ISY3006 Information Security Report: Woolworths Security
VerifiedAdded on 2023/01/13
|11
|2671
|77
Report
AI Summary
This report examines the information security landscape of Woolworths, an Australian supermarket chain, focusing on the development and implementation of a strategic security policy. It begins with an introduction to information security and the company's background, highlighting the importance of protecting confidential information. The report delves into the process of creating a security strategy, emphasizing the roles of management and leaders, and outlines key steps such as determining the current state, performing gap analysis, and designing control measures. It also identifies strategic security objectives, including preventing unauthorized access, reducing privacy risks, and minimizing fraud. Furthermore, the report analyzes potential threats and vulnerabilities faced by the company, such as phishing attacks, employee negligence, malware, and IoT devices, along with preventative measures. The study concludes by summarizing the vital role of a robust security policy in the retail sector, underscoring its impact on brand image and workforce retention.
Report Writing
1
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
INTRODUCTION...........................................................................................................................3
Background of the company........................................................................................................3
Strategic security policy...............................................................................................................3
CONCLUSION................................................................................................................................8
REFERENCES..............................................................................................................................10
2
INTRODUCTION...........................................................................................................................3
Background of the company........................................................................................................3
Strategic security policy...............................................................................................................3
CONCLUSION................................................................................................................................8
REFERENCES..............................................................................................................................10
2
INTRODUCTION
Information security refers a procedure of maintaining integrity, confidentiality of
company'' informations or data in its various forms (Safa, Von Solms and Furnell, 2016). This
study is based on Woolworths which is an Australian chain of supermarkets which operates
approximate 995 stores across Australia with having approximate of 115,000 employees which is
the key of its success. Its headquarter is in the New South Wales, Australia. This study is going
to show importance of developing a strategic security policy or information security which helps
an organization in protecting their confidential informations. Further, it will discuss potential
threats or problems which an organization face if it does not implement an effective security
policy or information security.
Background of the company
Woolworth is an Australian chain supermarkets which was founded in the year of 1924
by Woolworth group. This supermarket is mainly popular for its qualitative products which
include: fruits, vegetables, meat, packaged food etc. Rather, all these food products it offers
household products, health and beauty products, stationeries etc. It is stated that it has around
995 Woolworth supermarkets and around 43 Woolworth metro convenience store. It provides
qualitative and unique features of products which has made it able to increase consumers interest
in it. It has also established branches across Australia and is providing facility to its customers of
online shopping which save their time and cost as well. In the context of security policy, it is
stated that this supermarket own systems and networks to which access is being given to users. It
also complies with all requirements of legislations (Acceptable Use of Information System
Policy, 2013). If it finds any type of illegal activity and have suspect ion they it immediately
informs to the appropriate external authority. It knows that if it does not comply with all
requirements of legislations then it may result in disciplinary actions or any lawsuit. It provides
training to its all employees and make them aware about the importance of following guidelines
relevant to the security and safety.
Strategic security policy
A security strategy refers a document that consists of all informations and steps required
to be followed by the company in order to identify and manage risks as well as security.
3
Information security refers a procedure of maintaining integrity, confidentiality of
company'' informations or data in its various forms (Safa, Von Solms and Furnell, 2016). This
study is based on Woolworths which is an Australian chain of supermarkets which operates
approximate 995 stores across Australia with having approximate of 115,000 employees which is
the key of its success. Its headquarter is in the New South Wales, Australia. This study is going
to show importance of developing a strategic security policy or information security which helps
an organization in protecting their confidential informations. Further, it will discuss potential
threats or problems which an organization face if it does not implement an effective security
policy or information security.
Background of the company
Woolworth is an Australian chain supermarkets which was founded in the year of 1924
by Woolworth group. This supermarket is mainly popular for its qualitative products which
include: fruits, vegetables, meat, packaged food etc. Rather, all these food products it offers
household products, health and beauty products, stationeries etc. It is stated that it has around
995 Woolworth supermarkets and around 43 Woolworth metro convenience store. It provides
qualitative and unique features of products which has made it able to increase consumers interest
in it. It has also established branches across Australia and is providing facility to its customers of
online shopping which save their time and cost as well. In the context of security policy, it is
stated that this supermarket own systems and networks to which access is being given to users. It
also complies with all requirements of legislations (Acceptable Use of Information System
Policy, 2013). If it finds any type of illegal activity and have suspect ion they it immediately
informs to the appropriate external authority. It knows that if it does not comply with all
requirements of legislations then it may result in disciplinary actions or any lawsuit. It provides
training to its all employees and make them aware about the importance of following guidelines
relevant to the security and safety.
Strategic security policy
A security strategy refers a document that consists of all informations and steps required
to be followed by the company in order to identify and manage risks as well as security.
3
Developing security strategy is an important and effective procedure in which company consists
all steps, initial assessment, planning, implementation and continuous monitoring which can help
them out in preventing themselves and others against any type of accident (Tan and et.al., 2017).
In the context of Woolworth limited it can be said that, the primary aim of this retailer of
developing strategic security policy is to educate employees on their responsibility to protect
their company's confidentiality and integrity of informations. It is important for Woolworths to
plan and develop an effective strategic security policy for prioritizing informations assurance and
security initiatives with the main aim to increase protection of informations.
Strategy, planning and development
For making an effective strategy and planning about security policy, management and
leaders plays an important role. So, it is important for company to make managers and leaders
able to take an active participation in planning process. Cyber security and assurance of
informations integrated functions which require team working and collaboration of leaders and
manager to communicate it to all team members and give clear direction (Larson, E.V., 2019).
For developing policy of security, company also requires to follow some steps in a
sequence such as: determining current state, performing gap analysis, determining relevant
resources, evaluation of control choices, designing controls with relevant resources, designing
monitoring controls and developing project management plan. There are some security
objectives which Woolworths want to accomplish by developing and implementing policy. Some
strategic security objectives include:
Preventing hackers gaining unauthorized access to internal servers.
To make sure that effective controls are in place in order to reduce risks of claim under
privacy legislations.
4
all steps, initial assessment, planning, implementation and continuous monitoring which can help
them out in preventing themselves and others against any type of accident (Tan and et.al., 2017).
In the context of Woolworth limited it can be said that, the primary aim of this retailer of
developing strategic security policy is to educate employees on their responsibility to protect
their company's confidentiality and integrity of informations. It is important for Woolworths to
plan and develop an effective strategic security policy for prioritizing informations assurance and
security initiatives with the main aim to increase protection of informations.
Strategy, planning and development
For making an effective strategy and planning about security policy, management and
leaders plays an important role. So, it is important for company to make managers and leaders
able to take an active participation in planning process. Cyber security and assurance of
informations integrated functions which require team working and collaboration of leaders and
manager to communicate it to all team members and give clear direction (Larson, E.V., 2019).
For developing policy of security, company also requires to follow some steps in a
sequence such as: determining current state, performing gap analysis, determining relevant
resources, evaluation of control choices, designing controls with relevant resources, designing
monitoring controls and developing project management plan. There are some security
objectives which Woolworths want to accomplish by developing and implementing policy. Some
strategic security objectives include:
Preventing hackers gaining unauthorized access to internal servers.
To make sure that effective controls are in place in order to reduce risks of claim under
privacy legislations.
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
There are several other factors which also plays an important role in developing process which
are:
People, process and technology
It is important to have knowledge about information security and consequences of it if
Woolworths do not implement and develop it in an efficient manner. The most important factor
and key element which can help an organization in making policy development process
successful is efforts, time, money, technology. Deciding that how much time, human resources
and efforts will be required in development process can help them in protecting them against any
problem and threat (Jayanthi, 2017).
Employees and technology plays an important role in information security so, it is
required by Woolworths to align IT goals with business by taking account of some factors such
as: workflows informations management system, databases, networks etc. Identification of
required skills and training for employees is also important as trained employees have
knowledge about all processes and importance of information security. By providing training to
5
Illustration 1: Development process of security policy
Sources: (Acceptable Use of Information System Policy, 2013)
are:
People, process and technology
It is important to have knowledge about information security and consequences of it if
Woolworths do not implement and develop it in an efficient manner. The most important factor
and key element which can help an organization in making policy development process
successful is efforts, time, money, technology. Deciding that how much time, human resources
and efforts will be required in development process can help them in protecting them against any
problem and threat (Jayanthi, 2017).
Employees and technology plays an important role in information security so, it is
required by Woolworths to align IT goals with business by taking account of some factors such
as: workflows informations management system, databases, networks etc. Identification of
required skills and training for employees is also important as trained employees have
knowledge about all processes and importance of information security. By providing training to
5
Illustration 1: Development process of security policy
Sources: (Acceptable Use of Information System Policy, 2013)
employees, Woolworths can make aware to its employees about concepts of integrity, privacy as
well as confidentiality.
Rather, internal factors, there are several external factors which also plays an important
role in developing and implementing an effective strategic security policy (Furness and Gänzle,
2017). Some external factors on which company should focus include: internet service providers,
some IT services such as: maintenance, testing, hardware support etc. As Woolworths operates to
the great extent and large level, so it is important for it to maintain all systems, software and
hardware. So, it can be said that an effective strategic security policy requires to include some
steps on how external factors must be assessed for security and compliance.
For accomplishing different strategic security objectives of Woolworths, adequate
functions need to be performed for example:
Objective 1. To provide security infra-structure in order to reduce development costs
For accomplishing this objective security functions require implementing security infra-
structure like access management, authentication services and can be re used by several systems.
Re uses of that infra-structure and systems can help the company in reducing development cost.
Objective 2. To protect assets
For accomplishing this goal, it is important to focus on risk assessment as well as security
reviews. The main aim of focusing on risk assessment by security functions is to make sure that
assets are protected in an efficient manner.
Objective 3: To reduce legal penalties
For gaining this important goal, it is important for manager of Woolworth to protect
employees from personal liability as well as damages. By developing effective policies within an
organization it can make them accountable for their performed activities and protect them against
lawsuit (Dhillon, Torkzadeh and Chang, 2018).
Objective 4: To reduce fraud
It can be accomplished by Woolworths by developing or imposing access control as it
limits opportunities to change and modify data for financial gain. It can impose logging as well
in order to identify unauthorized activities at the time of events.
Objective 5: To reduce third party risks
6
well as confidentiality.
Rather, internal factors, there are several external factors which also plays an important
role in developing and implementing an effective strategic security policy (Furness and Gänzle,
2017). Some external factors on which company should focus include: internet service providers,
some IT services such as: maintenance, testing, hardware support etc. As Woolworths operates to
the great extent and large level, so it is important for it to maintain all systems, software and
hardware. So, it can be said that an effective strategic security policy requires to include some
steps on how external factors must be assessed for security and compliance.
For accomplishing different strategic security objectives of Woolworths, adequate
functions need to be performed for example:
Objective 1. To provide security infra-structure in order to reduce development costs
For accomplishing this objective security functions require implementing security infra-
structure like access management, authentication services and can be re used by several systems.
Re uses of that infra-structure and systems can help the company in reducing development cost.
Objective 2. To protect assets
For accomplishing this goal, it is important to focus on risk assessment as well as security
reviews. The main aim of focusing on risk assessment by security functions is to make sure that
assets are protected in an efficient manner.
Objective 3: To reduce legal penalties
For gaining this important goal, it is important for manager of Woolworth to protect
employees from personal liability as well as damages. By developing effective policies within an
organization it can make them accountable for their performed activities and protect them against
lawsuit (Dhillon, Torkzadeh and Chang, 2018).
Objective 4: To reduce fraud
It can be accomplished by Woolworths by developing or imposing access control as it
limits opportunities to change and modify data for financial gain. It can impose logging as well
in order to identify unauthorized activities at the time of events.
Objective 5: To reduce third party risks
6
By reducing all factors and unauthorized access events, it can accomplish its goal and reduce
risks which can occur due to third party involvement. It can also add some security requirements
to contact and policy that can avoid liability for security related events.
So, from above discussed process and objectives, it can be said that, Woolworths can
prevent itself and its all sensitive informations from getting leaked. By making an effective
security policy it does not only secure its informations and access of third party but also
improves its brand image and retain potential workforces (Anton, 2017). As workers prefer to
work with an organization who has effective security measurements and policies as well as brand
image.
Potential threats and vulnerabilities of the company's network
Company has to face several problems if it does not make an effective policy and plan
related to security. So, it is important for Woolworths to understand threats and vulnerabilities in
order to prevent itself against any danger and threats. There are several threats and problems
which can occur due to lack of effective security policy and company's bad network such as:
Phishing attacks: Phishing attacks is one of the main threat which Woolworths can face.
In this type of threat, attackers attempts to trick an employee of victim organization into giving
sensitive and professional informations or into downloading malware. Attackers send E-mail to
people or an organization which seems like an effective E-mail like click this link to secure your
password for preventing illegal activities (Broda, Hervieux and Habib, 2018). But this given fake
link and E-mail download malware to user's computer. Other types of phishing and E-mail ask
users to give their user account details or credentials in order top solve problems. It happens due
to lack or awareness and knowledge among employees and ineffective tools. So, it is important
for Woolworths to implement effective tools and adopts some ways such as: E-mail virus
detention tool, employee training regarding cyber attacks awareness, multi factor authentication.
Own employees: Sometimes the biggest vulnerability in an organization are employees
which can create several problems for an organization, For instance: employee may abuse their
access privileges for personal gain. Due to lack of awareness, they click on the wrong link given
in the E-mail and download the wrong file, give their all details and user credentials to wrong
person by which attackers to get easy access to system and get all sensitive and personal
informations (Vaidya and Vaidya, 2019). But with the help of using some preventive techniques,
Woolworths can prevent itself and data breaches caused by employees. For example: using a
7
risks which can occur due to third party involvement. It can also add some security requirements
to contact and policy that can avoid liability for security related events.
So, from above discussed process and objectives, it can be said that, Woolworths can
prevent itself and its all sensitive informations from getting leaked. By making an effective
security policy it does not only secure its informations and access of third party but also
improves its brand image and retain potential workforces (Anton, 2017). As workers prefer to
work with an organization who has effective security measurements and policies as well as brand
image.
Potential threats and vulnerabilities of the company's network
Company has to face several problems if it does not make an effective policy and plan
related to security. So, it is important for Woolworths to understand threats and vulnerabilities in
order to prevent itself against any danger and threats. There are several threats and problems
which can occur due to lack of effective security policy and company's bad network such as:
Phishing attacks: Phishing attacks is one of the main threat which Woolworths can face.
In this type of threat, attackers attempts to trick an employee of victim organization into giving
sensitive and professional informations or into downloading malware. Attackers send E-mail to
people or an organization which seems like an effective E-mail like click this link to secure your
password for preventing illegal activities (Broda, Hervieux and Habib, 2018). But this given fake
link and E-mail download malware to user's computer. Other types of phishing and E-mail ask
users to give their user account details or credentials in order top solve problems. It happens due
to lack or awareness and knowledge among employees and ineffective tools. So, it is important
for Woolworths to implement effective tools and adopts some ways such as: E-mail virus
detention tool, employee training regarding cyber attacks awareness, multi factor authentication.
Own employees: Sometimes the biggest vulnerability in an organization are employees
which can create several problems for an organization, For instance: employee may abuse their
access privileges for personal gain. Due to lack of awareness, they click on the wrong link given
in the E-mail and download the wrong file, give their all details and user credentials to wrong
person by which attackers to get easy access to system and get all sensitive and personal
informations (Vaidya and Vaidya, 2019). But with the help of using some preventive techniques,
Woolworths can prevent itself and data breaches caused by employees. For example: using a
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
policy that gives less access and privileges of having access can become difficult for attackers to
get informations and getting access.
Malware: There are several types of malware that are affecting the target's system to the
great extent in a negative manner. Created different types of malware are affecting in different
ways such as: Worms, which refers programs that can be spread via variety of modes like E-
mails. Work will search some form of contacts databases once on a system. It looks like an
authenticate E-mail but it compromise users system. The main aim of malware is to get access on
links for getting professional and sensitive data of an organization and take undue advantage of
all these informations.
Internet of things: Internet of things consists of several smart devices or company's
network which is mainly used in retail sector such as: manufacturing robots, Wi-Fi capable
refrigerators. These devices support company in increasing productivity and saving time of
manufacturing but on the flip side all these devices can be hijacked by attackers in an easy
manner. Companies can not even identify that how many internet of things devices they have on
their networks as Woolworths operates to the great extent so, it becomes difficult to identify. It
means they have several unprotected vulnerabilities from which they are not aware. Attackers
take several opportunities from these devices. So, it is important for Woolworths to identify risks
which can occur due to these devices and solve problems. For solving this threat, they require to
perform security audit which can help them out in identification all the disparate assets on
network (Kimani, Oduol and Langat, 2019).
So, it can be said that knowing the biggest threat and reasons of problems can be an
effective step by which company can protect its professional as well as sensitive data. It can take
time, human resources, efforts, cost and expertise but can help to the great extent.
CONCLUSION
From the above study it has been summarized that safety and security policy played a
vital role in retail sector as it help them in preventing against any accident and dangers. By
developing and implementing strategic security policy, retail sector companies made themselves
able to improve their brand image and decrease all relevant threats. Further it has also discussed
all problems and threats which company face due to lack of strategic security policy such as it
affects their productivity, brand image, increase staff turnover etc. Due to lack of awareness,
8
get informations and getting access.
Malware: There are several types of malware that are affecting the target's system to the
great extent in a negative manner. Created different types of malware are affecting in different
ways such as: Worms, which refers programs that can be spread via variety of modes like E-
mails. Work will search some form of contacts databases once on a system. It looks like an
authenticate E-mail but it compromise users system. The main aim of malware is to get access on
links for getting professional and sensitive data of an organization and take undue advantage of
all these informations.
Internet of things: Internet of things consists of several smart devices or company's
network which is mainly used in retail sector such as: manufacturing robots, Wi-Fi capable
refrigerators. These devices support company in increasing productivity and saving time of
manufacturing but on the flip side all these devices can be hijacked by attackers in an easy
manner. Companies can not even identify that how many internet of things devices they have on
their networks as Woolworths operates to the great extent so, it becomes difficult to identify. It
means they have several unprotected vulnerabilities from which they are not aware. Attackers
take several opportunities from these devices. So, it is important for Woolworths to identify risks
which can occur due to these devices and solve problems. For solving this threat, they require to
perform security audit which can help them out in identification all the disparate assets on
network (Kimani, Oduol and Langat, 2019).
So, it can be said that knowing the biggest threat and reasons of problems can be an
effective step by which company can protect its professional as well as sensitive data. It can take
time, human resources, efforts, cost and expertise but can help to the great extent.
CONCLUSION
From the above study it has been summarized that safety and security policy played a
vital role in retail sector as it help them in preventing against any accident and dangers. By
developing and implementing strategic security policy, retail sector companies made themselves
able to improve their brand image and decrease all relevant threats. Further it has also discussed
all problems and threats which company face due to lack of strategic security policy such as it
affects their productivity, brand image, increase staff turnover etc. Due to lack of awareness,
8
company has to face problems of loss of important and sensitive data. Phishing, malware are
some types of threats which has been shown in this report.
9
some types of threats which has been shown in this report.
9
REFERENCES
Books and journals
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security. 56. pp.70-82.
Tan, T.H. and et.al., 2017, July. Information Security Governance: A Case Study of the Strategic
Context of Information Security. In PACIS (p. 43).
Larson, E.V., 2019. Force Planning Scenarios, 1945–2016: Their Origins and Use in Defense
Strategic Planning. RAND Corporation.
Jayanthi, M.K., 2017, March. Strategic Planning for Information Security-DID Mechanism to
befriend the Cyber Criminals to Assure Cyber Freedom. In 2017 2nd International
Conference on Anti-Cyber Crimes (ICACC) (pp. 142-147). IEEE.
Furness, M. and Gänzle, S., 2017. The Security–Development Nexus in European Union Foreign
Relations after Lisbon: Policy Coherence at Last?. Development Policy Review. 35(4).
pp.475-492.
Dhillon, G., Torkzadeh, G. and Chang, J., 2018, June. Strategic planning for IS security:
Designing objectives. In International Conference on Design Science Research in
Information Systems and Technology (pp. 285-299). Springer, Cham.
Anton, T., 2017. STRATEGIC PLANNING–AN ANALYSIS OF THE MAIN STRATEGIC
PLANNING DOCUMENTS AND THEIR RELEVANCE IN THE CURRENT
ENVIRONMENT (CASE STUDY OF THE REPUBLIC OF MOLDOVA). Defense
Resources Management in the 21st Century. 12(12). pp.30-40.
Broda, M., Hervieux, M.A. and Habib, H., BCE Inc, 2018. Cyber threat intelligence threat and
vulnerability assessment of service supplier chain. U.S. Patent Application 15/857,815.
Kimani, K., Oduol, V. and Langat, K., 2019. Cyber security challenges for IoT-based smart grid
networks. International Journal of Critical Infrastructure Protection. 25. pp.36-49.
Vaidya, V. and Vaidya, S., 2019. Method and apparatus for measuring and predicting threat
responsiveness. U.S. Patent Application 16/247,412.
10
Books and journals
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model
in organizations. computers & security. 56. pp.70-82.
Tan, T.H. and et.al., 2017, July. Information Security Governance: A Case Study of the Strategic
Context of Information Security. In PACIS (p. 43).
Larson, E.V., 2019. Force Planning Scenarios, 1945–2016: Their Origins and Use in Defense
Strategic Planning. RAND Corporation.
Jayanthi, M.K., 2017, March. Strategic Planning for Information Security-DID Mechanism to
befriend the Cyber Criminals to Assure Cyber Freedom. In 2017 2nd International
Conference on Anti-Cyber Crimes (ICACC) (pp. 142-147). IEEE.
Furness, M. and Gänzle, S., 2017. The Security–Development Nexus in European Union Foreign
Relations after Lisbon: Policy Coherence at Last?. Development Policy Review. 35(4).
pp.475-492.
Dhillon, G., Torkzadeh, G. and Chang, J., 2018, June. Strategic planning for IS security:
Designing objectives. In International Conference on Design Science Research in
Information Systems and Technology (pp. 285-299). Springer, Cham.
Anton, T., 2017. STRATEGIC PLANNING–AN ANALYSIS OF THE MAIN STRATEGIC
PLANNING DOCUMENTS AND THEIR RELEVANCE IN THE CURRENT
ENVIRONMENT (CASE STUDY OF THE REPUBLIC OF MOLDOVA). Defense
Resources Management in the 21st Century. 12(12). pp.30-40.
Broda, M., Hervieux, M.A. and Habib, H., BCE Inc, 2018. Cyber threat intelligence threat and
vulnerability assessment of service supplier chain. U.S. Patent Application 15/857,815.
Kimani, K., Oduol, V. and Langat, K., 2019. Cyber security challenges for IoT-based smart grid
networks. International Journal of Critical Infrastructure Protection. 25. pp.36-49.
Vaidya, V. and Vaidya, S., 2019. Method and apparatus for measuring and predicting threat
responsiveness. U.S. Patent Application 16/247,412.
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Online
Acceptable Use of Information System Policy. 2013. [Online]. Available through : <
http://office.interpro.com.au/wp-content/uploads/2013/06/Woolworths-Acceptable-Use-
of-Information-Systems-Policy-2010.pdf>.
11
Acceptable Use of Information System Policy. 2013. [Online]. Available through : <
http://office.interpro.com.au/wp-content/uploads/2013/06/Woolworths-Acceptable-Use-
of-Information-Systems-Policy-2010.pdf>.
11
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.