The bid proposal is being requested for John Dough.
John Dough is a locally owned chain of pizza stores that operates a hybrid franchised and company-owned store model. Some stores of John Dough are fully owned while others are owned and operated by separate entities. Irrespective of the ownership, John Dough has some stringent Pizza Operations Policies and Guides. Lately, the company has become popular for its innovative online ordering system. It is being highly appreciated by the franchisees as the system developed saves them much of the work by automating the entire process of pizza ordering.
Work to be completed
The company is facing many issues in terms of security. An employee survey conducted in the year 2018 suggested that the ordering systems have been developed on legacy code and thus this system is becoming unmaintainable in a rapid way. A record of security breaches is there and thus it is needed that to work on the security issues and bring in some serious modifications in this context.
John Dough has 3 companies stored in the Perth CBD and apart from that has 5 franchise outlets in the surrounding suburbs. It is thinking of expanding to Adelaide and Alice Springs. The main strategy of the company is the growth of its franchise business in various regions. The five-year goals of the firm include the following:
As mentioned above, the company has faced many security incidents and all of these can be linked to the problems associated with information security. There are no such backup systems available if the primary services get hindered, traditional software and legacy code, lack of proper authentication practices, issues with the web application, and storage of consumer credit card details in the main database without encrypting it. The main threats that have been identified in the case of John Dough are as given below:
|
Threat Type |
Threats |
Description |
|
Software attacks |
Viruses, Malware, Worms, and more. |
With the legacy software being used and no proper authentication measures in place, John Dough’s website is an easy target for cybercriminals. Malware refers to the general term that takes under its purview all software been developed to cause harm (Ali, 2017). Viruses can go to affect computer systems one after the other. Worms do not require its victim to even access the files (Hasan, Hussain & Ullah, 2019). Without that, it can just run and spread itself to other computer systems. |
|
Theft of intellectual property |
Unauthorized copying over the internet, hacking, internal threat |
As there is no such security measure in place to check who is accessing sensitive data, unauthorized copying and hacking can be the reason for heavy losses at John Dough. Information systems being used are also at risk of insider threat that is from disgruntled employees. |
|
Information extortion |
Ransomware |
A ransomware attack is a concern as well because John Dough is still functioning on legacy systems (Humayun et al., 2021). |
|
Theft of information |
Spoofing, sniffing, unauthorized access, and more. |
With no such modern security measures in place, the company is vulnerable to spoofing and sniffing attacks as well. It will be easy for attackers to impersonate another person or intercept network traffic with outdated systems and almost no measures in place (Gl?van et al., 2020). |
The network of John Dough has encountered rapid growth and is largely cobbled together. The structure of this network is driven by the legacy of the company and the prime focus on this network is to develop solutions that drive online Business to Consumer pizza ordering and various processes of Business-to-Business. It is only focusing on driving pizza ordering rather than on securing the platform and the other processes of the firm.
The main aim of this project is to address the security pitfalls and come up with a proper security infrastructure for the company. It is understood that the company needs to bring in serious changes in terms of security thus the result of the project is enhanced security measures at John Dough.
The security issues that will be addressed in this project are software attacks and theft of information. This is because the 5-year goals of the company include the goal of reaching remote geographical locations that are possible utilizing a proper online presence. Addressing these issues will mean securing the online website of the company and thus helping it achieve one of its long-term goals. This again will also support it in its venture of becoming the number 1 pizza delivering company.
Once these security issues are addressed the other projects that can be taken up in the future can be addressing the issues of not having a proper backup system. This is much important in the age of information systems because without this there are high chances of losing data permanently. This project again has to be undertaken as soon as possible.
Many ethical issues are to be addressed such as customer credit card details is being collected without proper encryption. This sends a message that the company is least bothered about the privacy of its customer data. This can affect its brand image and be the reason for its downfall in the coming days. The security of the website has to be enhanced and this that is techniques of encryption aesthetically added.
Sticking to the legacy system, the company has made itself an easy target for cybercriminals. Hence, here the security issue that has to be handled on a priority basis is that of software attacks. The online website of the company is associated with its 5-year plans and thus securing the same is of utmost importance.
The threat landscape is as mentioned in table 1 above. Certainly, the reason behind growing threats is the poor management at John Dough and hence sincere restructuring of the management needs to be done.
As already said that there are many pitfalls and the most important one is the lack of proper governance. The employees of the firm make it clear that the workforce is not involved in projects which is the reason why they are clueless about upcoming projects. The R&D team is rushing out proof-of-concept products that also include technology.
There is no such policy or procedure in place and the company can think of adhering to frameworks such as NIST. By adhering to this framework, John Dough can be specific about the various standards, guidelines, and associated best practices for the management of cybersecurity risk (Calder, 2018).
Task List
|
Task No. |
Task |
Products or Services Needed |
Delivery Date |
Estimated Cost |
|
1 |
Research on security measures |
Internet connection to carry out the research |
31st March 2022 |
$ 5 |
|
2 |
Assessing current infrastructure |
Cooperation from the company |
12th April 2022 |
$ 100 |
|
3 |
Final proposal |
Documents and reports of the firm |
17th April 2022 |
$ 10 |
|
4 |
Design of the new network |
3D designers |
21st April 2022 |
$ 700 |
|
5 |
Implementation of the new network |
Human resource, hardware, and software |
31st December 2022 |
$ 5000 |
John Dough is not a large company and thus there are budgetary constraints in this project. It has to be specific to sponsors. Estimation needs to be done using proper methods so that the project gets the maximum advantage of proper estimations. Expected costs can be outsourcing some more experts to address the difficult situation and investing heavily in network equipment. There are some contributing expenses as well to total cost such as spending on clients when presenting them the proposal. Again, the website of the firm can be said to be developed with minimal features thus adding additional features apart from just the security ones can add to the cost of the project. The company needs to be specific with the budget and thus there is a demand for using modern project management software that can help it in scheduling, monitoring, tracking, and more. Doing so will mean keeping a proper track and being specific with updates. Here as well deploying a project manager and using new software will add to the cost of the project. But then there is no other option when delivering quality is the only alternative. Finances can be managed by someone exclusively appointed for doing so. The company can also carry out benchmark analysis to figure out requirements of the projects taking examples for similar such projects.
References
Ali, A. (2017). Ransomware: A research and a personal case study of dealing with this nasty malware. Issues in Informing Science and Information Technology, 14, 87-99.https://iisit.org/Vol14/IISITv14p087-099Ali3400.pdf
Calder, A. (2018). NIST Cybersecurity Framework: A pocket guide. IT Governance Publishing Ltd.https://books.google.com/books?hl=en&lr=&id=rWxvDwAAQBAJ&oi=fnd&pg=PT9&dq=nist+framework+for+cybersecurity&ots=qZk57Zxovh&sig=kFCP-d-A-HeDOScxnEZmXxu_11k
Gl?van, D., R?cuciu, C., Moinescu, R., & Eftimie, S. (2020). Sniffing attacks on computer networks. Scientific Bulletin” Mircea cel Batran” Naval Academy, 23(1), 202A-207.https://search.proquest.com/openview/b63d00161937ba015202a7fde9ba6f9d/1?pq-origsite=gscholar&cbl=2036237
Hasan, M. Z., Hussain, M. Z., & Ullah, Z. (2019). Computer Viruses, Attacks, and Security Methods. Lahore Garrison University Research Journal of Computer Science and Information Technology, 3(3), 20-25. https://lgurjcsit.lgu.edu.pk/index.php/lgurjcsit/article/view/80
Humayun, M., Jhanjhi, N. Z., Alsayat, A., & Ponnusamy, V. (2021). Internet of things and ransomware: Evolution, mitigation, and prevention. Egyptian Informatics Journal, 22(1), 105-117.https://www.sciencedirect.com/science/article/pii/S1110866520301304
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download