Information Security: Commonwealth Bank of Australia

Verified

Added on  2023/06/04

|11
|3169
|213
AI Summary
This report discusses the information security measures implemented by Commonwealth Bank of Australia (CBA) to protect confidential information. It covers the strategic security policy of CBA, identification of potential threats and vulnerabilities, and mitigation techniques. The report highlights the importance of information security in maintaining the confidentiality, integrity, and availability of information assets.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: INFORMATION SECURITY
Information Security: Commonwealth Bank of Australia
Name of the Student
Student ID
Subject
Date
Author’s Note:
Word Count: 2120

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
INFORMATION SECURITY
Executive Summary
The aim of this report is to know about the information security for Commonwealth Bank of
Australia. The access to the stored data or information has subsequently incremented with the
information security. The information security is responsible for incorporating the security
related products, policies, procedures and technologies. The issues related to information
security should be resolved under any circumstances. This type of security to the confidential
information is usually achieved through the proper application of education, training,
awareness, policies, procedures and technologies. Moreover, the information systems are also
secured with the help of this particular security. Information security is responsible for
controlling the access of data and information. The ability for using, manipulating, modifying
and finally affecting the objects or products is checked with the information security. The
report has clearly demonstrated that strategic security policy of CBA and the probable risks
and their mitigation techniques.
Document Page
2
INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................3
a) Strategic Security Policy for Commonwealth Bank of Australia......................................3
b) Identification and Assessment of Potential Threats and Vulnerabilities with Mitigation
Techniques.............................................................................................................................6
Conclusion..................................................................................................................................8
References..................................................................................................................................9
Document Page
3
INFORMATION SECURITY
Introduction
Information security is the procedure to keep the confidential information extremely
safe and secured (Crossler et al. 2013, p. 93). The availability, integrity and privacy of the
information are maintained properly with the information security. The various methods like
the intrusion detection systems, firewalls as well as vulnerability scanners help to maintain
type of security with utmost priority (Andress 2014, p. 3). These above mentioned methods
of information security are responsible to provide better efficiency and effectiveness to the
products and services of that specific organization.
This report will be providing a detailed image of the information security for the most
popular banks in Australia, known as Commonwealth Bank of Australia or CBA. This is one
of the oldest banks in Australia and New Zealand and is quite popular for its unique
strategies. The report will also demonstrate the strategic security policy of this bank with
relevant details. The various threats will be identified and the mitigation techniques will be
given properly.
Discussion
a) Strategic Security Policy for Commonwealth Bank of Australia
CBA or Commonwealth Bank of Australia is the largest Australian bank and they
have been providing several services to the customers in various countries like Australia,
Asia, New Zealand, and United Kingdom and even in United States (Commbank.com.au.
2018). Various services related to banking are provided by them. Moreover, the financial
services like broking services, funds management, retail banking, superannuation,
institutional banking, investments, business banking and various others. The number of
employees in this organization is not less than fifty thousand and hence as per a significant
recent survey, the total income of the Commonwealth Bank of Australia was around 9.881
billion Australian dollars in the entire year of 2017 (Commbank.com.au. 2018).
The strategic security policy is the document that eventually states the procedure of
protection of the organization’s physical as well as information technology assets (Van
Deursen, Buchanan & Duff 2013, p. 33). This security policy is also considered as the most
important and significant part of an organizational information system. This particular

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
INFORMATION SECURITY
strategic security policy is updated periodically so that the organization does not face any
issue related to the information security. The stakeholders of the organization are majorly
involved and also have a strong impact on this type of policy. The Commonwealth Bank of
Australia has properly divided the list stakeholders to eight sub divisions. These eight
divisions are media, regulator or government, community organization or NGO, employees,
customers, service providers, investor community and suppliers (Commbank.com.au. 2018).
The basic strategic security policy of this particular bank is provided below:
i) Security of Clients: The clients of the Commonwealth Bank of Australia are
always kept on first priority and thus they can secure the information easily and promptly
(Von Solms & Van Niekerk 2013, p. 100). The strategic security policy depends on the
handling of several credit information and credit reports. When the clients will be filling the
application forms, they would be agreeing to the terms or conditions of the bank.
ii) Clarity of Information: The second factor in the strategic security policy of
Commonwealth Bank of Australia is the clarity of information. To collect the confidential
information, this bank subsequently checks the products or services, which are utilized by the
customers (Peltier 2013, p. 2). The confidential information that is collected by this bank is
majorly regarding the personal identities of those clients like name, address, date of birth, tax
residency status and even the tax file numbers. This information that is related to finance,
transaction or insurance could be easily collected by the procedure. This particular bank also
updates these data about their customers, with the purpose to not lose data and hence stopping
the unauthorized data access.
iii) Recognizing the Authenticated Members: The third factor of the strategic security
policy for Commonwealth Bank of Australia is the recognizing of all the authenticated and
authorized members. The respective sensitive data or information is only accessed by these
specific members (Chen, Ramamurthy & Wen 2015, p. 15). The stakeholders of this bank can
only access these data and these stakeholders are brokers, agents, customers, service
providers, owners, employers and various others.
iv) Utilizing the Information: The next important and significant factor of the
strategic policy of this particular organization of Commonwealth Bank of Australia is the
proper usage of the information (Lee 2014, p. 29). This type of confidential information is
used only after the successful implementation of several privacy or security measures. This
collection, utilization or exchanging of information is easily done when the identities of the
Document Page
5
INFORMATION SECURITY
clients or staffs of the bank are eventually confirmed or verified. Then, the assessment of the
applications related to services and products are also completed in this case. The next step for
using the information is to design, manage and finally provide these several services or
products. Thus, these various vulnerable threats or risks can be easily reduced and all the
illegal activities could be recognized by this (Sommestad, Karlzén & Hallberg 2015, p. 213).
The Commonwealth Bank of Australia has implemented few laws to manage the sensitive
information.
v) Information Sharing: This CBA is extremely careful about the customer’s data
and thus it is being ensured by them that the data is only used by all the authorized users. The
several providers of service in this bank like the insurers, product distributors or the loyalty
program partners gets the first priority for data access (Vacca 2013, p. 4). Moreover, the other
people like security providers, investigators, brokers, law enforcement agency, government
agencies, card holders, auditors, advisers, assessors and various others get the second priority
for accessing any type of confidential data or information.
vi) Maintaining Relevant Information Security: The several methods that are easily
followed in the particular organization of Commonwealth Bank of Australia for the perfect
maintenance of integrity and confidentiality of information are also updated periodically by
them (Harkins 2013, p. 4). The most effective and efficient method for this particular
scenario is the proper training provided to the staffs for understanding the importance of
information security and usage of the security measures. This particular bank is utilizing
some of the major techniques for mitigating the issues of data security like antivirus software,
firewall software, intrusion detection system for detecting and preventing the virus attacks.
Moreover, encryption technique is also used by them for the purpose of securing the systems
and encoding the data into cipher texts (Allam, Flowerday & Flowerday 2014, p. 62). The AI
based security controls are the latest versions of security installed in this company.
vii) Proper Actions to the Privacy Complaints: The bank ensures that the customers
are getting security to their confidential information. When the client will be complaining
about the security issues, this particular organization is responsible for taking proper actions
against these complaints and thus all the issues could be mitigated.
Document Page
6
INFORMATION SECURITY
b) Identification and Assessment of Potential Threats and Vulnerabilities
with Mitigation Techniques
I) Threats or Vulnerabilities: The threats as well as vulnerabilities for the respective
network of the Commonwealth Bank of Australia are extremely vulnerable for these bank
information or details (Öğütçü, Testik & Chouseinoglou 2016, p. 85). The several possible
threats or risks for the computer network of this specific bank are listed below:
i) Phishing: The first and the foremost threat or vulnerability for the respective
computer network of the Commonwealth Bank of Australia is phishing. This is considered as
the most dangerous and the most common threat for any type of banking system (Zhang et al.
2016, p. 2510). It is the respective fraudulent attempt that is responsible to obtain the
complete access of the confidential data such as passwords, usernames or even the details of
credit cards. This type of malicious activity is usually executed by acting as a major
trustworthy entity for the users. Emails are the most and the most popular modes of spreading
these data. Email spoofing and the instant messaging are the most common modes of
spreading phishing for any specific user. The various significant hackers are responsible for
directing all of these authorized users by simply entering sensitive data within the forged
websites (Ahmad, Maynard & Shanks 2015, p. 720). The most significant methods for
communicating with the authenticated users for executing phishing threat are online payment
processing, social websites, banks or even the auction sites.
ii) Eavesdropping: The next significant and important threat for the threat to the
computer network of the Commonwealth Bank of Australia is the eavesdropping. The
authenticated communication within two intended users is being monitored in an
authenticated way by this threat (Wang, Kannan & Ulmer 2013, p. 210). The hackers could
easily access the confidential communication secretly without even taking any permission
from the authenticated people. The respective vulnerability of eavesdropping could be easily
carried out by instant messaging. The VoIP protocol is also used for executing the threat.
iii) Malicious Software: The malicious software is the third popular type of threat or
vulnerability for the CBA network. This is also termed as the computer virus that can easily
steal the data by entering into the specific system and by replicating itself as many viruses
and thus modifying the rest of the computer software within that system.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
INFORMATION SECURITY
iv) Denial of Service Attacks: Another common vulnerability for the network of CBA
is the denial of service attack. Within this particular attack, the attacker can promptly get into
the network resources or machines with the major purpose of making the systems or network
resources absolutely unavailable or inaccessible for the authenticated users (Von Solms &
Van Niekerk 2013, p. 98). The services are completely disrupted by the hacker and hence the
user cannot access the data at any cost.
v) Trojan Horse: It is the specific malicious program, which is majorly responsible to
mislead the intended or authenticated users. The network of CBA might face this
vulnerability in their information security. This is usually spread by the attack of social
engineering and is always sent by emails (Peltier 2013, p. 1). The user is duped by the
attacker in such a manner that the victim is bound to click on the link sent by that attacker
and the Trojan enters the system.
II) Mitigation Techniques for Threats or Vulnerabilities: The mentioned risks for
CBA network could be eventually mitigated after the successful implementation of some
mitigation techniques. These mitigation techniques are listed below:
i) Mitigation Technique for Phishing: The threat of phishing should be mitigated as
soon as possible for any banking sector. The continuous up gradation of the antivirus
software is the first and the foremost requirement (Andress 2014, p. 5). Furthermore, training
is also needed for the employees for the proper usage of over provisioning of the various
brute force defences within the information system. Another important technique to mitigate
these issues is by avoiding clicking on the unauthorized emails and websites.
ii) Mitigation Technique for Eavesdropping: The only method to mitigate this type
of vulnerability is implementation of encryption. The attackers do not get the proper access of
the sensitive data if those data will be encrypted into hidden formats (Lee 2014, p. 29).
Moreover, the technique of encryption is also cost effective and hence could be easily
afforded.
iii) Mitigation Technique for Malicious Software: Two specific mitigation
techniques are present for the purpose of mitigating this particular threat in CBA network.
The first is to implement antivirus software in the systems and also taking regular updates
from that software. The second technique for mitigating malicious software is by scanning all
the emails regularly.
Document Page
8
INFORMATION SECURITY
iv) Mitigation Technique for Denial of Service Attacks: The first and the foremost
technique for mitigating DoS attack is the configuring the IP access lists on the windows
firewalls (Crossler et al. 2013, p. 99). The next technique is by over provisioning the brute
force defence.
v) Mitigation Technique for Trojan Horse: Implementation of firewalls is the best
technique to prevent and mitigate the Trojan horse. It would help in detecting the
vulnerabilities easily and promptly.
Conclusion
Therefore, from the above discussion, it can be concluded that the information
security is the basic procedure for protecting the confidentiality, integrity as well as
availability of the information or information assets, irrespective of the fact that they are kept
in storage, transmission or processing. The authenticated or authorized users have the
legalized access to the basic system, where the hackers do not get the access to such systems.
Since, it protects from the intentional and unintentional attacks, most of the organizations
have implemented information security in their businesses. The above report has properly
outlined the strategic security policy of Commonwealth Bank of Australia with significant
details. Moreover, the threats or risks for this company are identified and also the mitigation
techniques are provided here.
Document Page
9
INFORMATION SECURITY
References
Ahmad, A., Maynard, S.B. and Shanks, G., 2015. A case analysis of information systems and
security incident responses. International Journal of Information Management, 35(6),
pp.717-723.
Allam, S., Flowerday, S.V. and Flowerday, E., 2014. Smartphone information security
awareness: A victim of operational pressures. Computers & Security, 42, pp.56-65.
Andress, J., 2014. The basics of information security: understanding the fundamentals of
InfoSec in theory and practice. Syngress.
Chen, Y.A.N., Ramamurthy, K.R.A.M. and Wen, K.W., 2015. Impacts of comprehensive
information security programs on information security culture. Journal of Computer
Information Systems, 55(3), pp.11-19.
Commbank.com.au. 2018. Privacy Policy-CommBank. [online] Available at:
https://www.commbank.com.au/content/commbank-neo/security-privacy/general-security/
privacy-policy-html-version.html [Accessed 19 Sep. 2018].
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R.,
2013. Future directions for behavioral information security research. computers &
security, 32, pp.90-101.
Harkins, M., 2013. Managing risk and information security: protect to enable. Apress.
Lee, M.C., 2014. Information security risk analysis methods and research trends: AHP and
fuzzy comprehensive method. International Journal of Computer Science & Information
Technology, 6(1), p.29.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Sommestad, T., Karlzén, H. and Hallberg, J., 2015. The sufficiency of the theory of planned
behavior for explaining information security policy compliance. Information & Computer
Security, 23(2), pp.200-217.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10
INFORMATION SECURITY
Vacca, J.R. ed., 2013. Managing information security. Elsevier.
Van Deursen, N., Buchanan, W.J. and Duff, A., 2013. Monitoring information security risks
within health care. computers & security, 37, pp.31-45.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Wang, T., Kannan, K.N. and Ulmer, J.R., 2013. The association between the disclosure and
the realization of information security risk factors. Information Systems Research, 24(2),
pp.201-218.
Zhang, Y., Zhang, L.Y., Zhou, J., Liu, L., Chen, F. and He, X., 2016. A review of
compressive sensing in information security field. IEEE access, 4, pp.2507-2519.
1 out of 11
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]