Question

Part 2: Software security:
Assume you are performing preliminary security risk assessment.
1. The first step in performing a preliminary risk assessment is asset identification. List down three
assets you identify in an in-store automated supermarket shopping system when conducting
the preliminary risk assessment.
2. Identify two possible security risks associated with an in-store supermarket shopping system and
propose a system requirement that might reduce each of those risks.

Answer 1

Preliminary Security Risk

Security Risk Assessment

It is a Software Risk under the Security Risk Assessment. It is mainly used for identifying and understanding the risk to system and data. While performing Security Risk Assessment there are different stages of risk assessment which are performed throughout the Software Development Lifecycle.

Preliminary Security Risk

It is the Generic Risk that is applicable to the system. And here the stage is performing the adequate level of security at a reasonable cost.

The first step performing the risk assessment management system is asset identification.

In-Store Automated Supermarket Shopping System have many assets while conducting the preliminary risk assessment system.

Asset Identification mainly have

1. Asset Register.

It is the document that specifies all the places where you keep sensitive information.

The best way to identify assets is to interview asset owners. The asset owner is the individual or entity which is responsible for controlling the production, development, maintenance, use and security of an information asset.

So, in-store automated supermarket shopping system have the asset owner as the person who runs the supermarket who controls the entire system.

Here the supermarket may definitely have a production system which generate the items needed for customers.

The production of items may segregate according to the customers need or the relevant quantity of segregation can be done by this stage.

The place and the things should be properly maintaining for the customers use and mainly for the futuristic purpose.

All the goods should be used in a proper way and the security of things should also be monitored to avoid the misuse of things.

2. After finishing Asset Register, we have to find the vulnerability and threat associated with the system.

A threat is any incident which affect the system in a negative way.

In in-store automated supermarket shopping system should have security to avoid the misuse of things, theft, or accessing the data by unauthorized person.

And security may support to avoid destroy, damage of asset.