SBM4304: Essay on IS Security and Risk Management for Telstra

Verified

Added on  2023/06/08

|12
|2941
|57
Essay
AI Summary
This essay provides a comprehensive analysis of information system (IS) security and risk management practices within Telstra Corporation. It begins with an overview of Telstra's services and the role of information systems in supporting its business operations. The essay then delves into the specifics of general management controls (GMCs) and application controls (ACs) employed by Telstra, comparing and contrasting their functions. Furthermore, it evaluates the risk management techniques used to ensure reliability, confidentiality, availability, integrity, and security. The essay concludes with an illustration of Telstra's audit plan and process, demonstrating how auditing supports data quality. The content covers the different types of information system controls, risk management techniques, audit plan, and audit process for Telstra.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management: Telstra Corporation
Name of the Student
Name of the University
Author’s Note:
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
IS SECURITY AND RISK MANAGEMENT
Introduction
Information system is a well organized system that helps to store, collect, communicate
and organize any type of information or data. The data processing, manipulation, distribution,
creation as well as filtration are easily done with information system (Laudon & Laudon, 2016).
The main aim of an information system is to make each and every service or functionality easier
within an organization. Moreover, information system is also responsible for making the
organization completely technology oriented. Hence, information system can be termed as an
important requirement in any organization.
The following essay will be outlining a brief discussion on the security and risk
management of the most popular telecommunication organization of Australia, namely Telstra
Corporation Ltd. The main objective of this essay is to know about the different types of
information system controls, such as general management controls and application controls.
Furthermore, the risk management techniques, audit plan and audit process for Telstra will be
provided in this essay.
Discussion
1. Illustration of Services Provided by Telstra with Uses
The largest as well as the most popular organization in Australia that mainly deals with
all types of telecommunications and other communication services is called Telstra Corporation
Ltd. Telstra mainly builds and operates several types of networks of telecommunication, proper
internet accessibility, televisions, market voices, telephones, broadband services and many more
(Telstra.com.au. 2018). The other several services of the telecommunication are also provided by
Document Page
2
IS SECURITY AND RISK MANAGEMENT
Telstra Corporation Ltd. The telecommunication and the technological world are solely
benefitted with the help of Telstra. As per a survey of 2017, this particular telecommunications
organization gives about 17.6 million mobile services, 3.5 million services of broadband in fixed
retail and even 5.1 million of fixed retail voice services in Australia and all the suburbs. Telstra
Corporation Ltd has taken the decision in bringing out the most effective and efficient services
for future generations (Telstra.com.au. 2018). The main aim of Telstra is to produce the best
features of telecommunication services in future. Moreover, Telstra even gives information
system services to all the staffs and workers, working in that company.
The proper use of all types of services and networks of telecommunications helps in
making each and every functionality efficient and effective, with the core purpose to make the
business of Telstra without problems and complexities (Bajdor & Grabara, 2014). All the
business operations or processes become extremely easy with the proper implementation of
information system. Moreover, the employees and clients of this company can easily execute the
processes without even having proper acquaintance of technology. Telstra is known in every part
of the world due to its unique and popular business processes. Each and every organizational
service helps the company to keep their data or information absolutely private and confidential
and thus is not lost at any time (Demir & Krajewski, 2013). This type of data integrity and data
confidentiality is being maintained and restored with information system. The bulk amount of
confidential data is easily stored with the help of information system in Telstra. The major
benefit of information system in Telstra is the easy handling of data. Proper communication
within the clients and organization is the second benefit. The customer relationship management
is well maintained with proper communication in an organization. The service availability is the
next important advantage of information system in Telstra. Since, this organization has
Document Page
3
IS SECURITY AND RISK MANAGEMENT
customers throughout the world, time flexibility is required and this is possible with IS
(Castronova, Goodall & Ercan, 2013). The customers can easily contact them without much
hassle. The perfect reduction of various problems or cultural gaps is yet another advantage.
Hence, information system is vital in Telstra Corporation Ltd.
2. General Management Controls of Telstra
General Management Controls are controls that help to gather as well as use significant
information for evaluation of the organizational resource performance. The most important
organizational resources are finances, physical and employees of that particular organization
(Boonstra, 2013). The several strategies of the organization are taken by the higher management
level and these strategies are responsible for accomplishing the several organizational objectives.
GMCs or general management controls are the various methodologies of operations, which are
useful for enabling the organizational bodies in completing their tasks with utmost efficiency.
Moreover, GMCs help to complete the tasks as per planned by the management bodies. The
implementation of strategies is also done easily with the help of general management controls
(Tarhini, Arachchilage & Abbasi, 2015). The main advantage of the implementation of these
general management controls is that these are extremely useful for reducing the various
organizational risks or threats. These types of organizational risks or threats are extremely
vulnerable for the growth of the organization and successful implementation of the
organizational strategies. Moreover, the organizational management bodies often face major
issues in forming the internal control systems and thus the company obtains significant support
for stopping the threats and risks.
The GMCs of Telstra Corporation Ltd. mainly depends of three distinct factors (Li et al.,
2014). The three factors are setting of several standards, measuring the total performance and
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
IS SECURITY AND RISK MANAGEMENT
finally taking appropriate actions against them. There are several important and significant
general management controls for the organization of Telstra Corporation Ltd. The most
important GMC of this organization is maintaining customer relationship management with the
clients. Training is given to the employees of this organization. This type of training helps the
employees to deal with all the information systems of Telstra. The third GMC of Telstra is that
they follow a strict regulation and law compliances for maintaining law within their businesses
(Dahlstrom, Walker & Dziuban, 2013). These general management controls are extremely
important for the organization of Telstra Corporation Ltd.
3. Different Types of Application Controls
Application controls can be defined as the security practices, which help to block any
type of unauthorized applications from their successful execution. Various methodologies are
present that help in checking the working procedure of each and every application or computer
system (Eason, 2014). These methodologies are responsible for helping the several risks of data
confidentiality or data integrity. The business processes are executed and controlled properly
with the help of application controls. The application controls often involve proper identification,
input controlling, authentication controlling, proper checking, authorization controlling, validity
checking and forensic control. Telstra Corporation Ltd. has implemented these application
controls for their each and every computerized application like online learning, payroll system
and business application (Marchewka, 2014). Telstra Corporation Ltd. has implemented the
following application controls:
i) Proper Identification of Authorized Users: The first AC is the proper recognition of all
the authorized users.
Document Page
5
IS SECURITY AND RISK MANAGEMENT
ii) Input Controlling: The data integrity is solely maintained with the help of all the input
controls.
iii) Authentication: The various application controls give the application system
authentication mechanism (Kellermann & Jones, 2013).
iv) Authorization: Another significant application control of the Telstra Corporation Ltd.
is ensuring proper access to all the application systems by only authorized and approved users.
v) Validity Checking: The fifth application control of the Telstra Corporation Ltd. is that
it helps in ensuring the fact that only valid data is being processed.
vi) Forensic Controls: This type of application control helps in ensuring scientific
appropriate data on the basis of inputs and outputs (Holtshouse, 2013).
4. Comparison between General Management Controls and Application Controls
The information system that needs both application controls and general management
controls is being implemented within the organization of Telstra Corporation Ltd. The proper
comparison between the application controls and general management controls within the
information systems are as follows:
i) The application controls of the information system are absolutely different from
general management controls (Bloom et al., 2014). Since, the application controls are responsible
for controlling the applications and system, the general management controls are used for
controlling the overall management of Telstra Corporation Ltd.
ii) The application controls within the information system of Telstra Corporation Ltd.
could be referred to as the controls, which are solely related to the applications of computer
Document Page
6
IS SECURITY AND RISK MANAGEMENT
software and even the individual transactions (Lloyd, 2017). There are several vital factors that
enhance the application controls in the information system of Telstra Corporation. These are
proper identification, input controlling, authentication controlling, proper checking, authorization
controlling, validity checking and forensic control. However, this factor is not similar in GMC.
iii) The GMCs of Telstra that are related to the information system are termed as those
policies, which are linked with the various organizational applications. All of these GMCs can be
utilized to support the most important functionalities of application controls. This is done with
the help of ensuring a continuous IS (Schwalbe, 2015). The most significant application areas of
GMC are mainframes, end user environments and servers. These GMCs can easily control the
operations of network and proper security access. Moreover, the data breaching could be
eventually stopped with these controls. There are various safeguards that help to restrict the
access to all types of authorized and authenticated data files and programs.
5. Evaluation of Risk Management Techniques
a) Reliability, Confidentiality, Availability, Integrity and Security
The following techniques are used by Telstra Corporation for managing risks and
ensuring the reliability, security, integrity, availability and confidentiality.
i) Risk Avoidance: This technique helps Telstra to avoid the risks and hence the
organizational risks are eradicated properly (Castronova, Goodall & Ercan, 2013).
ii) Prevention of Losses: The next technique helps Telstra by preventing the losses and
hence maintaining reliability to a higher extent.
b) Risk Identification, Risk Assessment and Risk Control
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
IS SECURITY AND RISK MANAGEMENT
The risk assessment, control and identification are another three important risk factors for
Telstra. The following techniques are used by Telstra Corporation for managing risks and thus
the above mentioned factors are maintained.
i) Separation: This specific technique helps in ensuring whenever any kind of catastrophe
occurs for business operation and hence risk is being controlled by Telstra Corporation Ltd
(Laudon & Laudon, 2016).
ii) Reduction of Losses: The loss reduction helps this organization to reduce their losses
and maintain risk control and assessment.
6. Illustration of Audit Plan and Process in Telstra
A proper survey to check whether the organizational resources are properly utilized is
called auditing. This particular procedure is done to maintain confidentiality and integrity of the
employees and information systems (Li et al., 2014). The misuse of organizational properties is
easily caught with the help of auditing.
Telstra Corporation Ltd. does auditing of the information systems periodically. Audit
plan and audit process are used in this organization properly to identify as well as analyze the
quality of data or information system (Eason, 2014). The audit plan of Telstra is given below:
i) Identifying Audit Engagement.
ii) Defining Report Requirements.
iii) Conflicts between Interest Assessments.
iv) Proper Risk Assessments.
Document Page
8
IS SECURITY AND RISK MANAGEMENT
v) Accessing Documents and Records.
The audit process of Telstra Corporation Ltd. is as follows:
i) Employee Notification.
ii) Discussing Scope as well as Objectives (Holtshouse, 2013).
iii) Gathering Procedural Information.
iv) Evaluating Existing Control.
v) Proper Plan Execution.
Conclusion and Recommendations
Therefore, from the above discussion, it can be concluded that information system can be
defined as the software, which helps in organizing as well as analyzing the data or information.
Information system can easily turn raw data to relevant or useful information, which could be
utilized for the purpose of decision making within an organization. The most significant
examples of information system are enterprise resource planning system or ERP system and
database management system or DBMS. Any popular organization, in today’s world is utilizing
these two information systems for their businesses. The main components of an information
system are hardware, software, databases, network and procedures. Data operation is done easily
with the help of information system. Manual data entry or manual errors are reduced with IS.
The above essay has discussed the IS security and risk management of Telstra Corporation Ltd.
The general management controls and application controls are properly explained for this
Document Page
9
IS SECURITY AND RISK MANAGEMENT
particular organization. Moreover, he detailed audit plan, audit processes and risk management
techniques are provided here.
The most significant recommendation for this particular company of Telstra Corporation
Ltd is that they should implement an information system in their business. This information
system will be helpful for the company since they can easily manage or control the various
business operations. Furthermore, time management will be another important advantage that
they would enjoy from information system.
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10
IS SECURITY AND RISK MANAGEMENT
References
Bajdor, P., & Grabara, I. (2014). The Role of Information System Flows in Fulfilling Customers’
Individual Orders. Journal of Studies in Social Sciences, 7(2).
Bloom, N., Garicano, L., Sadun, R., & Van Reenen, J. (2014). The distinct effects of information
technology and communication technology on firm organization. Management
Science, 60(12), 2859-2885.
Boonstra, A. (2013). How do top managers support strategic information system projects and
why do they sometimes withhold this support?. International Journal of Project
Management, 31(4), 498-512.
Castronova, A. M., Goodall, J. L., & Ercan, M. B. (2013). Integrated modeling within a
hydrologic information system: an OpenMI based approach. Environmental Modelling &
Software, 39, 263-273.
Dahlstrom, E., Walker, J. D., & Dziuban, C. (2013). ECAR study of undergraduate students and
information technology(p. 2013). 2013.
Demir, I., & Krajewski, W. F. (2013). Towards an integrated flood information system:
centralized data access, analysis, and visualization. Environmental Modelling &
Software, 50, 77-84.
Eason, K. D. (2014). Information technology and organisational change. CRC Press.
Holtshouse, D. K. (2013). Information technology for knowledge management. Springer Science
& Business Media.
Document Page
11
IS SECURITY AND RISK MANAGEMENT
Kellermann, A. L., & Jones, S. S. (2013). What it will take to achieve the as-yet-unfulfilled
promises of health information technology. Health affairs, 32(1), 63-68.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.
Li, J., Li, Q., Liu, C., Khan, S. U., & Ghani, N. (2014). Community-based collaborative
information system for emergency management. Computers & operations research, 42,
116-124.
Lloyd, I. (2017). Information technology law. Oxford University Press.
Marchewka, J. T. (2014). Information technology project management. John Wiley & Sons.
Schwalbe, K. (2015). Information technology project management. Cengage Learning.
Tarhini, A., Arachchilage, N. A. G., & Abbasi, M. S. (2015). A critical review of theories and
models of technology adoption and acceptance in information system
research. International Journal of Technology Diffusion (IJTD), 6(4), 58-77.
Telstra.com.au. (2018). Telstra - mobile phones, prepaid phones, broadband, internet, home
phones, business phones. [online] Available at: https://www.telstra.com.au/ [Accessed 06
Aug. 2018].
chevron_up_icon
1 out of 12
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]