logo

IT Risk Assessment Aztek | Case Study

   

Added on  2020-04-07

16 Pages5483 Words42 Views
IT Risk Assessment Case StudyContentsExecutive Summary...................................................................................................................1Project Review...........................................................................................................................2Security Posture of Aztek...........................................................................................................4Risk Assessment.........................................................................................................................7Data Security............................................................................................................................12Conclusions..............................................................................................................................14References................................................................................................................................14

IT Risk Assessment Case StudyExecutive SummaryAztek is a financial services organization from Australia. The company is facing majorchallenges in IT infrastructure management because of rising costs. The company needs tohire more employees for management of the growing business and in that case, the costswould raise more. In order to save on their IT infrastructure costs, the company is planning toadopt Bring-Your-Own-Device which would allow new employees get their own devicesthereby reducing the cost of procurement and maintenance in IT systems for the company.However, with this adoption, the security posture of the company would also get affected.This report would assess the security posture of the company and the impacts of BYOD onthe same with an objective to identify and assess the potential risks with the new posture sothat steps can be taken to improve it as per BYOD needs.The report would first explore the security risks faced by finance industry and the bestpracticed used for protecting IT systems from these security risks. It would explain theimpacts of risks on IT projects and would explore how industrial or government complianceprocedures can affect these projects. This would include considerations of industry standardslike Workplace Privacy Act and processes used for surveillance. Understanding of standardswould help identify governance practices that can be used for strengthening the securityposture of Aztek post implementation of BYOD [ CITATION Eng14 \l 16393 ].The report would explore the vulnerabilities and risks that Aztek is likely to face with thedeployment of BYOD devices in the system including mobiles and tablets. It would alsoidentify methods that company can use to protect its assets from these risks[ CITATION Eur101 \l 16393 ]. To identify the right cause of action, it is essential to understand the risks and their impacts.For this, cyber security framework would be used which help in identification of methods forassessing security risks that Aztek would would be exposed to. The framework would helpform a risk profile of the company, understand security posture of Aztek, and develop animprovement plan for the company. The cybersecurity framework identifies five corefunctions of security systems that include risk identification, protect company from them,develop response plan and identify recovery strategies. For every risk category orsubcategory, specific security measures can be identified [ CITATION Nat111 \l 16393 ].

IT Risk Assessment Case StudyFor assessing how security risks would affect Aztek, the industry data about BYOD would beanalyzed and protective measures used for such systems by other companies in the industrywould be explored such that appropriate security measures that can be used to enhance thesecurity posture of Aztek can be identified.Project ReviewThe project involves implementation of a BYOD system in Aztek which is a financialorganization from Australia. The company is facing financial challenges and is looking forsaving IT costs by allowing personal devices of new employees to be used for the purpose ofbusiness. Thus, the company has decided to adopt BYOD systems but this approach is likelyto modify the security posture or the organization. To remain safe from cybersecurity risks,company would need to strengthen its security systems to suit the security needs after BYODadoption. The project would involve development and implementation of BYODscheme[ CITATION ACH13 \l 16393 ].With implementation of the BYOD scheme, some regulatory policies and procedures have tobe followed. Australian Capital Territory of Australia is one of the main areas whereregulatory policies are defined. At the organizational level, policy based surveillance cantrack employee communication such that the management would know how employees areusing their systems and if their usage patterns are secure for Aztek [ CITATION Pet141 \l16393 ].There are also some laws at the state, federal and territory levels that have to be followedwhen concerning employment in the organization. At the organizational level, Aztek caninstall access control systems on the devices used by users such that the employeecommunication can be tracked and monitored. This would help Aztek ensure that theconfidential data of the company is not shared by employees outside the company. A coversurveillance can be launched on employees which would allow company to track thesuspected employee after 14 days notice given[ CITATION APM17 \l 16393 ].NSW Act is one such act which is created for governance of employee managementpractices. As per this act, employee activities can be tracked including sending and receivingof files or messages but only on the official accounts. The personal accounts and theresources used by employees may not be tracked[ CITATION Sal141 \l 16393 ].

IT Risk Assessment Case StudyAnother useful act is Telecommunications (Interception and Access) Act 1979 . This act talksof the interception by companies on the employee communication between two employeeswhich is done without the knowledge of both employees. The act allows employers to see thecontent that is being exchanged but not the related personal information such as emailaddresses, communication time, and the metadata. The way this interception can be carriedout is highlighted in the section 5F of the telecommunications act. This provides protection tothe employers but only to some extent [ CITATION Hei10 \l 16393 ]. A usage policy can be created for IT assets in the BYOD scheme which is formulated as perthe rules defined in the regulatory acts which would include considerations of types ofsurveillance, methods of tracking, and span of interception The Privacy Act (APP 5) suggestsfollowing statements can be included in such a policy [ CITATION Ala12 \l 16393 ]:The company must have the right to see the content that is being transferred betweentwo employees using official emailsEmployer must not record any personal communication happening betweenemployees through informal methods like chatEmployees must be aware of the information that is open for the employer to see.Certain procedures and access rules can be defined for personal communicationThe company should have defined procedures that would be used for reporting datainside or outside the organization [ CITATION Pet141 \l 16393 ]Security Posture of AztekWith the introduction of the BYOD devices in the Aztek IT network, the security posture ofthe company would be modified as the private devices of the users would now be connectedto the critical infrastructure of the organization. There would be added risks because ofaddition of BYOD which would change this posture. Thus, the company needs to makeconsiderations for these risks while defining security management strategies for the ITsystems of Aztek [ CITATION Ser11 \l 16393 ].Finance industry poses some barriers to implementation of BYOD as security risks are higherin the cases. To manage these risks, industries and regulatory bodies in various countries haveidentified certain security procedures and Aztek needs to follow them for enhance protection.However, regulatory bodies also has certain mandates that would make it difficult for Aztekto keep a high level of control over the mobile devices used by its employees especially

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
IT Risk Assessment Case Study
|16
|5118
|65

Aztek IT Risk Assessment Case Study September 26 2017 Aztek Financial Services
|17
|5482
|245

Report on IT Risk Management for Aztek
|17
|4994
|31

Aztek Risk Management & Assessment
|18
|5082
|30

Aztek: Risk Management & Assessment
|18
|4841
|31

Risk Management Report Assignment
|14
|4599
|37