Research Development: Security Policies, Threats, and Vulnerabilities

Verified

Added on 2023/01/16

AI Summary

This report examines the security policies, network threats, and vulnerabilities within the context of a company, specifically Aldi. It begins by outlining essential security policies, including password policies, and emphasizes the importance of data privacy and consumer protection, particularly in combating online fraud. The report references relevant legislation, such as the Privacy Act 1988 and the Data Protection Act 2019, and details how these frameworks aim to protect personal information and regulate data handling. The analysis then shifts to identifying network threats, such as phishing and rogue security software, and assesses network vulnerabilities including SQL injection. The report concludes by summarizing the importance of comprehensive security measures, including fraud control policies, to safeguard both the business and its customers, highlighting the need for constant vigilance and updates to mitigate risks. The report uses cited references to support its findings and conclusions.

RESEARCH
DEVELOPMENT

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
INTRODUCTION...........................................................................................................................3
LO 3.................................................................................................................................................3
Basic security policy and resolve all security incidents...............................................................3
LO 4.................................................................................................................................................5
Describing and assess the threat and vulnerabilities of networks................................................5
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................8

INTRODUCTION
Research development is the procedure by which firm works to get new knowledge that it
can use to create new services, systems and technologies that will either sell or use effectively.
Research development take place in internal section in firm, but it also outsourced to specialist.
The present report is based on Aldi company, it is common brand of two German family owned
supermarket chains. They are able to operate its business more than in 20 nations, with skilled
workers. This report explains the basic security policy that help to resolve all security incidents,
it also clarified threats and vulnerabilities of networks.
LO 3
Basic security policy and resolve all security incidents
At minimum, every company will have written security policy to present that
organization takes security and data privacy seriously and have systems in place to save it. Basic
security policy include password policy, it identifies set of procedures and rules that all persons
accessing technology resources will adhere in order to assure confidentiality, availability and
integrity of assets and data. Customers security is the main priority for Aldi and other companies
regarding safety of money. Within Australia retail sector work hard to prevent their clients from
becoming victims of any kind of financial crime such as fraud of online mobile money
transactions. Control and prevention of fraud are the two of big challenge for retail company in
Australia now and in period to come. Success in dealing with fraud in online payment will
enhance Aldi business reputation, reduce personal hardship and save assets in retail industry that
fraud causes to countless victims every years.
Online fraud is increasing more and more due to fraud migrating online as chip
technology cater strong protection for face to face fraud. Many people face issues related to
online mobile security while making payment, they cannot be able to protect themselves from
fraud. Australian payments' council, consider the impact of this factor on local people and its
purchasing activities, they are able to contribute in developing security policy that help to solve
security problem or incidents in nation.
Fraud control policy of common wealth define the principles of online fraud control as
well as develop national standards (van Ruth, Huisman and Luning, 2017). It helps to provide
consistent set of directions and policies to assist section in carrying out their accountabilities to
combat fraud against their system. It include agency accountabilities for fraud prevention, fraud

investigation case handling, reporting of fraud info and training of business fraud investigators.
Essential advances has been made by different territory and state government departments in
developing fraud control policies. It has established fraud prevention policy in according to retail
sector management standards on online fraud protection. The policy sets out accountability of
workers as well as managers in relation to online payment fraud control, examine investigatory
functions of fraud prevention unit and describe procedure for reporting fraud.
Privacy act 1988, introduced to protest and promote privacy of people and to regulate
How government agencies and companies in Australia with annual turnover of more than $3
million handle personal information. It includes 13 Australian privacy principles which apply to
Aldi and most government agencies, it regulated privacy elements of consumer credit reporting
system and tax file numbers. Privacy act regulated way person personal information is handled,
as consumers, this act provides people greater control over way that their personal data in
managed. It allows them to know why personal info is being collected, how it can be used and
who it can be disclosed to (Levi, 2016). Consumer have right to ask for access to its personal
information, stop receiving unnecessary direct marketing and make complaint about agency or
firm the privacy act covers, when consumer thinks other person have mishandled their personal
data.
Data protection act 2019, also refer to the procedure of protecting people from online
payment fraud. It seeks to cater for protection of personal info of persona and established data
protection authority for same. Modern data protection guide help to solve issue related to online
mobile security while making payment. Data fiduciary is individual who decides purpose and
means of protecting personal data. Such procedure can be subject to some collection, purpose
and storage limitations. For example personal data will be processed only for clear, specific and
lawful purpose.
Charge back and fraud is the main issue in online payments that has to overcome with the
help of above security policy and laws. Online transactions is card not current transactions, as e-
commerce expands, chances for fraudulent of data theft and misuses of payment network grow
correct alongside. In addition to more obvious fraud prevention laws risk management workers
can sniff out fraud before it occurs. According to all above laws and policy made by Australian
government in order to protect residential people to become victim of fraud, consumers do not

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

share their personal information to anyone, they have right to ask questions what is the main
reason behind sharing information regarding their debit or credit card.
LO 4
Describing and assess the threat and vulnerabilities of networks
As every company wants to become digitalized and that is why, they used most of the
advance technologies such that online payment. There are many threats of network that affect the
overall business as well as customers which are as mention:
Phishing: It is the method of a social engineering with a goal of getting complete
sensitive data i.e. passwords, usernames, credit card number etc. Therefore, when customer use
online payment system in retail sector, most of them uses online banking or online mode of
transaction. At that time, this security may attack on the phones and then obtain all the data
which needs to be maintain confidential (Bajtoš and et.al., 2018). Further, the attack also come
in the form of instant messages or phishing emails which are actually designed in order to appear
legitimate. In that time, recipient of the email is then tricked into opening a malicious link which
further leads to install the malware on the used device. Further, the link is also send by an email
to bank in order to verify the identity and also give away all the private information easily.
Rogue Security Software: This is another threat or virus which are majorly found in the
internet and it is also a malicious software which also mislead the users in order to believe that
computer virus may installed on their computer. Such that this type of software also asked to
download the program in order to remove the alleged virus, but actually it affect the entire
system of the users while making payment (Hodo and et.al., 2016).
Vulnerabilities of networks-
In online security, vulnerability is weakness that can be exploited by cyber attack to gain
unauthorized access to actions on computer system (Aras and et.al., 2017). Number of reason
why security vulnerabilities arise in purchasing cart and online payment systems. Reasons is not
exclusive to these programs, but their affect become much high simply because of financial
behaviour of transactions. One of the reasons for such vulnerabilities is fact that web app
developers is not very well compatible with secure systems techniques. There are certain
common security vulnerabilities that can discovered in online payment system which discussed
below.

SQL is the first vulnerable, it refers to insertion of SQL meta character in user input, such
that fraud attackers queries is executed by back end database, usually, they will first identify
when site is vulnerable to such an fraud by sending in single quote feature. The outcome from
SQL injection attack on vulnerable site will range from detailed error content, which discloses
back end system being used and also allow attacker to access restricted area of site because they
manipulated query.
Furthermore, SQL injection method differ depending on kind of database being used, in
its fraud configuration, this server runs with local program privilege, which permits execution of
operating function commands.
In simple words, vulnerabilities of networks is flaw or weakness in software,
organizational procedures or hardware which when compromised by threat, can outcomes in
security or data breach.
Non physical network vulnerabilities usually includes data or software, for instance,
operation system is vulnerable to network attacks when system is not updates with current
security patches (Abomhara, 2015). When left unpatched virus will infect operation system, the
host that it is located on and entire network. Due to some loop point in existing system, it makes
easy for attackers to track and obtain personal information of consumers. Network vulnerabilities
come in different forms but most common kinds are malware, short for malicious software,
social engineering attacks, misconfigured firewalls and outdates software. All these
vulnerabilities of network create issue for local people to protect their data and make online
transaction. Social engineering attacks is considered as vulnerabilities of network, attackers
make fool to other people, individual give their personal information such as passwords or CVE
number behind credit card. It is term that encompasses wide spectrum of despiteful activity, for
purpose of making fool, attackers according to this target their victims, make fake call and asked
some questions to local people regrading their banking or online transaction act.
Without updating system, company cannot be able to control online fraud, outdates
systems and software that exposes systems running application increase threat of being fraud
(Ouyang and et.al., 2014). Software update is very essential in context of overcome problem, it
helps to track any unexpected activity by attacker.
Operating system that permits or have default policies enabled, firm to prevent people
being victim. It affects online transaction activity of consumers, allow attackers to hack process

and obtain info which they can use to conduct unauthorized activity, which is not suitable for
person.
It is essential that network security team will address all above factors when assessing
entire security posture of their systems.
CONCLUSION
From above analysis, it has been concluded that security policies related to online
payment issues help to secure people being victim. Due to different threats of network,
companies cannot be able to operate their business with some new technologies. Range of
vulnerabilities of network directly impact on purchasing behaviour of customers. They prefer to
buy products from physical stores instead of online because it has risk of being fraud by
attackers. Furthermore, in order to prevent and control online fraud company follow all the
principles and rules of above policy and laws which is quite beneficial for business and
consumers as well.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

REFERENCES
Book and Journal
Abomhara, M., 2015. Cyber security and the internet of things: vulnerabilities, threats, intruders
and attacks. Journal of Cyber Security and Mobility. 4(1). pp.65-88.
Aras, E and et.al., 2017. Exploring the security vulnerabilities of LoRa. In 2017 3rd IEEE
International Conference on Cybernetics (CYBCONF) (pp. 1-6). IEEE.
Bajtoš, T. and et.al., 2018. Network Intrusion Detection with Threat Agent Profiling. Security
and Communication Networks, 2018.
Hodo, E. and et.al., 2016, May. Threat analysis of IoT networks using artificial neural network
intrusion detection system. In 2016 International Symposium on Networks, Computers and
Communications (ISNCC) (pp. 1-6). IEEE.
Levi, M., 2016. The phantom capitalists: The organization and control of long-firm fraud.
Routledge.
Ouyang, M and et.al., 2014. Comparisons of complex network based models and real train flow
model to analyze Chinese railway vulnerability. Reliability Engineering & System
Safety. 123. pp.38-46.
van Ruth, S.M., Huisman, W. and Luning, P.A., 2017. Food fraud vulnerability and its key
factors. Trends in Food Science & Technology. 67. pp.70-75.