Google Pay
We accept Google Pay - it is a fast and convenient contactless payment method supported by any device
it is a fast and convenient contactless payment method supported by any device

Stawa Grocery Stores

Stawa Grocery Stores, Vulnerability Assessment Plan

Asset list and valuation

The company will be selling different products. All the products from the store will be food products. The customers will be provided with after sales services which include how to cook the uncooked products, how to store, and transport them. The products offered will include beverages, vegetables, breads, tomatoes/potatoes/sweet potatoes, onions, snacks, etc. The estimate stock will cost about $ 2 million.

Physical asset

The store needs a number of physical assets which will assist in running of the business. Physical asset required will cost about $ 5 million. The asset required include chairs to be used by workers and customers, windows, doors, refrigeration equipment, vehicles, motor bikes for transportation of products, uniform for workers and cooking equipment among others. Vehicles will be used to deliver products to customer and during the transportation of raw materials.


The building needed should include the store and staff quarters. The store should include about three rooms, one of which will be an open big room for shopping. It will be a supermarket in which the customers serve themselves and take the product to the cashier for payment. The other two rooms will be stores to keep the excess stock and the staff room. The customers can be shown how to use the product while staff can use the room to change their cloths before and after work. The offices should be located nearby the stores. The offices should be in a large building divided into different rooms. All departments should have their own staff room. General manger and other department managers should have their own offices.

Office furniture

The business requires office equipment which will facilitate its growth and will ensure prosperity. The needed office equipment includes fully installed computers with internet connectivity, office chairs, dispensers, office saloon cars and telephone or communication media among others. The estimated cost of office equipment is about $ 5 million. In order the services to be provided to customers effectively and with minimum risk those facilities should be available.


The inventory for the stores will include book keeping records, accounting facilities and auditors equipments like calculators, books for records etc. Auditing and accounting services will be outsourced, so the company does not need a lot of inventories.

Raw material

Little raw materials will be required, since most of the products will be bought ready for sale. Things like cakes and snacks will be baked and this will require fats and baking materials. Other products, like greens, will be bought from plantations. Suppliers will be requested to supply the products after harvesting.

Human assets

There are individuals who will be working in the stores. They will be employed according to their academic and professional qualifications. The following individuals will be employed to fill in the following vacancies: security personnel-  4 security officers, sale and marketing staff - 10 people, 1 general manager and 2 operations and business development managers, 10 cashiers, casual workers that will assist in offering after sales services - 20,  drivers and riders - 4,  and around 30 customer attendants. Some of the services like guarding, cleaning, auditing and maintenance will be outsourced and the company providing the service will take care of its staff.

Information technology assets

The information technology facilities will include computers, hard dicks, mobile phones, internet connections, printers and door locks. In the offices the doors will be set electronically. Computers will have passwords because vital information will be stored on them and when altered will cause loss. The accounts will only be accessed by directors and top managers which will reduce cases of fraud.


The hardware includes flash dick, desktops, memory card and modems. Those hard disks will be assigned to different offices and employees. Each person will be responsible for everything assigned to his/her office. In case of damage or lose of an item the assigned person will replace it.


Software is the information stored on the hard disks and computers in different offices. It includes accounting sheets, bank account details, the government certificate for the business, tax pin and other money invoices paid for paper work. The information is contained on different hard disks and in the managers` mailboxes. The information is stored in the mailboxes to prevent virus corruption because the hard disks can be corrupted, hence the loss of the information can occur.


The data collected shows the availability of the targeted customers. The data shows that most of the customers will be ladies, few single men and college students. The data shows that the business will need at least three to five month to start generating much profit.

Threat identification

There are different threats for the business which are likely to occur. The time for the threats to occur can not be predicted since it can occur any time of the day. Natural threats that can occur include earthquakes, electrical storms, tornadoes, landslides, floods and fires. Some customers will need to be shown how to cook the greens and vegetables and this can result to fire causing great damage. Human threats include theft, data information access, fraud, forgery, employees` strike, loss of information, corrupt data, the risk of the hard disks being diagnosed with a virus and stealing. Workers may strike and refuse to attend their jobs and this will make the business stop. Communication failure can also affect the business. There can be network failure and this will lead to barriers in communication. Online business needs internet and in case of internet failure it means the customers will not get their products or the online business will not exist. The business can encounter environmental threats which include long term power failure, air pollution and leakage of gases which can damage the products in the store. There are some dangerous chemicals which when mixed with food products can damage them.

Venerability impact scale matrix






Natural threat: Earthquake, flood, tornadoes and lighting

They occur naturally and can not be predicted.

It will result to loss and death of workers and customers. It can lead to closure of business


Man made: Theft, fraud, strike, fire, computer virus and information insecurity.

Those threats will be caused by workers or outsiders. Thieves can steal the products or the workers can present information to public and this will put business security at high risk

It can lead to dismissal of honest employees and will cause loss to the company.


Environmental threats: pollution, chemical leakage, and bad weather.

Can not be predicted. They can be natural or manmade.

Can lead to disclose of the business due to huge losses.

Analyzing Information Technology Threats and Vulnerability Resources

There are different forms of risks that face information technology in the business. The risks include loss of password, counterfeit, information corrupted by virus, loss of confidentiality and fraud. Many employees disclose the information to the public and this makes the public interested to counterfeit the business. The risks can occur any time if the employees are not educated on how to improve security measures. The employees can be sweet-talked by members of public in order to disclose vital information concerning the business systems. This can occur when the employees are in need of money so they get a bribe. Stealing of passwords and counterfeit can be done by employees. In many cases when employees are denied allowances they tend to loose their moral values and find out ways to get what they wanted. The employees may decide to use another party in order to access the system and defraud the business. When an employee interferes with business records he/she can corrupt the hard disk with virus in order to delete the information. Hackers are always sending virus through emails to systems, and they can send virus to the offices` computers and all the information will be lost.

Risk calculation

The risk will have different impact on the business.  Risks can have low, moderate or high impacts. The high risks can lead to closure of the business and the low risks can be mitigated within the business by workers. Low risks include theft, earthquakes, floods, tornadoes and they can be mitigated. The likelihood of the low risk to occur is rare. Moderate risks include theft, denial of access, alteration of password and accidents. This kind of risks can cause little harm to the business and the loss can not affect the operations of the business. High risks include chemical leakage and can cause the collapse of the business.

Risk assessment

The stores are located in the city and theft can occur any time, since there are many criminals hanging in cities. Risks like earthquakes, floods, and tornadoes do not have high risk of occurring since the city is located in the position which prevents natural disaster from occurring. Other risks like strikes, accidents, fire and collapse of building have possibility of occurring. In the city there are many high buildings, and they can be bombed by terrorist and then collapsed which would destroy the business building.

Risk mitigation

Physical security measures should be employed in the building. Security guards should guard the entry and exit of the store. Areas around and inside the stores and offices should have CCTV cameras for monitoring. The information technology department should keep the passwords to access the information in safe and secret places. The computers should have antivirus programs. Earthquake absorbers should be placed on top of the building. Fire extinguishers should be available in all corners of the building. Employee should be trained on how to use fire extinguishers and other security measures. Security policies and procedure should be implemented and observed by all employees.

Creating baseline

Security operation should be contacted and improved by security department. Employees should report insecurity incidents to the security officers. In case the police is involved, the security officers should report the incident to the police for further investigation and prosecution.

Mitigation decision matrix by Information Technology Resource




Reference code


Natural threat: Earthquake, flood, tornadoes and lighting

The following procedures will assist in mitigation

Work plan procedure, environmental concern procedures, outsourcing services procedures and response procedures.

SA/SCO/S 200


Manmade: Theft, fraud, strike, fire, computer virus and information insecurity.

The procedures to assist in mitigation include:

Employee contact procedures, third party procedures, system procedure and network procedures.

SA/SCO/S 201


Environmental threats: Pollution, chemical leakage, and bad weather.

The procedures include: time plan procedures, facilities procedures and personnel procedures.

SA/SCO/S 202

Monitoring and #8195

Security systems should be monitored by security department. Security officers should ensure that the CCTV is in good condition daily. All employees should take care of the business property and report any incidents of dishonesty. The password to computers should be kept in secret and be used only by the authorized staff. The information concerning the company`s account should be accessed by few individuals.



All the equipments in the building should not be taken out without notice or permission of senior managers. Individuals should make sure all equipment is repaired and in case of damage replacement should be done.


They should not be taken out of offices without permission of senior managers. They should be kept closed to prevent dust build-up. Antivirus programs should be updated when they expire. Maintenance should be done by IT specialist and those concerned with computer repair. Damage or loss should be reported immediately. Laptops should not be carried home; they should always remain at work place.

Mobile Devises

Mobile devices should not be moved out of the building unless in case of repair. They should be recorded and checked on daily bases.


The network should be used by the workers only. The network should be paid in time to avoid network failure. In case of network failure the network company should be notified within the shortest time possible.


Wireless equipment should be kept safe and in case of failure the installation company should be notified within the shortest time possible.

Equipment disposal

All expired equipment should be disposed. It should be burned in a compost pit within the compound. Disposal should not be taken out of the compound but should be burned under an employee’s supervision.

User Access

All employees should keep the access to their office in secret.

Establishing, Updating and Terminating User Access

User’s access will be established at the beginning of his/her career in this company and updated every two months. When a certain employee resigns or is dismissed the user`s access will be changed. In case of security breach user`s access will be changed.

Password policy

All passwords should be eight digits long. They should be changed every two months and in case of employee`s dismissal or resignation the password should be changed.

Access Audit Requirements

Access audit should be done twice per year by external and internal employees.

Access Monitoring

Access monitoring should be done from the main office. Access monitoring room should be out of bounds to all people not working in the monitoring office. All equipment in monitoring office should be maintained and repaired.

Internet and E-mail Access Standards and Guidelines

The social network sites like Facebook and others should not be logged into during working hours. All emails should be sent and read by the authorized departments.

Software security policy

Software should be always installed and updated in computers.

System and application authorization

All systems should be used by authorized personnel.

Data security standards and guidelines

Data should be installed and kept in the general manager’s office. All information concerning workers should be in the HR office.

Database access

Data will be accessed by authorized personnel, and people working in various departments will handle data in their departments.

Building access

Customers will be using entry door and exit points when coming in and out of the stores. Workers will use the parking free of charge and they will enter the building using back door.

Security awareness and training

Employees training on security matters should be done at least three times per year.

New employee hiring

Vacancies should be announced and the applicants should be short-listed by human resource manager. Interviews should be conducted and those who pass them should be employed. Casual workers do not need to have interviews, as they will be employed on daily bases.

Termination of employment

Termination of employment will occur when an individual is engaged in criminal activities. In case of misconduct in working place one should be given a warning three times and at the fourth time he/she will be dismissed.

Third party interaction

Customers should be treated with respect. Information about working procedure should not be disclosed to the members of public.


Purpose and Scope

The business will provide food products in the shopping area and online. All customers will be treated in the same way and those who shop online will be provided with free shipping.

Objectives and Assumptions

The company will operate with an objective of providing services to customers worldwide. It will provide high quality and standard products to consumers.

Incident classification

The business can encounter natural, manmade and environmental threats.


Earthquake, flood and fire may occur and destroy the building, causing great damage to the business.

Recovery team

In case of any danger, the security officers will be informed to find ways of responding to the incident. In case of fire and distraction of building, contractor will be informed to respond. In case of power failure, the electric company will be informed to repair the damages.


Fire brigade will be contacted in case of fire, police will support in provision of security through patrolling around the area. In case of an accident Red Cross will respond and take care of the victims.

Roles and responsibilities

All organizations will be assigned different roles, and they will get assistance from the company’s staff. Fire brigade will deal with fire cases; health centers will treat sick employees and determine health conditions of employees before being employed.

Vendor and off-site facilities

There are things which cannot be purchased and they will be outsourced. Tractors and heavy lorries will be outsourced from transport provider companies.

Emergence and Restoration Procedures

In case of emergency, staff should assemble at emergency point to take roll call. In case of missing employee, administration, police and family should be informed.

Incident response escalation procedures

In case of fire all doors should be open and people should use the main exit and then assemble to the emergency point.

Recovery initiation

In case of loss, prevention unit should follow up and make sure recovery is done. In case of theft, recovery team should make sure that the person who took the property returns it.

Scope and feasibility

Loss should be recovered within the shortest time possible.

Recovery testing

Auditing should be done to make sure that the records are updated and nothing is missing.

Post-mortem analysis and feedback

After recovery, auditing and assessment of operation should be done to make sure that business is effective.

Disaster prevention

Fire extinguishers and earthquake absorbers will be installed in the building to prevent disaster. Security personnel will be alert to deter intruders.

System procedures

All systems should be updated and checked on daily basis to ensure they are in good conditions.

Data procedures

Data should be stored on the company`s hard disks and remain secret to employees of each department. It should be changed when changes occur in the workplace.

Personnel procedures

All personnel should keep company`s information in secret. Personnel working for the company will be employed according to his/her experience and academic qualifications. All personnel will be dismissed in case of misconduct.

Monitoring and feedback

When a new product or system will be introduced it should be monitored within three months and feedback records should be made. New employees should be monitored and evaluation of their work should be done within three months.


Hardware/Software/Network/Physical security

Hardware and software should be acquired from manufactures. The papers will be purchased from paper companies next to the building and offices. Other devices like hard discs will be purchased from Computer and Electronic, Icn. Network will be provided through optic wire cable and will be installed upon payment of $100,000 to the Internet Provision Company. Physical security will be provided by four security officers and contracted guard force from G4S Security Company. Devices like CCTV and electronic doors will be installed. About $ 500, 000 will be provided to purchase those items.

Piracy and International Supply Chain Motivation for Sex and Outcomes
Related essays
to our service and get 10% from every order
Chat with Support