BCO6653 IT Management: A Case Study of Telstra and Vodafone, 2014

Verified

Added on 2023/06/11

AI Summary

This case study provides an analysis of IT management practices at Telstra and Vodafone Australia, focusing on cybersecurity, information systems planning, and comparative strategies. The study includes an interview report with IT managers from both organizations, exploring their approaches to IS planning, security measures, and challenges. A literature analysis complements the interview findings, providing a theoretical framework for understanding the issues. The paper compares and contrasts the IT strategies of Telstra and Vodafone, highlighting their respective strengths and weaknesses. Key topics covered include IT human resource management, business continuity management, and the adoption of new technologies. The study concludes with a summary of the main findings and recommendations for improving IT management practices in the telecommunications industry. Desklib provides access to this and other solved assignments.

COLLEGE OF BUSINESS - INFORMATION SYSTEMS DISCIPLINE
BCO6653  Management of Information Technology
Semester 2, 2014
ASSIGNMENT #2
Case Analysis for
place business names here
A study of issues in:
List the topic areas here such as (order matching ‘submitted by’ list):
IT Human Resource Management
Business Continuity Management
Submitted by:
Place your student numbers and names here; these match the topic order above
Group # (place your group number here)
Place date submitted here

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IT Manager Interviews for Telstra and Vodafone
List your names here followed by a comma and your email address:
Jane Smith, Jane.Smith@vu.edu.au
Abstract
In the following paper, an IT manager interview report and a literature analysis has been provided.
The paper begins with a brief introduction about the topic on cybersecurity and the information
technology control. The contents of the paper are revised gain in this section and the name of the two
organizations are mentioned which are going to be the basis if the interview report. The organizational
background of the two institutions which has an IT department of at least five people have been
mentioned in the subsequent sections. Next the paper discusses the IS planning stages. A literature
analysis has been mentioned to properly address this topic. The responses of the organizations are
noted down in the next sections. The paper conducts a comparative analysis on the two organizations
and assesses them accordingly. The results of the interviews are analyzed and evaluated. The literature
discussion of both organizations are compared and contrasted with each and every points to compare
both businesses relevant to the mentioned topic. Each topic is assessed according to the topic p the
paper. Next, the issues studied are listed in a literature analysis of the respective organizations. Next, a
conclusion section has been added that discusses the main findings of the paper.
P a g e | 2

Introduction
The protection of the network of connected systems such as data, software and hardware from cyber-
attacks is known as cyber security. Normally from an organizational point of view, security is listed as
both physical security and cyber security. To prevent the organizations from unauthorized logins and
monitoring the information technology efficiently, organizations normally use cyber security to
maintain their computerized systems and data centers (Luiijf and te Paske 2015). This is necessary for
organizations as maintaining the availability, integrity and confidentiality of the information is
necessary and is a part of the cyber security. Every organization has an IT department. Who have to
maintain the information system effectively. The security can range from end user education,
operational security, disaster recovery to network security, information security and application
security (Von Solms and Van Niekerk 2013). The IT team of every organization has to come up with
innovative solutions every once a while as the threats are constantly evolving in nature. The
conventional approach to the risks is to focus on the components which are crucial for the system
(Laudon and Laudon 2013). The systems which are not protected due to low risk threats or the
components of the Information system which are left undefended are addresses with the help of proper
cyber security measures. Organisation such as Telstra and Vodafone Australia has taken a more
adaptive and proactive approach to address cyber security and proper control over its information
systems. The mentioned organizations face cyber security issues on a daily basis. It is a challenging
task for the IT departments of the respective organizations to keep up with the threat intelligence,
security trends and new technologies. Ransomwares are the latest threat in this field and i is known for
locking the computers of a particular organization demanding money to unlock and decrypt them
(Caldwell 2013). Telstra recently faced a threat from malware last month. These types of cyber threats
come in the form f spywares, Trojan horses, computer viruses and worms. A recent new technology
has emerged which the IT departments of the respective organizations has to check. It is known as
social engineering and uses the interaction of human beings to break into secure systems for getting
protected sensitive information. Vodafone Australia recently deployed additional security measures to
stop frauds such as phishing. These types of threat are getting common day by day and uses fraudulent
emails to extract sensitive data like login information and credit card credentials (Pearlson, Saunders
and Galletta 2016). Most of the times these types of emails take the form of emails from reputable
sources so they are very hard to detect beforehand. The IT teams of the respective organizations has to
enhance their cyber security procedures to properly detect the threats before they cause damage to the
information systems of the company.
The IT department is responsible for coordinating and providing the computer based information
delivery services in that particular organization. They are responsible for maintaining and developing
organizational information system. They have to facilitate the adoption and acquisition of hardware
and software. Instead of providing all the services themselves, they are responsible for coordinating all
the services in the organization effectively. Based on the nature of business of Telstra and Vodafone
Australia, these organizations have to organize their forms a per the functions of the information
system. In Telstra, the Information system are centralized and uses a contemporary structure of the IS
unit.
In the following assignment, an email interview with the IT departments of the two mentioned
organization are provided. The interviews have been conducted with the IT managers of the respective
organizations. The policies have been framed with respect to the topic of the assignment. The IT
departments have been chosen as per their web presence and number of employees. The email contacts
have been extracted and the industries have been chosen in the same domain so that the comparisons
can be facilitated. The functions of the organizations have been compared in the comparative analysis
section of the report. A literature analysis of the IS planning has been assessed and evaluated in the
report. The issues that are studied and the results of the interview analysis has been mentioned in the
subsequent sections of the report. In the following report, the chosen organizations are taken as Telstra
and Vodafone Australia in the telecommunication domain.
Organisation background
P a g e | 3

Telstra Australia
Telstra Corporation Limited, or commonly termed as Telstra, is a leading telecommunication
organization in Australia. Telstra had first originated in collaboration with Australia Post as the Post
Master General’s Department. It used to control the telecommunication services of entire Australia
through the Post Master General’s Department. With several disintegrations later, it finally started to
work as an individual organization after the split in 1992. It was privatized in three different stages
informally referred to as T1, T2 and T3. Since, the entire organization deals with the
telecommunication services of the entire Australia, it deals with one of the major discrete and personal
data of its customers. In the year 2011, Telstra had announced that the organization would move
forward in implementing a new strategy with the launch of Telstra Digital, led by Gerd Schenkel of
National Australia Bank. The initial purpose of this launch was for improving the use of digital
channels for customer services. However, changes in a telecommunications based organization in
Australia should maintain ethical conduct as per Australian law suggests. Therefore, it is essential that
Telstra possesses state of the art cyber security measures in order to protect the essential and discrete
data of their customers from being hacked or misused by malicious hackers. In Australia itself, the
entire organization of Telstra had implemented divisions in the organizational structure, essentially
dedicated to the cyber security team. The team divisions secure propose a planned structure through
which the security team is implemented. The security system is then prioritized in percentages,
making it reliable to address each of these divisions according to their priorities. Out of the entire
workforce in the cyber security team, 38 percent priority is dedicated to audit the security system. 36
percent of the prioritized task remains dedicated to risk assessments of the entire system.
Governance, Risk and Compliance Tests comprise the next portions in the priority list followed by
Cyber Security Awareness Programs. The entire workforce is made aware of the Procedures to protect
IP. The employees of the organization are essentially dedicated according to the work divisions to their
respective task following quality management, monitoring and control of the systems during cyber
security enforcements. In addition to this, risk management and incident management is given sheer
priority, helping to handle any malicious incident or occurrence of any risk that may lead to a major
problem. Since, the company had opted in digitizing itself with the implementation of computer apps
and mobile friendly software applications, the implementation and utilization of cyber security
methodologies in the organization had become the most important aspect. Security awareness before
implementation of security management is most essential for this organization as Telstra’s digitization
would enable the customers to be connected to the organization at any given time. Thus, there is a
high chance that discrete user data could be compromised. Ethical implications would then follow if
any kind of user data breach occurs. The organization, in order to protect the generated business data
and customers’ discrete data, follows all these methodologies without failure.
The Head office is located in Melbourne Australia. It is one of the tallest buildings in Australia and is
located in 242 Exhibition street. The homepage URL of the organisation is
https://www.telstra.com.au/. The person who is interviewed for this particular assignment is Stephen
Eloph, the Technology and innovation executive of the company (Telstra - mobile phones, prepaid
phones, broadband, internet, home phones, business phones 2018). He is currently located in Sydney
and is responsible for maintaining the cyber security issues of the company.
The email address for contacting him is stephen.eloph85@macromedia.com.
P a g e | 4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

P a g e | 5

P a g e | 6

Vodafone Australia
Vodafone Australia is a telecommunication organization operating on Australia which provides fixed
and mobile broadband services. The network covers more than 21 million Australians and its
broadband services and expands its services in regional centers and capital cities. The organization
was created as a joint venture between Hutchison Telecommunications and Vodafone Group Plc. The
company has robust cyber security experts and have enhanced their team capabilities after the
vulnerabilities detected by Specter and Meltdown.
The company has proper 4G network services and maintains the IT systems efficiently. It has over
120 Retail stores all around Australia and has its main headquarter at Sydney, 177 Pacific Hwy. The
homepage URL of the company is https://www.vodafone.com.au.
The person who is interviewed for this particular assignment is the chief technology officer of the
company namely Kevin Millroy.
Kevin Milroy was appointed as the chief technology officer by Vodafone in July. He was responsible
for managing the IT department of the company. He was the general manager of the company and was
responsible for expanding the IT projects and rolling out the network upgrade. He was involved in the
Mobile black spot program too. As the head of the IT department his job is to expand the existing
VHS network and delivering the required broadband within the next year (Mobile Phone, Tablet and
Mobile Broadband Plans 2018). Under him, the IT department of Vodafone Australia has to work
hard to prepare for the incoming 5g networks and the security measures that need to be undertaken for
such a massive project. Proper cyber security procedures need to be facilitated by the IT head to
manage the fiber network transmissions in secure way (Stair and Reynolds 2013). He is highly
experienced and is renowned in the telecommunications industry. Previously, he was also the IT head
of MBNL/Ericsson and has a working experience in Cellnet also.
The email address to contact him is - kevin.milroy@dropbox.com.
P a g e | 7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

P a g e | 8

IS Planning
The use of a proper plan for the security of the information is very much essential for a company
(Peltier 2013). The proper use of the plan for the systems of information based security would be
extremely helpful in order to help in protecting the organisation from cases of online theft (Liu, Zhang
and Li 2013). The cases of online theft are mostly common among IT based organizations and
companies. This is due to the fact that these sector contain a huge amount of important data of their
employees as well as the consumers. The primary focus of the IT industries is to secure their systems
and thus help in preventing the valuable information from being getting stolen (Lin, Wang and Kung
2015).
In order to secure the IT based systems, it is extremely essential for the companies to secure the
systems to protect their information (Martinez and Pulier 2015). A proper plan for the security of
information needs to be prepared by the company in order to protect the vital information of the
clients. An Information Security Strategic Plan would be helpful in positioning an organization in
P a g e | 9

order to diminish, transfer, accept and avoid the risk of information systems that are related to
technologies, processes and people (Stiff, Sharpe and Atkinson 2014). A proper established strategy is
also helpful for the organization in order to protect the integrity, confidentiality and availability of
valuable information (Vian et al. 2014).
The benefits for the purpose of the business based on an effective security strategy plan is mostly
significant and has the capability to offer a competitive advantage (Wang et al. 2013). These might
include the purpose of complying with the standards within the industry, avoid a incident meant for
damaging the security, supporting the business reputation and thus helps in supporting commitment
with the partners, customers, suppliers and shareholders (Rong et al. 2015).
A strategy for the security is a form of document, which is based on a periodic basis and which
outlines the major concerns for the security of an organisation or country. The security strategy plan
also plans to deal with the issues (Cheminod, Durante and Valenzano 2013).
P a g e | 10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IS Planning Literature Analysis
The primary aim of the strategic plan for the security is to provide a management with the essential
information in order to make knowledgeable decisions about the investment made within the security.
The plan for the strategy for the information based security is linked with the function of security with
the direction of the business (Rao 2014).
The strategy should present a case of the business, which would describe the main benefits of the
business and the outcomes, which are in relation with the security. The plan also provides
recommended strategies in order to achieve the outcomes.
The strategies meant for the purpose of security would help in achieving the objectives of the business
for the purpose of identifying and addressing the requirements for the IT based system within an
organisation. The plan also provides business based functions and several kind of initiatives, provision
for IT based infrastructure, processes and people that would be able to meet the basic requirements of
security (Little et al. 2013).
Though the strategies are mainly driven by the requirements of a business, the strategies should discuss
on the other factors, which might have direct impact on the achievements, which would be met by
fulfilling the outcomes. The strategies for the security should be revised at proper times in order to
allow for the various kind of changes within the direction of the business and within the factors of
constraints (Ion, Zhang and Schooler 2013).
Research Objective
The objectives that would be set for the business based on strategy are based on high level. These
objectives would point to the welfare of the organization. And the related stakeholders. The objectives
for the planning of IS based strategy are:
 To reduce the costs by the gain in efficiency
 To reduce the potential based costs through the process of the reduction of risks faced due to
cybersecurity.
 To protect the important assets of the organization.
 To produce several kind of opportunities for the growth in the revenue. This could be met by
the process of creating and enhancing the services provided to the customers and within the
products.
IS Planning Literature Analysis
The IT based organizations or companies have to implement a plan in order to ensure the security of
the assets of the organization. This plan is defined by the security professionals within the particular
industry. A properly based IT security problem would be helpful in providing a framework in order to
keep the company at a proposed level of security. This could be achieved by accessing the amount of
risks, deciding on the strategies in order to mitigate them and a proper plan to update the programs and
the practices of security (Gusmeroli, Piccione and Rotondi 2013).
Basic Elements of a Proper Security Program
A good security program is extremely essential to provide the security architecture in order to secure
the vital data of the company. The security program defines the type of data, which would be covered.
The proper security plan would be able to assess the particular risks, which are faced by the company
and the plans, which should be required in order to mitigate the risks. The security program would be
able to indicate the time of evaluation and upgradation and it would also provide notifications in order
to update the patches of security within a system. The key components of a proper program for the
security is explained in the following sections (Mayring 2014).
P a g e | 11

1. Designated Officer for the Security
A Designated Security Officer (DSO) is an important aspect of the regulations for the security and the
standards. The DSO would be majorly responsible for the purpose of coordinating and executing the
program for the security. They would check the balance of security within the organization and the
internal checks on the patches of security within the security program. This appointed person or the
role provided to them should be reported to someone who is outside of the particular company in order
to maintain a level of independency.
2. Assessment of Risks
This component is majorly responsible for identifying the leaks within the levels of security and thus
assessing them, which would be intended to be managed by the particular IT organization. The
assessment of risks is an important section because it helps in identifying the potential risks, which
could be faced by the organization. Assessing the amount of risks would be able to help in deciding on
the proper and the cost-effective ways in order to manage the raised issues. Based on the assessment of
risks, it could be said that the IT security programs and the security strategies would be able to
minimize the level of risks but the risks could not be eliminated completely (Pandita et al. 2013). The
main type of risks, which could be covered within the IT security programs are:
Physical Loss of Data – The loss of data could occur due to a wide variety of reasons. These reasons
could range from issues of floods or loss due to the loss of electric power. The access to important data
could also be lost due to the secondary failure of disk.
Unauthorized access to your own data and client or customer data – The confidential information
within any organization, which could be in relation with the customers or clients should be
contractually obliged to be protected. The organization should view the data as if it was of their own.
Interception of data in transit – The potential amount of risks occurs mainly due to the transmitted
data in between the sites of the company, or in between the employees and the company, contractors,
business partners located at home or in various other locations.
Data corruption – The internal based corruption within the company could lead to the modification of
important data of the customers and clients. The internal corruption is in favor with an external party
such as keystroke loggers located on PCs and Trojan Horses.
The data should also remain within the reach of the people within the organization. The vital data
should not be shared with the third parties that includes sales channel, partners and contractors (Gubbi
et al. 2013).
3. Policies and Procedures
There is a lot of speculation that would be in relation to the preparing process of the assessment of
risks. The procedures and the policies is the area where the proper IT strategy for the security should be
discussed. The areas that should be included within the planning of the policies and the policies are:
1. The authorization, authentication and the accountability would be able to establish the various
procedures for the purpose of issuing and revoking the accounts of the clients and customers. This
policy would be able to specify the way of authenticating an individual user, creation of passwords,
aging based requirements and maintenance of the trail of audit (Kim and Solomon 2013).
2. The awareness related to the security would be helpful in making a surety that every user should
possess a copy of the acceptable use policy and should be aware of their basic responsibilities. This
would also ensure that the employees within the IT organization would be engaged in implementing
the policies that would be specific to an IT based domain (Cavelty and Mauer 2016).
3. The assessment of risks would be helpful in reassessing the potential based threats to the security
related to IT and upgradation of the security program.
P a g e | 12

4. The incident based responses would be able to respond to the threats related to the security including
the potential and definite incidents.
5. The protection of the security in IT could be outlined with the help of anti-virus software. These
specially designed software would be helpful for protecting the systems from cybersecurity based
threats. These would include the products based on workstation and scanning of mails, content on the
web and transfer of files for the purpose of deducting the malicious web based contents.
6. The planning for the continuity of business would include the responses to the natural and man-
made disasters. This would also include the arrangement of the sites related to backup, systems and
data. This would help them to be kept updated and also prepared in order to take over the time needed
for the recovery that had been previously defined.
7. The relationships with the partners and vendors would define the stature of the organizations, the
kind of data that might be exchanged within them and the provisions that ought to be in the contracts
in order to protect and secure the data from potential threats. This could also be defined as an
unnoticed aspect of the security of data. The main reason behind this is that the IT organization might
not have a lot of interaction with the legal organizations over the contracts provided by the vendors.
Measures are needed to be taken such as evaluating the ability of the partners in order to safeguard the
vital data and thus insisting on providing reasonable practices of security within the proper place
(Ahmad, Maynard and Park 2014).
4. Awareness Based on Security within the Organization
The community responsible for the security is mostly aware and normally agrees that the weakest link
in most of the security within the organization is based on the human factor and not dependent on the
technological part. Though the link is weakest, it would mostly be overlooked within the programs
based on security. Each employee would needed to be aware of their roles and responsibilities in terms
of security. Each and every user is expected to have a special training based on the awareness based on
the security. Those involved with the IT systems would be needed to have a role based specific
training. The IT organization would be able to implement a continuous cycle based on acquiring,
assessing and operating on the security related to the software and hardware. The security within the
hardware and software would be needed to have a higher level of involvement, which would be needed
to take a direction based on the specialists of security and consultants (Cheng et al. 2013).
5. Regulatory standards compliance
With respect to comply with the programs related to the security, the company would also need to
comply with the standards that would be defined by external parties. The primary component of the
plan of security would define the standards and the process of complying with the standards.
Telstra
Neil Campbell, the director of global security solutions of Telstra has provided a coverage based on the
security solutions of the organization. His thoughts were that the physical based security had started as
a analogue and mechanical world where the locks meant for checking was a physical based task. In the
21st century, the security based on the IT domain is a major concern. A central station for the
monitoring could be used for a combination of video and electric based door meant to access in order
to keep a keen sight on the accessibility and control over the IT systems. During the interview, he
stated:
“The primary challenge within the industry is to converge the technology within the industry. The
users should possess a different set of capabilities that would be never found within the same
organization (Slocombe 2017).”
Neil also believes that the two different worlds should have collided as because the technology is
making easy to perform the things centrally.
P a g e | 13

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

“A properly manageable service for the security is meant in order to ensure that the customer should
have the appropriate combination of the active and passive controls within the networks and the user
should be able to monitor over them.”
“If data is shared from the systems of electronic security and the systems of cyber security, then it
should be done in a secured fashion.”
Vodafone
Interviews based on the security specialist of Vodafone came to a conclusion that the overall data
privacy within the systems is on the rise and it is quite essential in order to secure the systems. The
focus on the security of the systems have increased to a higher level.
They said that the cyber intelligence that basically keeps a track of the cyber-attacks that would happen
outside. They would try to dig out the information and then try to identify the components of
technology and the modus operandi of the attacks.
The biggest problem for the organizations is to identify the data, which is needed to be protected. The
company is using encryption in terms of the control of access, monitoring of the access to the
privilege, change in the form of the sets of data, the right form of the management tools of data. All
these kind of technologies, which have been used to the technology front of the landscape in order to
protect and secure the data.
The security specialists within the company have majorly challenged the processes in order to have a
minimal based exposure for the data of the customers (Kwofie 2013).
Skill Set Related Problem in Countering the Cyber Attacks
The skill set is true for all the industries. In every industry, there are various products from the
different partners. All the equipments related to the security related to the IT sector needed to be in
place and needed to be operated at the desired level. The secondary factor is the differentiation factor
of the experience of the customers. The company is also responsible in differentiating the customer
experience.
The company is also focused on the future. The security specialists have said that they are always
ready to experience newer form of technologies. This would mean that that would keep a check
whether they would go to end of life products and legacy systems.
Vodafone is also dedicated towards consciousness regarding the factors of cost and effectiveness of the
cost. They also assure the stakeholders in terms for the compliance and the various risks related to the
privacy.
Views on the Adoption of Cloud Based Technology by the Telecom Operators
They would mean the adoption of cloud based platform to be put by the telcos. The adoption of cloud
based platform is not an easy factor because of the requirements related to regulatory. Telcos need to
have everything in hand due to the regulatory requirements and remote access, audit and maintenance
and operation based assurance. This would basically create a level of restriction based on the adoption
of the cloud platform. This would in turn restrict the telcos from becoming much more flexible and
supple. There would be needed to make changes in terms of regulations.
Comparative analysis
P a g e | 14

Based on the discussion based on the two telecom based operators, it could be concluded that both of
these telecommunication companies have made several implications based on the sectors of IT. They
have been implicating technologies based on the machine learning technology and AI based
technologies. The common technology used by both the operators are chatbots, which are being used
on a global basis (Ask et al. 2016). The second technology, which is being used is cognitive
computing. All the telecommunication operators have realised that the primary service is data and
voice. They cannot always rely on the carrier for the consumers. They should start on the creation of
the content. A lot more kind of technologies are being adopted by both of these operators. The SON
based technology is being used by Vodafone. This technology is being used rapidly. This technology
has the basic capability to optimise the process of delivery (Swetina et al. 2014). The secondary factor
is the customer based experience. There are several projects around the experience of the customers
and the new trend is to set new form of IT based security solutions for the telecom operators. Many of
these initiatives are mainly used for the digital space. There are many risks related to the IT based
sectors within the new technologies. This has led to the adoption of newer form of technologies within
the sectors (Alam et al. 2014).
Issues studied
Topic 1: The Privacy of Customer as a Competitive Advantage
The telecom sector is expanding at a stunning pace in all over the world. The use of
telecommunication has been necessary aspect of our daily life. Telecommunication industries are
attracting numerous number of customers through establishing a suitable bond with their brands.
There are several key point, needs to be consider to continue the legacy (Van Hoboken 2013).
Vodafone and Telstra are the leading telecom industries in all over Australia. One of the reason of
their popularity is they value their customer privacy. However, they follow different approaches to
protect customer private details such as credit card information, address and more.
Vodafone: According to the company’s associates, they are heavily focused on the customer privacy.
According to them, for providing effective services to customer they collect some vital information
from the customers (Ball, Borge and Greenwald 2013). However, this details are managed in a
particular schema. They strictly follows the law enforcement disclosure report in order to protect the
customer privacy. They also frequently responds to the government demands in order to access the
customer information. It is also clear that, Vodafone does not use the “adequate level” of security in
place to protect the privacy information (Van Hoboken 2013). There are some security breach reported
against the Vodafone. According to the Timothy Pilgrim, Vodafone had been breaching their rules and
regulations under the Privacy Act. Though they did not impose any penalty as the Privacy Act does
not allow them to do so.
Challenges towards Internal Organization Security.
Telstra: Telstra is the leading telecommunication industries throughout the Australia. They collect
different customer private details depends on the services desired by them. Generally they gathers
credit and billing information in order to conduct financial relationship with the customer. They also
needs the device –specific information as operating system, hardware model, unique device
identifiers, device status, configuration and software and mobile network information. They also
gather information about the product uses and location services (Ball, Borge and Greenwald 2013).
The sensitive information includes, person's race, ethnic origin, political opinions, health, religious or
philosophical beliefs and criminal history. According to some internal sources, this details are used for
many purposes administration, communication, improvement, development and direct marketing (Van
Hoboken 2013). They also follow the data privacy law strictly. All the requirements of the
stakeholders would need to be satisfied by striking the balance between the need for the purpose of
collecting and sharing the personal information of the customer and thus the need to secure the
personal information of the customer.
Compare: Vodafone and Telstra are both leading industry that provide effective and customized
telecom services to their customers. Both company gather similar type of data from their customer
P a g e | 15

such as billing details, device details and location. However, they both uses different approaches to
ensure customer privacy (Ball, Borge and Greenwald 2013). The key difference between those
approaches is utilization of the “adequate level”. Vodafone does not use the adequate level that makes
them vulnerable against third parties. They also faces this similar issues in the past. Telstra ensures
that the customer information are correct and up-to date. They also stores this data in digital and
electric from in a storage facilities that operated and owned by the company for individual usages
(Van Hoboken 2013). This storage facilities are also protected by combined many technical solution,
controls for the security and internal processes to protect data and network from unauthorized access
and disclosure.
Topic 2: Challenges in implementing secured third party environment
The focuses on the outsourcing model is also increasing in order to maintain the security framework
among third parties. This outsourcing model associates with several third parties which knowingly
challenge many of the information security posture of the operator. The success of ensuring the
valuable information fully depends on the capability of an organization in order to effectively extend
the framework of the security to their third parties (Ball, Borge and Greenwald 2013). Managing
information security is producing many obstacles in many key areas. The provider of infrastructure,
system integrator, software vendor, distributors & retailers, VAS provider, bill printing agency. The
reason behind the challenges is the limited control over the third party environment. The growth of
third parties and risk associates with outsourcing including security controls as part of the contract has
become a norm (Van Hoboken 2013). However, ensuring adherence to the controls and establishing
the accountability for the same is becoming a challenge in the recent times.
Vodafone: Vodafone outsourced many some of its operations to various third parties. The huge
amount of third parties are also maintained by them effectively in order to gain the most out of them
(Van Hoboken 2013). According to some insider, the third parties are like extended arms of the
operators, which are necessary to function. The process of contracting and identification of this third
parties are monitored by the internal executives. This executives are responsible for to centralized and
mange those third parties. They also frequently interact with them and familiar them about the day to
day operations (Ball, Borge and Greenwald 2013). Hence, it is very much essential that each function
should be able to understand the major importance of security that would imbibe their relationship
with their third party service. Vodafone strictly follows some means to achieve information security at
third parties. These steps are dependent upon the complexity and maturity of the third party
environment, service provided and relationship with the third parties.
Telstar: Telstar also somewhat similar approach to manage the third party information security.
Telstar adopt some effective approaches to ensure the information security associates with the third
parties (Van Hoboken 2013). The steps which are followed can be demonstrate as security criteria for
third party selection, information security part of contract, periodic risk assessment, dedicated security
SPDC from third party, third party personnel education program, security requirements part of SLAs
and periodic security adherence report from third party.
Comparison: Vodafone and Telstar follow similar approaches to maintain the third party information
security. They both adopt some effective approaches to ensure the information security associates with
the third parties (Ball, Borge and Greenwald 2013). The steps which are followed can be demonstrate
as security criteria for third party selection, information security part of contract, periodic risk
assessment, dedicated security SPDC from third party, third party personnel education program,
security requirements part of SLAs and periodic security adherence report from third party(Van
Hoboken 2013). These steps are mostly dependent upon the maturity and complexity of the third party
environment, service provided and relationship with third parties.
Topic 3: Challenge to maintain internal organizational security
As the telecom industries are evolving the areas of internal organizations threats are also increasing
rapidly. The main reasons behind the dilemma is employee seriousness toward information security,
lack of uniformity of controls and vast geographical spread (Ball, Borge and Greenwald 2013). The
establishment of the effective information security organization structure has been essential for both
P a g e | 16

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

IT and network function (Van Hoboken 2013). The proper implementation of the internal organization
security will result in many key areas such as evolving business operations, Inorganic business
growth, and geographical spread of information. Increasing users of information assets. Inadequate
employee awareness and inadequate management commitment.
Vodafone: In last couple of years, they tend to focus on the requirements of regulation and externally
based factors of risks. However, the enormous spread of services and operations, operative strengths,
participation of third parties needs to be enlighten in order to achieve more business margins (Van
Hoboken 2013). As the organizations are continually maturing, the posture for their security is also
maturing to the extent that internal information security becomes a basic hygiene for carrying out the
operation of the business. Vodafone needs to be more focused on their internal security (Ball, Borge
and Greenwald 2013). The proper implementation of the internal organization security will result in
many key areas such as evolving business operations, Inorganic business growth, and geographical
spread of information. Increasing users of information assets. Inadequate employee awareness and
inadequate management commitment.
Telstra: Telstra has successful implemented their internal organizational security schemas. Although
the internal based security of information could be imposed by establishing technology controls and
performing periodic audits, the success of such initiatives would largely depend upon the acceptance
level of the employees (Van Hoboken 2013). The operators of telecommunication sector need to look
at establishing a culture where information security becomes part of the DNA of the organizations and
thus their employees. The proper implementation of the internal organization security will result in
many key areas such as evolving business operations, Inorganic business growth, and geographical
spread of information. Increasing users of information assets (Ball, Borge and Greenwald 2013).
Inadequate employee awareness and inadequate management commitment. Information Security
focuses on IT and does not include core telecom network. There is a need for a holistic Information
Security Organization Structure that integrates security in IT and core telecom network. Further, the
effectiveness of Information Security can be ensured by involving business functions in security
initiatives.
Compare: Vodafone and Telstra are both leading industry that provide effective and customized
telecom services to their customers. Both company gather similar type of data from their customer
such as billing details, device details and location. The proper implementation of the internal
organization security will result in many key areas such as evolving business operations, Inorganic
business growth, and geographical spread of information (Van Hoboken 2013). Increasing users of
information assets. Inadequate employee awareness and inadequate management commitment.
Vodafone and Telstra both followed similar approaches in order to achieve liner outcomes.
Topic 4: The contributing factors in adoption of Newer Technology & Services
In general, most of the telecom industries are adopting best practices to ensure that they are prepared
against possible threats (Ball, Borge and Greenwald 2013). The need for sustainable, efficient, cost
effective and beneficial route for business which is the driver for advancement and rise of new
advancements and administrations. The appearance of innovations, for example, 3G, New Generation
Networks (NGN), Wi-Max and utilization of administrations, for example, M-Commerce, Cloud
computing administrations and so on will profit everybody by supporting the multiplication of data,
empowering residents to get to essential correspondence benefits and advancing the improvement of
innovation progressions (Van Hoboken 2013). These mechanical headways open telecom
administrators to new arrangement of security dangers and vulnerabilities.
Vodafone: Vodafone also practice many approaches overcome future risks. Any security risk could
occurred at any time. Vodafone practices risk management to avoid the possible risks. The
implementation of such new technologies are also essential. They helped business to grow further and
establish brand values. According to the company’s associates, they are heavily focused on utilization
of new technologies. According to them, the implementation of the new technology can assist the
organization to achieve their goals while maintain the security concerns. Administrations, for
example, m-Commerce, empowers clients to perform business exchange and in addition official
P a g e | 17

correspondence wherever they go (Van Hoboken 2013). These mechanical progressions represent a
test to general data security scene with in the telecom administrator.
Telstra: The Company has also several practices in order to face the risks of future based on the
security of the devices. The company also practices the management of risks in order to avoid the
possible risks of the future. According to the associates of the company, they are heavily determined
on the proper utilization of the upcoming technologies. According to them ,they are able to implement
the newer form of technology, which could assist the organization for the purpose of achieving the
goals while maintaining the basic concerns of security. The basic administrations such as m-
Commerce would help in empowering the clients in order to perform the exchange of business and in
addition to the official correspondence. These mechanical based progressions would represent a
general data for the security of data within the administrator of telecom.
Compare: Telstra and Vodafone are dedicated towards delivering proper services based on the
security of devices within the telecommunication sector. Hence they try to implement newer form of
technologies within the sector. Many innovations within the sector such as NGN, Wi-Max are the
technologies that would help for the development of secure networks. These kind of technological
innovations open newer ways to the operators of telecom for the newer form of arrangement of the
dangers to the security and the vulnerabilities made within the sector.
Conclusion
A proper strategy plan for the information security within the IT based organizations could be more
effective when a holistic based approach would be followed. This method would require the
acquisition of processes, people and dimensions of technology based on information security by
ensuring that it would be risk balanced and based on business. This would require a proper alignment
and integration to the making of strategic decisions. This would help in the making of decisions and
getting the right things to be done in an order based on priority. The concern of the security of
information within the cyberspace is an important concern. Executing a proper plan of strategy would
be a critical success factor for the IT based organizations in order to maximize the ability to manage
the risks of information security. Committing to the processes would consume time and several form
of resources. In order to be fully effective, the leaders for the security would need to view on adding a
business based value and processes for the planning of the IT strategies. It would also focus on the
way of strategy, which could help in enhancing the business processes within the organizations and
thus helping in achieving success.
P a g e | 18

References
Adwan, O., Faris, H., Jaradat, K., Harfoushi, O. and Ghatasheh, N., 2014. Predicting customer churn
in telecom industry using multilayer preceptron neural networks: Modeling and analysis. Life Science
Journal, 11(3), pp.75-81.
Ahmad, A., Maynard, S.B. and Park, S., 2014. Information security strategies: towards an
organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), pp.357-370.
Alam, M., Yang, D., Rodriguez, J. and Abd-alhameed, R., 2014. Secure device-to-device
communication in LTE-A. IEEE Communications Magazine, 52(4), pp.66-73.
Amutha, W.M. and Rajini, V., 2015. Techno-economic evaluation of various hybrid power systems for
rural telecom. Renewable and Sustainable Energy Reviews, 43, pp.553-561.
Ask, J.A., Facemire, M., Hogan, A. and Conversations, H.N.B.F., 2016. The State Of
Chatbots. Forrester. com report, 20.
Atoum, I., Otoom, A. and Abu Ali, A., 2014. A holistic cyber security implementation
framework. Information Management & Computer Security, 22(3), pp.251-264.
Ball, J., Borger, J. and Greenwald, G., 2013. Revealed: how US and UK spy agencies defeat internet
privacy and security. The Guardian, 6.
Binder Ready Version: A Strategic Approach. John Wiley & Sons.
Caldwell, T., 2013. Plugging the cyber-security skills gap. Computer Fraud & Security, 2013(7),
pp.5-10.
Cavelty, M.D. and Mauer, V., 2016. Power and security in the information age: Investigating the role
of the state in cyberspace. Routledge.
Cheminod, M., Durante, L. and Valenzano, A., 2013. Review of security issues in industrial
networks. IEEE Transactions on Industrial Informatics, 9(1), pp.277-293.
Chen, K., Hu, Y.H. and Hsieh, Y.C., 2015. Predicting customer churn from valuable B2B customers in
the logistics industry: a case study. Information Systems and e-Business Management, 13(3), pp.475-
494.
Cheng, L., Li, Y., Li, W., Holm, E. and Zhai, Q., 2013. Understanding the violation of IS security
policy in organizations: An integrated model based on social control and deterrence theory. Computers
& Security, 39, pp.447-459.
Costa-Requena, J., Santos, J.L., Guasch, V.F., Ahokas, K., Premsankar, G., Luukkainen, S., Pérez,
O.L., Itzazelaia, M.U., Ahmad, I., Liyanage, M. and Ylianttila, M., 2015, June. SDN and NFV
integration in generalized mobile network architecture. In Networks and Communications (EuCNC),
2015 European Conference on (pp. 154-158). IEEE.
Crawford, S.P., 2013. Captive audience: The telecom industry and monopoly power in the new gilded
age. Yale University Press.
Gubbi, J., Buyya, R., Marusic, S. and Palaniswami, M., 2013. Internet of Things (IoT): A vision,
architectural elements, and future directions. Future generation computer systems, 29(7), pp.1645-
1660.
Gusmeroli, S., Piccione, S. and Rotondi, D., 2013. A capability-based security approach to manage
access control in the internet of things. Mathematical and Computer Modelling, 58(5-6), pp.1189-
1205.
Han, B., Gopalakrishnan, V., Ji, L. and Lee, S., 2015. Network function virtualization: Challenges and
opportunities for innovations. IEEE Communications Magazine, 53(2), pp.90-97.
Hawilo, H., Shami, A., Mirahmadi, M. and Asal, R., 2014. NFV: state of the art, challenges, and
implementation in next generation mobile networks (vEPC). IEEE Network, 28(6), pp.18-26.
P a g e | 19

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Ion, M., Zhang, J. and Schooler, E.M., 2013, August. Toward content-centric privacy in ICN:
Attribute-based encryption and routing. In Proceedings of the 3rd ACM SIGCOMM workshop on
Information-centric networking (pp. 39-40). ACM.
Jungnickel, V., Habel, K., Parker, M., Walker, S., Bock, C., Riera, J.F., Marques, V. and Levi, D.,
2014, July. Software-defined open architecture for front-and backhaul in 5G mobile networks.
In Transparent Optical Networks (ICTON), 2014 16th International Conference on (pp. 1-4). IEEE.
Kim, D. and Solomon, M.G., 2013. Fundamentals of information systems security. Jones & Bartlett
Publishers.
Kirui, C., Hong, L., Cheruiyot, W. and Kirui, H., 2013. Predicting customer churn in mobile telephony
industry using probabilistic classifiers in data mining. IJCSI International Journal of Computer Science
Issues, 10(2), pp.1694-0814.
Kshetri, N., 2013. Privacy and security issues in cloud computing: The role of institutions and
institutional evolution. Telecommunications Policy, 37(4-5), pp.372-386.
Kumar, U. and Gambhir, S., 2014. A literature review of security threats to wireless
networks. International Journal of Future Generation Communication and Networking, 7(4), pp.25-34.
Kwofie, B., 2013. Cloud computing opportunities, risks and challenges with regard to Information
Security in the context of developing countries: A case study of Ghana.
Laudon, K.C. and Laudon, J.P., 2013. Management Information Systems 13e.
Lin, Y., Wang, Y. and Kung, L., 2015. Influences of cross-functional collaboration and knowledge
creation on technology commercialization: Evidence from high-tech industries. Industrial marketing
management, 49, pp.128-138.
Little, H.A., Adams, N.P. and Totzke, S.W., BlackBerry Ltd, 2013. System and method of security
function activation for a mobile electronic device. U.S. Patent 8,386,805.
Liu, Z., Zhang, A. and Li, S., 2013, July. Vehicle anti-theft tracking system based on Internet of
things. In Vehicular Electronics and Safety (ICVES), 2013 IEEE International Conference on (pp. 48-
52). IEEE.
Luiijf, H.A.M. and te Paske, B.J., 2015. Cyber security of industrial control systems. TNO.
Martinez, F.R. and Pulier, E., ServiceMesh Inc, 2015. System and method for a cloud computing
abstraction layer with security zone facilities. U.S. Patent 9,069,599.
Mayring, P., 2014. Qualitative content analysis: theoretical foundation, basic procedures and software
solution.
McDermott, T., Rouse, W., Goodman, S. and Loper, M., 2013. Multi-level modeling of complex
socio-technical systems. Procedia Computer Science, 16, pp.1132-1141.
McHenry, M.P., 2013. Technical and governance considerations for advanced metering
infrastructure/smart meters: Technology, security, uncertainty, costs, benefits, and risks. Energy
Policy, 59, pp.834-842.
Mobile Phone, Tablet and Mobile Broadband Plans. 2018. Retrieved from
https://www.vodafone.com.au
Pandita, R., Xiao, X., Yang, W., Enck, W. and Xie, T., 2013, August. WHYPER: Towards
Automating Risk Assessment of Mobile Applications. In USENIX Security Symposium (Vol. 2013).
Pearlson, K.E., Saunders, C.S. and Galletta, D.F., 2016. Managing and Using Information Systems,
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Petajajarvi, J., Mikhaylov, K., Roivainen, A., Hanninen, T. and Pettissalo, M., 2015, December. On
the coverage of LPWANs: range evaluation and channel attenuation model for LoRa technology.
In ITS Telecommunications (ITST), 2015 14th International Conference on (pp. 55-59). IEEE.
Rao, T.V., 2014. HRD audit: Evaluating the human resource function for business improvement.
SAGE Publications India.
P a g e | 20

Rong, K., Hu, G., Lin, Y., Shi, Y. and Guo, L., 2015. Understanding business ecosystem using a 6C
framework in Internet-of-Things-based sectors. International Journal of Production Economics, 159,
pp.41-55.
Rosenberg, D., 2018. Origins. In Israel's Technology Economy(pp. 17-36). Palgrave Macmillan,
Cham.
Saeed, R., Lodhi, R.N., Iqbal, A., Nayyab, H.H., Mussawar, S. and Yaseen, S., 2013. Factors
influencing job satisfaction of employees in telecom sector of Pakistan. Middle-East Journal of
Scientific Research, 16(11), pp.1476-1482.
Sicari, S., Rizzardi, A., Grieco, L.A. and Coen-Porisini, A., 2015. Security, privacy and trust in
Internet of Things: The road ahead. Computer networks, 76, pp.146-164.
Slocombe, G., 2017. Defence's cyber security benefits from industry support. Asia-Pacific Defence
Reporter (2002), 43(6), p.54.
Stair, R. and Reynolds, G., 2013. Principles of information systems. Cengage Learning.
Sterbenz, J.P., Çetinkaya, E.K., Hameed, M.A., Jabbar, A., Qian, S. and Rohrer, J.P., 2013. Evaluation
of network resilience, survivability, and disruption tolerance: analysis, topology generation,
simulation, and experimentation. Telecommunication systems, 52(2), pp.705-736.
Stiff, G., Sharpe, M. and Atkinson III, L.W., Genworth Holdings Inc, 2014. System and method for
imbedding a defined benefit in a defined contribution plan. U.S. Patent 8,799,134.
Swetina, J., Lu, G., Jacobs, P., Ennesser, F. and Song, J., 2014. Toward a standardized common M2M
service layer platform: Introduction to oneM2M. IEEE Wireless Communications, 21(3), pp.20-26.
Swetina, J., Lu, G., Jacobs, P., Ennesser, F. and Song, J., 2014. Toward a standardized common M2M
service layer platform: Introduction to oneM2M. IEEE Wireless Communications, 21(3), pp.20-26.
Telstra - mobile phones, prepaid phones, broadband, internet, home phones, business phones. 2018.
Retrieved from https://www.telstra.com.au/
Turban, E., King, D., Sharda, R. and Delen, D., 2013. Business intelligence: a managerial perspective
on analytics. Prentice Hall, New York.
Van Hoboken, J.V., 2013. Privacy and security in the cloud: Some realism about technical solutions to
transnational surveillance in the Post-Snowden Era. Me. L. Rev., 66, p.487.
Vian, J.L., Mansouri, A.R. and Saad, E.W., Boeing Co, 2014. Traffic and security monitoring system
and method. U.S. Patent 8,643,719.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers &
security, 38, pp.97-102.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers &
security, 38, pp.97-102.
Wang, Q., McCalley, J.D., Zheng, T. and Litvinov, E., 2013. A computational strategy to solve
preventive risk-based security-constrained OPF. IEEE Transactions on Power Systems, 28(2),
pp.1666-1675.
Wilks, S. and Wright, M. eds., 2016. The promotion and regulation of industry in Japan. Springer.
Wollschlaeger, M., Sauter, T. and Jasperneite, J., 2017. The future of industrial communication:
Automation networks in the era of the internet of things and industry 4.0. IEEE Industrial Electronics
Magazine, 11(1), pp.17-27.
Yan, Y., Hu, R.Q., Das, S.K., Sharif, H. and Qian, Y., 2013. An efficient security protocol for
advanced metering infrastructure in smart grid. IEEE Network, 27(4), pp.64-71.
Zhiqun, X., Duan, C., Zhiyuan, H. and Qunying, S., 2013. Emerging of telco cloud. China
Communications, 10(6), pp.79-85.
Zhiqun, X., Duan, C., Zhiyuan, H. and Qunying, S., 2013. Emerging of telco cloud. China
Communications, 10(6), pp.79-85.
P a g e | 21