The foremost determination of the report is to focus on the Australian multinational bank known as Commonwealth Bank of Australia which was enlisted in the Australian Stock Exchange in 1991 (Aulich, Jones & Head, 2018). The different departments in which they provide their services are insurance, investment services, superannuation, funds management, retail, business and institutional banking.
This multinational bank has different types of internal and external stakeholders involved in all of their activities such as the customers, employers, shareholders, investors, suppliers, industry associations, educational institutions, communities, government agencies and NGOs (Dixon & Finnane, 2018). Head quartered in Diamond Harbor, Sydney the total revenue of this global bank was around $26 billion AUD for the year 2017.
Started in 1912 in Melbourne, this public bank increased their features and services over the years which makes them one of the most reputed banks in the world. The extensive service provided by them makes them the largest bank in the Southern Hemisphere (Worthington, 2016). The mature of products provided by this bank are credit cards, mortgages, global wealth management, investment management, consumer banking, corporate banking, finance, insurance and private equity.
The strategic securities of the chosen topic in entirely based on the managing the confidentiality, integrity and availability of information held with the bank. This prime objective of this report is to focus on the protection of information and information system as well as the physical assets of the banking facility.
The aim of this section of the policy is to focus on the potential threats and hazards associated with the services provided by the bank and also protection against unauthorized access to or use of sensitive information.
The strategic security officers of this global bank ensure that each stakeholders of the association receive an effective advanced training according to the rules and regulations of the bank and the information security procedures with respect to the designation in the banks (Schlagwein, Thorogood & Willcocks, 2014). The three types of training provided by the bank are basic fundamental training, review sessional trainings and updated training for concerned personals according to specific business situations.
The risk assessment of this bank involves the following criteria:
The risk mitigation of this bank is regularly updated on a regular basis due to the changing business conditions with time (Murray et al., 2014). The needs and requirements of the stakeholders of the bank keep on changing so the entire strategic plan is always subjected to changes according to the situation in this bank, even the presence of this bank and its associated all over the world is also one of the major factors regarding the development of the security plan.
This global bank deals with huge numbers of vendor all over the world for different kinds of purposes (Macdonald, Burke & Stewart, 2017). The vendor selection process of this bank is described below:
Selection of appropriate vendor
Diligence methods and vendor selection method of this bank is the most important phase of the vendor management (Capponi & Chen, 2015). The competence, stability, market reputation, financial statements and audit statements are evenly scrutinised before selecting them on a contractual basis.
Contracts
The selection of the vendor concludes with a contractual signing between the concerned authorities stating all the policies and regulations associated with the responsibility in a clear way. All the probable rules regarding the contacts have to be maintained by the vendors for long term investments and security purposes (Buckby, Gallery & Ma, 2015). The requirement performance levels and service levels of the vendor is very much significant for the overall efficiency of the organisation due to their enhanced role in the bank.
Monitoring
The performance of the activities of vendors should have been examined by the operational activity team of the bank authority (English, Van den Heuvel & Zakrajšek, 2018). There are different factors which should be playing an active role in the security policy such as contingency capability, operational controls, the internal controls, disputes, contract changes and contract termination. Internal audit reports are conducted by the system regulators of the bank authorities to ensure the commitments of the vendors (Jackson & Beswick, 2018). This bank should be having a 24 hour monitoring system for the detection of the external threats.
On the basis of the threats associated with the bank, also the probable future risks, continuance of the processing activities of the vendors are examined in this phase of the strategic planning.
The roles and responsibility of each stakeholders of this bank such as the audit committee, information security administrator, information security officers, business unit managers and human resources are the vital parameters of the strategic security plan which are useful in the protection of customer data from any kind or manmade of natural issues.
Figure1: Strategic Security Policy of Common Wealth Bank
The strategic security policy adopted by the bank is accessible to each of the stakeholders of the bank. The strategic security policy of this bank is associated with the other policies of the bank that the effectiveness of the policies is maintained and this policy is approved by the board of directors of the bank (Luo, Tanna & De Vita, 2016). The maintenance of the policies adopted by the bank is very much essential for smooth conduction of their over all process. Compliance with the policies are maintained in the bank and strict regulations are also enacted by the violators.
The protection of the data and information from the external attacks is the main purpose of the resource management. It should include a disposal schedule for retrieving records according to different options such as data and time (Parasa & Batten, L2016). The organizational assets should be maintained with the help of the asset protection team with the help of the information asset register.
This banking authority should be working more on the cryptographic protocols which ensure security and confidentiality of significant information of the customers of the bank.
This global bank should be having great operational teams which can ensure the security of all the operation of information processing facilities (Abbott & Cohen, 2014). There should be different portals which state about the different processes of the bank in details as well as the testing environment. The operational team should be dedicatedly working for the protection of the networking issues of the bank such as the malicious attacks and mobile code control.
This bank has an impressive risk mitigation strategy included in their security policy for the identification of the internal and external threats which can have a negative impact of the growth of the bank (Henisz & Zelner, 2015). The risk management strategy should be developed in such a way that it can prevent misuse, alteration and destruction of the sensitive data stored by the client. The implementation of the security strategic policy in the banking organization is one of the most important procedure for maintaining their good quality services over the years.
The security measure unit of this policy described below:
The Different policies strategies which should be approved by the Australian
|
Framework element |
Approval |
|
Policies |
Board of directors |
|
Guidelines |
Management teams |
|
Technical standards |
Operational managers |
|
Procedures |
Line managers |
Table 1: Roles and responsibility regarding the approval of the framework
Created by the author
There are different types of potential threats and vulnerabilities of this bank in the form of internal and external threats as following in this section of the paper.
Mobile malware: There are different types of malicious software such as trojan horse, virus and rootkits which possess a great threat to the security of the bank authorities.
Third party applications: The extensive use of the third-party application possess a great threat regarding the online activities of the users of the bank.
Unsecured WIFI: The use of public WIFI for different kinds of banking activities is threat to the security of the bank accounts of the users as the hackers have the capability to seize control of the users.
Attacks: The other major type of attack of this global bank is the botnets and DDoS, which is a great source of tension of the bank authorities as well as the account holders as any alteration of data or money can have a direct negative impact on the growth and development of the bank
User behaviour: This is a type of internal threat which can have a great threat to the business reputation of the bank organisation. The threat can come from both the employers of the organisation or their associated partners as well as the users of the bank.
Phishing: This is one of the most major threats for this bank as cybercriminals are using latest phishing, smishing and vishing attacks on sensitive sectors such as banks (McIlroy, 2017). The use of these attacks through email possess great threat to the market reputation of the bank. There are different types of issues associated to the use of the different types of cloud computing services which are connected to this bank corporation for specific tasks which also challenges the existing security of the bank organisation.
The risks involved in this bank can be solved using effective strategies which are discussed in this section of the paper.
Contract: All the stakeholders of the banks have a great business relationship among themselves due to the application of the contracts which helps them to deal with any kinds of threats and vulnerabilities. Many kinds of risk such as the financial risks can be effectively solved and minimized with the help these contracts (Rostamkalaei & Freel, 2016). The risks external risks such as the risk associated with the foreign exchange can be purposefully solved using the contracts.
Hedging arrangement: The risks involved with the financial transaction of this bank can be effectively solved with the help of the hedging arrangement which have a great influence regarding the cost of debts and breakage cost of the organization.
Use of insurance: This bank provides great insurance policy for all of its stakeholders so that they can have their financial security while using the services of this bank. Impressive insurance coverage schemes are applied to the bank account holders as well the employees to deal with adverse business conditions.
Collateral: This is one of the other risk mitigation strategy followed this bank by which risks such as liquidating risks and phishing emails can be solved purposefully.
Advanced trainings: This banking organization gives advanced training to its members who deals with clients directly so that they can understand their clients and make them comfortable by solving their issue which help the bank to maintain a good market reputation in the market.
Reference
Abbott, M., & Cohen, B. (2014). A Survey of the Privatisation of Government?Owned Enterprises in Australia since the 1980s. Australian economic review, 47(4), 432-454.
Aulich, C., Jones, S., & Head, B. (2018). DIVESTMENT OF COMMONWEALTH PUBLIC ENTERPRISES IN AUSTRALIA: THE CUPBOARD IS BARE 1. Annals of Public and Cooperative Economics, 89(3), 475-490.
Buckby, S., Gallery, G., & Ma, J. (2015). An analysis of risk management disclosures: Australian evidence. Managerial Auditing Journal, 30(8/9), 812-869.
Capponi, A., & Chen, P. C. (2015). Systemic risk mitigation in financial networks. Journal of Economic Dynamics and Control, 58, 152-166.
Dixon, K., & Finnane, G. (2018). S is for stakeholders, not shareholders: The shift in board responsibility. Governance Directions, 70(6), 322.
English, W. B., Van den Heuvel, S. J., & Zakrajšek, E. (2018). Interest rate risk and bank equity valuations. Journal of Monetary Economics.
Henisz, W. J., & Zelner, B. A. (2015). The hidden risks in emerging markets. In International Business Strategy (pp. 646-654). Routledge.
Jackson, P., & Beswick, D. (2018). Conflict, security and development: An introduction. Routledge.
Luo, Y., Tanna, S., & De Vita, G. (2016). Financial openness, risk and bank efficiency: Cross-country evidence. Journal of Financial Stability, 24, 132-148.
Macdonald, I., Burke, C., & Stewart, K. (2017). Systems leadership: Creating positive organisations. Routledge.
McIlroy, J. (2017). Re-nationalise the commonwealth bank. Green Left Weekly, (1149), 11.
Murray, D., Davis, K., Dunn, C., Hewson, C., & McNamee, B. (2014). Financial system inquiry.
Parasa, S., & Batten, L. M. (2016, October). Mobile Money in the Australasian Region-A Technical Security Perspective. In International Conference on Applications and Techniques in Information Security (pp. 154-162). Springer, Singapore.
Rostamkalaei, A., & Freel, M. (2016). The cost of growth: small firms and the pricing of bank loans. Small Business Economics, 46(2), 255-272.
Schlagwein, D., Thorogood, A., & Willcocks, L. P. (2014). How Commonwealth Bank of Australia Gained Benefits Using a Standards-Based, Multi-Provider Cloud Model. MIS Quarterly Executive, 13(4).
Worthington, A. C. (2016). Financial literacy and financial literacy programmes in Australia. In Financial Literacy and the Limits of Financial Decision-Making (pp. 281-301). Palgrave Macmillan, Cham.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download