Detailed Security Analysis Report for Sainsbury's Enterprise
VerifiedAdded on 2023/01/19
|14
|4342
|38
Report
AI Summary
This report examines the security measures implemented by Sainsbury's, a major UK supermarket chain, to protect its sensitive data and IT infrastructure. The report delves into various aspects of security, including different types of security threats, access control systems, internet security, and the use of encryption. It evaluates organizational security procedures, such as acceptable use policies and password management, and analyzes the impact of incorrect firewall configurations and third-party VPNs. Furthermore, it assesses the benefits of implementing DMZ, static IP, and NAT in the network to enhance security. The report also covers risk assessment procedures, data protection processes and regulations, security policy implementation, and the main components of a disaster recovery plan. The report provides a detailed analysis of Sainsbury's security landscape.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Security
1
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Contents
INTRODUCTION...........................................................................................................................3
TASKS.............................................................................................................................................3
P1 discuss about different types of security to organizations......................................................3
P2 Evaluate that how organizational security procedures...........................................................4
P3 Determined the potential impact to Information technology security of incorrect
configuration of firewall policies and another third-party VPNs................................................6
P4 Evaluate that how implementation of DMZ, static IP and NAT in network that will
improve network security............................................................................................................6
P5 discuss about the risk assessment procedures........................................................................7
P6 Analyse the data protection processes and regulations, which applicable to the
organization.................................................................................................................................8
P7 Describe the implementation and design aspects in terms of security policy to organization.
.....................................................................................................................................................9
P8 identify the main components of organizational disaster recovery plan and justify reason.10
CONCLUSION..............................................................................................................................11
REFERENCES..............................................................................................................................12
2
INTRODUCTION...........................................................................................................................3
TASKS.............................................................................................................................................3
P1 discuss about different types of security to organizations......................................................3
P2 Evaluate that how organizational security procedures...........................................................4
P3 Determined the potential impact to Information technology security of incorrect
configuration of firewall policies and another third-party VPNs................................................6
P4 Evaluate that how implementation of DMZ, static IP and NAT in network that will
improve network security............................................................................................................6
P5 discuss about the risk assessment procedures........................................................................7
P6 Analyse the data protection processes and regulations, which applicable to the
organization.................................................................................................................................8
P7 Describe the implementation and design aspects in terms of security policy to organization.
.....................................................................................................................................................9
P8 identify the main components of organizational disaster recovery plan and justify reason.10
CONCLUSION..............................................................................................................................11
REFERENCES..............................................................................................................................12
2
INTRODUCTION
Security refers to all type of organizational measurement that are taken to protect sensitive
data or information. It ensures that authorise person will access the information, who will have
permission. Within modern dependency on technology which necessary to maintain security
aspects because it will help for reduce the risk of data breach. The report is based on Sainsbury
enterprise that operates food distribution across many cities. In this way, the organization will
establish online platform whereby order placed to customers.
In this report, it will discuss about the different types of security issues occurs within
organization. it will describe that how Sainsbury retail firm follows different security procedures
for improving overall security network in proper manner. Therefore, it will determine potential
impact of information technology security and also configuration of different types of firewall
policies into another third party. Furthermore, it will describe about the data protection processes
and regulations that applicable in Sainsbury business to improve overall system.
TASKS
Overview:
Sainsbury is based on the largest chain of supermarket in UK which operates London for
providing various type of food products in global marketplace. It was founded in 1869 by James
Sainsburys with start their business in London and now becoming largest retailer in marketplace.
The organization started as a retailer of fresh food and expanded into package groceries like
sugar and tea. The company must be used different information technology platform and order
processing done by using software but since there is no upgradation was made. In this way, it has
increased the security issues so as managing the access controls and disaster recovery to
identifying different threats.
P1 Discuss about different types of security to organizations.
Security is a type of process which mainly define the digital information and IT assets
against the external and internal, accidental threats. A security risk is anything on the hardware
that easily damage and steal of data. It allows for someone else to access through computer
system. it can be divided into security risk within organization.
Virus: It is a type of malware that are attracted to other files in the system which may use
to destroy entire data. It may have capabilities for spread virus from one system to
another.
3
Security refers to all type of organizational measurement that are taken to protect sensitive
data or information. It ensures that authorise person will access the information, who will have
permission. Within modern dependency on technology which necessary to maintain security
aspects because it will help for reduce the risk of data breach. The report is based on Sainsbury
enterprise that operates food distribution across many cities. In this way, the organization will
establish online platform whereby order placed to customers.
In this report, it will discuss about the different types of security issues occurs within
organization. it will describe that how Sainsbury retail firm follows different security procedures
for improving overall security network in proper manner. Therefore, it will determine potential
impact of information technology security and also configuration of different types of firewall
policies into another third party. Furthermore, it will describe about the data protection processes
and regulations that applicable in Sainsbury business to improve overall system.
TASKS
Overview:
Sainsbury is based on the largest chain of supermarket in UK which operates London for
providing various type of food products in global marketplace. It was founded in 1869 by James
Sainsburys with start their business in London and now becoming largest retailer in marketplace.
The organization started as a retailer of fresh food and expanded into package groceries like
sugar and tea. The company must be used different information technology platform and order
processing done by using software but since there is no upgradation was made. In this way, it has
increased the security issues so as managing the access controls and disaster recovery to
identifying different threats.
P1 Discuss about different types of security to organizations.
Security is a type of process which mainly define the digital information and IT assets
against the external and internal, accidental threats. A security risk is anything on the hardware
that easily damage and steal of data. It allows for someone else to access through computer
system. it can be divided into security risk within organization.
Virus: It is a type of malware that are attracted to other files in the system which may use
to destroy entire data. It may have capabilities for spread virus from one system to
another.
3
Ransomware: it is related to the new type of malware which are directly installed in
computer system. it makes files unreadable which holding data hostage. In this way,
hacker directly damage the sensitive information within organization.
In today’s business environment, security is important part of Sainsbury retailer that play
important role in achieving targeted benchmarks and initiatives growth. A well-organized
company require to vigilant to minimize the vulnerability, threat, data breach and other type of
criminal activities (Abusukhon and et.al., 2019). In this way, it has required to maintain the
proper security adequate in organization. there are different types of security risk and system
consider to Sainsbury retailer so that they will protect their data or information.
Access control system security- it another type of security aspect that must ensure that
only authorised staff, employee enter to organization. It ensures that business closes and
opens according to proper scheduled that would be developed by company. If in case,
unauthorised person tries to enter that automatically generate alert message.
Internet security- It refers different types of security measurement that exercise to ensure
all transactions done by online platform. This type of internet security will help to
prevent attacks because many attackers directly targeted at browser, operating system and
other type of applications. The primary aim of internet security is to set up proper rules
and regulation to reduce attack.
Monitored system- this type of security useful for Sainsbury where they can use triggered
by unauthorised access. It will alert call and establish communication directly to another
policies. It will use the system that work by using outdoor phone line where criminals can
easily line to disconnected the information (Doriguzzi, Corin and et.al., 2019).
Use Encryption: it is a type of security that applicable in data protection where
organization will use the concept to upload encrypted data which precaution against
threats. In Sainsbury, this method useful for protection data against the service provider
where it will choose data encryption. This type of security will help for organization to
reduce the risk of data breach.
Solution:
Develop data security policy: It is important approach to secure the risk of data loss in
organization so that it is developing policy where determine which employee need and
have access sensitive information.
4
computer system. it makes files unreadable which holding data hostage. In this way,
hacker directly damage the sensitive information within organization.
In today’s business environment, security is important part of Sainsbury retailer that play
important role in achieving targeted benchmarks and initiatives growth. A well-organized
company require to vigilant to minimize the vulnerability, threat, data breach and other type of
criminal activities (Abusukhon and et.al., 2019). In this way, it has required to maintain the
proper security adequate in organization. there are different types of security risk and system
consider to Sainsbury retailer so that they will protect their data or information.
Access control system security- it another type of security aspect that must ensure that
only authorised staff, employee enter to organization. It ensures that business closes and
opens according to proper scheduled that would be developed by company. If in case,
unauthorised person tries to enter that automatically generate alert message.
Internet security- It refers different types of security measurement that exercise to ensure
all transactions done by online platform. This type of internet security will help to
prevent attacks because many attackers directly targeted at browser, operating system and
other type of applications. The primary aim of internet security is to set up proper rules
and regulation to reduce attack.
Monitored system- this type of security useful for Sainsbury where they can use triggered
by unauthorised access. It will alert call and establish communication directly to another
policies. It will use the system that work by using outdoor phone line where criminals can
easily line to disconnected the information (Doriguzzi, Corin and et.al., 2019).
Use Encryption: it is a type of security that applicable in data protection where
organization will use the concept to upload encrypted data which precaution against
threats. In Sainsbury, this method useful for protection data against the service provider
where it will choose data encryption. This type of security will help for organization to
reduce the risk of data breach.
Solution:
Develop data security policy: It is important approach to secure the risk of data loss in
organization so that it is developing policy where determine which employee need and
have access sensitive information.
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Develop the strong password: It is another security solution approach that needs to create
strong or complicated key words in their password such as thumb lock, used special
characters etc.
P2 Evaluate that how organizational security procedures.
Security procedures are following step by step instruction where how to implement
different parameter which enable, enforce security control in overall organization. it also covers
all type of software and hardware components that supports business process and security level
in organization.
It is important for Sainsbury’s to apply security procedures because it helps to ensure the
consistency during implementation of security control and also protect at the time of execution in
business activities. It must follow each time that control overall need of implementation. It can
be used security procedures in organizations effectively and efficiently (Dwiardhika and
Tachibana, 2019).
Acceptable use procedure: in this process, Sainsbury business information system and
network shall used for managing important data or information. Employee also received training
regarding security policy, obligation related sensitive information protection which may
including various type of person information protect from unauthorised person. Training will be
conducted on the basis of employment and also received commencement with organization. staff
members required to comply with security procedures as per condition of their employment. In
this way, another third parties who are granted to easily access privileges and agree on the
overall procedures of company.
All data and information should be created and residing on Sainsbury organizational
system.
It is containing personal information that must be encrypted before transmitted through
electronically medium.
Sensitive information shall be kept into confidential and do not distributed to
unauthorised person.
Information contained on the system of company that including private and public
website. It should be classified that defined by sensitive information procedures.
Authorised user is responsible for maintaining security through passwords.
5
strong or complicated key words in their password such as thumb lock, used special
characters etc.
P2 Evaluate that how organizational security procedures.
Security procedures are following step by step instruction where how to implement
different parameter which enable, enforce security control in overall organization. it also covers
all type of software and hardware components that supports business process and security level
in organization.
It is important for Sainsbury’s to apply security procedures because it helps to ensure the
consistency during implementation of security control and also protect at the time of execution in
business activities. It must follow each time that control overall need of implementation. It can
be used security procedures in organizations effectively and efficiently (Dwiardhika and
Tachibana, 2019).
Acceptable use procedure: in this process, Sainsbury business information system and
network shall used for managing important data or information. Employee also received training
regarding security policy, obligation related sensitive information protection which may
including various type of person information protect from unauthorised person. Training will be
conducted on the basis of employment and also received commencement with organization. staff
members required to comply with security procedures as per condition of their employment. In
this way, another third parties who are granted to easily access privileges and agree on the
overall procedures of company.
All data and information should be created and residing on Sainsbury organizational
system.
It is containing personal information that must be encrypted before transmitted through
electronically medium.
Sensitive information shall be kept into confidential and do not distributed to
unauthorised person.
Information contained on the system of company that including private and public
website. It should be classified that defined by sensitive information procedures.
Authorised user is responsible for maintaining security through passwords.
5
Unacceptable use
In Sainsbury’s, there are various activities prohibited and provided that nothing in list that
constructed to prevent authorise personnel from improving system, monitoring, reviewing and
testing etc. on the other hand, receiving and sending data that utilise all type of resource,
equipment and system that engage with activities in violation of federal law (Fan, Xiao and Tan,
2019). It can be divided the different activities that include in prohibited of organization.
Unauthorised copy right material including but it is not limited to distributed through
digitalization medium. It should require to install copyrighted software in organization
where end user doesn’t have license to use them.
Exporting various type of technical information, software and other encrypted technology
but needed to maintain control law.
Password procedures
In Sainsbury, all authorised people are necessary to maintain and select the strong password
so that it will help for secure sensitive information.
All system password will be changed on the basis of time and also considered the
organization system policy to maintain password of email, network and email.
It is suggested that password has chosen by organizational account and not same as
password chosen by employee and third party.
All type of password is to be treated as sensitive and confidential information which are
needed to protect individually and not share with anyone like assistants, administrative.
If any type of password suspected activities has been found so immediately report to
incident of supervisor and information security officer.
P3 Determined the potential impact to Information technology security of incorrect configuration
of firewall policies and another third-party VPNs.
In context of information technology security, it is required for organization to maintain
the proper configuration of firewall policies and third part VPNs otherwise it will arise chances
of errors in the overall network system, potentially, it impacts on the business operation and
functions.
Firewall policies are basic part of Sainsbury cyber security architecture where it should
consider all type of solution and protect from threats. In this way, it is an essential to do correct
configuration otherwise it directly impacts of organization security system.
6
In Sainsbury’s, there are various activities prohibited and provided that nothing in list that
constructed to prevent authorise personnel from improving system, monitoring, reviewing and
testing etc. on the other hand, receiving and sending data that utilise all type of resource,
equipment and system that engage with activities in violation of federal law (Fan, Xiao and Tan,
2019). It can be divided the different activities that include in prohibited of organization.
Unauthorised copy right material including but it is not limited to distributed through
digitalization medium. It should require to install copyrighted software in organization
where end user doesn’t have license to use them.
Exporting various type of technical information, software and other encrypted technology
but needed to maintain control law.
Password procedures
In Sainsbury, all authorised people are necessary to maintain and select the strong password
so that it will help for secure sensitive information.
All system password will be changed on the basis of time and also considered the
organization system policy to maintain password of email, network and email.
It is suggested that password has chosen by organizational account and not same as
password chosen by employee and third party.
All type of password is to be treated as sensitive and confidential information which are
needed to protect individually and not share with anyone like assistants, administrative.
If any type of password suspected activities has been found so immediately report to
incident of supervisor and information security officer.
P3 Determined the potential impact to Information technology security of incorrect configuration
of firewall policies and another third-party VPNs.
In context of information technology security, it is required for organization to maintain
the proper configuration of firewall policies and third part VPNs otherwise it will arise chances
of errors in the overall network system, potentially, it impacts on the business operation and
functions.
Firewall policies are basic part of Sainsbury cyber security architecture where it should
consider all type of solution and protect from threats. In this way, it is an essential to do correct
configuration otherwise it directly impacts of organization security system.
6
Missed security patches: this type of issues arises when network firewall is not properly
configured. There are various types of vulnerabilities that attacker easily exploit (Jo,
Sharma and et.al., 2019). It is a true when this type of software is required to applicable
in the business because it usually work to create patches and automatically fix problem as
soon as quickly.
Configuration Mistakes: Even firewall is placed in the network that all type of latest
vulnerability patches, which causes of problem on the setting of configuration. In this
way, it creates conflict and lead to loss of performance in organizational network. For
Example- Tesla is used the concept of dynamic routing that enable to reduce loss of
control and also maintain security. In this way, it is creating the vulnerability in terms of
firewall protection.
Shared key Mismatches: it is common errors encountered whenever it has configured
incorrect connection which are normally logged as arise mismatch errors. This type of
problem has been encountered after verifying shared key values (Wang and Li, 2019). In
this way, it directly impacts on information technology security of overall network of
company.
P4 Evaluate that how implementation of DMZ, static IP and NAT in network that will improve
network security.
DMZ stands for demilitarized zone and sometimes, it is also known as perimeter network
which based on the logical and physical subnet that separates to internal area network from
untrusted network. It usually applicable on network services. DMZ should be placed behind the
firewall and taking advantage of protecting overall system. it is mainly implemented in the form
of segments in network which is isolated from rest of public use. DMZ typically consists in
between internet and intranet that maintain high speed connection in proper manner. In this way,
it will protect the entire internal network of organization.
The Modern DMZ act as physical and logical barrier between enterprise and ICS network.
The overall traffic pointed towards the system but DMZ has limited and monitored access of
network system. Sometimes, there are no traffic allow for creating direct link between ICS
network and enterprises. That’s why, it needed to give single place where easily monitored
overall traffic which try to transit between one or more networks.
7
configured. There are various types of vulnerabilities that attacker easily exploit (Jo,
Sharma and et.al., 2019). It is a true when this type of software is required to applicable
in the business because it usually work to create patches and automatically fix problem as
soon as quickly.
Configuration Mistakes: Even firewall is placed in the network that all type of latest
vulnerability patches, which causes of problem on the setting of configuration. In this
way, it creates conflict and lead to loss of performance in organizational network. For
Example- Tesla is used the concept of dynamic routing that enable to reduce loss of
control and also maintain security. In this way, it is creating the vulnerability in terms of
firewall protection.
Shared key Mismatches: it is common errors encountered whenever it has configured
incorrect connection which are normally logged as arise mismatch errors. This type of
problem has been encountered after verifying shared key values (Wang and Li, 2019). In
this way, it directly impacts on information technology security of overall network of
company.
P4 Evaluate that how implementation of DMZ, static IP and NAT in network that will improve
network security.
DMZ stands for demilitarized zone and sometimes, it is also known as perimeter network
which based on the logical and physical subnet that separates to internal area network from
untrusted network. It usually applicable on network services. DMZ should be placed behind the
firewall and taking advantage of protecting overall system. it is mainly implemented in the form
of segments in network which is isolated from rest of public use. DMZ typically consists in
between internet and intranet that maintain high speed connection in proper manner. In this way,
it will protect the entire internal network of organization.
The Modern DMZ act as physical and logical barrier between enterprise and ICS network.
The overall traffic pointed towards the system but DMZ has limited and monitored access of
network system. Sometimes, there are no traffic allow for creating direct link between ICS
network and enterprises. That’s why, it needed to give single place where easily monitored
overall traffic which try to transit between one or more networks.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
In context of network security, it will DMZ because it can be done their work by making
each proportion of network sit on other IP network. On the other hand, it consists of own static
IP addresses of internet which mainly used for LAN. In this way, public servers and gateway
establish connection or directly connected to switch (Iskandar, Virma and Ahmar, 2019). It is
giving them straight access to internet. Each server protected by installation of firewall software.
This will help to improve network system of organization in proper manner.
Static IP addresses are implemented for each device that connected with the server
because it helps to transmit signals from source to destination. In network system, server was
assigned dynamic IP address which are occasionally change. It also prevents router from
knowing which hardware connected with network. In terms of network security, static IP avoid
IP confliction where supply address that already assigned by server. Some network devices are
not supporting to DHCP that’s why, IP address help for maintaining security and privacy in
organizational network system.
NAT stands for network address translation which based on virtualization of internet
protocol address. It mainly useful in network security because it will reduce need of IP address in
system. it is mainly used in gateways sit between two different networks inside and outside.
Inside network are assigned IP address that cannot be router to external networks. Its
primary aim is to validate external address and send back to internal system (Nathiya and
Suseendran, 2019). in this way, it will help in network security to maintain incoming and
outgoing request of signals in translation process. It also offers great opportunities to qualify its
proper authenticate in proper manner.
P5 discuss about the risk assessment procedures.
In context of security, Risk assessment is a type of process that easily identify, assess and
also implements the security key which controls all applications in proper manner. This
procedure is mainly focused on the prevention of application security from vulnerabilities and
defects (Patel and Alabisi, 2019). It is an integral part of organization to follow risk management
process for improving quality of services in terms of security.
It is carrying out the risk assessment which allows an organization to view about
application from perspectives of hackers. It is needed for supporting many other security control,
decision process, tooling and resources allocation. In this way, it will be conducting the risk
8
each proportion of network sit on other IP network. On the other hand, it consists of own static
IP addresses of internet which mainly used for LAN. In this way, public servers and gateway
establish connection or directly connected to switch (Iskandar, Virma and Ahmar, 2019). It is
giving them straight access to internet. Each server protected by installation of firewall software.
This will help to improve network system of organization in proper manner.
Static IP addresses are implemented for each device that connected with the server
because it helps to transmit signals from source to destination. In network system, server was
assigned dynamic IP address which are occasionally change. It also prevents router from
knowing which hardware connected with network. In terms of network security, static IP avoid
IP confliction where supply address that already assigned by server. Some network devices are
not supporting to DHCP that’s why, IP address help for maintaining security and privacy in
organizational network system.
NAT stands for network address translation which based on virtualization of internet
protocol address. It mainly useful in network security because it will reduce need of IP address in
system. it is mainly used in gateways sit between two different networks inside and outside.
Inside network are assigned IP address that cannot be router to external networks. Its
primary aim is to validate external address and send back to internal system (Nathiya and
Suseendran, 2019). in this way, it will help in network security to maintain incoming and
outgoing request of signals in translation process. It also offers great opportunities to qualify its
proper authenticate in proper manner.
P5 discuss about the risk assessment procedures.
In context of security, Risk assessment is a type of process that easily identify, assess and
also implements the security key which controls all applications in proper manner. This
procedure is mainly focused on the prevention of application security from vulnerabilities and
defects (Patel and Alabisi, 2019). It is an integral part of organization to follow risk management
process for improving quality of services in terms of security.
It is carrying out the risk assessment which allows an organization to view about
application from perspectives of hackers. It is needed for supporting many other security control,
decision process, tooling and resources allocation. In this way, it will be conducting the risk
8
assessment process in the network system. it should follow some important steps to identify risk,
threat and vulnerabilities.
Identification: First of all, it will determine the critical assets of overall network
technology infrastructure and diagnose any other sensitive information or data that is
created, transmitted and stored by risk assessment process.
Assessment: The administer of security office which can performed this type of approach
to assess for identifying security risk in critically manner (Misuri, Khakzad and Cozzani,
2019). After evaluation, it will analyse that how efficiently and effectively allocate
resource, time, schedule and resource to Mitigate against risk. Mitigation: In this section, it is mainly defined the mitigation approach that always
enforce security to control each risk in proper manner. It can be used different types of
security tool that might control over functionality of hardware and software efficiently.
Prevention: After investigating security threats, it is required to implement suitable tool
and processes that help for reducing issues regarding vulnerabilities, threats which are
occurring in organizational resources.
P6 Analyse the data protection processes and regulations, which applicable to the organization.
Data protection is a process that useful for protecting information and also involves the
relationship between the collection and dissemination of technology. Public perception and
expectation of privacy. In Sainsbury , it will use data protection process to protect and secure in
proper manner. Its aim to strike balance between the individual privacy while still allow the data
to be used for business purpose.
The purpose of data protection process is storage technologies that can protect data such as
back up that copies designated information to disk-based storage (Nathiya and Suseendran,
2019). In this way, monitoring applicable to create an exact replica of online website and file so
that they are available form one or more places. Generally, data security refers to measure that
taken to protect an integrity of information itself against malware and manipulation while
privacy refers to control access data itself. This type of data protection process will help for
organization to protect sensitive information because sometimes, it directly affects on the
business productivity and profitability.
Data protection Act and general data protection regulation applicable within organization
that needs for applying for managing security policy. It will be considered the security element
9
threat and vulnerabilities.
Identification: First of all, it will determine the critical assets of overall network
technology infrastructure and diagnose any other sensitive information or data that is
created, transmitted and stored by risk assessment process.
Assessment: The administer of security office which can performed this type of approach
to assess for identifying security risk in critically manner (Misuri, Khakzad and Cozzani,
2019). After evaluation, it will analyse that how efficiently and effectively allocate
resource, time, schedule and resource to Mitigate against risk. Mitigation: In this section, it is mainly defined the mitigation approach that always
enforce security to control each risk in proper manner. It can be used different types of
security tool that might control over functionality of hardware and software efficiently.
Prevention: After investigating security threats, it is required to implement suitable tool
and processes that help for reducing issues regarding vulnerabilities, threats which are
occurring in organizational resources.
P6 Analyse the data protection processes and regulations, which applicable to the organization.
Data protection is a process that useful for protecting information and also involves the
relationship between the collection and dissemination of technology. Public perception and
expectation of privacy. In Sainsbury , it will use data protection process to protect and secure in
proper manner. Its aim to strike balance between the individual privacy while still allow the data
to be used for business purpose.
The purpose of data protection process is storage technologies that can protect data such as
back up that copies designated information to disk-based storage (Nathiya and Suseendran,
2019). In this way, monitoring applicable to create an exact replica of online website and file so
that they are available form one or more places. Generally, data security refers to measure that
taken to protect an integrity of information itself against malware and manipulation while
privacy refers to control access data itself. This type of data protection process will help for
organization to protect sensitive information because sometimes, it directly affects on the
business productivity and profitability.
Data protection Act and general data protection regulation applicable within organization
that needs for applying for managing security policy. It will be considered the security element
9
by using security configuration. It mainly including Firewall and other devices that controlled
overall traffic level. In this way, it helps for minimizing chances of risk and vulnerabilities
within network system.
In order to conduct the enterprises, it has required to processes personal information
about individual in organization where government make regulations to secure data in proper
ways. Sainsbury introduced the General data Protection regulation that applicable in business for
improving level of security. According to GDPR regulation, organisation will secure personal
information of employees, customer and so on. Each enterprise firm always applied this
regulation in their organization for controlling risk of data breach. Under GDPR regulations, it
must follow the basic rights in the companies.
The Right to access- individuals that have right to send request for accessing personal
information and data. on the other hand, it provides facility to ask how the data is used by
company.
The Right to data portability- In Sainsbury, individual have an equal right to transfer
data form one service provider to other. This process is basically happened by using
readable machine format so as needs to secure information.
By using GDPR regulation that has changed the process of companies where it supports
marketing activities and managed in properly because many customers will make payment
through system. in this way, it helps for protecting and securing information through regulation.
P7 Describe the implementation and design aspects in terms of security policy to organization.
Security policy is based on the written document in organization that outlining how to
protect and secure from threats. It including computer threats and how to handle critical situation
when they can happen (Misuri, Khakzad and Cozzani, 2019). In this way, security policy is
identifying company’s assets and potential threats. The primary goal of security policy is to
manage risk. There are following security policies design and implements in organization.
Access Control policy
The Access control policy outlines the access available for employee in regards to
company’s information and data. It including the NIST’s access control and implementation
which covers standards of user access, operating system control, network access controls and
complex password. In additional to monitor that how entire system are accessed.
10
overall traffic level. In this way, it helps for minimizing chances of risk and vulnerabilities
within network system.
In order to conduct the enterprises, it has required to processes personal information
about individual in organization where government make regulations to secure data in proper
ways. Sainsbury introduced the General data Protection regulation that applicable in business for
improving level of security. According to GDPR regulation, organisation will secure personal
information of employees, customer and so on. Each enterprise firm always applied this
regulation in their organization for controlling risk of data breach. Under GDPR regulations, it
must follow the basic rights in the companies.
The Right to access- individuals that have right to send request for accessing personal
information and data. on the other hand, it provides facility to ask how the data is used by
company.
The Right to data portability- In Sainsbury, individual have an equal right to transfer
data form one service provider to other. This process is basically happened by using
readable machine format so as needs to secure information.
By using GDPR regulation that has changed the process of companies where it supports
marketing activities and managed in properly because many customers will make payment
through system. in this way, it helps for protecting and securing information through regulation.
P7 Describe the implementation and design aspects in terms of security policy to organization.
Security policy is based on the written document in organization that outlining how to
protect and secure from threats. It including computer threats and how to handle critical situation
when they can happen (Misuri, Khakzad and Cozzani, 2019). In this way, security policy is
identifying company’s assets and potential threats. The primary goal of security policy is to
manage risk. There are following security policies design and implements in organization.
Access Control policy
The Access control policy outlines the access available for employee in regards to
company’s information and data. It including the NIST’s access control and implementation
which covers standards of user access, operating system control, network access controls and
complex password. In additional to monitor that how entire system are accessed.
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Information security policy
This type of polices is based on high level that will cover large number of security
controls. The basic aim is to resolve issues regarding networks, comply with its specific rules
and guidelines. It is mainly designed for staff members to recognise that there are certain rules in
regards of sensitive information.
Remote access policy
It is defined the acceptable method of remotely connecting to internal network of
organization. the policy made by improve ability of insecure network location such as
unmanaged networks. It helps to improve dispersed network with high ability to extend network
in different location and easily remotely access policy.
Email/ communication policy
This policy outline that how staff member can use electronic communication media where
it will cover social media, email, blogs and other technologies. The policy is to provide specific
guidelines that considered unacceptable and acceptable use of communication techniques.
P8 identify the main components of organizational disaster recovery plan and justify reason.
A disaster recovery plan is based on the documented process and set of procedure that
execute plan for controlling disaster recovery in terms of security. It also helping to protect
information technology infrastructure in event of disaster. It consists of various components that
precaution to minimize the effects of disaster where organization continuously contribute to
operate quickly manner.
Communication devices: It is an essential part of organization that will use electronic
communication channel and other devices for sharing information from one department to
another. In context of disaster discovery plan, employee should have updated the information
through distributed channel (Misuri, Khakzad and Cozzani, 2019). In this way, it will help for
minimizing the risk of information technology security because the channel is fully private or
secure.
Back up: It make sure that back up is running in properly, in case if data will be damaged
due to lack of security where back up plan to control and manage overall system functionality. It
ensures that all server fully manage local backup and preparation for disaster management in
terms of security otherwise it has chances to loss important information about company’s,
employees and potential consumers.
11
This type of polices is based on high level that will cover large number of security
controls. The basic aim is to resolve issues regarding networks, comply with its specific rules
and guidelines. It is mainly designed for staff members to recognise that there are certain rules in
regards of sensitive information.
Remote access policy
It is defined the acceptable method of remotely connecting to internal network of
organization. the policy made by improve ability of insecure network location such as
unmanaged networks. It helps to improve dispersed network with high ability to extend network
in different location and easily remotely access policy.
Email/ communication policy
This policy outline that how staff member can use electronic communication media where
it will cover social media, email, blogs and other technologies. The policy is to provide specific
guidelines that considered unacceptable and acceptable use of communication techniques.
P8 identify the main components of organizational disaster recovery plan and justify reason.
A disaster recovery plan is based on the documented process and set of procedure that
execute plan for controlling disaster recovery in terms of security. It also helping to protect
information technology infrastructure in event of disaster. It consists of various components that
precaution to minimize the effects of disaster where organization continuously contribute to
operate quickly manner.
Communication devices: It is an essential part of organization that will use electronic
communication channel and other devices for sharing information from one department to
another. In context of disaster discovery plan, employee should have updated the information
through distributed channel (Misuri, Khakzad and Cozzani, 2019). In this way, it will help for
minimizing the risk of information technology security because the channel is fully private or
secure.
Back up: It make sure that back up is running in properly, in case if data will be damaged
due to lack of security where back up plan to control and manage overall system functionality. It
ensures that all server fully manage local backup and preparation for disaster management in
terms of security otherwise it has chances to loss important information about company’s,
employees and potential consumers.
11
it has been justified that these are main components of security disaster recovery plan
because it will help for protecting data and information of organization in proper manner.
Equipment’s are used in the organization that useful for controlling unauthorised access because
it will contain privacy and security aspects, only right person access information through
network. Therefore, disaster recovery plan contains different components in terms of devices and
other backup process to maintain protection in overall system.
CONCLUSION
In above discussion, it concluded that Security is main component in Sainsbury where they
can explore their business in market by using online platform. It is required to measure all
aspects of security. In this report, it has been summarised about the different types of security
issues occurs within organization and also analyse that how Sainsbury business follows different
security procedures for improving overall security network in proper manner. It can be
determined that potential impact of information technology security and also configuration of
different types of firewall policies into another third party. However, it also describes about the
data protection processes and regulations that applicable in Sainsbury business to improve
overall system.
12
because it will help for protecting data and information of organization in proper manner.
Equipment’s are used in the organization that useful for controlling unauthorised access because
it will contain privacy and security aspects, only right person access information through
network. Therefore, disaster recovery plan contains different components in terms of devices and
other backup process to maintain protection in overall system.
CONCLUSION
In above discussion, it concluded that Security is main component in Sainsbury where they
can explore their business in market by using online platform. It is required to measure all
aspects of security. In this report, it has been summarised about the different types of security
issues occurs within organization and also analyse that how Sainsbury business follows different
security procedures for improving overall security network in proper manner. It can be
determined that potential impact of information technology security and also configuration of
different types of firewall policies into another third party. However, it also describes about the
data protection processes and regulations that applicable in Sainsbury business to improve
overall system.
12
REFERENCES
Book and Journals
Abusukhon, A. and et.al., 2019. A hybrid network security algorithm based on Diffie Hellman
and Text-to-Image Encryption algorithm. Journal of Discrete Mathematical Sciences and
Cryptography. 22(1). pp.65-81.
Doriguzzi-Corin, R. and et.al., 2019. Dynamic and application-aware provisioning of chained
virtual security network functions. arXiv preprint arXiv:1901.01704.
Dwiardhika, D. and Tachibana, T., 2019. Virtual Network Embedding Based on Security Level
with VNF Placement. Security and Communication Networks. 2019.
Fan, Z., Xiao, Y. and Tan, C., 2019. An improved network security situation assessment
approach in software defined networks. Peer-to-Peer Networking and Applications.12(2).
pp.295-309.
Iskandar, A., Virma, E. and Ahmar, A.S., 2019. Implementing DMZ in Improving Network
Security of Web Testing in STMIK AKBA. arXiv preprint arXiv:1901.04081.
Jo, J.H., Sharma and et.al., 2019. Emerging Technologies for Sustainable Smart City Network
Security: Issues, Challenges, and Countermeasures. Journal of Information Processing
Systems. 15(4).
Misuri, A., Khakzad, N. and Cozzani, V., 2019. A Bayesian network methodology for optimal
security management of critical infrastructures. Reliability Engineering & System
Safety, 191, p.106112.
Nathiya, T. and Suseendran, G., 2019. An Effective Hybrid Intrusion Detection System for Use
in Security Monitoring in the Virtual Network Layer of Cloud Computing Technology.
In Data Management, Analytics and Innovation (pp. 483-497). Springer, Singapore.
Patel, K. and Alabisi, A., 2019. Cloud Computing Security Risks: Identification and
Assessment. The Journal of New Business Ideas & Trends. 17(2). pp.11-19.
Wang, B. and Li, Z., 2019. Security model of wireless ad hoc network based on ADHOC-
ECDSA algorithm. Journal of Computational Methods in Sciences and Engineering,
(Preprint), pp.1-8.
13
Book and Journals
Abusukhon, A. and et.al., 2019. A hybrid network security algorithm based on Diffie Hellman
and Text-to-Image Encryption algorithm. Journal of Discrete Mathematical Sciences and
Cryptography. 22(1). pp.65-81.
Doriguzzi-Corin, R. and et.al., 2019. Dynamic and application-aware provisioning of chained
virtual security network functions. arXiv preprint arXiv:1901.01704.
Dwiardhika, D. and Tachibana, T., 2019. Virtual Network Embedding Based on Security Level
with VNF Placement. Security and Communication Networks. 2019.
Fan, Z., Xiao, Y. and Tan, C., 2019. An improved network security situation assessment
approach in software defined networks. Peer-to-Peer Networking and Applications.12(2).
pp.295-309.
Iskandar, A., Virma, E. and Ahmar, A.S., 2019. Implementing DMZ in Improving Network
Security of Web Testing in STMIK AKBA. arXiv preprint arXiv:1901.04081.
Jo, J.H., Sharma and et.al., 2019. Emerging Technologies for Sustainable Smart City Network
Security: Issues, Challenges, and Countermeasures. Journal of Information Processing
Systems. 15(4).
Misuri, A., Khakzad, N. and Cozzani, V., 2019. A Bayesian network methodology for optimal
security management of critical infrastructures. Reliability Engineering & System
Safety, 191, p.106112.
Nathiya, T. and Suseendran, G., 2019. An Effective Hybrid Intrusion Detection System for Use
in Security Monitoring in the Virtual Network Layer of Cloud Computing Technology.
In Data Management, Analytics and Innovation (pp. 483-497). Springer, Singapore.
Patel, K. and Alabisi, A., 2019. Cloud Computing Security Risks: Identification and
Assessment. The Journal of New Business Ideas & Trends. 17(2). pp.11-19.
Wang, B. and Li, Z., 2019. Security model of wireless ad hoc network based on ADHOC-
ECDSA algorithm. Journal of Computational Methods in Sciences and Engineering,
(Preprint), pp.1-8.
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
14
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.