Information Security Analysis: Woolworths Australia Report (ISY3006)
VerifiedAdded on 2022/10/13
|11
|3130
|129
Report
AI Summary
This report delves into the realm of information security as it pertains to Woolworths Supermarkets in Australia. The report begins with an executive summary highlighting the core responsibilities of information security (InfoSec), which include establishing business processes to protect informational assets regardless of their format or state (in transit or storage). The report emphasizes the importance of the CIA triad (Confidentiality, Integrity, Availability) in maintaining information security. The report then develops and documents a strategic security policy tailored to Woolworths, addressing its stakeholders and organizational nature. It identifies and assesses potential threats and vulnerabilities, such as computer viruses, rogue security software, Trojan horses, DDoS attacks, phishing, rootkits, SQL injection attacks, and man-in-the-middle attacks, while also discussing mitigation strategies for each. The strategic security policy outlines the company's commitment to protecting its information assets from unauthorized access, damage, or loss, and ensuring employee awareness of their security responsibilities. Furthermore, it explores the importance of confidentiality, integrity, and availability of data within the organization. The report concludes by summarizing the key findings and recommendations for enhancing Woolworths' information security posture.
Running head: INFORMATION SECURITY
Information Security: Woolworths Australia
Name of the Student
Name of the University
Author’s Note:
Information Security: Woolworths Australia
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
INFORMATION SECURITY
Executive Summary
The objective of the report is to understand information security in Woolworths Supermarket,
Australia. The most important responsibilities of InfoSec involve successful establishment of
various business processes that will protect these informational assets, in spite of the process
this information is being formatted and whether the information is in transit or it is in storage.
Several larger organizations should create a specific group related security for implementing
and maintaining the information security program of that particular company. CIA of
information is well maintained with this information security. The first as well as the most
significant security deliberation of confidentiality requires a major usage of different
encryption related keys. The second aspect of integrity significantly indicates that as soon as
similarity is being found. The next part is availability and it helps in being sure that new
information can be used in a timely manner. This report has properly established a strategic
security policy for Woolworths and successful identification of various risks with proper
mitigation strategies for solving these issues.
INFORMATION SECURITY
Executive Summary
The objective of the report is to understand information security in Woolworths Supermarket,
Australia. The most important responsibilities of InfoSec involve successful establishment of
various business processes that will protect these informational assets, in spite of the process
this information is being formatted and whether the information is in transit or it is in storage.
Several larger organizations should create a specific group related security for implementing
and maintaining the information security program of that particular company. CIA of
information is well maintained with this information security. The first as well as the most
significant security deliberation of confidentiality requires a major usage of different
encryption related keys. The second aspect of integrity significantly indicates that as soon as
similarity is being found. The next part is availability and it helps in being sure that new
information can be used in a timely manner. This report has properly established a strategic
security policy for Woolworths and successful identification of various risks with proper
mitigation strategies for solving these issues.
2
INFORMATION SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................3
2.1 Development and Documenting a Strategic Security Policy for Woolworths based on
the Nature of the Company and Stakeholders........................................................................3
2.2 Identifying and Assessing Every Potential Threat and Vulnerability of the
Organizational Networks and Discussing about Mitigation Techniques of the Threats........5
3. Conclusion..............................................................................................................................8
References..................................................................................................................................9
INFORMATION SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Discussion..............................................................................................................................3
2.1 Development and Documenting a Strategic Security Policy for Woolworths based on
the Nature of the Company and Stakeholders........................................................................3
2.2 Identifying and Assessing Every Potential Threat and Vulnerability of the
Organizational Networks and Discussing about Mitigation Techniques of the Threats........5
3. Conclusion..............................................................................................................................8
References..................................................................................................................................9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
INFORMATION SECURITY
1. Introduction
InfoSec or informations security could be termed as the set of different strategies to
manage different procedures, policies and tools that are required for preventing, detecting,
documenting and countering threats to the non digitalized and digitalized information
(Siponen, Mahmood and Pahnila 2014). This type of security program is solely responsible
for eradicating all types of security risks and threats, without much complexity. A risk
management program is being conducted and hence threats and vulnerabilities are well
treated in the company (Peltier 2016). Woolworths is a popular and significant Australian
supermarket that is being serving the customers for several years. This report develops and
documents a strategic security policy for them based on the major stakeholders and
organizational nature. Moreover, every potential threat and vulnerability will be considered in
the report with mitigation strategies.
2. Discussion
2.1 Development and Documenting a Strategic Security Policy for
Woolworths based on the Nature of the Company and Stakeholders
Woolworths Supermarkets is one of the most popular and significant grocery store or
supermarket chain that is being owned by Woolworths Group. This particular supermarket is
responsible for providing more than 80% of the total revenue of the organization
(Woolworths Supermarket. 2019). They mainly specializes in selling grocery items like
vegetables, meat, packaged foods, fruits and many more. Woolworths also sells magazines,
household products, stationary items, pet supplies beauty products and many more. They are
operating in more than one thousand stores in the entire Australia and around nine hundred
super markets and nineteen metro convenience stores. Over 115000 staff are currently
working in the company and the revenue was AU $56.726 billion in 2018. Moreover, they are
also operating as Woolworths Online or Home Shop as a click and collect as well as home
delivery shopping services for their customers. Since, they are involved with supermarket or
retail industry, they have to ensure that products and services are much more effective and
efficient in comparison to other supermarkets or retail shops. The parent company of this
organization is Woolworths Group (Woolworths Supermarket. 2019). The stakeholders of
this particular organization are sub divided into few categories, such as owners, customers,
suppliers and many more. The CEO of Woolworths Supermarkets is Brad Banducci and the
Managing Director is Claire Peters.
INFORMATION SECURITY
1. Introduction
InfoSec or informations security could be termed as the set of different strategies to
manage different procedures, policies and tools that are required for preventing, detecting,
documenting and countering threats to the non digitalized and digitalized information
(Siponen, Mahmood and Pahnila 2014). This type of security program is solely responsible
for eradicating all types of security risks and threats, without much complexity. A risk
management program is being conducted and hence threats and vulnerabilities are well
treated in the company (Peltier 2016). Woolworths is a popular and significant Australian
supermarket that is being serving the customers for several years. This report develops and
documents a strategic security policy for them based on the major stakeholders and
organizational nature. Moreover, every potential threat and vulnerability will be considered in
the report with mitigation strategies.
2. Discussion
2.1 Development and Documenting a Strategic Security Policy for
Woolworths based on the Nature of the Company and Stakeholders
Woolworths Supermarkets is one of the most popular and significant grocery store or
supermarket chain that is being owned by Woolworths Group. This particular supermarket is
responsible for providing more than 80% of the total revenue of the organization
(Woolworths Supermarket. 2019). They mainly specializes in selling grocery items like
vegetables, meat, packaged foods, fruits and many more. Woolworths also sells magazines,
household products, stationary items, pet supplies beauty products and many more. They are
operating in more than one thousand stores in the entire Australia and around nine hundred
super markets and nineteen metro convenience stores. Over 115000 staff are currently
working in the company and the revenue was AU $56.726 billion in 2018. Moreover, they are
also operating as Woolworths Online or Home Shop as a click and collect as well as home
delivery shopping services for their customers. Since, they are involved with supermarket or
retail industry, they have to ensure that products and services are much more effective and
efficient in comparison to other supermarkets or retail shops. The parent company of this
organization is Woolworths Group (Woolworths Supermarket. 2019). The stakeholders of
this particular organization are sub divided into few categories, such as owners, customers,
suppliers and many more. The CEO of Woolworths Supermarkets is Brad Banducci and the
Managing Director is Claire Peters.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY
It is required to develop and document a strategic security policy for this organization
to ensure that the confidential information is absolutely secured without much complexity
(Safa, Von Solms and Furnell 2016). Moreover, the most basic needs and security concerns
of Woolworths are being met and every external and internal threat is being addressed
effectively. Better monitoring and coordination is possible for maintenance of sustainability
and communication is enhanced to a high level (Parsons et al. 2014). This specific strategic
security policy is extremely vital that is detailing out the series of steps required for the
company for identification, remediation as well as management of risks. This development of
a security strategy is the detailed procedure, which includes initial assessment, planning,
constant monitoring and successful implementation. The most significant goal of this
strategic security policy is providing awareness to the employees for their distinctive
responsibilities and helping out them in security of the CIA of the organizational information
assets and information (Lebek et al. 2014).
The process of developing security strategic policy for Woolworths Australia is as
follows:
i) Determination of Current State of the Company: This is the first step, by which
current state of the company is to be determined. The current operations of Woolworths are
much effective than other supermarkets.
ii) Performing Gap Analysis with Risk Assessment: A gap analysis is to be
performed with proper risk assessment so that each and every risk existing in the computer
networks is being analysed on a priority basis (Shameli-Sendi, Aghababaei-Barzegar and
Cheriet 2016).
iii) Determining Resources and Defining Constraints: The major organizational
resources of Woolworths are being determined and the constraints are defined to make the
strategic policy effective.
iv) Setting Control Objectives and Evaluation of Control Choices: The control
objectives are being set and every control choice is being evaluated in this particular step
(Dotcenko, Vladyko and Letenko 2014).
v) Designing Controls with every Available Resource: The controls with all available
resources in Woolworths are required to be designed in the most effective manner.
INFORMATION SECURITY
It is required to develop and document a strategic security policy for this organization
to ensure that the confidential information is absolutely secured without much complexity
(Safa, Von Solms and Furnell 2016). Moreover, the most basic needs and security concerns
of Woolworths are being met and every external and internal threat is being addressed
effectively. Better monitoring and coordination is possible for maintenance of sustainability
and communication is enhanced to a high level (Parsons et al. 2014). This specific strategic
security policy is extremely vital that is detailing out the series of steps required for the
company for identification, remediation as well as management of risks. This development of
a security strategy is the detailed procedure, which includes initial assessment, planning,
constant monitoring and successful implementation. The most significant goal of this
strategic security policy is providing awareness to the employees for their distinctive
responsibilities and helping out them in security of the CIA of the organizational information
assets and information (Lebek et al. 2014).
The process of developing security strategic policy for Woolworths Australia is as
follows:
i) Determination of Current State of the Company: This is the first step, by which
current state of the company is to be determined. The current operations of Woolworths are
much effective than other supermarkets.
ii) Performing Gap Analysis with Risk Assessment: A gap analysis is to be
performed with proper risk assessment so that each and every risk existing in the computer
networks is being analysed on a priority basis (Shameli-Sendi, Aghababaei-Barzegar and
Cheriet 2016).
iii) Determining Resources and Defining Constraints: The major organizational
resources of Woolworths are being determined and the constraints are defined to make the
strategic policy effective.
iv) Setting Control Objectives and Evaluation of Control Choices: The control
objectives are being set and every control choice is being evaluated in this particular step
(Dotcenko, Vladyko and Letenko 2014).
v) Designing Controls with every Available Resource: The controls with all available
resources in Woolworths are required to be designed in the most effective manner.
5
INFORMATION SECURITY
vi) Designing and Monitoring Control Metrics: In the sixth step, control metrics are
being designed as well as monitored for ensuring that confidential information is safe and
secured.
vii) Development of Project Management Plans: In the final step, the respective
project management plans are being developed effectively (Öğütçü, Testik and
Chouseinoglou 2016).
The strategic security policy of Woolworths is as follows:
i) Statement of the Policy: The main purpose of the policy is providing a basic
security framework, which would make sure the total security of the confidential information
of Woolworths from any type of unauthenticated accessibility, damages or loss when
supporting this type of information sharing requirements of organizational culture (Zhang et
al. 2016).
Failure in complying with this specific policy might subject to the organizational
employees to disciplinary actions and to potential penalties.
ii) Policy: Woolworths Supermarkets properly protects their information from any
type of unauthorized access and identifies the risks and vulnerabilities possible for their
business. Moreover, they ensure that confidential information is absolutely safe and secured
as well as kept restricted under every circumstance (Hsu et al. 2015). The employees would
have to take permission before sharing confidential information with the legal and authorized
members of the organization. Furthermore, appropriate measures are needed to be undertaken
for safeguarding the confidentiality of information and it should not be disclosed to any other
party. The inventory stock records are also required to be kept under confidentiality and
under no circumstance these should be shared with other supermarkets.
2.2 Identifying and Assessing Every Potential Threat and Vulnerability of
the Organizational Networks and Discussing about Mitigation Techniques
of the Threats
A proper identification and even assessment of every potential threat or vulnerability
of the company’s network is as follows:
i) Computer Viruses: This is the first and the foremost potential threat to the
organizational network in Woolworths is computer virus (McIlwraith 2016). These are
INFORMATION SECURITY
vi) Designing and Monitoring Control Metrics: In the sixth step, control metrics are
being designed as well as monitored for ensuring that confidential information is safe and
secured.
vii) Development of Project Management Plans: In the final step, the respective
project management plans are being developed effectively (Öğütçü, Testik and
Chouseinoglou 2016).
The strategic security policy of Woolworths is as follows:
i) Statement of the Policy: The main purpose of the policy is providing a basic
security framework, which would make sure the total security of the confidential information
of Woolworths from any type of unauthenticated accessibility, damages or loss when
supporting this type of information sharing requirements of organizational culture (Zhang et
al. 2016).
Failure in complying with this specific policy might subject to the organizational
employees to disciplinary actions and to potential penalties.
ii) Policy: Woolworths Supermarkets properly protects their information from any
type of unauthorized access and identifies the risks and vulnerabilities possible for their
business. Moreover, they ensure that confidential information is absolutely safe and secured
as well as kept restricted under every circumstance (Hsu et al. 2015). The employees would
have to take permission before sharing confidential information with the legal and authorized
members of the organization. Furthermore, appropriate measures are needed to be undertaken
for safeguarding the confidentiality of information and it should not be disclosed to any other
party. The inventory stock records are also required to be kept under confidentiality and
under no circumstance these should be shared with other supermarkets.
2.2 Identifying and Assessing Every Potential Threat and Vulnerability of
the Organizational Networks and Discussing about Mitigation Techniques
of the Threats
A proper identification and even assessment of every potential threat or vulnerability
of the company’s network is as follows:
i) Computer Viruses: This is the first and the foremost potential threat to the
organizational network in Woolworths is computer virus (McIlwraith 2016). These are
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
INFORMATION SECURITY
software pieces, which are being designed, so that they could spread from any one computer
to the next. These computer viruses are being sent as significant email attachments or even
downloaded from specified web sites with major intention of infecting the computer system,
by simply utilizing systems over the networks. Such computer viruses are eventually known
for spending spam message, restrict the security setting on systems or even corrupt as well as
steal confidential data from the hard drive or computers of personal data like passwords
(Allam, Flowerday and Flowerday 2014).
ii) Rogue Security Software: The second type of risk is rogue security software. To
leverage from different kinds of computer viruses, the scammers have found a new technique
for committing Internet fraud (Rao and Nayak 2014). It is a specified malicious software,
which misinforms the users in believing that the computer viruses are being installed within
their computer and the security measures not getting upgraded. Hence, security settings of the
users are being updated or installed and the malicious activities are being involved in the
computer system.
iii) Trojan Horses: It can be termed as tricking the victim in inviting any hacker into a
certain secured area. Trojan horse even holds a malicious piece of software or attacking
codes, which can trick the users into executing it purposely, after disguising behind legal
programs. These Trojans even get spread when the user clicks on a fake advertisement
(Tsohou, Karyda and Kokolakis 2015). They can even record the passwords by logging
keystrokes and stealing confidential data from Woolworths.
iv) DDoS Attacks: Another common and significant security threat would be DDoS or
distributed denial of service attacks. There exists a malicious traffic overload, which takes
place as soon as attacks eventually over flood the website with subsequent traffic. DDoS
attack is performed by several machines after flooding any particular web site with specific
packets and hence making it absolutely impossible for the legal users in accessing the original
contents of that web site.
v) Phishing: Woolworths could even face issue of phishing, in which confidential
information like usernames and passwords is being obtained and the attacks generally come
in the distinctive form of phishing emails and instant message for making it legal (Da Veiga
and Martins 2015). The users are being tricked to installed malicious software in their
systems and thus privacy issues are raised.
INFORMATION SECURITY
software pieces, which are being designed, so that they could spread from any one computer
to the next. These computer viruses are being sent as significant email attachments or even
downloaded from specified web sites with major intention of infecting the computer system,
by simply utilizing systems over the networks. Such computer viruses are eventually known
for spending spam message, restrict the security setting on systems or even corrupt as well as
steal confidential data from the hard drive or computers of personal data like passwords
(Allam, Flowerday and Flowerday 2014).
ii) Rogue Security Software: The second type of risk is rogue security software. To
leverage from different kinds of computer viruses, the scammers have found a new technique
for committing Internet fraud (Rao and Nayak 2014). It is a specified malicious software,
which misinforms the users in believing that the computer viruses are being installed within
their computer and the security measures not getting upgraded. Hence, security settings of the
users are being updated or installed and the malicious activities are being involved in the
computer system.
iii) Trojan Horses: It can be termed as tricking the victim in inviting any hacker into a
certain secured area. Trojan horse even holds a malicious piece of software or attacking
codes, which can trick the users into executing it purposely, after disguising behind legal
programs. These Trojans even get spread when the user clicks on a fake advertisement
(Tsohou, Karyda and Kokolakis 2015). They can even record the passwords by logging
keystrokes and stealing confidential data from Woolworths.
iv) DDoS Attacks: Another common and significant security threat would be DDoS or
distributed denial of service attacks. There exists a malicious traffic overload, which takes
place as soon as attacks eventually over flood the website with subsequent traffic. DDoS
attack is performed by several machines after flooding any particular web site with specific
packets and hence making it absolutely impossible for the legal users in accessing the original
contents of that web site.
v) Phishing: Woolworths could even face issue of phishing, in which confidential
information like usernames and passwords is being obtained and the attacks generally come
in the distinctive form of phishing emails and instant message for making it legal (Da Veiga
and Martins 2015). The users are being tricked to installed malicious software in their
systems and thus privacy issues are raised.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
INFORMATION SECURITY
vi) Rootkit: It is a set of different software techniques, which permits remote
controlling as well as administration level accessibility on computer network. As soon as
remote access could be obtained, this rootkit could accomplish various malicious activities
and these are equipped with the antivirus disablers, password stealer or even key loggers. The
popular methods of this rootkit distribution would be phishing email and malicious file.
vii) SQL Injection Attack: Such attacks are being designed for targeting the data
driven applications after exploitation of security vulnerabilities within application software
(Dotcenko, Vladyko and Letenko 2014). Private data is being obtained by using malicious
codes and the data could even be changed or destroyed completely, thus destroying
confidentiality completely.
viii) Man in the middle Attacks: This is yet another vital type of threat that could be
extremely vulnerable for the organization of Woolworths. Man in the middle attacks are
cyber threats, which enable the hacker in eavesdropping over communication within 2
targets. It could eavesdrop to the communication that is private in nature.
Woolworths would be able to mitigate these attacks by undertaking certain mitigation
strategies in their business and the mitigation strategies for solving these above mentioned
issues are as follows:
i) Solution for Computer Viruses: Successful implementation of antivirus software
and firewall in the system would be extremely effective and efficient for this organization of
Woolworths and they would be able to resolve the issues and complexities related to data
privacy and security (Shameli-Sendi, Aghababaei-Barzegar and Cheriet 2016).
ii) Solution for Rogue Security Software: Woolworths should install and implement a
firewall in their organizational systems for resolving this issue and using automatic up
gradation.
iii) Solution for Trojan horse: Installation of right end point protection software
would be extremely effective and efficient to resolve the issue of Trojan horse. Data would be
secured in this purpose and end point protection can integrate the unparalleled antivirus or
application controls (Safa, Von Solms and Furnell 2016). Moreover, a future proof
technology would also be involved for creation of a completely isolated virtual environment,
registry as well as hard drive.
INFORMATION SECURITY
vi) Rootkit: It is a set of different software techniques, which permits remote
controlling as well as administration level accessibility on computer network. As soon as
remote access could be obtained, this rootkit could accomplish various malicious activities
and these are equipped with the antivirus disablers, password stealer or even key loggers. The
popular methods of this rootkit distribution would be phishing email and malicious file.
vii) SQL Injection Attack: Such attacks are being designed for targeting the data
driven applications after exploitation of security vulnerabilities within application software
(Dotcenko, Vladyko and Letenko 2014). Private data is being obtained by using malicious
codes and the data could even be changed or destroyed completely, thus destroying
confidentiality completely.
viii) Man in the middle Attacks: This is yet another vital type of threat that could be
extremely vulnerable for the organization of Woolworths. Man in the middle attacks are
cyber threats, which enable the hacker in eavesdropping over communication within 2
targets. It could eavesdrop to the communication that is private in nature.
Woolworths would be able to mitigate these attacks by undertaking certain mitigation
strategies in their business and the mitigation strategies for solving these above mentioned
issues are as follows:
i) Solution for Computer Viruses: Successful implementation of antivirus software
and firewall in the system would be extremely effective and efficient for this organization of
Woolworths and they would be able to resolve the issues and complexities related to data
privacy and security (Shameli-Sendi, Aghababaei-Barzegar and Cheriet 2016).
ii) Solution for Rogue Security Software: Woolworths should install and implement a
firewall in their organizational systems for resolving this issue and using automatic up
gradation.
iii) Solution for Trojan horse: Installation of right end point protection software
would be extremely effective and efficient to resolve the issue of Trojan horse. Data would be
secured in this purpose and end point protection can integrate the unparalleled antivirus or
application controls (Safa, Von Solms and Furnell 2016). Moreover, a future proof
technology would also be involved for creation of a completely isolated virtual environment,
registry as well as hard drive.
8
INFORMATION SECURITY
iv) Solution for DDoS Attacks: To resolve this issue of DDoS attack, Woolworths
should utilize UDP fragmentation and hence the anomalies within their computer network
would be successfully mitigated.
v) Solution for Phishing: The implementation of anti spyware as well as firewall
settings are effective for prevention of phishing attacks and the programs would be up graded
on a regular manner (Siponen, Mahmood and Pahnila 2014).
vi) Solution for Rootkit: Woolworths can implement Kernel Patch Protection or KPP
for resolving the issues related to rootkit. These issues related to digital signing requirement
would be solved with KPP (Öğütçü, Testik and Chouseinoglou 2016).
vii) Solution for SQL Injection Attack: For solving this particular issue of SQL
injection attack, Woolworths could involve input validation as well as parameterized queries
like prepared statements.
viii) Solution for Man in the middle Attack: To resolve issues associated to man in
the middle attacks, the information security team of Woolworths should refrain customers
from connecting to their Wi-Fi connection and they should pay close attention for any type of
alert or warning message (Allam, Flowerday and Flowerday 2014).
3. Conclusion
Thus, conclusion can be drawn that the programs of information security are mainly
built on the major objectives of CIA of the IT systems as well as business related
information. These three objectives make sure that the confidential data is completely
revealed to every authenticated party, preventing every possible type of unauthorized data
modification and also providing guarantee that the information could be easily accessed by
only authorized parties. The report has properly outlined an InfoSec program for Woolworths
Australia. The major threats and vulnerabilities are being highlighted in the report with
relevant mitigation strategies.
INFORMATION SECURITY
iv) Solution for DDoS Attacks: To resolve this issue of DDoS attack, Woolworths
should utilize UDP fragmentation and hence the anomalies within their computer network
would be successfully mitigated.
v) Solution for Phishing: The implementation of anti spyware as well as firewall
settings are effective for prevention of phishing attacks and the programs would be up graded
on a regular manner (Siponen, Mahmood and Pahnila 2014).
vi) Solution for Rootkit: Woolworths can implement Kernel Patch Protection or KPP
for resolving the issues related to rootkit. These issues related to digital signing requirement
would be solved with KPP (Öğütçü, Testik and Chouseinoglou 2016).
vii) Solution for SQL Injection Attack: For solving this particular issue of SQL
injection attack, Woolworths could involve input validation as well as parameterized queries
like prepared statements.
viii) Solution for Man in the middle Attack: To resolve issues associated to man in
the middle attacks, the information security team of Woolworths should refrain customers
from connecting to their Wi-Fi connection and they should pay close attention for any type of
alert or warning message (Allam, Flowerday and Flowerday 2014).
3. Conclusion
Thus, conclusion can be drawn that the programs of information security are mainly
built on the major objectives of CIA of the IT systems as well as business related
information. These three objectives make sure that the confidential data is completely
revealed to every authenticated party, preventing every possible type of unauthorized data
modification and also providing guarantee that the information could be easily accessed by
only authorized parties. The report has properly outlined an InfoSec program for Woolworths
Australia. The major threats and vulnerabilities are being highlighted in the report with
relevant mitigation strategies.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
INFORMATION SECURITY
References
Allam, S., Flowerday, S.V. and Flowerday, E., 2014. Smartphone information security
awareness: A victim of operational pressures. Computers & Security, 42, pp.56-65.
Da Veiga, A. and Martins, N., 2015. Improving the information security culture through
monitoring and implementation actions illustrated through a case study. Computers &
Security, 49, pp.162-176.
Dotcenko, S., Vladyko, A. and Letenko, I., 2014, February. A fuzzy logic-based information
security management for software-defined networks. In 16th International Conference on
Advanced Communication Technology (pp. 167-171). IEEE.
Hsu, J.S.C., Shih, S.P., Hung, Y.W. and Lowry, P.B., 2015. The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), pp.282-300.
Lebek, B., Uffen, J., Neumann, M., Hohler, B. and H. Breitner, M., 2014. Information
security awareness and behavior: a theory-based literature review. Management Research
Review, 37(12), pp.1049-1092.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining
employee awareness using the human aspects of information security questionnaire (HAIS-
Q). Computers & security, 42, pp.165-176.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rao, U.H. and Nayak, U., 2014. The InfoSec handbook: An introduction to information
security. Apress.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.
INFORMATION SECURITY
References
Allam, S., Flowerday, S.V. and Flowerday, E., 2014. Smartphone information security
awareness: A victim of operational pressures. Computers & Security, 42, pp.56-65.
Da Veiga, A. and Martins, N., 2015. Improving the information security culture through
monitoring and implementation actions illustrated through a case study. Computers &
Security, 49, pp.162-176.
Dotcenko, S., Vladyko, A. and Letenko, I., 2014, February. A fuzzy logic-based information
security management for software-defined networks. In 16th International Conference on
Advanced Communication Technology (pp. 167-171). IEEE.
Hsu, J.S.C., Shih, S.P., Hung, Y.W. and Lowry, P.B., 2015. The role of extra-role behaviors
and social controls in information security policy effectiveness. Information Systems
Research, 26(2), pp.282-300.
Lebek, B., Uffen, J., Neumann, M., Hohler, B. and H. Breitner, M., 2014. Information
security awareness and behavior: a theory-based literature review. Management Research
Review, 37(12), pp.1049-1092.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining
employee awareness using the human aspects of information security questionnaire (HAIS-
Q). Computers & security, 42, pp.165-176.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Rao, U.H. and Nayak, U., 2014. The InfoSec handbook: An introduction to information
security. Apress.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
INFORMATION SECURITY
Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of
information security risk assessment (ISRA). Computers & Security, 57, pp.14-30.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Tsohou, A., Karyda, M. and Kokolakis, S., 2015. Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: Recommendations for
information security awareness programs. Computers & security, 52, pp.128-141.
Woolworths Supermarket. 2019. [online]. Accessed from https://www.woolworths.com.au/
[Accessed on 27 September 2019].
Zhang, Y., Zhang, L.Y., Zhou, J., Liu, L., Chen, F. and He, X., 2016. A review of
compressive sensing in information security field. IEEE access, 4, pp.2507-2519.
INFORMATION SECURITY
Shameli-Sendi, A., Aghababaei-Barzegar, R. and Cheriet, M., 2016. Taxonomy of
information security risk assessment (ISRA). Computers & Security, 57, pp.14-30.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Tsohou, A., Karyda, M. and Kokolakis, S., 2015. Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: Recommendations for
information security awareness programs. Computers & security, 52, pp.128-141.
Woolworths Supermarket. 2019. [online]. Accessed from https://www.woolworths.com.au/
[Accessed on 27 September 2019].
Zhang, Y., Zhang, L.Y., Zhou, J., Liu, L., Chen, F. and He, X., 2016. A review of
compressive sensing in information security field. IEEE access, 4, pp.2507-2519.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.