Assessment ?3? Template
Student Name |
|
Student Number |
|
Business name |
Telstra Corporation Limited |
Industry name |
Telecommunication |
Business Background |
Telstra is an Australian telecommunications company That provides mobile, internet and enterprise services. The company was established in 1901 and is a key component of the country’s communications infrastructure and offers new-generation technologies to millions of customers (Telstra, 2024) . |
Industry Background |
The telecommunication industry is a key enabler of world connectivity through mobility, Internet and satellite. With constant developments in 5G and IoT, this company has to deal with issues such as security and legal restrictions and it is an Australian market leader in this sector Telstra. |
Part 1 – Business Risk Register
Risk Name |
Risk Description |
Likelihood |
Impact |
Priority |
Impact |
Mitigation measure |
Cybersecurity Breaches |
As a telecommunication company, Telstra is vulnerable to cyber-criminal activities in which customer data as well as the company’s network can be compromised.
|
High |
Financial, operation, and reputational risks |
Critical |
High |
Improving the system of protection against cyber threats, constant training of the staff, and adopting advanced technologies of security.
|
Natural Disaster |
Australia is vulnerable to natural disasters that might affect important pieces of infrastructure, for instance, towers and data centres.
|
Moderate
|
disturbances to the availability of services, monetary damages |
High |
Moderate |
Creating capacity as structures to withstand disasters, cloud-based backup for services, and improving the functional emergency teams.
|
Network Equipment Failure |
A failure of network equipment can cause the termination of communication services across the country.
|
Moderate
|
service downtime, customer dissatisfaction |
High |
Moderate |
Preventive measures, backup methods and mechanisms and quick intervention measures in case of equipment breakdowns.
|
Supply Chain Disruptions |
Equipment is sourced from external suppliers meaning that Telstra could be badly affected by either supply chain delays or interruptions.
|
Low |
servicing after a certain time, increase in the expenses |
Moderate |
Low |
Using multiple suppliers and the development of sound supplies inventory management systems. |
Regulatory risks |
New laws and regulation policies may pose risks to the existing business in operation since they affect how Telstra operates its business (Zaid et al. 2020, p.2).
|
Moderate |
Expenses incurred are high with fines involved as well as change of operations. |
Moderate |
Moderate |
Developing and sustaining compliance programs, and closely observing such regulations to be in line with current developments.
|
Part 2 – Business Impact Analysis
Part 3 – Incident Response Plan
Incident type |
Actions are required to eradicate/resolve the incident |
Resources are required to resolve the incident |
Who is responsible for remediation actions |
Systems/services to be prioritised |
Systems/services will be affected during the remediation process and how |
Cyberattack |
Contain affected assets, inform security stakeholders, start an investigation, deploy mitigation, recover from desirable state, and enhance security controls |
Cybersecurity team, IT staff and investigators (Polinkevych et al. 2021, p.100).
|
Chief Information Security |
Customer data and network services |
For efficiency, servers and databases that interact with customers may be shut down locked and restored at a later time. |
Natural Disaster |
Estimate the extent of the problem, switch to auxiliary facilities, reconstruct the network flow, inform clients, and mobilize personnel to repair physical premises.
|
Backup systems, field technicians and emergency response team. |
Head of Network Operations |
Data centres for networks and communication lines. |
Network operations may be disrupted in all the affected areas until repair is done and services are redirected. |
Network Equipment Failure |
Isolate the problem, find out where the traffic is congested, swap or fix the gears, and make the end user’s flow. |
Field engineers, backup hardware and network technicians. |
Head of Technical Operations |
Core network infrastructure includes routers. |
Individual pockets of service interruption in various parts of the globe as traffic is redirected and substandard hardware is fixed. |
Supply Chain Disruption |
Choose other suppliers, speed up delivery, change the timings, and study contracts for fines or extensions. |
Logistic Experts and alternate suppliers |
Head of the supply chain |
Supply of network components |
Continuing construction or renovation jobs may however be affected, meaning that service delivery or maintenance is slower. |
Part 4 – Recovery Plan
Critical Business Activities |
Preventative/Recovery Actions |
Resource Requirements/ Outcomes |
Recovery Time Objective |
Responsibility |
Network Service Provision |
Preventative Actions: Procedures such as routine checkups on network structures, duplicity of the network paths, and usage of technology that constantly checks the network for signs of emerging problems (Szczepaniuk & Szczepaniuk 2021, p.7).
Recovery Actions: Redirect the network traffic to an alternate path, swap or fix failed components in the network and recover the services from a different route. |
Resources: Field engineers, network monitoring tools, backup hardware, and backup routing systems. Outcomes: Instant identification of the error on a network and containing any resultant effect on the service delivery to clients and immediate rectification (Ruiz-Canela López 2021).
|
2 Hours |
Head of Network Operations |
Data center Operations |
Preventative Actions: Inspect regularly such data centre surroundings, Back up data to the cloud and physically protect data centres.
Recovery Actions: Convert to cloud-based backup, recover lost or corrupted information and possibly replace faulty physical servers |
Resources: Disaster recovery team in information technology, cloud backup service providers, and physical structures’ support systems. Outcomes: Restoration with low data loss rates and brief service disruption.
|
6 Hours |
Data center Manager |
Customer Support Services |
Preventative Actions: Create more than one help desk (web, phone, and chat), create several backups ‘help desks, and instruct employees concerning the actions to take in an emergency.
Recovery Actions: Switch on other customer support options, divert the calls to backup help desks, and include remote help desk employees
|
Resources: Remote call centre tools, cloud-based communication tools, other human support resources and other support centres. Outcomes: That will entail having a checking of customer service being open at all times, observing that there are no bottlenecks in service delivery and that the customers are not let down by the various service providers |
4 Hours |
Customer Support Manager |
Billing and payment processing |
Preventative Actions: Updating of the billing software frequently, relationships of the company with more than one of the payment gateways and frequent testing of the payment systems.
Recovery Actions: Move payment processing to other payment platforms, regain access to the system and contact all financial merchants on the matter for the optimization of cash flow. |
Resources: A payment gateway can be recognized as an essential component of the IT department, financial institutions, alternate payment gateways, and billing software. Outcomes: Payment processing without much disruption, providing cash flow, and at the same time keeping up the satisfaction of customers. |
24 Hours |
Chief Financial Officer (CFO) (Telstra 2024) |
Part 5 – Reflection
Despite the work that Telstra has done, there are some areas, which should be improved to increase the general level of resilience or business continuity plan (BCP). Below are detailed assessments and recommendations across the four pillars of BCP: are in the four different stages consisting of assessment, preparedness, response, and recovery.
1. Assessment: Perform Additional Regularity of the Risk Assessment Exercise
For Telstra to continue being vigilant about new threats more risk analysis should be conducted more often. For now, the risk assessments hold their reviews once a year but looking at the nature of the telecommunications industry this should be changed to at least a quarterly or bi-annual affair to capture changing risks, such as cybersecurity, changes in regulatory requirements or challenges posed by market entrants. Introducing constant tabletop exercises using crews from different departments is also useful in the duplication of available crises to reveal gaps in the organization’s processes and structures. These assessments should integrate findings from such events that occurred in the industry over the recent past to ensure that the BCP is informed by the current threats (Marshall et al. 2023, p.2).
2. Preparedness: Enhance the Live Simulation Disaster Contingency Drill
Improving DR simulation is particularly important so that the employees at Telstra get adequate training on what to do when a disaster strikes. DR drills may currently be limited to technical elements of server recovery for instance; however, ensuring that customer service teams, operations or even partners are incorporated into the exercise enhances readiness. Consequently, organizations can use full-scale simulations that mimic real-life disaster scenarios like data breaches or natural disasters to discover miscommunications and coordination breakdowns between the teams. This will not only help create muscular memory for the company but will also enhance the culture of preparedness amongst the organizational workers.
3. Response: Provide funds to Rapid Response Technology for Cyber Incidents
As the threat of cyberattacks becomes even more advanced, Telstra should devise ways by which the company can control such threats better through the use of higher-end technological solutions such as automated response systems. At present, manual response processes can cause delays in facing and addressing the problem which thereby worsens the consequences of the attack. Through the use of SOAR solutions, he said Telstra can integrate its processes towards addressing incidents and disadvantages. These tools can give immediate notification, implement threat counteractions automatically and the intercommunication of security teams. Not only does it save time to respond automatically, but it also greatly decreases the chances of mistakes in dire situations.
4. Recovery: Improve relations with all the cloud service providers to increase RTO (Schlette et al. 2021, p.2526).
Since data centres play a crucial role in Telstra’s core processes, improving interaction with cloud service providers will greatly affect its recovery. Telstra can grow strategic alliances involving the cloud to take advantage of redundancy and failover that leads to lower RTOs. Besides, the shift to hybrid cloud solutions where resources are distributed more freely can help to recover quicker from incidents. The reviewing and practising of cloud recovery solutions should be carried out on a routine basis about the atmosphere and functionalities of Telstra to improve its elasticity in the course of disruptions.
References
Alzoubi, H M, Alshurideh, M, Kurdi, B A & Inairat, M 2020, ‘Do perceived service value, quality, price fairness and service recovery shape customer satisfaction and delight? A practical study in the service telecommunication context,’ Uncertain Supply Chain Management, vol. 8, no. 3, pp. 579-588. viewed on 5 October 2024. <https://research.skylineuniversity.ac.ae/id/eprint/8/>.
Fraser, J R Quail, R & Simkins, B eds 2021, Enterprise risk management: Today's leading research and best practices for tomorrow's executives. John Wiley & Sons. viewed on 5 October 2024. <https://www.researchgate.net/profile/Betty-Simkins/publication/299904292_Enterprise_Risk_Management_An_Introduction_and_Overview/links/62ab5ef523f3283e3aeca997/Enterprise-Risk-Management-An-Introduction-and-Overview.pdf>.
Hassan, A & Ahmed, K 2023, ‘Cybersecurity’s Impact on Customer Experience: An Analysis of Data Breaches and Trust Erosion,’ orientreview, vol. 15, no. 9, pp. 1–19. viewed on 5 October 2024. <https://orientreview.com/index.php/etmibd-journal/article/view/17>.
Marshall, A Wilson, C A & Dale, A 2023, ‘Telecommunications and natural disasters in rural Australia: The role of digital capability in building disaster resilience,’ Journal of Rural Studies, vol. 100, p.102996. viewed on 5 October 2024. <https://www.sciencedirect.com/science/article/pii/S0743016723000530>.
Polinkevych, O Khovrak, I Trynchuk, V Klapkiv, Y. & Volynets, I 2021, ‘Business risk management in times of crises and pandemics,’ Montenegrin Journal of Economics, vol. 17, no. 3, pp. 99-110. viewed on 5 October 2024. <https://vb.mruni.eu/object/elaba:98578018/ATTACHMENT_98578815#page=99>.
Ruiz-Canela López, J 2021, ‘How can enterprise risk management help in evaluating the operational risks for a telecommunications company,’ Journal of Risk and Financial Management, vol. 14, no. 3, p.139. viewed on 5 October 2024. <https://www.mdpi.com/1911-8074/14/3/139/pdf>.
Schlette, D Caselli, M & Pernul, G 2021, ‘A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective,’ IEEE Communications Surveys & Tutorials, vol. 23, no. 4, pp. 2525–2556. viewed on 5 October 2024. <doi:https://doi.org/10.1109/comst.2021.3117338.>.
Szczepaniuk, E K & Szczepaniuk, H 2021, ‘Analysis of cybersecurity competencies: Recommendations for telecommunications policy,’ sciencedirect, vol. 46, no. 3, pp. 102282–102282. viewed on 5 October 2024. <doi:https://doi.org/10.1016/j.telpol.2021.102282.>.
Telstra 2024, Telstra: Broadband Internet, NBN, 5G, TV & Mobile Phone Services. Telstra.com. viewed on 5 October 2024. https://www.telstra.com.au/
Zaid, A Alwan, A & Gulzar, Y 2020, ‘Disaster Recovery in Cloud Computing Systems: An Overview,’ IJACSA) International Journal of Advanced Computer Science and Applications, vol. 11, no. 9. viewed on 5 October 2024. <https://core.ac.uk/download/pdf/350765431.pdf.>.
?
