New User? Start here.
Error goes here
In this report, the security aspects of FoodLand Supermarkets, a retail store in South Australia is evaluated and highlighted. FoodLand has been witnessing strong growth during the past decades and there is a need to establish strong security measures to protect their systems and data from threats. The growth of the internet and related technologies has benefitted the company to expand their operations using the world-wide-web. At the same time as threats and attacks on transactions, systems are on the rise, FoodLand is facing the threat of cyber security attack in their operations. In order to establish, a strong security mechanism for the company, the existing security scenario in FoodLand is first examined .
FoodLand Supermarkets perform business transactions through their website. The recent security incidents and breaches on the internet show there has been an increase in cyber crime (Roberts, et al. 2012) particularly targeting e-commerce sites, where hackers target financial accounts and customer data along with personal details like credit card numbers, passwords, and bank details. The company has a good reputation, and also respects the privacy of its customers using the website, but concerned due to data breach their customers personally identifiable information could be compromised and misused by hackers (Weber, 2010). In addition to this, the company also shares their customer data with vendors and other partners who offer extended offers, coupons, and promotions for FoodLand’s customers. This is again a threat because the company does not have control of their customer data. However, the website offers authentication by username and password, and after verification, the customer can make an online purchase transaction.
Many consumers in Australia prefer to make online purchases on a daily basis for its convenience and ease of use (McHenry, 2013). At the same time the online fraud is also on the rise. There are numerous cases to show hackers steal important credit card information when a user is making an online transaction, and hackers more find it easy when consumers make use of open wireless networks for transacting (Hu et al. 2011).
The following security challenges are faced by the retailer in their services.
The objectives of the report are as follows:
Having understood the threats faced by FoodLand, the report provides details on the security program required by the company. The report also explores the need for security structure in their organization and identifies training needs on security (Puhakainen and Siponen, 2010). The use of ISO standards in the implementation of a security plan is explored for its suitability in FoodLand. The need for security certifications in the implementing good security practices and procedures may help in improving its security posture. The need for security certification as an option is examined. Lastly, the report provides a risk assessment that identifies key threats for FoodLand and the type of controls required to mitigate risks to bring them to a minimum level is provided.
As mentioned earlier, customers make use of unsecured wireless networks to make online transactions. In addition to this, the number of customers using their online services is increasing. It is important to understand that unsecured wireless networks pose serious threats to data when they are transmitted (Cavallari et al. 2014). Due to unsecured networks, there are many top threats and vulnerabilities that exist and make retailers like FoodLands Supermarket an easy target for attackers and hackers (Romanosky et al. 2011). Therefore, it is crucial for FoodLands to safeguard their customer details, data and protect against security threats.
The large proliferation of Internet of Things (IoT) devices used in retail business processes (Haller and Magerkurth, 2011) adds to the existing threat landscape. Retailers make use of IoT devices to manage inventory, perform mobile transactions, measure temperature of certain food stuff, monitor store temperature, and so on. IoT devices are connected to the main IT network infrastructure and transmit data constantly in the network. These devices are easily vulnerable to attacks, particularly when IoT devices participate in wireless networks, their level of vulnerability increases. This is one important challenge the company has to make adequate security measures.
In addition to the wireless networks and use of IoT device, the company is vulnerable to credit-card payment fraud which is another major problem worldwide (Dal Polozzo et al. 2014). Credit card theft is quite common when it is not protected by a chip and as well as PIN (Personal Index Number) (Asani, 2014). The security issues arising out of credit card fraud has resulted in deterioration of brands and customer trust (Rao et al. 2014). FoodLands is aware of these concerns in their PoS systems and online portal. Data security breach is another significant threat where attackers steal customer data and misuse it for their gains. Normally customer data is more vulnerable and may be exposed to POS systems at the time of purchasing products or while making an online payment (Murdoch and Anderson, 2010). This is another important aspect of security in FoodLands.
Security vulnerabilities and attacks can have a huge negative impact on business operations, reputation and profits. A review of overall security indicated that business could be impacted by
Loss of value with shareholders reduced profits, the decline in trust with customers, deterioration of brand and reputation. This can further result in significant reduction in online transactions thus reducing profits for the company. In addition to these effects, hackers make use of holiday season to exploit a maximum number of vulnerabilities in retailer systems (Burner, 2014).
Therefore, security data involves not only overcoming technical flaws in systems but also involves many aspects such as customer service, awareness of security issues, user training and protection of individual rights. Comprehensive security measures required for FoodLands will include,
The overall security program (Norman, 2016) will consist of the following
The overall security program will take into consideration the above aspects along with user training on security is required so they are aware of the security implementation.
Security implementations may require following new procedures like authentication or validation. A successful security project implementation will assimilate the proposed changes in the organization. When new technologies and policies are implemented in FoodLands, there is a need for employee training and education. The training is mostly done after the new policies and procedures in security are already implemented and in place. It is also highly important to note that untrained users can work around to bypass controls and this can create additional vulnerabilities in the system (Whitman and Mattord, 2012). FoodLands must plan for training within three weeks before the new policies and security systems are implemented and they are online. In addition to training, the security project must ensure compliance documents are made available to all employees or them to read, understand and agree on new policies.
Training plans will also ensure users to follow certain procedures while using IT systems and are aware of the importance of information in the company. The following points can be fulfilled through training,
Training is an inherent part of ensuring a culture of security (Tsohou et al, 2010) in the company.
FoodLands can consider the best practices and global standards in implementing their systems security and ensure data protection. International Standards Organization (ISO) provides the requirements for products and services to meet world markets in a transparent manner. ISO security framework also offers assessment mechanisms to verify if the security standards measure up to the standards. The ISO/IEC 27001:2013 is a set of requirements for implementing, maintaining and improving information security management within the context of any type of organization (ISO, 2013). This standard provides a method to evaluate security risks which can be customized for FoodLands. The requirement in ISO 27001:2013 is generic and they are advantageous for information systems security by
These three advantages are highly required for FoodLands, because when they operate their business in the world-wide-web catering to online users, their systems and applications must function consistently and efficiently when users are accessing from a variety of devices. In addition to this, FoodLands will also comply with global standards in information security which can benefit the organization in the long run, like while planning to move to a cloud service and so on.
By implementing the standards in ISO 27001: 2013, the company will be able to enhance their security standards through their information security standards concept, interlinks, and categories (Berr, 2010). This standard is a framework that will serve two purposes for FoodLands, that include
The ISO standards provide a framework for FoodLands to organize effective security management procedures and implement practices in accordance with security standardization activities.
FoodLands, in order to enhance their security systems for data protection, can also consider hiring security personnel with specialized certifications (Merkow and Breithaupt, 2014). There are a variety of information security certifications available from international bodies compiled below:
Certified Information Systems Security Professional (CISSP) which is recognized globally and a standard for all IT professionals.
Certified Information Systems Auditor (CISA) is suitable for staff interested in auditing, monitor, control and in the access of an organization’s business IT.
Certified Information Security Manager (CISM) is focused on designing, managing and evaluate information security in organizations.
Certified Ethical Hacker (CAH) is for individuals interested in specific network security from the neutral perspective of vendors. This certification program will provide knowledge for security officers, auditors, administrators and any expert specializing in the integrity of network infrastructure.
In addition to the above certifications, there are many more accreditation programs provided by vendors such as CISCO, CompTIA, and so on.
In the case of FoodLands, the security program is to design, manage, monitor and evaluate information security for the company to protect their data from attacks. Hence the security certification recommended for the CSO of FoodLands can be either CISM or CISSP.
The risk assessment activity for FoodLands follows a development lifecycle. A risk management framework is used to continually evaluate the risk management by observing the following steps:
The risk management framework considered for FoodLands is shown in figure 1.
Figure 1: Security risk management framework (Whitman and Mattord, 2012)
Risk assessment is an ongoing activity and highly crucial for business operations. It is important to note that implementing security policies and procedures require the need for certification for the individual in FoodLands.
In this report, the risk assessment and an overall risk management plan for FoodLands are provided for its information security system. Due to the expansion of their operations to cater to online customers, the company allows online transactions for its customers. Since customers on the internet can make use of any type of device (computers, tablets, smartphones) to access the system and perform online transactions it has become highly crucial to protect the information stored in the company’s system from attacks on the internet. It is highly important for FoodLands to protect their online customer data. It is also seen the existing systems are not well protected and vulnerabilities can be found in those areas while analyzing the existing IS scenario in the company.
The report provides the overall security program by evaluating possible risks which are due to open wireless networks and credit card thefts. Usually, these issues are found on the internet in addition to another type of attacks. The company decided to implement robust security policies and procedures, however, there is a need for security certification program to be completed by their existing IT staff to gain expertise. The security certification programs available are highlighted and appropriate certification is recommended in the context of FoodLands. The importance of ISO risk management processes for information security is considered for the chosen company because it provides flexible risk management processes which can be tailored and can incorporate existing security practices in place. The report also provides a risk management framework which can be implemented for FoodLands.
Asani, E.O., 2014. A Review Of Trends Of Authentication Mechanisms For Access Control. Computing, Information Systems, Development Informatics & Allied Research Journal, 5(2).
BERR. 2008. “Information Security Breaches Survey”, Technical Report,
PriceWater House Coopers, in association with Symantec, HP and The Security Company,
Bruner, C.M. 2014. Authorized Investigation: A Temperate Alternative to Cyber Insecurity. Seattle UL Rev., 38, p.1463.
Cavallari, R., Martelli, F., Rosini, R., Buratti, C. and Verdone, R. 2014. A survey on wireless body area networks: technologies and design challenges. IEEE Communications Surveys & Tutorials, 16(3), pp.1635-1657.
Dal Pozzolo, A., Caelen, O., Le Borgne, Y.A., Waterschoot, S. and Bontempi, G. 2014. Learned lessons in credit card fraud detection from a practitioner perspective. Expert systems with applications, 41(10), pp.4915-4928.
Haller, S. and Magerkurth, C. 2011. The real-time enterprise: Iot-enabled business processes. In IETF IAB Workshop on Interconnecting Smart Objects with the Internet.
Hu, N., Liu, L. and Sambamurthy, V. 2011. Fraud detection in online consumer reviews. Decision Support Systems, 50(3), pp.614-626.
ISO. 2013. ISO/IEC 27001:2013. Information technology -- Security techniques -- Information security management systems -- Requirements. [ONLINE] Available at: https://www.iso.org/iso/catalogue_detail?csnumber=54534. [Last Accessed 17-Sep-2016].
McHenry, MP. 2013. ‘Technical and governance considerations for advanced metering infrastructure/smart meters: Technology, security, uncertainty, costs, benefits, and risks’, Energy Policy, vol. 59, pp.834-842.
Merkow, M.S. and Breithaupt, J., 2014. Information security: Principles and practices. Pearson Education.
Murdoch, S.J. and Anderson, R. 2010. Verified by visa and mastercard secure-code: or, how not to design authentication. In International Conference on Financial Cryptography and Data Security (pp. 336-342). Springer Berlin Heidelberg.
Norman, T.L. 2016. Risk Analysis and Security Countermeasures Selection. 2nd ed. London: CRC Press. Taylor & Francis Group.
Puhakainen, P. and Siponen, M. 2010. Improving employees' compliance through information systems security training: an action research study. Mis Quarterly, pp.757-778.
Rao, D.N., GopiKrishna, T. and Subramanyam, M. 2014. Electronic commerce environment: (Economic Drivers and Security Issues). Compusoft, 3(2), p.572.
Roberts, L.D., Indermaur, D., and Spiranovic, C. 2012. Fear of Cyber-Identity Theft and Related Fraudulent Activity. Psychiatry, Psychology and Law, Copyright Taylor & Francis, (Available at: https://www.tandfonline.com/10.1080/13218719.2012.672275).
Romanosky, S., Telang, R. and Acquisti, A., 2011. Do data breach disclosure laws reduce identity theft?. Journal of Policy Analysis and Management, 30(2), pp.256-286.
Tsohou, A., Kokolakis, S., Lambrinoudakis, C., Gritzalis, S., (2010). A security standards' framework to facilitate best practices' awareness and conformity. Information Management & Computer Security. 18 (5), pp.350-362
Weber, R.H. 2010. Internet of Things–New security and privacy challenges.Computer Law & Security Review, 26(1), pp.23-30.
Whitman, M.E. and Mattord, H.J. 2012. Principle of Information Security. 4th ed. Boston: Course Technology, Cengage Learning.
To View this & another 50000+ free samples. Please put
your valid email id.
Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.
Get Moneyinto Your Wallet
Total 13 pages, 1 USD Per Page
*The content must not be available online or in our existing Database to qualify as
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2018). Security Program For FoodLand. Retrieved from https://myassignmenthelp.com/free-samples/security-program-for-foodland.
"Security Program For FoodLand." My Assignment Help, 2018, https://myassignmenthelp.com/free-samples/security-program-for-foodland.
My Assignment Help (2018) Security Program For FoodLand [Online]. Available from: https://myassignmenthelp.com/free-samples/security-program-for-foodland[Accessed 17 September 2021].
My Assignment Help. 'Security Program For FoodLand' (My Assignment Help, 2018) <https://myassignmenthelp.com/free-samples/security-program-for-foodland> accessed 17 September 2021.
My Assignment Help. Security Program For FoodLand [Internet]. My Assignment Help. 2018 [cited 17 September 2021]. Available from: https://myassignmenthelp.com/free-samples/security-program-for-foodland.
The respective sample has been mail to your register email id
* $5 to be used on order value more than $50. Valid for
We have sent login details on your registered email.
With time, MyAssignmenthelp.com has become one of the best college essay writing services. Our all rounded services give students the confidence to overcome assignment related issues. Our services are fast enough to meet most urgent deadlines. We are capable of delivering fast essay writing services with the help of our specially designed provisions and writers' teams. Our urgent essay help services guarantee most rapid delivery of assignment solutions. Some of our most popular essay services are application essay help, exploratory essay help, literary review essay help and argumentative essay help.
Accounting software packages are used by the companies to manage the records related to the customers, financial, investment and etc. These software packages facilitate the organization to manage the entire business activities in the context of financial activities with any flaw (Albrecht, etal, 2010). In this context, the research paper describes, the use of accounting software packages in accounting information systems...
The report is presenting description about the migration of web services within the concerned organization named SoftArc Engineering Ltd that operated their business over throughout Australia, Sydney as well as Papua New Guinea.
This report is elaborating important benefits ad issues involved within this migration process with respect to their fictional objectives and goals within their selected target market. The...
1.1 Introduction (System qualities)
Serving as the overall system factors, system qualities are the factors that affect the system design in order to influence user experiences and run-time behaviours. In essence, they will represent the concerns that will provide a wider impact on different application platforms and users. For the project at hand, ‘My Health Record’, the system aims to enhance the efficiency of the health...
Organisations face new threat scenarios every day. This report provides a threat profile for one of the most recent security threat and vulnerability facing organisations currently. The report also provides a detailed description of the vulnerability attacks and prevention.
A threat is whatever thing that has the capability or intention to interrupt the operation, functioning or reliability of an information system or ap...
To: Twila Day, assistant vice president of technology and application.
Business Impact Summary:
The food company expanded with over 420, 000 customers and the company generated sales of $23.4 billion. This created confusion on selecting the right number of licenses required to buy. The planning has to be made throughout the company that would not only configure the software but would train the employees to address a limite...
Are you confident that you will achieve the grade? Our best Expert will help you improve your grade
LSTD517 Law Ethics And Cybersecurity
IT216 Systems Analysis And Design
G550 Cyber Security
CS155 Computer And Network Security
CEN 4801 Systems Integration
I9001 Cyber Security
HI5019 Strategic Information Systems For Business And Enterprise
ITC561 Cloud Computing
BN104 Operating Systems
MIS 204 Management Information Systems
Just refer 5 friends to earn more than $2000.
After the successfull payment you will be redirected to the detail page where you can see download full answer button over blur text.You can also download from there.
Or you can also download from My Library section once you login.Click on the My Library icon
My Library page open there you can see all your purchased sample and you can download from there.
That's our welcome gift for first time visitors
It is too easy to create or access your own library, just enter your email and make your search
MyAssignmenthelp.com stores a huge
COLLECTION OF QUESTIONS AND SAMPLES, which you can refer to any time you want.
Every time you find something useful, you can save that using the bookmark tool. From the next time,
can access that from your personalized library.
With this feature, you get to create your own collection of documents. You get free
choose and bookmark any document you wish.
Accessing the collection of documents is absolutely easy. Once you bookmark a sample,
access its content with a few clicks on your mouse.
This personalized library allows you to get faster access to the necessary documents.
longer need to spend hours to locate the sample you need.
Finding a sample from a list of thousands is nothing less than spotting a needle in a
Personalizing your own library relieves you from that stress.
On APP - grab it while it lasts!
*Offer eligible for first 3 orders ordered through app!
ONLINE TO HELP YOU 24X7
OR GET MONEY BACK!
OUT OF 33845 REVIEWS
Received my assignment before my deadline request, paper was well written. Highly