ISY203 Information Security

Introduction

The commonwealth bank in a multination bank which is located in Australia and there are many branches of this bank worldwide such as Asia, New Zealand, United State, and the UK. It was founded on 22 December 1911 and darling harbor, Australia and Sydney all these are headquarters of commonwealth Australian bank (Chakraborty, et al., 2016). The main purpose of this report is to research and develop a security policy for the commonwealth bank and evaluate various types of security threats. The commonwealth bank is the one largest bank in Australia in terms of market capitalization and it is also the largest in the southern hemisphere (Deepa, and Thilagam, 2016). This report is explaining various security struggles and policies to reduce threats of commonwealth bank and also provide mitigation to reduce cybersecurity and vulnerabilities.  

Overview of Commonwealth bank

Commonwealth is also called as CBA or Common bank which provides many services to consumers such as business, funds management, insurance, retail, institutional banking, insurance, booking services, and superannuation (Gontarczyk, McMillan, and Pavlovski, 2015). The natures of commonwealth banks are banking and financial services and it also deliverers retail and commercial facilities to their customers. There are many stakeholders of this organization which are following

• Customers
• Employees
• Shareholders
• Contractors
• Suppliers
• Government
• Fund managers
• Non-government organizations and communities
• Media
• Investors (He, Chan, and Guizani, 2015).

A strategic policy for Commonwealth bank

Information or data of any organization is one of the most important key elements and communication network helps to connect the commonwealth supplier and their customers (Huckvale, et al., 2017). There are many security systems developed by information and technology system and it is estimated that the lack of security is a very common issue for commonwealth Australian bank.  

Upgrade security systems

Commonwealth uses various software’s and systems to secure consumers personal accounts and they can upgrade their security programmes by which users can improve the security of their data (Krombholz, et al., 2015). Commonwealth bank can implement new security networks access bank facilities such as information systems, databases, and sensitive equipment’s.

Operating Security Devices

Confirm that all security programmes and devices are turned on and they are operating at the time of cyber-attacks. This step will involve a visual inspection of any control system which can be used to find whether the devices are in working condition or not. Commonwealth should check this type of problem on regular basis and keep their systems up to date (Li, Tryfonas, and Li, 2016).

Password management

Commonwealth bank can use this type of process and they can implement security relate responsibilities by which users can save their personal information. This bank provides online banking system and many users use this feature into a smartphone so they can use the password-based system. Therefore this bank can develop this type of plan by which users can secure their accounts (Oliveira, et al., 2014).

Physical and environmental security

Employees of commonwealth protect their servers and computer systems because many hackers produce traffic signals into computer servers. The management team can make security plans on a monthly basis and identify unauthentic access. Also, protecting infrastructure equipment’s for example, air conditioners, and fire systems (Richards, Kjærnes, and Vik, 2016).

E-mail security

It is a platform, where the management system of the bank communicates with customers and also provide customer support facility. Many hackers send fraud emails to users and employees by which they can easily enter into bank servers. If the commonwealth bank develops e-mail protocols than they can reduce fraud cases and messages (Salmon, 2015). Email is the biggest wholesaler of infections and spam which needs systems and methodology to ensure information isn't tainted or stolen.

Upgrade Encryption

It is the essential advance for any managing an account division which diminished numerous security dangers and hazard. In which flag or data change over into a type of code and exchange from provider to client and programmers can't read this code without authorization. Bank manager can use this technology for communication and they can reduce cyber-crimes and loss of their information (Schlagwein, Thorogood, and Willcocks, 2014). Maintain and upgrade their information systems by using different types of encryption software’s because it is the very important step of security for any mobile banking system.

SSL certificate

The principal reason for computerized certificates is that it gives a verification procedure to different sites. This is additionally called an outsider confirmation step which can be utilized for NAB security since it can enhance the security of human individual records (Seo, et al., 2014). There are numerous Australian banks which show their name in green shading and this green shade demonstrates the procedure of EV endorsement.

Biometric authorization system

Biometric is the type of security system which is used to investigate human physical activities and it is generally used for identification of user personal information. There are mainly three types of biometric systems available such as hand geometry, fingerprint, and iris recognition system. In this modern generation many banking sectors change their security systems and adopted the biometric system and commonwealth bank can use this technology for security purpose (Wanna, 2015).

Limited Login Attempts

The principal goal of this security plan is to lessen beast drive assault into different banks. In the event that any individual entered wrong secret key then he may have seen granting message that is excessively numerous actions may cause for you which is a piece of this innovation. In the event that commonwealth bank utilizes restricted login activities in their private records then they can enhance their security (Zeitoun, et al., 2016). In the beast drive assault, programmers endeavor to go into the client's close to the home framework with the assistance of continued endeavouring framework. Along these lines, clients can utilize this innovation for the security of their financial balances.

Protection Software

In this advanced age data and correspondence innovation created numerous antiviruses and programming to shield human individual information from programmers. There are many programming's which can be utilized for commonwealth security, for instance, firewall, log360, the point of interest, joining, Barkly, and Incapsula. These entire products keep running out of the spotlight and secure human-PC frameworks and individual data's (Zeitoun, et al., 2016).

Potential threats and vulnerabilities of commonwealth bank

Commonwealth bank is suffering from many cyber-attacks and security threats because of this many users and consumers reduced their security. Some of the threats and vulnerabilities of this bank are explained below (Oliveira, et al., 2014).

Trojan attacks

The aggressor installs a Trojan, for example, a key lumberjack program on a client's PC. This happens when the clients access to specific sites and downloaded programs. As they are doing this, the keylogger program is likewise introduced on their PC without their insight (Zeitoun, et al., 2016). At the point when the clients sign into their bank's site, the data in amid that session will be caught and sent to the aggressor. Here, the assailant utilizes the Trojan to make any illicit exchanges whenever needs.

Man-in-the-middle attack

Here, a phony site is made to get the consideration of clients to this site. Typically, the assailant is proficient to trap the clients by camouflaging their character to influence it to give the idea that the message was originating from a confided in the source. Once fruitful, rather than setting off to the assigned site, clients don't understand that they really went into the fraudster's site. The data in amid that session will be caught and sent to the assailant; at that point to do any illicit exchanges whenever needs (Zeitoun, et al., 2016).

DOS and DDOS Attacks

Denial of service is very common cyber-crime which is growing very fast and the commonwealth is suffering from this problem. In which hackers use complex source codes and botnet process to block human personal accounts and it can easily encrypt all private sources (Zeitoun, et al., 2016). Attackers share a large number of traffic signals with the help of e-mails and messages to bank websites or servers after that they produce malware or malicious software to enter into computer systems. Programmers initially send extortion messages and message to buyers which are to keeping money and clients read that sends and tap on given connections by which assailants distinguish client's servers and go into their PC frameworks and other fringe gadgets. From that point forward, they bolt their records and request cash to re-establish back their private data's (Oliveira, et al., 2014).

Malicious attack

It alludes to a security risk in which programmer breaks security and goes into a PC framework without a legitimate approval (Oliveira, et al., 2014). There are different sorts of complex calculations are utilized and programmers can control and screen clients servers and workers of NAB are likewise experiencing this kind of issue.

First-Party Fraud

This kind of security threat is also called as advances fraud and sleeper fraud in which attacker call to users for credits cards and net banking. Hackers collect personal information like the name on the card, ATM pin, and one-time password by calling them and they can easily access their personal bank accounts and encrypt all files (Oliveira, et al., 2014). 

Skimming

It is kind of security threat in which users use their bank debit cards for various services like online transaction shopping and another process by which they reduced their security. Attackers include many fraud accounts and multiple ATMs by which they can reduce the privacy of any banking service.  

Sniffers

In this type of security, problem attackers use various kinds of process and software’s which can detect ID and password of user personal bank accounts. If users use biometric security system then they can reduce the problem of sniffers and commonwealth bank can adopt the latest fingerprint or iris system (Oliveira, et al., 2014).

Mitigation

Grab is experiencing different sorts of security dangers and digital assault by which they can lose their incentive in the market. Data and correspondence innovation delivered numerous security designs and ventures by which commonwealth bank can anchor their own records and data's which are describing below

• Use secret key based frameworks and embraces biometric acknowledgment assets
• ADD an SSL endorsement into their site by which they can control security issues
• Use back plans and recuperation process like distributed computing
• Monitor and control their own servers by antiviruses and firewall
• Communicate with their clients by extortion ready process
• Use a one-time secret key framework to anchor human individual records
• Block unapproved get to
• Update PC and portable programming all the time
• Scanning keeping money PCs and servers by utilizing antivirus programming
• Use Short message benefit
• Use Device distinguishing proof advances
• Browser security (Oliveira, et al., 2014).

Conclusion

Commonwealth Bank is a very big Australian bank which is providing many services to users like online banking, insurance, and financial services. In the field of information and technology, security threats and cyber-attacks are growing very fast and many Australian banks are facing this type of problem. This report described different types of security steps to reduce threats to the commonwealth and it also evaluates various threats and risks occur in the banking sector. Consumers should protect their personal accounts by using biometric systems and antivirus software’s through which they can avoid the problem of security.

References

Chakraborty, R., Lee, J., Bagchi-Sen, S., Upadhyaya, S. and Rao, H.R., (2016) Online shopping intention in the context of the data breach in online retail stores: An examination of older and younger adults. Decision Support Systems, 83(2), pp.47-56.

Deepa, G. and Thilagam, P.S., (2016) Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Information and Software Technology, 74(5), pp.160-180.

Gontarczyk, A., McMillan, P. and Pavlovski, C., (2015) Blueprint for Cyber Security Zone Modeling. INFORMATION TECHNOLOGY IN INDUSTRY, 3(2), pp.38-45.

He, D., Chan, S. and Guizani, M., (2015) Mobile application security: malware threats and defenses. IEEE Wireless Communications, 22(1), pp.138-144.

Huckvale, K., Prieto, J.T., Tilney, M., Benghozi, P.J. and Car, J., (2015) Unaddressed privacy risks in accredited health and wellness apps: a cross-sectional systematic assessment. BMC Medicine, 13(1), p.214.

Krombholz, K., Hobel, H., Huber, M. and Weippl, E., (2015) Advanced social engineering attacks. Journal of Information Security and Applications, 22(6), pp.113-122.

Li, S., Tryfonas, T., and Li, H., (2016) The Internet of Things: a security point of view. Internet Research, 26(2), pp.337-359.

Oliveira, T., Faria, M., Thomas, M.A. and Popovi?, A., (2014) Extending the understanding of mobile banking adoption: When UTAUT meets TTF and ITM. International Journal of Information Management, 34(5), pp.689-703.

Richards, C., Kjærnes, U. and Vik, J., (2016) Food security in welfare capitalism: Comparing social entitlements to food in Australia and Norway. Journal of rural studies, 43(4), pp.61-70.

Salmon, L., (2015) Food security for infants and young children: an opportunity for breastfeeding policy?. International breastfeeding journal, 10(1), p.7.

Schlagwein, D., Thorogood, A. and Willcocks, L.P., (2014) How Commonwealth Bank of Australia Gained Benefits Using a Standards-Based, Multi-Provider Cloud Model. MIS Quarterly Executive, 13(4), p. 16.

Seo, S.H., Gupta, A., Sallam, A.M., Bertino, E. and Yim, K.,
(2014) Detecting mobile malware threats to homeland security through static analysis. Journal of Network and Computer Applications, 38(4), pp.43-53.

Wanna, J., (2015) Policy analysis at the federal government level. Policy analysis in Australia, 18(4), pp.71-86.

Zeitoun, M., Lankford, B., Krueger, T., Forsyth, T., Carter, R., Hoekstra, A.Y., Taylor, R., Varis, O., Cleaver, F., Boelens, R. and Swatuk, L., (2016). Reductionist and integrative research approaches to complex water security policy challenges. Global Environmental Change, 39(2), pp.143-154.