Reference no: EM132507859
Case Study: Online Grocery Business: The Case of ASDA.com
Write a policy about Acceptable use policy
Stakeholders and Connections
• The ASDA.com is a subsidiary of Wall-Mart and uses their "Retail Link" system for managing goods inventory, suppliers, ordering and customer purchase history records
• Customers and potential customers
• Suppliers of goods
• Software development company (let's assume that software development is outsourced to one provider)
• IT Services providers:
oData centre, web-hosting and central systems management provider oIn-store technical support provider
• External software and systems security consultants and penetration testers
• Bank for credit card verification
• Authorities in the sense that the company must follow laws and regulations
• Others: competitors, insurer
Business Processes
There are many business processes involved. Here is a list of some identified processes:
• Web-orders processing, including:
o Manage shopping cart and checking availability oCheckout: Payment and Invoicing oPicking of goods and packaging oDelivery of goods
• CRM:
o Customer support
o Online and phone support for inquiries and complaints oCustomer details management
–Create accounts oMarketing
• Supply chain management / "Warehouse" management oOrders are picked in the local stores
o Local store stocks and goods ordering is management by Wall-mart's "Retail Link" oSales forecasting oStaff roster management
• Reporting:
o Financial reporting, tax reporting etc.
Risks and Threats
Examples of Risks:
• Web-site defacement
• Change of critical information like the pricing of good
• Web-site unavailability due to oan DoS attack oan uncontained intrusion ophysical security problem ohardware or software problem ooverloading (out of resources)
• Customer information leaks (insider and external)
• System information leaks (insider and external)
• Company information leaks (pricing, salaries etc.)
Possible vulnerabilities:
• Poorly written and tested production software with security holes
• Unwanted malware
• Insider access to critical resources
• Weak authentication and authorization mechanisms
• Weaknesses at business partner's or vendors systems and attacks through their systems
• Unsecured physical resources
• Single points of failure (HW or human)
Possible exploitations:
• SQL Injection
• Cross-site scripting
• Remote code execution
• Malicious (proprietary) software manipulation
• Rogue wireless access points
• Wire-tapping (SW or HW)
Many more exists, but this list should get you started.
Attachment:- Online Grocery Business.rar