Free Essay

Cmgt 400 Week 2 Team

In:

Submitted By tomonica
Words 1352
Pages 6
Kudler Fine Foods IT Security Report
Kudler Fine Foods is an upscale specialty food store with the very best domestic and imported fare at every location.
In keeping with their motto, “Shopping the World for The Finest Food”, Kudler Fine Foods shops the world in order to provides the very best Baked and pastry products, fresh meat and seafood, fresh produce, cheese and specialty dairy products, wines, and condiments and packaged foods. Kudler Fine Foods brings those food items back to their loyal customers in the San Diego metropolitan are. Kudler Fine Foods has stores in Del Mar, La Jolla, and Encinitas. Their mission is to offer their customers a delightful and pleasing shopping experience by employing experienced, helpful, and knowledgably staff, coupled with their selection of fine foods.
Background

Customer rewards programs and the like have become commonplace in many small and large retail market places. Kudler Fine Foods understands the benefits these programs offer. Customer rewards programs are electronic records management (ERM) systems that collect and store customer sales transaction information in databases from which reports can be queried. Kudler Fine Foods plans to develop the RMS, but needs help from Learning Team “A” to manage security concerns during the system development life cycle (SDLC) in order to safeguard data stored as customer information within the newly implemented system as prescribed by the Federal Trade Commission (FTC). The FTC is charged with protecting the privacy of U.S. consumers.
According to Federal Trade Commission (2007), the fourth widely accepted principle is that data be accurate and secure. To assure data integrity, collectors must take reasonable steps, such as using only reputable sources of data and cross-referencing data against multiple sources, providing consumer access to data, and destroying untimely data or converting it to anonymous form. Security involves both managerial and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data. Managerial measures include internal organizational measures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through use of passwords; and the storage of data on secure servers or computers that are inaccessible by modem (Fair Information Practice Principles, para. 4).
Privacy Complaint Mitigation

When the FTC receives notice of a violation of privacy, it tries to negotiate a settlement that both parties can live with, but when no settlement is reached, the FTC issues a complaint using the phrase “would be in the best interest of the public”. If the complaint fails to yield favorable results, the FTC issues a temporary restraining order, followed immediately by a cease and desist order. Failing to respond appropriately to the order will result in a civil penalty imposed of up to $11,000, for each separate violation of the final "cease and desist" order ("Epic.org", n.d.).

Potential Threats

Threats to ERM systems can range from malicious physical threats on end user interface hardware to “Act of God” damages suffered from fire, flood, earthquake, and lightning and Cyber threats ranging from destruction of systems or information due to unwanted sabotage or vandalism from hackers to software attacks from viruses, worms, macros, and denial of service.
“While this term originally referred to a clever or expert programmer, [hacker] is now more commonly used to refer to someone who can gain unauthorized access to other computers” ("Hacker," 2013). Malicious attacks are carried out by all types of people, ranging from teens hacking for purposes of entertainment to competitors trying to gain some sort of strategic ground in the marketplace, but regardless how entertaining or serious the hacker may be, the outcomes can be the same—a disruption in customer service. Table 1 identifies these malicious threads and other potential threats facing Kudler’s new customer rewards program.
Area of System Threat Potential Vulnerability
D:H Technical hardware failures or errors Equipment failure
D:H:Pe:Pr:S Missing, inadequate, or incomplete Loss of access to information systems due to disk drive failure without proper backup and recovery plan organizational policy or planning in place
D:H:S:Pe Sabotage or vandalism Destruction of systems or information
D:S Memory Safety Violation Buffer overflows
D:S Technical software failures or errors Bugs, code problems, unknown loopholes
H Forces of nature Fire, flood, earthquake, lightning
H:Pe:Pr:S Human error or failure Accidents, employee mistakes
H:Pr:S Technological obsolescence Antiquated or outdated technologies
H:Pr:S Missing, inadequate, or incomplete controls Network compromised because no firewall security controls
H:S: User interface failures Data integrity loss
H:S:Pe Deviations in quality of service ISP, power, or WAN service issues from service providers
Pe:Pr: Information extortion Blackmail, information disclosure
Pe:Pr:S Theft Illegal confiscation of equipment or information
Pe:Pr:S Software attacks Worms, Trojan horse, virus, denial of service
Pe:Pr:S Espionage or trespass Unauthorized access and/or data collection
Pe:Pr:S Compromises to intellectual property Piracy, copyright infringement
S Input validation errors Format string attacks, SQL injection, Cross-site scripting (web application)
Legend: D=Data, H=Hardware, Pe=People, Pr=Procedure, S=Software
Table 1 - Table identifying the top threats to the new customer rewards program at Kudler Fine Foods
Areas of the System
In Table 1, areas of the system at risk of being potentially vulnerable include the five areas of a system which are as follows:
• Data – This category refers to factual inputs used by programs in the production useful information.
• Hardware – This category includes the computers, peripherals, servers, I/O devices, storage and communication devices.
• People – This category refers to users of the information system. Though this category is often over-looked, people are most influential element in the information system’s success or failure.
• Procedure – This category refers to policies and rules governing processes pertaining to information systems.
• Software – This category refers to computer programs that control functions within systems for the production useful information from data. Support manuals are also included in this category.
Most Critical Threats to Kudler From the list of threats (Table 2), Learning Team “A” ranked the threats based on what we felt to be the most critical. From the list, we categorized each risk into three distinct security classifications:
• High (H): Possibility of causing extremely serious personal or organizational injury, including any of the following: o Financial harm – extreme loss of capital/assets, imposition of extreme penalties/sanctions o Operational harm – severe loss of operation control, breach of contract/regulatory standard, prolonged loss of public trust o Personal harm – loss of life, limb, or extreme danger to public safety
• Medium (M): Possibility of causing serious personal or organizational injury, including any of the following: o Financial harm – significant loss of capital/assets, imposition of significant penalties/sanctions o Operational harm – significant impact on ability to serve, significant damage to partnerships, and reputation, significant impact from lowered employee moral o Personal harm – serious personal hardship
• Low (L): Possibility of causing limited or no injury to individuals or organization, including any of the following: o Financial harm – Some degree of financial loss o Operational harm – Some degree of inability to serve, limited impact from lowered employee moral o Personal harm – Some degree of embarrassment
Severity Threat
H Espionage or trespass
H Software attacks
H Theft
H Forces of nature
H Missing, inadequate, or incomplete controls
H Sabotage or vandalism
M Missing, inadequate, or incomplete
M Compromises to intellectual property
M Information extortion
M Human error or failure
L Technical software failures or errors
L Technical hardware failures or errors
L User interface failures
L Deviations in quality of service
L Input validation errors
L Memory Safety Violation
L Technological obsolescence
Table 2 - List of Threats facing Kudler
Classified by level of serenity.
References
Epic.org. (n.d.). Retrieved from http://epic.org//privacy/internet/ftc/Authority.html
Federal Trade Commission. (2007). Retrieved from http://www.ftc.gov/reports/privacy3/fairinfo.shtm
Hacker. (2013). In Techterms.com. Retrieved from http://www.techterms.com/definition/hacker

Similar Documents

Premium Essay

Get Online Help with Ur Assignment Ashford a+Material

...http://homeworktimes.com/downloads/acc-202-complete-course-acc-202-entire-course/ http://homeworktimes.com/downloads/acc-206-entire-course-new/ http://homeworktimes.com/downloads/acc-206-new-week-1-assignment-chapter-one-problems/ http://homeworktimes.com/downloads/acc-206-new-week-2-assignment-chapter-two-three-problems/ http://homeworktimes.com/downloads/acc-206-new-week-2-journal-institute-management-accounting/ http://homeworktimes.com/downloads/acc-206-new-week-3-assignment-chapter-four-five-problems/ http://homeworktimes.com/downloads/acc-206-new-week-3-journal-hershey-company/ http://homeworktimes.com/downloads/acc-206-new-week-4-assignment-chapter-six-seven-problems/ http://homeworktimes.com/downloads/acc-206-new-week-5-assignment-chapter-eight-problems/ http://homeworktimes.com/downloads/acc-206-new-week-5-assignment-final-paper/ http://homeworktimes.com/downloads/acc-212-financial-accounting/ http://homeworktimes.com/downloads/acc-250-complete-course-acc-205-entire-course/ http://homeworktimes.com/downloads/acc-290-complete-course-acc-290-entire-course/ http://homeworktimes.com/downloads/acc-291-complete-course-acc-290-entire-course/ http://homeworktimes.com/downloads/acc-340-entire-course-acc-340-complete-course/ http://homeworktimes.com/downloads/acc-400-complete-course-acc-400-entire-course/ http://homeworktimes.com/downloads/acc-407-entire-course/ http://homeworktimes.com/downloads/acc-455-complete-course/ http://homeworktimes.com/downloads/acc-492-complete-course-acc-492-entire-course/ ...

Words: 3197 - Pages: 13

Premium Essay

Cmgt 400 Week 4 Dqs

...This archive file of CMGT 400 Week 4 Discussion Questions comprises: DQ 1: Post a 150-200-word response to the following discussion question by clicking on Reply. What are the top three areas that an organization should work on to respond to the issues raised in the de Villiers (2010) article? Why are these areas critical to the organization? Is the author Deadline: ( ), Computer Science - General Computer Science Group Project: MiniQuest Database Objective | Overview | Case Project Overview | Needed Reports | Sample Data | Some Known Assumptions | What Your Team will be Required to Do | Task 1 (Due at the end of Week 3) | Task 2 (Due at the end of Week 4) | Task 3 (Due at the end of Week 5) | Task 4 (Due at the end of Week 6) | Task 5 (Due at the end of Week 7) | Submission of Tasks | Team Member Responsibilities | Assessment | Grading Rubrics Objective The project for CIS336 is designed to touch all aspects of the fundamental concepts of database design and logical data modeling covered during the class. The project is team centered and each team will be responsible for designing, developing, and demonstrating the functionality of a database created based on a defined set of business specifications. At the end of the session, each project team will submit the database designed by the team and demonstrate the database's ability to deliver the required information as outlined in the project specifications....

Words: 359 - Pages: 2

Premium Essay

Com 285 Cross Cultural Communication

...This pack of CMGT 400 Week 5 Discussion Questions shows the solutions to the following problems: DQ 1: Post a 150-200-word response to the following discussion question by clicking on Reply. What is the role of an internal IT audit group in an organization? Why is having such a group important for an organization and why should it report outside the normal IT reporting channels? DQ 2: Post a 150-200-word response to the following discussion question by clicking on Reply. What are at least three questions that you would ask to perform basic threat modeling for a field other than health care? Base your response on the information found in the AHC Media article (2009). Discuss your reasons for picking the questions you use. Deadline: ( ), Computer Science - General Computer Science Group Project: MiniQuest Database Objective | Overview | Case Project Overview | Needed Reports | Sample Data | Some Known Assumptions | What Your Team will be Required to Do | Task 1 (Due at the end of Week 3) | Task 2 (Due at the end of Week 4) | Task 3 (Due at the end of Week 5) | Task 4 (Due at the end of Week 6) | Task 5 (Due at the end of Week 7) | Submission of Tasks | Team Member Responsibilities | Assessment | Grading Rubrics Objective The project for CIS336 is designed to touch all aspects of the fundamental concepts of database design and logical data modeling covered during the class. The project is team centered and...

Words: 368 - Pages: 2

Free Essay

Cmgt 400 Week 1 Dqs

...This file of CMGT 400 Week 1 DQs shows the solutions to the following problems: DQ 1: Post a 150-200-word response to the following discussion question by clicking on Reply. What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business? DQ 2: Post a 150-200-word response to the following discussion question by clicking on Reply. How can information be an asset in a company? Discuss three different examples of information that should be protected by a company and not exposed. Include several examples of what management could do to protect each example. Deadline: ( ), Computer Science - General Computer Science Group Project: MiniQuest Database Objective | Overview | Case Project Overview | Needed Reports | Sample Data | Some Known Assumptions | What Your Team will be Required to Do | Task 1 (Due at the end of Week 3) | Task 2 (Due at the end of Week 4) | Task 3 (Due at the end of Week 5) | Task 4 (Due at the end of Week 6) | Task 5 (Due at the end of Week 7) | Submission of Tasks | Team Member Responsibilities | Assessment | Grading Rubrics Objective The project for CIS336 is designed to touch all aspects of the fundamental concepts of database design and logical data modeling covered during the class. The project is team centered and each team will be responsible...

Words: 360 - Pages: 2

Premium Essay

Project Controls

...Week Four Team Charter, Project Plan, & Costing Learning Team D Barbara Fulton, Israel Salinas, Jessica Thomas, Jesse Moody, Solomon Kebede CMGT/410 September 30, 2013 Kara McFall, EdD, PMP General Information |Project Title: |Racing games for Smartphone’s | |Brief Project |Video game production company that makes video games for the popular consoles and now wants to make a version of | |Description: |one of their racing games for Smartphone’s hosting the android operating system. | |Prepared By: |Team “D” | |Date: |9/30/2013 |Version: |Three | Background Information VG Production Company is a company that specializes in video games for popular gaming consoles. Founded in 1994, VG has been one of the most successful video game production companies in the United States. Recently, the demand in video game applications for smart phones on the Android market has been growing exponentially. As a result, VG Production Company has decided to extend its video games from consoles to smart phones, starting with its most popular racing game, Extreme Burner’s. Goals and Objectives The goal of...

Words: 2039 - Pages: 9

Premium Essay

Kudler Fine Foods

...CMGT/400 Final Project Kudler Fine Foods IT Security report This table is developed to help us identify the top threats with the new customer rewards program that we are putting into play. Kudler Fine Foods is getting a new and improved system that will help them keep track of the shoppers purchase activities. This table was developed by us in hopes of letting them know the vulnerabilities’ and threats that may arise while doing so. Also we have drafted a summary of the threats that we the team feel will be very influential to this process. This security report and presentation is what we have prepared in hopes of gathering this information that it will help them with their new system. Table of Threats Area of System | Threats | Potential Vulnerability | Loyalty Program | External and Internal Users | Loss of customer financial data, loss of customer privacy information. | System Network Access | Internet | Hackers can gain customer and business info. Loss of Revenue, Loss of customer data. | Employees (Kudler) | Information misplacement | Accidental loss of customer data, Loss of Revenue | Point of Sale System | Unauthorized user | Data breach, loss of customer information, company data loss. | | | |   |   |   | You have to also consider your technical security when starting any kind of project such as this frequent shopper program. You have firewall that is needed to help defend the server and stop a data breach. The user configuration that...

Words: 1511 - Pages: 7

Premium Essay

Project Management

...Project Management Project CMGT/410 Kudler Fine Food Implementation Project Introduction Kudler Fine Foods is a privately owned California-based gourmet food store founded in 1998 by Kathy Kudler. Kudler Fine Foods has three stores in La Jolla, Del Mar, and El Encinitas, California. KFF offers high-end products and markets them in upscale neighborhoods. KFF has expressed an interest in the development of an Enterprise Resource Planning (ERP) system to improve business administration and integrate stores and business systems. The desired results from a successful implementation of the ERP: devising more informed decision-making strategies, streamlining sales and business processes across the three stores and integration all functional business systems for effective business management. This document serves as a project plan to define necessary information and detail for the development and implementation of the Kudler Fine Foods ERP system in reference to Service Request SR-kf-004. Background and Statement of Need Kudler Fine Foods is a specialty food store that currently has three locations in the San Diego metropolitan area. The stores stock specialty foods that are both domestic and imported and are also perishable. The owner is in the process of opening two additional stores as well as developing a website that consumers would be able to make purchases and the stores would be able to track inventory and stock as well. In addition...

Words: 7534 - Pages: 31

Premium Essay

Kudler Fine Foods Frequent Shopper Program

...Kudler Fine Foods Frequent Shopper Program Brian Musha, Darrell Jones, David Kress, Matthew DiMare, Jason Longo, Thomas Kunis CMGT/400 February 9, 2015 Robert Quintin Introduction Team C has been tasked to develop a Customer Loyalty Program for frequent shoppers at Kudler Fine Foods. The program will consist of loyalty points that may be used by the frequent shoppers to purchase high value merchandise from the vendors of the loyalty points partner program. The team has also been tasked to insure that the information collected from the frequent shoppers is securely protected from outsiders and others that may make the system vulnerable to threats. Team C will cover each step within the system development life cycle to cover all systems affected and mitigation of risks and will at properly satisfy the needs of Kudler. Outline of Customer Loyalty Program Kudler Fine Foods prides itself on delivering the finest in specialty foods from around the world. In continuing with the tradition of providing the best for their customers Kudler has decided to develop a Customer Loyalty Program. This program will consist of a loyalty points program with said point being accrued from purchases made from Kudler. The customer will have to sign up for the program and after doing so will have their purchases tracked and with each purchase will collect loyalty points that can later be used towards high value items provided by vendors of a loyalty points partner program. The reasoning...

Words: 4127 - Pages: 17