IS model used in Woolworths Limited

Discuss about the IS Security and Risk Management for Woolworths Limited.

This report depicts the impact of Information System security model in the nominated organization, named as Woolworths Limited. It is found that proper security will help the company to gain economic profit and competitive advantages. In order to process and run any business successfully, Information System plays active role. Information System can process both the operational and functional activities for mitigating the entrepreneurial issues (Fernie & Sparks, 2014). After identifying the current status of the company and its statistical data security recommendations are also illustrated in this report.

The IS model used in Woolworths Limited, is based on Supply chain management. The company has a SAP based ERP module that helps the company to gain effective business revenue and commercial success. The IS model its application, security standard and control system that should be incorporated to resolve the obstacles are illustrated in this report. Apart from this, a risk analysis and contingency plan for the organization analyzing the IS threats, vulnerabilities and tool including social engineering are also illustrated in this report. 

 The Information System Security model used by the business organization is SAP based ERP but currently they have invested huge amount for Supply chain management (SCM). The aim of the company is to provide quality products and service to the consumers belongs to Australia and New Zealand (Whyte, 2016). Besides this, Woolworths is also focused to improve their stock turn for optimizing the network efficiency and to ensure that they are serving in more than 800 stores in United Kingdom. With SCM, it can remove all negative perceptions and place its brand value at a top position. It has 205,000 employees who serve over 30 millions of customers in 3000 stores.

Woolworths Limited used to use manual Information management system to manage their financial and personnel data. However, it faced many issues while managing their data manually because manual data management system was all managed by human. Due to excessive rate of manmade errors, the company was wished to develop an Information system during selling products both offline and online (Stadtler, 2015). For managing large number of clients, financial data and personnel data of the employees, Woolworths has planned to implement Information System (SCM) to increase its operational security. Woolworths has as a whole ERP module but the SCM information System helps it to establish a bridge between its selling and buying details. After adopting the SCM, the benefits that the company has gained re as follows:

• The rate of business efficiency increases and the cost effects decreases
• Improves inventory system and relationship between the vendors and distributors
• The responsiveness towards the consumer’s requirements of the system improves
• The supply chain network gets enhance through combining all the supply chain networks (Laudon & Laudon, 2016)
• It gives high productivity and better security to the consumers

Benefits of adopting SCM

Comparison between the General Management Control (GCM) and Application Control (AC) for Information System of Woolworths Limited

Woolworths Limited has adopted Supply Chain Management Information System for their company to make them deal with all applications served. General Management Control is a set of procedure and policies related to all its application whereas; AC deals with only the IS applications (Brandenburg et al., 2014). The business functionalities and operation are supported accurately with the ACs. The mainframe of the business organization is controlled with ACs. The benefits can be gained from GCM are as follows:

The benefits of Application Control are as follows:  

• ACs can control and identify those applications which are not involves in the IT environment but to be added
• It can automatically identify the needful trusted software and software license to authorize the applications
• It reduces the risks from business network and application by resolving the IT complexity and application risks (Denolf et al., 2015)
• Prevent exploitation of unpatched operating system and vulnerabilities associated to the third party application.
• Overall network stability improves and eliminates the risks possessed

On the other hand, the features of General Control Management System of Woolworths are as follows:

• General Control Management of any organization facilitates the service and performance of the company to ensure its production (Abunar & Zerban, 2016).
• It helps to set goals for the desired objectives
• It can compare the measured achievements and original goals or objectives of the company
• GMC provides high level physical security to the organizational assets and other records (Laudon & Laudon, 2016).
• It provides security to the server as a result no unauthorized users will be able to access data from it
• With the help of GCM change management, software acquisition and Information System maintenance become easier to the company

Currently each SME is adopting Information Systems in terms of Supply Chain Management (SCM), ERP, and CRM etc. It helps the company to deal with its operational and functional activities for gaining commercial success in terms of economic profit (Dubey et al., 2017). The feature of ACs and GCM system implies that, in order to increase the managerial capabilities of the activities different organizations possess different management approaches. Each business has GCM but all companies do not possess proper ACs. 

In the project initiation and requirement phase, all the security standard and system control approaches are needed to be incorporated by the project executives. It is observed that Woolworths follows best of the standard security approaches to keep their Information system secured from external attackers. Information Security is concerned with integrity, confidentiality, integrity of data (Jacobs, Chase & Lummus, 2014). The security standard used by the company is followed by ISO 17799:2005 which contains the following components:

Security policy: The security policy control of Woolworths addresses proper level of management support, commitment and path towards the accomplishment of Information Security objectives. The IS document or policy statement governing the security objectives of the company (Abunar & Zerban, 2016). Through assigning both ownership and review schedule the commitment of the company to its Information Security is established.

Asset management: This policy standard for asset management is also adopted to make sure that introduction, transfer, removal or even disposal of any asset will not be conducted without authentication.

Access control: Woolworths has enough server security features, due to the application of technical advances none of the unwanted user will be able to access the server without authorization or permission.

System development and maintenance control: This standard addresses the ability of Woolworths to make sure its information system security and maintenance (Martinez-Jurado & Moyano-Fuentes, 2014). Cryptography, system integrity are the application followed by the company to track, evaluate and verify system requirements.

Comparison between General Management Control (GCM) and Application Control (AC)

Communication and operational management:  It ensures the operations of the assets are conducting towards correct direction. This security and control policy deals with capacity planning, duty segregation, network management etc.

The organizational structure of Woolworths Limited contains board of director, management board, management committee members and employees and all the stakeholders are responsible to analyze the possible risks (Dubey et al., 2017). Based upon that IS related risk management and contingency planning should be developed by the company. For managing risks the practical applications on IS to be incorporated are as follows:

Reliability: In order to ensure the consistency of the information the IS used by Woolworths should have to be reliable.

Confidentiality: It restricts unauthenticated data access from the users end.

Availability: Ensure that all necessary data are available to the users (Martinez-Jurado & Moyano-Fuentes, 2014)

Integrity:  It provides collective accuracy and consistency of stored information

Security:  Uses application firewall and DMZ to prevent information theft

For gaining competitive advantages and commercial success in the market place, proper contingency planning phases are necessary to be acquired. In order to process the business operations, Woolworths put in place a Management Control (GMC) that helps it to assess the performance of all the available resources (physical and human). In order to keep the data safe from unauthenticated access the developed contingency plan for Woolworths should maintain the following steps:

• Defining business goal to maintain organizational operations
• Identification trigger
• Considering related source restriction
• Identifying operational and functional inefficiencies
• Determining risk recovery and prevention methods

Lack of advanced technology based operations and functionalities a company may face different Information Security threats or vulnerabilities such as:

• Technology with a weak security
• Social media attacks
• Third party entry
• Negligence in proper IS configuration
• Lack of encryption
• Corporate data theft

Social engineering is referred to as another tool that helps organization to keep their data safe from the external assaults. Different available tolls those are expected as can minimize security threats are as follows:

• IT asset management
• Audit plan and processing
• Software license compliance
• Disposal of end-of –life hardware
• Network access control

Among all these above mentioned tools audit planning and processing are the two very important activities to be considered by Woolworths to gain commercial and competitive success (Jacobs, et al., 2014). After analyzing the basic requirements and resources the company should develop their audit plan. It is the responsibility of the project manager and finance manager to gone through a feasibility study to understand whether the business outcome will be beneficial or not. For achieving accurate finance report and business objectives, proper audit planning for each of the IS components are necessary and at the same time that must be processed properly (Abunar & Zerban, 2016). Standard audit plan will safeguard the data quality and also will reduce the total investment cost. Woolworths has a secured SCM system that

Security standard and system control approaches

Conclusion

From the overall discussion it can be concluded that, with the help of Supply Chain Management Information System (IS), revolutionary changes have brought in Woolworths Limited. The company has also invested over 60% of their total investment to control the applications. Considering the business components of Woolworths, it has been found that Information System technology can eventually produce organizational substitute, capital and labor. Information system has the ability to automate the process of production with lesser amount of capital. The current technological era, defines that Information System is one of the most widely used advanced technological excellences that has turned Woolworths Limited’s business from manual to an automotive. The IS security model should follow standard control approaches. Different

References

Abunar, S.M. & Zerban, A.M., (2016). Enhancing Accounting Information Systems to Facilitate Supply Chain Management between Supermarkets/Suppliers: The case of Saudi Arabia. Journal of Accounting & Marketing, 5(2), pp.1-7.

Brandenburg, M., Govindan, K., Sarkis, J., & Seuring, S. (2014). Quantitative models for sustainable supply chain management: Developments and directions. European Journal of Operational Research, 233(2), 299-312.

Denolf, J.M., Trienekens, J.H., Wognum, P.N., van der Vorst, J.G. & Omta, S.O., (2015). Towards a framework of critical success factors for implementing supply chain information systems. Computers in Industry, 68, pp.16-26.

Dubey, R., Gunasekaran, A., Papadopoulos, T., Childe, S. J., Shibin, K. T., & Wamba, S. F. (2017). Sustainable supply chain management: framework and further research directions. Journal of Cleaner Production, 142, 1119-1130.

Fernie, J., & Sparks, L. (2014). Logistics and retail management: emerging issues and new challenges in the retail supply chain. Kogan page publishers.

Jacobs, F. R., Chase, R. B., & Lummus, R. R. (2014). Operations and supply chain management (pp. 533-535). New York, NY: McGraw-Hill/Irwin.

Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.

Martinez-Jurado, P. J., & Moyano-Fuentes, J. (2014). Lean management, supply chain management and sustainability: a literature review. Journal of Cleaner Production, 85, 134-150.

Monczka, R. M., Handfield, R. B., Giunipero, L. C., & Patterson, J. L. (2015). Purchasing and supply chain management. Cengage Learning.

Qrunfleh, S., & Tarafdar, M. (2014). Supply chain information systems strategy: Impacts on supply chain performance and firm performance. International Journal of Production Economics, 147, 340-350.

Singhry, H. B. (2015). An extended model of sustainable development from sustainable sourcing to sustainable reverse logistics: a supply chain perspective. International Journal of Supply Chain Management, 4(4).

Snyder, L. V., Atan, Z., Peng, P., Rong, Y., Schmitt, A. J., & Sinsoysal, B. (2016). OR/MS models for supply chain disruptions: A review. IIE Transactions, 48(2), 89-109.

Stadtler, H. (2015). Supply chain management: An overview. In Supply chain management and advanced planning (pp. 3-28). Springer, Berlin, Heidelberg.

Whyte, G. B. (2016). The relationship between sustainable supply chains and economic success in the retail clothing industry in South Africa (Doctoral dissertation).