IT Risk Management Report: Outsourcing and Data Security in Australia
VerifiedAdded on 2020/07/23
|15
|5120
|31
Report
AI Summary
This report provides an in-depth analysis of IT risk management, particularly within the financial service sector, with a focus on the Australian telecommunications company, Telstra. It addresses the increasing prevalence of outsourcing key IT functionalities and the associated threats and vulnerabilities, including data security concerns and the potential for breaches. The report highlights the importance of a robust security posture, including human factors, resource allocation, and the need for threat intelligence. It discusses the security posture of IT firms, including Telstra, and recommends various mitigation strategies such as the implementation of risk management tools, corporate IT processes, and security governance. The report also examines the Australian Government Information Security Manual and industry best practices, such as the use of firewalls, IT management tools, and application whitelisting. The report concludes by emphasizing the importance of proactive risk management to safeguard against cyber threats, data breaches, and malicious insiders, providing valuable insights for organizations seeking to enhance their IT security and mitigate risks associated with outsourcing and data management.
IT RISK
MANAGEMENT
MANAGEMENT
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
EXECUTIVE SUMMARY.............................................................................................................1
Its relation with Financial service sector.........................................................................................2
Security posture of IT firm in managing risks............................................................................3
Threats and Vulnerabilities of outsourcing key IT functionality...............................................1
Consequences of the threats........................................................................................................3
Data security ...............................................................................................................................3
CONCLUSION................................................................................................................................6
REFERENCES................................................................................................................................7
.........................................................................................................................................................8
EXECUTIVE SUMMARY.............................................................................................................1
Its relation with Financial service sector.........................................................................................2
Security posture of IT firm in managing risks............................................................................3
Threats and Vulnerabilities of outsourcing key IT functionality...............................................1
Consequences of the threats........................................................................................................3
Data security ...............................................................................................................................3
CONCLUSION................................................................................................................................6
REFERENCES................................................................................................................................7
.........................................................................................................................................................8
EXECUTIVE SUMMARY
In the Information and Technology field there are various advancements that are going on
throughout the world. These advancements are necessary for its growth. It is being said around
the world that technology gets doubled in what it is now in every 6 months. There are several
risks that comes along with these advancements and process changes related to company's of IT
sector. Company takes various measures so as to implement the changes as well as negotiating
with risks involved with it. Managing risk is very important as far as t ensures that company will
be doing is business in a proper way (Abie & Balasingham, (2012, February)). Every company
has its own models for dealing with the risks that comes along with the any kind of process
implementations or advancement in technology. There are several major issues of the IT firms
today in Australia that needs risk management like the concept of Bring your own device
(Laptops, tablets, mobile phones etc.) at the workplaces, Use of external cloud sourcing for
managing companies own data and applications, Outsourcing of key functionalities such as
desktop management, network or application development, Upgrading technology like the one
used n mobile phones or migrating to improved network technology, Creating a corporate wide
email compliances system that will help in solving query of the customers or upgrading
applications and desktop operating system (Jing, and et. al (2014)).
In this report for understanding the risks in the IT firm and the ways to manage these
risks example of an IT firm operating in Australia is taken. Telstra is one such organisation. It is
basically a company that deals in the telecommunication industry. It also provides security
solutions in information and technology field. There are multiple kind of IT security that it offers
to its kinds. Telstra does this by understanding the need of their client and there business model.
It was established in the year 1975. It is having its headquarters in Melbourne Australia. There
are around 36,165 employee working in this company. It is generating a revenue of $ 27.1 billion
with a profit of around $5.8 Billion. It s other services includes pay TV, internet and data
services, mobile technology and network services. Apart from this Telstra is providing services
in media industry. It is one the largest IT security provider across Australia providing solutions
to many kinds of risks that its clients company faces in its day to day operations.
In this project report the risk management related to outsourcing of basic information and
technology functionalities have been discussed. This report highlights the ways in which
Outsourcing is increasing the threat that is associated with its business. Some of the basic
1
In the Information and Technology field there are various advancements that are going on
throughout the world. These advancements are necessary for its growth. It is being said around
the world that technology gets doubled in what it is now in every 6 months. There are several
risks that comes along with these advancements and process changes related to company's of IT
sector. Company takes various measures so as to implement the changes as well as negotiating
with risks involved with it. Managing risk is very important as far as t ensures that company will
be doing is business in a proper way (Abie & Balasingham, (2012, February)). Every company
has its own models for dealing with the risks that comes along with the any kind of process
implementations or advancement in technology. There are several major issues of the IT firms
today in Australia that needs risk management like the concept of Bring your own device
(Laptops, tablets, mobile phones etc.) at the workplaces, Use of external cloud sourcing for
managing companies own data and applications, Outsourcing of key functionalities such as
desktop management, network or application development, Upgrading technology like the one
used n mobile phones or migrating to improved network technology, Creating a corporate wide
email compliances system that will help in solving query of the customers or upgrading
applications and desktop operating system (Jing, and et. al (2014)).
In this report for understanding the risks in the IT firm and the ways to manage these
risks example of an IT firm operating in Australia is taken. Telstra is one such organisation. It is
basically a company that deals in the telecommunication industry. It also provides security
solutions in information and technology field. There are multiple kind of IT security that it offers
to its kinds. Telstra does this by understanding the need of their client and there business model.
It was established in the year 1975. It is having its headquarters in Melbourne Australia. There
are around 36,165 employee working in this company. It is generating a revenue of $ 27.1 billion
with a profit of around $5.8 Billion. It s other services includes pay TV, internet and data
services, mobile technology and network services. Apart from this Telstra is providing services
in media industry. It is one the largest IT security provider across Australia providing solutions
to many kinds of risks that its clients company faces in its day to day operations.
In this project report the risk management related to outsourcing of basic information and
technology functionalities have been discussed. This report highlights the ways in which
Outsourcing is increasing the threat that is associated with its business. Some of the basic
1
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
functionalities that is being outsourced by the companies these days are designing and managing
network for the company, managing desktops inside the firm or some of the application
development that is required from time to time. These functionalities are generally outsourced to
third party
One of the primary risk that is associated with the outsourcing of the key functionalities is
related to autonomous working of the company as these processes leads company to become
highly dependent on the third party. This will lead to threats regarding the data that is generated
inside the firm from its day to day operations. It increases the risk of privacy related to the
informations regarding companies stakeholders which the third party could use for their market
expansion. This makes company's trade secret vulnerable towards getting stolen by the third
party. Various other intellectual property is at risk. In the companies like Telstra which is in the
business of many IT solutions this could be a higher matter of concern.
Its relation with Financial service sector
In the modern business environment financial service sector is opting for many IT
security solutions as most of their operations are controlled by third party. There are many
stakeholders that are attached with any firm (Ristov, Gusev & Kostoska, (2012)). All these
stakeholders interact with technologist within the firm using an interface. This interface is at high
risks as the the leak in the security generally happens through these interfaces only.
Technologists within the firm needs to assure that up to which level of data is to be provided to
the several stakeholders. Business stakeholders of Telstra wants that the company's data must not
go into some other hands for this they take the use of Companies that are called third party
company. This trend is increasing as these third parties are expert in their respective business
hence the stakeholders feels it can be more safe to outsource these instead of hiring, selecting
and training candidates within the company itself. These outsourcing reduces the cost which
increases the profit share of the stakeholder on the same time it increases the risk of data getting
stolen. While translating the risk there are many kind of difficulties that arises such as
interpreting the leak routes. These translations helps the company in managing the risk in a best
possible way. There are various technical difficulties that is unable to understood by the normal
stakeholders and hence needs to understood by the technologists so that they can take effective
measures so as to limit the risk threats (Prasad and et. al. (2011, March)). On the other hand
effective decision making process does not limits in the hands of the companies like Telstra, it
2
network for the company, managing desktops inside the firm or some of the application
development that is required from time to time. These functionalities are generally outsourced to
third party
One of the primary risk that is associated with the outsourcing of the key functionalities is
related to autonomous working of the company as these processes leads company to become
highly dependent on the third party. This will lead to threats regarding the data that is generated
inside the firm from its day to day operations. It increases the risk of privacy related to the
informations regarding companies stakeholders which the third party could use for their market
expansion. This makes company's trade secret vulnerable towards getting stolen by the third
party. Various other intellectual property is at risk. In the companies like Telstra which is in the
business of many IT solutions this could be a higher matter of concern.
Its relation with Financial service sector
In the modern business environment financial service sector is opting for many IT
security solutions as most of their operations are controlled by third party. There are many
stakeholders that are attached with any firm (Ristov, Gusev & Kostoska, (2012)). All these
stakeholders interact with technologist within the firm using an interface. This interface is at high
risks as the the leak in the security generally happens through these interfaces only.
Technologists within the firm needs to assure that up to which level of data is to be provided to
the several stakeholders. Business stakeholders of Telstra wants that the company's data must not
go into some other hands for this they take the use of Companies that are called third party
company. This trend is increasing as these third parties are expert in their respective business
hence the stakeholders feels it can be more safe to outsource these instead of hiring, selecting
and training candidates within the company itself. These outsourcing reduces the cost which
increases the profit share of the stakeholder on the same time it increases the risk of data getting
stolen. While translating the risk there are many kind of difficulties that arises such as
interpreting the leak routes. These translations helps the company in managing the risk in a best
possible way. There are various technical difficulties that is unable to understood by the normal
stakeholders and hence needs to understood by the technologists so that they can take effective
measures so as to limit the risk threats (Prasad and et. al. (2011, March)). On the other hand
effective decision making process does not limits in the hands of the companies like Telstra, it
2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
also starts involving the third parties in that process. When these risk threats have been
interpreted then it can be used so that effective decision can be made in this regard. Stakeholders
makes decisions that will reduce this risk which was interpreted by the technologists.
There are several government or industry regulations that are used in this context.
Government has made Information security guidelines for managing risks. It states the role of
stakeholders in providing information security to the the business clients. Protective security
policy framework is established when talking in particular Information security management
core policy and information security management protocol are being established (Chen,
Ramamurthy & Wen, (2012)). Apart from this Australian Government information security
manual has been provided in this regard. There are some best practices in the industry that helps
in managing the risk in information and technology. They are as
Use of wall software that protects from any breaching of data by the third party.
Use of own technological software rather than the outsourcing it from others like the
operating systems.
Use of It management tools that uses encryption techniques such as PKI based system. It
helps stakeholders in managing the data if even they forgot there encryption pass phrase.
Companies are not giving entire contract of IT management to single third party company
but rather it distributes this functions to different third party companies so these third
party companies do not have a reach to access of data.
Security posture of IT firm in managing risks.
Many of the organisations believes that they have checked the security posture of the
company but have overlooked some of the primary factors in this regards (Ren, Wang & Wang,
(2012)). When a company makes many changes in the security postures then the risk
management becomes weak. In determining the security posture some of factors that needs to be
checked are:
Human element in security of informations like an employee is probable to leak any data
or process that may hamper the business of the firm.
Other factor is that what amount of time and resources it will need so as to recover from
the data breach.
In the era of increasing cyber attacks a business where know in what areas or ways risk
lies. For anticipating attack there must be understanding of where risk is present. When a firm
3
interpreted then it can be used so that effective decision can be made in this regard. Stakeholders
makes decisions that will reduce this risk which was interpreted by the technologists.
There are several government or industry regulations that are used in this context.
Government has made Information security guidelines for managing risks. It states the role of
stakeholders in providing information security to the the business clients. Protective security
policy framework is established when talking in particular Information security management
core policy and information security management protocol are being established (Chen,
Ramamurthy & Wen, (2012)). Apart from this Australian Government information security
manual has been provided in this regard. There are some best practices in the industry that helps
in managing the risk in information and technology. They are as
Use of wall software that protects from any breaching of data by the third party.
Use of own technological software rather than the outsourcing it from others like the
operating systems.
Use of It management tools that uses encryption techniques such as PKI based system. It
helps stakeholders in managing the data if even they forgot there encryption pass phrase.
Companies are not giving entire contract of IT management to single third party company
but rather it distributes this functions to different third party companies so these third
party companies do not have a reach to access of data.
Security posture of IT firm in managing risks.
Many of the organisations believes that they have checked the security posture of the
company but have overlooked some of the primary factors in this regards (Ren, Wang & Wang,
(2012)). When a company makes many changes in the security postures then the risk
management becomes weak. In determining the security posture some of factors that needs to be
checked are:
Human element in security of informations like an employee is probable to leak any data
or process that may hamper the business of the firm.
Other factor is that what amount of time and resources it will need so as to recover from
the data breach.
In the era of increasing cyber attacks a business where know in what areas or ways risk
lies. For anticipating attack there must be understanding of where risk is present. When a firm
3
allows third party company to access its system it makes the potential of breach higher. Current
security posture of telstra is good and beaching its security walls is highly difficult. If any
changes in the security posture is done then it makes company more vulnerable to cyber attacks.
Some of the recommendation on this regard is as follows:
Threat intelligence is necessary so as to develop a picture of kind of attackers and the
potential attacks they can make. It helps in preventing the time of attack (Nazareth &
Choi, (2015)).
Proper implementation of risk management tools helps in reporting of incidents of
security breaches this is done by making a team that helps in documenting of such
breaches.
Needs of effective corporate IT processes. For example when a company is making its IT
security policies it must take into consideration that what is the kind of harm that third
party can make to the security of the company's data.
There must be corporate security infrastructure that controls the whole management of
the company's security breaches. This infrastructure needs to responsive so that
immediate actions could be taken when any security breaches are made.
Their must be corporate security governance and policy that helps in providing a
framework that will help the company in managing and monitoring the risk that is posed
by third party and the internal staff members. These policy helps company in their
decision making process regarding the security breaches.
Any changes made to the posture of the company will make company more vulnerable to attacks
and the security management gets weaker.
After an acceptable security postures is attended the risk management policy monitors it through
its day to day activities and follows on risk analysis of security. In many cases it happens that
regulations, rules or policies that administer the information security program will qualify only in
the case when a follow on risk analysis needs to be done (Abdelhak, Grostick & Hanken,
(2014)). In order to remain at the acceptable postures there are some mitigation actions that
needs to be taken:
Implanting proper tools and tools that safeguards the informations of the company.
Evaluating risk at early stages so that effective decision could be made in this regard.
Identifying the impact of threat that has been occurred.
4
security posture of telstra is good and beaching its security walls is highly difficult. If any
changes in the security posture is done then it makes company more vulnerable to cyber attacks.
Some of the recommendation on this regard is as follows:
Threat intelligence is necessary so as to develop a picture of kind of attackers and the
potential attacks they can make. It helps in preventing the time of attack (Nazareth &
Choi, (2015)).
Proper implementation of risk management tools helps in reporting of incidents of
security breaches this is done by making a team that helps in documenting of such
breaches.
Needs of effective corporate IT processes. For example when a company is making its IT
security policies it must take into consideration that what is the kind of harm that third
party can make to the security of the company's data.
There must be corporate security infrastructure that controls the whole management of
the company's security breaches. This infrastructure needs to responsive so that
immediate actions could be taken when any security breaches are made.
Their must be corporate security governance and policy that helps in providing a
framework that will help the company in managing and monitoring the risk that is posed
by third party and the internal staff members. These policy helps company in their
decision making process regarding the security breaches.
Any changes made to the posture of the company will make company more vulnerable to attacks
and the security management gets weaker.
After an acceptable security postures is attended the risk management policy monitors it through
its day to day activities and follows on risk analysis of security. In many cases it happens that
regulations, rules or policies that administer the information security program will qualify only in
the case when a follow on risk analysis needs to be done (Abdelhak, Grostick & Hanken,
(2014)). In order to remain at the acceptable postures there are some mitigation actions that
needs to be taken:
Implanting proper tools and tools that safeguards the informations of the company.
Evaluating risk at early stages so that effective decision could be made in this regard.
Identifying the impact of threat that has been occurred.
4
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Outsourcing of software development can be highly dangerous as far as security of the
firm data is considered.
Make technologist in the Telstra to be ready for the effective changes.
Targetted cyber intrusions and other external adversaries for the individuals that steals
data.
Ransomware denying access of data for external adversaries and monetary gain that
destroys the data and prevent networks from functioning.
There are some malicious members within the organisations that steals the data like
customer details or intellectual property they needs to be identified so that they could be
stopped before hand if they plan to do same thing in future.
Members like malicious insiders who corrupts computer systems and prevent computer
systems from operating also needs to be monitored and strict actions against activities
must be ensured (Cárdenas and et. al. (2011, March)).
Use of Australian Government Information Security Manual provides the guidance that is
helpful in this regard.
Application whitelisting so that only the prescribed program runs on the systems and not
all the malicious programs could be approved.
Automatic dynamic analysis of the web content and email in the sent box.
Email content filtering is highly helpful.
Restrict administrative privileged only to hands of very few people so that unauthorised
persons cannot breach data.
5
firm data is considered.
Make technologist in the Telstra to be ready for the effective changes.
Targetted cyber intrusions and other external adversaries for the individuals that steals
data.
Ransomware denying access of data for external adversaries and monetary gain that
destroys the data and prevent networks from functioning.
There are some malicious members within the organisations that steals the data like
customer details or intellectual property they needs to be identified so that they could be
stopped before hand if they plan to do same thing in future.
Members like malicious insiders who corrupts computer systems and prevent computer
systems from operating also needs to be monitored and strict actions against activities
must be ensured (Cárdenas and et. al. (2011, March)).
Use of Australian Government Information Security Manual provides the guidance that is
helpful in this regard.
Application whitelisting so that only the prescribed program runs on the systems and not
all the malicious programs could be approved.
Automatic dynamic analysis of the web content and email in the sent box.
Email content filtering is highly helpful.
Restrict administrative privileged only to hands of very few people so that unauthorised
persons cannot breach data.
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Threats and Vulnerabilities of outsourcing key IT functionality
Offshore outsourcing has been increasing per year at a rate of 20 to 25 % with little attest
of slowing. Telstra also deals perform outsourcing at a rapid rate. But there are many threats to
the outsourcing of key IT functionality. Some of them are described below:
Data security / Protection : The risk related to the data security raises when work is
being imported from other nations or working is performed internationally. Here the
major concern is linked with the privacy of data. The data can be theft from the servers as
transferring of files or works are completely done on the cloud. And there are large
number of hackers present in Australia who keep their eyes on such transaction of data
and focuses on hacking the sensitive or relevant data.
Process discipline : As cited corporation is giving their work to third party, the own
maturity level of the firm is decreasing day by day. They are loosing the capability of
manufacturing quality based products (Clemons and Chen, 2011). And if this continues
for long time, a day will come when the company would not able to work by their own
and becomes fully dependent on the third party for the completion of their work. If there
is a situation occur, when other enterprise opposes to do their work then they have to face
a rigid problem. So, firm should perform outsourcing partially and also engage their work
force in doing the same so that they do not totally loose their internal process model
maturity.
Loss of business knowledge : The business knowledge of the Telstra resides under their
application developers. But as company is doing outsourcing, their own business
knowledge starts reducing. This led a negative impact on its own strength. They do not
hire more developers as their work is done by foreign workers (Threats to Data Security,
2017). But there also occur some condition when the third party would not complete the
project at allocated time. Then in such case, Telstra has to do its task by own but as
company is not hiring application developers then who will complete their projects. This
is great future threats. So, corporation also have to keep doing their core business by
hiring application developers and giving them training. So that they can take use of them
at the required time.
Offshore outsourcing has been increasing per year at a rate of 20 to 25 % with little attest
of slowing. Telstra also deals perform outsourcing at a rapid rate. But there are many threats to
the outsourcing of key IT functionality. Some of them are described below:
Data security / Protection : The risk related to the data security raises when work is
being imported from other nations or working is performed internationally. Here the
major concern is linked with the privacy of data. The data can be theft from the servers as
transferring of files or works are completely done on the cloud. And there are large
number of hackers present in Australia who keep their eyes on such transaction of data
and focuses on hacking the sensitive or relevant data.
Process discipline : As cited corporation is giving their work to third party, the own
maturity level of the firm is decreasing day by day. They are loosing the capability of
manufacturing quality based products (Clemons and Chen, 2011). And if this continues
for long time, a day will come when the company would not able to work by their own
and becomes fully dependent on the third party for the completion of their work. If there
is a situation occur, when other enterprise opposes to do their work then they have to face
a rigid problem. So, firm should perform outsourcing partially and also engage their work
force in doing the same so that they do not totally loose their internal process model
maturity.
Loss of business knowledge : The business knowledge of the Telstra resides under their
application developers. But as company is doing outsourcing, their own business
knowledge starts reducing. This led a negative impact on its own strength. They do not
hire more developers as their work is done by foreign workers (Threats to Data Security,
2017). But there also occur some condition when the third party would not complete the
project at allocated time. Then in such case, Telstra has to do its task by own but as
company is not hiring application developers then who will complete their projects. This
is great future threats. So, corporation also have to keep doing their core business by
hiring application developers and giving them training. So that they can take use of them
at the required time.
Vendor failure to Deliver : A general oversight for the cited company is a contingency
plan that is what will happen if the vendor, all best purpose and declaration aside, simply
failed in delivering. Although these non-achievements are exceptions, they do happen
even with the brilliant quality methods of offshore vendors. When relying on outsourcing,
venture should approach the entailment of vendor failure (like does non-accomplishment
have epochal business execution implications?). Higher risk or vulnerabilities may
discourage the firm from outsourcing, it may be shifted the strategies of outsourcing (for
instant, from one vendor to multiple), or it may cause the venture towards outsourcing (if
the vendor has certain skills to minimise risk). The outcomes of risk analysis varied as
per the corporations.
Scope creep : Nothing is a fixed price contract. Each and every outsourcing contracts
includes touchstone and presumptions. If the real job differs from the estimation, the
client would pay a different amount (Galliers and Leidner, 2014). This simple concept
has become main hindrance for the Telstra that is shocked that the costing is not fixed or
the vendor require to be cashed for additive scope alters. Most of the project changes by
12 to 20 % during the development cycle.
Government oversight /Regulation : The regulation or norms of government changes as
per the country. Telstra do not deal with single nation regarding outsourcing. It deals with
different number of nations. But the legislation like imposing of tax rates, labour laws,
transparency, etc. alters as per the norms of that nation's government. It has been seen
that the rate of taxes is much more as the work is transported to other countries. If causes
a great loss to the corporation as large sum of money goes in paying such taxes only.
Telstra also have to follow the rules and regulations of other nations from where they are
receiving their works. They have to provide adequate transparency representing that they
are obeying their legislation and have to accountable at the time of audits. The problem of
transparency is becoming more significant as needed like USA PATRIOT Act and
Sarbanes Oxley Act gives more burdens of answer-ability on the corporation.
Knowledge Transfer : The time and labour for transferring knowledge to the vendor is a
expenditure rarely or seldom accounted by IT enterprise. So, it has been noticed that most
of the IT corporations such as Telstra has faced 20 % declination in their productiveness
at the time of first year of agreement, greatly due to time spend on conveying both
2
plan that is what will happen if the vendor, all best purpose and declaration aside, simply
failed in delivering. Although these non-achievements are exceptions, they do happen
even with the brilliant quality methods of offshore vendors. When relying on outsourcing,
venture should approach the entailment of vendor failure (like does non-accomplishment
have epochal business execution implications?). Higher risk or vulnerabilities may
discourage the firm from outsourcing, it may be shifted the strategies of outsourcing (for
instant, from one vendor to multiple), or it may cause the venture towards outsourcing (if
the vendor has certain skills to minimise risk). The outcomes of risk analysis varied as
per the corporations.
Scope creep : Nothing is a fixed price contract. Each and every outsourcing contracts
includes touchstone and presumptions. If the real job differs from the estimation, the
client would pay a different amount (Galliers and Leidner, 2014). This simple concept
has become main hindrance for the Telstra that is shocked that the costing is not fixed or
the vendor require to be cashed for additive scope alters. Most of the project changes by
12 to 20 % during the development cycle.
Government oversight /Regulation : The regulation or norms of government changes as
per the country. Telstra do not deal with single nation regarding outsourcing. It deals with
different number of nations. But the legislation like imposing of tax rates, labour laws,
transparency, etc. alters as per the norms of that nation's government. It has been seen
that the rate of taxes is much more as the work is transported to other countries. If causes
a great loss to the corporation as large sum of money goes in paying such taxes only.
Telstra also have to follow the rules and regulations of other nations from where they are
receiving their works. They have to provide adequate transparency representing that they
are obeying their legislation and have to accountable at the time of audits. The problem of
transparency is becoming more significant as needed like USA PATRIOT Act and
Sarbanes Oxley Act gives more burdens of answer-ability on the corporation.
Knowledge Transfer : The time and labour for transferring knowledge to the vendor is a
expenditure rarely or seldom accounted by IT enterprise. So, it has been noticed that most
of the IT corporations such as Telstra has faced 20 % declination in their productiveness
at the time of first year of agreement, greatly due to time spend on conveying both
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
business and technological knowledge to the vendor (Järveläinen, 2012). Most of the
offshore vendors using video conferencing (deflecting travelling) and class room settings
( giving one to many transfer) in order to upgrade the effectiveness of transferring
knowledge. Additionally, worker turnover frequently places a burden on the corporation
of providing extra information for new staff members.
Business impact : The outsourcing increases the overall expenditure of Telstra by around
15 to 20 %. This shows that it is quite costly.
Consequences of the threats
IT organisation such as Telstra suffers from a risk of obtaining a piteous or bad quality of
work as company is not recognising the work at the time of manufacturing or designing of
projects. Employees do works as per their wish and due to this quality of work get greatly
hampered. Offshore outsourcing frequently experience higher employee turnover and might
supply on the basis of limited technological abilities of the organisation, which causes to the
compromise of high high quality service. Outsourcing to different nations also includes
concealed costs like travel expenditure and creation of infrastructure for managing operations.
Venture if do not make their strategies as per that faces several problems
(Lacity and et. al. 2011). Outsourcing IT minimises or totally eliminate the direct
communication between corporations and their customers. This limited communication obstruct
or hinders the relationship creating process. This might causes the complete discontentment of
the venture and the consumer. Due to that company also losses total control over all areas of the
enterprise. Additionally, the project completion dead line may suffers as a result that is some
times the project would not complete with in allocated time line by the outsourced nation. This
causes great loss to the firm as it losses trust as well as revenue. If this occurs, client will not give
projects to the cited company. And if the venture end the agreement with the outsourced entity
or organisation, the highly sensitive or secret data becomes jeopardized.
Data security
Data security means protection to the data that travels from one person to another over
the internet or any other means. Consumers and stakeholders of Telstra are being more
concerned about the privateness and confidentiality due to the increment in the maltreatment of
private data by fraud and identity theft (Rejda, 2011). Stakeholders are progressively aware of
their dependence on electronic information or data and the risks, detected or otherwise, posed by
3
offshore vendors using video conferencing (deflecting travelling) and class room settings
( giving one to many transfer) in order to upgrade the effectiveness of transferring
knowledge. Additionally, worker turnover frequently places a burden on the corporation
of providing extra information for new staff members.
Business impact : The outsourcing increases the overall expenditure of Telstra by around
15 to 20 %. This shows that it is quite costly.
Consequences of the threats
IT organisation such as Telstra suffers from a risk of obtaining a piteous or bad quality of
work as company is not recognising the work at the time of manufacturing or designing of
projects. Employees do works as per their wish and due to this quality of work get greatly
hampered. Offshore outsourcing frequently experience higher employee turnover and might
supply on the basis of limited technological abilities of the organisation, which causes to the
compromise of high high quality service. Outsourcing to different nations also includes
concealed costs like travel expenditure and creation of infrastructure for managing operations.
Venture if do not make their strategies as per that faces several problems
(Lacity and et. al. 2011). Outsourcing IT minimises or totally eliminate the direct
communication between corporations and their customers. This limited communication obstruct
or hinders the relationship creating process. This might causes the complete discontentment of
the venture and the consumer. Due to that company also losses total control over all areas of the
enterprise. Additionally, the project completion dead line may suffers as a result that is some
times the project would not complete with in allocated time line by the outsourced nation. This
causes great loss to the firm as it losses trust as well as revenue. If this occurs, client will not give
projects to the cited company. And if the venture end the agreement with the outsourced entity
or organisation, the highly sensitive or secret data becomes jeopardized.
Data security
Data security means protection to the data that travels from one person to another over
the internet or any other means. Consumers and stakeholders of Telstra are being more
concerned about the privateness and confidentiality due to the increment in the maltreatment of
private data by fraud and identity theft (Rejda, 2011). Stakeholders are progressively aware of
their dependence on electronic information or data and the risks, detected or otherwise, posed by
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
not only malevolent act but also inadvertent vulnerabilities. Most of the security failure have
been reported from Australia that their data as well as revenue being stolen rapidly. Some of the
major threats to data security are described below:
Hackers : Unless the data are protected, computer system may be exposed to anyone
who desires to edit , delete or copy files without taking permission of owners. Those
individuals are known as hackers. They can be present in the same organisation or may
be at distant places. They tries to hack a system and gains important information from
there.
Technology with weak security : New technologies has been releasing on a regular
basis. But they are lacking security or have no plan of security. This shows a serious
threat as each insecure connectivity means exposure (Sadgrove, 2016). The fast
development of technology is a testament to developers, but it lags security. Venture as
linked with outsourcing do not know what type of technologies are being used by them.
So, they are at a great threat if using any less secure technologies for their work.
Social media attack : Cyber felonious are taking social media as a measure for
disturbing a convoluted geographical attack. This is known as water holing. Intruders
recognise and corrupt a bunch of websites where they think members of targeted
corporation would visit. So, while outsourcing, workers of company if communicate
sensitive data via some social media sites, gets hacked or at extreme level of
vulnerability.
Mobile malware : Employees of Telstra sometimes send or transfer important data by
using their mobiles. But they do not think that some of the hackers can also hack the
data that is being transferred from mobile (Sparrow, 2012). So, it is also a threat to data
security.
Outdated security software : Updating the software of security is a basic technology
management activity and is a compulsory step for protecting big data. The corporation
who are performing outsourcing taking use of outdated software can suffer from great
threat of data security as their systems are at high risk as any of the new malicious code
which strike an out-of-date version of security software do not detect those codes.
Certain software are present or created for defending against threats. So, venture should
4
been reported from Australia that their data as well as revenue being stolen rapidly. Some of the
major threats to data security are described below:
Hackers : Unless the data are protected, computer system may be exposed to anyone
who desires to edit , delete or copy files without taking permission of owners. Those
individuals are known as hackers. They can be present in the same organisation or may
be at distant places. They tries to hack a system and gains important information from
there.
Technology with weak security : New technologies has been releasing on a regular
basis. But they are lacking security or have no plan of security. This shows a serious
threat as each insecure connectivity means exposure (Sadgrove, 2016). The fast
development of technology is a testament to developers, but it lags security. Venture as
linked with outsourcing do not know what type of technologies are being used by them.
So, they are at a great threat if using any less secure technologies for their work.
Social media attack : Cyber felonious are taking social media as a measure for
disturbing a convoluted geographical attack. This is known as water holing. Intruders
recognise and corrupt a bunch of websites where they think members of targeted
corporation would visit. So, while outsourcing, workers of company if communicate
sensitive data via some social media sites, gets hacked or at extreme level of
vulnerability.
Mobile malware : Employees of Telstra sometimes send or transfer important data by
using their mobiles. But they do not think that some of the hackers can also hack the
data that is being transferred from mobile (Sparrow, 2012). So, it is also a threat to data
security.
Outdated security software : Updating the software of security is a basic technology
management activity and is a compulsory step for protecting big data. The corporation
who are performing outsourcing taking use of outdated software can suffer from great
threat of data security as their systems are at high risk as any of the new malicious code
which strike an out-of-date version of security software do not detect those codes.
Certain software are present or created for defending against threats. So, venture should
4
use those updated security software in order to protect themselves from various threats
or hackers.
Lack of encryption : Due to lack of encryption in the communication channel as well
as on websites of certain offshore outsourced corporation, the confidential data can be
leaked or hacked by intruders. This is a major threats to security of data.
Use of unsecured web links : Companies most of the time take use of unsecured web
links or URLs like hyper text transfer protocol (Http). These sites are not fully secured
and attacks to such sites are very common. Malicious users can easily hack these sites or
servers and take the sensitive information from there. So, organisation which deals with
outsourcing must have to take use of encrypted websites like SHTTP (Secure hyper text
transfer protocol).
Inadequate security technology : Investment in software that supervise the security of
a network has become increasing tendency in the organisations space after the 2014's
agonising rip of data breaches. The software is invented for sending signals or alerts
when an invasion attempt occurs, but these alerts are only useful if some one is present
to address them (Waters, 2011). Most of the time, due to lack of workers, such alerts are
not addressed by the companies and due to that intruders easily hacks the system and
takes the relevant information from there.
Phishing : It is an email fraud methodology where the intruders used to send
authorized looking- emails in an effort to accumulate personal as well as financial data
from the recipients. Generally, these messages seem to come from well known or
famous or creditworthy websites. But these are not so and opening to such emails causes
malicious activities to the system of recipients. Most of the websites that are often
spoofed by phishers are PayPal, eBay, Yahoo, etc. Intruders can also utilise those
information that are being hacked for the purpose of taking revenue from individual
account.
Spam : It is an abuse electronic messaging systems for sending unrequested or unasked
bulk messages randomly (Wheelen and Hunger, 2011). Most of the acknowledged kind
of spam is e-mail spam. People who are engaged in outsourcing work can also receive
email spams messages. This causes a loss to the unsecured data.
5
or hackers.
Lack of encryption : Due to lack of encryption in the communication channel as well
as on websites of certain offshore outsourced corporation, the confidential data can be
leaked or hacked by intruders. This is a major threats to security of data.
Use of unsecured web links : Companies most of the time take use of unsecured web
links or URLs like hyper text transfer protocol (Http). These sites are not fully secured
and attacks to such sites are very common. Malicious users can easily hack these sites or
servers and take the sensitive information from there. So, organisation which deals with
outsourcing must have to take use of encrypted websites like SHTTP (Secure hyper text
transfer protocol).
Inadequate security technology : Investment in software that supervise the security of
a network has become increasing tendency in the organisations space after the 2014's
agonising rip of data breaches. The software is invented for sending signals or alerts
when an invasion attempt occurs, but these alerts are only useful if some one is present
to address them (Waters, 2011). Most of the time, due to lack of workers, such alerts are
not addressed by the companies and due to that intruders easily hacks the system and
takes the relevant information from there.
Phishing : It is an email fraud methodology where the intruders used to send
authorized looking- emails in an effort to accumulate personal as well as financial data
from the recipients. Generally, these messages seem to come from well known or
famous or creditworthy websites. But these are not so and opening to such emails causes
malicious activities to the system of recipients. Most of the websites that are often
spoofed by phishers are PayPal, eBay, Yahoo, etc. Intruders can also utilise those
information that are being hacked for the purpose of taking revenue from individual
account.
Spam : It is an abuse electronic messaging systems for sending unrequested or unasked
bulk messages randomly (Wheelen and Hunger, 2011). Most of the acknowledged kind
of spam is e-mail spam. People who are engaged in outsourcing work can also receive
email spams messages. This causes a loss to the unsecured data.
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.