Information Security Risk Assessment and Mitigation Plan for Walmart

Verified

Added on 2022/11/02

AI Summary

This report provides a comprehensive analysis of information security risks faced by Walmart. It identifies potential threats, including data breaches, POS system vulnerabilities, and risks associated with third-party cloud providers. The report includes a heat map to visualize risk severity and probability, as well as a risk assessment matrix. A detailed risk mitigation plan is proposed, focusing on compliance with PCI DSS standards, disaster recovery strategies involving redundant information systems, and the development of a private cloud network. The report emphasizes the importance of robust risk management strategies for Walmart to maintain its competitive advantage in the market and protect its sensitive data. The analysis is supported by references to relevant academic literature.

INFORMATION SECURITY
NAME OF STUDENT
NAME OF COLLEGE
AUTHORS NOTE
INFORMATION SECURITY
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY
Discussion
The information risks which can be faced by Walmart are as follows:
 Wal-Mart runs a huge information system infrastructure which has been termed as the
biggest arrangement in US. Information system of Wal-Mart contains very vital and
sensitive information regarding the personal details of their customers, their account
credentials and regarding the purchasing pattern and frequency of the customers. Any
type of leaks regarding the sensitive information of the customers available in the
information system of the company can lead to a huge expenses for the company as a
result of compensating the parties who will get affected which and also due to the
updating of systems, processes and procedures of the company for restoring the
confidence of the customers. This risk is particular more relevant for the point of sales
system of the company, which can be considered as a treasure trove for cyber hackers as
it comprises of sensitive information comprising of the debit card and credit card
credentials of the customers and the gift card information of the customers.
 In case of occurrence of any large scale disasters, the operations of the company can
come to a standstill as a result of the consequences and damaged caused by the disaster
on the information technology infrastructure. As the company is fully dependent on
information technology system for its day to day activities, therefore the lack of
availability of data and information can make the company come to a halt until normal
services and restored which can losses large amount of losses to the company and can
also cause threats to existing data and information in the system of the company and as
the stores of the company located all over the world are connected through a single
interface and platform, therefore the complexity of the situation can increase.
 As the company acquires, handles and shares a large amount of data and information with
the internal and external parties of the organization, therefore the company requires a
large amount of storage space in order to store the data and process the data accordingly,
and as a result it requires it needs the support of third party cloud providers such as
Amazon Web Services in order to house the sensitive data which can pose security threat
to the data of the company and as Amazon is their main competitor in the retail scenario,
2

INFORMATION SECURITY
therefore it can be considered as a risk to house sensitive data in the technological
offerings of its competitors.
The heat mapping of the risk that can be faced by Walmart are as follows:
Severity
Catastrophic
Major
Moderate Security
threat
while
storing in
third part
cloud
servers
Hacking of
information
system
Minor Disruption
of
Informatio
n system
due to
disasters
Insignificant
Rare Unlikely Possible Likely Almost
certain
Probability
Fig: Heat mapping of the risk
Source: Author
The risk assessment matrix for Walmart is as follows:
3

INFORMATION SECURITY
Fig: Risk Assessment Matrix
Source: Author
Risk Mitigation Plan
 As opined by Hung et al. (2014) to mitigate the risk regarding breach of sensitive
customer data and information, Wal-Mart can comply with the standards laid down by
PCI DSS or Payment Card Industry Data Security Standard. The standards and guidelines
of PCI DSS will help Walmart in, ensuring security regarding their physical and
electronic repository and regarding processing and distribution of data of individual
cardholders. Some components of the operational system of PCI DSS comprises of
conserving closed network through application of firewalls which Walmart can use for
protecting sensitive data, encryption of cardholder data which is distributed throughout
common networks, consistently upgrading anti-virus software in addition to chasing and
scanning all access to network resources and cardholder data.
 According to Kutsch, Browning & Hall (2014) in order to recover from the aftermath of a
disaster, Wal-Mart should maintain disposable primary and secondary information
4
Hacking of
information
system
Nil
Security threat
while storing in
third part cloud
servers
Disruption of
Information
system due to
disasters
Impact
Probability
Low
High
High

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION SECURITY
systems for mitigating uncertainty related to operative downtime and major depletion of
data. The company must focus on keeping both primary and secondary information
systems physically discrete in nature. Wal-Mart should develop satellite links for their
retail centers and enable them to remain connected with headquarters inspite absence of
phone and internet connectivity after disasters. Wal-Mart should also focus on setting up
more Emergency Operations Centre other than the one which is located in the
headquarter which will work together with other decentralized EOCs at division level.
 As stated by Cowley, Greitzer & Woods (2015) the company’s spreading POS system
must remain highly operable and robust in nature for harvesting daily sales data from all
its global locations. In order to house data from a customer base which comprises of
millions of shoppers, the company must have the adequate back end storage
infrastructure. The company should develop a massive private cloud network for making
available large volumes of data which will also prevent the company from purchasing
technological solutions from its competitors for accommodating the sensible information
of the company and its customers.
From the above report it can be stated that the number of risks for Walmart, in terms of
security of its data and information is greater as the company relies solely on its information
technology infrastructure in order to gain competitive advantage in the market. The
information system infrastructure of framework enables it to carry out their day to day
operations in an effective manner and the company should adopt adequate risk management
strategies for resolving the risks it faces in terms on information security.
5

INFORMATION SECURITY
References
Cowley, J. A., Greitzer, F. L., & Woods, B. (2015). Effect of network infrastructure factors on
information system risk judgments. Computers & Security, 52, 142. Retrieved from
https://search.proquest.com/docview/1834943290?accountid=30552
Hung, Y. W., Hsu, S., Su, Z., & Huang, H. (2014). Countering user risk in information system
development projects: SSIS. International Journal of Information Management, 34(4),
533. doi:http://dx.doi.org/10.1016/j.ijinfomgt.2014.02.003
Kutsch, E., Browning, T. R., & Hall, M. (2014). Bridging the risk gap: The failure of risk
management in information systems projects. Research Technology Management, 57(2),
26-32. Retrieved from https://search.proquest.com/docview/1507797846?accountid=30552
6