IS Security and Risk Management Report: Telstra Case Study, Semester 2
VerifiedAdded on 2023/06/10
|12
|2762
|215
Report
AI Summary
This report examines IS security and risk management practices within the context of Telstra, a major telecommunications company. It begins with an overview of Telstra's services and how information systems support its business operations. The report then delves into general management controls (GMCs) employed by Telstra, outlining their role in establishing organizational structure and ensuring effective resource utilization. Following this, it differentiates between GMCs and application controls, with a focus on specific application control measures such as audit, input, output, and processing controls. The report also analyzes various risk management techniques used to safeguard data confidentiality, integrity, availability, and reliability. Finally, it emphasizes the importance of data quality and the role of auditing in maintaining it, culminating in recommendations for enhanced security measures. The report highlights the significance of robust IS security practices in protecting sensitive data and ensuring the smooth operation of a telecommunications business.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
IS Security and Risk
Management
Management
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IS Security and Risk Management 1
Table of Contents
Introduction...........................................................................................................................................1
Services offered by the organisation......................................................................................................1
Business operations that support the organisation.................................................................................1
GMCs- General management control....................................................................................................1
Telstra application control strategies.....................................................................................................2
Difference between general management control with application control for IS.................................2
Risk management techniques................................................................................................................3
Importance of safeguarding data quality and auditing IS.......................................................................3
Conclusion.............................................................................................................................................5
References.............................................................................................................................................6
Table of Contents
Introduction...........................................................................................................................................1
Services offered by the organisation......................................................................................................1
Business operations that support the organisation.................................................................................1
GMCs- General management control....................................................................................................1
Telstra application control strategies.....................................................................................................2
Difference between general management control with application control for IS.................................2
Risk management techniques................................................................................................................3
Importance of safeguarding data quality and auditing IS.......................................................................3
Conclusion.............................................................................................................................................5
References.............................................................................................................................................6
IS Security and Risk Management 2
Introduction
One of the largest telecommunication networks is of Telstra, it is an Australian
organisation that is a fully privatised company that focus on customer service by adapting to
the changes. This report covers all the services that are provided by the organisation and
some of the general management control and application controls that are used for maintain
the security are discussed.
Services offered by the organisation
Telstra offers services like internet access, mobile marketing and other services. It is
one of the largest telecommunication organisations in Australia. The organisation offer
service to many private sectors that increases the information services by offering better
network installation and maintenance of all services. Telstra in Australia improved the
capacity of channels by securing the data packets and channels so that data transmission takes
place securely (DeAngelo & Stulz, 2015). This organisation offers internet services to the
corporate clients as well as to personal users with the help of IS providers. The customer
services are improved due to wireless methods offered by the organisation.
Business operations that support the organisation
The business operations are undertaken by an organisation by making sure that
security is maintained. The security tools can be used to secure all the operations. Telstra
offers electronic security solution that support business in securing their network and
operations (Berry, Broadbent & Otley, 2016). They secure the data packet using intellectual
solutions by preventing the data to get breached. The products are secured from all the threats
by detecting them so that they do not penetrate in the system (Parsons, Calic, Pattinson,
Introduction
One of the largest telecommunication networks is of Telstra, it is an Australian
organisation that is a fully privatised company that focus on customer service by adapting to
the changes. This report covers all the services that are provided by the organisation and
some of the general management control and application controls that are used for maintain
the security are discussed.
Services offered by the organisation
Telstra offers services like internet access, mobile marketing and other services. It is
one of the largest telecommunication organisations in Australia. The organisation offer
service to many private sectors that increases the information services by offering better
network installation and maintenance of all services. Telstra in Australia improved the
capacity of channels by securing the data packets and channels so that data transmission takes
place securely (DeAngelo & Stulz, 2015). This organisation offers internet services to the
corporate clients as well as to personal users with the help of IS providers. The customer
services are improved due to wireless methods offered by the organisation.
Business operations that support the organisation
The business operations are undertaken by an organisation by making sure that
security is maintained. The security tools can be used to secure all the operations. Telstra
offers electronic security solution that support business in securing their network and
operations (Berry, Broadbent & Otley, 2016). They secure the data packet using intellectual
solutions by preventing the data to get breached. The products are secured from all the threats
by detecting them so that they do not penetrate in the system (Parsons, Calic, Pattinson,
IS Security and Risk Management 3
Butavicius, McCormac & Zwaans, 2017). They make use internet protection services like
firewalls, virus detectors and security endpoints so that security is not breeched. IS providers
make sure that no vulnerabilities hit the system, thus for this security architecture is deployed
so that proper assessment could be undertaken (Berry, Broadbent & Otley, 2016).
GMCs- General management control
General management controls are listed by every organisation so that they can work
in an organised way. General management controls are set of activities and actions that assure
that asserts and resources are used in an effective way (Vaidyanathan, Sampath & Azar,
2015). Similarly, Telstra have designed some general management controls so that
relationship between the staff and can be built strongly and responsibilities can be structured
is a particular manners so that overall performance is enhanced.
The general management control in an organisation covers the cost accounting system
and basic management control that helps in achieving the objective. General management
control helps in assigning role to every employee so that they can work towards the goals.
They are used to make decisions and implement in the organisation so that employees follow
them. They also include control measures so that culture conflicts in an organisation could be
resolved (Udagepola, Xiang, Afzal, Ali & Robinson, 2015). The general management control
looks at all the measure either technical or non-technical. The main aim of GMCs is to
enhance the profit margin. The employees working in an organisation has entirely different
perception and views thus GMCs help in managing the environment of workplace (Peltier,
2016). The general management controls make sure that all the operational goals are achieved
smoothly without any conflicts. The general management control design strategies by
offering rewards and so that performance could be improved and they met high standards
(Senarathna, Wilkin, Warren, Yeoh & Salzman, 2018). General management control also
Butavicius, McCormac & Zwaans, 2017). They make use internet protection services like
firewalls, virus detectors and security endpoints so that security is not breeched. IS providers
make sure that no vulnerabilities hit the system, thus for this security architecture is deployed
so that proper assessment could be undertaken (Berry, Broadbent & Otley, 2016).
GMCs- General management control
General management controls are listed by every organisation so that they can work
in an organised way. General management controls are set of activities and actions that assure
that asserts and resources are used in an effective way (Vaidyanathan, Sampath & Azar,
2015). Similarly, Telstra have designed some general management controls so that
relationship between the staff and can be built strongly and responsibilities can be structured
is a particular manners so that overall performance is enhanced.
The general management control in an organisation covers the cost accounting system
and basic management control that helps in achieving the objective. General management
control helps in assigning role to every employee so that they can work towards the goals.
They are used to make decisions and implement in the organisation so that employees follow
them. They also include control measures so that culture conflicts in an organisation could be
resolved (Udagepola, Xiang, Afzal, Ali & Robinson, 2015). The general management control
looks at all the measure either technical or non-technical. The main aim of GMCs is to
enhance the profit margin. The employees working in an organisation has entirely different
perception and views thus GMCs help in managing the environment of workplace (Peltier,
2016). The general management controls make sure that all the operational goals are achieved
smoothly without any conflicts. The general management control design strategies by
offering rewards and so that performance could be improved and they met high standards
(Senarathna, Wilkin, Warren, Yeoh & Salzman, 2018). General management control also
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IS Security and Risk Management 4
measures the current performance of every individual so that action plans could be designed
accordingly. GMC removes all the differences at the workplace and support Telstra to work
on future goals.
Telstra application control strategies
The application control measures differ from the general management control. General
management controls are used for the entire organisation whereas application control
measures are used for a particular application or process (Lueg & Radlach, 2016). The
different type of application controls are:
Audit controls- This is control measure that is used to monitor all the actions and the
network. It helps in finding out the bugs that exist in any software. The solutions are
defined after identifying the errors so that they do not penetrate in the system.
Output Controls- The expected output is compared with the output received. If there
is a change in both the output values then it could be easily figured out that there exist
some errors (Keogh, Gordon & Marinovic, 2018).
Input Controls- The information that is entered in the system should be integrity and
secure so that business operations can be completed easily (Keogh, Gordon &
Marinovic, 2018).
Processing Controls- The operations that are processed should be accurate, clear and
complete. The processing controls are also used to check that all the operations are
done by authorised users. If information is being processed by unauthorised user there
are chances of leakage.
Application controls are very important for every organisation as these control measures
adapt to changes automatically whenever there is a change in software or database (Jia,
Munro & Buckby, 2016). Thus, every organisation can completely rely for security
measures the current performance of every individual so that action plans could be designed
accordingly. GMC removes all the differences at the workplace and support Telstra to work
on future goals.
Telstra application control strategies
The application control measures differ from the general management control. General
management controls are used for the entire organisation whereas application control
measures are used for a particular application or process (Lueg & Radlach, 2016). The
different type of application controls are:
Audit controls- This is control measure that is used to monitor all the actions and the
network. It helps in finding out the bugs that exist in any software. The solutions are
defined after identifying the errors so that they do not penetrate in the system.
Output Controls- The expected output is compared with the output received. If there
is a change in both the output values then it could be easily figured out that there exist
some errors (Keogh, Gordon & Marinovic, 2018).
Input Controls- The information that is entered in the system should be integrity and
secure so that business operations can be completed easily (Keogh, Gordon &
Marinovic, 2018).
Processing Controls- The operations that are processed should be accurate, clear and
complete. The processing controls are also used to check that all the operations are
done by authorised users. If information is being processed by unauthorised user there
are chances of leakage.
Application controls are very important for every organisation as these control measures
adapt to changes automatically whenever there is a change in software or database (Jia,
Munro & Buckby, 2016). Thus, every organisation can completely rely for security
IS Security and Risk Management 5
measures on application control. Even Telstra rely on application control for performing
their operations as it takes less time as compared to others. There are some of the security
controls measures that are inherited in the application control that make sure that all the
software are updated regularly. It also take care that information is accessed only by valid
user this could be attained by maintain an access control list. It assures that data remains
confidential and are accessed by valid users.
Difference between general management control with application
control for IS
The general management control policies assures that all the IS operations are done
effectively. They maintain and work on the security measures of all the data centres so that
security of network is maintained. There is a difference between both these terms as, general
management control deals with concerns of who can access the data and how integrity could
be maintained (Senarathna, Yeoh, Warren & Salzman, 2016). On the other hand, application
control deals with security of particular software. The threats of applications are found and
then risk assessment is carried out for that particular application. Application control has
some pre-defined rules and regulations that control the input and output information of the
system. All the IS operations are observed using application control. The aim of theses
controls is provide security to the organisation. The only difference is general management
control works on meeting the primary objective related to the workplace environment
(Kerzner & Kerzner, 2017). They also deal with the concern of storing data; access the
controls and developing the acquisition. The application control checks that the inputs are
valid and can be processed accurately without any error.
While comparing both the controls, it was found in Telstra general management
control are applied in all the areas wherein application control are applied in software were
measures on application control. Even Telstra rely on application control for performing
their operations as it takes less time as compared to others. There are some of the security
controls measures that are inherited in the application control that make sure that all the
software are updated regularly. It also take care that information is accessed only by valid
user this could be attained by maintain an access control list. It assures that data remains
confidential and are accessed by valid users.
Difference between general management control with application
control for IS
The general management control policies assures that all the IS operations are done
effectively. They maintain and work on the security measures of all the data centres so that
security of network is maintained. There is a difference between both these terms as, general
management control deals with concerns of who can access the data and how integrity could
be maintained (Senarathna, Yeoh, Warren & Salzman, 2016). On the other hand, application
control deals with security of particular software. The threats of applications are found and
then risk assessment is carried out for that particular application. Application control has
some pre-defined rules and regulations that control the input and output information of the
system. All the IS operations are observed using application control. The aim of theses
controls is provide security to the organisation. The only difference is general management
control works on meeting the primary objective related to the workplace environment
(Kerzner & Kerzner, 2017). They also deal with the concern of storing data; access the
controls and developing the acquisition. The application control checks that the inputs are
valid and can be processed accurately without any error.
While comparing both the controls, it was found in Telstra general management
control are applied in all the areas wherein application control are applied in software were
IS Security and Risk Management 6
data transaction is carried (Bedford, Malmi & Sandelin, 2016). Application controls are
applied to specific area of an organisation and general management controls are designed for
entire group. It ensures that operations carried in Telstra will match the integrity,
confidentiality and availability concepts (Aven, 2016).
Risk management techniques
The risk management techniques that are used by Telstra make sure that
confidentiality, availability, reliability and integrity of data is maintained.
Security- Every organisation stores their sensitive data over the network, it is important to
secure the data so that information is not breached (Bedford & Sandelin, 2015).
Integrity- It is important to maintain integrity of data packets. This could be done by
assuring that information is readable only by valid users.
Availability- The services and operations that are offered by the organisation should remain
available all the time for the valid users (Bedford & Sandelin, 2015). If information is not
available at the right time it can have negative effect between the relation of customer and
organisation.
Confidentiality- It assures that information is accessed only by valid user and it is not made
available to the unauthorised users. This can be attained by maintained an access control list
so that privacy of information is not breached.
Reliability- It makes sure that even in case of failure the network continues to work. t make
sure that consistency of operations are maintained.
Thus to make sure that security of organisation is not breached a risk control plan is
developed. At first phase, all the bugs and errors are identified so that it they don’t penetrate
data transaction is carried (Bedford, Malmi & Sandelin, 2016). Application controls are
applied to specific area of an organisation and general management controls are designed for
entire group. It ensures that operations carried in Telstra will match the integrity,
confidentiality and availability concepts (Aven, 2016).
Risk management techniques
The risk management techniques that are used by Telstra make sure that
confidentiality, availability, reliability and integrity of data is maintained.
Security- Every organisation stores their sensitive data over the network, it is important to
secure the data so that information is not breached (Bedford & Sandelin, 2015).
Integrity- It is important to maintain integrity of data packets. This could be done by
assuring that information is readable only by valid users.
Availability- The services and operations that are offered by the organisation should remain
available all the time for the valid users (Bedford & Sandelin, 2015). If information is not
available at the right time it can have negative effect between the relation of customer and
organisation.
Confidentiality- It assures that information is accessed only by valid user and it is not made
available to the unauthorised users. This can be attained by maintained an access control list
so that privacy of information is not breached.
Reliability- It makes sure that even in case of failure the network continues to work. t make
sure that consistency of operations are maintained.
Thus to make sure that security of organisation is not breached a risk control plan is
developed. At first phase, all the bugs and errors are identified so that it they don’t penetrate
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IS Security and Risk Management 7
in the system. The risk is accessed and the source of the risk is found so that control plan is
developed for future security.
Importance of safeguarding data quality and auditing IS
The auditing controls are used by an organisation to maintain the quality. It
additionally helps in shielding the information quality by relieving all the conceivable
dangers related with the association. These reviews help in making the business tasks
straightforward by observing all the activities. Information security helps in distinguishing
the exercises so deliberate of data could be discovered (Tesfamicael, Liu, Foo & Caelli,
2017). The IS reviewing is essential as it guarantees that information secrecy, respectability
and accessibility is kept up. It shields the information bundles from being revealed to
unapproved parties. These designs look at all the conceivable threats that could breach the
privacy, confidentiality and accessibility of information bundles. The audit plans is a pre-
characterized and particular rule is taken after directing a review. It causes an association to
get adequate confirmations and furthermore dodges the misinterpretation. The review
procedure is utilized to limit the time taken by a task. It covers arranging a gathering,
declaring the choices and after that taking up a development or an input of its effect.
in the system. The risk is accessed and the source of the risk is found so that control plan is
developed for future security.
Importance of safeguarding data quality and auditing IS
The auditing controls are used by an organisation to maintain the quality. It
additionally helps in shielding the information quality by relieving all the conceivable
dangers related with the association. These reviews help in making the business tasks
straightforward by observing all the activities. Information security helps in distinguishing
the exercises so deliberate of data could be discovered (Tesfamicael, Liu, Foo & Caelli,
2017). The IS reviewing is essential as it guarantees that information secrecy, respectability
and accessibility is kept up. It shields the information bundles from being revealed to
unapproved parties. These designs look at all the conceivable threats that could breach the
privacy, confidentiality and accessibility of information bundles. The audit plans is a pre-
characterized and particular rule is taken after directing a review. It causes an association to
get adequate confirmations and furthermore dodges the misinterpretation. The review
procedure is utilized to limit the time taken by a task. It covers arranging a gathering,
declaring the choices and after that taking up a development or an input of its effect.
IS Security and Risk Management 8
Conclusion
From this report, it can be summarised that security is important for every
organisation as a lot of sensitive data is stored over the network. The general management
control and application control that are undertaken by an organisation are discussed above.
These control measures are used to maintain the security of the network. It is recommended
that the audit plans that are developed for an organisation should be in a way that integrity,
confidentiality and reliability is maintained. This can be attained by updating the software
and keeping a backup plan so that system could be recovered in case of failure. The risk can
also be managed by first identifying the threats, then assessing it by future developing an
action plan.
Conclusion
From this report, it can be summarised that security is important for every
organisation as a lot of sensitive data is stored over the network. The general management
control and application control that are undertaken by an organisation are discussed above.
These control measures are used to maintain the security of the network. It is recommended
that the audit plans that are developed for an organisation should be in a way that integrity,
confidentiality and reliability is maintained. This can be attained by updating the software
and keeping a backup plan so that system could be recovered in case of failure. The risk can
also be managed by first identifying the threats, then assessing it by future developing an
action plan.
IS Security and Risk Management 9
References
Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their
foundation. European Journal of Operational Research, 253(1), 1-13.
Bedford, D. S., & Sandelin, M. (2015). Investigating management control configurations
using qualitative comparative analysis: an overview and guidelines for
application. Journal of management control, 26(1), 5-26.
Bedford, D. S., Malmi, T., & Sandelin, M. (2016). Management control effectiveness and
strategy: An empirical analysis of packages and systems. Accounting, Organizations
and Society, 51, 12-28.
Berry, A. J., Broadbent, J., & Otley, D. T. (Eds.). (2016). Management control: theories,
issues and practices. Macmillan International Higher Education.
DeAngelo, H., & Stulz, R. M. (2015). Liquid-claim production, risk management, and bank
capital structure: Why high leverage is optimal for banks. Journal of Financial
Economics, 116(2), 219-236.
Jia, J., Munro, L., & Buckby, S. (2016). A finer-grained approach to assessing the
“quality”(“quantity” and “richness”) of risk management disclosures. Managerial
Auditing Journal, 31(8/9), 770-803.
Keogh, K., Gordon, C., & Marinovic, P. (2018). Cyber security: Global developments in
cyber security law: is Australia keeping pace?. LSJ: Law Society of NSW Journal,
(42), 82.
Kerzner, H., & Kerzner, H. R. (2017). Project management: a systems approach to planning,
scheduling, and controlling. John Wiley & Sons.
References
Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their
foundation. European Journal of Operational Research, 253(1), 1-13.
Bedford, D. S., & Sandelin, M. (2015). Investigating management control configurations
using qualitative comparative analysis: an overview and guidelines for
application. Journal of management control, 26(1), 5-26.
Bedford, D. S., Malmi, T., & Sandelin, M. (2016). Management control effectiveness and
strategy: An empirical analysis of packages and systems. Accounting, Organizations
and Society, 51, 12-28.
Berry, A. J., Broadbent, J., & Otley, D. T. (Eds.). (2016). Management control: theories,
issues and practices. Macmillan International Higher Education.
DeAngelo, H., & Stulz, R. M. (2015). Liquid-claim production, risk management, and bank
capital structure: Why high leverage is optimal for banks. Journal of Financial
Economics, 116(2), 219-236.
Jia, J., Munro, L., & Buckby, S. (2016). A finer-grained approach to assessing the
“quality”(“quantity” and “richness”) of risk management disclosures. Managerial
Auditing Journal, 31(8/9), 770-803.
Keogh, K., Gordon, C., & Marinovic, P. (2018). Cyber security: Global developments in
cyber security law: is Australia keeping pace?. LSJ: Law Society of NSW Journal,
(42), 82.
Kerzner, H., & Kerzner, H. R. (2017). Project management: a systems approach to planning,
scheduling, and controlling. John Wiley & Sons.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IS Security and Risk Management 10
Lueg, R., & Radlach, R. (2016). Managing sustainable development with management
control systems: A literature review. European Management Journal, 34(2), 158-171.
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., & Zwaans, T. (2017).
The human aspects of information security questionnaire (HAIS-Q): two further
validation studies. Computers & Security, 66, 40-51.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Senarathna, I., Wilkin, C., Warren, M., Yeoh, W., & Salzman, S. (2018). Factors That
Influence Adoption of Cloud Computing: An Empirical Study of Australian
SMEs. Australasian Journal of Information Systems, 22.
Senarathna, I., Yeoh, W., Warren, M., & Salzman, S. (2016). Security and privacy concerns
for australian smes cloud adoption: empirical study of metropolitan vs regional
smes. Australasian Journal of Information Systems, 20.
Tesfamicael, A. D., Liu, V., Foo, E., & Caelli, W. (2017, December). Modeling for
performance and security balanced trading communication systems in the cloud.
In 2017 IEEE 36th International Performance Computing and Communications
Conference (IPCCC) (pp. 1-7). IEEE.
Udagepola, K., Xiang, L., Afzal, N., Ali, M., & Robinson, M. (2015). Case Study: Cloud
Computing Consumer Protocol in Australia. J. Appl. Environ. Biol. Sci, 5(9), 76-83.
Vaidyanathan, S., Sampath, S., & Azar, A. T. (2015). Global chaos synchronisation of
identical chaotic systems via novel sliding mode control method and its application to
Zhu system. International Journal of Modelling, Identification and Control, 23(1),
92-100.
Lueg, R., & Radlach, R. (2016). Managing sustainable development with management
control systems: A literature review. European Management Journal, 34(2), 158-171.
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., & Zwaans, T. (2017).
The human aspects of information security questionnaire (HAIS-Q): two further
validation studies. Computers & Security, 66, 40-51.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
Senarathna, I., Wilkin, C., Warren, M., Yeoh, W., & Salzman, S. (2018). Factors That
Influence Adoption of Cloud Computing: An Empirical Study of Australian
SMEs. Australasian Journal of Information Systems, 22.
Senarathna, I., Yeoh, W., Warren, M., & Salzman, S. (2016). Security and privacy concerns
for australian smes cloud adoption: empirical study of metropolitan vs regional
smes. Australasian Journal of Information Systems, 20.
Tesfamicael, A. D., Liu, V., Foo, E., & Caelli, W. (2017, December). Modeling for
performance and security balanced trading communication systems in the cloud.
In 2017 IEEE 36th International Performance Computing and Communications
Conference (IPCCC) (pp. 1-7). IEEE.
Udagepola, K., Xiang, L., Afzal, N., Ali, M., & Robinson, M. (2015). Case Study: Cloud
Computing Consumer Protocol in Australia. J. Appl. Environ. Biol. Sci, 5(9), 76-83.
Vaidyanathan, S., Sampath, S., & Azar, A. T. (2015). Global chaos synchronisation of
identical chaotic systems via novel sliding mode control method and its application to
Zhu system. International Journal of Modelling, Identification and Control, 23(1),
92-100.
IS Security and Risk Management 11
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.