Get help now
  • Pages 9
  • Words 2182
  • Views 417
  • Download


    Verified writer
    • rating star
    • rating star
    • rating star
    • rating star
    • rating star
    • 5/5
    Delivery result 2 hours
    Customers reviews 339
    Hire Writer
    +123 relevant experts are online

    An information security risk assessment of Topshop retail Essay

    Academic anxiety?

    Get original paper in 3 hours and nail the task

    Get help now

    124 experts online

    Top Shop

    IS Audit Report


    Executive sum-up

    Case Background


    Audited account program

    Audit Plan Framework

    Interview Questions & A ; Documents



    Executive sum-up

    An information security hazard appraisal is a go oning procedure characterized by detecting, rectifying and forestalling security jobs. The menace appraisal is an indispensable portion of a hazard direction pattern designed to supply suited degrees of security for information systems. An information security hazard appraisal is a constituent of sound protection patterns and is needed by the Commonwealth Enterprise Information Security Policy ( Davis, 2011 ) . The hazard appraisals and interconnected certification are besides an of import portion of conformity with Health Insurance Portability Accountability Act security criterions.

    A Risk appraisal will help each bureau make up one’s mind the tolerable degree of hazard and the eventful security demands for every system. The bureau so be after execute and analyze a set of security steps to turn to the degree of known hazard.

    The Executive drumhead study outlines the important security exposures that pertain the larceny of recognition card informations which is an information security hazard associated with Top store retail ( Gillies, 2011 ) . The hazards and exposures indicated in this audit study that is related to the following cardinal countries:

    1. Probable larceny of informations through use of card reading at the Point of Gross saless systems
    2. Probable breaches within the Top store retail company’s web
    3. Probable larceny of information from company waiters
    4. Each section as outlined indicates audit aims to be met in order to guarantee Top Shop Company is in the full conformance with the set criterions and ordinances. All parties anticipate rigorous conformity during the audit procedure where important inquiries will be answered in an honorable manner and supplying any back uping certification for the appropriate aims will be gettable one time requested.

    Recommendations have been offered with expected conformity from Top Shop retail to guarantee the security of its current systems and information, every bit good as information associating to its clients.

    Case Background

    Top store retail is a Britain transnational manner retail merchant of vesture, places, makeups and accoutrements. The Top Shop has about 500 shops globally in which around 300 stores are located in the UK plus on-line operations in a figure of its market. The Top Shop started as a trade name extension of the section of shops which ab initio sold manner by immature British interior decorators. The Top Shop expanded quickly because it changed its name to Top Shop which resulted in increased gross revenues and doing high net incomes ( Vacca, 2012 ) . To helped keep and managed its diverse scope of ironss and clients. Top store used a figure of Security Information System to help with the undertaking. The employed information systems include:

    Top store embraced widespread of the web throughout the offices, where all the computing machines were linked to one cardinal point. One director is installed at the waiter office to supervise all the linked systems in it. Top store being a largest store that sells extremely rated apparels embraced this sort of security method where the general screen being installed in an unfastened topographic point leting real-time monitoring of stocks from different locations.

    Point of sale system that allows over the antagonistic dealing and monitoring assorted types of goods where top store employed three types of security systems ;

    Directors from different locality had point of gross revenues installed on their computing machines to assist them pull off bing stock values, pricing, and locations

    Check out point to manage the minutess, monitor the flow of stocks and how they are being sold or refunded.

    Directors have other staffs installed at the door to counter look into the existent gross revenues with the reception produced by the system. This helps to cut down the happening of live minutess that lead to loss of merchandises ( Whitman, 2011 ) . This audit study chiefly focuses on top store blink of an eye check-out procedure point of sale which is a recognition card based system. Top store has several points of sale terminuss that are linked to one cardinal server operated by a senior director in the organisation. The waiter serves as a temporally cache where information are sent from the card reader, decoded and immediately compared with the Top Shop records before it is re- encrypted and forwarded through a secured cyberspace connexion to the appropriate fiscal point. Each system installed on a peculiar system as a card reader handles the undermentioned primary maps.

    1. The system can read the inside informations on the recognition card
    2. The system can formalize recognition card inside informations
    3. The system is able to roll up recognition card inside informations
    4. The system is able to have dealing inside informations.

    The system is able to publish dealing inside informations such as list of points purchased, information such as clip and day of the month the purchases took topographic point.


    Hazards being the major menace for top store retail store that is much known for being vulnerable to major menaces in its twenty-four hours to twenty-four hours operations ( Vacca, 2012 ) . Weak hazards countries include ;

    1. Hazards of device fiddling that may take topographic point at the point of fabrication, where the deduction causes exceeding loss of client information and impact multiple concerns that rely on the maker for the units. The affected concern and the maker will lose its repute due to the loss.
    2. Device fiddling at the concern storage that could do a company lose its repute from the loss of several customers’ information and exposes defects in the company patterns that are deemed helpful.
    3. A Point of sale use with the company systems, Point of Sale fiddling would do loss of customer’s information, exposes the clients to important hazards and finally loss of concern repute.
    4. A Broken web that causes loss of client information from the system that would do loss of repute and finally loss of its clients ( Montesino, 2011 ) .
    5. Compromised mistakes that may do a large loss of client information exposes hazards in the company web system taking to loss of company good repute.
    6. Open waiters that may do loss of customer’s information, loss of the Top store most sensitive information and besides leads to loss of company repute.

    Audited account program

    An audit program is the specific guidelines to be followed when carry oning an audit that helps the hearer to obtain appropriate grounds that are sufficient for the fortunes.

    Audit Area


    Gadget card readers

    1. Make certain all component functionality is tested once they are received.
    2. Make certain all elements are biddable with appropriate criterions & A ; patterns
    3. Make certain proving country has proper protection and anti-virus scanners

    Device use bar

    1. To do certain proper staff segregation of responsibilities are enforced
    2. Ensure appropriate security actions are in topographic point such as restricted forces entree
    3. To do certain all storage location is adequate for high hazard things
    4. To inspect how device is installed at point of sale

    Top store Company web

    1. To verify watchwords used is valid and working
    2. Make certain traffic cheque is in usage to detect for fishy information
    3. Make certain proper security protocols and patterns in topographic point such as:
    4. Anti virus
    5. Staff entree limitations
    6. Verify how external thrusts such as brassy thrusts are treated and if processs are in topographic point to debar infections from distributing

    Top store retail


    1. To do certain watchwords used is valid and working
    2. Make certain proper security protocols and patterns in topographic point such as:
    3. Anti virus
    4. Staff entree limitations
    5. Verify how external thrusts such as brassy thrusts are treated and if processs are in topographic point to debar infections from distributing
    6. To do certain proper staff division of responsibilities are enforced
    7. To do certain proper waiter segregation is enforced.

    Audit Plan Framework

    The International Accounting Auditing has taken stairss to develop a model for Audit Quality that articulates on the inputs and end products factors that contributes to scrutinize quality at the battle. Linux audit model because it helps do the system more secure by supplying a agency to analyse what is go oning on the system in great inside informations every bit good as an assistance in writing/implementing new Information Technology control systems ( Whitman, 2011 ) .

    Linux audit model is able to supply the undermentioned characteristics doing it good suited for this scrutiny including:

    1. Capability to supply the requested party with audits sentiments.
    2. Defines aims and ways they can aline with company ends.
    3. Gratify statutory demands

    Interview Questions & A ; Documents

    Audit Objective

    Asked Question /Evidence collected

    Make certain all constituents functionality is tested one time received

    Stairss used to prove functionality

    Demonstrate testing

    Make certain all constituents are conformable with important criterions & A ; patterns

    1. Demonstrate how the unit is conformable with criterions & A ; processs
    2. Ask for conformance studies
    3. Stairss taken to do certain unit is in conformance.

    Testing country has proper protection such as anti-virus scanners

    1. Show reports sing protection used in proving country along with their characteristics
    2. Show what protection is in topographic point
    3. Demonstrate whether if the protection maps as intended

    Appropriate staff division of responsibilities are imposed

    1. Provide list of staff and their entree topographic points
    2. Ask staffs indiscriminately about their entree topographic points
    3. Get list of whom has entree to countries of high hazard

    Suitable security actions are in topographic point such restricted forces entree

    1. do certain security steps are installed
    2. Exhibit such security is working as intended
    3. Present certification on installed security devices
    4. Provide offices layout of where appliances are located

    Storage location is sufficient for high hazard merchandises

    1. Inspect the type of security steps in topographic point
    2. Request for layout of storage room
    3. Staff entree logs to room

    Inspect how device is installed at point of sale

    1. Inspect how device is installed at the point of sale
    2. Requests for records on who has entree to device
    3. Security steps in topographic point to forestall use

    Authenticate watchword used is valid and working decently

    1. Question what patterns in topographic point to guarantee keys are valid, alone and secure
    2. Inspect who has entree to the key and what responsibilities they have
    3. Log study on old keys

    Traffic look intoing in usage to watch for fishy informations

    1. Methods in topographic point to observe fishy informations and how they are handled
    2. Traffic monitoring reports/logs
    3. Demonstration & A ; trial of how fishy information is dealt with

    Check how external media such brassy thrusts are treated and if steps are in topographic point to forestall infections from distributing

    1. Procedures in topographic point to manage external media
    2. Demonstration & A ; trial of how it’s handled
    3. What stairss are taken if virus is detected

    Proper waiter segregation is enforced

    1. Check waiter locations
    2. Ask what happens sing assorted scenarios to find if merely one or multiple systems are affected
    3. Check of waiter logs


    The followers is a listing of recommendations to chair, place or manage hazards indicated in this audit study.

    Device use:

    All constituents received should be suitably tested to guarantee no use has occurred and that they are usually working ( Montesino, 2011 ) . Any units established to hold deficient alterations or contain viruses would be obviously ascertainable and can forestall larceny of client informations. This makes it easier to pull back to where such jobs may hold come from.

    Storage The storage installation used to hive away the point of sale appliance should be well protected to forestall unauthorised contact with some staff or even foreigners ( Whitman, 2013 ) . These installations should hold cameras to watch the state of affairs connected with an dismay and forced staff entree that uses watchwords to log in. This makes it really easy to detect who has been in the shop country should any issues happen.

    Ready device

    As the contraption has been set up, the location should be accurately checked to do certain that no susceptible countries are present. For illustration, the exposure of certain parts could intend either a staff or client inconspicuously mismanage the device. Furthermore, the country should stay under supervising to enter discerning behaviors.

    Manipulated Network

    Appropriate security actions would do certain no suspected staff or outside entryway to transpirate on the web ( Zhu, 2011 ) . The achievement of a firewall would significantly restrict entree to merely authorised forces while anti-malware applications detect menaces inside to forestall possible information escape.

    Manipulated watchword

    A manipulated watchword would intend that any protected information if taken off from a waiter or web would be easy decoded and viewable. To relieve this hazard, the usage of a strong key is critical. However, this can besides be farther improved through the changing of the watchword after a definite clip.


    Server suites ; It’s fundamental that they remain good protected because they contain company critical information that is much sensitive ( Gillies, 2011 ) . Accurate steps that are able to scan for malware and firewalls would eliminate a batch of hazards ; conversely server separation would do certain that all constituents are individually kept.


    Maggs, d. ( 2012 ) . Topshop possible menaces. [ Online ] Available at: hypertext transfer protocol: // [ Accessed 16 Apr. 2015 ] .


    Davis, C. S. M. & A ; . W. K. , 2011.IT auditing: utilizing controls to protect information assets.s.l. : McGraw-Hill.

    Gillies, A. , 2011. Bettering the quality of information security direction systems with ISO27000.The TQM Journal,23 ( 4 ) , pp. 367-376.

    Montesino, R. & A ; . F. S. , 2011.Information security mechanization: how far can we travel? . In Availability, Reliability and Security ( ARES ) , 2011 Sixth International Conference.s.l. , s.n. , pp. 280-285.

    Vacca, J. R. , 2012.Computer and information security enchiridion. Newnes.s.l. : s.n.

    Whitman, M. & A ; . M. H. , 2011.Principles of information security.s.l. : Cengage Learning.

    Whitman, M. & A ; . M. H. , 2013.Management of information security.s.l. : Cengage Learning.

    Zhu, Y. W. H. , 2011. Dynamic audit services for unity confirmation of outsourced storages in clouds. In Proceedings of the 2011 ACM Symposium on Applied Computing. pp. 1550-1557.


    This essay was written by a fellow student. You may use it as a guide or sample for writing your own paper, but remember to cite it correctly. Don’t submit it as your own as it will be considered plagiarism.

    Need custom essay sample written special for your assignment?

    Choose skilled expert on your subject and get original paper with free plagiarism report

    Order custom paper Without paying upfront

    An information security risk assessment of Topshop retail Essay. (2018, Oct 22). Retrieved from

    Hi, my name is Amy 👋

    In case you can't find a relevant example, our professional writers are ready to help you write a unique paper. Just talk to our smart assistant Amy and she'll connect you with the best match.

    Get help with your paper
    We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy