ISY203 Information Security

Introduction

Information security is the procedure to keep the confidential information extremely safe and secured (Crossler et al. 2013, p. 93). The availability, integrity and privacy of the information are maintained properly with the information security. The various methods like the intrusion detection systems, firewalls as well as vulnerability scanners help to maintain type of security with utmost priority (Andress 2014, p. 3). These above mentioned methods of information security are responsible to provide better efficiency and effectiveness to the products and services of that specific organization.

This report will be providing a detailed image of the information security for the most popular banks in Australia, known as Commonwealth Bank of Australia or CBA. This is one of the oldest banks in Australia and New Zealand and is quite popular for its unique strategies. The report will also demonstrate the strategic security policy of this bank with relevant details. The various threats will be identified and the mitigation techniques will be given properly.

Discussion

a) Strategic Security Policy for Commonwealth Bank of Australia

CBA or Commonwealth Bank of Australia is the largest Australian bank and they have been providing several services to the customers in various countries like Australia, Asia, New Zealand, and United Kingdom and even in United States (Commbank.com.au. 2018). Various services related to banking are provided by them. Moreover, the financial services like broking services, funds management, retail banking, superannuation, institutional banking, investments, business banking and various others. The number of employees in this organization is not less than fifty thousand and hence as per a significant recent survey, the total income of the Commonwealth Bank of Australia was around 9.881 billion Australian dollars in the entire year of 2017 (Commbank.com.au. 2018).

The strategic security policy is the document that eventually states the procedure of protection of the organization’s physical as well as information technology assets (Van Deursen, Buchanan & Duff 2013, p. 33). This security policy is also considered as the most important and significant part of an organizational information system. This particular strategic security policy is updated periodically so that the organization does not face any issue related to the information security. The stakeholders of the organization are majorly involved and also have a strong impact on this type of policy. The Commonwealth Bank of Australia has properly divided the list stakeholders to eight sub divisions. These eight divisions are media, regulator or government, community organization or NGO, employees, customers, service providers, investor community and suppliers (Commbank.com.au. 2018). The basic strategic security policy of this particular bank is provided below:

iii) Recognizing the Authenticated Members: The third factor of the strategic security policy for Commonwealth Bank of Australia is the recognizing of all the authenticated and authorized members. The respective sensitive data or information is only accessed by these specific members (Chen, Ramamurthy & Wen 2015, p. 15). The stakeholders of this bank can only access these data and these stakeholders are brokers, agents, customers, service providers, owners, employers and various others.

vii) Proper Actions to the Privacy Complaints: The bank ensures that the customers are getting security to their confidential information. When the client will be complaining about the security issues, this particular organization is responsible for taking proper actions against these complaints and thus all the issues could be mitigated.

b) Identification and Assessment of Potential Threats and Vulnerabilities with Mitigation Techniques

iii) Malicious Software: The malicious software is the third popular type of threat or vulnerability for the CBA network. This is also termed as the computer virus that can easily steal the data by entering into the specific system and by replicating itself as many viruses and thus modifying the rest of the computer software within that system.  

iii) Mitigation Technique for Malicious Software: Two specific mitigation techniques are present for the purpose of mitigating this particular threat in CBA network. The first is to implement antivirus software in the systems and also taking regular updates from that software. The second technique for mitigating malicious software is by scanning all the emails regularly.

Conclusion

Therefore, from the above discussion, it can be concluded that the information security is the basic procedure for protecting the confidentiality, integrity as well as availability of the information or information assets, irrespective of the fact that they are kept in storage, transmission or processing. The authenticated or authorized users have the legalized access to the basic system, where the hackers do not get the access to such systems. Since, it protects from the intentional and unintentional attacks, most of the organizations have implemented information security in their businesses. The above report has properly outlined the strategic security policy of Commonwealth Bank of Australia with significant details. Moreover, the threats or risks for this company are identified and also the mitigation techniques are provided here.

References

Ahmad, A., Maynard, S.B. and Shanks, G., 2015. A case analysis of information systems and security incident responses. International Journal of Information Management, 35(6), pp.717-723.

Allam, S., Flowerday, S.V. and Flowerday, E., 2014. Smartphone information security awareness: A victim of operational pressures. Computers & Security, 42, pp.56-65.

Andress, J., 2014. The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.

Chen, Y.A.N., Ramamurthy, K.R.A.M. and Wen, K.W., 2015. Impacts of comprehensive information security programs on information security culture. Journal of Computer Information Systems, 55(3), pp.11-19.

Commbank.com.au. 2018. Privacy Policy-CommBank. [online] Available at: https://www.commbank.com.au/content/commbank-neo/security-privacy/general-security/privacy-policy-html-version.html  [Accessed 19 Sep. 2018]. 

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.

Harkins, M., 2013. Managing risk and information security: protect to enable. Apress.

Lee, M.C., 2014. Information security risk analysis methods and research trends: AHP and fuzzy comprehensive method. International Journal of Computer Science & Information Technology, 6(1), p.29.

Ö?ütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information security behavior and awareness. Computers & Security, 56, pp.83-93.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Sommestad, T., Karlzén, H. and Hallberg, J., 2015. The sufficiency of the theory of planned behavior for explaining information security policy compliance. Information & Computer Security, 23(2), pp.200-217.

Vacca, J.R. ed., 2013. Managing information security. Elsevier.

Van Deursen, N., Buchanan, W.J. and Duff, A., 2013. Monitoring information security risks within health care. computers & security, 37, pp.31-45.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Wang, T., Kannan, K.N. and Ulmer, J.R., 2013. The association between the disclosure and the realization of information security risk factors. Information Systems Research, 24(2), pp.201-218.

Zhang, Y., Zhang, L.Y., Zhou, J., Liu, L., Chen, F. and He, X., 2016. A review of compressive sensing in information security field. IEEE access, 4, pp.2507-2519.