logo

Strategic Information System Policy for Commonwealth Bank

This report gives you the opportunity to research and analyze hot topics related to information security. Submit a word document through Turnitin in the unit Moodle page.

12 Pages3253 Words308 Views
   

Added on  2023-06-04

About This Document

This report discusses the need for a strategic information system policy for Commonwealth Bank to safeguard its information and identity against cyber-attacks. It covers the policies, security management program, organization of information security, security risk assessment, and more.

Strategic Information System Policy for Commonwealth Bank

This report gives you the opportunity to research and analyze hot topics related to information security. Submit a word document through Turnitin in the unit Moodle page.

   Added on 2023-06-04

ShareRelated Documents
Information Security Report 1
A Strategic Information System Policy for Commonwealth Bank
Student
Course
Tutor
Institutional Affiliations
State
Date
Strategic Information System Policy for Commonwealth Bank_1
Information Security Report 2
Executive summary
In the recent past, Commonwealth Corporation has experienced a growing threat
concerning cyber-attacks and need to formulate policies that assist in safeguarding its
information and identity. Commonwealth is one of the major banks in Australia, the bank admits
a major cyber-attack that exposed financial records for over 20 million clients (BBC News,
2018). According to the bank’s stakeholders, two magnetic data tapes containing sensitive data
for customers including names, account numbers, addresses, as well as transaction details were
missing. The organization reported the issues at the Office of the Australian Information
Commissioner shortly after the occurrence.
Upon forensic investigation, it was found that only 150 people in the organization
including the senior specialist team and risk specialist team were a where of the security breach.
The bank, however, attempts to cover the information in vain as the revelation comes at a time
when all Australian banks are under the unexpected scrutiny for misconduct by a royal
commission in the country. With the inclined cybersecurity concerns, there is a need to
formulate, develop and implement a strategic security policy for the Commonwealth Corporation
in response to the security breach experienced in the organization.
This policy is formulated to secure the information assets including but not limited to
confidential information as well as personal information that is collected, stored, used, and
disseminated while serving customers. The policy is expected to be used as a basis for training
the organization’s security officials, the senior specialist team and other staffs.
Strategic Information System Policy for Commonwealth Bank_2
Information Security Report 3
Table of Contents
Executive summary...................................................................................................................................2
Introduction...............................................................................................................................................4
Policy purpose........................................................................................................................................4
Scope.......................................................................................................................................................5
Policy formulation.....................................................................................................................................5
The information system policies of Commonwealth bank..................................................................5
Security management program........................................................................................................6
Organization of information security...............................................................................................6
Security risk assessment....................................................................................................................7
Security risk treatment......................................................................................................................7
Staff and contractor access...............................................................................................................7
Environmental and physical security...............................................................................................7
Property management.......................................................................................................................8
The potential threats and vulnerability of security of Commonwealth.................................................8
How the threats and vulnerabilities of the Commonwealth organization can be mitigated................9
Conclusion..................................................................................................................................................9
Reference list............................................................................................................................................11
Strategic Information System Policy for Commonwealth Bank_3
Information Security Report 4
Introduction
The Commonwealth Bank of Australia has reportedly experienced a considerable cyber-
attacks which are alleged to have compromised personal data for millions of its clients. BBC
news has come up with a report revealing more details concerning the attack. According to the
report, the corporate lost personal information for more than 20 million clients and attempts to
cover the breach to its customers (BBC News, 2018). As such, it is essential for the organization
to have policies in place and in effect if they will offer a reasonable assurance to clients that the
security concerns in the organization are addressed. The commonwealth organization needs to
exercise its due diligence in formulating, documenting and implementing security governance
and achieve compliance with the overall goals of information security laws as well as standards
to which there data including but not limited to personal information are used.
As stated by Abawajy, (2014, pp.237-248), the information security policy is an umbrella
that defines the security programs at the Commonwealth Corporation. It also offers the
foundation where security programs will be designed and adopted by each department within the
Commonwealth organization. Based on the nature of the organization and its stakeholders, this
article seeks to research, formulate, and document a strategic information security policy for the
Corporation. The information policy system will be formulated with the policy statements which
are supported by the high-level description of the requirements for implementations of the laws.
Policy purpose
The main purpose for the system security policy is to outline the security goals and
objectives regarding protection of the corporate’s information assets such as technology
resources, personal information, and confidential information among other sensitive data as a
step into creating the programmatic controls, policies and procedures that protect the
organization’s sensitive information from threats whether deliberate or accidental and whether
internal or external threats. Along with the three guiding principles of information security i.e.
integrity, confidentiality, and availability, the corporate must consider the implementation of all
security controls against the applicable policies, standards, laws, and regulations (Dittrich, and
Kenneally, 2012, pp.27-33; Dubois, Heymans, Mayer, and Matulevičius, 2010, pp. 289-306).
Strategic Information System Policy for Commonwealth Bank_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cyber Security Threats and Data Flow Diagrams
|8
|2067
|160

JP Morgan Data Breach
|5
|722
|96

Developing Information Security Policies for Xero
|14
|4396
|167

MGMT6013 Managing Information System | Security Policy
|14
|4311
|36

Information Security Breaches in Commonwealth Bank
|10
|2249
|330

Cyber Security Assignment- Business Research Methodology
|15
|3900
|51