Overview of Optus Telecommunications
Question:
Discuss about the Information Security and Risk Management for Optus Company.
Optus is the second largest telecommunication companies in Australia which is a completely owned subsidiary company that is headquartered in south Wales Australia. Previously this company was trades under the Optus brand. The general management control system and application control system used by Optus company is appreciable from the operation and functional point of view. The information security model used by the company is completely self- owned and it operates in their own network communications. Besides this the company also uses the services of broadband network and Telstra (Shi, 2015). The end users of the company are able to get direct service from the Optus and at the same time defined as a wholesale service provider. Moreover it can be said that throughout South Wales Australia, it is a well known broadband and internet (Wireless) service provider.
The security of many others are dependent on this privately owned business thus the Information Security model used for the company is required o be enough string to maintain the security of the system. The aim of the Information security model of the company is to deliver such a security model to the users so that they can resolve the security challenges and also can close all security threats (Safa, Von Solms & Furnell, 2016). The IS model is the company provides managed security to free up the business of the users for innovating through staying a step ahead from the security threats. Another security approach of the company is the accurate usability of the security technology. The security technology used by the Optus Company can defend against the corporate level security threats with a very latest robust security system.
The IS model of the company is comprises of security consultants also who provide ideas to keep their services secured from the external attackers (Shameli-Sendi, Aghababaei-Barzegar & Cheriet, 2016). The IS security model of the company can eliminate all security level gaps also. Moreover, another aim of the company is to let their next generation platform completely secured. Besides the application platform the IS model can eventually secure the Intellectual property also. With a secured information security model, different key operational functionalities can collaborate perform over a single platform (Tsohou, Karyda & Kokolakis, 2015). Besides this the IS model also has proper mobile threat prevention approach which is powered by the Check point of Optus. With this security application none of the cyber criminals will be able to access information from the server of the company. Different mobile devices either android, ios or windows can be prevented with the help of the check point.
In order to stay ahead of security threats, the business of Optus should have to be innovative in nature. The cyber defense used by the company is quite strong which helps the business organization to stay ahead of security threats (Ifinedo, 2014). Moreover it can be said that the company has undertook measurable cyber security steps for defending their confidentiality from external attacks. In case of the digital business, the very new frontier is the cloud service provider. In traditional days purchase of new technology was a big deal. However, due to the integrated work socialization, incredible amount of technology can even by realized.
Information Security Model of Optus Telecommunications
ISO 17799 is not a security standard rather it is a control list and it also defines the information in terms of asset which are existing in different organizations. The main aim of Information security is to secure the confidential assets from being damaged or misused by different unwanted external users (Soomro, Shah & Ahmed, 2016). It will help the company to minimize commercial, social, and environmental issues through maximizing the rate of return on Investment rate. According to the ISO 17799, the information security policy is used for the prevention of the following assets:
Confidentiality: Confidentiality of information ensures that it is not accessible by any unauthorized users or unwanted assaults (McShane, Gregory & Wilson, 2016). The people who are authorized can access information from the storage can only fetch data whenever needed however rest of the users are allowed to retrieve any information easily.
Availability: Information availability assures that those are authorized and all associated authorized users are allowed to access information from the server whenever required.
Integrity: Integrity of the information is about safeguarding the completeness and accuracy of information and also about processing that information in a mannered way.
Based on standard ISO 17799 risk assessment it has been found that for the very new world of mobile cloud, powerful, open as well as flexible WI FI service is required that is served by Optus (Nugrah & Sastrosubroto, 2015). The security standard used by Optus is free of different system complexity. The security system used by the company is very much important from the mobile device perspective, BYOD, guest access and IOT devices. With the help of programmable network infrastructure the access control system used by the company will be enforced accordingly (Al-Isma’ili et al., 2016). The network infrastructure for the offload is completely responsible from the end user perspectives that may automate and orchestrate the security process of the company. This approach is completely time-saving and cost managing as well.
With the help of proper security policy, control and organizational security policies all information stored in Optus’s server can keep secured. The components should have been measured by securing the information is as follows:
- Accountability and integrity
- Security responsibility with security responsibility
- Training and development programs
- Incident management and system acceptance
- Planned capacity and malicious codes
- Authenticated nodes with defining routing
- Proper network segregation
- Controlled network connection
For Optus the control programs are not much different from others. It provides unified communication approach to the users that help to realize the product level benefits. The business grade voice and video can eventually supported by the mobile access. In many large business organizations throughout Australia proven capability has been served to business grades (Kafle et al., 2016). It has been found that, few numbers of wired desktop as well as desk phones implies the requirement for the edge kevel switches those are lessened. It can also eliminate the PBX and all other conferencing system. The moves and changes implemented for the system are completely easy according to the security standard and control.
The general access control system and application control system of the company are well managed as well as automated by the ISO 17799. Optus need not to supply different kinds of corporate level phones and laptops as BYOD is adopted by the company. This can lead to major operational and capital saving significant changes (Jouini et al., 2014). The frequently growing adoption for the mobile devices and laptops are increasing the number of different corporate as well as functional operations. It can also change the real work practice for the companies who are adopting the services given by Optus. Different present challenges in terms of activity based working are also eventually grow up with their standard security and control approach (Omar, 2017). In this kind of environments the company is required to look into certain components that may cause major risks for the organization and also for the companies those are using their services.
Benefits of Optus Telecommunications Information Security Model
Around the world cyber crime is making news headlines for different high profile companies rather victims ranging industries to companies or groups. Due to lack risk management and contingency management approach the companies are facing major issues in terms of consumer information loss, production failure and tattered reputation (AlHogail, 2015). In order to reduce the rate of attack it is necessary for the company to implement coordinative response from the different functionalities together.
Additionally the intra organizational culture is also needed to be developed accordingly. In order to develop a cyber security hub Optus has partnered with the well known Macquarie University. Collaboratively they have developed a company board which is responsible to create trust whenever the company will face serious cyber security risks (Ifinedo, 2014). For analyzing the risks that the company is facing the attributes those should be considered are as follows:
Experience and skills of the employees: The employees working for Optus should have enough skills and experience about cyber security from both the social and legal business context. They must have parallel experience about their competitors and based on that the business strategies are to be prepared (Tsohou, Karyda & Kokolakis, 2015). Alongside most suitable business practices should be adopted by Optus to resolve all managerial issues.
Obligation management system: Cyber security can impact the regulatory, legislative and similarly stock exchange obligations. Thus, OMS system should be adopted to mitigate these risks.
Proper risk assessment tools: Lack of cyber security risk assessment is Optus is other serious issue for the company (Nugraha & Sastrosubroto, 2015). External experts are needed to be appointed to resolve these high level risks. However, high capital is needed to be invested for appointing such professional experts.
Strategy development with performance goals: After analyzing the performance goal business strategies should be developed by Optus. Cyber security strategy place along with proper performance indicators are needed to be implemented by the company.
Relationship with third party: The senior executives of Optus should create strong relationship with the third party (Safa, Von Solms & Furnell, 2016). Not only this but also proper measures for stakeholder communication are to be undertaken for building trust among the employees and consumers who are working for the company.
In order to prepare proper contingency plan for Optus the steps to be considered are as follows:
- Contingency planning policy should be prepared
- Conducting business impact analysis
- Identification of proper prevention control approach
- Creating contingency strategies
- Developing information system contingency plan
- Ensuring proper testing, training and exercise for ensuring the plan
- Maintenance planning
Optus is facing serious issues due to IS security threats and vulnerabilities for non properly managed threat management services (Brookes, 2015). After analyzing the company background, other operational and functional abilities the IS threats those have been identified are as follows:
- Both social media and third party entry and data access
- Incorrect encryption algorithm
- Negligence for the Information security configuration (Bhatti, Abareshi & Pittayachawan, 2016)
In order to mitigate these vulnerabilities the tools those have been adopted by Optus telecommunication are mentioned below:
- Development of threat management system that is featuring:
- Actionable insight
- Protection towards emerging threats and business processes
- Security issues reduction
- Reduced product complexity
- Adoption of leading security drivers
- Encrypted and well managed email service
- Well managed anti malware services
- Secured SIEM and UTM
- Secured IDS and IPS
- Distributed Denial of Service attack mitigation approach
- Application delivery and defense security service
- Properly managed access management services and identity management approaches
- Secured remote access gateway
Social engineering is referred to as an information acquisition regarding the computer systems through different methods which can deeply incorporate different non technical means. If proper technical security is not considered then, that system will surely become vulnerable to get attacked by the externals. Social engineering is referred to as a technique which is defined through these two features a) no need for advanced technical tools and b) user friendliness and cheap (Safa, Von Solms & Furnell, 2016). In order to combat the Information security threats proper tools are to be incorporated. Thus it can be said that with the help of proper IS security tools (Social engineering) the issues that Optus is continuously facing due to its size and service domain will be reduced completely.
References
AlHogail, A. (2015). Design and validation of information security culture framework. Computers in Human Behavior, 49, 567-575.
Al-Isma’ili, S., Li, M., Shen, J., & He, Q. (2016). Clearing the ‘Cloud’Hanging Over the Adoption of Cloud Computing in Australian SMEs. Clearing, 12, 11-2016.
Bhatti, H. S., Abareshi, A., & Pittayachawan, S. (2016, July). An Empirical Examination of Customer Retention in Mobile Telecommunication Services in Australia. In ICE-B (pp. 72-77).
Brookes, C. (2015). Cyber Security: Time for an integrated whole-of-nation approach in Australia. Indo-Pacific Strategic Papers.
Ifinedo, P. (2014). The effects of national culture on the assessment of information security threats and controls in financial services industry. International Journal of Electronic Business Management, 12(2), 75.
Ifinedo, P. (2014). The effects of national culture on the assessment of information security threats and controls in financial services industry. International Journal of Electronic Business Management, 12(2), 75.
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496.
Kafle, Y. R., Mahmud, K., Morsalin, S., & Town, G. E. (2016, September). Towards an internet of energy. In Power System Technology (POWERCON), 2016 IEEE International Conference on (pp. 1-6). IEEE.
McShane, I., Gregory, M. A., & Wilson, C. (2016). Practicing Safe Public Wi-Fi: Assessing and Managing Data-Security Risks.
Nugraha, Y., & Sastrosubroto, A. S. (2015, May). Towards data sovereignty in cyberspace. In Information and Communication Technology (ICoICT), 2015 3rd International Conference on (pp. 465-471). IEEE.
Omar, S. (2017). Information system security threats and vulnerabilities: evaluating the human factor in data protection(Doctoral dissertation).
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015). Information security conscious care behaviour formation in organizations. Computers & Security, 53, 65-78.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of information security risk assessment (ISRA). Computers & security, 57, 14-30.
Shi, S. X. (2015). Time Shifting in a Networked Digital World: Optus TV Now and Copyright in the Cloud. In Copyright Perspectives (pp. 261-289). Springer, Cham.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.
Tsohou, A., Karyda, M., & Kokolakis, S. (2015). Analyzing the role of cognitive and cultural biases in the internalization of information security policies: recommendations for information security awareness programs. Computers & security, 52, 128-141.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
