Comprehensive Report: IS Security and Risk Management at Optus
VerifiedAdded on 2023/06/10
|11
|2620
|84
Report
AI Summary
This report analyzes the IS security and risk management strategies of Optus, a major Australian telecommunications company. It begins with an introduction to Optus and the services it offers, followed by an examination of how Optus supports business operations through security measures. The report then details general management controls (GMCs) and application controls, comparing their functions in the context of IS security. Risk management techniques employed by Optus, such as ensuring reliability, confidentiality, availability, integrity, and security, are discussed. The importance of auditing IS and safeguarding data quality is also highlighted, emphasizing the role of audit plans in maintaining data integrity and minimizing risks. The report concludes by summarizing the key aspects of IS security and risk management at Optus, recommending the use of updated software and the development of a recovery plan to ensure continued business operations in case of failure.
IS security &
risk
management
risk
management
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS security & risk management 1
Table of Contents
Introduction...........................................................................................................................................2
Services Offered by Optus.....................................................................................................................2
Optus support for business operation...................................................................................................2
General Management controls (GMCs).................................................................................................2
Application Controls..............................................................................................................................3
Comparing general management control with application control for IS..............................................3
Risk management techniques................................................................................................................4
Importance of auditing IS and safeguarding data quality......................................................................5
Conclusion.............................................................................................................................................6
References.............................................................................................................................................7
Table of Contents
Introduction...........................................................................................................................................2
Services Offered by Optus.....................................................................................................................2
Optus support for business operation...................................................................................................2
General Management controls (GMCs).................................................................................................2
Application Controls..............................................................................................................................3
Comparing general management control with application control for IS..............................................3
Risk management techniques................................................................................................................4
Importance of auditing IS and safeguarding data quality......................................................................5
Conclusion.............................................................................................................................................6
References.............................................................................................................................................7
IS security & risk management 2
Introduction
Optus is the second largest telecommunication network of Australia and is a
privatised organisation that works on maintains all the subsidiary brands. In this report, the
understanding of the Optus services and operations is discussed along with the general
management control and application controls are identified. The general control and
application controls of an organisation is found so that the risk managements techniques can
be designed.
Services Offered by Optus
The services offered by Optus is outsourcing the functions to the on shores and
offshore stores. They enable the operations to run in the global market by assuring that high
scalability and security will be maintained. The global connectivity is improved by offering
the services and delivering the services in the international market. They also offer customers
to use their international satellite service so that data is transferred point to point without any
leakage.
Optus support for business operation
Optus upkeep the business operations by navigating the security actions so that’s
security is maintained. They have intelligent solutions to secure the data and avoid prevention
of data. It helps in enhancing the business operations by bringing better outcomes (Coutts,
2015). They support the operations by offering tools to secure the business. They also work
on securing the business by offering electronic security solutions so that operations occur in a
reliable condition. They also use some security products so that they can protect the system
from threats by detecting them. This is done by including security endpoint in the system,
Introduction
Optus is the second largest telecommunication network of Australia and is a
privatised organisation that works on maintains all the subsidiary brands. In this report, the
understanding of the Optus services and operations is discussed along with the general
management control and application controls are identified. The general control and
application controls of an organisation is found so that the risk managements techniques can
be designed.
Services Offered by Optus
The services offered by Optus is outsourcing the functions to the on shores and
offshore stores. They enable the operations to run in the global market by assuring that high
scalability and security will be maintained. The global connectivity is improved by offering
the services and delivering the services in the international market. They also offer customers
to use their international satellite service so that data is transferred point to point without any
leakage.
Optus support for business operation
Optus upkeep the business operations by navigating the security actions so that’s
security is maintained. They have intelligent solutions to secure the data and avoid prevention
of data. It helps in enhancing the business operations by bringing better outcomes (Coutts,
2015). They support the operations by offering tools to secure the business. They also work
on securing the business by offering electronic security solutions so that operations occur in a
reliable condition. They also use some security products so that they can protect the system
from threats by detecting them. This is done by including security endpoint in the system,
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IS security & risk management 3
using firewalls and providing internet protection services (Shono, et. al, 2015). They have
also constructed security capabilities and architecture so that assessment and compliance
could be supported. So, no vulnerabilities hit the system.
General Management controls (GMCs)
Optus have defined some of the general management controls so that organisation
works effectively and in an organised way (McClean and Wheeler, 2016). In Optus, the
relationships and responsibilities are structured in an effected manner so that performance
could be enhanced.
They set up some activities and decisions so that all the resources are used in a
maximised way. The general management controls include management of cost accounting
system so that human resources are used. The management control basically supports an
organisation to achieve their goals by assigning responsibilities to an individual; so that
performance could be enhanced (Riggs, Gussy, Gibbs, Van Gemert, Waters and Kilpatrick,
2014). . It also helped Optus to remove the difference that is found by defining some
corrective actions so that difference could be eliminated. Management control helps in fitting
the decisions into the organisational structure so that employees get motivated to achieve the
goals. The general management control includes managing the diverse culture in an
organisation so that cultural conflicts could be removed. The GMC also assigns responsibility
to every individual so that profit margins could be increased. The perception of different
people directly affects the control system of the workplace (Riggs, Gussy, Gibbs, Van
Gemert, Waters and Kilpatrick, 2014). Thus GMC helps in achieving all the operational goals
so that they can co-ordinate with each other smoothly. The GMC also motivates people to
perform well by bringing up new promotional and reward giving strategies. It improves the
using firewalls and providing internet protection services (Shono, et. al, 2015). They have
also constructed security capabilities and architecture so that assessment and compliance
could be supported. So, no vulnerabilities hit the system.
General Management controls (GMCs)
Optus have defined some of the general management controls so that organisation
works effectively and in an organised way (McClean and Wheeler, 2016). In Optus, the
relationships and responsibilities are structured in an effected manner so that performance
could be enhanced.
They set up some activities and decisions so that all the resources are used in a
maximised way. The general management controls include management of cost accounting
system so that human resources are used. The management control basically supports an
organisation to achieve their goals by assigning responsibilities to an individual; so that
performance could be enhanced (Riggs, Gussy, Gibbs, Van Gemert, Waters and Kilpatrick,
2014). . It also helped Optus to remove the difference that is found by defining some
corrective actions so that difference could be eliminated. Management control helps in fitting
the decisions into the organisational structure so that employees get motivated to achieve the
goals. The general management control includes managing the diverse culture in an
organisation so that cultural conflicts could be removed. The GMC also assigns responsibility
to every individual so that profit margins could be increased. The perception of different
people directly affects the control system of the workplace (Riggs, Gussy, Gibbs, Van
Gemert, Waters and Kilpatrick, 2014). Thus GMC helps in achieving all the operational goals
so that they can co-ordinate with each other smoothly. The GMC also motivates people to
perform well by bringing up new promotional and reward giving strategies. It improves the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS security & risk management 4
organisation future plans. GMC works on measuring the current performance by setting the
standards high
Application Controls
Application control differs from some general management controls. These are the
controls that are used by individual processes or applications. Application control can be of
various types, like in input controls it checks the information that is entered in the system is
integrated and is secure for the business applications. The second is processing controls that
assure all the operations that take place are complete, accurate and are done by some
authorised party. The operations are carried by valid users otherwise it may cause leakage of
sensitive data. The other application control is output control that is used to compare the
outputs and performance of the application by comparing it with expected output. The last
application control that is discussed is audit control. It is one of the important factors as it
monitors the effectiveness of other control measures and by identifying the errors and their
possible solutions.
Application controls prove to be very beneficial for the organisation as whenever they are
a change in any application, software, database or the technology. The organisation can
completely rely on application control as they control the system according to the change.
They make sure that all the operations operate in an effective manner
(Yourarticlelibrary, 2017). Optus rely on the application control methods as they generally
take less time as compared to other general controls. Application control also covers some
inherent controls and security measures so that user access is defined. It makes sure that
information is accessed only by valid users so that there is no chance of lack of
confidentiality (Auditnet, 2017). They provide access control to only authorised and
authenticated users.
organisation future plans. GMC works on measuring the current performance by setting the
standards high
Application Controls
Application control differs from some general management controls. These are the
controls that are used by individual processes or applications. Application control can be of
various types, like in input controls it checks the information that is entered in the system is
integrated and is secure for the business applications. The second is processing controls that
assure all the operations that take place are complete, accurate and are done by some
authorised party. The operations are carried by valid users otherwise it may cause leakage of
sensitive data. The other application control is output control that is used to compare the
outputs and performance of the application by comparing it with expected output. The last
application control that is discussed is audit control. It is one of the important factors as it
monitors the effectiveness of other control measures and by identifying the errors and their
possible solutions.
Application controls prove to be very beneficial for the organisation as whenever they are
a change in any application, software, database or the technology. The organisation can
completely rely on application control as they control the system according to the change.
They make sure that all the operations operate in an effective manner
(Yourarticlelibrary, 2017). Optus rely on the application control methods as they generally
take less time as compared to other general controls. Application control also covers some
inherent controls and security measures so that user access is defined. It makes sure that
information is accessed only by valid users so that there is no chance of lack of
confidentiality (Auditnet, 2017). They provide access control to only authorised and
authenticated users.
IS security & risk management 5
Comparing general management control with application control for
IS
These control systems are used to secure the organisation while the general control
covers all the primary objectives related to human activities. The general control covers the
policies and procedures that are related to support the functioning of applications by making
sure that all the IS operations work effectively. They control all the data centres and network
operations so that access security is maintained. The general controls deals with deciding an
access list so that authorization to data files are done only by valid users (Downes, Mervin,
Byrnes and Scuffham, 2017). On the other hand, application controls are related to the
specific software control applications. They deal with some strict policies that cover legal
rules and regulations. The application control deals with input, output and processing control.
The application control are basically used to monitor all the IS operations. General control
deals with data storage, access controls, and development and acquisition systems. The
application control deals with checking the inputs that they are valid, complete and accurate
so that they could be processed accurately.
The main difference between general and application control is that, general control
can be applied in all area of the Optus industry but application control refers to the
transactions of data related to computer based software (Samson, Daft and Donnet, 2017).
They are related to specific applications but to general controls of organisation. Theses
controls are used by Optus to ensure that development and implementation of operations will
take in an integrity manner. The application control assures completeness of input by
validating the authorization of users.
Comparing general management control with application control for
IS
These control systems are used to secure the organisation while the general control
covers all the primary objectives related to human activities. The general control covers the
policies and procedures that are related to support the functioning of applications by making
sure that all the IS operations work effectively. They control all the data centres and network
operations so that access security is maintained. The general controls deals with deciding an
access list so that authorization to data files are done only by valid users (Downes, Mervin,
Byrnes and Scuffham, 2017). On the other hand, application controls are related to the
specific software control applications. They deal with some strict policies that cover legal
rules and regulations. The application control deals with input, output and processing control.
The application control are basically used to monitor all the IS operations. General control
deals with data storage, access controls, and development and acquisition systems. The
application control deals with checking the inputs that they are valid, complete and accurate
so that they could be processed accurately.
The main difference between general and application control is that, general control
can be applied in all area of the Optus industry but application control refers to the
transactions of data related to computer based software (Samson, Daft and Donnet, 2017).
They are related to specific applications but to general controls of organisation. Theses
controls are used by Optus to ensure that development and implementation of operations will
take in an integrity manner. The application control assures completeness of input by
validating the authorization of users.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IS security & risk management 6
Risk management techniques
Risks in an organisation can arise through any means, like there are various forms of viruses,
worms, malwares that enter in the system. Some of the risk management techniques that were
adopted by Optus are discussed. So, that confidentiality, availability, reliability and integrity
of data is maintained (Sinnema, 2018).
Reliability- It is the key factor that supports an organisation to avoid risks. The
reliability assures that users who look at the operations are trustworthy and will
operate consistently even in case of failure (Ishikawa and Sakurai, 2017).
Confidentiality- It makes sure that information is not disclosed to any unauthorised
users (Ishikawa and Sakurai, 2017). It can be done by listing an access control list so
that overall security can be enhanced.
Availability- It states that all the services and products of Optus can be accessed from
anywhere at any time by the authorised user.
Integrity-Integrity makes sure that data is nor corrupted by any invalid user or
malfunctioned software (Ishikawa and Sakurai, 2017).
Security- It is important to maintain the security of every organisation as they stores
sensitive information and data which should not be leaked (Bromiley, McShane, Nair
and Rustambekov, 2015).
To make sure all these factors are met in an organisation a proper risk control plan is
developed. The first step involves identification of the bugs and error in the system so that it
doesn’t penetrate future. Once the risk is identified it is accessed and an assessment plan is
developed. Risk control plan make sure that at time of failure no information is lost
(Koppolu, Raghav and Krantz, 2016). They make sure backup of data is done so that it case
of failure information is not lost.
Risk management techniques
Risks in an organisation can arise through any means, like there are various forms of viruses,
worms, malwares that enter in the system. Some of the risk management techniques that were
adopted by Optus are discussed. So, that confidentiality, availability, reliability and integrity
of data is maintained (Sinnema, 2018).
Reliability- It is the key factor that supports an organisation to avoid risks. The
reliability assures that users who look at the operations are trustworthy and will
operate consistently even in case of failure (Ishikawa and Sakurai, 2017).
Confidentiality- It makes sure that information is not disclosed to any unauthorised
users (Ishikawa and Sakurai, 2017). It can be done by listing an access control list so
that overall security can be enhanced.
Availability- It states that all the services and products of Optus can be accessed from
anywhere at any time by the authorised user.
Integrity-Integrity makes sure that data is nor corrupted by any invalid user or
malfunctioned software (Ishikawa and Sakurai, 2017).
Security- It is important to maintain the security of every organisation as they stores
sensitive information and data which should not be leaked (Bromiley, McShane, Nair
and Rustambekov, 2015).
To make sure all these factors are met in an organisation a proper risk control plan is
developed. The first step involves identification of the bugs and error in the system so that it
doesn’t penetrate future. Once the risk is identified it is accessed and an assessment plan is
developed. Risk control plan make sure that at time of failure no information is lost
(Koppolu, Raghav and Krantz, 2016). They make sure backup of data is done so that it case
of failure information is not lost.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS security & risk management 7
Importance of auditing IS and safeguarding data quality
The audit plans are seen as one of the important factor for an organisation to mitigate
the risk. The IS auditing is an integral part of every organisation as it make sure that only
quality of information is processes in the software’s. It also helps in safeguarding the data
quality by mitigating all the possible risks associated with the organisation. These audits help
in making the business operations transparent by monitoring all the activities. Data integrity
helps in identifying the activities so that intentional and breach of information could be found
(Moorhead, 2016). The IS auditing is important as it ensures that data confidentiality,
integrity and availability is maintained. It protects the data packets from being disclosed to
unauthorised parties. These plans look at all the possible threats that could breach the
confidentiality, integrity and availability of data packets (England, 2017).
The audit plan is a pre-defined and specific guideline that needs to be followed while
conducting an audit. It helps an organisation to obtain sufficient evidences and also avoids
the misconception. The audit process is used to minimize the time taken by an operation. It
covers planning a meeting, announcing the decisions and then taking up a follow up or a
feedback of its impact (Hopkin, 2018). The audit process supports that security of an
organisation is maintained.
Importance of auditing IS and safeguarding data quality
The audit plans are seen as one of the important factor for an organisation to mitigate
the risk. The IS auditing is an integral part of every organisation as it make sure that only
quality of information is processes in the software’s. It also helps in safeguarding the data
quality by mitigating all the possible risks associated with the organisation. These audits help
in making the business operations transparent by monitoring all the activities. Data integrity
helps in identifying the activities so that intentional and breach of information could be found
(Moorhead, 2016). The IS auditing is important as it ensures that data confidentiality,
integrity and availability is maintained. It protects the data packets from being disclosed to
unauthorised parties. These plans look at all the possible threats that could breach the
confidentiality, integrity and availability of data packets (England, 2017).
The audit plan is a pre-defined and specific guideline that needs to be followed while
conducting an audit. It helps an organisation to obtain sufficient evidences and also avoids
the misconception. The audit process is used to minimize the time taken by an operation. It
covers planning a meeting, announcing the decisions and then taking up a follow up or a
feedback of its impact (Hopkin, 2018). The audit process supports that security of an
organisation is maintained.
IS security & risk management 8
Conclusion
This report helps in clear understanding of all the general management controls that
are designed for an organisation. The application controls that are used by an organisation are
also listed above. It can be concluded that it is necessary to maintain the security of an
organisation as companies completely rely on the network for the sensitive data. Both the
control measures are important for safeguarding the security of data packets. Thus, for this
some of the risk management techniques are discussed that will assure that confidentiality,
integrity and availability of data packets will be attained. Thus, it is recommended that audit
plans should be developed in a way that confidentiality and integrity is maintained. It is
recommended that updated software should be used and a recovery plan should also be
developed so that in case of failure business continues to operate.
Conclusion
This report helps in clear understanding of all the general management controls that
are designed for an organisation. The application controls that are used by an organisation are
also listed above. It can be concluded that it is necessary to maintain the security of an
organisation as companies completely rely on the network for the sensitive data. Both the
control measures are important for safeguarding the security of data packets. Thus, for this
some of the risk management techniques are discussed that will assure that confidentiality,
integrity and availability of data packets will be attained. Thus, it is recommended that audit
plans should be developed in a way that confidentiality and integrity is maintained. It is
recommended that updated software should be used and a recovery plan should also be
developed so that in case of failure business continues to operate.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IS security & risk management 9
References
Auditnet, (2017). Audit-library::The-internal-audit-process-from-a-to-z-how-it-works. Availa
ble from https://www.auditnet.org/audit-library/the-internal-audit-process-from-a-to-z-how-
it-worksAccessed on 07 august 18
Bromiley, P., McShane, M., Nair, A. and Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4), pp.265-
276.
Coutts, R (2015). Better telecommunications services for all Australians. Australian Journal
of Telecommunications and the Digital Economy, 3(4).
Downes, M.J., Mervin, M.C., Byrnes, J.M. and Scuffham, P.A. (2017). Telephone
consultations for general practice: a systematic review. Systematic reviews, 6(1), p.128.
England, P. (2017). Risk Managing in the Courts: Seeds of a Divergent Jurisprudence, p.78-
79.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Ishikawa, T. and Sakurai, K. (2017). Parameter manipulation attack prevention and detection
by using web application deception proxy. In Proceedings of the 11th International
Conference on Ubiquitous Information Management and Communication (p. 74). ACM.
Koppolu, L.S., Raghav, A. and Krantz, A.W., Microsoft Technology Licensing LLC
(2016). Access control to secured application features using client trust levels. U.S. Patent
9,531,695.
McClean, T. and Wheeler, C. (2016). Third tier complaints handlers for human services and
justice. In AIAL Forum (No. 83, p. 63). Australian Institute of Administrative Law, 67-90.
Moorhead, S. (2016). The Optus Research Laboratories. Australian Journal of
Telecommunications and the Digital Economy, 4(4), p.1.
Riggs, E., Gussy, M., Gibbs, L., Van Gemert, C., Waters, E. and Kilpatrick, N. (2014). Hard
to reach communities or hard to access services? Migrant mothers' experiences of dental
services. Australian dental journal, 59(2), pp.201-207.
Samson, D., Daft, R.L. and Donnet, T. (2017). Fundamentals of Management with Student
Resource Access 12 Months. Cengage AU.
Schilling, M.A. and Wemsman, R.J., Hewlett-Packard Development Co LP (2014). System
and method for dynamic control of network management traffic loads. U.S. Patent 8,631,109.
References
Auditnet, (2017). Audit-library::The-internal-audit-process-from-a-to-z-how-it-works. Availa
ble from https://www.auditnet.org/audit-library/the-internal-audit-process-from-a-to-z-how-
it-worksAccessed on 07 august 18
Bromiley, P., McShane, M., Nair, A. and Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4), pp.265-
276.
Coutts, R (2015). Better telecommunications services for all Australians. Australian Journal
of Telecommunications and the Digital Economy, 3(4).
Downes, M.J., Mervin, M.C., Byrnes, J.M. and Scuffham, P.A. (2017). Telephone
consultations for general practice: a systematic review. Systematic reviews, 6(1), p.128.
England, P. (2017). Risk Managing in the Courts: Seeds of a Divergent Jurisprudence, p.78-
79.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Ishikawa, T. and Sakurai, K. (2017). Parameter manipulation attack prevention and detection
by using web application deception proxy. In Proceedings of the 11th International
Conference on Ubiquitous Information Management and Communication (p. 74). ACM.
Koppolu, L.S., Raghav, A. and Krantz, A.W., Microsoft Technology Licensing LLC
(2016). Access control to secured application features using client trust levels. U.S. Patent
9,531,695.
McClean, T. and Wheeler, C. (2016). Third tier complaints handlers for human services and
justice. In AIAL Forum (No. 83, p. 63). Australian Institute of Administrative Law, 67-90.
Moorhead, S. (2016). The Optus Research Laboratories. Australian Journal of
Telecommunications and the Digital Economy, 4(4), p.1.
Riggs, E., Gussy, M., Gibbs, L., Van Gemert, C., Waters, E. and Kilpatrick, N. (2014). Hard
to reach communities or hard to access services? Migrant mothers' experiences of dental
services. Australian dental journal, 59(2), pp.201-207.
Samson, D., Daft, R.L. and Donnet, T. (2017). Fundamentals of Management with Student
Resource Access 12 Months. Cengage AU.
Schilling, M.A. and Wemsman, R.J., Hewlett-Packard Development Co LP (2014). System
and method for dynamic control of network management traffic loads. U.S. Patent 8,631,109.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS security & risk management 10
Shono, T., Weaver, G., Cordeiro, C., Srikanteswara, S., Sadeghi, B., Arefi, R. and Horne,
D.M., Intel Corp (2015). Method and apparatus for managing dynamic sharing of spectrum
services. U.S. Patent Application 13/997,000.
Sinnema, R., EMC Corp (2018). Risk-adaptive access control of an application action based
on threat detection data. U.S. Patent 9,992,213.
Yourarticlelibrary, (2017). Management Control System: Definition, Characteristics and
Factors. Available from
http://www.yourarticlelibrary.com/accounting/company-accounts/management-control-
system-definition-characteristics-and-factors/52963 Accessed on 07 aug 18.
Shono, T., Weaver, G., Cordeiro, C., Srikanteswara, S., Sadeghi, B., Arefi, R. and Horne,
D.M., Intel Corp (2015). Method and apparatus for managing dynamic sharing of spectrum
services. U.S. Patent Application 13/997,000.
Sinnema, R., EMC Corp (2018). Risk-adaptive access control of an application action based
on threat detection data. U.S. Patent 9,992,213.
Yourarticlelibrary, (2017). Management Control System: Definition, Characteristics and
Factors. Available from
http://www.yourarticlelibrary.com/accounting/company-accounts/management-control-
system-definition-characteristics-and-factors/52963 Accessed on 07 aug 18.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.