Cloud Computing Security Analysis

Verified

Added on  2020/05/08

|20
|3853
|287
AI Summary
This assignment delves into the critical area of cloud computing security. It examines various research papers that address key challenges and solutions in securing cloud environments. The provided papers cover diverse aspects such as security frameworks, performance evaluation of cloud service providers, data security auditing, anomaly detection systems, and advanced encryption techniques for protecting sensitive information stored and processed in the cloud.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management: Woolworths Limited
Name of the student:
Name of the university:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1IS SECURITY AND RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................2
1. Background of the chosen organization: Woolworths Limited...................................................3
1.1 Technologies used in this organization..................................................................................4
1.2 Security issues associated to this organization......................................................................5
1.3 Tools and technology needed for the investigation...............................................................5
2. Designing risk analysis matrices.................................................................................................5
2.1 Analysis and mapping of risks...............................................................................................9
2.2 Designing Disaster Recovery Plan........................................................................................9
2.3 Analyzing different threats and relevant vulnerabilities......................................................11
3. Proposal for a Business continuity plan.....................................................................................13
3. 1 Proposal for contingency plan............................................................................................13
4. Illustration on how the tools are used in the business organization with reference to the OSI
layers..............................................................................................................................................14
5. Logical map of organizational structure....................................................................................15
5.1 Security policies developed for Woolworths Limited.........................................................16
Conclusion.....................................................................................................................................16
References......................................................................................................................................18
Document Page
2IS SECURITY AND RISK MANAGEMENT
Introduction
This report depicts the importance of developing different security aspects those are
necessary to be adopted by the enterprises to keep their sensitive information safe from the
external attacks. For developing this particular report the selected organization is Woolworths
Limited, headquartered in Australia. After analyzing the technologies and tools used in this
company it has been determined that, due to lack of experts and technical opportunities currently
the company is facing major level risks (Almorsy, Grundy & Müller, 2016). In order to minimize
these risks, risk analysis matrices are required to be designed accordingly by Woolworths
Limited. In order to design the risk analysis matrix risks are needed to be mapped and analyzed
as well.
In order to gain effective success and business revenue from the competitive marketplace
Woolworths Limited should develop certain strategies like Business Continuity Planning (BCP).
By proposing a contingency planning the strategies can be developed in this business
organization. For improving the existing technology of the company, proper security aspects for
disaster recovery, security audits as well. In order to control the risks associated to the company
it is necessary for the company to investigate all the existing tools and technologies those are
widely using by the company to resolve their security level issues. For storing information
regarding the employees and the company details, the company uses cloud storage to gain huge
storage. The cloud platform has the ability to store huge information with the features like
disaster recovery and data backup as well these aspects are also elaborated in this report.
Document Page
3IS SECURITY AND RISK MANAGEMENT
1. Background of the chosen organization: Woolworths Limited
The company is currently searching for technology edge even after the completion of the
project galaxy. The Woolworths Limited is weeks far from completing a $100 million push for
consolidating and upgrading the merchandizing software system those are used by the company
is getting upgraded day by day (Ryan, 2013). The source of products and services along with the
market to the consumers throughout its brand images also become cheaper after the adoption of
the merchandizing software system for the company. This particular project is internally referred
to as project galaxy. In order to underpin the relationship between the consumers and service
providers rather for improving the customer relationship management it is necessary for the
company, to introduce the new system from ER SAP.
From management system the performance reporting, buying and store ordering
processes could be improved accordingly. However from the overall system development the
module management system can also be promoted. Instead of online spreadsheet currently the
company is using the new online portal for their company (Kshetri, 2013). For serving this
purpose the company is spending the past months for training Big W Partners. The newest
technology Big W is helping Woolworths Limited to enhance their consumer market. The
company is willing to develop the project galaxy it is expected that the project can be
successfully completely within upcoming 2 years. The current tender of the project is worth
$100Million and a well known Multinational Company is working on this project. For
structuring the end to end business for Woolworths Limited, the inventory, distribution centre,
warehouse and transport management system is also developing accordingly by the project
developers who are working for the company (Zhao, Li & Liu, 2014). In addition to this
currently the company is also launching new refrigerant technologies as well.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4IS SECURITY AND RISK MANAGEMENT
1.1 Technologies used in this organization
In order to improve the existing business approach of business organization Woolworths
Limited is approaching different fresh approaches towards technologies. In order to provide a
much convenient direction to the consumers of Woolworths Limited the company is trying to
develop their technology usage (Chou, 2013). As the company has more than 20,000 staffs and
over 3,000 stores in New Zealand and Australia thus for managing the business structure the
company is developing their range of technology usage. Different advanced technologies used by
the company are as follows:
Radio Frequency Identification Device (RFID): As the number of consumers of the
company is increasing everyday thus managing those large numbers of consumers the enterprise
has developed RFID tags so that the buying and selling approach of the company become much
easier and convenient as well (Kaur, Gobindgarh & Garg, 2015). This particular technology will
help the business organization to manage and record the details of their products bought and
sold. With the help of RFID technology the company will be able to access the correct
application and data as well regardless of their location and tie as well.
Cloud: As the number of customers and products as well are increasing day by day thus
for managing those data the traditional manual data management system stands very much
disadvantageous (Rasheed, 2014). In order to resolve the issues associated to data management
SaaS cloud platform is adopting by the company.
Innovation with Google + and Google Drive: For transferring the business aspects and
other approaches, Woolworths Limited is actively looking for innovation with Google +, Google
drive and Google sites as well (Tirthani & Ganesan, 2014).
Document Page
5IS SECURITY AND RISK MANAGEMENT
1.2 Security issues associated to this organization
 Different security issues associated to the company are as follows:
 Data breaches
 Hijacking of the accounts
 Threats to the insiders
 Malware injection
 Abuse of the cloud services
 Insecure Application Programming Services
 Daniel of service attacks
 Insufficient due to diligence
 Shared vulnerabilities
 Security concerns for the cloud based services
 Loss of information
1.3 Tools and technology needed for the investigation
Different tools and technologies used in this company are as follows:
 Radio Frequency Identification device (RFID)
 Cloud platform
 Innovation with Google + and Google Drive
2. Designing risk analysis matrices
Context
establishment
Description of risks
Document Page
6IS SECURITY AND RISK MANAGEMENT
Contex
t
Objectives Source of
risks
Description Current
control
Control
rating
Risk
rating
Risk
evaluation
Internal
risk
To increase
business
productivity
The
technologies
used in the
business
organization
If the company
fails to identify
the technologies
properly then
due to lack of
management of
technology the
company will
face major level
of risks (Salah et
al., 2013).
In order to
control the
risks
currently
the
company
has adopted
different
technologies
such as
cloud, RFID
etc. With
the help of
the RFID
and cloud
the
information
cloud is
controlled
completely
This
particular
control
approach
could be
rated as 6
out of
10.
The
impact of
this
particular
risk is
very high
In order to
manage this
particular risk
it is necessary
for the
company to
adopt proper
risk evaluation
technology in
terms of
barcode
scanning and
RFID as well.
Internal To increase Technologies If the company For Medium High In order to

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7IS SECURITY AND RISK MANAGEMENT
risk business
productivity
used in
Woolworths
Limited
fails to analyze
the risks
properly then
the company
will not be able
to manage the
security risks
accurately
(Duncan, Zhao
& Whittington,
2017). In order
to manage the
rate of risks
service level
technologies
and different
tools should be
adopted by the
management
authority
(Whaiduzzaman
& Gani, 2014).
mitigating
this risk
currently
the
company
does not
have any
such
technology
but though
they have a
current
technology
named as
project
galaxy.
manage this
particular kind
of risk it is
necessary for
the company
to adopt
proper
security
aspects
Internal Data Technologies In order to Currently High High In order to
Document Page
8IS SECURITY AND RISK MANAGEMENT
risk breaches used in
Woolworths
Limited
manage the
risks of security
the company
should adopt
proper
encryption
algorithm for
the company
(Sachdev &
Bhansali,
2013).
the
company
has cloud
platform for
controlling
these risks.
mitigate this
particular risk
the company
should adopt
proper
encryption
algorithm
(Popa et al.,
2013). With
the help of
encryption
algorithm
none of the
external and
unwanted
attackers
could hijack
information
the data server
(Taha et al.,
2014).
Document Page
9IS SECURITY AND RISK MANAGEMENT
2.1 Analysis and mapping of risks
Probabi
lity of
occurrence
Impact of occurrence
Very low Low Medium High Very
high
Rare
Unlikely
Possible Managerial
issues
Security issues
Likely Absence of
Design
Methodology
Failure
of the
system
Almost
Certain
Project
completion
delay
2.2 Designing Disaster Recovery Plan
After analyzing different risks those are rising in Woolworths Limited it has been defined
that, many components are needed to be considered by the management authority of the business

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10IS SECURITY AND RISK MANAGEMENT
organization. Due to lack of financial support the company fails to adopt all the necessary
security aspects (Hendre & Joshi, 2015). In order to recover information from the data server
proper and effective information processes are required to be adopted by the management
authority of the business organization. For processing information technology quickly and
effectively information are required to be controlled accurately. The employees working for the
organization use Voice over Internet Protocol (VoIP) telephone for communicating to each other.
In order to transit information from one end to the other Electronic Data Interchange (EDI)
technology is required to be used (Kazim & Zhu, 2015). For order entry and payment processing
these particular technologies are widely used by the business organization.
Due to lack of proper data management approaches, business strategies and technical
experts currently the company is facing major issues throughout. In order to create, process,
manage information in a correct direction different digital devices are used by the management
authority (Khalil et al., 2013). For controlling these issues accurate disaster recovery plan is
needed to be adopted by the company. However, if the company fails to adopt these recovery
plans properly then the company will face both financial as well as security level risks
(Ramachandran & Chang, 2016). The steps those should be adopted for developing the disaster
recovery plans are as follows:
 Changes in thought processes of the business strategies developers
 Integrating change control plan
 Improvement in the technology usage
 Reviewing the inventory regulatory
 Validation increment
Document Page
11IS SECURITY AND RISK MANAGEMENT
After the development of the Disaster Recovery Plan (DRP) for Woolworths Limited the
company will be able to gain the following:
 The security requirements could met the expectation
 The production monitoring approach will be changed and will be reflected in the
plan
 DR data will be shared
 The DR plans are tested quarterly and annually it goes through significant live
testing
2.3 Analyzing different threats and relevant vulnerabilities
Name of the risks Impact Frequency Details description
Data hacking High High The information stored in the
data server used in Woolworths
Limited could be hacked by the
external and unwanted
attackers and misused as well.
(Mishra et al., 2013)
Inadequate IT trained
staffs
High Medium Due to lack of trained IT staffs
the management authority and
employees as well who are
working in the business
organization will fail to work
efficiently even they will also
fail to handle technologies
Document Page
12IS SECURITY AND RISK MANAGEMENT
(Khan & Tuteja, 2014).
Lack of Backup
operators
High High Due to lack of backup
operators the employees and
management authority will not
be able to retrieve information
from the storage (Donald, Oli
& Arockiam, 2013). Though,
data recovery is referred to as
one of the most important
things that are strictly required
to be considered. If any
information gets hijacked then
there must be an existing
technology that could be used
for retrieving information.
Lack of resources Medium Medium Due to lack of resources the
company might fail to develop
the required plans. In order to
resolve the issues associated to
lack of resources proper
financial support and capital
investment is required to be
done by the management

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13IS SECURITY AND RISK MANAGEMENT
authority (Tsalis, Theoharidou
& Gritzalis, 2013).
3. Proposal for a Business continuity plan
After developing the business strategies those are required to be managed in a well
manner and even for long term success and measurable revenue value business continuity
planning are required to be developed by the management authority of Woolworths Limited. In
order to maintain the business functionalities and operations business continuity plan considering
the disaster recovery is needed to be developed by the management authority of Woolworths
Limited. The necessary steps those ought to be adopted for giving long term success to the
company are as follows:
 Identification of the business scope
 Identification of key business area
 Identification of critical functions
 Identification of dependencies between the business areas and the functions
 For each of the critical function determining acceptable downtime
3. 1 Proposal for contingency plan
Development of contingency planning policy statement to provide the authority and
guidance necessary for the development of effective contingency planning
 Conducting business impact analysis
 Identification of prevention control
Document Page
14IS SECURITY AND RISK MANAGEMENT
 Developing a contingency strategies
 Developing information system contingency plan
 Ensuring plan testing, training and exercise as well
 Post project maintenance programs
4. Illustration on how the tools are used in the business organization with
reference to the OSI layers
Seven different layers are there in the OSI model and among those layers security should
be developed in the transmission layer and data link layers. While transmitting information from
the sender side to the receiver side it is necessary for the management authority to adopt
encryption algorithm and application firewall as well (Ryan, 2013). It will help Woolworths
Limited to secure the transmission channel to protect information from the external attackers.
Not only in the transmission layer but also in the data link layer these security
mechanisms are needed to be adopted for protecting the content of the information from external
attackers.
Document Page
15IS SECURITY AND RISK MANAGEMENT
5. Logical map of organizational structure
Figure 1: Logical structure of Woolworths Limited
(Source: created by author)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
16IS SECURITY AND RISK MANAGEMENT
5.1 Security policies developed for Woolworths Limited
The security policies those should be developed by the business organization named as
Woolworths Limited are as follows:
 Risk assessment
 Organizing proper information security
 Asset management
 Human resource security development
 Communication management
 Operation management
 Proper access control
 System development and maintenance
 Inventory management
 Incident management
 Business continuity management
 Compliances
Conclusion
From the overall discussion it can be concluded that, in order to resolve the issues
associated to technology and tools used by Woolworths Limited could be completely minimized
or even resolved after the implementation of proper security technology. The existing tools used
by the company are RFID, cloud and Google App as well however, many issues are again
associated to it. With the help of cloud computing technology the issues of disaster recovery,
data backup, and security risks could be completely minimized. The applications through which
Document Page
17IS SECURITY AND RISK MANAGEMENT
the issues of data backup, disaster recovery can be resolved completely are also elaborated in this
report. In addition to this, a risk register and security approach is also elaborated on these reports
that are helpful for resolving the issues of cyber security. If proper security aspects are not
adopted then, the company will be not be able to develop proper security therefore for improving
the existing system of the company business continuity planning should be adopted and
regulated by the management authority of the organization and the way through which the
development is done are also illustrated in this report. After identifying the risks, those risks
should be analyzed accordingly and for mitigating those risks risk analysis and control
mechanism are also needed to be adopted by Woolworth Limited. After adopting Cloud platform
in the organization, it will be able to gain application resilience, data backup and disaster
recovery features.
Document Page
18IS SECURITY AND RISK MANAGEMENT
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of
Computer Science & Information Technology, 5(3), 79.
Donald, A. C., Oli, S. A., & Arockiam, L. (2013). Mobile cloud security issues and challenges:
A perspective. International Journal of Electronics and Information Technology (IJEIT),
ISSN, 2277-3754.
Duncan, B., Zhao, Y., & Whittington, M. (2017, February). Corporate Governance, Risk
Appetite and Cloud Security Risk: A Little Known Paradox. How Do We Square the
Circle?. In Eighth International Conference on Cloud Computing, GRIDs, and
Virtualization (CLOUD COMPUTING 2017). IARIA.
Hendre, A., & Joshi, K. P. (2015, June). A semantic approach to cloud security and compliance.
In Cloud Computing (CLOUD), 2015 IEEE 8th International Conference on (pp. 1081-
1084). IEEE.
Kaur, J., Gobindgarh, M., & Garg, S. (2015). Survey paper on security in cloud
computing. International Journal in Applied Studies and Production Management.
Kazim, M., & Zhu, S. Y. (2015). A survey on top security threats in cloud
computing. International Journal of Advanced Computer Science and Applications
(IJACSA).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
19IS SECURITY AND RISK MANAGEMENT
Khalil, I. M., Khreishah, A., Bouktif, S., & Ahmad, A. (2013, April). Security concerns in cloud
computing. In Information Technology: New Generations (ITNG), 2013 Tenth
International Conference on(pp. 411-416). IEEE.
Khan, M. S. S., & Tuteja, R. R. (2014). Security in cloud computing using cryptographic
algorithms. IJCA.
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and
institutional evolution. Telecommunications Policy, 37(4), 372-386.
Mishra, A., Mathur, R., Jain, S., & Rathore, J. S. (2013). Cloud computing
security. International Journal on Recent and Innovation Trends in Computing and
Communication, 1(1), 36-39.
Popa, D., Cremene, M., Borda, M., & Boudaoud, K. (2013, January). A security framework for
mobile cloud applications. In Roedunet International Conference (RoEduNet), 2013
11th (pp. 1-4). IEEE.
Ramachandran, M., & Chang, V. (2016). Towards performance evaluation of cloud service
providers for cloud data security. International Journal of Information
Management, 36(4), 618-625.
Rasheed, H. (2014). Data and infrastructure security auditing in cloud computing
environments. International Journal of Information Management, 34(3), 364-368.
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of
solutions. Journal of Systems and Software, 86(9), 2263-2268.
1 out of 20
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]