Information Security Report: Coles Supermarket Network Vulnerabilities
VerifiedAdded on 2021/02/20
|10
|2452
|45
Report
AI Summary
This report provides a comprehensive analysis of the information security landscape at Coles Supermarket, an Australian retail giant. It begins with an executive summary and an introduction to the importance of securing information in the modern era. The report delves into the development of a strategic security policy tailored to Coles Supermarket, considering its nature as a retail business and its diverse stakeholders, including government, customers, board of directors, employees, and investors. The policy addresses key aspects such as purpose, scope, employee requirements, data leakage prevention, system encryption, and reporting. Furthermore, the report identifies and assesses potential network threats, including viruses, worms, botnets, phishing attacks, DDoS attacks, and ransomware. It then outlines various mitigation strategies, such as bolstering access control, keeping software updated, and implementing network protection measures like firewalls and VPNs. The report concludes by emphasizing the importance of employee training in mitigating security risks and maintaining a robust network security posture. This report is designed to help students understand information security concepts and practical applications.
Information security
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Executive summary
In this report it has been described about Australian company Coles supermarket that
operate in retail and supermarket sector. It offers various types of products and services to
people. Also, it is been discussed on who are the stakeholders of organisation and nature of
business. Moreover, in report it has been explained on strategic security policy developed for
organisation. At last it is mentioned on threats and vulnerabilities that can occur in network and
how it can be mitigated.
2
In this report it has been described about Australian company Coles supermarket that
operate in retail and supermarket sector. It offers various types of products and services to
people. Also, it is been discussed on who are the stakeholders of organisation and nature of
business. Moreover, in report it has been explained on strategic security policy developed for
organisation. At last it is mentioned on threats and vulnerabilities that can occur in network and
how it can be mitigated.
2
Table of Contents
Executive summary.........................................................................................................................2
INTRODUCTION...........................................................................................................................4
BODY..............................................................................................................................................4
Question a) Security policy for Coles supermarket based on nature and stakeholders...............4
Question b) Identify and assess potential threat in network and how it can be mitigated...........7
REFERENCES..............................................................................................................................10
3
Executive summary.........................................................................................................................2
INTRODUCTION...........................................................................................................................4
BODY..............................................................................................................................................4
Question a) Security policy for Coles supermarket based on nature and stakeholders...............4
Question b) Identify and assess potential threat in network and how it can be mitigated...........7
REFERENCES..............................................................................................................................10
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INTRODUCTION
In today’s era it is necessary to secure and protect information so that it is not misused.
Many cases have occurred where there is unauthorised access of network and data is stole. Apart
from it, hackers always try to enter into network to access confidential data. Every organisation
require to formulate security policy which gives insight on how network is protected, who will
interact in it, what systems or software are used, etc. (Peltier, 2016) The policy contains
guidelines which allow staff, manager, etc. to communicate within network. This protects data
from been misused or any data breach. This report will discuss security policy of Coles
supermarket and identify potential threats and vulnerabilities of network. Also, it will describe
how threats can be mitigated.
BODY
Question a) Security policy for Coles supermarket based on nature and stakeholders
Coles supermarket is a supermarket retail chain headquartered in Melbourne. It was
founded in 1914 by George Coles. The company is having overall 807 stores in Australia and
covers 80% market. There are total 112,298 employees working in it. Moreover, operate in
different sectors that are retail, consumer services, etc. there are various types of products and
services offered by company.
In an organization there are different stakeholders that are involved with it. Similarly,
Coles supermarket also consists of various stakeholders that are described below :-
Government – As it is public company government is responsible for interacting with BOD to
develop strategies. They set framework on basis of which company works.
Customers- They are main stakeholders as they buy products and services of company.
Customers provide data of market and support in making (Safa, Von Solms and Furnell, 2016)
Board of Directors – They are mainly involved in formulating long term goals. Also, strategies
are set and policies are formulated.
Employees – Employees are internal stakeholders of company. They perform various tasks and
attain goals and objectives.
Investors- They invest in company and provide funds when necessary.
The nature of business is both physical and online selling of goods and services.
Company is engaged in retail and supermarket. Thus, nature of business is retail sector.
4
In today’s era it is necessary to secure and protect information so that it is not misused.
Many cases have occurred where there is unauthorised access of network and data is stole. Apart
from it, hackers always try to enter into network to access confidential data. Every organisation
require to formulate security policy which gives insight on how network is protected, who will
interact in it, what systems or software are used, etc. (Peltier, 2016) The policy contains
guidelines which allow staff, manager, etc. to communicate within network. This protects data
from been misused or any data breach. This report will discuss security policy of Coles
supermarket and identify potential threats and vulnerabilities of network. Also, it will describe
how threats can be mitigated.
BODY
Question a) Security policy for Coles supermarket based on nature and stakeholders
Coles supermarket is a supermarket retail chain headquartered in Melbourne. It was
founded in 1914 by George Coles. The company is having overall 807 stores in Australia and
covers 80% market. There are total 112,298 employees working in it. Moreover, operate in
different sectors that are retail, consumer services, etc. there are various types of products and
services offered by company.
In an organization there are different stakeholders that are involved with it. Similarly,
Coles supermarket also consists of various stakeholders that are described below :-
Government – As it is public company government is responsible for interacting with BOD to
develop strategies. They set framework on basis of which company works.
Customers- They are main stakeholders as they buy products and services of company.
Customers provide data of market and support in making (Safa, Von Solms and Furnell, 2016)
Board of Directors – They are mainly involved in formulating long term goals. Also, strategies
are set and policies are formulated.
Employees – Employees are internal stakeholders of company. They perform various tasks and
attain goals and objectives.
Investors- They invest in company and provide funds when necessary.
The nature of business is both physical and online selling of goods and services.
Company is engaged in retail and supermarket. Thus, nature of business is retail sector.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
A security policy refers to rules and regulation through which systems and network are
protected. It is written document which guides organization on how to protect from security
threats, what measure is to be taken, etc. The policy is updated and changes are made to keep
network secure. Coles supermarket security policy is as follows :-
Purpose of policy
Purpose is to protect network, system and devices from any threat or vulnerability and
securing network. Also, to provide access to data and work in effective way.
Scope
Any employee, stakeholder with access to Coles supermarket system or data
Financial
Confidential
Policy- Employee requirement
If any threat is identified then you need to immediately respond to IT manager
You are required not to share or communicate data or information with any other
stakeholder without approval of top management (Soomro, Shah and Ahmed, 2016).
To ensure that no data is left open on system or E mail
To use won ID and password in system or E mail to access data from server.
In case of any compliant related to data breach or loss it must be informed to superior and
proper action is to be taken.
Any information been transferred to portable device must be encrypted by following of
proper practices. Employees need to follow laws and regulations formed by company.
Data leakage prevention
This policy act as framework for Coles supermarket to update their network as per
regulations of government. It also shows how network will be monitored, what types of changes
are accepted.
Purpose
Coles supermarket must protect, secure confidential data from external threat. Moreover,
malicious activity needs to be detected and improved. The policy outline requirement of
monitoring tools used, updating network, etc.
Scope
5
protected. It is written document which guides organization on how to protect from security
threats, what measure is to be taken, etc. The policy is updated and changes are made to keep
network secure. Coles supermarket security policy is as follows :-
Purpose of policy
Purpose is to protect network, system and devices from any threat or vulnerability and
securing network. Also, to provide access to data and work in effective way.
Scope
Any employee, stakeholder with access to Coles supermarket system or data
Financial
Confidential
Policy- Employee requirement
If any threat is identified then you need to immediately respond to IT manager
You are required not to share or communicate data or information with any other
stakeholder without approval of top management (Soomro, Shah and Ahmed, 2016).
To ensure that no data is left open on system or E mail
To use won ID and password in system or E mail to access data from server.
In case of any compliant related to data breach or loss it must be informed to superior and
proper action is to be taken.
Any information been transferred to portable device must be encrypted by following of
proper practices. Employees need to follow laws and regulations formed by company.
Data leakage prevention
This policy act as framework for Coles supermarket to update their network as per
regulations of government. It also shows how network will be monitored, what types of changes
are accepted.
Purpose
Coles supermarket must protect, secure confidential data from external threat. Moreover,
malicious activity needs to be detected and improved. The policy outline requirement of
monitoring tools used, updating network, etc.
Scope
5
Any stakeholder who access network needs to log in with user and password.
Furthermore, device used in monitoring network must be checked (Gordon, Fairhall and
Landman, 2017).
Any third party monitoring network needs to follow policy rules and provide information
about it to organization
Policy
Only network monitoring tools is to be used to monitor network.
Tools details, version, requirements, etc. are to be included in record.
Documents of tool used are to be provided to Coles supermarket. The configuration will
be done under supervisor within company. Beside this, installing of it will be proceeded
only after security management approval.
Any change in use of tool is to be informed firstly to management. However, change of
server or database has to be done after verification.
Reporting requirements
A monthly report of network performance and issues to security management
Report showing use of different types of devices and system in network.
System encryption
Using this policy
The policy provides guidelines for Coles supermarket to implement encryption control
policy. Following policy as per regulations of several acts.
Purpose
Encryption is required in system to protect it from network vulnerabilities. It will ensure
that all system and devices are installed with anti virus software and support in restricting
unauthorized access.
Scope
All company systems and devices interconnected within network
Servers and laptops used by management
Policy
All system needs to be encrypted with anti virus
Encryption policy is to be managed and compliance by management. There needs to be
proper auditing of each system
6
Furthermore, device used in monitoring network must be checked (Gordon, Fairhall and
Landman, 2017).
Any third party monitoring network needs to follow policy rules and provide information
about it to organization
Policy
Only network monitoring tools is to be used to monitor network.
Tools details, version, requirements, etc. are to be included in record.
Documents of tool used are to be provided to Coles supermarket. The configuration will
be done under supervisor within company. Beside this, installing of it will be proceeded
only after security management approval.
Any change in use of tool is to be informed firstly to management. However, change of
server or database has to be done after verification.
Reporting requirements
A monthly report of network performance and issues to security management
Report showing use of different types of devices and system in network.
System encryption
Using this policy
The policy provides guidelines for Coles supermarket to implement encryption control
policy. Following policy as per regulations of several acts.
Purpose
Encryption is required in system to protect it from network vulnerabilities. It will ensure
that all system and devices are installed with anti virus software and support in restricting
unauthorized access.
Scope
All company systems and devices interconnected within network
Servers and laptops used by management
Policy
All system needs to be encrypted with anti virus
Encryption policy is to be managed and compliance by management. There needs to be
proper auditing of each system
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Employees must only use those system which is encrypted
Anti virus installed in system has to be in accordance with industry compliance and
policy.
All system will be audited by security management and changes are reported to manager
regarding it.
Technical guidelines
System auditing is to be done as per industry regulation
Official Windows is synchronizing with system. The credentials are used in compliance
with security policy.
New system installed in network is of updated software and application
Reporting requirement
1. A monthly audit report of each system and issues identified in it
2. A monthly report of vulnerabilities of each system and its performance after it.
Question b) Identify and assess potential threat in network and how it can be mitigated
It is necessary to protect network from potential threats so that its performance and
efficiency is not impacted (Johnston and et.al., 2016). There are many ways through which a
network security is breached. Basically, the main aim is to enter into it is to access confidential
data and information. So, in order to prevent network from getting attacked first thing that can be
done is to identify potential threats. This is because it gives an overview of vulnerabilities that
can damage network. Hence, on basis of it appropriate measures are taken. However, Coles
supermarket is large company which operate in entire Australia. Also, its network is complex
and there are many people accessing it (Network security threat, 2019) With technological
advancement potential threats in network are as follows :-
Virus and Worms – It is most common and dangerous attack that can destroy entire network.
Viruses are an attached file that copies itself in system and infect network. Worms are documents
or other files which also replicate it once entered into system. It directly affect entire network
and makes it difficult for system to operate in it.
Botnets- They are number of internet connected devices which run on various bots. Generally,
bots are run by hacker to use it for DDoS attack. Here, a large website is targeted so that it is not
able to process requests. It is brute force attack which lowers frequency to detect virus. In
supermarket network devices can be highly affected due to botnets.
7
Anti virus installed in system has to be in accordance with industry compliance and
policy.
All system will be audited by security management and changes are reported to manager
regarding it.
Technical guidelines
System auditing is to be done as per industry regulation
Official Windows is synchronizing with system. The credentials are used in compliance
with security policy.
New system installed in network is of updated software and application
Reporting requirement
1. A monthly audit report of each system and issues identified in it
2. A monthly report of vulnerabilities of each system and its performance after it.
Question b) Identify and assess potential threat in network and how it can be mitigated
It is necessary to protect network from potential threats so that its performance and
efficiency is not impacted (Johnston and et.al., 2016). There are many ways through which a
network security is breached. Basically, the main aim is to enter into it is to access confidential
data and information. So, in order to prevent network from getting attacked first thing that can be
done is to identify potential threats. This is because it gives an overview of vulnerabilities that
can damage network. Hence, on basis of it appropriate measures are taken. However, Coles
supermarket is large company which operate in entire Australia. Also, its network is complex
and there are many people accessing it (Network security threat, 2019) With technological
advancement potential threats in network are as follows :-
Virus and Worms – It is most common and dangerous attack that can destroy entire network.
Viruses are an attached file that copies itself in system and infect network. Worms are documents
or other files which also replicate it once entered into system. It directly affect entire network
and makes it difficult for system to operate in it.
Botnets- They are number of internet connected devices which run on various bots. Generally,
bots are run by hacker to use it for DDoS attack. Here, a large website is targeted so that it is not
able to process requests. It is brute force attack which lowers frequency to detect virus. In
supermarket network devices can be highly affected due to botnets.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Phishing attack- This threat is also common in which user log in details, credit card and other
personal info is stolen (Layton, 2016). In this message is sent to user from trusted source so
clicking on it information is sent directly to some malicious source. Generally, phishing is done
when customer make payment or enter their confidential details. As Coles supermarket also
provide online products so it can harm their network to a great extent.
DDoS- It is type of attack in which particular network resource is not available to user
temporarily. This makes user unable to operate on request. The attack usually occurs in those
networks where online business is done. At present DDoS is mostly used as source to obtain
data. Hence, in Coles supermarket hackers can use this to access customer data.
Ransomware – Ransomware is type of malicious software or malware that denies access to data
or system until ransom is paid. It directly infects database, network and corrupt files.
It is essential to protect network and system from such potential threats so that data and
information is secured. In that security policy plays vital role as it contain guidelines to mitigate
these attacks. Along with it, certain measures are taken to protect financial loss as well. If proper
actions are taken then it becomes easy to mitigate threats. The measures are explained below :-
Bolster access control – This measure can be used to protect threat of botnets. In this strong
password are set which prevent hacker to enter into network. Also, frequent changing of
password will be beneficial in reducing network threat. Thus, Coles supermarket can use this
measure to prevent vulnerabilities.
Keeping all software updated- Here, company needs to update their software regularly to fix
bugs. The new software prevent network from such threats. It fixes bugs and improves ease in
sharing of files. Furthermore, in that anti virus or other software which helps in alerting in case
of any network vulnerability (Nazareth and Choi, 2015). Other than this, anti malware software
can be installed in systems. It will be useful to prevent each system properly.
Using network protection measures – It is also a method through which threats can be
mitigated. In it many things can be done such as installing a firewall, using VPN, ensuring
proper access control, etc. These all will help in maintaining traffic in network and preventing
any malicious attacks, virus, worms, etc. Coles supermarket can use certain measure to protect
their network.
Therefore, by taking these measures it becomes easy to mitigate threats. It alerts the
system of any kind of vulnerability. Moreover, firewall prevent unauthorized access, VPN uses
8
personal info is stolen (Layton, 2016). In this message is sent to user from trusted source so
clicking on it information is sent directly to some malicious source. Generally, phishing is done
when customer make payment or enter their confidential details. As Coles supermarket also
provide online products so it can harm their network to a great extent.
DDoS- It is type of attack in which particular network resource is not available to user
temporarily. This makes user unable to operate on request. The attack usually occurs in those
networks where online business is done. At present DDoS is mostly used as source to obtain
data. Hence, in Coles supermarket hackers can use this to access customer data.
Ransomware – Ransomware is type of malicious software or malware that denies access to data
or system until ransom is paid. It directly infects database, network and corrupt files.
It is essential to protect network and system from such potential threats so that data and
information is secured. In that security policy plays vital role as it contain guidelines to mitigate
these attacks. Along with it, certain measures are taken to protect financial loss as well. If proper
actions are taken then it becomes easy to mitigate threats. The measures are explained below :-
Bolster access control – This measure can be used to protect threat of botnets. In this strong
password are set which prevent hacker to enter into network. Also, frequent changing of
password will be beneficial in reducing network threat. Thus, Coles supermarket can use this
measure to prevent vulnerabilities.
Keeping all software updated- Here, company needs to update their software regularly to fix
bugs. The new software prevent network from such threats. It fixes bugs and improves ease in
sharing of files. Furthermore, in that anti virus or other software which helps in alerting in case
of any network vulnerability (Nazareth and Choi, 2015). Other than this, anti malware software
can be installed in systems. It will be useful to prevent each system properly.
Using network protection measures – It is also a method through which threats can be
mitigated. In it many things can be done such as installing a firewall, using VPN, ensuring
proper access control, etc. These all will help in maintaining traffic in network and preventing
any malicious attacks, virus, worms, etc. Coles supermarket can use certain measure to protect
their network.
Therefore, by taking these measures it becomes easy to mitigate threats. It alerts the
system of any kind of vulnerability. Moreover, firewall prevent unauthorized access, VPN uses
8
private network and verify authentic source. Alongside it, organization can also provide training
to employees regarding threats. They can show them how to avoid security breach, identify
virus, etc. It will provide description of what action or measure is to be taken and how to mitigate
threat. Moreover, staff will be aware about what they have to do to mitigate threat and protect
network (Cram, Proudfoot and D’Arcy, 2017). In this way Coles supermarket can identify
threats and mitigate it. Through it, network security will be maintained and improved.
9
to employees regarding threats. They can show them how to avoid security breach, identify
virus, etc. It will provide description of what action or measure is to be taken and how to mitigate
threat. Moreover, staff will be aware about what they have to do to mitigate threat and protect
network (Cram, Proudfoot and D’Arcy, 2017). In this way Coles supermarket can identify
threats and mitigate it. Through it, network security will be maintained and improved.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
REFERENCES
Books and journals
Cram, W.A., Proudfoot, J.G. and D’Arcy, J., 2017. Organizational information security policies:
a review and research framework. European Journal of Information Systems, 26(6),
pp.605-641.
Gordon, W.J., Fairhall, A. and Landman, A., 2017. Threats to information security—public
health implications. N Engl J Med, 377(8), pp.707-709.
Johnston, A.C. and et.al., 2016. Dispositional and situational factors: influences on information
security policy violations. European Journal of Information Systems, 25(3), pp.231-251.
Layton, T.P., 2016. Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management, 52(1), pp.123-134.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security, 56, pp.70-82.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Online
Network security threats, 2019. [online] Available through : <https://securityfirstcorp.com/the-
top-9-network-security-threats-of-2019/>
10
Books and journals
Cram, W.A., Proudfoot, J.G. and D’Arcy, J., 2017. Organizational information security policies:
a review and research framework. European Journal of Information Systems, 26(6),
pp.605-641.
Gordon, W.J., Fairhall, A. and Landman, A., 2017. Threats to information security—public
health implications. N Engl J Med, 377(8), pp.707-709.
Johnston, A.C. and et.al., 2016. Dispositional and situational factors: influences on information
security policy violations. European Journal of Information Systems, 25(3), pp.231-251.
Layton, T.P., 2016. Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Nazareth, D.L. and Choi, J., 2015. A system dynamics model for information security
management. Information & Management, 52(1), pp.123-134.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security, 56, pp.70-82.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Online
Network security threats, 2019. [online] Available through : <https://securityfirstcorp.com/the-
top-9-network-security-threats-of-2019/>
10
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.