Discussion

Commonwealth Bank of Australia is the one of the prominent organization in the banking sector. Commonwealth Bank provides several of banking services which includes retail and investment banking (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). There are many internal operations in the banking sector (McIlroy 2017). The main concern regarding the banking operation is maintaining the security in the processing of the services (Bradford 2016,p.20). The operations in the banking sector deals with the organizational and the users’ data which are confidential in nature (Bean & Irvine 2015,p.602-619). Breaching of the data can lead to the security threats for both the organizations and the users (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). The main objective of this paper  is to discuss the security systems in the Commonwealth bank. Apart from that the security vulnerabilities are identified in the organization.  The various security those are applicable for the mitigation of those vulnerabilities has been discussed in this paper (Gontarczyk,  McMillan & Pavlovski  2015,p.40-45). The main objective of this paper is to evaluate the condition of the security system in the commonwealth Bank and make the recommendations for the improvement and the modification of the overall security system of the bank.
Discussion

The functioning of the Commonwealth Bank includes both retail banking and investment banking. In case of retail banking the bank has to deal with the consumer data. In case of investment banking the organization has to deal with the data of the other organization. The handling of the data is needed to be done in a proper way so that it can mitigate the possibility of  data breaching. There are several systems for handling cash (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). The bank has ATMs where the users can withdraw the cash from the ATMs using PIN number and other personal details (Schlagwein, Thorogood & Willcocks 2014,p.13). In that case the security system in ATMs are needed to be secured so that the personal information of the users can be handled in a secured way (Ramsel 2018,p.1). Apart from that the confidential information regarding the organization is needed to be kept secured (Apergis & Cooray 2015, p.155-172). The bank is currently using the cloud storage for the storing of the data. The model of the cloud is hybrid model.  Partial data are stores in the public cloud, on the other hand  the confidential data are stored in the private cloud (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). The security of the private cloud is handled by the organization. On the other hand the security of the public cloud is handled b the third party cloud provider. The hybrid cloud system  provides better security in the organization.

Research and development of the strategic security policy for the organization

Finding the vulnerabilities in the security of the organization:

The security and the safety of the information and the data in the bank are good. However, there are some of the security vulnerabilities those have been detected during the current business situation. The systems used in the bank and respective branches are not up-to-date(Gontarczyk,  McMillan & Pavlovski  2015). Apart from that the update of the anti virus software is need (Abbott & Cohen 2014,p. 432-454). In recent years the some branches of the Commonwealth Bank have faced the cyber attack. As a result those branches have been faced the breaching of the data (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). The attack in the security system of the organizational is hampering the goodwill of the company. Apart from that the cyber attackers in the systems of the bank is hampering the working condition of the system . this also causes the slow down of the server which leads to the problem in the transition of the money. Another security vulnerability can be occurred from the technical fault of the system (Nurse 2016). This banking organization has faced the loss of the data due to the technical fault in earlier days. Apart from that the organization has been highlighted for some of the controversial issues regarding the maintenance of the security of the consumers and the organization.

Research and development of the strategic security policy for the organization:

In order to implement the security policy in the organization the involvement of the stakeholders are needed to be concerned (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). The main objective of the proposed security policy is to enhance the strength of the existing security policy of the Commonwealth Bank along with maintaining the user friendliness of the system.

The main stakeholders of the bank are the users and the consumers of the services provided by the bank. The security is needed to be provided in the daily functioning for getting the services from the bank (Bughin & Van Zeebroeck 2017,p.80-86). The bank has associated organizations as the stakeholders from the business aspects. In order to maintain the security the confidentiality of the data along with the flow of communication between the Commonwealth Bank and other associate stakeholders are needed to be secured (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). The stored data in the hybrid cloud model is needed to be secured so that the data breaching can be resolved.

Existing security policy of the organization:

Existing security policy of the organization

The bank has various existing policies for ensuring the security of the stakeholders and the operations regarding the services provided by the bank (Gontarczyk,  McMillan & Pavlovski  2015,p.38-45).  Some of the notable policies regarding the enhancement of the security are stakeholder engagement, group whistleblowing policy, anti-money laundering policy and managing fraud (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). All of these existing policies will help to maintain the quality of the services provided by the bank.

However, it has been found out that there is no policy for the bank to ensure the securities against the vulnerabilities regarding the technical fault and the prevention of the cyber attack (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). This can become a major flaw for the bank as the ensuring the security in the transaction of the money and the operation of the technical systems are important for the enhancement of the overall security of the organization.

The proposed security policy for the organization:

Currently the organization have the security policies and the engagement of the stakeholders which are important for ensuring the operational and the business security of the organization (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). However, there is no security policy regrading the safety of the technical aspects of the operations of the banking system. In this case, the implementation of the new security policy can be proposed which will dedicatedly serve ensuring the security of the systems in the organization. This policy will ensure the security in the transaction (Gontarczyk,  McMillan & Pavlovski  2015,p.38-45). The secured payment gateway can be implemented for the online payment using the credit or debit card of the Commonwealth Bank (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). Apart from that the evaluation of the security of the stored information in private cloud is needed to be evaluated (Gontarczyk,  McMillan & Pavlovski  2015,p.38-45). Apart from that proper negotiation can be done with the third party cloud service provider regarding the security of the stored data in public cloud. These steps will ensure the security of the data stored in the hybrid cloud model adopted by the bank (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). Apart from that the ATM machines of the banks are needed to be secured so that the data breaching can be prevented from the ATM machines (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). This will mitigate the possibility of the violation of the data security regarding the personal information of the user.

The proposed security policy for the organization

Mitigation of the threats and the vulnerabilities based on the proposed security system:

The proposed security system is concerned about the enhancement of the security system from the technical aspects. In the security policy certain objectives  have been proposed for ensuring the functional security of the Commonwealth Bank. It has been found out that there are various safety and the security policies in the bank those are capable for the safety of the business (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87). However, there is no security policy ensuring the security of the technical aspects of the banking business of the Commonwealth Bank. In order to merge the security gap in the organization a security policy has been proposed in order to ensure the technical security of the doing business of the bank. The proposed security will ensure that the ATMs of the Commonwealth Bank are secured enough for the withdrawal of the money (Sathye 2015,p.1). The online transaction can be made through the secured payment gateway and the organization can prevent any kind of cyber threats and the technical faults. Apart from that the upgrade of the systems in the organization can be carried out so that the systems can contain current security patches. This will mitigate the chances of the cyber crime. Apart from that the use of the firewall in the system will ensure the restriction of the unnecessary traffics in the network (Edirisuriya,  Gunasekarage & Dempsey 2015, p.63-87).  This will ensure that network of the bank is secured. Apart from that the proposed security policy will ensure the data stored in the cloud is safe and secured.

Conclusion

The discussion has been made regarding the security vulnerabilities of the commonwealth bank. The objective of the paper has been fulfilled through the detailed discussion of the existing security system and policies in the organization. Apart from that the identification of the gap in the security system has been made in this paper. Based on the identified gap the solution of to mitigate the vulnerabilities has been proposed. The se3curity policy is proposed which is dedicated to the maintenance of the security of the technical systems of the organization. Ensuring the security of the technical functions in the organization will help to decrease the possibility of the cyber crime and the other security threats regarding the breaching of the data. The paper has proposed the security policy that will ensure the security of the commonwealth bank along with that it will ensure that the whole system will deliver the result or outcome which is user friendly. It is expected that the proposed system in the paper will bring the flexibility of the operations of the banking system and will maintain the data security. 

Reference 

Abbott, M. & Cohen, B., 2014. A Survey of the Privatisation of Government?Owned Enterprises in Australia since the 1980s. Australian economic review, 47(4), pp.432-454.

Apergis, N. & Cooray, A., 2015. Asymmetric interest rate pass-through in the US, the UK & Australia: New evidence from selected individual banks. Journal of Macroeconomics, 45, pp.155-172.

Bean, A. & Irvine, H., 2015. Derivatives disclosure in corporate annual reports: bank analysts’ perceptions of usefulness. Accounting and Business Research, 45(5), pp.602-619.

Bradford, A.W., 2016. Bank of the Commonwealth, the American Exchange Bank and others, appellants against the Tax Commissioners &c., of New York, respondents: argument of Alexander W. Bradford, Albany, January 13, 1864.

Bughin, J. & Van Zeebroeck, N., 2017. The best response to digital disruption. MIT Sloan Management Review, 58(4), pp.80-86.

Edirisuriya, P., Gunasekarage, A. & Dempsey, M., 2015. A ustralian Specific Bank Features and the Impact of Income Diversification on Bank Performance and Risk. Australian Economic Papers, 54(2), pp.63-87.

Gontarczyk, A., McMillan, P. & Pavlovski, C., 2015. Blueprint for Cyber Security Zone Modeling. INFORMATION TECHNOLOGY IN INDUSTRY, 3(2), pp.38-45.

McIlroy, J., 2017. Re-nationalise the commonwealth bank. Green Left Weekly, (1149), p.11.

Nurse, K., 2016. The diasporic economy, trade and investment linkages in the Commonwealth. Commonwealth Secretariat.

Ramsel, J., 2018. Addressing the 1: 4 with IX in the B1G: How the Big 10 Interprets Federal Guidance into Student-on-Student Title IX Sexual Assault Policies. The University of Wisconsin-Madison.

Sathye, M., 2015. Technical efficiency of large bank production in Asia and the Pacific.

Schlagwein, D., Thorogood, A. & Willcocks, L.P., 2014. How Commonwealth Bank of Australia Gained Benefits Using a Standards-Based, Multi-Provider Cloud Model. MIS Quarterly Executive, 13(4).