$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

ISY2003 Information Security

tag 0 Download11 Pages / 2,595 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT
  • Course Code: ISY2003
  • University: Australian Institute
  • Country: Australia


(a.)Research, formulate, develop and document a strategic security policy for your chosen organisation based on the nature of the organisation and the stakeholders in the organisation.

(b.)Based on the security policy you have researched, formulated, developed and documented in the item (a.) above, identify and assess the potential threats and vulnerabilities of the company’s network and discuss how such threats and vulnerabilities can be mitigated based on your research


InfoSec or Information security is the proper practice for preventing from any kind of unauthorized or unauthenticated accessing, destruction, manipulation, recording, inspection, disclosure and using confidential or sensitive information or data (Von Solms and Van Niekerk 2013). The major focus in this case is provided to the effective as well as efficient implementation of procedures and policies and thus not hampering the overall productivity of any specific organization. Security policy and guidelines are required for the purpose of maintaining the proper security standards within the organizational information system (Peltier 2013).

The following report outlines the detailed description regarding the concept of information security for the most popular or famous bank in Australia and New Zealand, namely Commonwealth Bank of Australia. The report will provide a security policy for this Commonwealth Bank of Australia that the organization is following; after proper research and analysis. Furthermore, the probable threats or vulnerabilities will be identified for the organization and proper or suitable mitigation techniques will also be provided in this report.



a) Strategic Security Policy for Commonwealth Bank of Australia

CBA or Commonwealth Bank of Australia is a multinational bank in Australia that has customers in Australia, New Zealand, the United States, the United Kingdom and Asia ( 2018). The main financial and banking services of this bank are broking services, investments, funds management, retail banking, business banking, superannuation, institutional banking and insurance. More than 50000 employees are working in this organization and in 2017; the net income was 9.881 billion Australian dollars.

The security policy provides a set of strategies that the organization is been using for securing their assets and resources from any type of risk or vulnerability. The strategic security policy is mandatory for all organizations. The flow of functionality within the company is being measured with the security policy (Andress 2014). Commonwealth Bank of Australia is following their security policy according to the Privacy Act. The stakeholders of the bank are responsible for providing better efficiency to the ban processes. There are eight groups of stakeholders of CBA, which are customers, employees, investors’ community, suppliers, government or regulators, media, charities or community organizations or NGOs and service providers ( 2018). The security policy of this bank for the stakeholders is given below:

  1. Customer’s Privacy: The first priority is given to the customers’ privacy. The information is kept protected after following various steps. This particular policy is dependent on the significant handling of several credit reports and even other credit information (Webb et al. 2014). The customers’ while filling the application forms, have to sign or agree to the terms and conditions.
  2. Clarity of Information: The second factor in this strategic security policy of Commonwealth Bank of Australia is the clarity of the information collected (Layton 2016). The collect this information, whenever the products and services are being utilized by the customers. The major information that they collect are regarding the customers’ identities like name, address, date of birth, marital status, gender, tax residency status and tax file number. Moreover, the insurance related information as well as the financial or transactional information is also collected in this process (McIlwraith 2016). The bank is thus updated about their customers properly, so that there is no chance of data loss or unauthenticated data access from the respective information systems.
  3. Identification of Authenticated Members: Only the authenticated or the authorized members have the access of their ban details and data. The authenticated members of Commonwealth Bank of Australia are service providers, employers, brokers, agents, advisers, customers and many more (AlHogail 2015). In short, the stakeholders of the bank are the authenticated members.
  4. Utilization of Information: The confidential information of this bank is used with proper privacy and security (Cardenas, Manadhata and Rajan 2013). The collection, use and exchanging of this information is done by at first confirming the identity, irrespective of the fact that the information is of employees or customers of the bank. Then, the application for the product or service is being assessed. The next step is to design, manage, price and finally provide the respective products and services. The minimization of risks or identification of fraud or illegal activities is the next step (Laszka, Felegyhazi and Buttyan 2015). Finally, Commonwealth Bank of Australia manages the information after complying with laws and then assisting the government and law enforcement agencies.
  5. Sharing of Information: The Commonwealth Bank of Australia is extremely careful about their information and makes sure that the information is being accessed or used by only the authorized users (Da Veiga and Martins 2015). The service providers like product distributors, loyalty program partners and insurers are the first people, who have the access to this type of information. Moreover, the guarantors, security providers, auditors, brokers, agents, advisers, assessors, investigators, card holders, law enforcement agencies, regulators, government agencies and many more also have the access of sensitive information (Tamjidyamcholo et al. 2014). These above mentioned are extremely safe and secured and hence there is less chance of data loss or data theft.
  6. Maintaining Information Security: There are certain methods followed in this organization to maintain the confidentiality and integrity of their confidential data. The first method is to train the staffs and the secure the handling and storage. Next, they have put various security mitigation techniques within their systems like firewalls, virus scanning tools, intrusion detection for stopping the viruses and unauthorized data access (Lebek et al. 2014). Secured networks and encryption techniques are being used for system security. Moreover, cameras, alarms, armed guards and other controls are installed within the building.
  7. Data Update: The confidential data of the customers are updated periodically and checked whether the confidentiality and integrity are maintained properly (Safa and Von Solms 2016). When any type of incorrect information is provided to them, they cross check the data within 30 days and change the data accordingly.
  8. Maintaining Privacy Complaint: When any type of concern or complaint is registered regarding the privacy, the CBA takes this on a serious note and handle the complaint and try to fix the problem (Zhao and Ge 2013). A couple of steps are followed for this.

b) Identification and Assessing of Potential Threats and Vulnerabilities with Mitigation Techniques
  1. Threats or Vulnerabilities: The various important and dangerous threats and vulnerabilities for the computer network of Commonwealth Bank of Australia are extremely vulnerable for the sensitive information (Van Deursen, Buchanan and Duff 2013). These threats or vulnerabilities for the CBA network are given below:
  2. Trojan Horse: The first potential risk or vulnerability to the computer network of Commonwealth Bank of Australia is the Trojan horse. It is a malicious program, which eventually misleads every intended or authenticated user. These malicious programs are spread through social engineering attacks like duping the user to open an attachment sent to him via emails (Chen, Ramamurthy and Wen 2015). These emails usually act as the unsuspicious in nature and even by clicking on any fake advertisement or link provided while using social media account. As soon as the user clicks on that link, the programs enters into the device and all the data are being hacked by the attacker.
  3. Denial of Service Attacks: DoS or denial of service attack can be defined as the kind of attack, in which the attacker gets into the machine or network resources with the core purpose for making it absolutely unavailable for each and every authenticated user by the temporary or permanent disruption of services of the specified host, which is being connected to the Internet (Shamala, Ahmad and Yusoff 2013). The denial of service attacks are usually accomplishment by the flooding of target machine or resource with the core purpose of overloading the information systems and hence preventing legalized requests from being fulfilled. The second version of this threat is the DDoS or distributed denial of service attack where numerous systems are involved.
  4. Malicious Program: Another popular and significant threat or vulnerability for the information system of CBA is the presence of a malicious program. This type of program or software is also termed as computer virus (Von Solms and Van Niekerk 2013). The malicious program, whenever or wherever executed, replicates itself after proper modifications of all other computer programs of that particular device. The own code is being inserted in the next process and when this replication is completed; the respective affected areas could be termed as extremely infected by this virus.
  5. Phishing: This is the fourth popular threat or vulnerability to the computer network of Commonwealth Bank of Australia (Cardenas, Manadhata and Rajan 2013). It is fraudulent attempt to gain the access of confidential information such as usernames, passwords and even the credentials of credit cards for any type of malicious reason after acting as a trustworthy entity for the users in the electronic communications. This phishing risk or vulnerability could be easily carried out by two methods, which are spoofing of the electronic mails and instant messaging (Peltier 2013). The various hackers are responsible for directing the authorized users to enter their sensitive information within any fake website. The major ways for communication are social websites, auction sites, banks, online payment processors and many others.
  6. Eavesdropping: The next significant risk to the computer network of CBA is eavesdropping. It is the basic method for unauthenticated monitoring of authenticated peoples’ communications. The hacker secretly listens or accesses the private communications or data without even taking proper consent (Da Veiga and Martins 2015). The instant messaging and emails are the most basic methods for executing this threat. VoIP communications are the most important forms of eavesdropping with Trojan horse.
  7. Mitigation Techniques for the Threats or Vulnerabilities: The above mentioned threats or vulnerabilities could be mitigated with proper techniques for the respective network of the Commonwealth Bank of Australia (Laszka, Felegyhazi and Buttyan 2015). These mitigation techniques are as follows:


  1. Mitigation Techniques for Trojan horse: The best technique for mitigating this particular threat for Commonwealth Bank of Australia’ computer network is the implementation of firewalls (Safa and Von Solms 2016). These firewalls are effective as they could detect and prevent the vulnerabilities or attacks.
  2. Mitigation Techniques for Denial of Service Attacks: The are two techniques to mitigate this type of attack. The first technique is by using over provisioning of brute force defence and the second mitigation technique is by configuring the respective IP accessing list or the windows firewalls (AlHogail 2015). The detection as well as prevention of these attacks are possible only with the presence of firewalls.
  3. Mitigation Techniques for Malicious Programs: The malicious programs are the most dangerous or vulnerable vulnerabilities for the computer networks of Commonwealth Bank of Australia (Layton 2016). Two distinct types of the security measures are effective to mitigate this kind of threat. The first and the foremost mitigation technique for computer virus is by implementing the best antivirus software and when the implementation process is being completed, the updates are to be downloaded so that each and every latest fix of virus is possible (Peltier 2013). The next technique to mitigate these programs is to ensure that this software can scan emails.
  4. Mitigation Techniques for Phishing: A continuous up gradation of antivirus software or providing proper training to the employees or staffs of Commonwealth Bank of Australia is the best technique to mitigate the basic issue of phishing. A trained IT person will never click on any unnamed or suspicious electronic mails or websites (McIlwraith 2016). He should be careful enough in this case for reducing these issues. Moreover, regular up gradation of software has the ability to detect or prevent against any such fraudulent attempts.
  5. Mitigation Techniques for Eavesdropping: The eavesdropping threat is yet another significant threat for computer networks. This could be mitigated by using encryption technique for the messages (Van Deursen, Buchanan and Duff 2013). Each and every message or datum that is to be sent to the user should be in encrypted or hidden format, so that the unauthenticated users do not get the hold of it.


Therefore, from the above report, conclusion can be drawn that the information security is the most important and significant requirement for each and every organization. The most significant and vital need of this information security can be stated as that it is helpful for the proper establishment of setting the business processes and hence protecting or preventing the assets or resources from risks and vulnerabilities. The data modification, without taking the consent from the authorized or intended users, could be easily detected as well as prevented by taking the significant help from risk management plan and hence eradicating the various probable vulnerabilities and threats. There is a significant process to manage the probable risks for identifying assets, risks, vulnerabilities, mitigation techniques for controlling these risks and the major impact of the risks in an information system. This report has perfectly described the proper information security or InfoSec for the most popular bank in Australia, known as Commonwealth Bank of Australia. The strategic security policy of this bank is provided in the report for helping them to identify the existing risks or threats for their information systems. Moreover, the various risks are also identified for this particular bank with their relevant mitigation techniques.



AlHogail, A., 2015. Design and validation of information security culture framework. Computers in Human Behavior, 49, pp.567-575.

Andress, J., 2014. The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.

Cardenas, A.A., Manadhata, P.K. and Rajan, S.P., 2013. Big data analytics for security. IEEE Security & Privacy, 11(6), pp.74-76.

Chen, Y.A.N., Ramamurthy, K.R.A.M. and Wen, K.W., 2015. Impacts of comprehensive information security programs on information security culture. Journal of Computer Information Systems, 55(3), pp.11-19. 2018. Privacy Policy-CommBank. [online] Available at:  [Accessed 16 Sep. 2018]. 

Da Veiga, A. and Martins, N., 2015. Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, pp.162-176.

Laszka, A., Felegyhazi, M. and Buttyan, L., 2015. A survey of interdependent information security games. ACM Computing Surveys (CSUR), 47(2), p.23.

Layton, T.P., 2016. Information Security: Design, implementation, measurement, and compliance. Auerbach Publications.

Lebek, B., Uffen, J., Neumann, M., Hohler, B. and H. Breitner, M., 2014. Information security awareness and behavior: a theory-based literature review. Management Research Review, 37(12), pp.1049-1092.

McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Safa, N.S. and Von Solms, R., 2016. An information security knowledge sharing model in organizations. Computers in Human Behavior, 57, pp.442-451.

Shamala, P., Ahmad, R. and Yusoff, M., 2013. A conceptual framework of info structure for information security risk assessment (ISRA). Journal of Information Security and Applications, 18(1), pp.45-52.

Tamjidyamcholo, A., Baba, M.S.B., Shuib, N.L.M. and Rohani, V.A., 2014. Evaluation model for knowledge sharing in information security professional virtual community. Computers & Security, 43, pp.19-34.

Van Deursen, N., Buchanan, W.J. and Duff, A., 2013. Monitoring information security risks within health care. computers & security, 37, pp.31-45.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Webb, J., Ahmad, A., Maynard, S.B. and Shanks, G., 2014. A situation awareness model for information security risk management. Computers & security, 44, pp.1-15.

Zhao, K. and Ge, L., 2013, December. A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013 9th International Conference on (pp. 663-667). IEEE.


Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2019). Information Security. Retrieved from

"Information Security." My Assignment Help, 2019,

My Assignment Help (2019) Information Security [Online]. Available from:
[Accessed 31 May 2020].

My Assignment Help. 'Information Security' (My Assignment Help, 2019) <> accessed 31 May 2020.

My Assignment Help. Information Security [Internet]. My Assignment Help. 2019 [cited 31 May 2020]. Available from:

Are you feeling frustated running over assignment writing services who commit something and deliver other? Are you tired os pending huge on getting simple help for your solve my assignment problems? Well, we do not say that you should hire us but of course, you should give us a try. We know you will never look anywhere else after that. This is because we have one of the fastest turnaround time in the industry, a team of 5000+ phd experts, a strong editorial team and an ever responding student support team. Know what quality assignment means just by joining us.

Latest It Write Up Samples

ITC544 IT Fundamentals 3

Download : 0 | Pages : 2
  • Course Code: ITC544
  • University: Charles Sturt University
  • Country: Australia

Answers: 1. (a): Firstly, let covert hexadecimal Number (6A) to equivalent decimal number. =(6A) 16                                                         &nb...

Read More arrow

1220HSL Information Systems For Services Industries

Download : 0 | Pages : 7
  • Course Code: 1220HSL
  • University: Griffith University
  • Country: Australia

Answer: Introduction The modern age of technology has brought various innovations including the eruption of a new technological innovation, known as the digital trends. In this case, a business is represented via websites and people no longer need to maintain physical retail spaces for selling goods online. As a result, the economy of the countries have also been increased mainly due to the fact that they are also supporting the innovations of ...

Read More arrow

MIS775 Decision Models For Business Analytics

Download : 0 | Pages : 5

Answer: Introduction 15 stocks from the ASX (Australian Stock Exchange) are evaluated using the LP model, the ILP model, and the NLP model as approaches in optimizing the portfolio The securities are chosen according to restrictions of asset classes and individual risk appetites The securities are also chosen according to the portfolio size restrictions and risk appetite, as well as based on portfolio risk and the required return ...

Read More arrow

ITC504 Interface Useability

Download : 0 | Pages : 6
  • Course Code: ITC504
  • University: Charles Sturt University
  • Country: Australia

Answer: About the Applicaiton The application interface that has been developed here is for a local farm shop. They run a store and also a local restaurant. The local farm shop demands to design a mobile application for their customers through which they can cater online services and concurrently expand their market. Their main products include food, wine and gifts. Apart from to selling farm products, they also run a small restaurant. The cust...

Read More arrow

MAN2092 Management Information Systems

Download : 0 | Pages : 12
  • Course Code: MAN2092
  • University: University Of Surrey
  • Country: United Kingdom

Answer: Introduction Information systems facilitate to provide accurate and timely information to management for the purpose of decision making and thus it is known as information management system. The purpose of information system is to deliver relevant and accurate information to managers so that it enables them to formulate business strategies. Thus, information system plays an important role in formulating business strategies. Further it...

Read More arrow

Save Time & improve Grade

Just share Requriment and get customize Solution.

We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits




Overall Rating



Our Amazing Features


On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.


Plagiarism Free Work

Using reliable plagiarism detection software, only provide customized 100 percent original papers.


24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.


Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.


Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

1758 Order Completed

99% Response Time

William Martinez

MS in Biology

Washington, United States

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

2109 Order Completed

99% Response Time

Emma Zhong

Ph.D in Project Management with Specialization in Project Communications Management

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

1592 Order Completed

96% Response Time

Jane Sima

Ph.D in Psychology with Specialization in Industrial-Organizational Psychology

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

529 Order Completed

95% Response Time

Ivan Blank

PhD in Functional Human Biology

Wellington, New Zealand

Hire Me

FREE Tools


Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.


Essay Typer

Get different kinds of essays typed in minutes with clicks.


GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.


Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.


Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability




Your Approx Earning

Live Review

Our Mission Client Satisfaction

I would recommend it to my friends, easy to contact. always on time and offering good prices


User Id: 412828 - 31 May 2020


student rating student rating student rating student rating student rating

The work was phenomenally done, and it was even praised. I highly recommend this site, the service and help, altogether, I would not have passed any classes if it weren\'t for you guys and gals


User Id: 260056 - 31 May 2020


student rating student rating student rating student rating student rating

The assignment was very well written, and the teacher was very pleased and praised the work.


User Id: 260056 - 31 May 2020


student rating student rating student rating student rating student rating

For once, what I asked for was delivered without any hassle and going back and forth. Whichever writer did the assignment, thank you so much for revamping my assignment based on the feedback that was provided.


User Id: 423899 - 31 May 2020


student rating student rating student rating student rating student rating
callback request mobile
Have any Query?