The Strategic Security Policy for the Commonwealth Bank

The following assignment is going to enlighten the basic security policy of the Commonwealth Bank, Australia. The potential stakeholders who the organization needs to take account while developing their network security system are the government of Australia, target customers, employees, shareholders, and investors.

The modern technology has been upgraded with the changing era of globalization (Wang et al. 2016). The rapid development of technology has some boons and bans at the same time. On one hand, modernization and digitalization accelerate the pace of life these days through collaborating assumption with realism. However on the other hand, different types of cyber crimes have also been intensified taking the support of technicality (Wang et al. 2016). Having integrity in terms of network security is way too essential in this dynamic industry and therefore proper cybercrime management as well is considered as an integral part of industrialization. Integrity here refers to the maintenance of data security cum consistency of information (Islam, 2014). The prime motto of network security is to ensure that the information is reliable and authentic from all the way round and cannot be accessed through any unauthorized user or hacker.

Network security is one of the most talked about terms of these days, especially when it comes to evaluating the pros and cons of technicality and digitalization. The topic of network security comes as an inseparable part of the analysis (Wang et al. 2016). Nevertheless, when it comes to defining network security it can be said that, the approval of access to information in a system that is controlled by the system overseer (Islam, 2014). Clients have doled out an ID and a secret phrase that permits them access to data and projects lies under their authority. Ensuring authentication, cyber security and data security are the three integral parts and parcels of network security. Apart from that, a strong network security chain guarantees the security of the entire computer network system inside an organization from unauthorized users (Abomhara and Køien, 2015).

Same security goal is applicable for the chosen Australia based banking organisation, the Commonwealth Bank, which is one of the three market leaders of the banking sector in Australia. The bank faces issues for subjecting network security as an afterthought or “idea in retrospect”, abandoning them powerless against assault and making room for programmers to increase simple access to data once they have invaded the external lines of safeguarding which is a pre-planned strategy to have control over the hackers cum the cybercrime culprits throughout the globe (Knapp and Langill, 2014).

Software Supply Chains Focused on the Mass Trade-Off

In this context, the mentionable point is that the logic provided by the Commonwealth Bank behind developing this kind of cyber security approach was even if their network got broken through by the cybercriminals they would not be able to move freely and the network security experts could easily track the hackers and could put them behind the bar. However, the bank has incorporated some basic security system which includes the network security scanners, firewall, UTM, SIEM, IPS, and IDS in order to strengthen their network security system. The core strategies which the organization should prioritize on while cracking down their network security are assurance of access, abuse, and hacking of documents and indexes in a PC arranged framework. Probably one of the most well-known dangers to a computer system incorporates worms, virus, hacking, and adware and so on. 

Digital wrongdoing is on the ascent, and given the developing utilization of innovation and the developing volumes of information associations and individual clients confront, it is nothing unexpected. This particular assignment is going to focus upon network security in the chosen leading baking organization of Australia. Multiple layers of protection are needed to be provided in order to ensure unbreakable security (Sharma and Rawat, 2015). Apart from that, the organization should seek the assistance of the cyber control department which comprises cops and the programs inhibited for preventing and monitoring any kind of misuse, unauthorized data access, modifications and denial of the computer system or the network convenient resources. A network security planning which the bank can inhibit while enforcing their network security is going to be provided in the following discussion:

The Commonwealth Bank, Australia is recommended to introduce an administrative program with the motto of identifying the network security issue the data leakage, unauthorized access, disruption of authentication along with risk management and concerns associated with the software supply chain. Additionally, the network security team of the organization must go for an additional workshop focusing upon this mass trade-off. They emphasized the consequence of programming updates on test frameworks, preceding a more extensive rollout crosswise over creation frameworks. Apart from that, the refreshed all-encompassing system of the US National Foundation of Standards and Technology should be taken into account for strengthening the network security system of Commonwealth Bank in order to follow the government protocols. They are recommended to endeavour for working with all around resourced providers that have shown a capacity to react to digital security events (Wang et al. 2014).

Ruptures Stem from Disruption in Network Framework

The next part of security enforcement is monitoring the revelation of network vulnerabilities in their customized software applications so that the technical team can fix or refresh the flaws conventionally (Islam, 2014). On the other hand, any type of malpractices associated with the web applications cum the customized software of the banking organization can very efficiently be found out through the proper implementation of this network security approach (Knapp and Langill, 2014). The organization should go for a survey regarding the how efficiently and rapidly the web application can respond to any kind of exposure so that to fix the bug in the source file (Papp et al. 2015).

Online transaction security policy: the organization should incorporate certain security protocols such as multifaceted validation, versatile verification, strong passwords, and biometrics.

Wallet transaction security: Security awareness must be spread out regarding Email security, firewalls, malware, phishing, mobile banking access, and so on.

ATM protection: The users should go for biometrics including eye-retina scanning, finger-print scanning and voice scanning for accessing the ATM (Jouin, Rabai, and Aissa. 2014).

Unified payment interface: The Commonwealth Bank should consider their security techniques, administration models and prescient controls to assemble a safe UPI condition that guarantees a consistent client encounter and in the meantime adjusts security dangers.

Information leakage prevention: Commonwealth Bank must train their employee in a way so that they would be careful about sharing any kind of sensitive data with a third party. However, the DPL or data loss prevention technology would keep them aloof from forwarding, uploading and printing the authentic information in an insecure way (Perlman, Kaufman, C., and Speciner 2016).

The potential threats of the network system for the Commonwealth Bank are according to the research are:

• Data leakage
• Malware, Spyware, Adware, Trojan, Spam, Privilege escalation which is a special type of computer programming which got exploited at times.
• Different types of transaction fiddle.
• The risk associated with third-party accessibility.
• Stolen of card information, unauthorized access, unauthorized sharing of information with the third party.
• Advance cybercrime technicalities such as web attacks, next-generation ransomware etc.
• Malpractices like SIM swap, illegal money laundering, fake interface applications, information theft, unauthorized money deduction via wallet transaction, the creation of fake users which are associated with mobile banking (Pathan, 2016).

Addressing all these malpractices cum threats and vulnerabilities the above network security framework has been developed which can mitigate these security flaws way too efficiently.

• Firstly, the network security approach associated with software supply chain can add up an extra layer of security in the web applications and customized software of the banking sector. The bank has to be answerable to the potential stakeholders like the government, their clients and from that perspective; they need to intensify security of their customized applications. Additionally, they can look after data leakage, access control, email security, segm(Knapp and Langill, 2014)entation of the network through this particular strategic development (Knapp and Langill, 2014).
• Secondly, the network security approach of having ruptures stem from disruption in network framework can control any kind of malpractice cum unauthorized utilization of heir customized web applications through appropriate testing of the protocols, programming libraries and other essential parameters of the dynamic web application system. Apart from that, the practice of having rupture stem from disruption in the network framework would give the software engineersmore prominent certainty over which renditions to utilize (Stallings, 2017). 
• Last but not least the additional security inhibitions are as important as the customized security strategies the reason because those are the basic network security approaches the bank should incorporate in their system. The information leakage prevention makes the employees aware of the consequences of sharing sensitive data with the outer world on the top of that the data prevention technology would ensure the prevention of printing, uploading and forwarding of any original data in an unsecured manner. Additionally, ATM protection, UPI, email security, behavioural evaluation and mobile transaction security can add an extra momentum to the network security system of the bank (Perlman al.2016).

Conclusion:

From the above research work, it can be concluded that potential network security is an integral part in this banking organization. The reason is that being an inseparable part of an economy, a bank has to enforce its network security system as one of its prime responsibilities. However, the chosen Australia based banking organization, the Commonwealth Bank, is no different from others. Though they already have a way too tight network security policy the proposed cyber security development approach would add up an extra layer of security in their network security policy.

References:

Abomhara, M. and Køien, G.M., 2015. Cybersecurity and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security, 4(1), pp.65-88.

Islam, S., 2014. Systematic literature review: Security challenges of mobile banking and payments system. International Journal of u-and e-Service, Science and Technology, 7(6), pp.107-116.

Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.

Knapp, E.D., and Langill, J.T., 2014. Industrial Network Security: Securing critical infrastructure networks for the smart grid, SCADA, and other Industrial Control Systems. Massachusetts: Syngress.

Papp, D., Ma, Z. and Buttyan, L., 2015, July. Embedded systems security: Threats, vulnerabilities, and attack taxonomy. In Privacy, Security and Trust (PST), 2015 13th Annual Conference on, 1(2), pp. 145-152.

Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET. Florida: CRC press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton: Auerbach Publications.

Perlman, R., Kaufman, C., and Speciner, M., 2016. Network security: private communication in a public world. London: Pearson Education.

Sharma, R.K. and Rawat, D.B., 2015. Advances in security threats and countermeasures for cognitive radio networks: A survey. IEEE Communications Surveys & Tutorials, 17(2), pp.1023-1043.

Stallings, W., 2017. Cryptography and network security: principles and practice. Upper Saddle River, NJ: Pearson.

Wang, L., Jajodia, S., Singhal, A., Cheng, P. and Noel, S., 2014. k-zero-day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Transactions on Dependable and Secure Computing, 11(1), pp.30-44.

Wang, Y., Hahn, C. and Sutrave, K., 2016, February. Mobile payment security, threats, and challenges. In Mobile and Secure Services (MobiSecServ), 2016 Second International Conference on, 2(2), pp. 1-5.