IS Security and Risk Management Report - Woolworths Limited Analysis
VerifiedAdded on 2020/05/08
|20
|3853
|287
Report
AI Summary
This report provides a comprehensive analysis of IS security and risk management within Woolworths Limited. It begins with an overview of the company's background, technologies used (including RFID and cloud platforms), and associated security issues like data breaches and cloud service vulnerabilities. The report then details the design of risk analysis matrices, mapping and analyzing risks, and proposing a disaster recovery plan, including an examination of threats and vulnerabilities. A business continuity plan and contingency planning are also proposed. Furthermore, the report illustrates how various tools are used within the organization, referencing the OSI layers, and provides a logical map of the organizational structure along with developed security policies. The report highlights the importance of proactive security measures for protecting sensitive information and ensuring business continuity.
Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management: Woolworths Limited
Name of the student:
Name of the university:
IS Security and Risk Management: Woolworths Limited
Name of the student:
Name of the university:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1IS SECURITY AND RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................2
1. Background of the chosen organization: Woolworths Limited...................................................3
1.1 Technologies used in this organization..................................................................................4
1.2 Security issues associated to this organization......................................................................5
1.3 Tools and technology needed for the investigation...............................................................5
2. Designing risk analysis matrices.................................................................................................5
2.1 Analysis and mapping of risks...............................................................................................9
2.2 Designing Disaster Recovery Plan........................................................................................9
2.3 Analyzing different threats and relevant vulnerabilities......................................................11
3. Proposal for a Business continuity plan.....................................................................................13
3. 1 Proposal for contingency plan............................................................................................13
4. Illustration on how the tools are used in the business organization with reference to the OSI
layers..............................................................................................................................................14
5. Logical map of organizational structure....................................................................................15
5.1 Security policies developed for Woolworths Limited.........................................................16
Conclusion.....................................................................................................................................16
References......................................................................................................................................18
Table of Contents
Introduction......................................................................................................................................2
1. Background of the chosen organization: Woolworths Limited...................................................3
1.1 Technologies used in this organization..................................................................................4
1.2 Security issues associated to this organization......................................................................5
1.3 Tools and technology needed for the investigation...............................................................5
2. Designing risk analysis matrices.................................................................................................5
2.1 Analysis and mapping of risks...............................................................................................9
2.2 Designing Disaster Recovery Plan........................................................................................9
2.3 Analyzing different threats and relevant vulnerabilities......................................................11
3. Proposal for a Business continuity plan.....................................................................................13
3. 1 Proposal for contingency plan............................................................................................13
4. Illustration on how the tools are used in the business organization with reference to the OSI
layers..............................................................................................................................................14
5. Logical map of organizational structure....................................................................................15
5.1 Security policies developed for Woolworths Limited.........................................................16
Conclusion.....................................................................................................................................16
References......................................................................................................................................18
2IS SECURITY AND RISK MANAGEMENT
Introduction
This report depicts the importance of developing different security aspects those are
necessary to be adopted by the enterprises to keep their sensitive information safe from the
external attacks. For developing this particular report the selected organization is Woolworths
Limited, headquartered in Australia. After analyzing the technologies and tools used in this
company it has been determined that, due to lack of experts and technical opportunities currently
the company is facing major level risks (Almorsy, Grundy & Müller, 2016). In order to minimize
these risks, risk analysis matrices are required to be designed accordingly by Woolworths
Limited. In order to design the risk analysis matrix risks are needed to be mapped and analyzed
as well.
In order to gain effective success and business revenue from the competitive marketplace
Woolworths Limited should develop certain strategies like Business Continuity Planning (BCP).
By proposing a contingency planning the strategies can be developed in this business
organization. For improving the existing technology of the company, proper security aspects for
disaster recovery, security audits as well. In order to control the risks associated to the company
it is necessary for the company to investigate all the existing tools and technologies those are
widely using by the company to resolve their security level issues. For storing information
regarding the employees and the company details, the company uses cloud storage to gain huge
storage. The cloud platform has the ability to store huge information with the features like
disaster recovery and data backup as well these aspects are also elaborated in this report.
Introduction
This report depicts the importance of developing different security aspects those are
necessary to be adopted by the enterprises to keep their sensitive information safe from the
external attacks. For developing this particular report the selected organization is Woolworths
Limited, headquartered in Australia. After analyzing the technologies and tools used in this
company it has been determined that, due to lack of experts and technical opportunities currently
the company is facing major level risks (Almorsy, Grundy & Müller, 2016). In order to minimize
these risks, risk analysis matrices are required to be designed accordingly by Woolworths
Limited. In order to design the risk analysis matrix risks are needed to be mapped and analyzed
as well.
In order to gain effective success and business revenue from the competitive marketplace
Woolworths Limited should develop certain strategies like Business Continuity Planning (BCP).
By proposing a contingency planning the strategies can be developed in this business
organization. For improving the existing technology of the company, proper security aspects for
disaster recovery, security audits as well. In order to control the risks associated to the company
it is necessary for the company to investigate all the existing tools and technologies those are
widely using by the company to resolve their security level issues. For storing information
regarding the employees and the company details, the company uses cloud storage to gain huge
storage. The cloud platform has the ability to store huge information with the features like
disaster recovery and data backup as well these aspects are also elaborated in this report.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3IS SECURITY AND RISK MANAGEMENT
1. Background of the chosen organization: Woolworths Limited
The company is currently searching for technology edge even after the completion of the
project galaxy. The Woolworths Limited is weeks far from completing a $100 million push for
consolidating and upgrading the merchandizing software system those are used by the company
is getting upgraded day by day (Ryan, 2013). The source of products and services along with the
market to the consumers throughout its brand images also become cheaper after the adoption of
the merchandizing software system for the company. This particular project is internally referred
to as project galaxy. In order to underpin the relationship between the consumers and service
providers rather for improving the customer relationship management it is necessary for the
company, to introduce the new system from ER SAP.
From management system the performance reporting, buying and store ordering
processes could be improved accordingly. However from the overall system development the
module management system can also be promoted. Instead of online spreadsheet currently the
company is using the new online portal for their company (Kshetri, 2013). For serving this
purpose the company is spending the past months for training Big W Partners. The newest
technology Big W is helping Woolworths Limited to enhance their consumer market. The
company is willing to develop the project galaxy it is expected that the project can be
successfully completely within upcoming 2 years. The current tender of the project is worth
$100Million and a well known Multinational Company is working on this project. For
structuring the end to end business for Woolworths Limited, the inventory, distribution centre,
warehouse and transport management system is also developing accordingly by the project
developers who are working for the company (Zhao, Li & Liu, 2014). In addition to this
currently the company is also launching new refrigerant technologies as well.
1. Background of the chosen organization: Woolworths Limited
The company is currently searching for technology edge even after the completion of the
project galaxy. The Woolworths Limited is weeks far from completing a $100 million push for
consolidating and upgrading the merchandizing software system those are used by the company
is getting upgraded day by day (Ryan, 2013). The source of products and services along with the
market to the consumers throughout its brand images also become cheaper after the adoption of
the merchandizing software system for the company. This particular project is internally referred
to as project galaxy. In order to underpin the relationship between the consumers and service
providers rather for improving the customer relationship management it is necessary for the
company, to introduce the new system from ER SAP.
From management system the performance reporting, buying and store ordering
processes could be improved accordingly. However from the overall system development the
module management system can also be promoted. Instead of online spreadsheet currently the
company is using the new online portal for their company (Kshetri, 2013). For serving this
purpose the company is spending the past months for training Big W Partners. The newest
technology Big W is helping Woolworths Limited to enhance their consumer market. The
company is willing to develop the project galaxy it is expected that the project can be
successfully completely within upcoming 2 years. The current tender of the project is worth
$100Million and a well known Multinational Company is working on this project. For
structuring the end to end business for Woolworths Limited, the inventory, distribution centre,
warehouse and transport management system is also developing accordingly by the project
developers who are working for the company (Zhao, Li & Liu, 2014). In addition to this
currently the company is also launching new refrigerant technologies as well.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4IS SECURITY AND RISK MANAGEMENT
1.1 Technologies used in this organization
In order to improve the existing business approach of business organization Woolworths
Limited is approaching different fresh approaches towards technologies. In order to provide a
much convenient direction to the consumers of Woolworths Limited the company is trying to
develop their technology usage (Chou, 2013). As the company has more than 20,000 staffs and
over 3,000 stores in New Zealand and Australia thus for managing the business structure the
company is developing their range of technology usage. Different advanced technologies used by
the company are as follows:
Radio Frequency Identification Device (RFID): As the number of consumers of the
company is increasing everyday thus managing those large numbers of consumers the enterprise
has developed RFID tags so that the buying and selling approach of the company become much
easier and convenient as well (Kaur, Gobindgarh & Garg, 2015). This particular technology will
help the business organization to manage and record the details of their products bought and
sold. With the help of RFID technology the company will be able to access the correct
application and data as well regardless of their location and tie as well.
Cloud: As the number of customers and products as well are increasing day by day thus
for managing those data the traditional manual data management system stands very much
disadvantageous (Rasheed, 2014). In order to resolve the issues associated to data management
SaaS cloud platform is adopting by the company.
Innovation with Google + and Google Drive: For transferring the business aspects and
other approaches, Woolworths Limited is actively looking for innovation with Google +, Google
drive and Google sites as well (Tirthani & Ganesan, 2014).
1.1 Technologies used in this organization
In order to improve the existing business approach of business organization Woolworths
Limited is approaching different fresh approaches towards technologies. In order to provide a
much convenient direction to the consumers of Woolworths Limited the company is trying to
develop their technology usage (Chou, 2013). As the company has more than 20,000 staffs and
over 3,000 stores in New Zealand and Australia thus for managing the business structure the
company is developing their range of technology usage. Different advanced technologies used by
the company are as follows:
Radio Frequency Identification Device (RFID): As the number of consumers of the
company is increasing everyday thus managing those large numbers of consumers the enterprise
has developed RFID tags so that the buying and selling approach of the company become much
easier and convenient as well (Kaur, Gobindgarh & Garg, 2015). This particular technology will
help the business organization to manage and record the details of their products bought and
sold. With the help of RFID technology the company will be able to access the correct
application and data as well regardless of their location and tie as well.
Cloud: As the number of customers and products as well are increasing day by day thus
for managing those data the traditional manual data management system stands very much
disadvantageous (Rasheed, 2014). In order to resolve the issues associated to data management
SaaS cloud platform is adopting by the company.
Innovation with Google + and Google Drive: For transferring the business aspects and
other approaches, Woolworths Limited is actively looking for innovation with Google +, Google
drive and Google sites as well (Tirthani & Ganesan, 2014).
5IS SECURITY AND RISK MANAGEMENT
1.2 Security issues associated to this organization
Different security issues associated to the company are as follows:
Data breaches
Hijacking of the accounts
Threats to the insiders
Malware injection
Abuse of the cloud services
Insecure Application Programming Services
Daniel of service attacks
Insufficient due to diligence
Shared vulnerabilities
Security concerns for the cloud based services
Loss of information
1.3 Tools and technology needed for the investigation
Different tools and technologies used in this company are as follows:
Radio Frequency Identification device (RFID)
Cloud platform
Innovation with Google + and Google Drive
2. Designing risk analysis matrices
Context
establishment
Description of risks
1.2 Security issues associated to this organization
Different security issues associated to the company are as follows:
Data breaches
Hijacking of the accounts
Threats to the insiders
Malware injection
Abuse of the cloud services
Insecure Application Programming Services
Daniel of service attacks
Insufficient due to diligence
Shared vulnerabilities
Security concerns for the cloud based services
Loss of information
1.3 Tools and technology needed for the investigation
Different tools and technologies used in this company are as follows:
Radio Frequency Identification device (RFID)
Cloud platform
Innovation with Google + and Google Drive
2. Designing risk analysis matrices
Context
establishment
Description of risks
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6IS SECURITY AND RISK MANAGEMENT
Contex
t
Objectives Source of
risks
Description Current
control
Control
rating
Risk
rating
Risk
evaluation
Internal
risk
To increase
business
productivity
The
technologies
used in the
business
organization
If the company
fails to identify
the technologies
properly then
due to lack of
management of
technology the
company will
face major level
of risks (Salah et
al., 2013).
In order to
control the
risks
currently
the
company
has adopted
different
technologies
such as
cloud, RFID
etc. With
the help of
the RFID
and cloud
the
information
cloud is
controlled
completely
This
particular
control
approach
could be
rated as 6
out of
10.
The
impact of
this
particular
risk is
very high
In order to
manage this
particular risk
it is necessary
for the
company to
adopt proper
risk evaluation
technology in
terms of
barcode
scanning and
RFID as well.
Internal To increase Technologies If the company For Medium High In order to
Contex
t
Objectives Source of
risks
Description Current
control
Control
rating
Risk
rating
Risk
evaluation
Internal
risk
To increase
business
productivity
The
technologies
used in the
business
organization
If the company
fails to identify
the technologies
properly then
due to lack of
management of
technology the
company will
face major level
of risks (Salah et
al., 2013).
In order to
control the
risks
currently
the
company
has adopted
different
technologies
such as
cloud, RFID
etc. With
the help of
the RFID
and cloud
the
information
cloud is
controlled
completely
This
particular
control
approach
could be
rated as 6
out of
10.
The
impact of
this
particular
risk is
very high
In order to
manage this
particular risk
it is necessary
for the
company to
adopt proper
risk evaluation
technology in
terms of
barcode
scanning and
RFID as well.
Internal To increase Technologies If the company For Medium High In order to
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IS SECURITY AND RISK MANAGEMENT
risk business
productivity
used in
Woolworths
Limited
fails to analyze
the risks
properly then
the company
will not be able
to manage the
security risks
accurately
(Duncan, Zhao
& Whittington,
2017). In order
to manage the
rate of risks
service level
technologies
and different
tools should be
adopted by the
management
authority
(Whaiduzzaman
& Gani, 2014).
mitigating
this risk
currently
the
company
does not
have any
such
technology
but though
they have a
current
technology
named as
project
galaxy.
manage this
particular kind
of risk it is
necessary for
the company
to adopt
proper
security
aspects
Internal Data Technologies In order to Currently High High In order to
risk business
productivity
used in
Woolworths
Limited
fails to analyze
the risks
properly then
the company
will not be able
to manage the
security risks
accurately
(Duncan, Zhao
& Whittington,
2017). In order
to manage the
rate of risks
service level
technologies
and different
tools should be
adopted by the
management
authority
(Whaiduzzaman
& Gani, 2014).
mitigating
this risk
currently
the
company
does not
have any
such
technology
but though
they have a
current
technology
named as
project
galaxy.
manage this
particular kind
of risk it is
necessary for
the company
to adopt
proper
security
aspects
Internal Data Technologies In order to Currently High High In order to
8IS SECURITY AND RISK MANAGEMENT
risk breaches used in
Woolworths
Limited
manage the
risks of security
the company
should adopt
proper
encryption
algorithm for
the company
(Sachdev &
Bhansali,
2013).
the
company
has cloud
platform for
controlling
these risks.
mitigate this
particular risk
the company
should adopt
proper
encryption
algorithm
(Popa et al.,
2013). With
the help of
encryption
algorithm
none of the
external and
unwanted
attackers
could hijack
information
the data server
(Taha et al.,
2014).
risk breaches used in
Woolworths
Limited
manage the
risks of security
the company
should adopt
proper
encryption
algorithm for
the company
(Sachdev &
Bhansali,
2013).
the
company
has cloud
platform for
controlling
these risks.
mitigate this
particular risk
the company
should adopt
proper
encryption
algorithm
(Popa et al.,
2013). With
the help of
encryption
algorithm
none of the
external and
unwanted
attackers
could hijack
information
the data server
(Taha et al.,
2014).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9IS SECURITY AND RISK MANAGEMENT
2.1 Analysis and mapping of risks
Probabi
lity of
occurrence
Impact of occurrence
Very low Low Medium High Very
high
Rare
Unlikely
Possible Managerial
issues
Security issues
Likely Absence of
Design
Methodology
Failure
of the
system
Almost
Certain
Project
completion
delay
2.2 Designing Disaster Recovery Plan
After analyzing different risks those are rising in Woolworths Limited it has been defined
that, many components are needed to be considered by the management authority of the business
2.1 Analysis and mapping of risks
Probabi
lity of
occurrence
Impact of occurrence
Very low Low Medium High Very
high
Rare
Unlikely
Possible Managerial
issues
Security issues
Likely Absence of
Design
Methodology
Failure
of the
system
Almost
Certain
Project
completion
delay
2.2 Designing Disaster Recovery Plan
After analyzing different risks those are rising in Woolworths Limited it has been defined
that, many components are needed to be considered by the management authority of the business
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10IS SECURITY AND RISK MANAGEMENT
organization. Due to lack of financial support the company fails to adopt all the necessary
security aspects (Hendre & Joshi, 2015). In order to recover information from the data server
proper and effective information processes are required to be adopted by the management
authority of the business organization. For processing information technology quickly and
effectively information are required to be controlled accurately. The employees working for the
organization use Voice over Internet Protocol (VoIP) telephone for communicating to each other.
In order to transit information from one end to the other Electronic Data Interchange (EDI)
technology is required to be used (Kazim & Zhu, 2015). For order entry and payment processing
these particular technologies are widely used by the business organization.
Due to lack of proper data management approaches, business strategies and technical
experts currently the company is facing major issues throughout. In order to create, process,
manage information in a correct direction different digital devices are used by the management
authority (Khalil et al., 2013). For controlling these issues accurate disaster recovery plan is
needed to be adopted by the company. However, if the company fails to adopt these recovery
plans properly then the company will face both financial as well as security level risks
(Ramachandran & Chang, 2016). The steps those should be adopted for developing the disaster
recovery plans are as follows:
Changes in thought processes of the business strategies developers
Integrating change control plan
Improvement in the technology usage
Reviewing the inventory regulatory
Validation increment
organization. Due to lack of financial support the company fails to adopt all the necessary
security aspects (Hendre & Joshi, 2015). In order to recover information from the data server
proper and effective information processes are required to be adopted by the management
authority of the business organization. For processing information technology quickly and
effectively information are required to be controlled accurately. The employees working for the
organization use Voice over Internet Protocol (VoIP) telephone for communicating to each other.
In order to transit information from one end to the other Electronic Data Interchange (EDI)
technology is required to be used (Kazim & Zhu, 2015). For order entry and payment processing
these particular technologies are widely used by the business organization.
Due to lack of proper data management approaches, business strategies and technical
experts currently the company is facing major issues throughout. In order to create, process,
manage information in a correct direction different digital devices are used by the management
authority (Khalil et al., 2013). For controlling these issues accurate disaster recovery plan is
needed to be adopted by the company. However, if the company fails to adopt these recovery
plans properly then the company will face both financial as well as security level risks
(Ramachandran & Chang, 2016). The steps those should be adopted for developing the disaster
recovery plans are as follows:
Changes in thought processes of the business strategies developers
Integrating change control plan
Improvement in the technology usage
Reviewing the inventory regulatory
Validation increment
11IS SECURITY AND RISK MANAGEMENT
After the development of the Disaster Recovery Plan (DRP) for Woolworths Limited the
company will be able to gain the following:
The security requirements could met the expectation
The production monitoring approach will be changed and will be reflected in the
plan
DR data will be shared
The DR plans are tested quarterly and annually it goes through significant live
testing
2.3 Analyzing different threats and relevant vulnerabilities
Name of the risks Impact Frequency Details description
Data hacking High High The information stored in the
data server used in Woolworths
Limited could be hacked by the
external and unwanted
attackers and misused as well.
(Mishra et al., 2013)
Inadequate IT trained
staffs
High Medium Due to lack of trained IT staffs
the management authority and
employees as well who are
working in the business
organization will fail to work
efficiently even they will also
fail to handle technologies
After the development of the Disaster Recovery Plan (DRP) for Woolworths Limited the
company will be able to gain the following:
The security requirements could met the expectation
The production monitoring approach will be changed and will be reflected in the
plan
DR data will be shared
The DR plans are tested quarterly and annually it goes through significant live
testing
2.3 Analyzing different threats and relevant vulnerabilities
Name of the risks Impact Frequency Details description
Data hacking High High The information stored in the
data server used in Woolworths
Limited could be hacked by the
external and unwanted
attackers and misused as well.
(Mishra et al., 2013)
Inadequate IT trained
staffs
High Medium Due to lack of trained IT staffs
the management authority and
employees as well who are
working in the business
organization will fail to work
efficiently even they will also
fail to handle technologies
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 20
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.