We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Kudler Fine Foods IT Security Report

essay
The whole doc is available only for registered users

A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteed

Order Now

Kudler Fine Foods is an upscale specialty food store with the very best domestic and imported fare at every location. In keeping with their motto, “Shopping the World for The Finest Food”, Kudler Fine Foods shops the world in order to provides the very best Baked and pastry products, fresh meat and seafood, fresh produce, cheese and specialty dairy products, wines, and condiments and packaged foods. Kudler Fine Foods brings those food items back to their loyal customers in the San Diego metropolitan are. Kudler Fine Foods has stores in Del Mar, La Jolla, and Encinitas. Their mission is to offer their customers a delightful and pleasing shopping experience by employing experienced, helpful, and knowledgably staff, coupled with their selection of fine foods. Background

Customer rewards programs and the like have become commonplace in many small and large retail market places. Kudler Fine Foods understands the benefits these programs offer. Customer rewards programs are electronic records management (ERM) systems that collect and store customer sales transaction information in databases from which reports can be queried. Kudler Fine Foods plans to develop the RMS, but needs help from Learning Team “A” to manage security concerns during the system development life cycle (SDLC) in order to safeguard data stored as customer information within the newly implemented system as prescribed by the Federal Trade Commission (FTC). The FTC is charged with protecting the privacy of U.S. consumers. According to Federal Trade Commission (2007), the fourth broadly acknowledged principle is that data be accurate and secure. To guarantee data integrity, gatherers must take sensible steps, such as using only trustworthy sources of data and cross-referencing data against multiple sources, providing consumer access to data, and destroying untimely data or converting it to anonymous form.

Security involves both executive and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Executive measures include internal organizational measures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through use of passwords; and the storage of data on secure servers or computers that are inaccessible by modem (Fair Information Practice Principles, para. 4). Privacy Complaint Mitigation

When the FTC receives notice of a violation of privacy, it tries to negotiate a settlement that both parties can live with, but when no settlement is reached, the FTC issues a complaint using the phrase “would be in the best interest of the public”. If the complaint fails to yield favorable results, the FTC issues a temporary restraining order, followed immediately by a cease and desist order. Failing to respond appropriately to the order will result in a civil penalty imposed of up to $11,000, for each separate violation of the final “cease and desist” order (“Epic.org”, n.d.). Potential Threats

Threats to ERM systems can range from malicious physical threats on end user interface hardware to “Act of God” damages suffered from fire, flood, earthquake, and lightning and Cyber threats ranging from destruction of systems or information due to unwanted sabotage or vandalism from hackers to software attacks from viruses, worms, macros, and denial of service. “While this term originally referred to a clever or expert programmer, [hacker] is now more commonly used to refer to someone who can gain unauthorized access to other computers” (“Hacker,” 2013). Malicious attacks are carried out by all types of people, ranging from teens hacking for purposes of entertainment to competitors trying to gain some sort of strategic ground in the marketplace, but regardless how entertaining or serious the hacker may be, the outcomes can be the same—a disruption in customer service. Table 1 identifies these malicious threads and other potential threats facing Kudler’s new customer rewards program. Area of System Threat Potential Vulnerability

Table 1 – Table identifying the top threats to the new customer rewards program at Kudler Fine Foods Area System at Risk
Potential Vulnerability
Data
Technical hardware failures or errors Equipment failure
Data, Hardware, Personnel, Procedure, Software
Missing, inadequate, or incomplete Loss of access to information systems due to disk drive failure without proper backup and recovery plan organizational policy or planning in place Data, Hardware, Personel

Sabotage or vandalism Destruction of systems or information
Data, Software
Memory Safety Violation Buffer overflows
Data, Software
Technical software failures or errors Bugs, code problems, unknown loopholes Hardware
Forces of nature Fire, flood, earthquake, lightning
Hardware, Personel, Procedures, Software
Human error or failure Accidents, employee mistakes
Hardware, Personel, Software
Technological obsolescence Antiquated or outdated technologies Hardware, Procedure, Software
Missing, inadequate, or incomplete controls Network compromised because no firewall security controls Hardware, Software
User interface failures Data integrity loss
Hardware, Software, Personel
Deviations in quality of service ISP, power, or WAN service issues from service providers Personel, Procedure
Information extortion Blackmail, information disclosure
Personel, Procedure, Software
Theft Illegal confiscation of equipment or information
Personel, Procedure, Software
Software attacks Worms, Trojan horse, virus, denial of service

Personel, Procedure, Software
Espionage or trespass Unauthorized access and/or data collection Personel, Procedure, Software
Compromises to intellectual property Piracy, copyright infringement Software

Input validation errors Format string attacks, SQL injection, Cross-site scripting (web application) Table 1 Area of System Threat Potential Vulnerability
Areas of the System
In Table 2, areas of the system at risk of being potentially vulnerable include the five areas of a system which are as follows: • Data
This category refers to factual inputs used by programs in the production useful information • Hardware
This category includes the computers, peripherals, servers, I/O devices, storage and communication devices. • People
– This category refers to users of the information system. Though this category is often over-looked, people are most influential element in the information system’s success or failure • Procedure

– This category refers to policies and rules governing processes pertaining to information systems.

• Software
This category refers to computer programs that control functions within systems for the production useful information from data. Support manuals are also included in this category.

Table 2 Explanation of Systems at Risk
Most Critical Threats to Kudler
From the list of threats (Table 1), Learning Team “B” ranked the threats based on what we felt to be the most critical. From the list, we categorized each risk into three distinct security classifications: • High (H): Possibility of causing extremely serious personal or organizational injury, including any of the following: o Financial harm – extreme loss of capital/assets, imposition of extreme penalties/sanctions o Operational harm
– severe loss of operation control, breach of contract/regulatory standard, prolonged loss of public trust o Personal harm – loss of life, limb, or extreme danger to public safety • Medium (M): Possibility of causing serious personal or organizational injury, including any of the following: o Financial harm – significant loss of capital/assets, imposition of significant penalties/sanctions o Operational harm – significant impact on ability to serve, significant damage to partnerships, and reputation, significant impact from lowered employee moral o Personal harm – serious personal hardship

• Low (L): Possibility of causing limited or no injury to individuals or organization, including any of the following: o Financial harm – Some degree of financial loss
o Operational harm – Some degree of inability to serve, limited impact from lowered employee moral o Personal harm – Some degree of embarrassment
Severity Threat
High
Espionage or trespass
High
Software attacks
High
Theft
High
Forces of nature

High
Missing, inadequate, or incomplete controls
High
Sabotage or vandalism
Medium
Missing, inadequate, or incomplete
Medium
Compromises to intellectual property
Medium
Information extortion
Medium
Human error or failure
Low
Technical software failures or errors
Low
Technical hardware failures or errors
Low
User interface failures
Low
Deviations in quality of service
Low
Input validation errors
Low
Memory Safety Violation
Low
Technological obsolescence
Table 3 – List of Threats facing Kudler Classified by level of serenity.

References
Epic.org. (n.d.). Retrieved from http://epic.org//privacy/internet/ftc/Authority.html Federal Trade Commission. (2007). Retrieved from http://www.ftc.gov/reports/privacy3/fairinfo.shtm Hacker. (2013). In Techterms.com. Retrieved from http://www.techterms.com/definition/hacker

Related Topics

We can write a custom essay

According to Your Specific Requirements

Order an essay
icon
300+
Materials Daily
icon
100,000+ Subjects
2000+ Topics
icon
Free Plagiarism
Checker
icon
All Materials
are Cataloged Well

Sorry, but copying text is forbidden on this website. If you need this or any other sample, we can send it to you via email.

By clicking "SEND", you agree to our terms of service and privacy policy. We'll occasionally send you account related and promo emails.
Sorry, but only registered users have full access

How about getting this access
immediately?

Your Answer Is Very Helpful For Us
Thank You A Lot!

logo

Emma Taylor

online

Hi there!
Would you like to get such a paper?
How about getting a customized one?

Can't find What you were Looking for?

Get access to our huge, continuously updated knowledge base

The next update will be in:
14 : 59 : 59