Kudler Fine Foods Information Security

Kudler Fine Foods Information Security

Week Five

Learning Team B

Barbara Poe, Joel Davis

University of Phoenix, CMGT/400

July 11, 2016

Ellen Gaston

Introduction

Information security is an essential element in businesses today. When there is no proper structure of information security system developed, the reputation and the business operation of the enterprise might be negatively affected (Kiefer, 2004). If the organization cannot effectively maintain their status at an excellent standing, to can have an influence on the profits that the company can potentially make. The enterprise must handle several security issues. The primary purpose of this paper is clearly to highlight the various safeguards necessary for the Kudler Fine Foods Frequent Shopper Program and also the future audit provisions that the employees will use.

Before the Frequent Shopper Program system can be designed, it becomes a necessity to comprehend the particular requirements of the system. The system has two main user groups. The first group is the customer. The client can agree to be involved in the program, and will utilize the features of this new system. The second user group is the marketing system. They will use the program for the sole purpose of creating an incentive to the customer in returning to the store and also assess the effectiveness of the Frequent Shopper Program.

Initial Assessment

The issues that must be addressed are mainly from the current network of the company. After close evaluation of the current network diagram, there appears to be no monitoring or protection devices available to safeguard the internal resources. These Ethernet networks require significant security improvements to guard against various external threats. Therefore, the current AS-IS network will need a means of monitoring devices specifically developed for Information Technology. One device that is a large concern of the security assessment is the database. Privacy of customer's personal information, orders, and merchandise will be at most risk if this threat is not mitigated properly. There is also a need for some particular data encryption from both the external and internal threats. The organization does not own a specific antivirus application to safeguard the system from various malware applications (Brotby, 2009). The current system of the organization is at a significant disadvantage especially when it comes to online shops. With the rapid advancement of technology, their client volumes are at risk because their online population is growing at a fast rate. The only way that the organization can gain the ability to compete with other rival companies is the development of an online store website that will attract their clients that shop online more than in a physical store.

It might be devastating if these transactions by the customers are lost. As customer information might be at risk if it gets into the wrong hands. This type of sensitive information can bring negative outcomes on both the enterprise and also the clients. Significant amounts of funds can also be lost in this kind of information is stolen by various third parties on different elements. There should also be policies on those individuals that can gain access to this kind of customer information and also the extent of information that is required to be viewed. This would ensure that the employees cannot steal information or might accidentally cause various problems (Vacca, 2009). These policies must also address when, where and also who this information can be stored efficiently giving specific authorizations will make sure that the security of this information is not compromised.

The website of the company is the link between the business and the client. The website acts as a portal for the customer to purchase the product the company is currently offering. This website must also require some security protocols and also encryption for transactions that occur. This process will ensure that these operations are highly safe to develop and also it will ultimately bring peace to the mind of the customers. There is also another important aspect of information security which is the facility. The physical location is where confidential data will be protected and preserved. This facility will need effective security controls to ensure prevention of theft of the devices. These should also be some specific type of workers that control access authorization which would prevent an unauthorized employee, in accessing the control area. There should also be data storage redundancy locations in situations whereby data is destroyed, lost or stolen (Manish, 2012).

Security measures

Safety issues periodically arise that can allow unauthorized access or compromise the privacy of the users. Because online transactions occur on a daily basis, it is essential for Kudler Fine Foods to maintain proper security measures. These security measures include a firewall, router, enhanced web and email security, and layer two switch VLANing. Also, the use of ACLs, packet filtering, and encryption of data helps with the process of preventing hackers from intruding into the system. Furthermore, documentation should be used to initiate a formal company policy while making considerations to the security audits while locating the discrepancies and also reducing the potential for theft of vital information. The rewards loyalty program will use specific hardware to defend against electronic threats. The particular device that will be utilized is referred to as Cisco Adaptive Security Appliance. Along with this new security hardware improvement, additional malware and anti-virus software will also be installed on every computer that has access to the network of the company. This process will ensure that the system remains completely secure.

There are three essential components that the organization must focus on in the course of providing security for their entire network especially the frequent shopper program system. This will include availability, confidentiality and also integrity (Kim, and Solomon, 2012). These are the tenets of information system security for any organization. Availability enhances the accessibility of the information by the appropriate users especially when they are seeking valuable information. Integrity ensures that only the authorized users can change the information when necessary. The confidentiality element allows only the authorizers users in viewing information (O'Brien and Marakas, 2008).

These