ISY3006 Business And Corporation Law Assignment
VerifiedAdded on 2022/08/26
|12
|2398
|13
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: BUSINESS AND CORPORATION LAW 0
Information Security
Woolworths
1/10/2020
Student’s Name
Information Security
Woolworths
1/10/2020
Student’s Name
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ISY3006
1
Contents
Introduction......................................................................................................................................2
About Woolworths...........................................................................................................................2
Security Policy of Woolworths........................................................................................................2
Information Security Policy 3
Potential threats and vulnerabilities of the company's network.......................................................6
How such threats and vulnerabilities can be mitigated...................................................................8
References......................................................................................................................................10
1
Contents
Introduction......................................................................................................................................2
About Woolworths...........................................................................................................................2
Security Policy of Woolworths........................................................................................................2
Information Security Policy 3
Potential threats and vulnerabilities of the company's network.......................................................6
How such threats and vulnerabilities can be mitigated...................................................................8
References......................................................................................................................................10
ISY3006
2
Introduction
In the world full of competition and advancement, businesses are using technology in different
areas and activities to make the process fast and efficient. The use of technology brings many
risks and threats to the data and people involved in the process and therefore the topic of
Information security is being an important part of discussion and implementation (Moore, 2019).
The presented report is based on a similar topic where Woolworths has been selected as an
organization of choice. In the presented report, a strategic information security policy will be
developed considering the nature and stakeholders of the organization. Further, the threats and
vulnerabilities of the network, as well as the manner in which such threats can be mitigated will
also be discussed. Lastly, a conclusion will be drawn upon containing a summary of the report.
About Woolworths
It is an Australian supermarket company that has it’s headquarter situated at Bella Vista,
Australia (Woolworthsgroup.com.au, 2019). Key stakeholders of the company are customers,
employees, suppliers, communities, shareholders, and debt funders. The company is mainly a
food retailer but also includes other products such as clothes, grocery products, furniture, and
other daily life products. Woolworths is the largest supermarket chain in Australia. Across
Australia, the company has 995 stores (localz.com, 2019). The supermarket is working well for
its customers sourcing 100% of fresh meat and 96% of fresh fruits and vegetables from
Australian farmers and growers.
Security Policy of Woolworths
2
Introduction
In the world full of competition and advancement, businesses are using technology in different
areas and activities to make the process fast and efficient. The use of technology brings many
risks and threats to the data and people involved in the process and therefore the topic of
Information security is being an important part of discussion and implementation (Moore, 2019).
The presented report is based on a similar topic where Woolworths has been selected as an
organization of choice. In the presented report, a strategic information security policy will be
developed considering the nature and stakeholders of the organization. Further, the threats and
vulnerabilities of the network, as well as the manner in which such threats can be mitigated will
also be discussed. Lastly, a conclusion will be drawn upon containing a summary of the report.
About Woolworths
It is an Australian supermarket company that has it’s headquarter situated at Bella Vista,
Australia (Woolworthsgroup.com.au, 2019). Key stakeholders of the company are customers,
employees, suppliers, communities, shareholders, and debt funders. The company is mainly a
food retailer but also includes other products such as clothes, grocery products, furniture, and
other daily life products. Woolworths is the largest supermarket chain in Australia. Across
Australia, the company has 995 stores (localz.com, 2019). The supermarket is working well for
its customers sourcing 100% of fresh meat and 96% of fresh fruits and vegetables from
Australian farmers and growers.
Security Policy of Woolworths
ISY3006
3
Information security policy can be understood as a set of rules enacted by an entity that ensures
that all the networks and users of an IT structure are abide by the regulations with respect to data
security (resources.infosecinstitute.com, 2018). This policy lets the users of the IT structure
know the appropriate manner of use. In addition to this, the policy also highlights the
information and data, which need to be secured. After research and formulation, a security policy
of the company has been designed considering nature and stakeholders of Woolworths. The
policy is documented below:
Information Security Policy
1. Overview
This policy contains an integrated set of protection measures that apply to all the Woolworths
personnel to ensure that the information system of Woolworths is secured and free from any
unsecured and unauthorized access. The subjective system carries information related to the
organization, its customers, employees, and all other stakeholders. To maintain cash flow,
competitive edge and company image, the availability, confidentiality, and integrity of the
information security system is essential. The three main objectives of this policy are as follow:-
Availability: To ensure that the system and information are available to the authorized
users whenever they needed.
Confidentiality: To keep all the information private and not to give access of the same to
any unauthorized user
Integrity: - To ensure the timeliness and accuracy of all the information.
The policy has the aim to provide the Woolworths an approach to managing informational risk
and guidelines to protect information assets.
3
Information security policy can be understood as a set of rules enacted by an entity that ensures
that all the networks and users of an IT structure are abide by the regulations with respect to data
security (resources.infosecinstitute.com, 2018). This policy lets the users of the IT structure
know the appropriate manner of use. In addition to this, the policy also highlights the
information and data, which need to be secured. After research and formulation, a security policy
of the company has been designed considering nature and stakeholders of Woolworths. The
policy is documented below:
Information Security Policy
1. Overview
This policy contains an integrated set of protection measures that apply to all the Woolworths
personnel to ensure that the information system of Woolworths is secured and free from any
unsecured and unauthorized access. The subjective system carries information related to the
organization, its customers, employees, and all other stakeholders. To maintain cash flow,
competitive edge and company image, the availability, confidentiality, and integrity of the
information security system is essential. The three main objectives of this policy are as follow:-
Availability: To ensure that the system and information are available to the authorized
users whenever they needed.
Confidentiality: To keep all the information private and not to give access of the same to
any unauthorized user
Integrity: - To ensure the timeliness and accuracy of all the information.
The policy has the aim to provide the Woolworths an approach to managing informational risk
and guidelines to protect information assets.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ISY3006
4
2. Ownership
The board of the company is the owner of the policy and is responsible for the implications of
the same.
3. Scope
The scope of the policy is quite wide and as mentioned earlier the same applies to all the
stakeholders of Woolworths such as employees, managers, customers, suppliers, and contractors.
Further, the policy applies to all the information which is stored or collected or developed within
the organization or is related to either the company itself or any of its stakeholders.
4. How does an organization protect your information?
The company has implemented a range of security measure to protect the information of its
stakeholders as soon as receives such information. With respect to the personal information of
customers, Woolworths offers a secure system. All the information is supplied via Secure Socket
Layer technology that is a secure method to process and encrypt such information. Further
Woolworths also use this technology while fetching the personal information of customers and
suppliers through their computer system and ensure that the same is keeping private. The
company does not give a guarantee of the security of data transmitted from a system to the
company's site considering the risk associated with the process. Nevertheless, as soon as the
company receives the information, it is the responsibility if the same to keep it private and
confidential.
5. Payment Information
4
2. Ownership
The board of the company is the owner of the policy and is responsible for the implications of
the same.
3. Scope
The scope of the policy is quite wide and as mentioned earlier the same applies to all the
stakeholders of Woolworths such as employees, managers, customers, suppliers, and contractors.
Further, the policy applies to all the information which is stored or collected or developed within
the organization or is related to either the company itself or any of its stakeholders.
4. How does an organization protect your information?
The company has implemented a range of security measure to protect the information of its
stakeholders as soon as receives such information. With respect to the personal information of
customers, Woolworths offers a secure system. All the information is supplied via Secure Socket
Layer technology that is a secure method to process and encrypt such information. Further
Woolworths also use this technology while fetching the personal information of customers and
suppliers through their computer system and ensure that the same is keeping private. The
company does not give a guarantee of the security of data transmitted from a system to the
company's site considering the risk associated with the process. Nevertheless, as soon as the
company receives the information, it is the responsibility if the same to keep it private and
confidential.
5. Payment Information
ISY3006
5
Most of the customer and debtors of the organization makes the payment through credit or other
banking card and hence we focus specifically on this area. Woolworths does not keep or secure
any information related to the banking cards or Id passwords of any banking channel.
6. Login and password for the supermarket
Woolworths ask for login credentials when customers visit the online portal. By the virtue of this
policy, the company can save these credentials for future use.
7. What kind of Information Company collects and hold
The personal information that Woolworths collect and hold is the one that is necessary for the
performance of business activities and functions. Woolworths collect the following type of
information of its stakeholders:-
Personal details such as name, age, gender, telephone number and address
Reward and membership details of customers
Transaction details/summary accounts
Loyal card or reference number of customers
The above-mentioned information is specific but the company can also collect some other
information depending on the transaction.
8. Server Failure
All the servers of the company are monitored on a timely basis to track performance. The servers
of the company are automated and only a few employees have access to the homer server. Any
damage to the server is treated as a priority of the organization and stakeholders should not be
worried about the same. Information related to employees, staff members, creditors, and debtors
5
Most of the customer and debtors of the organization makes the payment through credit or other
banking card and hence we focus specifically on this area. Woolworths does not keep or secure
any information related to the banking cards or Id passwords of any banking channel.
6. Login and password for the supermarket
Woolworths ask for login credentials when customers visit the online portal. By the virtue of this
policy, the company can save these credentials for future use.
7. What kind of Information Company collects and hold
The personal information that Woolworths collect and hold is the one that is necessary for the
performance of business activities and functions. Woolworths collect the following type of
information of its stakeholders:-
Personal details such as name, age, gender, telephone number and address
Reward and membership details of customers
Transaction details/summary accounts
Loyal card or reference number of customers
The above-mentioned information is specific but the company can also collect some other
information depending on the transaction.
8. Server Failure
All the servers of the company are monitored on a timely basis to track performance. The servers
of the company are automated and only a few employees have access to the homer server. Any
damage to the server is treated as a priority of the organization and stakeholders should not be
worried about the same. Information related to employees, staff members, creditors, and debtors
ISY3006
6
firstly saves in the home server of the organization and then the company creates its back up on
clouds that ensure the privacy of the data.
9. Roles and Responsibility
Different workgroups have granted different responsibilities under the security aspect of the
information system of the entity. The responsibility to approve this policy is given to the board
of directors. Further information security committee of the company is responsible to develop,
facilitate and implement the information security policy. Further, the member of this committee
is liable to approve and monitor major information security projects. The committee also checks
and updates the status of the security awareness program on a timely basis and assesses new
changes in the area of information security.
10. Updates
The privacy policy presented here is up to date. Woolworths can change it periodically. Any
changes in the policy will be notified on the main page of the official website of the company.
11. Compliance
Woolworths shall manage audits to ensure that all the policies and guidelines related to
information system security are complied with. The company shall also ensure that all the
information system audit tools are in place and no one is doing misuse of the same.
6
firstly saves in the home server of the organization and then the company creates its back up on
clouds that ensure the privacy of the data.
9. Roles and Responsibility
Different workgroups have granted different responsibilities under the security aspect of the
information system of the entity. The responsibility to approve this policy is given to the board
of directors. Further information security committee of the company is responsible to develop,
facilitate and implement the information security policy. Further, the member of this committee
is liable to approve and monitor major information security projects. The committee also checks
and updates the status of the security awareness program on a timely basis and assesses new
changes in the area of information security.
10. Updates
The privacy policy presented here is up to date. Woolworths can change it periodically. Any
changes in the policy will be notified on the main page of the official website of the company.
11. Compliance
Woolworths shall manage audits to ensure that all the policies and guidelines related to
information system security are complied with. The company shall also ensure that all the
information system audit tools are in place and no one is doing misuse of the same.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
ISY3006
7
Potential threats and vulnerabilities of the company's network
The information system model of the company is likely to be complicated as it includes networks
and other technology. Based on the security policy developed above, some risk and
vulnerabilities can be identified here which are mentioned as below:-
Malware: - The first risk that exists to the information system of Woolworths is related to
malware. Malware is a software that is developed with the intention to damage a
computer system or the network. Malware works against the interest of the user (Eilam,
2011). Many types of malware are there such as Trojans, Spyware, Ransomware, and
worms that can destroy the information system of the company (clearias.com, 2019).
Phishing attack: - In this threat, attackers try to seek information such as login credentials
or other personal detail by tricking an employee of the victim organization or the person
with authority (imperva.com, 2019). This is one of the significant threats to the
company's network as Woolworths has thousands of employees and most of them have
their official email ids from where they can be tricked and can provide the access of
sensitive information to the third party.
Employees: - In every origination, the biggest vulnerabilities is its own employees.
Woolworths employs several people who can abuse their position and access limits for
personal benefit. Further, it can also be unintentional as many of the times employees
mistakenly click on the wrong online site or download the wrong file, which provides
attackers easy access to the system.
IoT devices: - There are many smart devices in the Internet of things, which include
printers, Wi-Fi capable, and other devices (Dosal, 2018). Attackers may hijack these
7
Potential threats and vulnerabilities of the company's network
The information system model of the company is likely to be complicated as it includes networks
and other technology. Based on the security policy developed above, some risk and
vulnerabilities can be identified here which are mentioned as below:-
Malware: - The first risk that exists to the information system of Woolworths is related to
malware. Malware is a software that is developed with the intention to damage a
computer system or the network. Malware works against the interest of the user (Eilam,
2011). Many types of malware are there such as Trojans, Spyware, Ransomware, and
worms that can destroy the information system of the company (clearias.com, 2019).
Phishing attack: - In this threat, attackers try to seek information such as login credentials
or other personal detail by tricking an employee of the victim organization or the person
with authority (imperva.com, 2019). This is one of the significant threats to the
company's network as Woolworths has thousands of employees and most of them have
their official email ids from where they can be tricked and can provide the access of
sensitive information to the third party.
Employees: - In every origination, the biggest vulnerabilities is its own employees.
Woolworths employs several people who can abuse their position and access limits for
personal benefit. Further, it can also be unintentional as many of the times employees
mistakenly click on the wrong online site or download the wrong file, which provides
attackers easy access to the system.
IoT devices: - There are many smart devices in the Internet of things, which include
printers, Wi-Fi capable, and other devices (Dosal, 2018). Attackers may hijack these
ISY3006
8
devices to build slaved networks of compromised devices. These unknown devices attract
attackers.
How such threats and vulnerabilities can be mitigated
The above-mentioned are some of the possible threats and vulnerabilities that have been
identified after the assessment of security policy developed earlier. Nevertheless, these
vulnerabilities can be mitigated. The very first step that can be taken by Woolworths is the
adoption of preventative security practices. Keeping firewall protection and firewall update is
one of such measure (information-age.com, 2019). Further, to identify malicious activity,
application whitelisting, and blacklisting software can be used. Secondly, the company can use
those intrusion prevention systems that provide facilities such as application integrity checking,
content validation, and third-party verification. These facilities are likely to prevent threat such
as malware and phishing attacks. Employees were identified as one of the vulnerabilities in the
above discussion. To provide a safeguard to the company's network and system from employees,
Woolworths is advised to grant limited access to employees. Access control is an important
aspect to discuss while checking threat-mitigating measures. Weak access control puts the
information in risk and therefore businesses can reduce this risk by generating strong passwords
for their system (Woland, Santuka, Harris, and Sanbower, 2018).
Further employee training also seems an important and effective effort that can be put on by
employees. Many of the times, external threats are successful as a result of insider threats or
vulnerabilities. Here Woolworths can reduce the chances of threat and can improve the security
of its information network by providing training to employees where they would learn the correct
manner to use the devices and network. If employees would be educated about threats such as
8
devices to build slaved networks of compromised devices. These unknown devices attract
attackers.
How such threats and vulnerabilities can be mitigated
The above-mentioned are some of the possible threats and vulnerabilities that have been
identified after the assessment of security policy developed earlier. Nevertheless, these
vulnerabilities can be mitigated. The very first step that can be taken by Woolworths is the
adoption of preventative security practices. Keeping firewall protection and firewall update is
one of such measure (information-age.com, 2019). Further, to identify malicious activity,
application whitelisting, and blacklisting software can be used. Secondly, the company can use
those intrusion prevention systems that provide facilities such as application integrity checking,
content validation, and third-party verification. These facilities are likely to prevent threat such
as malware and phishing attacks. Employees were identified as one of the vulnerabilities in the
above discussion. To provide a safeguard to the company's network and system from employees,
Woolworths is advised to grant limited access to employees. Access control is an important
aspect to discuss while checking threat-mitigating measures. Weak access control puts the
information in risk and therefore businesses can reduce this risk by generating strong passwords
for their system (Woland, Santuka, Harris, and Sanbower, 2018).
Further employee training also seems an important and effective effort that can be put on by
employees. Many of the times, external threats are successful as a result of insider threats or
vulnerabilities. Here Woolworths can reduce the chances of threat and can improve the security
of its information network by providing training to employees where they would learn the correct
manner to use the devices and network. If employees would be educated about threats such as
ISY3006
9
phishing attacks, they would not access unauthorized link and will not provide their information
to randomly (theamegroup.com, 2019). Threats related to Malware can be mitigated by
protecting the system through standardizing software. By ensuring that no person is allowed to
download any new software without pre-permission, Malware threats can be controlled.
In a conclusive way, this is to state that only development of information system is not enough
but the businesses are also required to ensure security of the same. Information security policy is
a significant measure but it does not wholly ensure the security of network as it only outlines the
guidelines. Threats and vulnerabilities such as employees, malwares may exit in network and by
taking efforts such as access control and strong password, these risks can be mitigate.
9
phishing attacks, they would not access unauthorized link and will not provide their information
to randomly (theamegroup.com, 2019). Threats related to Malware can be mitigated by
protecting the system through standardizing software. By ensuring that no person is allowed to
download any new software without pre-permission, Malware threats can be controlled.
In a conclusive way, this is to state that only development of information system is not enough
but the businesses are also required to ensure security of the same. Information security policy is
a significant measure but it does not wholly ensure the security of network as it only outlines the
guidelines. Threats and vulnerabilities such as employees, malwares may exit in network and by
taking efforts such as access control and strong password, these risks can be mitigate.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ISY3006
10
References
clearias.com. (2019) Malware Types: Virus, Worm, Trojan, Ransomware etc. [online] Available
from: https://www.clearias.com/malware-types/ [Accessed on 13/01/2020]
Dosal, E. (2018) Top 5 Cybersecurity Threats and Vulnerabilities. [online] Available from:
https://www.compuquip.com/blog/top-5-cybersecurity-threats-and-vulnerabilities [Accessed on
13/01/2020]
Eilam, E. (2011) Reversing: Secrets of Reverse Engineering. John Wiley & Sons.
imperva.com. (2019) Phishing attacks. [online] Available from:
https://www.imperva.com/learn/application-security/phishing-attack-scam/ [Accessed on
13/01/2020]
information-age.com. (2019) Six network security checks to mitigate the risk of data security
breaches. [online] Available from: https://www.information-age.com/six-network-security-
checks-mitigate-risk-data-security-breaches-123459554/ [Accessed on 13/01/2020]
localz.com. (2019) Woolworths. [online] Available from: https://www.localz.com/customer-
stories/woolworths-case-study [Accessed on 13/01/2020]
Moore, R. (2019) Expansion of Technology Will Increase Cyber Security Threats. [online]
Available from: https://www.plansponsor.com/expansion-technology-will-increase-cyber-
security-threats/ [Accessed on 13/01/2020]
10
References
clearias.com. (2019) Malware Types: Virus, Worm, Trojan, Ransomware etc. [online] Available
from: https://www.clearias.com/malware-types/ [Accessed on 13/01/2020]
Dosal, E. (2018) Top 5 Cybersecurity Threats and Vulnerabilities. [online] Available from:
https://www.compuquip.com/blog/top-5-cybersecurity-threats-and-vulnerabilities [Accessed on
13/01/2020]
Eilam, E. (2011) Reversing: Secrets of Reverse Engineering. John Wiley & Sons.
imperva.com. (2019) Phishing attacks. [online] Available from:
https://www.imperva.com/learn/application-security/phishing-attack-scam/ [Accessed on
13/01/2020]
information-age.com. (2019) Six network security checks to mitigate the risk of data security
breaches. [online] Available from: https://www.information-age.com/six-network-security-
checks-mitigate-risk-data-security-breaches-123459554/ [Accessed on 13/01/2020]
localz.com. (2019) Woolworths. [online] Available from: https://www.localz.com/customer-
stories/woolworths-case-study [Accessed on 13/01/2020]
Moore, R. (2019) Expansion of Technology Will Increase Cyber Security Threats. [online]
Available from: https://www.plansponsor.com/expansion-technology-will-increase-cyber-
security-threats/ [Accessed on 13/01/2020]
ISY3006
11
resources.infosecinstitute.com. (2018) Key Elements of an Information Security Policy. [online]
Available from: https://resources.infosecinstitute.com/key-elements-information-security-policy/
[Accessed on 13/01/2020]
theamegroup.com. (2019) Network Security Threats: 5 Ways to Protect Yourself. [online]
Available from: https://www.theamegroup.com/network-security-threats/ [Accessed on
13/01/2020]
Woland, A., Santuka, V., Harris, M. and Sanbower, J., 2018. Integrated Security Technologies
and Solutions-Volume I: Cisco Security Solutions for Advanced Threat Protection with Next
Generation Firewall, Intrusion Prevention, AMP, and Content Security. Cisco Press.
Woolworthsgroup.com.au. (2019) Contact Information. [online] Available from:
https://www.woolworthsgroup.com.au/page/contact-us/contact-information [Accessed on
13/01/2020]
11
resources.infosecinstitute.com. (2018) Key Elements of an Information Security Policy. [online]
Available from: https://resources.infosecinstitute.com/key-elements-information-security-policy/
[Accessed on 13/01/2020]
theamegroup.com. (2019) Network Security Threats: 5 Ways to Protect Yourself. [online]
Available from: https://www.theamegroup.com/network-security-threats/ [Accessed on
13/01/2020]
Woland, A., Santuka, V., Harris, M. and Sanbower, J., 2018. Integrated Security Technologies
and Solutions-Volume I: Cisco Security Solutions for Advanced Threat Protection with Next
Generation Firewall, Intrusion Prevention, AMP, and Content Security. Cisco Press.
Woolworthsgroup.com.au. (2019) Contact Information. [online] Available from:
https://www.woolworthsgroup.com.au/page/contact-us/contact-information [Accessed on
13/01/2020]
1 out of 12
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.