Академический Документы
Профессиональный Документы
Культура Документы
By
Student Name
Abstract
Writing a research paper on the cyber-security as part of course curriculum helps in improving
research skills and knowledge on cybersecurity trends and issues. As Woolworth’s retail food
business is operating in the e-commerce field, it is prone to security and privacy issues to data.
But, handling security issues and removing weaknesses from the internal and external side of the
analysis on current programs, laws, and ethics following to meet regulatory compliance, strategic
planning and governance activities, and developing policy for improving security. The findings
produced in the report will help Woolworth to take further actions and enhancing security
posture.
Table of Contents
Abstract............................................................................................................................................1
1. Introduction..............................................................................................................................2
References........................................................................................................................................8
Appendix..........................................................................................................................................9
1. Introduction
Woolworths is considered as the top retailer and eCommerce Company in Australia. It sells a
variety of products and services to customers. It is the most valuable brand in Australia. The
brands offered by Woolworth include fruit and vegetables, bakery items, drinks, freezer, pet care,
baby care, household, health and beauty, seafood and meat, etc. Woolworth Australia has the
biggest supermarket chain of 995 stores throughout Australia. It depended on 115,000 employees
in the distribution centers, stores, and supporting offices to add value to customers [ CITATION
Woo20 \l 1033 ]. It facilitating many opportunities to shop with it from home and comfort of
customers to deliver fresh meat, vegetables, and food. Woolworths serving millions of customers
regularly by selling trusted and recognizable brands over its website. More than 2.1 million
customers are visiting the website of Woolworths to purchase products over the internet.
Woolworths is closely working with Australian farmers and growers to make the best and high-
experience issues related to cyber-security. It needs to avoid these issues to ensure protection for
customer data as well as business data. Cyber-security is important nowadays to operate the
data to avoid customers experience scams in online shopping[ CITATION Moh13 \l 1033 ]. To
become a legitimate and valid business in the market, Woolworths requires to focus on internal
vulnerabilities and weaknesses presented with networks and communication assets by assessing
current security posture. It helps in taking protective measures to avoid access to financial data
managing information security at Woolworths, laws, and ethics followed to meet regulatory
compliance, strategic planning and governance to improve information security, and developing
and security transactions made over the internet in purchasing food products and services and
ensure protection to customer databases to protect confidential and sensitive data. The security
programs undertaken by Woolworths need to reflect the roles developed for implementing
organizations to meet the requirements of security. Effective security standards are essential for
posture[ CITATION Woo194 \l 1033 ]. To analyze the security posture of Woolworths, a model
called CNSS is considered to perform an investigation on the three security aspects including
confidentiality, integrity, and availability, and understand the strategies following for improving
security.
information only to authorized and authenticated people. The measures against the data while it
Integrity: Integrity is maintaining for financial and business data to avoid destruction, damage,
corruption, and disruption when it is storage, processing, and transmitting mode. The methods
like validation and error checking are considered to enhance data integrity [ CITATION Suh16 \l
1033 ]. It involves the allocation of required access to employees of Woolworths based on their
Availability: Availability principle supporting the company in ensuring the correct format of
data to users and facilitating access to systems and registered users. It indicates information is
available only to authorized users whenever required. For example, customer email addresses,
contact, and past purchasing history are only used for promotional purposes and communicating
Privacy: Woolworths has a good privacy policy to manage the information collected from
customers and users. It has been following good practices for the management of information in
several ways. Those include the type of personal information collected from customers, the
method used for gathering and holding data, the procedure to complain against the privacy issues
by customers, the intention of collecting, using, holding, and disclosing information, user rights
to access data, and practices to share data for overseas[ CITATION Woo201 \l 1033 ].
Virtual private networks, and IPSec. These are using to improve the email process, remote
communication, and managing network connections. It has been improving to reduce the chances
employees, computers, and network components used regularly. Physical security measures are
placed at stores and distribution centers including alarm systems, CCTVs, and panic buttons to
various strategies have been following effectively including providing training to employees on
the key principles of security, protecting the information of customers and their orders by
establishing secure connections, improving security through firewalls, protecting networks and
on the website and email communication to promote new offers on products and services.
Security of communication is being improved through adopting encryption standards into email
customers and partners in selling and buying businesses and best practices to disclose personal
of ethical practices to conduct business ethically and avoid cyber-security issues to business. It
has an e-commerce platform that requires ethics to sell products through the website. Ethics are
important in promoting the use of social media to get connect with customers and utilization of
their persona data like name, email addresses, contact, profiles, bank information, and
purchasing history to promote their products and services. The ethical practices of Woolworths
are identified as
The e-commerce website uses to gather information like address, age, telephone, and gender
Information gathered from only people clicked on links for registering with the company and
Woolworths has strict practices with third parties to utilize the services for storing and
processing data. It focused on the elimination of issues and risks presented to businesses in
The ethics followed by Woolworths are divided into three categories including trust, loyalty,
The ethics of the e-commerce business of Woolworths are helping in building positive
Customer loyalty has great significance in the e-commerce business. Personal collecting
while purchasing products and services from the website is associated with loyalty programs
various laws that are categorized into four types including statutory law, constitutional law,
environment.
The privacy act 1988 is the main law adopted by Woolworths to improve protection to
customer information, business data, and trade secrets. Other privacy laws including the
Electronic Communication Privacy Act 1986 and Federal Privacy Act 1974. As per these
acts, Woolworth is protecting business partners and individual customers to avoid revealing
information without their consent. ECPA regulates oral and electronic communication made
PCI DSS standards and guidelines are following for protection of sensitive financial data of
debit cards and credit cards used by customers for making an online payment. To align with
the security requirements of PCI DSS, various initiatives like encryption programs, anti-
Copyrights and intellectual property rights are created for e-commerce websites, trade
secrets, and business ideas to avoid hackers engaging in high tech crimes and ruining the
Accountability Act (HIPAA) to ensure protection for the private information related to the
health status of customer’s whey they purchased insurance and food products [ CITATION
Pet162 \l 1033 ].
It requires to reduce the criminal activities performed by hackers by accessing network and
commerce website to deny access to order products and services over the internet as per the
Woolworths applying different privacy laws to manage business processes and collect and
processes, systems, and practices to comply with laws developed to avoid spam
according to the SPAM act and the unsubscribe option is facilitated for customers that don’t
Woolworths giving importance to strategic planning and governance activities to add worth to
done to align with the mission, vision, and values of the business. Strategic planning is done at
the top level and implemented at a middle and low level. This process at Woolworths is
Security Officer (CISO) as a part of IT strategy. The main role of CIO and CISO is to the
created effectively for different levels of security including system-level security, network-
level security, and transaction-level security. This planning is more than 5 years.
In the second level, strategic plans are converted into tactical plans to implement by cyber-
security officers, system managers, network managers, and security managers. The short-
In the third level, tactical planning is converted into operational planning to improve security
in regular business operations like customer orders, managing online transactions, and
updating inventory and paid databases. In this level, network technologies, security audits
and assessment, network security, firewalls, and intrusion detection are focused on creating
Governance activities: Woolworth decided to consolidate all business data into the cloud
platform offered by Google Company to make better improvements to the generation of insights
and suggesting required action for team members. This decision supporting in easier upgrading
governance activities are further supporting Woolworths in the establishment of the business
resilience and cybersecurity teams to enhance physical security and information security to avoid
dangers from external threats from hackers. The company also developed different policies such
as acceptable use of information systems policy and group cybersecurity policy to gather, use,
share, manage, and secure information. The main benefit of security governance activities is that
avoiding loss generated from data and information assets and avoiding abuse of supplier,
customer, and sensitive information of the organization and unauthorized disclosure of data.
The board committee established by Woolworths responsible for managing key activities like
reviewing security standards, procedures, and training programs implementing at the company. It
also focuses on minimizing risks generated from cyber fraud, cyber-security, and data privacy
issues. To gain the benefits associated with governance on information security, selecting a good
model is required[ CITATION Ste20 \l 1033 ]. The model called IDEAL that abbreviated as
initiating, diagnosing, establishing, acting, and learning to gain various benefits like utilization of
allocated resources for security programs, making information security as a key part of system
development life cycle, performing regular testing and auditing on security programs, and
facilitation of training and awareness to employees. In the initiating phase, groundwork is done
for the governance framework. Diagnosing step is to determine the future state of security
the acting phase is to implement a security plan, and learning is to utilize experience to make
are controlled by an Act called the Corporations Act 2001[ CITATION Int19 \l 1033 ]. As per this
act, Woolworth’s organization has to take responsibility for cyber-security issues caused by
This section is to development of the information security policy for Woolworth's organization to
avoid the occurrence of issues. The policy developed needs to cover three areas including
and networks. These are developed by top management to create policies aligning with the
strategic plan. For improving application security, it needs to separate the production
environment from the testing environment, performing risk evaluation on the applications used
for collecting, storing, and transmitting personal information, and separation of roles and
responsibilities[ CITATION Was20 \l 1033 ] . These are implemented during stages of the software
development life cycle. To improve the security of systems, security analysis and configuration
plays an important role. The policies such as password policy, least privilege policy, and
permissions to access files stored in a system. Finally, network security is improved by various
key policies including device policy, wireless LAN policy, communication policy, firewall
policy, remote connection policy, internet access policy, and demilitarized policy.
Procedures: Procedures are required for promoting awareness on the new security policies,
reporting a violation of security practices, scheduled reviewing of policy, penalties imposed for
violation of policies, and controls used for improving the security posture of a firm. Computer-
based and classroom-based training is facilitated to employees on the new security programs and
controls taken for improving security. To report a violation of privacy or security policy, a
privacy officer or security officer role is established. Complaint form facilitated needs to be
utilized by employees and customers. In the policy statement, procedure for reviewing security
policy twice or thrice a year to find out the loopholes presented for external attacks on the
website and extranets. Knowledge of controls like encryption, virus protection, physical security,
standard useful in enhancing information security and motivates taking initiatives. It provides
practices and guidelines required for meeting compliance with legislations and regulations and
Moh191 \l 1033 ]. It facilitates content for different areas of security including asset management,
access controls, operations security, information security, environmental and physical security,
human resource security, information security incident management, and business continuity
management. ISO provides security controls and clauses to protect the information in the era of
Guidelines: ISO 27002 is used as a reference document to provide guidelines for information
security in e-commerce firms. It is used for giving assurance to clients and customers regarding
the information security practices followed at Woolworths and gaining a competitive advantage
over competitors[ CITATION SHS09 \l 1033 ]. It supports trading with e-commerce partners and
identified that it is performing good in managing information of customers and implementing the
privacy policies developed for collecting and managing personal information and management of
the customer loyalty programs. The Woolworth Company is performing well in terms of
enhancing security and managing customer information and data. The present report covered
effectively the security aspects of Woolworths covering managing information security, laws and
ethics followed to meet regulatory compliance, strategic planning, and governance to manage
security programs, and developing information security policy. It is learned that triad of security
principles including confidentiality, integrity, and availability, privacy laws followed, and types
communication security, and operations security. The company promoting different regulatory
laws including privacy act 1988, Electronic Communication Privacy Act 1986, and the Federal
Privacy Act 1974, the National Information Infrastructure Protection Act’, HIPAA, and SPAM
act. Strategic planning required for improving information security is developed in three levels of
hierarchy including top-level, middle level, and low level and it is learned that governance
activities are monitoring and managing by board committee taking several initiatives. Finally, an
information security policy is created for Woolworths to take security to the next level. Several
things are recommended for the company including policies, procedures, standards, and
Abbott, C. & O’Dowd, K., 2020. Woolworths Hit With Largest Spam Infringement To Date.
[Online]
infringement-to-date/
Anwar, M. J., Gill, A. Q. & Beydoun, G., 2018. A review of information privacy laws and
Chrapavy, P., 2016. Cybersecurity Risks: Are They Inflated?. Salus Journal , 4(2), pp. 19-31.
Hasib, M., 2013. Impact of Security Culture on Security Compliance in Healthcare in the United
Publishing Platform.
International Comparative Legal Studies, 2019. Australia: Cybersecurity Laws and Regulations
2020. [Online]
regulations/australia#:~:text=In%20Australia%2C%20unauthorised%20access%20to,both
%20State%20and%20Federal%20legislation.&text=Persons%20suspected%20of
%20unauthorised%20access,modification%20of%2C%20re
Important Attribute of Information Security. Journal of Information Security, 7(3), pp. 185-194.
Schinagl, S. & Shahim, A., 2020. What do we know about information security governance?
“From the basement to the boardroom”: towards digital security governance. Information and
Sharma, G. & Lijuan, W., 2014. Ethical perspectives on e-commerce: an empirical investigation.
Sharma, M. et al., 2019. IAS Mains Paper 3 Technology Economic Development Bio Diversity
Environment, Security & Disaster Management 2020. s.l.:Arihant Publications (India) Liimited.
Solms, S. & Solms, R., 2009. Information Security Governance. 1st ed. New York: Springer US.
White, G., 2009. Strategic, Tactical, & Operational Management Security Model. Journal of
brands/supermarkets/Woolworths/
Woolworths Group, 2019. Better Together 2019 Annual Report, Australia: Woolworths Group.
Woolworths, 2020. Woolworths Group Privacy Policy. [Online]
Mission: The mission of Woolworths is to develop and deliver best, value-adding, convenient,
Vision: The vision of Woolworths is to facilitate passionate commitment towards the people,
Inspirational
Collaborative
Customer obsessed
Quality
Being responsible
%20BUSINESS%20BUILT%20ON%20INTEGRITY,-Unwavering
%20dedication&text=Unwavering%20dedication-,We%20are%20on%20a%20mission%20to
%20deliver%20the%20best%20in,and%20quality%20for%20our%20customers.&text=We
%20employ%20201%2C000%20team%20members,across%20our%20brands%20every
%20week.