Information Security Strategic Policy Report: Commonwealth Bank
VerifiedAdded on 2023/06/06
|14
|2833
|167
Report
AI Summary
This report provides a comprehensive analysis of the information security practices of the Commonwealth Bank of Australia. It begins with an introduction to the bank and its stakeholders, followed by an overview of its strategic security policy, including its purpose, objectives, and policy statements. The report then delves into critical aspects such as training, risk assessment and management, and vendor management, including selection processes and contractual agreements. It further examines monitoring procedures, contingency plans, and the roles and responsibilities of stakeholders within the security framework. The report also addresses resource management, cryptographic protocols, and operational responsibilities. A significant portion of the report is dedicated to risk assessment, security measures, and policy approval processes. Finally, it identifies potential threats and vulnerabilities, such as mobile malware and phishing attacks, and outlines the bank's risk mitigation strategies, including contracts, hedging arrangements, insurance, and collateral. The report provides a detailed overview of the bank's approach to maintaining a secure and reliable information environment.
INFORMATION SECURITY
Information Security
Name of the Student
Name of the University
Author Note
Information Security
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SECURITY
Table of Contents
Executive Summary.............................................................................................................................1
Introduction..........................................................................................................................................3
Stakeholders of the organization..........................................................................................................3
Nature of the business..........................................................................................................................4
Strategic Security policy......................................................................................................................4
Purpose and Objectives of the policy...................................................................................................4
Policy statement...................................................................................................................................4
Training................................................................................................................................................5
Risk Assessment and Management......................................................................................................5
Vendor Management............................................................................................................................5
Selection of appropriate vendor.......................................................................................................5
Contracts...........................................................................................................................................6
Monitoring........................................................................................................................................6
Contingency Plan.............................................................................................................................6
Role and Responsibility....................................................................................................................7
Strategic Security Policy Framework...................................................................................................7
Availability and maintenance of strategic security policy...................................................................7
Resource Management.........................................................................................................................8
Cryptographic protocols.......................................................................................................................8
Operational responsibilities..................................................................................................................8
Table of Contents
Executive Summary.............................................................................................................................1
Introduction..........................................................................................................................................3
Stakeholders of the organization..........................................................................................................3
Nature of the business..........................................................................................................................4
Strategic Security policy......................................................................................................................4
Purpose and Objectives of the policy...................................................................................................4
Policy statement...................................................................................................................................4
Training................................................................................................................................................5
Risk Assessment and Management......................................................................................................5
Vendor Management............................................................................................................................5
Selection of appropriate vendor.......................................................................................................5
Contracts...........................................................................................................................................6
Monitoring........................................................................................................................................6
Contingency Plan.............................................................................................................................6
Role and Responsibility....................................................................................................................7
Strategic Security Policy Framework...................................................................................................7
Availability and maintenance of strategic security policy...................................................................7
Resource Management.........................................................................................................................8
Cryptographic protocols.......................................................................................................................8
Operational responsibilities..................................................................................................................8
INFORMATION SECURITY
Risk Assessment...................................................................................................................................8
Security measures.................................................................................................................................9
Policy approval.....................................................................................................................................9
Reference............................................................................................................................................11
Risk Assessment...................................................................................................................................8
Security measures.................................................................................................................................9
Policy approval.....................................................................................................................................9
Reference............................................................................................................................................11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INFORMATION SECURITY
Introduction
The foremost determination of the report is to focus on the Australian multinational bank
known as Commonwealth Bank of Australia which was enlisted in the Australian Stock Exchange
in 1991 (Aulich, Jones & Head, 2018). The different departments in which they provide their
services are insurance, investment services, superannuation, funds management, retail, business and
institutional banking.
Stakeholders of the organization
This multinational bank has different types of internal and external stakeholders involved in
all of their activities such as the customers, employers, shareholders, investors, suppliers, industry
associations, educational institutions, communities, government agencies and NGOs (Dixon &
Finnane, 2018). Head quartered in Diamond Harbor, Sydney the total revenue of this global bank
was around $26 billion AUD for the year 2017.
Nature of the business
Started in 1912 in Melbourne, this public bank increased their features and services over the
years which makes them one of the most reputed banks in the world. The extensive service
provided by them makes them the largest bank in the Southern Hemisphere (Worthington, 2016).
The mature of products provided by this bank are credit cards, mortgages, global wealth
management, investment management, consumer banking, corporate banking, finance, insurance
and private equity.
Introduction
The foremost determination of the report is to focus on the Australian multinational bank
known as Commonwealth Bank of Australia which was enlisted in the Australian Stock Exchange
in 1991 (Aulich, Jones & Head, 2018). The different departments in which they provide their
services are insurance, investment services, superannuation, funds management, retail, business and
institutional banking.
Stakeholders of the organization
This multinational bank has different types of internal and external stakeholders involved in
all of their activities such as the customers, employers, shareholders, investors, suppliers, industry
associations, educational institutions, communities, government agencies and NGOs (Dixon &
Finnane, 2018). Head quartered in Diamond Harbor, Sydney the total revenue of this global bank
was around $26 billion AUD for the year 2017.
Nature of the business
Started in 1912 in Melbourne, this public bank increased their features and services over the
years which makes them one of the most reputed banks in the world. The extensive service
provided by them makes them the largest bank in the Southern Hemisphere (Worthington, 2016).
The mature of products provided by this bank are credit cards, mortgages, global wealth
management, investment management, consumer banking, corporate banking, finance, insurance
and private equity.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SECURITY
Strategic Security policy
Purpose and Objectives of the policy
The strategic securities of the chosen topic in entirely based on the managing the
confidentiality, integrity and availability of information held with the bank. This prime objective of
this report is to focus on the protection of information and information system as well as the
physical assets of the banking facility.
Policy statement
The aim of this section of the policy is to focus on the potential threats and hazards
associated with the services provided by the bank and also protection against unauthorized access to
or use of sensitive information.
Training
The strategic security officers of this global bank ensure that each stakeholders of the
association receive an effective advanced training according to the rules and regulations of the bank
and the information security procedures with respect to the designation in the banks (Schlagwein,
Thorogood & Willcocks, 2014). The three types of training provided by the bank are basic
fundamental training, review sessional trainings and updated training for concerned personals
according to specific business situations.
Risk Assessment and Management
The risk assessment of this bank involves the following criteria:
Strategic Security policy
Purpose and Objectives of the policy
The strategic securities of the chosen topic in entirely based on the managing the
confidentiality, integrity and availability of information held with the bank. This prime objective of
this report is to focus on the protection of information and information system as well as the
physical assets of the banking facility.
Policy statement
The aim of this section of the policy is to focus on the potential threats and hazards
associated with the services provided by the bank and also protection against unauthorized access to
or use of sensitive information.
Training
The strategic security officers of this global bank ensure that each stakeholders of the
association receive an effective advanced training according to the rules and regulations of the bank
and the information security procedures with respect to the designation in the banks (Schlagwein,
Thorogood & Willcocks, 2014). The three types of training provided by the bank are basic
fundamental training, review sessional trainings and updated training for concerned personals
according to specific business situations.
Risk Assessment and Management
The risk assessment of this bank involves the following criteria:
INFORMATION SECURITY
o Sensitivity and nature of information associated with the bank for different kinds of
stakeholders.
o Impact of the loss of accessibility, confidentiality and integrity of the sensitive data.
o Volume of information
The risk mitigation of this bank is regularly updated on a regular basis due to the changing
business conditions with time (Murray et al., 2014). The needs and requirements of the stakeholders
of the bank keep on changing so the entire strategic plan is always subjected to changes according
to the situation in this bank, even the presence of this bank and its associated all over the world is
also one of the major factors regarding the development of the security plan.
Vendor Management
This global bank deals with huge numbers of vendor all over the world for different kinds of
purposes (Macdonald, Burke & Stewart, 2017). The vendor selection process of this bank is
described below:
Selection of appropriate vendor
Diligence methods and vendor selection method of this bank is the most important phase of
the vendor management (Capponi & Chen, 2015). The competence, stability, market reputation,
financial statements and audit statements are evenly scrutinised before selecting them on a
contractual basis.
Contracts
The selection of the vendor concludes with a contractual signing between the concerned
authorities stating all the policies and regulations associated with the responsibility in a clear way.
All the probable rules regarding the contacts have to be maintained by the vendors for long term
o Sensitivity and nature of information associated with the bank for different kinds of
stakeholders.
o Impact of the loss of accessibility, confidentiality and integrity of the sensitive data.
o Volume of information
The risk mitigation of this bank is regularly updated on a regular basis due to the changing
business conditions with time (Murray et al., 2014). The needs and requirements of the stakeholders
of the bank keep on changing so the entire strategic plan is always subjected to changes according
to the situation in this bank, even the presence of this bank and its associated all over the world is
also one of the major factors regarding the development of the security plan.
Vendor Management
This global bank deals with huge numbers of vendor all over the world for different kinds of
purposes (Macdonald, Burke & Stewart, 2017). The vendor selection process of this bank is
described below:
Selection of appropriate vendor
Diligence methods and vendor selection method of this bank is the most important phase of
the vendor management (Capponi & Chen, 2015). The competence, stability, market reputation,
financial statements and audit statements are evenly scrutinised before selecting them on a
contractual basis.
Contracts
The selection of the vendor concludes with a contractual signing between the concerned
authorities stating all the policies and regulations associated with the responsibility in a clear way.
All the probable rules regarding the contacts have to be maintained by the vendors for long term
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INFORMATION SECURITY
investments and security purposes (Buckby, Gallery & Ma, 2015). The requirement performance
levels and service levels of the vendor is very much significant for the overall efficiency of the
organisation due to their enhanced role in the bank.
Monitoring
The performance of the activities of vendors should have been examined by the operational
activity team of the bank authority (English, Van den Heuvel & Zakrajšek, 2018). There are
different factors which should be playing an active role in the security policy such as contingency
capability, operational controls, the internal controls, disputes, contract changes and contract
termination. Internal audit reports are conducted by the system regulators of the bank authorities to
ensure the commitments of the vendors (Jackson & Beswick, 2018). This bank should be having a
24 hour monitoring system for the detection of the external threats.
Contingency Plan
On the basis of the threats associated with the bank, also the probable future risks,
continuance of the processing activities of the vendors are examined in this phase of the strategic
planning.
Role and Responsibility
The roles and responsibility of each stakeholders of this bank such as the audit committee,
information security administrator, information security officers, business unit managers and human
resources are the vital parameters of the strategic security plan which are useful in the protection of
customer data from any kind or manmade of natural issues.
investments and security purposes (Buckby, Gallery & Ma, 2015). The requirement performance
levels and service levels of the vendor is very much significant for the overall efficiency of the
organisation due to their enhanced role in the bank.
Monitoring
The performance of the activities of vendors should have been examined by the operational
activity team of the bank authority (English, Van den Heuvel & Zakrajšek, 2018). There are
different factors which should be playing an active role in the security policy such as contingency
capability, operational controls, the internal controls, disputes, contract changes and contract
termination. Internal audit reports are conducted by the system regulators of the bank authorities to
ensure the commitments of the vendors (Jackson & Beswick, 2018). This bank should be having a
24 hour monitoring system for the detection of the external threats.
Contingency Plan
On the basis of the threats associated with the bank, also the probable future risks,
continuance of the processing activities of the vendors are examined in this phase of the strategic
planning.
Role and Responsibility
The roles and responsibility of each stakeholders of this bank such as the audit committee,
information security administrator, information security officers, business unit managers and human
resources are the vital parameters of the strategic security plan which are useful in the protection of
customer data from any kind or manmade of natural issues.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SECURITY
Strategic Security Policy Framework
Figure1: Strategic Security Policy of Common Wealth Bank
Availability and maintenance of strategic security policy
The strategic security policy adopted by the bank is accessible to each of the stakeholders of
the bank. The strategic security policy of this bank is associated with the other policies of the bank
that the effectiveness of the policies is maintained and this policy is approved by the board of
directors of the bank (Luo, Tanna & De Vita, 2016). The maintenance of the policies adopted by
the bank is very much essential for smooth conduction of their over all process. Compliance with
the policies are maintained in the bank and strict regulations are also enacted by the violators.
Resource Management
The protection of the data and information from the external attacks is the main purpose of
the resource management. It should include a disposal schedule for retrieving records according to
different options such as data and time (Parasa & Batten, L2016). The organizational assets should
Standards
Procedure
Guidelines, Checklist
Strategic Security Policy Framework
Figure1: Strategic Security Policy of Common Wealth Bank
Availability and maintenance of strategic security policy
The strategic security policy adopted by the bank is accessible to each of the stakeholders of
the bank. The strategic security policy of this bank is associated with the other policies of the bank
that the effectiveness of the policies is maintained and this policy is approved by the board of
directors of the bank (Luo, Tanna & De Vita, 2016). The maintenance of the policies adopted by
the bank is very much essential for smooth conduction of their over all process. Compliance with
the policies are maintained in the bank and strict regulations are also enacted by the violators.
Resource Management
The protection of the data and information from the external attacks is the main purpose of
the resource management. It should include a disposal schedule for retrieving records according to
different options such as data and time (Parasa & Batten, L2016). The organizational assets should
Standards
Procedure
Guidelines, Checklist
INFORMATION SECURITY
be maintained with the help of the asset protection team with the help of the information asset
register.
Cryptographic protocols
This banking authority should be working more on the cryptographic protocols which ensure
security and confidentiality of significant information of the customers of the bank.
Operational responsibilities
This global bank should be having great operational teams which can ensure the security of
all the operation of information processing facilities (Abbott & Cohen, 2014). There should be
different portals which state about the different processes of the bank in details as well as the testing
environment. The operational team should be dedicatedly working for the protection of the
networking issues of the bank such as the malicious attacks and mobile code control.
Risk Assessment
This bank has an impressive risk mitigation strategy included in their security policy for the
identification of the internal and external threats which can have a negative impact of the growth of
the bank (Henisz & Zelner, 2015). The risk management strategy should be developed in such a
way that it can prevent misuse, alteration and destruction of the sensitive data stored by the client.
The implementation of the security strategic policy in the banking organization is one of the most
important procedure for maintaining their good quality services over the years.
Security measures
The security measure unit of this policy described below:
be maintained with the help of the asset protection team with the help of the information asset
register.
Cryptographic protocols
This banking authority should be working more on the cryptographic protocols which ensure
security and confidentiality of significant information of the customers of the bank.
Operational responsibilities
This global bank should be having great operational teams which can ensure the security of
all the operation of information processing facilities (Abbott & Cohen, 2014). There should be
different portals which state about the different processes of the bank in details as well as the testing
environment. The operational team should be dedicatedly working for the protection of the
networking issues of the bank such as the malicious attacks and mobile code control.
Risk Assessment
This bank has an impressive risk mitigation strategy included in their security policy for the
identification of the internal and external threats which can have a negative impact of the growth of
the bank (Henisz & Zelner, 2015). The risk management strategy should be developed in such a
way that it can prevent misuse, alteration and destruction of the sensitive data stored by the client.
The implementation of the security strategic policy in the banking organization is one of the most
important procedure for maintaining their good quality services over the years.
Security measures
The security measure unit of this policy described below:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
INFORMATION SECURITY
o Authentication of the information and controls should be done in a professional way.
o The control of the different access in the bank is other method to improve the security of this
bank.
o The customer information is properly encrypted while it is being transmitted from one
system to another. The bank follows strict steps such as the segregation of duties and their
roles in the organization before giving them access to customer information.
Policy approval
The Different policies strategies which should be approved by the Australian
Framework element Approval
Policies Board of directors
Guidelines Management teams
Technical standards Operational managers
Procedures Line managers
Table 1: Roles and responsibility regarding the approval of the framework
Created by the author
o Authentication of the information and controls should be done in a professional way.
o The control of the different access in the bank is other method to improve the security of this
bank.
o The customer information is properly encrypted while it is being transmitted from one
system to another. The bank follows strict steps such as the segregation of duties and their
roles in the organization before giving them access to customer information.
Policy approval
The Different policies strategies which should be approved by the Australian
Framework element Approval
Policies Board of directors
Guidelines Management teams
Technical standards Operational managers
Procedures Line managers
Table 1: Roles and responsibility regarding the approval of the framework
Created by the author
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
INFORMATION SECURITY
Potential threats and vulnerabilities of Commonwealth Bank of Australia
There are different types of potential threats and vulnerabilities of this bank in the form of internal
and external threats as following in this section of the paper.
Mobile malware: There are different types of malicious software such as trojan horse, virus
and rootkits which possess a great threat to the security of the bank authorities.
Third party applications: The extensive use of the third-party application possess a great
threat regarding the online activities of the users of the bank.
Unsecured WIFI: The use of public WIFI for different kinds of banking activities is threat
to the security of the bank accounts of the users as the hackers have the capability to seize control of
the users.
Attacks: The other major type of attack of this global bank is the botnets and DDoS, which
is a great source of tension of the bank authorities as well as the account holders as any alteration of
data or money can have a direct negative impact on the growth and development of the bank
User behaviour: This is a type of internal threat which can have a great threat to the
business reputation of the bank organisation. The threat can come from both the employers of the
organisation or their associated partners as well as the users of the bank.
Phishing: This is one of the most major threats for this bank as cybercriminals are using
latest phishing, smishing and vishing attacks on sensitive sectors such as banks (McIlroy, 2017).
The use of these attacks through email possess great threat to the market reputation of the bank.
There are different types of issues associated to the use of the different types of cloud computing
services which are connected to this bank corporation for specific tasks which also challenges the
existing security of the bank organisation.
Risk mitigation strategy of Commonwealth Bank of Australia
The risks involved in this bank can be solved using effective strategies which are discussed
in this section of the paper.
Potential threats and vulnerabilities of Commonwealth Bank of Australia
There are different types of potential threats and vulnerabilities of this bank in the form of internal
and external threats as following in this section of the paper.
Mobile malware: There are different types of malicious software such as trojan horse, virus
and rootkits which possess a great threat to the security of the bank authorities.
Third party applications: The extensive use of the third-party application possess a great
threat regarding the online activities of the users of the bank.
Unsecured WIFI: The use of public WIFI for different kinds of banking activities is threat
to the security of the bank accounts of the users as the hackers have the capability to seize control of
the users.
Attacks: The other major type of attack of this global bank is the botnets and DDoS, which
is a great source of tension of the bank authorities as well as the account holders as any alteration of
data or money can have a direct negative impact on the growth and development of the bank
User behaviour: This is a type of internal threat which can have a great threat to the
business reputation of the bank organisation. The threat can come from both the employers of the
organisation or their associated partners as well as the users of the bank.
Phishing: This is one of the most major threats for this bank as cybercriminals are using
latest phishing, smishing and vishing attacks on sensitive sectors such as banks (McIlroy, 2017).
The use of these attacks through email possess great threat to the market reputation of the bank.
There are different types of issues associated to the use of the different types of cloud computing
services which are connected to this bank corporation for specific tasks which also challenges the
existing security of the bank organisation.
Risk mitigation strategy of Commonwealth Bank of Australia
The risks involved in this bank can be solved using effective strategies which are discussed
in this section of the paper.
INFORMATION SECURITY
Contract: All the stakeholders of the banks have a great business relationship among
themselves due to the application of the contracts which helps them to deal with any kinds of threats
and vulnerabilities. Many kinds of risk such as the financial risks can be effectively solved and
minimized with the help these contracts (Rostamkalaei & Freel, 2016). The risks external risks such
as the risk associated with the foreign exchange can be purposefully solved using the contracts.
Hedging arrangement: The risks involved with the financial transaction of this bank can be
effectively solved with the help of the hedging arrangement which have a great influence regarding
the cost of debts and breakage cost of the organization.
Use of insurance: This bank provides great insurance policy for all of its stakeholders so
that they can have their financial security while using the services of this bank. Impressive
insurance coverage schemes are applied to the bank account holders as well the employees to deal
with adverse business conditions.
Collateral: This is one of the other risk mitigation strategy followed this bank by which
risks such as liquidating risks and phishing emails can be solved purposefully.
Advanced trainings: This banking organization gives advanced training to its members
who deals with clients directly so that they can understand their clients and make them comfortable
by solving their issue which help the bank to maintain a good market reputation in the market.
Contract: All the stakeholders of the banks have a great business relationship among
themselves due to the application of the contracts which helps them to deal with any kinds of threats
and vulnerabilities. Many kinds of risk such as the financial risks can be effectively solved and
minimized with the help these contracts (Rostamkalaei & Freel, 2016). The risks external risks such
as the risk associated with the foreign exchange can be purposefully solved using the contracts.
Hedging arrangement: The risks involved with the financial transaction of this bank can be
effectively solved with the help of the hedging arrangement which have a great influence regarding
the cost of debts and breakage cost of the organization.
Use of insurance: This bank provides great insurance policy for all of its stakeholders so
that they can have their financial security while using the services of this bank. Impressive
insurance coverage schemes are applied to the bank account holders as well the employees to deal
with adverse business conditions.
Collateral: This is one of the other risk mitigation strategy followed this bank by which
risks such as liquidating risks and phishing emails can be solved purposefully.
Advanced trainings: This banking organization gives advanced training to its members
who deals with clients directly so that they can understand their clients and make them comfortable
by solving their issue which help the bank to maintain a good market reputation in the market.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.