Aztek: Risk Management & Assessment
Added on 2019-10-30
18 Pages4841 Words31 Views
Aztek
Aztek: IT Risk
Management
Bring Your Own Devices (BYOD)
9/25/2017
Aztek: IT Risk
Management
Bring Your Own Devices (BYOD)
9/25/2017
Aztek: Risk Management & Assessment
Executive Summary
There are different recommendations that have been given by the senior officials at Aztek, an Australian
finance firm to overcome the existing infrastructural problems and operational issues. The project
selected for implementation is the Bring Your Own Devices (BYOD) project in which the employee-
owned devices will be sanctioned and allowed to be used in Aztek for business purposes. There will be
many advantages that will be offered by this scheme along with certain challenges in the form of security
threats and risks. A risk assessment report has been prepared for the BYOD project at Aztek covering the
review of the project from financial and security aspects, risk assessment process and data security
details.
Findings and Recommendations
The report throws light on numerous security threats and attacks that may come up with the permission to
allow the employees to use their devices in office (Cioupdate, 2016).
The major types of risks identified are information security risks, network security risks, device security
risks and insider attacks. There will be methods and steps that have been recommended to prevent and
stop all of the attacks under these categories.
The proposed and recommended countermeasures comprise of three different forms of security controls
that shall be implemented.
The first form is the use and update of the technical and logical controls. There are currently many of the
technical tools that are being used to make sure that the organizational security is maintained. However,
with the implementation of BYOD in Aztek, the forms of risks and threats will increase which will
require an update on these technical controls to be done. There are many new technological ideas and
concepts that are being invented every day which shall be analyzed by the security departments in
association with BYOD security risks and Aztek security. The network security risks and attacks shall be
controlled and prevented by using updated versions of network based intrusion detections and prevention
systems along with anti-denial tools. There are also automated network scanning, Wi-Fi scanners and
network auditing tools that have been created. These tools carry out authorized monitoring of the network
activities and also maintain a network log for all the activities that are carried out. Information and device
2
Executive Summary
There are different recommendations that have been given by the senior officials at Aztek, an Australian
finance firm to overcome the existing infrastructural problems and operational issues. The project
selected for implementation is the Bring Your Own Devices (BYOD) project in which the employee-
owned devices will be sanctioned and allowed to be used in Aztek for business purposes. There will be
many advantages that will be offered by this scheme along with certain challenges in the form of security
threats and risks. A risk assessment report has been prepared for the BYOD project at Aztek covering the
review of the project from financial and security aspects, risk assessment process and data security
details.
Findings and Recommendations
The report throws light on numerous security threats and attacks that may come up with the permission to
allow the employees to use their devices in office (Cioupdate, 2016).
The major types of risks identified are information security risks, network security risks, device security
risks and insider attacks. There will be methods and steps that have been recommended to prevent and
stop all of the attacks under these categories.
The proposed and recommended countermeasures comprise of three different forms of security controls
that shall be implemented.
The first form is the use and update of the technical and logical controls. There are currently many of the
technical tools that are being used to make sure that the organizational security is maintained. However,
with the implementation of BYOD in Aztek, the forms of risks and threats will increase which will
require an update on these technical controls to be done. There are many new technological ideas and
concepts that are being invented every day which shall be analyzed by the security departments in
association with BYOD security risks and Aztek security. The network security risks and attacks shall be
controlled and prevented by using updated versions of network based intrusion detections and prevention
systems along with anti-denial tools. There are also automated network scanning, Wi-Fi scanners and
network auditing tools that have been created. These tools carry out authorized monitoring of the network
activities and also maintain a network log for all the activities that are carried out. Information and device
2
Aztek: Risk Management & Assessment
security risks shall be controlled by using the measures such as advanced encryption, anti-malware tools,
device trackers and monitors. The insider threats may be difficult to control but the technical tools like
biometric systems for user authentication, automated identity and access management systems etc. may
prove to be useful to control such attacks. The use of firewalls and proxy servers must continue to be
implemented as basic step towards security.
The next set of recommended security measures to be implemented in Aztek must include the update on
the administrative policies and procedures. The security plan that is currently implemented in Aztek
has been designed as per the information security and the nature of projects that are carried out in
the organization. There must be measures included in the IT security plan to control the risks
associated with BYOD as it is being implemented for the first time. The security department and
IT department along with Aztek’s senior management must validate the security status by
carrying out security inspections along with reviews and audits. There must be ethical trainings
provided to the employees along with the sessions on latest security practices that must be
followed.
The third set of countermeasures recommended for Aztek is the use of updated physical security
checks and controls. These shall be done so that the basic security status is improved and made
stronger. The entry and exit gates of the organization must be secured with physical checks of
the employee bags and equipment so that any of the unauthorized and unsecure element does not
gain entry.
3
security risks shall be controlled by using the measures such as advanced encryption, anti-malware tools,
device trackers and monitors. The insider threats may be difficult to control but the technical tools like
biometric systems for user authentication, automated identity and access management systems etc. may
prove to be useful to control such attacks. The use of firewalls and proxy servers must continue to be
implemented as basic step towards security.
The next set of recommended security measures to be implemented in Aztek must include the update on
the administrative policies and procedures. The security plan that is currently implemented in Aztek
has been designed as per the information security and the nature of projects that are carried out in
the organization. There must be measures included in the IT security plan to control the risks
associated with BYOD as it is being implemented for the first time. The security department and
IT department along with Aztek’s senior management must validate the security status by
carrying out security inspections along with reviews and audits. There must be ethical trainings
provided to the employees along with the sessions on latest security practices that must be
followed.
The third set of countermeasures recommended for Aztek is the use of updated physical security
checks and controls. These shall be done so that the basic security status is improved and made
stronger. The entry and exit gates of the organization must be secured with physical checks of
the employee bags and equipment so that any of the unauthorized and unsecure element does not
gain entry.
3
Aztek: Risk Management & Assessment
Introduction..................................................................................... 6
Aztek – Overview of the Organization................................................................6
BYOD: Project Overview..............................................................................6
Project Review from Finance Service Sector..................................................7
BYOD Description: Financial Aspects................................................................7
IT Security Policies & Procedures – Changes and Updates...................................9
Risk Assessment Procedure for BYOD.......................................................10
Risk Management....................................................................................10
Risk Register.........................................................................................11
Data Security – Types of Data, Possible Risks, User Roles & Privileges...................14
Conclusion.....................................................................................15
References.....................................................................................16
4
Introduction..................................................................................... 6
Aztek – Overview of the Organization................................................................6
BYOD: Project Overview..............................................................................6
Project Review from Finance Service Sector..................................................7
BYOD Description: Financial Aspects................................................................7
IT Security Policies & Procedures – Changes and Updates...................................9
Risk Assessment Procedure for BYOD.......................................................10
Risk Management....................................................................................10
Risk Register.........................................................................................11
Data Security – Types of Data, Possible Risks, User Roles & Privileges...................14
Conclusion.....................................................................................15
References.....................................................................................16
4
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Aztek Risk Management & Assessmentlg...
|18
|5082
|30
Aztek: IT Risk Management Bring Your Own Devices (BYOD)lg...
|20
|5080
|285
ITC596 - IT Risk Management - Case study of Aztek companylg...
|18
|4571
|103
Aztek IT Risk Assessment Case Study September 26 2017 Aztek Financial Serviceslg...
|17
|5482
|245
Report on IT Risk Management for Azteklg...
|17
|4994
|31
Risk Management Report Assignmentlg...
|14
|4599
|37