Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx

Running Head: GLOBAL STRATEGY 2
GLOBAL STRATEGY 2
Strategic Management in Dynamic Environments_MGMT690
Global Strategy
Harish Vadnala
Colorado Technical University
8/22/2018
Contents
Global Strategy 3
Based on your classmates’ discussion posts for Week 2, do you
still believe the tools that you selected will work best for a
global strategy? Why or why not? 3
How would you refute the people who chose an additional tool
rather than one of the tools that you selected? 4
Based on the tools that you selected, provide a brief analysis of
your market, using those tools 5
-Rich Furniture7
-Foshan Leisure Touch 7
-MEIYAXIN 7
References 8
Global StrategyBased on your classmates’ discussion posts for
Week 2, do you still believe the tools that you selected will
work best for a global strategy? Why or why not?
Based on my classmates’ choices of tools, I still believe that the
tools I selected are superior to theirs. This reasoning is
grounded on the fact that both PESTEL and the Porters 5 Forces

will help the firm gain insight of the external forces that may
affect its operations in the Chinese market. As indicated in my
previous post, PESTEL explores the political, economic, social-
cultural, technological, environmental, and legal forces that are
likely to affect a firm’s operations in a specific market. The
listed types of forces are important indicators of success of a
business especially in a new market. Given a choice of several
countries to choose from, a global marketer should choose a
country which is stable politically and which has a strong
economy. Additionally, a marketer should consider social and
technological factors that are likely to affect the business
operations in the new market. Countries with high technological
advancement, for example, may be better choices than those that
are behind technologically because technology presents
opportunities for cost savings (Rothaermel, 2015).
Technological related savings may occur in terms of reduced
marketing costs as firms may utilize the internet to market their
products as opposed to the traditional media which is highly
expensive. Lastly, environmental and legal factors are important
considerations for firms planning to penetrate new markets
(Yap, 2012). These two factors would be especially important
for firms in the furniture industry because most countries are
currently enacting legislations to protect their forests. In
addition to PESTEL, the porter’s 5 forces tool is equally
important because it assesses the level of competition in the
prospective new market. A firm contemplating to penetrate a
new market must be wary of the rival organizations that are
present in the target market otherwise if such considerations are
not made, the new entrant may be suppressed by the rivals
before it establishes a sustainable market share. Such
suppression would especially occur if the rival firms are big
enough to benefit from economies of scale.
What evidence do you have to support your decision?
According to Khan, Alam & Alam (2015), PESTEL is a
non-ignorable tool for investors planning to penetrate the global

market. The view is grounded on the fact that investors need to
understand the business environment of the countries in which
they wish to invest. This opinion is seconded by Jarzabkowski
& Giulietti (2007), who argue that the potential of a market to
favor a firm’s success can only be measured by analyzing the
external forces that may impact business operations.
Jarzabkowski & Giulietti (2007) specifically cites factors, such
as, corruption and protectionist laws as key factors for
consideration. In addition to the evidence cited above, Sarbah &
Otu-Nyarko (2014), found that more than 40% of global strategy
failures were directly attributed to lack of proper external
environment analysis. In addition to the six PESTEL factors,
Yap (2012) observes that firms must examine the rivals before
penetrating a new market. This analysis, he argues, can only be
achieved by using the porters 5 forces tool.
How would you refute the people who chose an additional tool
rather than one of the tools that you selected?
One of my peers proposed the use of the Strengths,
Weaknesses, Opportunities, and Threats (SWOT) to aid in the
decision-making process. The choice is inappropriate because
the mentioned tool assesses a firm’s strengths and does not in
any way attempt to explore the external factors that may affect a
firm’s operation. Although SWOT may inform the firm about
the availability of resources necessary to invest in the new
market, it needs to be used only after making a choice of the
country which interests the investor most (Yap, 2012). After
analyzing the Chinese market using both PESTEL and Porters 5
Forces tools, the firm would then utilize SWOT to determine if
it has the capacity to overcome the challenges present in the
new market. Based on SWOT analysis, the firm would either
abandon or execute the strategy if it strengths supersede the
weaknesses.
Based on the tools that you selected, provide a brief analysis of
your market, using those tools
Tool 1: PESTEL ANALYSIS- China (WordPress, 2015)

China PESTEL Analysis
Political
Positive factors
a) Politically Stable
b) Respect for rule of law
c) Strong human rights groups
Negative factors
a) Possible nationalization of industries in the future
b) Constant disagreements between the central and the
provisional/local governments
Economic
Positive factors
a) One of the fastest growing economies in the globe
b) Cheap labor
c) Tax subsidies
d) Center for Foreign Direct investment
Negative factors
a) High inequality rates
b) Rapid urbanization
Social-Cultural
Positive Factors
a) High population
b) High consumer spending
c) Luxurious lifestyles
Negative factors
a) A high number of aging population
Technological
Positive factors
a) High technological advancement
b) High number of internet users
Negative Factors
a) Low credit card embracement
b) Insecurity of online payments
Environmental
Positive Factors
a) Reforestation

Negative Factors
a) High deforestation rates
b) Rising awareness about environmental protection
Legal
Positive factors
a) Trade freedom
Negative Factors
a) Ineffective privacy and E-commerce laws
b) Ineffective copyright laws
Tool 2: Porters Five Forces Analysis (WordPress, 2013)
Substitutes
Similar products from rivals
Moderate
Supplier
Buyers

Rivals
S low weak High
The buyers of the company’s products
Suppliers of the raw materials
-Rich Furniture-Foshan Leisure Touch-MEIYAXIN
Low
Potential New Entrants
References
Jarzabkowski, P., & Giulietti, M. (2007). Strategic management
as an applied science, but not as we (academics) know it1.
Khan, U. A., Alam, M. N., & Alam, S. (2015). A critical
analysis of internal and external environment of Apple
Inc. International Journal of Economics, Commerce and
Management, 3(6), 955-961.
Rothaermel, F. T. (2015). Strategic management. McGraw-Hill
Education.
Sarbah, A., & Otu-Nyarko, D. (2014). An Overview of the
Design School of Strategic Management (Strategy Formulation
as a Process of Conception). Open Journal of Business and
Management, 2(03), 231.
WordPress (2013). Porter five forces analysis. Retrieved from
https://marketsurveychinablog.wordpress.com/2013/08/21/porter

-five-forces-analysis/
WordPress (2015). PESTEL Analysis for China. Retrieved from
http://freepestelanalysis.com/pestle-analysis-of-china/
Yap, J. (2012). Adapting Porter’s Strategy Formulation Process
and Generic Strategies Model in Today’s Competitive Business
Environment. Singapore Management Journal, 1(1), 38-99.
Running Head: COMPUFY LIMITED 2
COMPUFY LIMITED 2
CS654_Security Management
Compufy Limited
Harish Vadnala
9/12/2018
Contents
1.0. Security Requirements 4
1.1. Hypothesized Organization: Compufy Limited 4
1.1.1. Corporate organizational chart 6
1.1.2. Work Group structure and ties added to the corporate
organizational chart 6
1.1.3. Communication flows of Work Groups of Compufy
Limited 7
2.0. Security Business Requirements 9
2.1.1. Project Planning (PP) 9
2.1.2. Integrated project management (IPM) 10
2.1.3. Project Monitoring and Control (PMC) 10
2.1.4. Quantitative Project Management (QPM) 10
2.1.5. Requirements Management (REQM) 10

2.1.6. Risk Management (RSKM) 11
2.1.7. Supplier Agreement Management (SAM) 11
3.0. Security Policy12
3.1. Areas of Risk Management 12
3.1.1. Risk Identification 12
3.1.2. Risk Assessment 12
3.1.3. Risk Control Strategies 13
4.0. System Design Principles 15
4.1. Principle 1: Clearly Define Security Dependencies and
Trust Boundaries 15
4.2. Principle 2: Assure Robust Identity 15
4.3. Principle 3: Protect the Information Security Triad 16
4.4. Principle 4: Make Systems Secure by Default 16
4.5. Principle 5: Provide Accountability and Traceability 17
5.0. The Training Module 18
References 19
Compufy Limited 1.0. Security Requirements
Network security consists of procedures and practices that are
initiated to inhibit access by unsanctioned persons, exploitation,
and alteration by these kinds of people or denial of computer
network and resources that can be accessed through a given
interface. Such networks are controlled by network
administrators who are given authority to authorize access of
certain data to a given group of individuals. The focus of this
paper is on the security of networks which involves a number of
significant features for it to be considered secure. Some of these
features include the authentication of users and the denial of a
computer network to intruders (Lincke, 2015).
There are a number of attacks that can be faced in any network,
more so where a loophole is noted by the attackers. Some of
these attacks include: Port Scanning, Wiretapping Denial-of-
Service (DoS), Distributed Denial-of-Service (DDoS) attack,
Phishing, Cross-Site Request Forgery (CSRF), SQL Injections,
XSS Attack, ARP Poisoning, Buffer Overflow (McNab, 2007).

With these being identified, a strong security management plan
needs to be put into place whereby, these loopholes need to be
secured. 1.1. Hypothesized Organization: Compufy Limited
Compufy Limited, a company that was established to help
different organizations to secure their information through
ensuring that there exists a high and efficient level of network
and information security, is located in the United States, and
was set up in 2016 with the aim of developing the network and
information security (NIS) in the society and also to create
awareness of NIS and as a result, contributing towards the
development of the internal market. Its primary aim was to
create minimal risks associated to the network, thus allowing
their users and organizations to handle their network easily
without any disruption. The company is, therefore, found to
contain all these strengths where the use of IDs and passwords
are used to authorize viewing of information among other
network management strategies. The company aims to ensure
that the community and its members are protected from
malfunctions in the network that affects the information saved
on anyone’s device. Of much importance, Compufy Limited
aims at managing risks and assessing them. These are found to
be essential parts of information security management and, as a
result, are vital to the founding of security in organizations.
1.1.0. Initial Security Projects
Primarily, the company has been working hand in hand with
different organizations to secure their networks. One of the first
security projects was the accountability of information use. This
involved the privacy and fairness in decision-making systems
(Zubairi, 2009). This project dealt with the making of decisions
of the automated systems that process personal data of the
company’s clients. Most organizations and working groups
which linked up with the Compufy Limited were excited over
the positive contributions of the systems installed in their
premises. However, most of them raised severe trepidations of
their data not being secure and private. This, after this project,
has been identified to be the major concern of most

organizations. With updated systems containing machine
learning algorithms, such problems have been curbed, and the
company aims at helping more organizations stabilize and gain
control of their network and information systems. Thus, the
issue was subdued by explaining to the users how the systems
were automated to be accountable for their privacy.
The cloud is rapidly changing the face of the web infrastructure,
allowing even the minute corporates to create quick web and
mobile applications for their users through taking advantage of
the of the scale of flexibility of the physical shared
infrastructure created by cloud providers, the academic
community, however, is at risk of being left out of this
hypothetical change. A problem Compufy identified was the
network virtualization, which was found to be a hindrance.
However, the company came up with suitable network
virtualization that puts all the non-significant packet
transformations at the verge of the corporeal system. The
company is further planning on developing programs that will
extend to a more sophisticated network functionality that will
enable clients to be able to manage all their data in the small
cloud space. 1.1.1. Corporate organizational chart
The company’s structure can briefly be outlined as below.
This is based on the major departments, their functions and sub-
functions, and also their activities. 1.1.2. Work Group structure
and ties added to the corporate organizational chart
The Workgroup structure is based on the realistic goal of the
company which is aimed at reaching maximum security
stabilization in the networks. To begin with, there is the deputy
of Compufy who reports to the head of the company. The deputy
is also advised by the Information Security Council that is made
up of the Chief Risk Officer, CFO among other major leaders of
the company who take part in major decisions of the company
before any process is executed. 1.1.3. Communication flows of
Work Groups of Compufy Limited
For an organization to have realistic goals there must be an

order in which decisions are made. For Compufy Limited, the
Chief Strategy Officer (CSO), who is responsible for executing
the major security programs and protecting the information
assets of the company, reports to the Chief Information Officer
(CIO). In exceptional cases that require financial aid, the CSO
reports to the Chief Risk Officer. This, therefore, helps in the
coordination of the security team in the execution of the
security policies of the organization. Moving down, there is the
network infrastructure officer who ensures that security of data,
i.e., through networks, endpoints and data centers are safe and
secure. Irrespective of where the work is being done, the
infrastructure officer needs to ensure that all resources are well-
coordinated.
There is also the application and asset security department
which ensures that the CSO is not caught by surprise in case of
any Network and Information System failures. The officer
always checks all systems and networks randomly to ensure that
there are no exploits that can compromise the client or
organization. If any faults are found, then suitable assets are
provided to fix concerns found. The officer has also the
mandate to issue internal social engineering for respective
companies to prepare for attacks. If, for instance, a new network
attack vector is identified, in a penetration test, then the
manager is held accountable. The program Management officer
(PMO) and the entire department perform all the activities
required to develop and implement an information security plan
for client companies including the program based on the plan.
There are many roles to be executed by the PMO. They include;
is expected to develop and execute the information security
programs and procedures; outline the roles and responsibilities
of information security; report and communicate with both the
interior and exterior clients and stakeholders and manage funds
allocated for any information security activities. The PMO, in
conjunction with the network infrastructure department, is also
expected to manage the servers of the company where they
should ensure that the servers are always secure to use and

reliable. They should also be able to liaise in checking for
threats in their systems and those of their clients.
Data management and cloud computing are deemed to be a vital
aspect of network and information security (Vacca, 2012). As a
result, the management of data in the networks needs to be
reliable since all users rely on them to run their daily company
programs. As a result, Compufy Limited has set policies to
ensure that the privacy of such data is guaranteed, together with
their encryption. Moreover, the Company stores most of their
data and that of their client on Cloud which is the most basic
practice incorporated into the successful management of data.
Thus, cloud computing in conjunction with big data is one of
the most exceptional effects that could transpire in any
networking system.
2.0. Security Business Requirements
2.1. Capability Maturity Model Integration
Kneuper (2008) defines CMMI in the context of IT as an
approach which guides an organization through the process of
improving its cyber security. The model guides a firm in the
process of assessing its current capabilities and to identify the
areas of improvement. Generally, a cyber security CMMI is
comprised of the following 5 major components (Paulk, 2009):
a) Devising cyber policy and strategy
b) Encouraging responsible cyber culture within society
c) Building cyber skills into the workforce and leadership
d) Creating effective legal and regulatory frameworks
e) Controlling risks through organization, standards and
technology
According to Becker, Knackstedt & Pöppelbuß (2009), CMMI is
comprised of several process areas (PA) with each PA being
comprised of specific practices that must be implemented
together in order to achieve a set of specific objectives. For this
security plan, the PA selected is project management which
falls under the umbrella of category wise process areas. The
choice of this PA is informed by the fact that activities involved

in this category are of essential importance to effective
implementation of a security plan. The selected PA, its
components as well its significance to the selected organization
are described hereafter:2.1.1. Project Planning (PP)
The activities that fall under this purview of PA include budget
estimations, scheduling of tasks, risk assessment, and
determining human capital requirements (Kneuper, 2008). These
activities happen prior to the commencement of the project.
This process is highly significant to the operations of Compufy
because the firm must develop a comprehensive implementation
plan before implementing a security program in a client’s
organization. 2.1.2. Integrated project management (IPM)
The activities involved in this category include assessing
whether the identified items of capital are available to smooth
run the process of implementing the project. For Compufy, this
process is essential because without the resources, it cannot
successfully implement security programs on the clients’ firms.
2.1.3. Project Monitoring and Control (PMC)
This process aims at providing the relevant guidance for
monitoring the progress of implementation of the project
(Oberkampf, Pilch & Trucano, 2007). For a project to be
successfully completed within the specified time and meet the
predefined standards, it must be monitored to avoid deviations.
For Compufy, monitoring is an important component because it
must satisfy its clients’ security needs within a specified period
of time. 2.1.4. Quantitative Project Management (QPM)
QPM, on the other hand, involves making more advanced
assessment of the project’s objectives and designing measures
aimed at achieving quality needs (Paulk, 2009). Quality is an
important aspect of project management which demonstrates
why this activity is of essential significance to Compufy
limited. 2.1.5. Requirements Management (REQM)
This process occurs during the implementation process and it
seeks to advise the implementers whether the project will
eventually be a success in terms of solving the problem at hand
(Essmann & Du Preez, 2009). If the implementers note

substantial failures during the initial days, then the project may
be redesigned so that the final objectives are met. For the firm
described in this paper, this activity is essential because the
firm must align each project it undertakes with the client’s
security requirement. 2.1.6. Risk Management (RSKM)
Next, risk management involves assessing the potential risks
that are likely to affect the successful implementation of a
project (Oberkampf et al. 2007). This process is continuous, and
it is based on the historical and present experiences. For
Compufy, this endeavor is highly important because for the
company to successfully implement security projects in clients’
firms, it must assess all the potential risks and devise strategies
to mitigate or reduce them before they occur otherwise the
project will fail. 2.1.7. Supplier Agreement Management (SAM)
Lastly, SAM involves controlling delivery and quality of
products and services obtained from third parties (Paulk, 2009).
Basically, when executing a project, some products and services
must be procured from external suppliers. Such supplies must be
delivered in a timely manner and in the right quantity and
quality. Compufy being a provider of IT security services, it
must ensure that the supplies meet the required standards
otherwise the client firms might not fully benefit from the
project.
3.0. Security Policy
The main reason why organizations create security policies is to
minimize the risk of threats to the organization's security. An
organization needs to evaluate possible threats and be able to
implement countermeasures to guard against those threats. This
is not an easy thing to accomplish; however, with the right
leadership, security models, and organizational vision, risk can
be minimized. 3.1. Areas of Risk Management

An organization must understand the risks that it faces. An
initial step in risk management involves the discovery and
evaluation of threats. The evaluation process includes the
identification of an organization’s assets and rating the
probability of attack for each asset in the organization. The
following are the key areas of risk management that should be
addressed by an organization to minimize the impact of threats
(Whitman &Mattord, 2008): 3.1.1. Risk Identification
In risk identification, an organization inventories its assets and
identifies assets that are vulnerable to attack. Vulnerabilities
are identified for each asset. Organizational assets include
people, places, data, and technology. Assets are classified by
placing them into categories and prioritizing categories based
on their value to the organization. 3.1.2. Risk Assessment
In risk assessment, a risk score is assigned to each
vulnerability. This score is used as a comparative rating against
the risk scores of all identified vulnerabilities for the
organization. There are several factors that go into this risk
score, including the probability of the vulnerability occurring,
the value of the asset for which the vulnerability is identified,
the quality of the controls to mitigate the risk, and the
uncertainty of the vulnerability. 3.1.3. Risk Control Strategies
After an organization has identified and assessed risks, it must
implement strategies to control those risks. There are several
strategies that can be considered. One preferred strategy is
avoidance, which prevents the exploitation of the risk. This can
be accomplished with the following techniques (Whitman
&Mattord, 2008):
a) Policy application- Mandating that certain policies be
followed
b) Training and evaluation- Continuous training for employees
on security risks and threats
c) Threat countermeasures- Countering a threat before it strikes
d) Implementation of technical controls- Implementing
hardware and software controls to stop a threat when it appears
To effectively implement the above listed risk control

strategies, the firm needs to perform certain procedures that are
described hereafter:
a) System Description
Identify the characteristics of the IT system for which the risk
management plan is being developed. Examples include
identifying the information, hardware, software, and boundaries
of the system.
b) Identification of Threats
Identify sources of threats that have the potential to take
advantage of a weakness in an IT system.
c) Identification of Vulnerability
Identify weaknesses in the IT system that predisposes the firm
to the risk of security breaches.
d) Control Evaluation
Evaluate controls that are in place or are planned that will
protect the system from threats.
e) Potential of Impact
Analyze the impact of a threat successfully exploiting a system
weakness.
f) Risk Assessment
Evaluate the likelihood of threat occurrence, its impact on the
system, and the controls in place to counter the threat.
g) Identification of Controls
Determine the controls that will protect the system from threats.
h) Results Analysis
Develop a management report that discusses the results of the
risk analysis.

4.0. System Design Principles
4.1. Principle 1: Clearly Define Security Dependencies and
Trust Boundaries
One of the most important security principles in the
context of Compufy is clearly defining the security
dependencies between the different components of a system.
Defining such dependencies facilitates formulation of suitable
strategies to ensure that the entire system remains secure
(Pentikousis, Wang & Hu, 2013). Based on this principle,
Compufy needs to identify any interrelations between the
systems’ components. Such interrelations should be clearly
defined, and the information should be made accessible to the
ground security personnel. Also, of great importance as regards
trust boundaries is that the company should avoid circular
dependencies because this may complicate the process of
administering network and infrastructure security.
4.2. Principle 2: Assure Robust Identity
The other principle that is important to the security of the
company identified in this project is the assurance of robust
identity. This principle entails identifying each component of
the system and ascertaining that the components are from
trusted sources. This principle is greatly important to the
security of a firm in that it helps an organization to build
effective authentication, authorization, and accounting
implementations. According to Chen et al. (2016), an effective
robust identity system should exhibit the following
characteristics:
Should have the ability to distinguish its owner from other
entities within a pre-defined scope
Should have the ability to be generated, updated, and revoked
Impersonation prevention, preferably through strong
cryptographic mechanisms.
4.3. Principle 3: Protect the Information Security Triad
Next, although the company’s primary objective should be to

achieve confidentiality, integrity, and availability (CIA) of the
system, it needs to go past the core pillars and ensure that each
security control added to the system does not predispose other
parts of the system to the risk of security threats. Additionally,
a firm must check to see if a proposed security control limits
the availability of the entire system (Pentikousis et al. 2013). If
such limitation is detected, then the control should be rejected,
and an alternative control should be installed. An installation of
a centralized security server, for example, must be closely
monitored to ensure that its installation does not impact the
availability of the system. If the security personnel foresee any
limitation to the system’s performance because of this
installation, then an effective control strategy should be
formulated.
4.4. Principle 4: Make Systems Secure by Default
The other security principle applicable in this case is default
security mechanisms. According to Wyglinski, Nekovee & Hou
(2009), default security involves configuring an automatic
security controls to ensure that the system remains secure. An
example of a default security system is the requirement for
passwords when accessing a company’s network. These
automatic controls should not be removable by third parties. In
other words, the controls should only be removable by the
security operator. These controls should never, however, be
completely disabled as this would predispose the firm to the
risk of security threats.
4.5. Principle 5: Provide Accountability and Traceability
For a security policy to be effective, it must be regularly
audited to ensure that it meets the set thresholds. To facilitate
auditing, a firm must ensure that any logged data is enough to
facilitate auditing as when such an endeavor becomes inevitable
(Scott-Hayward, Natarajan & Sezer, 2016). In addition to
sufficiency, the logged data need to be traceable which implies
that an auditor should easily determine the beneficiary of each
action taken by a firm. The application of this principle in

Compufy would entail ensuring that the companies it serves
have proper mechanisms to ensure data auditing.
5.0. The Training Module
TBD
TBD
TBD
References
Becker, J., Knackstedt, R., & Pöppelbuß, J. (2009). Developing
maturity models for IT management. Business & Information
Systems Engineering, 1(3), 213-222.
Chen, M., Qian, Y., Mao, S., Tang, W., & Yang, X. (2016).
Software-defined mobile networks security. Mobile Networks
and Applications, 21(5), 729-743.
Essmann, H., & Du Preez, N. (2009). An innovation capability
maturity model–development and initial application. World
Academy of Science, Engineering and Technology, 53(1), 435-
446.
Goguen, A., & Feringa, A. (2002, July). Risk management guide
for information technology systems (NIST Special Publication
800-30). Retrieved May 23, 2007, from the National Institute of
Standards and Technology Web site:
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Kneuper, R. (2008). CMMI: Improving Software and Systems
Development Processes Using Capability Maturity Model

Integration. Rocky Nook.
Lincke, S. (2015). Security Planning: An Applied Approach.
Cham : Springer International Publishing.
McNab, C. (2007). Network security assessment: know your
network. " O'Reilly Media, Inc.".
Oberkampf, W. L., Pilch, M., & Trucano, T. G.
(2007). Predictive capability maturity model for computational
modeling and simulation (No. SAND2007-5948). Albuquerque,
NM: Sandia National Laboratories.
Paulk, M. C. (2009). A history of the capability maturity model
for software. ASQ Software Quality Professional, 12(1), 5-19.
Pentikousis, K., Wang, Y., & Hu, W. (2013). Mobileflow:
Toward software-defined mobile networks. IEEE
Communications magazine, 51(7), 44-53.
Scott-Hayward, S., Natarajan, S., & Sezer, S. (2016). A survey
of security in software defined networks. IEEE Communications
Surveys & Tutorials, 18(1), 623-654.
Vacca, J. R. (2012). Computer and information security
handbook.Newnes.
Whitman, M. E., &Mattord, H. J. (2008). Management of
information security (2nd ed.). Boston: Course Technology.
Wyglinski, A. M., Nekovee, M., & Hou, T. (Eds.).
(2009). Cognitive radio communications and networks:
principles and practice. Academic Press.
Zubairi, J. A. (Ed.). (2009). Applications of Modern High
Performance Networks.Bentham Science Publishers.
COMPUFY LIMITED 2

Compufy Limited
Harish Vadnala
9/05/2018
Contents
Limited 7
2.1.1. Project Planning (PP) 9
2.1.2. Integrated project management (IPM) 10
2.1.3. Project Monitoring and Control (PMC) 10
2.1.4. Quantitative Project Management (QPM) 10
2.1.5. Requirements Management (REQM) 10
2.1.6. Risk Management (RSKM) 11
2.1.7. Supplier Agreement Management (SAM) 11
3.1. Areas of Risk Management 12
3.1.1. Risk Identification 12
3.1.2. Risk Assessment 12
3.1.3. Risk Control Strategies 13
References 17

coordinated.

networking system.

technology
are described hereafter:2.1.1. Project Planning (PP)
organization. 2.1.2. Integrated project management (IPM)

of time. 2.1.4. Quantitative Project Management (QPM)
limited. 2.1.5. Requirements Management (REQM)
security requirement. 2.1.6. Risk Management (RSKM)
project will fail. 2.1.7. Supplier Agreement Management (SAM)

project.
The main reason why organizations create security policies is to
minimize the risk of threats to the organization's security. An
organization needs to evaluate possible threats and be able to
implement countermeasures to guard against those threats. This
is not an easy thing to accomplish; however, with the right
leadership, security models, and organizational vision, risk can
be minimized. 3.1. Areas of Risk Management
An organization must understand the risks that it faces. An
initial step in risk management involves the discovery and
evaluation of threats. The evaluation process includes the
identification of an organization’s assets and rating the
probability of attack for each asset in the organization. The
following are the key areas of risk management that should be
addressed by an organization to minimize the impact of threats
(Whitman &Mattord, 2008): 3.1.1. Risk Identification
In risk identification, an organization inventories its assets and
identifies assets that are vulnerable to attack. Vulnerabilities
are identified for each asset. Organizational assets include
people, places, data, and technology. Assets are classified by
placing them into categories and prioritizing categories based
on their value to the organization. 3.1.2. Risk Assessment
In risk assessment, a risk score is assigned to each
vulnerability. This score is used as a comparative rating against
the risk scores of all identified vulnerabilities for the
organization. There are several factors that go into this risk
score, including the probability of the vulnerability occurring,
the value of the asset for which the vulnerability is identified,
the quality of the controls to mitigate the risk, and the
uncertainty of the vulnerability. 3.1.3. Risk Control Strategies

After an organization has identified and assessed risks, it must
implement strategies to control those risks. There are several
strategies that can be considered. One preferred strategy is
avoidance, which prevents the exploitation of the risk. This can
be accomplished with the following techniques (Whitman
&Mattord, 2008):
a) Policy application- Mandating that certain policies be
followed
b) Training and evaluation- Continuous training for employees
on security risks and threats
c) Threat countermeasures- Countering a threat before it strikes
d) Implementation of technical controls- Implementing
hardware and software controls to stop a threat when it appears
To effectively implement the above listed risk control
strategies, the firm needs to perform certain procedures that are
described hereafter:
a) System Description
Identify the characteristics of the IT system for which the risk
management plan is being developed. Examples include
identifying the information, hardware, software, and boundaries
of the system.
b) Identification of Threats
Identify sources of threats that have the potential to take
advantage of a weakness in an IT system.
c) Identification of Vulnerability
Identify weaknesses in the IT system that predisposes the firm
to the risk of security breaches.
d) Control Evaluation
Evaluate controls that are in place or are planned that will
protect the system from threats.
e) Potential of Impact
Analyze the impact of a threat successfully exploiting a system
weakness.
f) Risk Assessment
Evaluate the likelihood of threat occurrence, its impact on the
system, and the controls in place to counter the threat.

g) Identification of Controls
Determine the controls that will protect the system from threats.
h) Results Analysis
Develop a management report that discusses the results of the
risk analysis.
TBD
TBD
TBD
TBD

TBD
TBD
References
446.
Goguen, A., & Feringa, A. (2002, July). Risk management guide
for information technology systems (NIST Special Publication
800-30). Retrieved May 23, 2007, from the National Institute of
Standards and Technology Web site:
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
handbook.Newnes.
Whitman, M. E., &Mattord, H. J. (2008). Management of
information security (2nd ed.). Boston: Course Technology.

COMPUFY LIMITED 2
Compufy Limited
Harish Vadnala
8/30/2018
Contents
Limited 5
References 11

coordinated.

networking system.

technology
are described hereafter:
2.1.1. Project Planning (PP)
organization.
2.1.2. Integrated project management (IPM)

of time.
2.1.4. Quantitative Project Management (QPM)
limited.
2.1.5. Requirements Management (REQM)
security requirement.
2.1.6. Risk Management (RSKM)
project will fail.
2.1.7. Supplier Agreement Management (SAM)

project.
TBD
TBD
TBD
TBD
TBD
TBD

TBD
TBD
TBD
References
446.

handbook.Newnes.
COMPUFY LIMITED 2
Compufy Limited
Harish Vadnala
8/22/2018
Contents
Limited 5
References 11

coordinated.

networking system.
TBD
TBD
TBD

TBD
TBD
TBD
TBD
TBD
TBD

TBD
TBD
TBD
References
handbook.Newnes.
Running Head: ORGANIZATIONAL PERSPECTIVE 2
ORGANIZATIONAL PERSPECTIVE 2

Global Strategy
Harish Vadnala
9/12/2018
Contents
Balance Scorecard 3
Learning and growth 3
Financial perspective 3
Customer perspective 3
Internal Business Processes 4
References 6
Balance ScorecardLearning and growth
The learning and growth perspective assess a firm’s ability to
remain innovative and maintain a competitive advantage in the
ever changing business environment (Balanced Scorecard
Basics, n.d.). When formulating a globalization strategy, it is
important to consider this perspective because a firm must be
flexible enough to be able to successfully operate globally. This
reasoning is based on the view that the global market is
characterized by numerous challenges which may limit the
performance of a firm. The global market, for example, is
characterized by rapid changes in economic, political, and legal
environmental factors (Niven, 2010). Financial perspective
According to Arora (2014), the financial component of the
balance scorecard assesses the ability of a firm to attract
investors who are mainly the shareholders and bankers.
Generally, businesses finance their activities through equity and
loans. In that regard, a firm must convince its financiers that it

has the ability to repay its financiers with a profit in the form of
dividends or interest. For the firm under consideration in this
paper, financing its global agenda would require it to issue
equity or secure loans from banks. Going global means
expanded market share and increased profits (Arora, 2014).
Therefore, the firm can easily convince its financiers to offer
finances on the assurance that the increased market share will
lead to increased profits and enhanced ability to pay interest
and dividends. Customer perspective
This component of balance score card refers to the quality
extent which a firm’s products or services need to be in order to
attract and retain customers (Arora, 2014). Given that the
company under consideration is executing a global strategy, it
has to be wary of the existence of similar products produced by
the rivals. As it currently stands, the Chinese market is awash
with furniture manufacturing firms. The firms are big and they
enjoy economies of scale. To counter competition in the new
market, the company must e highly conscious of the quality. It
must produce high quality furniture and offer excellent after
sales services to gain customer loyalty. Internal Business
Processes
According to Niven (2010), the internal business processes
component refers to the extent to which a firm has successfully
managed its processes to maximize its overall productivity. The
aspect also informs a firm about the courses of action that needs
to be taken to maximize customer satisfaction and shareholders’
value (Balanced Scorecard Basics, n.d.). For the company
discussed in this paper, effective management is necessary for it
to be successful in the Chinese market.
Based on the above analysis, it is evident that the firm
needs to consider several factors in order to thrive in the
Chinese market. Firstly, it has to consider whether it has access
to the financial resources needed to execute the globalization
strategy. Executing a global strategy in no doubt requires a
substantial amount of money which must be raised from either
through issuing equity or obtaining loans (Arora, 2014). For the

firm to attract investors, it has to convince them that the
strategy will result in enhanced profits. Apart from resources,
the company needs to consider its ability to outsmart the rivals.
This can only be achieved by identifying gaps in the Chinese
market and looking for ways to seal them. The firm must
produce valuable and costly to imitate furniture to counter
rivalry in the new market. The company must also embark in
research and development and remain innovative enough to
execute the first-to-market strategy.
Therefore, it could be said that the firm could flourish in
the selected market. Although china has many companies
operating in the furniture industry, the market is not fully
exploited. According to, China is among the countries in the
globe with the highest Gross Domestic Product (GDP).
Additionally, China has a fast-growing population which
implies that it presents an opportunity for foreign firms to
thrive in the country. The laws of China also favor foreign
investments as evidenced by the high level of Foreign Direct
Investment (FDI) in the country. Therefore, the firm in question
may compete in the market if only it identifies the gaps in
customer satisfaction and strives to seal them.
References
Arora, M. (2014). Global Strategic Management and its
importance.
Balanced Scorecard Basics. (n.d.). Retrieved from
http://www.balancedscorecard.org/Resources/About-the-
Balanced-Scorecard
Niven, P. R. (2010). Balanced Scorecard Step-by-Step:
Maximizing Performance and Maintaining Results. John Wiley
and Sons.

GLOBAL STRATEGY 2
Global Strategy
Harish Vadnala
9/05/2018
Contents
Balanced Scorecard 3
Other Strategies That Would Be a Good Fit for the Company
Profile 5
Brief Overview of the Strategies 5
Reasons to Have More than One Strategy in Global Expansion
6
References 8
Balanced Scorecard
A balanced scorecard is a performance-oriented set of records
based on the following performance indicators; the business
process, the learning and growth perspective, the customer
perspective and financial performance perspective. Innovation
and learning perspective seek to address problems by
developing solutions through innovation and invention. It also
involves changing tact of operation and trying new methods of
production. Value addition and improvement of quality by
companies motivate them to innovate and learn more. (Kaplan &
Norton, 1992). Shareholder value is enhanced and maintained
by the organizations capacity to come up with new products as

well as modify the existing ones to remain relevant in the
market. For a product to appeal the customers it has to be able
to meet their needs. Therefore, this perspective is customer
centred and it seeks to satisfy customer needs by capturing new
markets, maintaining the existing ones as well as projecting
future trends for adjustment in the future. The perspective is
also important for improving efficiency through cost cutting,
timely service delivery and utilization of raw materials.
On a different perspective, Customers are said to be the key for
any business, therefore, they are at the heart of every discussion
during strategy development. A customer relation is a key
concept in organizations as it determines the acceptability of a
product or service in a new market. Even before the
introduction of the actual product to the market, it is important
to establish a good relationship with the customer in order to
make it easy for the sales and market team to meet the sales
targets. Necessary measures have to be put into place to ensure
that a good image is established by creating and maintaining
Customer loyalty. This can be achieved by coming up with
products which satisfy their needs as well as respect their
culture, values and lifestyle. They need to feel as part of the
organization and this can be achieved by producing products
which they identify with. In a balanced scorecard,
organizational objectives have to be consistent in realizing
customer satisfaction through timely service delivery,
favourable prices, quality products and a history of good
performance (Niven, 2002).
Financial performance perspective measures whether the
strategies laid down meet the overall objective of the
organization. This is measurable during all stages of
development which include, planning, resource mobilization and
implementation. Therefore, the costs of all these aspects have to
be measurable financially. This perspective seeks to find out
whether strategies put down are contributing to either the
growth of the company or the improvement in quality of goods
or services produced. Goals in this perspective include, include

increased profitability, shareholders value, and statistical
improvement in sales per unit (Kaplan & Norton, 1992). It is
therefore prudent for financial managers to emphasize on long
term financial analysis in order to come up with a control
system which progresses the organizations total quality
programme.
In relation to the argument, other strategies which best fit the
company profile are continual improvement, diversification of
product portfolio and introduction of new products(Vijay &
Anil, 2008). The contemporary market trend dictates that
companies should constantly engage in product research to
identify areas which require improvement to optimize customer
satisfaction. This may also include involving the customers for
opinions in order to come up with products they relate to. The
strategy involves knowing the competitors and always
remaining ahead. Diversification is the production of multiple
products at the same time to act as security in case one product
fails. It is a risk management measure and it is effective in
dealing with competition where one product has failed. A good
history of product success makes it easier for a sister product to
penetrate the market an opportunity which deserves to be
exploited. Introduction of new products also helps in
maintaining customer loyalty by dominating the market. New
products area also meant to maintain in the market place incase
a company’s product becomes obsolete. Such strategies help in
the penetration of new markets as some products may not be
relevant in some markets as they are relevant in others.
Therefore, new products and continuous improvement is very
instrumental in coping with the dynamism.Other Strategies That
Would Be a Good Fit for the Company Profile
According to the market dynamism, there are still several other
strategies which can help the business model gain a competitive
advantage over its competitors; delegating more resources on
product research will help the company stand out in quality
delivery. The contemporary customer has evolved from just
meeting the needs to factors like status and prestige. This will

also include the quality of packaging and display in stores. It is
also important to appreciate that some products are meant for
aesthetic value and therefore need to be appealing to the
consumer.
Cost leadership strategy will also best fit the business model if
quality and quantity will not be compromised. Consumers
always want to cut their budget, and this will work well for
them.Brief Overview of the Strategies
Customer centered service is the prioritization of customer
needs in the production module. The product is modelled to
solve customer problems. This strategy is very effective because
consumers always have a problem to solve. If a product is not
providing solution, then it may be deemed irrelevant. The
strategy also involves being considerate to the consumers
religious practices, culture, believes and lifestyles. In this
strategy, regionalizing of products is also very important. This
is because the company will be able to analyze the market niche
individually instead of generalization which could lead to a
fatal product performance.
Mergers and acquisition will also be instrumental in penetrating
new markets. For instance, it will be very easy if the company
merges its operations with a successful company in the target
market. This is meant to capitalize on the latter’s consumer base
as well as achieving objectives with little resources. The
company will also benefit from the company’s knowledge on
consumer behaviors, trends and cultures, understanding the
political environment and foreign policy will also help the
company in terms of compliance to trade and industry policies.
Such information will be helpful in identifying gaps and coming
up with products which best fit the market. Regionalizing is
also cost effective in terms of recruitment as it saves time in
hunting talents and recruiting the best, also helps to take
advantage of the local technological advancement and the
availability of cheap resources. This will also make it easy to
understand the regulatory requirements and comply in time to
avoid penalties, shutdown, and embarrassment which may paint

a bad image to a new company trying to penetrate the overseas
market. It is relatively contemporary for multinationals to
utilize this strategy as the global human resources market is
changing with an old population of employees characterizing
the Western and developed economies while the 3rd World
economies is realizing an over production of skilled labor and
technological boom which is attracting multinationals to those
emerging markets. Therefore, it is an effective mechanism to
penetrate new markets (McEneny,2011).Reasons to Have More
than One Strategy in Global Expansion
It is a prudent idea to have more than strategies when venturing
into new global markets which are unfamiliar to your
organization. The reason is that once new will always be new
until a significant brand loyalty is established. Therefore,
effective managers and entrepreneurs always have back up plans
and counter measures in case one strategy fails. Sometimes a
good product may be rejected because the target consumers
value their home-made products compared to foreign products
which they feel hard to identify and associate with. Therefore, it
is in such cases where a company may be forced to collaborate
with the local players to help them in penetrating the market.
Some cultures for instance the Indian culture is very loyal to
their traditional veils and textile products. Therefore,
introducing strange however perceived fashionable products in
such markets may encounter a conservative rejection. But a
good entrepreneur may choose to embrace the local taste and
preference and come up with a relative product which satisfies
such preferences (McEneny, T. (2011).
In conclusion, the customer remains the ultimate determining
factor to company and product success and every strategy
should be consistent to customer requirements; tastes and
preferences, trends, cultures, religion, interests, contemporary
technology, demographic structure, age and the political and
governance structure of the market all measurable in the
scorecard. (Whitney, 2011).
References

Kaplan, Robert S; Norton, D. P. (1992). "The Balanced
Scorecard – Measures That Drive Performance". Harvard
Business: 71–79.Available at
https://hbr.org/1992/01/thebalanced-scorecard-measures-that-
drive-performance-2
McEneny, T. (2011). Unlocking Your Entrepreneurial Potential:
Marketing, Money, and Management Strategies for the Self-
Funded Entrepreneur. USA: iUniverse.
Niven, Paul R. (2002). Balanced Scorecard Step-by-step:
Maximizing Performance and Maintaining Results. New York:
John Wiley & Sons.
Vijay Govindarajan and Anil K. Gupta (2008).'The Quest for
Global Dominance: Transforming Global Presence into
Global Competitive Advantage' Jossey Bass. p. 20-21
Whitney, M. (2011). Are You Ready to Sell?: B2B Industrial
Buyers Operate in a World of Fast Changing Needs. You Must
Change Even Faster to Win Orders. Here's How! USA: Author
House.
GLOBAL STRATEGY 2
Global Strategy
Harish Vadnala
8/22/2018
Contents

Resources and Global Strategy 3
Why should resources be a concern in a global strategy? 3
What resources may be a concern in the country you selected?
3
How will this impact the decision to move to the country that
you selected? 4
How will this impact your competitive strategy in your global
market? 4
References 6
Resources and Global Strategy
Why should resources be a concern in a global strategy?
As a firm contemplates on executing a global strategy, it is
important to consider the availability of the resources necessary
to operate globally. The primary reason why resource
availability should concern a firm is that executing a global
strategy requires dedication of a substantial amount of funds to
market goods and services globally (Lynch, 2014). A firm, for
example, must use a wide range of marketing tools to promote
its products and services to the globe. Different countries have
different cultures and languages (Hamilton et al, 2012).
Therefore, a firm must utilize different mediums to market its
products in different countries. This may be a costly endeavor.
In addition to advertising costs, a firm may need to make
additional investments on establishing subsidiaries in foreign
countries. Establishing such subsidiaries requires a firm to have
enough finances to buy or lease buildings as well as to pay for
the licensing. Expatriation is also a common procedure when
firms go global. Expatriation involves deploying employees
from the headquarter firm to foreign branches and may cost the
firm huge amounts of money (Lynch, 2014). In totality,
therefore, executing a global strategy requires firms to have
enough resources otherwise the strategy might fail.
What resources may be a concern in the country you selected?
Penetrating the Chinese market may be a great idea for the firm
because that might lead to maximized profits in the long run.

However, the firm needs to consider the resources needed to
execute the strategy. One of the resource concerns for the firm
would be financial availability. To effectively market the
clothes in china, the firm needs to open several production units
in china. This would require the firm to purchase land, build
houses, and employ additional staffs to run the subsidiary
(Lynch, 2014). The listed activities would cost the firm huge
amounts of money. In addition to financial resources, the firm
would need to consider the availability of quality raw materials
in the local market. Being a new market, the firm must struggle
to satisfy the needs to the customers to earn their loyalty in the
long run. To achieve this objective, the firm must have access to
quality raw materials to produce high quality clothes. Labor
availability would also be a concern since the firm may need to
employ the locals to build positive image to the public
(Hamilton et al, 2012).
How will this impact the decision to move to the country that
you selected?
As indicated in the previous section, the firm needs to consider
whether the resources it has will be enough to support its
penetration to Chinese market. The firm must specifically
assess its financial capability, the availability of raw materials,
and the availability of affordable human capital. If the company
finds that it has the listed resources, the decision to penetrate
the market would be approved. If one or more of the listed
resources is missing, however, the strategy might be rejected to
avoid frustrations later on. It is important to note that executing
the strategy without the previously identified basic resources
would lead to losses because the firm may have to make huge
initial investments (Hamilton et al, 2012). Such investments
would be accounted as losses which would affect its financial
stability. How will this impact your competitive strategy in your
global market?
China is one of the countries with the fastest growing
economies in the world. The speedy growth of the country’s
economy presents an opportunity for the firm to exploit the

market (Lynch, 2014). It is important to note that a strong
economy implies that the citizens have enough money to spend
on luxurious goods, such as, clothes. The population of china is
also high which may support the growth of the clothing
industry. However, for the firm to realize positive competitive
advantage, it has to produce high quality goods and sell them at
affordable prices. High quality will differentiate the product
from others in the market. The firm will need to satisfy the
needs of its consumers and use their unique capabilities to
address the needs of its market. The firm must utilize technical
expertise and recruit experienced personnel in order to outsmart
the rival Chinese firms. Additionally, it has to remain
innovative and also invest in research and development to
identify the needs that are not satisfied by the existing firms.
References
Hamilton, S., & Zhang, J. A. (2012). Prologue. In Doing
Business with China (pp. 1-5). Palgrave Macmillan UK.
Lynch, R. (2014). Five key resources for building a global
strategy. Retrieved 22 February 2017 from http://www.global-
strategy.net/five-key-resources-for-building-a-global-strategy/

Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx

Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx

Recommended

Recommended

More Related Content

Similar to Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx

Similar to Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx (20)

More from wlynn1

More from wlynn1 (20)

Recently uploaded

Recently uploaded (20)

Running Head GLOBAL STRATEGY 2GLOBAL STRATEGY2S.docx