This page contains a Flash digital edition of a book.
18 LOSSPREVENTION&SECURITY


HOMEBASE ENHANCES INCIDENT MANAGER


H


ome improvement retailer Homebase has updated its incident reporting technology. The update enhances the reporting from out-of-hours alarm monitoring personnel, who previously phoned through reports of incidents to the duty profit protection manager, who then had to manually communicate the details of the incident to stakeholders and input the information into the system, while dealing with the incident.


The enhancement gives duty profit protection managers real-time instant updates by email and by SMS, as well as keeping other key stakeholders up to speed on appropriate actions via email. Homebase was already a mature user of ORIS Incident Manager software, but it was mainly used by the profit protection (PP) department. Its team had already


empowered store staff to enter their own store level incident data, but wanted to integrate the reporting of missing


WEB APPLICATION FLAWS IDENTIFIED


SQL injection and cross-site scripting (XSS) were the most common fl aws found in web applications in 2010 according to results from tests carried out by information security experts, NTA Monitor. Data from 118 web application tests showed that more than a quarter (27%) of threats


identifi ed as high risk were categorised as SQL injection, while 21% of medium risk issues were classifi ed as XSS. Other frequently occurring threats to information security included a lack of patching


(16%), denial-of-service (DoS) vulnerabilities affecting Apache web servers (13%), cross-site request forgery (CSRF) (4%), no, or poor, encryption (4%) and issues around password management (4%).


Results also highlighted a marked jump in the average number of vulnerabilities found per


web application – up from 14 in 2009 to 15.6 in 2010. The total number of fl aws identifi ed per test had substantially increased too. In 2010, 70% of tests had more than 11 fl aws compared with just 47% in 2009. Evaluating the test results by industry sector, the sector seen to be the most secure according to test data was fi nance, which had a below-average total number of risks (13.7) per web application test. The retail industry was not far behind, with a total of 14 vulnerabilities identifi ed per test. IT and telecoms was found to be the least secure with a slightly above-average total


number of vulnerabilities, at 16.7 per test. Roy Hills, technical director and NTA Monitor founder, said: “Analysing the data, it seems to be the same old problems as last year, which means that people are not getting on top of the underlying causes of these issues. With fi nes now being handed out to organisations for data loss, it’s vital security managers ensure they have robust security measures in place for web applications, and that they follow them diligently if they are to avoid large-scale information security breaches and the subsequent fi nancial fall-out.”


RETAIL TECHNOLOGY MARCH/APRIL 2011


stock caused by process error at the distribution centres to create an end-to- end auditable supply chain with consistent reporting across the supply chain, as well as enhancing the use of Incident Manager as an integral part of the serious incident response action plan.


The new enhancements and the extension of the existing Incident Manager offered the ability for supply chain personnel and third-party suppliers to raise incidents in conjunction with stores. Using Incident Manager, Homebase also has the ability to feed reported incidents into its Resource2Risk Database, which enables the correct allocation and deployment of resources including guarding, based upon genuine risk and provides a clear audit trail for duty of care.


“ORIS Incident Manager has really


evolved this year and is an integral part of our Resource2Risk response. Our third-party partners in distribution are fully engaged in this process: that gives us full visibility of issues between the supply chain and stores. The duty profit protection managers are fully supported in receiving details of serious incidents: this saves the business a lot of time in non-duplication and avoiding errors, as well as giving profit protection consistent reporting,” said Homebase commercial profit protection manager, Gill Yardley.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40