Developing Network Security Policy for Commonwealth Bank of Australia

Verified

Added on 2023/06/07

AI Summary

This report provides a comprehensive analysis of the network security policy for the Commonwealth Bank, a major multinational banking organization based in Australia. It begins with an executive summary and table of contents, followed by an introduction that highlights the importance of network security in the context of globalization and cybercrime. The report identifies key stakeholders, including the Australian government, customers, employees, shareholders, and investors. It then delves into the bank's existing security measures, such as network security scanners, firewalls, UTM, SIEM, IPS, and IDS. The core of the report focuses on developing a strategic cyber security policy, emphasizing the importance of software supply chain management, addressing network framework disruptions, and implementing additional security layers for all stakeholders, including online transaction security, wallet transaction security, ATM protection, unified payment interface, and data leakage prevention. The report identifies potential threats and vulnerabilities, such as data leakage, malware, transaction fraud, third-party risks, and advanced cybercrime techniques, and proposes mitigation strategies. These strategies include strengthening the software supply chain, monitoring network framework disruptions, and implementing additional security measures. The report concludes by emphasizing the critical role of network security for the bank and the need for a robust cyber security approach.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

INFORMATION SECURITY
Student Name:
Student ID:
Subject:
Date:
Word Count: 1684
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Executive summary
The following assignment is going to enlighten the significance of network security policy along
with researching, formulating and developing a strategic cyber security policy for one of the
leading multinational banking organizations of Australia- the Commonwealth Bank. The bank is
running its business across the UK, the US, Asia, New Zealand apart from its native country. It
offers a large variety of financial services like fund management, institutional banking, different
types of insurances, broking and investment services.
2

Table of Contents
Introduction:....................................................................................................................................4
The strategic security policy for the Commonwealth Bank:...........................................................4
Potential threats and vulnerabilities of the Commonwealth Bank and the ways to mitigate such
threats:..............................................................................................................................................7
Conclusion:......................................................................................................................................8
References:......................................................................................................................................9
3

Introduction:
The following assignment is going to enlighten the basic security policy of the Commonwealth
Bank, Australia. The potential stakeholders who the organization needs to take account while
developing their network security system are the government of Australia, target customers,
employees, shareholders, and investors.
The strategic security policy for the Commonwealth Bank:
The modern technology has been upgraded with the changing era of globalization (Wang et al.
2016). The rapid development of technology has some boons and bans at the same time. On one
hand, modernization and digitalization accelerate the pace of life these days through
collaborating assumption with realism. However on the other hand, different types of cyber
crimes have also been intensified taking the support of technicality (Wang et al. 2016). Having
integrity in terms of network security is way too essential in this dynamic industry and therefore
proper cybercrime management as well is considered as an integral part of industrialization.
Integrity here refers to the maintenance of data security cum consistency of information (Islam,
2014). The prime motto of network security is to ensure that the information is reliable and
authentic from all the way round and cannot be accessed through any unauthorized user or
hacker.
Network security is one of the most talked about terms of these days, especially when it comes to
evaluating the pros and cons of technicality and digitalization. The topic of network security
comes as an inseparable part of the analysis (Wang et al. 2016). Nevertheless, when it comes to
defining network security it can be said that, the approval of access to information in a system
that is controlled by the system overseer (Islam, 2014). Clients have doled out an ID and a secret
phrase that permits them access to data and projects lies under their authority. Ensuring
authentication, cyber security and data security are the three integral parts and parcels of network
security. Apart from that, a strong network security chain guarantees the security of the entire
computer network system inside an organization from unauthorized users (Abomhara and Køien,
2015).
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Same security goal is applicable for the chosen Australia based banking organisation, the
Commonwealth Bank, which is one of the three market leaders of the banking sector in
Australia. The bank faces issues for subjecting network security as an afterthought or "idea in
retrospect", abandoning them powerless against assault and making room for programmers to
increase simple access to data once they have invaded the external lines of safeguarding which is
a pre-planned strategy to have control over the hackers cum the cybercrime culprits throughout
the globe (Knapp and Langill, 2014).
In this context, the mentionable point is that the logic provided by the Commonwealth Bank
behind developing this kind of cyber security approach was even if their network got broken
through by the cybercriminals they would not be able to move freely and the network security
experts could easily track the hackers and could put them behind the bar. However, the bank has
incorporated some basic security system which includes the network security scanners, firewall,
UTM, SIEM, IPS, and IDS in order to strengthen their network security system. The core
strategies which the organization should prioritize on while cracking down their network security
are assurance of access, abuse, and hacking of documents and indexes in a PC arranged
framework. Probably one of the most well-known dangers to a computer system incorporates
worms, virus, hacking, and adware and so on.
Digital wrongdoing is on the ascent, and given the developing utilization of innovation and the
developing volumes of information associations and individual clients confront, it is nothing
unexpected. This particular assignment is going to focus upon network security in the chosen
leading baking organization of Australia. Multiple layers of protection are needed to be provided
in order to ensure unbreakable security (Sharma and Rawat, 2015). Apart from that, the
organization should seek the assistance of the cyber control department which comprises cops
and the programs inhibited for preventing and monitoring any kind of misuse, unauthorized data
access, modifications and denial of the computer system or the network convenient resources. A
network security planning which the bank can inhibit while enforcing their network security is
going to be provided in the following discussion:
 Software supply chains focused on the mass trade-off:
The Commonwealth Bank, Australia is recommended to introduce an administrative program
with the motto of identifying the network security issue the data leakage, unauthorized access,
disruption of authentication along with risk management and concerns associated with the
5

software supply chain. Additionally, the network security team of the organization must go for
an additional workshop focusing upon this mass trade-off. They emphasized the consequence of
programming updates on test frameworks, preceding a more extensive rollout crosswise over
creation frameworks. Apart from that, the refreshed all-encompassing system of the US National
Foundation of Standards and Technology should be taken into account for strengthening the
network security system of Commonwealth Bank in order to follow the government protocols.
They are recommended to endeavour for working with all around resourced providers that have
shown a capacity to react to digital security events (Wang et al. 2014).
 Ruptures stem from disruption in network framework:
The next part of security enforcement is monitoring the revelation of network vulnerabilities in
their customized software applications so that the technical team can fix or refresh the flaws
conventionally (Islam, 2014). On the other hand, any type of malpractices associated with the
web applications cum the customized software of the banking organization can very efficiently
be found out through the proper implementation of this network security approach (Knapp and
Langill, 2014). The organization should go for a survey regarding the how efficiently and rapidly
the web application can respond to any kind of exposure so that to fix the bug in the source file
(Papp et al. 2015).
 Additional security layers addressing all the general stakeholders:
Online transaction security policy: the organization should incorporate certain security protocols
such as multifaceted validation, versatile verification, strong passwords, and biometrics.
Wallet transaction security: Security awareness must be spread out regarding Email security,
firewalls, malware, phishing, mobile banking access, and so on.
ATM protection: The users should go for biometrics including eye-retina scanning, finger-print
scanning and voice scanning for accessing the ATM (Jouin, Rabai, and Aissa. 2014).
Unified payment interface: The Commonwealth Bank should consider their security techniques,
administration models and prescient controls to assemble a safe UPI condition that guarantees a
consistent client encounter and in the meantime adjusts security dangers.
Information leakage prevention: Commonwealth Bank must train their employee in a way so
that they would be careful about sharing any kind of sensitive data with a third party. However,
the DPL or data loss prevention technology would keep them aloof from forwarding, uploading
6

and printing the authentic information in an insecure way (Perlman, Kaufman, C., and Speciner
2016).
Potential threats and vulnerabilities of the Commonwealth Bank and the ways
of mitigating such threats:
The potential threats of the network system for the Commonwealth Bank are according to the
research are:
 Data leakage
 Malware, Spyware, Adware, Trojan, Spam, Privilege escalation which is a special type of
computer programming which got exploited at times.
 Different types of transaction fiddle.
 The risk associated with third-party accessibility.
 Stolen of card information, unauthorized access, unauthorized sharing of information
with the third party.
 Advance cybercrime technicalities such as web attacks, next-generation ransomware etc.
 Malpractices like SIM swap, illegal money laundering, fake interface applications,
information theft, unauthorized money deduction via wallet transaction, the creation of
fake users which are associated with mobile banking (Pathan, 2016).
Addressing all these malpractices cum threats and vulnerabilities the above network security
framework has been developed which can mitigate these security flaws way too efficiently.
 Firstly, the network security approach associated with software supply chain can add up
an extra layer of security in the web applications and customized software of the banking
sector. The bank has to be answerable to the potential stakeholders like the government,
their clients and from that perspective; they need to intensify security of their customized
applications. Additionally, they can look after data leakage, access control, email
security, segm(Knapp and Langill, 2014)entation of the network through this particular
strategic development (Knapp and Langill, 2014).
 Secondly, the network security approach of having ruptures stem from disruption in
network framework can control any kind of malpractice cum unauthorized utilization of
heir customized web applications through appropriate testing of the protocols,
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

programming libraries and other essential parameters of the dynamic web application
system. Apart from that, the practice of having rupture stem from disruption in the
network framework would give the software engineers more prominent certainty over
which renditions to utilize (Stallings, 2017).
 Last but not least the additional security inhibitions are as important as the customized
security strategies the reason because those are the basic network security approaches the
bank should incorporate in their system. The information leakage prevention makes the
employees aware of the consequences of sharing sensitive data with the outer world on
the top of that the data prevention technology would ensure the prevention of printing,
uploading and forwarding of any original data in an unsecured manner. Additionally,
ATM protection, UPI, email security, behavioural evaluation and mobile transaction
security can add an extra momentum to the network security system of the bank (Perlman
et. al. 2016).
Conclusion:
From the above research work, it can be concluded that potential network security is an integral
part in this banking organization. The reason is that being an inseparable part of an economy, a
bank has to enforce its network security system as one of its prime responsibilities. However, the
chosen Australia based banking organization, the Commonwealth Bank, is no different from
others. Though they already have a way too tight network security policy the proposed cyber
security development approach would add up an extra layer of security in their network security
policy.
8

References:
Abomhara, M. and Køien, G.M., 2015. Cybersecurity and the internet of things: vulnerabilities,
threats, intruders and attacks. Journal of Cyber Security, 4(1), pp.65-88.
Islam, S., 2014. Systematic literature review: Security challenges of mobile banking and
payments system. International Journal of u-and e-Service, Science and Technology, 7(6),
pp.107-116.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information
systems. Procedia Computer Science, 32, pp.489-496.
Knapp, E.D., and Langill, J.T., 2014. Industrial Network Security: Securing critical
infrastructure networks for the smart grid, SCADA, and other Industrial Control Systems.
Massachusetts: Syngress.
Papp, D., Ma, Z. and Buttyan, L., 2015, July. Embedded systems security: Threats,
vulnerabilities, and attack taxonomy. In Privacy, Security and Trust (PST), 2015 13th Annual
Conference on, 1(2), pp. 145-152.
Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET.
Florida: CRC press.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Boca Raton: Auerbach Publications.
Perlman, R., Kaufman, C., and Speciner, M., 2016. Network security: private communication in
a public world. London: Pearson Education.
Sharma, R.K. and Rawat, D.B., 2015. Advances in security threats and countermeasures for
cognitive radio networks: A survey. IEEE Communications Surveys & Tutorials, 17(2), pp.1023-
1043.
Stallings, W., 2017. Cryptography and network security: principles and practice. Upper Saddle
River, NJ: Pearson.
Wang, L., Jajodia, S., Singhal, A., Cheng, P. and Noel, S., 2014. k-zero-day safety: A network
security metric for measuring the risk of unknown vulnerabilities. IEEE Transactions on
Dependable and Secure Computing, 11(1), pp.30-44.
9

Wang, Y., Hahn, C. and Sutrave, K., 2016, February. Mobile payment security, threats, and
challenges. In Mobile and Secure Services (MobiSecServ), 2016 Second International
Conference on, 2(2), pp. 1-5.
.
10