StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Strategy of IT Department at Eazee Shopping - Case Study Example

Cite this document
Summary
This paper "Information Security Strategy of IT Department at Eazee Shopping" focuses on the threats to information systems in the cyberspace. The researcher will then demonstrate the organisational policies of Eazee Shopping followed by physical and system security initiatives. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.5% of users find it useful
Information Security Strategy of IT Department at Eazee Shopping
Read Text Preview

Extract of sample "Information Security Strategy of IT Department at Eazee Shopping"

Information Security Strategy of IT Department at Eazee Shopping Abstract This paper will first throw light over the threats to information systems in the cyberspace. The researcher will then demonstrate the organisational policies of Eazee Shopping followed by physical and system security initiatives that should be taken by top management of Eazee Shopping. The researcher will then discuss the compliance of information systems and security initiatives with ISO – 27001 Standard after which a conclusion will be presented to summarise the key findings and scope of security strategies. Introduction Eazee Shopping was established in 2004 is a famous supermarket (chain) business operational in United Kingdom. The company works under supervision and guidance of Mr. Sundeep Singh who is the CEO and controls entire strategic planning, coporate policy formulation & implementation and business control process. The supermarket chain aims to simplify its business selling process by offering all products through an online information management system. The company recorded revenues to be nearly 20 million in 2006 and aimed to increase its existing revenues to 3 times by introducing new order tracking and sales automated system. Indeed, this would enable the company to increase its existing target market as well as help increasing revenue streams. For instance, the supermarket could also improve its value creation and value propositon offered to potential customers in the market. For instance, Eazee Shopping is also interested in using decision and executive support systems because they could provide pertinent information to top and middle level managers. As a result, the induction of above mentioned systems would reduce work load, facilitate business decision – making and problem – solving, and enhance productivity, effectiveness and overall organisational performance. It is worthwhile to mention that information is considered as an extremely valuable business asset across Eazee Shopping, which is usually created from sales and financial data. Indeed, the managers obtained information in the form of statistics regarding most sold products, most demanded products in different packages, changes and fluctuations in prices, profitability etc. This information is used not only to analyse the growth rate of Eazee Shopping Company but also to determine the effectiveness of currently implemented product development, market development and diversification strategies and business policies. Also, the market research and sales information identify any underlying problems in advance, thereby enabling strategic planners to take corrective measures. In simple words, information plays a critical role in Eazee Shopping’s business decision – making and any threats to information security should be considered as direct threat to smooth functioning, business growth and sustainable development of the supermarket business. As far as Eazee Shopping information security strategy is concerned, it should be pointed out that supermarket chain is required to train its IT workers so that they could become physically and mentally prepare regarding use of new operational, executive and decision support systems. Then, the company needs to employ different strategies such as continuous system monitoring, performance appraisal framework for systems’ assessment / evaluation and Acceptable Use Policy (AUP) to ensure physical systems’ and network security. The above mentioned policies will be discussed in detail in a separate chapter. For instance, Eazee Shopping should maximise internal systems’ security by using stronger Oracle Applications, by informing organisational members in advance about certain programming flaws and defects, by building security profiles and storing in Authorisation Management Systems, and by using organisation-wide and division-wide system security approaches. The above mentioned plans will also be discussed in detail in a separate chapter to provide readers an insight about implementation of various system security plans by Eazee Shopping. Threat Analysis As far as the perceived threats are for Eazee Shopping supermarket chain are concerned, it should be pointed out that the UK based chain has been shifting towards an online business model because of increment in internet users and potential online buyers. The debit, credit, visa and e-cards are normally used by consumers to shop online, which is viewed as relatively convenient, reliable and hassle-free shopping nowadays. In addition, online shopping saves time and reduce transportation / travelling expenses. It is worthwhile to mention that consumers will provide their private business account information, credit card numbers and contact details that will be stored in management information system (MIS) of the Easy Shopping supermarket chain. Nevertheless, these information systems have proven vulnerable to security threats due to cyber attacks from hackers and subsequent system breakdowns, failures and data lossess. It should be recalled that various multinational organisations and governments have already come under attack launched by hackers in the form of gruesome system viruses / malwares and auto - data detection softwares (cookies). Viruses are the rogue programmes that attach with other programmes in the information system for execution. Another possible threat in computer language is commonly known as Worms that are independent programmes that copy from a computer to another over a network without permission of the end-users. Nonetheless, the strong viruses disrupt system functioning of Easy Shopping and result in data losses. Also, the intruders or hackers may also transfer useful data / information (such as customer profile, sales data, profitability rates, and inventory at hand and in stores etc.) from the operational system to their PCs so that they could harm Easy Shopping and lead to financial losses. It should be pinpointed that hackers usually launch denial-of-service attacks on the systems through fake communication requests, which results in system crashes, disruptions and blatant slowdowns. In most cases, the system observes a slowdown followed by a temporary breakdown, which results in data losses. The IT professionals of Easy Shopping are then required to restore and recover the data, while the managers and organisational members, especially sales department workers, suffer because of problems faced in carrying out business operations in an efficient and effective manner. However, the most crucial element involved is misuse of private consumer and business related information of Easy Shopping Company by hackers / cyber terrorists. The supermarket chain promises confidentiality and protection of private information of their clients. Failure of Easy Shopping in protecting valuable customer and business related information will lead to reduction in consumer satisfaction, loyalty and trust factor. Also, the top management perceives a threat that hackers could surreptitiously sell Easy Shopping confidential or private business information to competitors, thereby making competitors aware in advance about supermarket’s corporate strategies and business policies. In addition to aforementioned, there are internal security threats such as software failures and breakdowns, information leakage and misuse by employees etc. Hence, Easy Shopping has to pay special attention to install security programmes to thwart access of unauthorised persons to the confidential business information. The intense competition in domestic UK markets has also forced the supermarket chain to hire part-time or contract (temporary) workers; therefore, it has become difficult to ensure strict check and balance on every single employee. The top management perceives that information leakage could take place with the help of highly dissatisfied employees of Easy Shopping. Organisational Policies: As far as the organisational policies are concerned, it should be pointed out that Eazee Shopping has established an IT department comprising of software specialists, hardware maintenance personnel, data centre operators, information security officers etc. The company has formulated a new organisational policy to induct operational, managerial and executive support systems so that it could shift from manual processes to a relatively automated organisation. The supermarket chain requires these systems to facilitate its inventory management, order tracking, order processing and sales forecasting procedures. Eazee Shopping values its customers and promises to protect their private information at any cost. Hence, the company managers pay special attention to safeguard account information (provided by customers). Physical Security Plan The first step will be about training of employees of IT department at Eazee Shopping. Indeed, the IT personnel have to be trained about information creation, storage, use, dissemination and security tools so that they could manage entire information system (inputting and outputting tasks, maintenance, restoration etc.) and facilitate employees of other organisational departments. For instance, a chief security officer will be chosen and assigned the responsibility to monitor every IS worker so that probability of information leakage and access to any unauthorised person could be minimised. In addition, all organisational computer systems (used at different supermarkets, city and head offices) will be continuously monitored. This enables Eazee Shopping to check what information is stored (obtained from external and internal sources) on organisational PCs, to understand and analyse whether the stored information could threaten system security or not. In addition, a performance appraisal framework will be developed and implemented to analyse and measure the functioning and performance of new information systems. Also, the framework will help identifying any underlying weaknesses in information security tools and their viability. In addition, Eazee Shopping could employ an Acceptable Use Policy (AUP) which would define the acceptable uses of organisational information, computing equipment (such as PCs, Laptops, wireless devices, telephones, intranet and extranet) and technological resources. This policy would clarify Eazee Shopping privacy rules and regulations, user responsibility, acceptable / unacceptable actions and consequences for noncompliance. System Security Plan To ensure the System Security, the supermarket will develop its information system by using Oracle Applications, which are considered as relatively better due to stronger programming base. In addition, the Information Security tools, applications and controls have to be evaluated and assessed on regular basis in order to judge their effectiveness and performance against external cyber crime threats. Another strategy to be used for System Security is to inform workers about technical defects and programming flaws, which are normally determined during implementation stage. These technical system problems will be communicated with the system developers and rectified to avoid any system failure, breakdown and data losses. It should be noted that intruders and hackers first identify any coding or programming errors in the information system after which they launch attacks because of weak defense against viruses, malicious software, spywares, worms and Trojan horses. In order to protect the organisational information, Eazee Shopping could develop security profiles that would then be stored in Authorisation Management Systems. Indeed, this policy would enable supermarket chain to define what information each user is permitted to access. For example, a sales employee at Birmingham supermarket owned by Eazee Shopping is restricted to access sales information of any other division because of security profile tool. Eazee Shopping could implement another initiative known as ‘organisation – wide system security approach’ under which workers will be trained to identify possibility of cyber attacks in advance. This would enable the company to save precious time and organisational resources used for investigation of security issues / problems / incidents. The monitoring of all information systems and technology resources would not only save costs but also reduce productivity losses occurred due to system failures, crashes and breakdowns. Similarly, the managers could also adopt another strategy known as ‘division – wide system security approach’ under which the IT specialists will be trained to identify the probability of complex cyber attacks on systems and sub-systems employed at Eazee Shopping supermarkets in various cities. The specialists will then communicate this information with other divisional employees to make them aware about perceived security threats and adoption of precautionary measures during data transfer and dissemination. This would enable IT department to analyse which division is more vulnerable to cyber attacks launched by hackers to steal valuable business information. Compliance with ISO – 27001 Standards It is worthwhile to mention that ISO – 27001 is an expansion of “British Standard BS 7799, Part 2”, which aims to maximise information system security through use of a stronger risk management model. The previous version was “revised and updated” (Humphreys, 2006) to ensure information safety, security and protection from cyber terrorists (hackers, intruders etc.) that either hack information systems or instill viruses for criminal purposes. The new ISO – 27001 Standard also focuses on principles that would lead to development of information systems in a better manner followed by improvement in management and maintenance. Also, the standard complies with OECD (Organization for Economic Cooperation and Development) principles that consider information as most valuable asset in today’s external business environment, and therefore emphasise heavily on information system security (27001 - Online Article, n.d). It should also be noted that ISO – 27001 is a part of ISO - 9001: 2000 and ISO - 14001: 2004. Business enterprises have produced this new standard because of rising menace of cyber attacks, cyber crimes and cyber warfare. The strategic planners and top executives of various business firms have taken into account the perceived cyber threats after which developed “information security manage­ment system (ISMS) and this ISO - 27001 Standard” that could facilitate in information and system security of any firm from any business sector (Humphreys, 2006). In addition, the ISO – 27001 has been developed on PDCA model. In the first stage, ‘P’ stands for Plan during which Eazee Shopping, with the help of IT specialists and system developers, has to design the ISMS in its operational, decision and executive support systems. In the second stage, ‘D’ stands for Do during which Eazee Shopping has to install the ISMS and train its workers so that they could maintain supermarkets technological resources, secure information and networks. In the third stage, ‘C’ stands for Check during which Eazee Shopping will have to ensure check and balance through monitoring and performance appraisal framework for better security and smooth functioning of ISMS. In the last stage, ‘A’ stands for Act during which It department of Eazee Shopping has to enhance and upgrade the tools, programmes, features and modules of ISMS so that the security system best suits information security needs and requirements of supermarket chain (Humphreys, 2006). Conclusion References Rees, Jackie, Subhajyoti Bandyopadhyay and Eugene H. Spafford (2002) “PFIRES: A Policy Framework for Information Security” Center for Education and Research in Information Assurance and Security [Online] Available at http://www.enhyper.com/content/pfires.pdf Anderson, Ross (2001) “Why Information Security is Hard - An Economic Perspective” University of Cambridge Computer Laboratory Siponen, Mikko (2000) “A conceptual foundation for organizational information security awareness” Information Management & Computer Security 8/1, pp. 31±41 [Online] Available at http://oasis.oulu.fi/publications/imcs080100-ms.pdf Dhillon, Gurpreet & Gholamreza Torkzadeh (2006) “Value-focused assessment of information system security in organizations” Info Systems 16, pp. 293–314 [Online] Available at http://iris.nyit.edu/~kkhoo/Spring2008/Topics/Topic10/ValueFocusedAssmntInfoSecOrg2006.pdf Gordon, Lawrence and Martin Loeb (2003) “Information Security Expenditures and Real Options: A Wait and See Approach” Computer Security Journal, Volume 14 [Online] Available at http://www.cpppe.umd.edu/Bookstore/Documents/ISExpenditures_11.2.03.pdf Anderson, Ross and Tyler Moore (2007) “Information Security Economics – and Beyond” Computer Laboratory, University of Cambridge 27001-Online Article (n.d.) “Welcome to ISO 27001 Online - Dedicated to the ISO 27001 Security Management Standard” [Online] Available at http://www.27001-online.com/ Humphreys, Ted (2006) “State-of-the-art information security management systems with ISO/IEC 27001:2005” ISO Management Systems [Online] Available at http://www.iso.org/iso/iso_catalogue/management_standards/specific_applications/specific-applications_it-security.htm Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Information Security Strategy of IT Department at Eazee Shopping Case Study, n.d.)
Information Security Strategy of IT Department at Eazee Shopping Case Study. Retrieved from https://studentshare.org/information-technology/1744997-eazee-shopper
(Information Security Strategy of IT Department at Eazee Shopping Case Study)
Information Security Strategy of IT Department at Eazee Shopping Case Study. https://studentshare.org/information-technology/1744997-eazee-shopper.
“Information Security Strategy of IT Department at Eazee Shopping Case Study”, n.d. https://studentshare.org/information-technology/1744997-eazee-shopper.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security Strategy of IT Department at Eazee Shopping

Accounting Information Systems of Air New Zealand

Both incidents while considered accidents could have been prevented if the right information security management system is in place to protect the information assets of Air New Zealand.... Strict information security policy is the best way to address these threats.... Identification of the threats is therefore not only essential in managing the risks associated to the operation and service provisioning of Air New Zealand it is similarly essential in setting up the infrastructure that would support its overall security management systems....
11 Pages (2750 words) Assignment

Unmanned Aerial Vehicle Ground Support Equipment Business Proposal

Unmanned Aerial Vehicle Ground Support Equipment ... Airline industry and the United States military follow all rules and regulation in accordance with the Federal Aviation Administration and local standard operating procedures.... hellip; All aircraft that fly on United States airspace must be maintained and are airworthy....
12 Pages (3000 words) Essay

Perspectives on Operations Management

The management should set the service layout that can create an open shopping environment that helps the customers to find the things what they are looking for quickly.... Perspectives on Operations Management Date: Perspectives on operations management Outline: Introduction of Operations strategy Operation strategy for new Wal-Mart Store Key Factor of Operations strategy Implied Performance Objectives Justifications and Recommendation Perspectives on Operations Management Operations management strategy is simply a tool which can help the organizations to carry out their business in efficient manner....
5 Pages (1250 words) Essay

Evaluation of Internet Activities - SOGO

SOGO is a preferred destination and one-stop shopping centre for customers who could have the pleasure of shopping in an ideal environment.... 0 Introduction The internet based activities of the departmental stores have changed the behaviour of customers over the years due to the facilities of the advanced software, technologies and web-based solution employed by the department stores.... The internet activities in context to the Japanese department store SOGO is one such example....
8 Pages (2000 words) Dissertation

Online Shopping

Online shopping is, therefore, an important development that has helped both sellers and buyers to trade in an effective and efficient manner as they communicate constantly and exchange products in the meanest time.... Secondly, online shopping requires the services of middle-businessmen who will transport the products to the buyers.... Therefore, it is evident that online shopping has developed the proceeds of the economy by creating job opportunities and enhancing the economy through constant exchange of products from the sellers to the buyers....
6 Pages (1500 words) Term Paper

Perspectives on operations management

For example, there should be a separate cash counter for each department.... This article will explore the subject of perspectives on operations management under such divisions: the introduction of operations strategy; operation strategy for new Wal-Mart store; a key factor of operations strategy; implied performance objectives; justifications and recommendation.... This research will begin with the statement that operations management strategy is simply a tool which can help the organizations to carry out their business inefficient manner....
5 Pages (1250 words) Essay

The Horse Gallops co for Information mangment system

The contractors deal with the building of houses, while the maintenance department ensures that the commercial units are well maintained and operational.... The trading and mortgage department deal with payment of the houses and general financial matters, while the general services department deals with serving the customers' needs.... As different parties respond differently to unlike hazards, this enables them to set security aims....
12 Pages (3000 words) Case Study

Historical Reference to U.S. Counter-terrorism Practices

hellip; The strategy defines the range of terrorist organizations that pose threat to the United States and the core principles that guide the US counterterrorism efforts.... The latter include adhering to US core values, building security partnerships, applying counter-terrorism tools and capabilities appropriately, and building a culture of resilience.... Being largely preoccupied with traditional interstate conflict and counterinsurgency, the US national security establishment first recognized the terrorist threat in the early 1970s....
9 Pages (2250 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us