Information Security Risks and Management

Verified

Added on 2020/10/22

AI Summary

The report emphasizes the need for companies to conduct regular assessments of security threats to protect their information resources. It also highlights the potential consequences of failing to do so, including financial losses, legal issues related to privacy, and negative impacts on brand value. The document concludes that a well-implemented security policy can mitigate and overcome these damages.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Information Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
COMPANY OVERVIEW ..............................................................................................................1
QUESTIONS ..................................................................................................................................1
A. Strategic security policy .........................................................................................................1
B. Potential security threats and vulnerabilities ..........................................................................3
CONCLUSION ...............................................................................................................................5
REFERENCES ...............................................................................................................................6

INTRODUCTION
Information security is defined the approach to secure the valuable information assets of
the organisation and to sustain its confidentiality, integrity and availability. Almost every
business service provider uses database or other modes of managing information through
technology. Though this approach has improved the quality of work, feasibility and profitability
by managing time and cost but it has experience several security threats (Peltier, 2016). Security
issues such as unauthorised access, data breach can cause huge losses to business and privacy of
the individuals and organisation. This report will analyse the key security risks and the
mitigation strategies for Bunnings warehouses which is one of the leading household hardware
chain. It will also provide a strategic security plan for improving the security of organisational
information assets.
COMPANY OVERVIEW
For carrying out the analysis of significance and methods of information security in this
study an organisational review of Bunnings Warehouse is chosen. Recently the organisation
experienced a lot of negative criticism due to its failure to assure the privacy concerns. Bunnings
Warehouse is a retailer in hardware sector with its headquarter in Australia. The organisation
also provides its services in more than 250 locations. Since the organisation is retail store chain
its potential stakeholders are local communities along with its employees and suppliers.
Bunnings Warehouse is very successful in Australia and holds 20% market share in Australia.
The information management and use of effective technologies plays critical role in sustaining
performance of the company. Organisation is a public company and thus its investors and share
holders are also its key stakeholders.
QUESTIONS
A. Strategic security policy
For making the information system of Bunnings Warehouse very effective and secure
from the information security threats organisation must emphasis on developing strong security
policy. On the basis of nature of its stakeholders Bunnings Warehouse can use the following
strategic security policy:
1

Objective:
The objective of this security policy is to assure that none of the sensitive business
information of the company is vulnerable to unauthorised access or security risk. It will help
organisation to maintain its goals of sustaining operational integrity, resource availability and
confidentiality.
Scope:
These security policies are applied to customers, staff members, suppliers as well as
local vendors providing networking services to the organisation.
Assets and their management:
IT department of Bunnings Warehouse is responsible for the installation and up-
gradation of all software's. The team will also perform and provide the access of specific web
addresses to the users, annual maintenance and asset allocations.
Access control and password management:
The organisation must monitor each and every activity of the employees. For highly
sensitive information Bunnings Warehouse can use biometric security while for other strict
passwords must be used by all the users. Certain web links or websites can be related to
phishing or other hacking events (Soomro, Shah and Ahmed, 2016). Such sites must be
restricted for the usage from the network of the company. This access management will greatly
minimise the security threats from the external environment.
Antivirus and threats management:
It is the responsibility of the security management team to assure that all suitable
measures are taken for managing the cyber and networking attacks. This can be achieved by
using the most advanced firewalls and antivirus systems. The encrypted devices can also be
very helpful for keeping the information safe from unauthorised hacking. The lack of this
security aspect can cause huge loss to the company's security goals.
Security training:
The information security can be improved to great extent if all end users are aware with
the security threats and policies. Thus, Bunnings Warehouse must provide training to all of its
employees so that they can follow the safe practices. It will also minimise the events such as
hacking which often occurs due to negligence of the end users.
Internet usage policy:
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Internet has been used as very common source of information gathering and exchange.
However, its uncontrolled use can be a great threat to the organisation. Company must use
network analysers and data mining techniques to control and monitor that which sites are used
by the end users and how data is shared over the internet. The organisation must also develop
fix guidelines on usage of personal mobile and internet devices.
Physical security:
There is wide range of security threats which may occur due to physical hazards. To
deal with such events the organisation must have regular CCTV monitoring so that if any
physical damage is caused to any of the device then it can be identified. There must be fire
safety alarms and systems as well as barbed wire so that damages can be reduced.
The implementation of this security policy can be proven to be very effective in terms of
identifying the security vulnerabilities which can be faced by the organisation. The timely
analysis and regular monitoring avoids the threats to the confidentiality of the information assets
of the organisation.
B. Potential security threats and vulnerabilities
At present Bunnings Warehouse is using database for managing and storing the
information. However, the organisation is facing severe security issues related to data and
information breach and unauthorised access. The foremost security threat is the unauthorised
access. The company has various numbers of remote users (Nazareth and Choi, 2015). Such
users are provided facility to access the organisational information from the remote location as
well. It created huge challenge for the company to assure the confidentiality of the issue. When
there are multiple remote users then it becomes mandatory for the organisation that each of the
activity of performed on the database is monitored. For instance the current data breach issue
could have been managed and controlled effectively if network analysers and monitoring
activities were there (Saarinen, J., 2019). It would not have allowed any of the employ to extract
the information from the company's data base and to share it on internet or with the third party.
Another possible vulnerability which can be faced by the organisation is that the hackers
can hack the sensitive information of the company and thus the information and functions can be
misused (Cavusoglu and et.al., 2015). It is also required that company must regularly update its
antivirus and anti malware software's so that such security breaching activities can be easily
3

identified prior to their occurrence. The organisation is working at multiple locations and thus
different remote users can access the information at the same time. The overloading issues can
have adverse impact on the performance and integrity of the data.
It is also possible that when company does not have upgraded systems then the
overloading can break down the system continuity. The sudden breakdown can cause the
information loss which cannot be retrieved (Almorsy, Grundy and Müller, 2016). In order to
avoid the incidences of such situations Bunnings Warehouse must review the usage statistics that
how its system are being used. The capacity and monitoring related issues must be seriously
considered by the company (Sadgrove, 2016). One of the probable security vulnerability is also
associated with the physical damage to the servers. The natural calamities such as floods, heating
or accidental fires can also damage the servers and the information can be lost.
The organisation must have enough back up facilities like cloud technologies so that
information can be easily retrieved in case of accidents. It has been also observed that security
leakages are also the result of flaws in designing and programming. With the continuous growth
and business expansion the needs and information resources of the organisation are also
increasing. Thus, it is recommended that company must review its operational need with the
existing system needs. The period information and system audit can bring effective results for
the issue. The regular assessment of the system performance and needs can help organisation to
detect the need of changes.
The use of mobile users and devices has been one of key factors which enhances the
security risks (Eriksson, 2017). Thus, company must develop policies to assure that all mobile
devices which are used for the exchange of organisational information are encrypted and secure.
Invalid data and design flaws of the designed database system can also make it easy for the
hackers to access the information in unauthenticated way.
To overcome such possibilities company must have well defined security policy to
provide guidelines for the remote users. For instance the staff members must not be able to use
their personal networks or devices to access the company's information resources. However, if
such services are required for the regular operations then strong encryption and passwords
services must be followed. The use of network security tools such as intrusion detection system,
firewalls and access control measures are widely adopted and effective measures to minimise the
information security risk.
4

The legislation and privacy related laws are very crucial in the management and handling
of the data. Bunnings Warehouse have to manage the personal information and records of all of
its stakeholders. For instance the physical address, contact details and name of the customers,
investors, suppliers and employees of the organisation. Thus, organisation is required to obey the
legislations related to confidentiality and privacy of this information (McIlwraith, 2016). It is
also possible that the staff members of the organisation which have authority to access the
personal records of the consumers can misuse their rights. For instance the staff members can
access personal information of clients for the personal interests.
The company must develop strict privacy policy so that all employees are well aware that
how they are expected to maintain the privacy aspects. The company must include the employee
training and continuous network monitoring to assure that the data sources are used properly.
The end users of the system are the biggest vulnerabilities whose carelessness can make the
existing system at the risk of security threats (Kache and Seuring, 2017). Thus, the security
training is very integral part to mitigate these risks.
CONCLUSION
From the report it can be concluded that for protecting the information resources of the
organisation it is vital to conduct regular assessment of the security threats. It has been also
analysed from the above discussion that if companies does not have proper planning and
strategies for protecting its information then it can have adverse impact on its performance.
Along with the financial losses company can also face legal issues related to privacy and its
brand value may also have negative impact among potential stakeholders of the organisation. It
can also be concluded that the well implemented security policy can mitigate and overcome the
damages related to information security risks.
5

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

REFERENCES
Books and Journals
Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Cavusoglu, H., and et.al., 2015. Institutional pressures in security management: Direct and
indirect influences on organizational investment in information security control
resources. Information & Management. 52(4). pp.385-400.
Eriksson, J., 2017. Threat Politics: New Perspectives on Security, Risk and Crisis Management:
New Perspectives on Security, Risk and Crisis Management. Routledge.
Kache, F. and Seuring, S., 2017. Challenges and opportunities of digital information at the
intersection of Big Data Analytics and supply chain management. International Journal
of Operations & Production Management0. 37(1). pp.10-36.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through
employee education, training and awareness. Routledge.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management. 52(1). pp.123-134.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Sadgrove, K., 2016. The complete guide to business risk management. Routledge.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management. 36(2). pp.215-225.
Online
Saarinen, J., 2019. Bunnings exposed staff performance database. Online. Accessed through
<https://www.itnews.com.au/news/bunnings-exposed-staff-performance-database-
518929?
eid=1&edate=20190207&utm_source=20190207_AM&utm_medium=newsletter&utm_c
ampaign=daily_newsletter>
6