Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Saleem Syed
Abstract
The following research paper analyzes the state of security employed by the New South Wales
Minerals Council which is a leading association currently representing the states minerals
industry. Mining is a key economic driver for the state and has been speculated to remain one of
the top industries. NSW Mining council works closely with the government. Although
considered by many as the largest industry of the state and one of the largest industries of the
country itself, NSW mining council has been the target of many hackers in the past who have
aimed to take hold of its sensitive information and this paper will discuss what measures can also
be taken to further improve information security.
Table of Contents
Introduction................................................................................................................ 4
Background of the organization..............................................................................4
Current state of the security................................................................................... 5
CNSS Security model.................................................................................................. 6
C.I.A Triangle.............................................................................................................. 6
Suggestions for improvement.................................................................................... 7
Conclusion.................................................................................................................. 9
References................................................................................................................ 10
Introduction
Background of the organization
The NSW minerals council is one of the oldest and largest industries of the state of New South
Wales Australia (NSW Minerals Council, 2013). According to the website of the company, none
of the states have played such a major and significant role in the history of mining in Australia
than NSW. The advent of mining from the state can be dated back to as early as 1790s, when a
coal mine began extraction in Nobbys head in Newcastle. Although it 1799 when the first
shipment of coal was dispatched from Newcastle, this showed only the beginning of one of the
most profitable industries of the state. Even today, coal is considered the primary mineral that is
extracted from the state, but it not the only mineral that is found in the state. Other minerals that
are also extracted in the state also amount to significant revenue the major ones being Gold and
Copper.
There are two types of coal that is mined, black coal and brown coal. Black coal is noted to be of
a much higher quality than brown coal due to its high moisture and low carbon content
comparatively (Christie et al., 2011). Black coal is the type of coal that is primarily mined in
New South Wales which makes it much more profitable than mining in any other state of the
country. Statistically, the coal which is used to produce electricity contributes to the total of 84%
of total energy that is produced for the whole state. The council has also been known to be
extremely vigilant about its operations as the industry itself is a dangerous one for workers. The
NSW mining takes every possible precaution to make sure that all the security measures are met
for operations in order to ensure the safety of its employees.
The use of Coal for production of electricity through thermal plants has been regularly criticized
by environmentalists due to the emissions from these processes resulting in the greenhouse effect
of the environment (Kaushik et al., 2011). However with little availability and development of
other sources of energy along with the abundant presence of minerals in the area, the state is
heavily reliant on the industry for energy. Due to the constant pressure from these groups the
organization has put up many efforts in order to reduce the carbon emissions to the environment
in order to demonstrate corporate social responsibility. The organization has kept its best efforts
in the past to ensure that its workers are properly motivated and have the appropriate equipment
to mine. This has been one of the reasons why it has been able to give responses to
environmentalist by showing them the number of employment in the industry and amount of
revenue that helps the economy of the country.
In todays era of technology, the biggest threat to any organization can be put to the availability
of its secrets and sensitive information, which can result in the organization being prone to losing
its strengths when competitors become able to exploit its weakness in order to drive out the
organization out of the market (Bandyopadhyay and Sen, 2011). Every large organization knows
that its secrets and information is the most important part of the business in order to stay in the
market and prosper in the future.
C.I.A Triangle
The C.I.A triangle is a concept of information channeling that basically worked on only three
factors as a core policy for securing information electronically (Von Solms and Van Niekerk,
2013). It has been defined as an industry standard for information security. Originally the
concept only included Confidentiality, availability and characteristics which also formed a
significant part in the building of McCumber model; however the concept has been update and
currently includes factors such as privacy, authentication, accountability and authorization.
The reason why McCumber model has only been partially implemented in the organization is
because the organization has efficiently implemented this concept on a broader perspective. The
lower level employees have been kept properly motivated by the organization through its
vigilance of the information channels that are being used by the organization. The operations
workers thus not need usually to concern themselves with what goes on in the top level
management, unless the decision may drastically affect them such as in the case of Mount
Thorley Warkworth mine where workers could lose their jobs due to shutting down of the mine.
On the other hand NSW Mining has been the target of two major hacking attacks in the past 6
years which means that the company needs to have an upgraded and constantly monitored
security as negligence in this matter may not only result in workers being put at risk but also the
sensitive information of the organization can leak out to the wrong people who may exploit
them. The organization may have been resistant to these attacks, but it has been statistically
calculated that every one in three companies of Australia have been attacked and 85% companies
have been breached in the past which is much higher that the world average of 60% (Nicholson
and Elms, 2011).
The implementation of Information Security Governance also means that the organization gains
the ability to more efficiently manage its resources (Flores et al., 2014). The employment of
Information Security Governance would also mean that the organization would have to spend
fewer resources on securing its information as it would be stored directly into the organization
and would have already become more difficult to be breached by an outsider. This means that
NSW mining would have more resources available which can be better utilized on achieving
other important objectives such as increasing the corporate social responsibility in order to gain
the approval of the general public. This move will not only help the organization gain a more
positive image in the minds of the general public, but may also prove helpful in the renewal of
the mines which are under the threat of being shut down permanently.
The implementation of Information Security Governance, if successful, may not only result in
reduced costs but may also help the organization in achieving higher profits (Flores et al., 2014).
If it implements Information Security Governance successfully, it would also help in effectively
monitoring the performance benchmarks in the future as all the information will get recorded by
the organization which will not only help in estimating more accurate benchmarks but will also
help the organization to align itself better with the market needs. The successful implementation
of Information Security Governance may thus also result in the increased share value for the
organization. NSW mining is already one of the biggest companies on the stock exchange of
Australia, but has been experiencing fluctuations in its share prices in the market due to mixed
opinions about the organizations workings. Once corporate social responsibility is properly
worked on by the management, there is bound to be increased positive perceptions regarding the
organization, where investors will have increased confidence on the working of the organization
as well as have trust that the organization is safer from information breaches.
Having a proper model will also help the organization in keeping a more stable perspective of the
market and have increased predictability which will help in reacting to the market. This
predictability will not only help the organization in realizing potential threats and weaknesses,
but will also help NSW mining to analyze potential opportunities faster and act upon them. The
breach of information kept by the organization can also result in the information about other
stakeholders being leaked exposing them to all sorts of threats. Identity theft is a common crime
which has resulted in billions of thefts around the country, and this crime becomes much easier
for a hacker with access to the confidential information of the victim. The recent cyber attack on
the organizations information commercial strength also showed the flaw in their previous
techniques and so the organization had to converge its information technology with it operations
technology in order to better protect its assets.
Another step that NSW mining needs to take in order to better protect its assets is to plan
contingencies which may come into work for the purpose of keeping in hold of its information.
There are four components of a successful contingency plan which are created separately but
work as a single unified plan in order to counter a negative unforeseen consequence. The four
components of a contingency plan are as follows:
Contingency Plan Management Team; The team would be created and set responsible for
collecting the information of each and every attack that occurs on the organizations information
asset. The employment of this team would mean that the organization would be able to better
predict the pattern of attacks on its information asset and then prepare or upgrade its security
accordingly in order to better counter these attacks in the future.
Incident Response Team; The incident response team is made responsible for responding to the
attack on the company. The team would be made to develop its responses in advance so that time
is saved before the implementation of counter on Information Security breaches.
Disaster Recovery Team; The team would be responsible to work its way to minimize the
damages that may have occurred due to the attack. The team is also made responsible for
recovering information that may have been lost by the organization during the attack.
Business Continuity Team; The team is tasked with making sure that the organization works
efficiently at the same pace as before.
Although the components of a contingency plan are designed separately and work towards
seemingly different objectives, their workings need to be perfectly aligned in order for the
organization to execute a contingency plan with success. These components mostly work in a
cyclical format, which means that any inefficiency from a single component may result in drastic
problems for the organization itself. The teams work in a way that they work towards a unified
aim where one cannot achieve its objectives without help from the other.
Conclusion
NSW Mining council is the largest organization of the country and is responsible for not only a
significant amount of revenue for the state and fulfillment of its needs, but also helps the
economy by providing numerous jobs to both local and foreign workers. The organization has
grown rather accustomed to pressure from environmentalists who condemn its action of using
coal to provide energy and believe that it should find alternative methods to produce energy.
However, now the organizations are also facing trouble from hackers who are attempting to get
hold of the information kept. The biggest problem is that only large organizations are able to
afford and implement proper methods of security for information, whereas small organizations
are practically exposed to cyber attacks. And even after this much security if attempts are still
made on the larger organizations of Australia as well, then this means that they need to further
upgrade their security systems in order stay ahead of the curve and prosper in the future. For any
organization to successfully there are multiple methods which can help it in increasing the level
of security for its information asset. However it can still not be concretely said when an
organization is impossible to be breached by any intruder.
10
References
Bandyopadhyay, D., & Sen, J. (2011). Internet of things: Applications and challenges in
technology and standardization. Wireless Personal Communications, 58(1), 49-69.
Christie, V., Mitchell, B., Orsmond, D., & Van Zyl, M. (2011). The iron ore, coal and gas
sectors. RBA Bulletin, March, 1-7.
Flores, W. R., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in
organizations: Investigating the effect of behavioral information security governance and
national culture. Computers & Security,43, 90-110.
Kaushik, S. C., Reddy, V. S., & Tyagi, S. K. (2011). Energy and exergy analyses of thermal
power plants: A review. Renewable and Sustainable Energy Reviews, 15(4), 1857-1872.
Laurence, D. (2011). Establishing a sustainable mining operation: an overview. Journal of
Cleaner Production, 19(2), 278-284.
Nicholson, G., & Elms, N. (2011). Corruption, corporate culture and the board's
responsibilities. Keeping good companies, 63(10), 594-599.
NSW
Minerals
Council
(2013),
about
us,
retrieve
from:
http://www.nswmining.com.au/menu/about-nsw-minerals-council [accessed 18/8/2016]
Sabbari, M., & Alipour, H. S. (2011). A security model and its strategies for web
services. International Journal of Computer Applications, 36(10), 24-31.
Ullah, A., & Lai, R. (2011). Modeling business goal for business/IT alignment using
requirements engineering. Journal of Computer Information Systems,51(3), 21-28.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.
Watson, D. (2014). NSW Court of Appeal dismisses appeal to reinstate Warkworth mine
extension approval. Australian Resources and Energy Law Journal, 33(2), 104.