisation. Emerald Emerging Markets Case Studies, 1(1), 1-7.

Hazime, H. (2011). From city branding to e-brands in developing countries: An approach to

Qatar and Abu Dhabi. African Journal of Business Management, 5(12).

Khan, S., & Khan, S. (2016). A Study on the Transformation of Uae's Air Transport Industry
Focusing on Its Contribution to Uae's Economy. Researchers World, 7(4), 107.

Lohmann, G., & Spasojevic, B. (2018). Airline business strategy. The Routledge Companion
to Air Transport Management, 139.

McKechnie, D. S., Grant, J., & Katsioloudes, M. (2008). Positions and positioning: strategy
simply stated. Business strategy series, 9(5), 224-230.

Vespermann, J., Wald, A., & Gleich, R. (2008). Aviation growth in the Middle East–impacts
on incumbent players and potential strategic reactions. Journal of Transport
Geography, 16(6), 388-394.

Emirates Website. Emirates. (n.d.). Retrieved November 23, 2021, from

https://www.emirates.com/.