Strategic Information Security Australian Supermarket Brand

Question: Describe about the Strategic Information Security for Australian Supermarket Brand. Answer: Introduction Background of the selected organization Company Profile Foodland Supermarkets is an Australian supermarket brand, which is operating over one hundred as well as fifteen locations in South Australia. The organization is operated in South Australian for over 50 years. The tagline of the organization is The Mighty South Aussies. With stores of 118, the food store has established an iconic brand in the retail sector of South Australia (Foodlandsa.com.au 2015). The products of the retail store are groceries, food, and drink. The retailers of Foodland are supporting South Aussie sporting, charities, schools as well as community clubs for around 50 years. Some of the competitors of Foodland Supermarkets are Aldi Australia, Coles, and Woolworths. Figure 1: Logo of Foodland (South Australia) (Source: Foodlandsa.com.au 2015) History The Foodland store was established in the year 1962, and after that, the retail store is expanded as well as modified over the years in order to become one of the food shopping center. The founder of the organization is Hoeper Family. Currently, Romeos retail group runs the retail organization. In the year 2005, Metcash owned IGA, which is Australia Supermarket Group, bought the brand of Foodland (Foodlandsa.com.au 2015). In the year 2016, Foodland introduced a new sub-slogan such as "green food lives here" as well as a new advertisement that gives a new version of their slogan The Mighty South Aussies jingle. Current Situation Foodland Supermarkets has the highest market share for their independent supermarket operators within Australia. The market segment of the organization is retail as well as grocery stores. The target group is South Australian, and their positioning supports the community. Foodland has 32 percent of market share of their supermarket retail market within South Australia. The organization has 96 percent awareness rate. Still, it competes with its one of the competitors Aldi that opens in 2016 (Foodsouthaustralia.com.au 2016). Values, vision and mission statement The core values of Foodland (South Australia) are customers those are most important for the business and then it is a community. The retail sector is also committed to the growth of business, and they have long-term supplier relationships (Foodlandsa.com.au 2015). Finally, they give value to right people in a right job and give them safer working environment. The mission of the organization is to provide their customers with exceptional services, great range, gives money value as well as an outstanding shopping experience. The vision of Foodland is to open 22 new stores across South Australia over the next five years. About the research paper The paper is based on current security issues of the selected organization, Foodland Supermarkets. The organization is facing cyber security risk in their retail business operations. It gives a huge impact on their brand reputation, productivity as well as profitability of their retail business. After identifying the current security state of Foodland, some improvement areas are also discussed so that the organization can overcome the security issues. If Foodland Supermarket should follow the information security strategies, which are suggested, to the organization, then they can make security improvements in their business operations. Security risks in Foodland Supermarkets Current security state of the selected organization Foodland respects the privacy and safeguards the personal information that provides through the website. However, the recent research shows that Foodland Supermarkets are likely to report cyber crime incidents (Kang Gray 2013). The food retail sector faces cybercrime threats from the factors such as cyber criminals seek to obtain financial account as well as customer data. The threats actors have targeted the point of sale system, customer databases, financial data of the organization and stored personally identifiable information (Fielke Bardsley 2013). The personal information of their customers is hacked by a hacker, and it is then misused. Foodland will retain the personal information in their companys database to serve better to their customers (Whitman Mattord 2014). The personal information is shared with the vendors and collaborates so that they can extend offers through coupons and promotions (Harrington 2014). The information is also used to verify the identity of the cu stomers to process payments for purchases through the website. As Foodland Supermarkets, operate an online website for selling off their food products, therefore online fraud is also increasing on a daily basis (Huang Gamble 2015). Due to three main factors, the Australian consumers are attracted to online shopping such as low price, wide range of goods as well as convenience (McHenry 2013). Online fraud is done due to fraudulent card use. The hackers steal the details of the payment card without aware the card owner. The fraudsters act as the customers if they have genuine cards. The chip technology is considered as a most secured payment method as compared to traditional credit card magnetic strips (Venkatesh, Rathi Patwa 2015). The magnetic strips consist of unchanging data that are used by the fraudster purchases until the cancellation of the card. The card with an EMV chip generates one-time transaction code, which is not used for any other in-store transaction. Figure 2: Types of Security Risks (Source: Venkatesh, Rathi Patwa 2015, pp-160) Possible security challenges Foodland Supermarkets are increasing the use of technology such as in-store Wi-Fi as well as the internet of things initiatives used to improve the customer experience (Foodsouthaustralia.com.au 2016). Through advanced threat monitoring, Foodland Supermarkets has identified top vulnerabilities so that the retailers should be aware to safeguard their business as well as protect the customers from the security threats. Internet of things: According to Williams, Hardy and Holgate (2013), the retail IoT market will worth $35 billion by the year 2020 as the retailers invest in IoT. It is done in order to manage inventory, mobile payments, shopper intelligence as well as the creation of advertisement and inventory (Foodsouthaustralia.com.au 2016). IoT creates challenges for the retailers, which are required to overcome. Use of Wi-Fi: Foodland has started to leverage public Wi-Fi for giving service to their customers (Bruwer Rawbone-Viljoen 2013). It is done to increase sales as well as gain valuable consumer data. The wireless networks should require deploying and manage so that it overcomes with major consequences, as the network might be un-encrypted. Card payment fraud: This kind of fraud occurs mainly occurs when the cardholder are not physically present at the time of payment such as online transactions (Smith 2013). It occurs, as the cards are not protected by chip as well as Pin. This type of fraud is also called credit card fraud as it involves payment card such as debit as well as a credit card at the time of the online transaction (Shapiro Varian 2013). Due to this security issues, it affects the brand reputation as well as the profitability of the organization. Data security breaches: The hackers steal the data of the customers and then it is misused by them (Galliers Leidner 2014). The hackers get the information of the customers when they share it on the website of the company at the time of purchasing of products. At that time, when the customers enter their personal information into the website of the organization, then the hacker steal that information and then they use it for any other purposes (Williams, Hardy Holgate 2013). Therefore, the organization requires eliminating the historical data of the customers when it is of no use. It will overcome the security issues of data breaches. Impact of security risk on the business operations The beaches result into negative global publicity, loss of the values of shareholders, reduction in profit as well as spend millions of dollars in mitigation of beaches. It also erodes the trust of the customer and brand reputation (Shapiro Varian 2013). The research shows concerns about the security of personal as well as payment data. Those beaches increase the concern of the retailers about their in-store security. The employee's at the retail food company discover that the network of the company has compromised when the customer start to report that the online ordering system is poor (Amrollahi, Ghapanchi Najaftorkaman 2014). The following are the factors that influence future targeting within the food retail sector as follows: Cyber criminals should take advantage of the busy holiday season to steal the details and information of the customers (Ucakturk Villard 2013). They can also compromise with retailer payment system at that time when a high volume of activities within the organization should take place. When Foodland Supermarkets develop new food and drink products, then the hackers can obtain proprietary information related to the new product (Yaokumah Brown 2014). The cyber criminals should target the retail sector when the companies should adopt new payment system; then they take advantage of undetected vulnerabilities as well as security flaws in the system (Mejias Balthazard 2014). The security of the data is more than the information technology issue. It is marketing issues as it provides great customer service imply the protection of the customers data. Njenga (2014) researched that the companies those are facing data breaches react negatively. The companies can lose 3 percent of their market value due to consequences of a data breach. Those incidents violate the trust of the customers. It is not the loss of trust by the current customers but a negative word of mouth, especially through social media. Customer data breaches result into bad publicity for the company (Williams, Hardy Holgate 2013). The research shows that the market value of the Foodland Supermarkets suffers a negative impact such as they can lose nine percent of their market value within 30 days (Foodsouthaustralia.com.au 2016). The marketers are reacted severely due to data breaches as the food retail sector can be fickle as well as they are not loyal to brands (Yaokumah Brown 2014). A breac h of any size leads to a strategic blunder by the market. Suggestions for improvement in security Strict privacy policies: Foodland should adopt electronic and procedural privacy policies in order to protect the information of their customers (Mejias Balthazard 2014). The website vendor is required to document confidentiality policies. Strict information security measures are required to implement in the organization to ensure that the industry standards are protected against unauthorized access of personal information. Foodland should implement data security measures, and regular penetration testing should be done on the websites as well as servers. Follow CNSS model: Foodland Supermarkets should adopt CNSS model for their organization so that it gives a detailed perspective of the security measures. It consists of three dimensions of security such as confidentiality of the data, integrity as well as the availability of the required data (Whitman Mattord 2014). It helps the organization to protect the information as well as customer's data are secured. Elimination of historical data: the Timely destruction of the historic data as per the data retention policies as well as procedures of the company should help to eliminate security issues such as data accuracy as well as security beach. Implementation of a new database system: A new system should be implemented during the IT upgrade of the organization (Amrollahi, Ghapanchi Najaftorkaman 2014). The company should remove histrionic data of the customers from the old database system before making IT changes. The new database system should be updated as well as maintained properly so that it will not outdated. The outdated information system should not give wrong information, which will be an issue for the organization. Fraud control measures for cards: Tighter procedures should be taken by the organization such as remote verification of the card is required to check its limit if it has stolen. Computer chip-based cards should replace the magnetic stripe of the smart card. This chip should be similar to the chip, which resides in the personal computer (Mejias Balthazard 2014). It consists of data such as magnetic stripe as well as a microprocessor, which undertake computations. Contingency plan: Foodland Supermarkets should require adopting post-breach protocol of how they will inform of data breaches as well as compensate their consumers (Whitman Mattord 2014). A good contingency plan can help to generate goodwill. A Proper plan should be done by the business analyst so that they can adopt a good contingency plan to improve their security issues. Establishment of IT governance: As Foodland Supermarkets is conducted online, therefore the establishment of IT governance program is required to integrate processes as well as technology to deliver security needs of the organization (Galliers Leidner 2014). It will reduce the cost of operations as well as eases the burden of regulation. Advantage of National Institute of Standards and Technology (NIST) framework: The NIST cyber security framework integrates the cyber security practices that are being developed by NIST. The framework consists of a risk-based compilation of the guidelines as well as provides with assessment designed to determine the current security capabilities (Amrollahi, Ghapanchi Talaei-Khoei 2014). It improves the data security, risk assessment, business strategy as well as response plans. Conclusion It is concluded that the food retail sector faces cybercrime threats from the factors for example; cyber criminals try to acquire related money record and client information. The threats actors are targeted on the purpose of offer framework, client databases, and monetary information of the association and put away by and by identifiable data. Foodland has started to leverage public Wi-Fi for giving service to their customers, and there are threats in the network. Card payment fraud is a most vital security threat as it steals the money of the customers. It mainly occurs when the cardholder is not physically present at the time of payment such as online transactions. After identifying the security risks, the organization requires mitigating those risks. Some of the suggested improvement strategies are that Foodland Supermarkets require implementing strict privacy policy in their organization. Foodland should execute information security measures to establish safety as well as regular penetration testing ought to be done on the sites and also servers. PC chip-based cards ought to supplant the attractive stripe of the smart card. This chip ought to like the chip, which dwells in the PC. It comprises of information, for example, attractive stripe and chip, which embrace calculations. The NIST framework should be implemented which comprises of risk-based arrangement of the rules and also provides with assessment designed to decide the present security capacities. References Amrollahi, A, Ghapanchi, AH Najaftorkaman, M 2014, A Generic Framework for Developing Strategic Information System Plans: Insights from Past Three Decades, InPACIS(p. 332). Amrollahi, A, Ghapanchi, AH Talaei-Khoei, A 2014, Three decades of research on strategic information system plan development, Communications of the Association for Information Systems,vol. 34, no. 1, p.84. Bruwer, J Rawbone-Viljoen, C 2013, BYOB as a risk-reduction strategy (RRS) for wine consumers in the Australian on-premise foodservice sector: Exploratory insights,International Journal of Hospitality Management,vol. 32, pp.21-30. Fielke, SJ Bardsley, DK 2013, South Australian farmers markets: tools for enhancing the multifunctionality of Australian agriculture, GeoJournal,vol. 78, no. 5, pp.759-776. Foodlandsa.com.au. 2015.About Foodland | Foodland SA. [online] Available at: https://www.foodlandsa.com.au/foodland/about-foodland/ [Accessed 31 Aug. 2016]. Foodsouthaustralia.com.au. 2016.Foodland announces major expansion program | Food South Australia: Feeding Connections. [online] Available at: https://foodsouthaustralia.com.au/2015/11/foodland-announces-major-expansion-program/ [Accessed 31 Aug. 2016]. Galliers, RD Leidner, DE 2014,Strategic information management: challenges and strategies in managing information systems. Routledge. Harrington, SL 2014, Cyber Security Active Defense: Playing with Fire or Sound Risk Management?,Rich. JL Tech.,vol. 20, pp.12-14. Huang, Q Gamble, J 2015, Social expectations, gender and job satisfaction: Frontà ¢Ã¢â€š ¬Ã‚ line employees in China's retail sector,Human Resource Management Journal,vol. 25, no. 3, pp.331-347. Kang, H Gray, SJ 2013, Segment reporting practices in Australia: Has IFRS 8 made a difference?,Australian Accounting Review,vol. 23, no. 3, pp.232-243. McHenry, MP 2013, Technical and governance considerations for advanced metering infrastructure/smart meters: Technology, security, uncertainty, costs, benefits, and risks, Energy Policy,vol. 59, pp.834-842. Mejias, RJ Balthazard, PA 2014, A model of information security awareness for assessing information security risk for emerging technologies, Journal of Information Privacy and Security,vol. 10, no. 4, pp.160-185. Njenga, K 2014, Symmetry in Social Construction during ERP Implementation: A Systems Security Perspective,International Journal of Business and Social Research,vol. 4, no. 3, pp.137-153. Shapiro, C Varian, HR 2013,Information rules: a strategic guide to the network economy. Harvard Business Press. Smith, D 2015, Data breaches sink senior management careers.MHD Supply Chain Solutions,vol. 45, no. 5, p.64. Ucakturk, A Villard, M 2013, The effects of management information and ERP systems on strategic knowledge management and decision-making.Procedia-Social and Behavioral Sciences,99, pp.1035-1043. Venkatesh, VG, Rathi, S Patwa, S 2015, Analysis on supply chain risks in Indian apparel retail chains and proposal of risk prioritization model using Interpretive structural modeling, Journal of Retailing and Consumer Services,vol. 26, pp.153-167. Whitman, M Mattord,, H 2014,Management of information security. 4th ed. Boston: Thomson Course Technology. Williams, SP, Hardy, CA Holgate, JA 2013, Information security governance practices in critical infrastructure organizations: A socio-technical and institutional logic perspective, Electronic Markets,vol. 23, no. 4, pp.341-354. Yaokumah, W Brown, S 2014, An empirical study into information security governance focus areas and their effects on risk management, InInformation and Computer Technology (GOCICT), 2014 Annual Global Online Conference on(pp. 42-49). IEEE.