An information security risk assessment of Topshop retail Essay Example For Students

An information security risk assessment of Topshop retail Essay Top Shop We will write a custom essay on An information security risk assessment of Topshop retail specifically for you for only $16.38 $13.9/page Order now IS Audit Report Contentss Executive sum-up Case Background Hazards Audited account program Audit Plan Framework Interview Questions A ; Documents Recommendation: Bibliography Outline1 Executive sum-up2 Case Background3 Hazards4 Audited account program5 Audit Plan Framework6 Interview Questions A ; Documents7 Recommendation:8 Bibliography Executive sum-up An information security hazard appraisal is a go oning procedure characterized by detecting, rectifying and forestalling security jobs. The menace appraisal is an indispensable portion of a hazard direction pattern designed to supply suited degrees of security for information systems. An information security hazard appraisal is a constituent of sound protection patterns and is needed by the Commonwealth Enterprise Information Security Policy ( Davis, 2011 ) . The hazard appraisals and interconnected certification are besides an of import portion of conformity with Health Insurance Portability Accountability Act security criterions. A Risk appraisal will help each bureau make up ones mind the tolerable degree of hazard and the eventful security demands for every system. The bureau so be after execute and analyze a set of security steps to turn to the degree of known hazard. The Executive drumhead study outlines the important security exposures that pertain the larceny of recognition card informations which is an information security hazard associated with Top store retail ( Gillies, 2011 ) . The hazards and exposures indicated in this audit study that is related to the following cardinal countries: Probable larceny of informations through use of card reading at the Point of Gross saless systems Probable breaches within the Top store retail company’s web Probable larceny of information from company waiters Each section as outlined indicates audit aims to be met in order to guarantee Top Shop Company is in the full conformance with the set criterions and ordinances. All parties anticipate rigorous conformity during the audit procedure where important inquiries will be answered in an honorable manner and supplying any back uping certification for the appropriate aims will be gettable one time requested. Recommendations have been offered with expected conformity from Top Shop retail to guarantee the security of its current systems and information, every bit good as information associating to its clients. Case Background Top store retail is a Britain transnational manner retail merchant of vesture, places, makeups and accoutrements. The Top Shop has about 500 shops globally in which around 300 stores are located in the UK plus on-line operations in a figure of its market. The Top Shop started as a trade name extension of the section of shops which ab initio sold manner by immature British interior decorators. The Top Shop expanded quickly because it changed its name to Top Shop which resulted in increased gross revenues and doing high net incomes ( Vacca, 2012 ) . To helped keep and managed its diverse scope of ironss and clients. Top store used a figure of Security Information System to help with the undertaking. The employed information systems include: Top store embraced widespread of the web throughout the offices, where all the computing machines were linked to one cardinal point. One director is installed at the waiter office to supervise all the linked systems in it. Top store being a largest store that sells extremely rated apparels embraced this sort of security method where the general screen being installed in an unfastened topographic point leting real-time monitoring of stocks from different locations. Point of sale system that allows over the antagonistic dealing and monitoring assorted types of goods where top store employed three types of security systems ; Directors from different locality had point of gross revenues installed on their computing machines to assist them pull off bing stock values, pricing, and locations Check out point to manage the minutess, monitor the flow of stocks and how they are being sold or refunded. Directors have other staffs installed at the door to counter look into the existent gross revenues with the reception produced by the system. This helps to cut down the happening of live minutess that lead to loss of merchandises ( Whitman, 2011 ) . This audit study chiefly focuses on top store blink of an eye check-out procedure point of sale which is a recognition card based system. Top store has several points of sale terminuss that are linked to one cardinal server operated by a senior director in the organisation. The waiter serves as a temporally cache where information are sent from the card reader, decoded and immediately compared with the Top Shop records before it is re- encrypted and forwarded through a secured cyberspace connexion to the appropriate fiscal point. Each system installed on a peculiar system as a card reader handles the undermentioned primary maps. The system can read the inside informations on the recognition card The system can formalize recognition card inside informations The system is able to roll up recognition card inside informations The system is able to have dealing inside informations. .uadd8786193edac99afe4690b62827936 , .uadd8786193edac99afe4690b62827936 .postImageUrl , .uadd8786193edac99afe4690b62827936 .centered-text-area { min-height: 80px; position: relative; } .uadd8786193edac99afe4690b62827936 , .uadd8786193edac99afe4690b62827936:hover , .uadd8786193edac99afe4690b62827936:visited , .uadd8786193edac99afe4690b62827936:active { border:0!important; } .uadd8786193edac99afe4690b62827936 .clearfix:after { content: ""; display: table; clear: both; } .uadd8786193edac99afe4690b62827936 { display: block; transition: background-color 250ms; webkit-transition: background-color 250ms; width: 100%; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; background-color: #95A5A6; } .uadd8786193edac99afe4690b62827936:active , .uadd8786193edac99afe4690b62827936:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; background-color: #2C3E50; } .uadd8786193edac99afe4690b62827936 .centered-text-area { width: 100%; position: relative ; } .uadd8786193edac99afe4690b62827936 .ctaText { border-bottom: 0 solid #fff; color: #2980B9; font-size: 16px; font-weight: bold; margin: 0; padding: 0; text-decoration: underline; } .uadd8786193edac99afe4690b62827936 .postTitle { color: #FFFFFF; font-size: 16px; font-weight: 600; margin: 0; padding: 0; width: 100%; } .uadd8786193edac99afe4690b62827936 .ctaButton { background-color: #7F8C8D!important; color: #2980B9; border: none; border-radius: 3px; box-shadow: none; font-size: 14px; font-weight: bold; line-height: 26px; moz-border-radius: 3px; text-align: center; text-decoration: none; text-shadow: none; width: 80px; min-height: 80px; background: url(https://artscolumbia.org/wp-content/plugins/intelly-related-posts/assets/images/simple-arrow.png)no-repeat; position: absolute; right: 0; top: 0; } .uadd8786193edac99afe4690b62827936:hover .ctaButton { background-color: #34495E!important; } .uadd8786193edac99afe4690b62827936 .centered-text { display: table; height: 80px; padding-left : 18px; top: 0; } .uadd8786193edac99afe4690b62827936 .uadd8786193edac99afe4690b62827936-content { display: table-cell; margin: 0; padding: 0; padding-right: 108px; position: relative; vertical-align: middle; width: 100%; } .uadd8786193edac99afe4690b62827936:after { content: ""; display: block; clear: both; } READ: Electric Cars EssayThe system is able to publish dealing inside informations such as list of points purchased, information such as clip and day of the month the purchases took topographic point. Hazards Hazards being the major menace for top store retail store that is much known for being vulnerable to major menaces in its twenty-four hours to twenty-four hours operations ( Vacca, 2012 ) . Weak hazards countries include ; Hazards of device fiddling that may take topographic point at the point of fabrication, where the deduction causes exceeding loss of client information and impact multiple concerns that rely on the maker for the units. The affected concern and the maker will lose its repute due to the loss. Device fiddling at the concern storage that could do a company lose its repute from the loss of several customers’ information and exposes defects in the company patterns that are deemed helpful. A Point of sale use with the company systems, Point of Sale fiddling would do loss of customer’s information, exposes the clients to important hazards and finally loss of concern repute. A Broken web that causes loss of client information from the system that would do loss of repute and finally loss of its clients ( Montesino, 2011 ) . Compromised mistakes that may do a large loss of client information exposes hazards in the company web system taking to loss of company good repute. Open waiters that may do loss of customer’s information, loss of the Top store most sensitive information and besides leads to loss of company repute. Audited account program An audit program is the specific guidelines to be followed when carry oning an audit that helps the hearer to obtain appropriate grounds that are sufficient for the fortunes. Audit Area Aims Gadget card readers Make certain all component functionality is tested once they are received. Make certain all elements are biddable with appropriate criterions A ; patterns Make certain proving country has proper protection and anti-virus scanners Device use bar To do certain proper staff segregation of responsibilities are enforced Ensure appropriate security actions are in topographic point such as restricted forces entree To do certain all storage location is adequate for high hazard things To inspect how device is installed at point of sale Top store Company web To verify watchwords used is valid and working Make certain traffic cheque is in usage to detect for fishy information Make certain proper security protocols and patterns in topographic point such as: Anti virus Staff entree limitations Verify how external thrusts such as brassy thrusts are treated and if processs are in topographic point to debar infections from distributing Top store retail waiters To do certain watchwords used is valid and working Make certain proper security protocols and patterns in topographic point such as: Anti virus Staff entree limitations Verify how external thrusts such as brassy thrusts are treated and if processs are in topographic point to debar infections from distributing To do certain proper staff division of responsibilities are enforced To do certain proper waiter segregation is enforced. Audit Plan Framework The International Accounting Auditing has taken stairss to develop a model for Audit Quality that articulates on the inputs and end products factors that contributes to scrutinize quality at the battle. Linux audit model because it helps do the system more secure by supplying a agency to analyse what is go oning on the system in great inside informations every bit good as an assistance in writing/implementing new Information Technology control systems ( Whitman, 2011 ) . Linux audit model is able to supply the undermentioned characteristics doing it good suited for this scrutiny including: Capability to supply the requested party with audits sentiments. Defines aims and ways they can aline with company ends. Gratify statutory demands Interview Questions A ; Documents Audit Objective Asked Question /Evidence collected Make certain all constituents functionality is tested one time received Stairss used to prove functionality Demonstrate testing Make certain all constituents are conformable with important criterions A ; patterns Demonstrate how the unit is conformable with criterions A ; processs Ask for conformance studies Stairss taken to do certain unit is in conformance. Testing country has proper protection such as anti-virus scanners Show reports sing protection used in proving country along with their characteristics Show what protection is in topographic point Demonstrate whether if the protection maps as intended Appropriate staff division of responsibilities are imposed Provide list of staff and their entree topographic points Ask staffs indiscriminately about their entree topographic points Get list of whom has entree to countries of high hazard Suitable security actions are in topographic point such restricted forces entree do certain security steps are installed Exhibit such security is working as intended Present certification on installed security devices Provide offices layout of where appliances are located Storage location is sufficient for high hazard merchandises Inspect the type of security steps in topographic point Request for layout of storage room Staff entree logs to room Inspect how device is installed at point of sale Inspect how device is installed at the point of sale Requests for records on who has entree to device Security steps in topographic point to forestall use Authenticate watchword used is valid and working decently Question what patterns in topographic point to guarantee keys are valid, alone and secure Inspect who has entree to the key and what responsibilities they have Log study on old keys Traffic look intoing in usage to watch for fishy informations Methods in topographic point to observe fishy informations and how they are handled Traffic monitoring reports/logs Demonstration A ; trial of how fishy information is dealt with Check how external media such brassy thrusts are treated and if steps are in topographic point to forestall infections from distributing Procedures in topographic point to manage external media Demonstration A ; trial of how it’s handled What stairss are taken if virus is detected Proper waiter segregation is enforced Check waiter locations Ask what happens sing assorted scenarios to find if merely one or multiple systems are affected Check of waiter logs .u5d56e931294a1336dc6e5a7bc94d10d3 , .u5d56e931294a1336dc6e5a7bc94d10d3 .postImageUrl , .u5d56e931294a1336dc6e5a7bc94d10d3 .centered-text-area { min-height: 80px; position: relative; } .u5d56e931294a1336dc6e5a7bc94d10d3 , .u5d56e931294a1336dc6e5a7bc94d10d3:hover , .u5d56e931294a1336dc6e5a7bc94d10d3:visited , .u5d56e931294a1336dc6e5a7bc94d10d3:active { border:0!important; } .u5d56e931294a1336dc6e5a7bc94d10d3 .clearfix:after { content: ""; display: table; clear: both; } .u5d56e931294a1336dc6e5a7bc94d10d3 { display: block; transition: background-color 250ms; webkit-transition: background-color 250ms; width: 100%; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; background-color: #95A5A6; } .u5d56e931294a1336dc6e5a7bc94d10d3:active , .u5d56e931294a1336dc6e5a7bc94d10d3:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; background-color: #2C3E50; } .u5d56e931294a1336dc6e5a7bc94d10d3 .centered-text-area { width: 100%; position: relative ; } .u5d56e931294a1336dc6e5a7bc94d10d3 .ctaText { border-bottom: 0 solid #fff; color: #2980B9; font-size: 16px; font-weight: bold; margin: 0; padding: 0; text-decoration: underline; } .u5d56e931294a1336dc6e5a7bc94d10d3 .postTitle { color: #FFFFFF; font-size: 16px; font-weight: 600; margin: 0; padding: 0; width: 100%; } .u5d56e931294a1336dc6e5a7bc94d10d3 .ctaButton { background-color: #7F8C8D!important; color: #2980B9; border: none; border-radius: 3px; box-shadow: none; font-size: 14px; font-weight: bold; line-height: 26px; moz-border-radius: 3px; text-align: center; text-decoration: none; text-shadow: none; width: 80px; min-height: 80px; background: url(https://artscolumbia.org/wp-content/plugins/intelly-related-posts/assets/images/simple-arrow.png)no-repeat; position: absolute; right: 0; top: 0; } .u5d56e931294a1336dc6e5a7bc94d10d3:hover .ctaButton { background-color: #34495E!important; } .u5d56e931294a1336dc6e5a7bc94d10d3 .centered-text { display: table; height: 80px; padding-left : 18px; top: 0; } .u5d56e931294a1336dc6e5a7bc94d10d3 .u5d56e931294a1336dc6e5a7bc94d10d3-content { display: table-cell; margin: 0; padding: 0; padding-right: 108px; position: relative; vertical-align: middle; width: 100%; } .u5d56e931294a1336dc6e5a7bc94d10d3:after { content: ""; display: block; clear: both; } READ: Spartan Women EssayRecommendation: The followers is a listing of recommendations to chair, place or manage hazards indicated in this audit study. Device use: All constituents received should be suitably tested to guarantee no use has occurred and that they are usually working ( Montesino, 2011 ) . Any units established to hold deficient alterations or contain viruses would be obviously ascertainable and can forestall larceny of client informations. This makes it easier to pull back to where such jobs may hold come from. Storage The storage installation used to hive away the point of sale appliance should be well protected to forestall unauthorised contact with some staff or even foreigners ( Whitman, 2013 ) . These installations should hold cameras to watch the state of affairs connected with an dismay and forced staff entree that uses watchwords to log in. This makes it really easy to detect who has been in the shop country should any issues happen. Ready device As the contraption has been set up, the location should be accurately checked to do certain that no susceptible countries are present. For illustration, the exposure of certain parts could intend either a staff or client inconspicuously mismanage the device. Furthermore, the country should stay under supervising to enter discerning behaviors. Manipulated Network Appropriate security actions would do certain no suspected staff or outside entryway to transpirate on the web ( Zhu, 2011 ) . The achievement of a firewall would significantly restrict entree to merely authorised forces while anti-malware applications detect menaces inside to forestall possible information escape. Manipulated watchword A manipulated watchword would intend that any protected information if taken off from a waiter or web would be easy decoded and viewable. To relieve this hazard, the usage of a strong key is critical. However, this can besides be farther improved through the changing of the watchword after a definite clip. Openwaiters Server suites ; It’s fundamental that they remain good protected because they contain company critical information that is much sensitive ( Gillies, 2011 ) . Accurate steps that are able to scan for malware and firewalls would eliminate a batch of hazards ; conversely server separation would do certain that all constituents are individually kept. Appendix Maggs, d. ( 2012 ) . Topshop possible menaces. Slideshare.net. Available at: hypertext transfer protocol: //www.slideshare.net/daisy_maggs/topshop-potential-threats-15723457 . Bibliography Davis, C. S. M. A ; . W. K. , 2011.IT auditing: utilizing controls to protect information assets.s.l. : McGraw-Hill. Gillies, A. , 2011. Bettering the quality of information security direction systems with ISO27000.The TQM Journal,23 ( 4 ) , pp. 367-376. Montesino, R. A ; . F. S. , 2011.Information security mechanization: how far can we travel? . In Availability, Reliability and Security ( ARES ) , 2011 Sixth International Conference.s.l. , s.n. , pp. 280-285. Vacca, J. R. , 2012.Computer and information security enchiridion. Newnes.s.l. : s.n. Whitman, M. A ; . M. H. , 2011.Principles of information security.s.l. : Cengage Learning. Whitman, M. A ; . M. H. , 2013.Management of information security.s.l. : Cengage Learning. Zhu, Y. W. H. , 2011. Dynamic audit services for unity confirmation of outsourced storages in clouds. In Proceedings of the 2011 ACM Symposium on Applied Computing. pp. 1550-1557. 1