COIT20274 Assignment 1: Annotated Bibliography on CBA Data Breach

Verified

Added on 2023/06/08

AI Summary

This assignment is an annotated bibliography focusing on the Commonwealth Bank of Australia (CBA) data breach, providing an in-depth analysis of the incident and its implications. The bibliography includes five scholarly references, each summarized and evaluated for its relevance to the case study questions. The analysis covers the rollout of Intelligent Deposit Machines (IDMs), the breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF), and the application of COBIT components. Additionally, the assignment examines agile methodology and risk assessment measures in the context of data security. The report also highlights the importance of risk evaluation, technical solutions, and content management to mitigate data breaches and ensure data security within financial institutions. The student has provided a detailed overview of the data breach, including the causes, consequences, and potential solutions, supported by relevant literature and proper referencing techniques.

Running head: INFORMATION SYSTEMS FOR BUSINESS PROFESSIONALS
Information Systems for Business Professionals
Name of Student-
Name of University-
Author’s Note-

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
Assignment 1
Annotated Bibliography
Introduction
The Commonwealth Bank of Australia is the biggest bank of Australia. The
Commonwealth Bank of Australia had faced a data breach in the year 2016. The data breach that
took place in the bank, almost data of 20 million people were breached and the officials of the
bank have also not revealed the data breach to the customers since it took place in 2016. The
bank officials announced that in the data breach, the bank had lost two magnetic data tapes
which usually stores the names of the customers, addresses, bank account details of the
customers, and the transaction details of the customers within 16 years.
The data breach that took place in CBA (Commonwealth Bank of Australia) was one of
the biggest data breach in all banks and it is considered that the data of all the customers were
accessed by the hackers. Out of all the employees in the bank, only 150 members including the
senior team executive and the risk specialists knew that the data breach had occurred. In this
article, all the details of data breach are discussed, elaborating the AML/CTF act and the
importance of IDM (Intelligent Deposit Machines) in CBA.
Commbank.com.au. (2018). [online] Available at:
https://www.commbank.com.au/content/dam/commbank/about-us/shareholders/us-
investors/docs/recent-developments-december-2017.pdf [Accessed 1 Aug. 2018].
This article summarized the OCDD Program, also known as Ongoing Customer Due
Diligence Program, includes and ECDD which is an enhanced Customer Due Diligence Program
that has system of risk based as well as controls that are directed with the appropriate measures
that are undertaken with the circumstances where the AML/CTF (Anti-Money Laundering and
Counter-Terrorism Financing) act is required. This act was introduced in the year 2007.
Student ID-
Last Name-
Unit Code/term/year

2
Assignment 1
Annotated Bibliography
Commonwealth Bank of Australia introduced the Intelligent Deposit Machines for introducing
an automatic process so that they can identify the cash deposits in IDM that consisted of
threshold transactions for submitting a report in AUSTRAC.
The Intelligent Deposit Machines (IDMs) were introduced on May 2012, for refreshing
the network of Automated Teller Machines (ATMs). IDMs that were introduced had the same
functionality as the ATM but also had extra ability to count the cash deposit that enables cash
deposit in the account of the customer. The customer of the banks need not to go to the bank for
depositing the cash in the bank branch.
Aljazeera.com. (2018). Australia's Commonwealth Bank admits 2016 data breach. [online]
Available at: https://www.aljazeera.com/news/2018/05/australia-commonwealth-bank-
admits-2016-data-breach-180503081105883.html [Accessed 1 Aug. 2018].
This article states that the data breach took place in the Commonwealth bank of Australia
in which the bank lost 20 million information of its customers which included the name, license
number, bank details number of the customers. The bank officials decided not to inform the
customers about the data breach that took place in the organization. After many days, the bank
announced the data breach officially and announced that half the millions of the Australian
population was the victim of data breach and their personal details are endangered. The data
breach took by accessing the magnetic tapes of the organizations that stores the information of
the customers. The magnetic tapes of the organization contained all the details of theirs
customers including their transaction details also. The officials and the subcontractor were to
destroy the magnetic tapes, but the bank officials were not assuring many conformation. In this
article the bank instructed their customers to change their passwords and the pins immediately
Student ID-
Last Name-
Unit Code/term/year

3
Assignment 1
Annotated Bibliography
when they confirmed the data breach. The bank lately stated that there was no evidence about
any information of the customers to be compromised and all the information were safe. They
also announced that had already taken preventive measures for further data breach and has
protected the data of the customers from further such events.
The Commonwealth bank notified to the Office of AIC (Australian Information
Commissioner) of the data beach that took place. The bank undertook some forensic
investigation to update its regulators. From this article, it can be learnt that the ban also hired an
official for conducting the tape drives that were missing. The team of forensic also formulated
the data view that had mostly destroyed by the hackers. Only some of the officials of the
organization knew about the data breach and the officials were not informed. The bank officials
found out that the risk of misusing the data was very low and the data were safe for the bank.
The bank data breach lead to resign the CEO of CBA, but after investigating the low risk of
misusing the data, the CEO, Ian Narev was again resigned in Aug of 2017. The bank faced many
allegations from government because of the money laundering.
Hayes, T., Blecher, M., Chatterji, S., Jogani, A., Lainhart IV, J. W., Lomparte, R., ... &
Saull, R. (2007). COBIT 4.1 Excerpt. IT Governance Institute.(Cited pages: xiii, 8, and 12).
COBIT, is a common framework as well as a set of supporting tool that allows the
managers to build a bridge in the gap of business risks and the technical risks. This are related to
the control requirements and can communicate the control level of the stakeholders. In this
paper, it is clearly stated that COBIT enables development of policies that are clear as well as
enables good practice for controlling the IT all through the Commonwealth bank. COBIT
framework should always kept updated and is harmonized with all other standards and the
Student ID-
Last Name-
Unit Code/term/year

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
Assignment 1
Annotated Bibliography
guidance of the organization. This article states that COBIT have many benefits if implemented
in a network framework. The advantages are that it gives better alignment, which is based on the
focus. COBOIT also gives a better understanding and a better view of what the system does. It
also states the clear ownership and the responsibilities that are based on the process orientation.
Last but not the least, it shows general acceptability with the third parties and the regulators.
This article shows clear view of COBIT which is considered as a framework for
providing the a reference model and also enables common language for all the employees present
in an organization so that they can view as well as manage all the activities of the IT team. This
implements incorporating operational model as well as common language for the parts of
business that are involved in the Information technology. From this article, the viewer can also
get a clear framework of COBIT that helps to measure as well as monitor the performance of IT
that communicate the service providers and integrate the best practices in management. COBIT
is also known as a process model that encourages the ownership of the process, that enables the
responsibilities as well as accountability that is to be defined. For the governance of IT, it is very
important to appreciate all activities as well as the risks that are encountered within the IT team
and all the risks are to be managed. With the help of COBIT framework in the Commonwealth
Bank of Australia, the officials of the IT team can manage many domains of the organization.
The domains includes:
Planning and organizing (PO) - This involves providing direction to the solution delivery
and the service delivery of the organization.
Acquiring and Implementing (AI) - This generally provides correct solutions and then
passes the solution so that it can be turned in to the service of the bank.
Student ID-
Last Name-
Unit Code/term/year

5
Assignment 1
Annotated Bibliography
Delivering and Supporting (DS) – This domain mainly receive all solutions and finally
makes the solution usable for the end users.
Monitoring and Evaluating (ME) – This phase helps to monitor all the processes so that
they can ensure the direction.
Baca, D., & Carlsson, B. (2011, May). Agile development with security engineering
activities. In Proceedings of the 2011 International Conference on Software and Systems
Process(pp. 5, 17). ACM.
From this article, it can be stated that focus on the security industry that includes software
quality problems, impact on the vulnerabilities, botnets, criminal enterprise, and phishing are an
add-on security for past few years. An organization which is developing is mainly transforming
its traditional method of working to agile methodology of working. Agile methodology of
working is one of the best way by which the organization can able to make the system work
properly. But maintaining all the security requirements is very difficult for the project managers.
From this article, it is cleared that agile methodology helps Commonwealth Bank of
Australia in many ways. This article also elaborates that in CBA, the agile methodology
generally has two risks factors. The risk factors include probability and the impact that it imposes
on the bank. The probability factor in the bank is very hard to solve. To quantify the risks which
helps to determine the type and the level of prevention usually are ensured in the agile
methodology. There are risk based security software development that starts with modelling the
type of attack and then performing the design level, architecture as well as risk analysis of the
attack. All these are included in the agile methodology of processes involved in CBA.
Student ID-
Last Name-
Unit Code/term/year

6
Assignment 1
Annotated Bibliography
Bennett, S. C. (2008). Data Security Breaches: Problems And Solutions. Prac. Law., 2, 3, 7,
and 5.
According to Bennett (2008), there are many risk assessment measures to maintain the
risks. The risk assessment includes developing effective security program for the organization.
The first step included in risk assessment is maintaining all the external threats as well as internal
threats that are needed for protection. This article states that that the companies that includes data
security measures includes data operations that includes storage, regulatory compliance,
employee training, as well as network security. There are more ways for mitigating risk in this
article that includes: risk evaluation, technical solutions for risk assessment and content
management.
For CBS, the ways that can be stated for maintain the risks includes the risk evaluation
and suggesting proper technical solution for managing the risks. Bennett (2008), states that there
are many small companies that are not able to afford expense of the data security systems, even
if they have vulnerability for data security breach. One main solution for risk assessment is
seeking help from the larger companies who can share the data security measure to the smaller
organization. There are other technical solutions involved in this article that states that the bank
would had other storing devices for keep the details of the customers safe including backups in
external hard drives or to some other flash drives. The technical solutions that are involved in
this article includes encryption, content management of information and lock-down endpoints.
Student ID-
Last Name-
Unit Code/term/year

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
Assignment 1
Annotated Bibliography
References
Aljazeera.com. (2018). Australia's Commonwealth Bank admits 2016 data breach. [online]
Available at: https://www.aljazeera.com/news/2018/05/australia-commonwealth-bank-
admits-2016-data-breach-180503081105883.html [Accessed 1 Aug. 2018].
Baca, D., & Carlsson, B. (2011, May). Agile development with security engineering activities.
In Proceedings of the 2011 International Conference on Software and Systems
Process(pp. 5, 17). ACM.
Bennett, S. C. (2008). Data Security Breaches: Problems And Solutions. Prac. Law., 2, 3, 7, and
5.
Commbank.com.au. (2018). [online] Available at:
https://www.commbank.com.au/content/dam/commbank/about-us/shareholders/us-
investors/docs/recent-developments-december-2017.pdf [Accessed 1 Aug. 2018].
Hayes, T., Blecher, M., Chatterji, S., Jogani, A., Lainhart IV, J. W., Lomparte, R., ... & Saull, R.
(2007). COBIT 4.1 Excerpt. IT Governance Institute.(Cited pages: xiii, 8, and 12).
Student ID-
Last Name-
Unit Code/term/year