BCO6653 IT Management: A Case Study of Telstra and Vodafone, 2014

Verified

Added on 2023/06/11

AI Summary

This case study provides an analysis of IT management practices at Telstra and Vodafone Australia, focusing on cybersecurity, information systems planning, and comparative strategies. The study includes an interview report with IT managers from both organizations, exploring their approaches to IS planning, security measures, and challenges. A literature analysis complements the interview findings, providing a theoretical framework for understanding the issues. The paper compares and contrasts the IT strategies of Telstra and Vodafone, highlighting their respective strengths and weaknesses. Key topics covered include IT human resource management, business continuity management, and the adoption of new technologies. The study concludes with a summary of the main findings and recommendations for improving IT management practices in the telecommunications industry. Desklib provides access to this and other solved assignments.

COLLEGE OF BUSINESS - INFORMATION SYSTEMS DISCIPLINE
BCO6653  Management of Information Technology
Semester 2, 2014
ASSIGNMENT #2
Case Analysis for
place business names here
A study of issues in:
List the topic areas here such as (order matching ‘submitted by’ list):
IT Human Resource Management
Business Continuity Management
Submitted by:
Place your student numbers and names here; these match the topic order above
Group # (place your group number here)
Place date submitted here

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT Manager Interviews for Telstra and Vodafone
List your names here followed by a comma and your email address:
Jane Smith, Jane.Smith@vu.edu.au
Abstract
In the following paper, an IT manager interview report and a literature analysis has been provided.
The paper begins with a brief introduction about the topic on cybersecurity and the information
technology control. The contents of the paper are revised gain in this section and the name of the two
organizations are mentioned which are going to be the basis if the interview report. The organizational
background of the two institutions which has an IT department of at least five people have been
mentioned in the subsequent sections. Next the paper discusses the IS planning stages. A literature
analysis has been mentioned to properly address this topic. The responses of the organizations are
noted down in the next sections. The paper conducts a comparative analysis on the two organizations
and assesses them accordingly. The results of the interviews are analyzed and evaluated. The literature
discussion of both organizations are compared and contrasted with each and every points to compare
both businesses relevant to the mentioned topic. Each topic is assessed according to the topic p the
paper. Next, the issues studied are listed in a literature analysis of the respective organizations. Next, a
conclusion section has been added that discusses the main findings of the paper.
P a g e | 2

Introduction
The protection of the network of connected systems such as data, software and hardware from cyber-
attacks is known as cyber security. Normally from an organizational point of view, security is listed as
both physical security and cyber security. To prevent the organizations from unauthorized logins and
monitoring the information technology efficiently, organizations normally use cyber security to
maintain their computerized systems and data centers (Luiijf and te Paske 2015). This is necessary for
organizations as maintaining the availability, integrity and confidentiality of the information is
necessary and is a part of the cyber security. Every organization has an IT department. Who have to
maintain the information system effectively. The security can range from end user education,
operational security, disaster recovery to network security, information security and application
security (Von Solms and Van Niekerk 2013). The IT team of every organization has to come up with
innovative solutions every once a while as the threats are constantly evolving in nature. The
conventional approach to the risks is to focus on the components which are crucial for the system
(Laudon and Laudon 2013). The systems which are not protected due to low risk threats or the
components of the Information system which are left undefended are addresses with the help of proper
cyber security measures. Organisation such as Telstra and Vodafone Australia has taken a more
adaptive and proactive approach to address cyber security and proper control over its information
systems. The mentioned organizations face cyber security issues on a daily basis. It is a challenging
task for the IT departments of the respective organizations to keep up with the threat intelligence,
security trends and new technologies. Ransomwares are the latest threat in this field and i is known for
locking the computers of a particular organization demanding money to unlock and decrypt them
(Caldwell 2013). Telstra recently faced a threat from malware last month. These types of cyber threats
come in the form f spywares, Trojan horses, computer viruses and worms. A recent new technology
has emerged which the IT departments of the respective organizations has to check. It is known as
social engineering and uses the interaction of human beings to break into secure systems for getting
protected sensitive information. Vodafone Australia recently deployed additional security measures to
stop frauds such as phishing. These types of threat are getting common day by day and uses fraudulent
emails to extract sensitive data like login information and credit card credentials (Pearlson, Saunders
and Galletta 2016). Most of the times these types of emails take the form of emails from reputable
sources so they are very hard to detect beforehand. The IT teams of the respective organizations has to
enhance their cyber security procedures to properly detect the threats before they cause damage to the
information systems of the company.
The IT department is responsible for coordinating and providing the computer based information
delivery services in that particular organization. They are responsible for maintaining and developing
organizational information system. They have to facilitate the adoption and acquisition of hardware
and software. Instead of providing all the services themselves, they are responsible for coordinating all
the services in the organization effectively. Based on the nature of business of Telstra and Vodafone
Australia, these organizations have to organize their forms a per the functions of the information
system. In Telstra, the Information system are centralized and uses a contemporary structure of the IS
unit.
In the following assignment, an email interview with the IT departments of the two mentioned
organization are provided. The interviews have been conducted with the IT managers of the respective
organizations. The policies have been framed with respect to the topic of the assignment. The IT
departments have been chosen as per their web presence and number of employees. The email contacts
have been extracted and the industries have been chosen in the same domain so that the comparisons
can be facilitated. The functions of the organizations have been compared in the comparative analysis
section of the report. A literature analysis of the IS planning has been assessed and evaluated in the
report. The issues that are studied and the results of the interview analysis has been mentioned in the
subsequent sections of the report. In the following report, the chosen organizations are taken as Telstra
and Vodafone Australia in the telecommunication domain.
Organisation background
P a g e | 3

Telstra Australia
Telstra Corporation Limited, or commonly termed as Telstra, is a leading telecommunication
organization in Australia. Telstra had first originated in collaboration with Australia Post as the Post
Master General’s Department. It used to control the telecommunication services of entire Australia
through the Post Master General’s Department. With several disintegrations later, it finally started to
work as an individual organization after the split in 1992. It was privatized in three different stages
informally referred to as T1, T2 and T3. Since, the entire organization deals with the
telecommunication services of the entire Australia, it deals with one of the major discrete and personal
data of its customers. In the year 2011, Telstra had announced that the organization would move
forward in implementing a new strategy with the launch of Telstra Digital, led by Gerd Schenkel of
National Australia Bank. The initial purpose of this launch was for improving the use of digital
channels for customer services. However, changes in a telecommunications based organization in
Australia should maintain ethical conduct as per Australian law suggests. Therefore, it is essential that
Telstra possesses state of the art cyber security measures in order to protect the essential and discrete
data of their customers from being hacked or misused by malicious hackers. In Australia itself, the
entire organization of Telstra had implemented divisions in the organizational structure, essentially
dedicated to the cyber security team. The team divisions secure propose a planned structure through
which the security team is implemented. The security system is then prioritized in percentages,
making it reliable to address each of these divisions according to their priorities. Out of the entire
workforce in the cyber security team, 38 percent priority is dedicated to audit the security system. 36
percent of the prioritized task remains dedicated to risk assessments of the entire system.
Governance, Risk and Compliance Tests comprise the next portions in the priority list followed by
Cyber Security Awareness Programs. The entire workforce is made aware of the Procedures to protect
IP. The employees of the organization are essentially dedicated according to the work divisions to their
respective task following quality management, monitoring and control of the systems during cyber
security enforcements. In addition to this, risk management and incident management is given sheer
priority, helping to handle any malicious incident or occurrence of any risk that may lead to a major
problem. Since, the company had opted in digitizing itself with the implementation of computer apps
and mobile friendly software applications, the implementation and utilization of cyber security
methodologies in the organization had become the most important aspect. Security awareness before
implementation of security management is most essential for this organization as Telstra’s digitization
would enable the customers to be connected to the organization at any given time. Thus, there is a
high chance that discrete user data could be compromised. Ethical implications would then follow if
any kind of user data breach occurs. The organization, in order to protect the generated business data
and customers’ discrete data, follows all these methodologies without failure.
The Head office is located in Melbourne Australia. It is one of the tallest buildings in Australia and is
located in 242 Exhibition street. The homepage URL of the organisation is
https://www.telstra.com.au/. The person who is interviewed for this particular assignment is Stephen
Eloph, the Technology and innovation executive of the company (Telstra - mobile phones, prepaid
phones, broadband, internet, home phones, business phones 2018). He is currently located in Sydney
and is responsible for maintaining the cyber security issues of the company.
The email address for contacting him is stephen.eloph85@macromedia.com.
P a g e | 4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

P a g e | 5

P a g e | 6

Vodafone Australia
Vodafone Australia is a telecommunication organization operating on Australia which provides fixed
and mobile broadband services. The network covers more than 21 million Australians and its
broadband services and expands its services in regional centers and capital cities. The organization
was created as a joint venture between Hutchison Telecommunications and Vodafone Group Plc. The
company has robust cyber security experts and have enhanced their team capabilities after the
vulnerabilities detected by Specter and Meltdown.
The company has proper 4G network services and maintains the IT systems efficiently. It has over
120 Retail stores all around Australia and has its main headquarter at Sydney, 177 Pacific Hwy. The
homepage URL of the company is https://www.vodafone.com.au.
The person who is interviewed for this particular assignment is the chief technology officer of the
company namely Kevin Millroy.
Kevin Milroy was appointed as the chief technology officer by Vodafone in July. He was responsible
for managing the IT department of the company. He was the general manager of the company and was
responsible for expanding the IT projects and rolling out the network upgrade. He was involved in the
Mobile black spot program too. As the head of the IT department his job is to expand the existing
VHS network and delivering the required broadband within the next year (Mobile Phone, Tablet and
Mobile Broadband Plans 2018). Under him, the IT department of Vodafone Australia has to work
hard to prepare for the incoming 5g networks and the security measures that need to be undertaken for
such a massive project. Proper cyber security procedures need to be facilitated by the IT head to
manage the fiber network transmissions in secure way (Stair and Reynolds 2013). He is highly
experienced and is renowned in the telecommunications industry. Previously, he was also the IT head
of MBNL/Ericsson and has a working experience in Cellnet also.
The email address to contact him is - kevin.milroy@dropbox.com.
P a g e | 7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

P a g e | 8

IS Planning
The use of a proper plan for the security of the information is very much essential for a company
(Peltier 2013). The proper use of the plan for the systems of information based security would be
extremely helpful in order to help in protecting the organisation from cases of online theft (Liu, Zhang
and Li 2013). The cases of online theft are mostly common among IT based organizations and
companies. This is due to the fact that these sector contain a huge amount of important data of their
employees as well as the consumers. The primary focus of the IT industries is to secure their systems
and thus help in preventing the valuable information from being getting stolen (Lin, Wang and Kung
2015).
In order to secure the IT based systems, it is extremely essential for the companies to secure the
systems to protect their information (Martinez and Pulier 2015). A proper plan for the security of
information needs to be prepared by the company in order to protect the vital information of the
clients. An Information Security Strategic Plan would be helpful in positioning an organization in
P a g e | 9

order to diminish, transfer, accept and avoid the risk of information systems that are related to
technologies, processes and people (Stiff, Sharpe and Atkinson 2014). A proper established strategy is
also helpful for the organization in order to protect the integrity, confidentiality and availability of
valuable information (Vian et al. 2014).
The benefits for the purpose of the business based on an effective security strategy plan is mostly
significant and has the capability to offer a competitive advantage (Wang et al. 2013). These might
include the purpose of complying with the standards within the industry, avoid a incident meant for
damaging the security, supporting the business reputation and thus helps in supporting commitment
with the partners, customers, suppliers and shareholders (Rong et al. 2015).
A strategy for the security is a form of document, which is based on a periodic basis and which
outlines the major concerns for the security of an organisation or country. The security strategy plan
also plans to deal with the issues (Cheminod, Durante and Valenzano 2013).
P a g e | 10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IS Planning Literature Analysis
The primary aim of the strategic plan for the security is to provide a management with the essential
information in order to make knowledgeable decisions about the investment made within the security.
The plan for the strategy for the information based security is linked with the function of security with
the direction of the business (Rao 2014).
The strategy should present a case of the business, which would describe the main benefits of the
business and the outcomes, which are in relation with the security. The plan also provides
recommended strategies in order to achieve the outcomes.
The strategies meant for the purpose of security would help in achieving the objectives of the business
for the purpose of identifying and addressing the requirements for the IT based system within an
organisation. The plan also provides business based functions and several kind of initiatives, provision
for IT based infrastructure, processes and people that would be able to meet the basic requirements of
security (Little et al. 2013).
Though the strategies are mainly driven by the requirements of a business, the strategies should discuss
on the other factors, which might have direct impact on the achievements, which would be met by
fulfilling the outcomes. The strategies for the security should be revised at proper times in order to
allow for the various kind of changes within the direction of the business and within the factors of
constraints (Ion, Zhang and Schooler 2013).
Research Objective
The objectives that would be set for the business based on strategy are based on high level. These
objectives would point to the welfare of the organization. And the related stakeholders. The objectives
for the planning of IS based strategy are:
 To reduce the costs by the gain in efficiency
 To reduce the potential based costs through the process of the reduction of risks faced due to
cybersecurity.
 To protect the important assets of the organization.
 To produce several kind of opportunities for the growth in the revenue. This could be met by
the process of creating and enhancing the services provided to the customers and within the
products.
IS Planning Literature Analysis
The IT based organizations or companies have to implement a plan in order to ensure the security of
the assets of the organization. This plan is defined by the security professionals within the particular
industry. A properly based IT security problem would be helpful in providing a framework in order to
keep the company at a proposed level of security. This could be achieved by accessing the amount of
risks, deciding on the strategies in order to mitigate them and a proper plan to update the programs and
the practices of security (Gusmeroli, Piccione and Rotondi 2013).
Basic Elements of a Proper Security Program
A good security program is extremely essential to provide the security architecture in order to secure
the vital data of the company. The security program defines the type of data, which would be covered.
The proper security plan would be able to assess the particular risks, which are faced by the company
and the plans, which should be required in order to mitigate the risks. The security program would be
able to indicate the time of evaluation and upgradation and it would also provide notifications in order
to update the patches of security within a system. The key components of a proper program for the
security is explained in the following sections (Mayring 2014).
P a g e | 11

1. Designated Officer for the Security
A Designated Security Officer (DSO) is an important aspect of the regulations for the security and the
standards. The DSO would be majorly responsible for the purpose of coordinating and executing the
program for the security. They would check the balance of security within the organization and the
internal checks on the patches of security within the security program. This appointed person or the
role provided to them should be reported to someone who is outside of the particular company in order
to maintain a level of independency.
2. Assessment of Risks
This component is majorly responsible for identifying the leaks within the levels of security and thus
assessing them, which would be intended to be managed by the particular IT organization. The
assessment of risks is an important section because it helps in identifying the potential risks, which
could be faced by the organization. Assessing the amount of risks would be able to help in deciding on
the proper and the cost-effective ways in order to manage the raised issues. Based on the assessment of
risks, it could be said that the IT security programs and the security strategies would be able to
minimize the level of risks but the risks could not be eliminated completely (Pandita et al. 2013). The
main type of risks, which could be covered within the IT security programs are:
Physical Loss of Data – The loss of data could occur due to a wide variety of reasons. These reasons
could range from issues of floods or loss due to the loss of electric power. The access to important data
could also be lost due to the secondary failure of disk.
Unauthorized access to your own data and client or customer data – The confidential information
within any organization, which could be in relation with the customers or clients should be
contractually obliged to be protected. The organization should view the data as if it was of their own.
Interception of data in transit – The potential amount of risks occurs mainly due to the transmitted
data in between the sites of the company, or in between the employees and the company, contractors,
business partners located at home or in various other locations.
Data corruption – The internal based corruption within the company could lead to the modification of
important data of the customers and clients. The internal corruption is in favor with an external party
such as keystroke loggers located on PCs and Trojan Horses.
The data should also remain within the reach of the people within the organization. The vital data
should not be shared with the third parties that includes sales channel, partners and contractors (Gubbi
et al. 2013).
3. Policies and Procedures
There is a lot of speculation that would be in relation to the preparing process of the assessment of
risks. The procedures and the policies is the area where the proper IT strategy for the security should be
discussed. The areas that should be included within the planning of the policies and the policies are:
1. The authorization, authentication and the accountability would be able to establish the various
procedures for the purpose of issuing and revoking the accounts of the clients and customers. This
policy would be able to specify the way of authenticating an individual user, creation of passwords,
aging based requirements and maintenance of the trail of audit (Kim and Solomon 2013).
2. The awareness related to the security would be helpful in making a surety that every user should
possess a copy of the acceptable use policy and should be aware of their basic responsibilities. This
would also ensure that the employees within the IT organization would be engaged in implementing
the policies that would be specific to an IT based domain (Cavelty and Mauer 2016).
3. The assessment of risks would be helpful in reassessing the potential based threats to the security
related to IT and upgradation of the security program.
P a g e | 12