Networked Business Process Management
VerifiedAdded on 2020/03/23
|13
|5803
|303
AI Summary
This assignment focuses on 'Networked Business Process Management', examining its core principles and practical applications in contemporary business environments. The text explores how interconnected processes within and across organizations enhance efficiency and collaboration.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
RUNNING HEAD: IT RISK ASSESSMENT REPORT 1
Allowing Employees to “Bring Your Own Devices” at Work (BYOD project) Report.
Student Name
University Affiliate:
Date:
Allowing Employees to “Bring Your Own Devices” at Work (BYOD project) Report.
Student Name
University Affiliate:
Date:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT RISK ASSESSMENT REPORT 2
Executive Summary
This Study report reviews the practice of allowing employees at Aztek to bring their own
devices in the work environment to facilitate their assigned duties. With advancements in the
sector of technology, several mobile devices have come to place. These devices include phones,
tablets, and laptops. More in particular with the introduction of the Android platform, most
people can access the internet, install several applications which can be of great significance in
their career life (Applegate, 2016). But is allowing people to bring their own devices to the work
environment at Aztek ethical? As technologies improve, there are several Information
Technology risks which have emerged. This report provides significant information regarding
the security threats and vulnerabilities which are brought about by the practice of letting workers
use their mobile devices in the institution. Through the use of literature review materials, the
report brings out the merits, challenges, risks as well as organizational policies.
Aztek is a company located in Australia, and it operates under the Australian Financial
Service Sector. The finance sector of any business in the world is the power of the economy.
Financial statements should remain private unless published for official purposes. What will
happen if the financial statements are revealed out? Should people be allowed to carry their
mobile devices, laptops or tablets to work to aid them to accomplish tasks? Yes. They will
facilitate work output. But on the other side, the secrets of the company are likely to be out. An
employee might intentionally or unintentionally provide vital information that is not supposed to
leak to outsiders. There is nothing which is as bad as fighting an enemy who knows most of your
secrets. During the transfer of information between personal devices and the company’s
equipment, viruses get introduced into the systems if the files are infected. These viruses might
lead to the breakdown of the firm’s operation and loss of vital information. For instance, losing
information of your clients will be a great loss and sometimes, if not in a position to retrieve,
Aztek might end up losing these people completely. The sales will go down, hence poor
performance and reputation.
Executive Summary
This Study report reviews the practice of allowing employees at Aztek to bring their own
devices in the work environment to facilitate their assigned duties. With advancements in the
sector of technology, several mobile devices have come to place. These devices include phones,
tablets, and laptops. More in particular with the introduction of the Android platform, most
people can access the internet, install several applications which can be of great significance in
their career life (Applegate, 2016). But is allowing people to bring their own devices to the work
environment at Aztek ethical? As technologies improve, there are several Information
Technology risks which have emerged. This report provides significant information regarding
the security threats and vulnerabilities which are brought about by the practice of letting workers
use their mobile devices in the institution. Through the use of literature review materials, the
report brings out the merits, challenges, risks as well as organizational policies.
Aztek is a company located in Australia, and it operates under the Australian Financial
Service Sector. The finance sector of any business in the world is the power of the economy.
Financial statements should remain private unless published for official purposes. What will
happen if the financial statements are revealed out? Should people be allowed to carry their
mobile devices, laptops or tablets to work to aid them to accomplish tasks? Yes. They will
facilitate work output. But on the other side, the secrets of the company are likely to be out. An
employee might intentionally or unintentionally provide vital information that is not supposed to
leak to outsiders. There is nothing which is as bad as fighting an enemy who knows most of your
secrets. During the transfer of information between personal devices and the company’s
equipment, viruses get introduced into the systems if the files are infected. These viruses might
lead to the breakdown of the firm’s operation and loss of vital information. For instance, losing
information of your clients will be a great loss and sometimes, if not in a position to retrieve,
Aztek might end up losing these people completely. The sales will go down, hence poor
performance and reputation.
IT RISK ASSESSMENT REPORT 3
Table of Contents
Executive Summary.....................................................................................................................................2
Introduction.................................................................................................................................................4
Financial Services Sector Review.................................................................................................................5
Security Posture Review..............................................................................................................................6
Transferring the risk................................................................................................................................6
Accepting the risk....................................................................................................................................6
Avoid the risk...........................................................................................................................................6
Threats, Vulnerability and consequences assessment..................................................................................7
Malicious apps.........................................................................................................................................7
Rooting/jailbreaking................................................................................................................................7
Untrustworthy employees........................................................................................................................7
Buggy applications..................................................................................................................................8
Lost devices.............................................................................................................................................8
Software bugs..........................................................................................................................................8
Processing of data is done externally...................................................................................................9
Data storage is outside the device........................................................................................................9
Data Security...............................................................................................................................................9
Conclusion.................................................................................................................................................10
References.................................................................................................................................................12
Table of Contents
Executive Summary.....................................................................................................................................2
Introduction.................................................................................................................................................4
Financial Services Sector Review.................................................................................................................5
Security Posture Review..............................................................................................................................6
Transferring the risk................................................................................................................................6
Accepting the risk....................................................................................................................................6
Avoid the risk...........................................................................................................................................6
Threats, Vulnerability and consequences assessment..................................................................................7
Malicious apps.........................................................................................................................................7
Rooting/jailbreaking................................................................................................................................7
Untrustworthy employees........................................................................................................................7
Buggy applications..................................................................................................................................8
Lost devices.............................................................................................................................................8
Software bugs..........................................................................................................................................8
Processing of data is done externally...................................................................................................9
Data storage is outside the device........................................................................................................9
Data Security...............................................................................................................................................9
Conclusion.................................................................................................................................................10
References.................................................................................................................................................12
IT RISK ASSESSMENT REPORT 4
Introduction
Allowing employees to bring their portable devices to the work environment at Aztek is
useful. However. The practice has the ability to increase threats to the information systems of the
organization. Such threats include viruses and illegal access to the organization’s information by
competitors, frauds, and members of the team who intend to harm the company. Information is
the most important thing in the organization. It is what keeps the business running. There is an
increased need to prevent and protect this information with the highest security degree possible.
Thus, allowing new devices into the company might trigger information leakage when
employees leave the firm. What happens if the devices are stolen or get lost on their way home?
Information gets into the hands of harmful people. However, this should not prevent the
company from venturing into the project.
When starting any kind of business, a good entrepreneur is always ready to face risks.
There are no businesses which operate without risks. What Aztek should put into consideration is
how to choose among the potential hazards likely to occur. There are several strategies to solve
risks in organizations. Some include transferring the risks to the third party, which in this case
include investors, insurance bodies among other financial institutions which can give a helping
hand in times of need or the occurrence of the estimated risks. The greatest advantage of the
mobile devices to the users is that they are familiar with every kind of operation within them.
Making mistakes or omissions using the device you use every day is rare. This paper will also
cover the possible solutions to the risks involved when workers are allowed to bring their devices
to work. The possible solutions include teaching employees to abide by the company’s
organizational culture and ethics; not sharing information with others.
It is unethical to give out information regarding your company to the outsiders.
Organizational culture does not permit that. An employee with his senses working well will not
violet the company’s policies easily. With financial institutions, a single employee’s mistake will
cost the entire financial status of the company. When working as a team, a member’s mistake is a
failure to the entire team. It is should be therefore the responsibility of the company to ensure
that everyone with the BYOD device in the firm takes responsibility.
In the past few years, there has been rapid growth in the computer technologies.
Cybercrimes have also increased as people learn new ways to get access to information that does
not belong to them. This paper has covered the various topics of information security in relation
to the case of giving employees chances to bring their devices to work. It also analyzes the
emerging trends in the IT security field. Some of the widely covered areas in this writing include
threats, management of risk, password cracking, access control management system as well as
Firewalls.
Several recommendations are also covered in this report. The recommendations include
limiting the use of personal devices to perform tasks in offices. If the company will limit the
information to be accessed by the employees using personal devices, then the security problem is
controlled. Another recommendation provided is the education of the Aztek employees about the
appropriate security measures to ensure that their devices are secure. This will help them to keep
information safe even if their devices get lost or stolen on the way. For instance, teaching them
how to make use of strong passwords which no person can easily access.
Introduction
Allowing employees to bring their portable devices to the work environment at Aztek is
useful. However. The practice has the ability to increase threats to the information systems of the
organization. Such threats include viruses and illegal access to the organization’s information by
competitors, frauds, and members of the team who intend to harm the company. Information is
the most important thing in the organization. It is what keeps the business running. There is an
increased need to prevent and protect this information with the highest security degree possible.
Thus, allowing new devices into the company might trigger information leakage when
employees leave the firm. What happens if the devices are stolen or get lost on their way home?
Information gets into the hands of harmful people. However, this should not prevent the
company from venturing into the project.
When starting any kind of business, a good entrepreneur is always ready to face risks.
There are no businesses which operate without risks. What Aztek should put into consideration is
how to choose among the potential hazards likely to occur. There are several strategies to solve
risks in organizations. Some include transferring the risks to the third party, which in this case
include investors, insurance bodies among other financial institutions which can give a helping
hand in times of need or the occurrence of the estimated risks. The greatest advantage of the
mobile devices to the users is that they are familiar with every kind of operation within them.
Making mistakes or omissions using the device you use every day is rare. This paper will also
cover the possible solutions to the risks involved when workers are allowed to bring their devices
to work. The possible solutions include teaching employees to abide by the company’s
organizational culture and ethics; not sharing information with others.
It is unethical to give out information regarding your company to the outsiders.
Organizational culture does not permit that. An employee with his senses working well will not
violet the company’s policies easily. With financial institutions, a single employee’s mistake will
cost the entire financial status of the company. When working as a team, a member’s mistake is a
failure to the entire team. It is should be therefore the responsibility of the company to ensure
that everyone with the BYOD device in the firm takes responsibility.
In the past few years, there has been rapid growth in the computer technologies.
Cybercrimes have also increased as people learn new ways to get access to information that does
not belong to them. This paper has covered the various topics of information security in relation
to the case of giving employees chances to bring their devices to work. It also analyzes the
emerging trends in the IT security field. Some of the widely covered areas in this writing include
threats, management of risk, password cracking, access control management system as well as
Firewalls.
Several recommendations are also covered in this report. The recommendations include
limiting the use of personal devices to perform tasks in offices. If the company will limit the
information to be accessed by the employees using personal devices, then the security problem is
controlled. Another recommendation provided is the education of the Aztek employees about the
appropriate security measures to ensure that their devices are secure. This will help them to keep
information safe even if their devices get lost or stolen on the way. For instance, teaching them
how to make use of strong passwords which no person can easily access.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT RISK ASSESSMENT REPORT 5
Allowing employees to bring their own devices to work will facilitate the work output,
improve IT efficiency at Aztek, reduce congestion over the workplace devices, lead to increased
revenue among several other advantages. However, with the emerging attacks, there are several
limitations which are associated with these devices thus making it hard to trust them.
Financial Services Sector Review
The finance sector is crucial in the Australian economy. Aztek, operating under this
financial body should employ the maximum security possible to keep the company going
without any IT threats. Putting into consideration the need to help clients all the time,
introducing the use of personal electronic devices like mobile phones, laptops and iPads can
serve best. Customers need to access their financial statements whenever they need and at
convenient services by the company. One way of solving the limited resources challenge in the
Aztek Company is by allowing employees to bring in their devices. However, finance being a
sensitive area, what is the way to go to ensure that it remains as secure as needed?
Bringing personal IT gadgets to the company might be a way of setting Aztek from
spending in buying different technologies. It is not that simple to allow the practice in the
financial institutions. It is something which might cause great losses. From statistics, most
financial institutions do need to put into exercise extreme diligence as far as handling the
financial data is concerned. Some of the reasons why the implementation of these might be hard
in Aztek include the government regulations which have been set by the Australian Law
enforcement authorities. This is done with a primary objective of overseeing the thousands of
sensitive information transactions since the cybercriminals make most of them a target. For such
to be implemented, there it will require Aztek to do registration with AUSTRAC (Australian
Transaction Reports and Analysis Center). Without this registration, such services will not be
provided. The act also aims at countering the financing of terrorist activities in Australia.
By being complicated to implement in the financial sector, it means that financial policies
have to be included to regulate how individual devices will be used for work. Allowing workers
to use personal devices in the financial firms like Aztek is risky. Losing the financial data might
be catastrophic with the use of personal devices. For instance, mobile phones are prone to be
lost. So many people lose mobile phones in Australia each day. When tired, people take
screenshots in their smartphones to use later. If such get in the wrong hands, Aztek will be in the
danger of being invaded. If a laptop which contains customer data gets lost, what will happen?
Haven’t you endangered the person if the customer gets a loss? In one of the instances which
occurred in the US, more than $930,000 was lost due to stolen personal devices which were
allowed in the financial institutions (From the Trench of Insecurity, 2015).
One of the best-established practice so far is to buy those mobile devices for the
employees. When they leave the work environment, they leave them there to avoid misplacing
them or giving them to people who are likely to misuse the information in them. The
technologists in the field of electronics have a great role to play to ensure that the business
stakeholder’s information is kept safe despite the means which information is transferred. They
should code much information which without enough verification, no transaction will take place.
Such include using the client's fingerprint to make a transaction. This will reduce the high
chances of losing funds to frauds. Having the information needed will not help them without full
access to the device (without using the fingerprint). Aztek stakeholders will be in a position to
Allowing employees to bring their own devices to work will facilitate the work output,
improve IT efficiency at Aztek, reduce congestion over the workplace devices, lead to increased
revenue among several other advantages. However, with the emerging attacks, there are several
limitations which are associated with these devices thus making it hard to trust them.
Financial Services Sector Review
The finance sector is crucial in the Australian economy. Aztek, operating under this
financial body should employ the maximum security possible to keep the company going
without any IT threats. Putting into consideration the need to help clients all the time,
introducing the use of personal electronic devices like mobile phones, laptops and iPads can
serve best. Customers need to access their financial statements whenever they need and at
convenient services by the company. One way of solving the limited resources challenge in the
Aztek Company is by allowing employees to bring in their devices. However, finance being a
sensitive area, what is the way to go to ensure that it remains as secure as needed?
Bringing personal IT gadgets to the company might be a way of setting Aztek from
spending in buying different technologies. It is not that simple to allow the practice in the
financial institutions. It is something which might cause great losses. From statistics, most
financial institutions do need to put into exercise extreme diligence as far as handling the
financial data is concerned. Some of the reasons why the implementation of these might be hard
in Aztek include the government regulations which have been set by the Australian Law
enforcement authorities. This is done with a primary objective of overseeing the thousands of
sensitive information transactions since the cybercriminals make most of them a target. For such
to be implemented, there it will require Aztek to do registration with AUSTRAC (Australian
Transaction Reports and Analysis Center). Without this registration, such services will not be
provided. The act also aims at countering the financing of terrorist activities in Australia.
By being complicated to implement in the financial sector, it means that financial policies
have to be included to regulate how individual devices will be used for work. Allowing workers
to use personal devices in the financial firms like Aztek is risky. Losing the financial data might
be catastrophic with the use of personal devices. For instance, mobile phones are prone to be
lost. So many people lose mobile phones in Australia each day. When tired, people take
screenshots in their smartphones to use later. If such get in the wrong hands, Aztek will be in the
danger of being invaded. If a laptop which contains customer data gets lost, what will happen?
Haven’t you endangered the person if the customer gets a loss? In one of the instances which
occurred in the US, more than $930,000 was lost due to stolen personal devices which were
allowed in the financial institutions (From the Trench of Insecurity, 2015).
One of the best-established practice so far is to buy those mobile devices for the
employees. When they leave the work environment, they leave them there to avoid misplacing
them or giving them to people who are likely to misuse the information in them. The
technologists in the field of electronics have a great role to play to ensure that the business
stakeholder’s information is kept safe despite the means which information is transferred. They
should code much information which without enough verification, no transaction will take place.
Such include using the client's fingerprint to make a transaction. This will reduce the high
chances of losing funds to frauds. Having the information needed will not help them without full
access to the device (without using the fingerprint). Aztek stakeholders will be in a position to
IT RISK ASSESSMENT REPORT 6
make efficient and fast decisions with the technologies brought from their home places with
convenience if the security protocols are well-set by the technologists.
Security Posture Review
The “Bring Your Own Device” (BYOD) to Work project has a great impact on the
security of information at Aztek at the moment. With information being the most crucial
element in organizations, the BYOD project is likely to decrease information safety in Aztek
(Zelkowitz, 2015). Currently, there is much security in the organization since no device moves
out of the office. Restriction in the movement of devices is a good thing for the firm. With the
maximum financial security available in the firm, the essence of BOYD is not seen as a big deal
by the stakeholders. However, if a clear consideration is put into account, there are several
vulnerabilities, loss of information and other threats which this project is likely to bring into the
premises. BYOD technologies provide surplus work output for the company without much
investment. This calls for the need of the project. But which strategies should be implemented to
ensure that the BYOD project is successful in Aztek? Or what should the CEO of the company
do to be able to stay within the acceptable risk level?
There are several users of mobile phones, and it might pose a problem to control their
users even in financial institutions. Most mobile phone devices use Bluetooth, wireless networks
(WLAN) as well as WI-FI in data connection. If several such devices join the same network,
information might leak from device to device. Hence, vulnerabilities are introduced (Grefen,
2013).
Aztek can employ the following strategies to enjoy the benefits of BYOD project and
also maintain the security at the best acceptable posture:
Transferring the risk
Accepting the risk
Avoid the risk
Transferring the risk
With the knowledge that the BYOD technology will bring a greater improvement to the firm,
Aztek should transfer the associated risks to a third party like for example an insurance company for
financial security. Other ways of transferring the risk include hedging, getting into partnership with
other firms and outsourcing. Despite the security threats, the business will be able to operate and make
huge profits from the project. Merging with other businesses will help Aztek to share the risk. In the
event of the risk, the company will still have surplus money to repair the damages. Despite this strategy,
the company should also find another way of minimizing the risks among its employees.
Accepting the risk
If the benefit of BYOD project is high, Aztek should accept the risk and find ways of monitoring it
to remain within the acceptable standards.
Avoid the risk
If Aztek will find it hard to transfer the risk to the third party or accept the risk, then the only
way forward is to reject the implementation of BYOD project. Some of the reasons why this firm will be
reluctant to accept the risk or to transfer the risk to a third party includes the extent of the risk: if the
make efficient and fast decisions with the technologies brought from their home places with
convenience if the security protocols are well-set by the technologists.
Security Posture Review
The “Bring Your Own Device” (BYOD) to Work project has a great impact on the
security of information at Aztek at the moment. With information being the most crucial
element in organizations, the BYOD project is likely to decrease information safety in Aztek
(Zelkowitz, 2015). Currently, there is much security in the organization since no device moves
out of the office. Restriction in the movement of devices is a good thing for the firm. With the
maximum financial security available in the firm, the essence of BOYD is not seen as a big deal
by the stakeholders. However, if a clear consideration is put into account, there are several
vulnerabilities, loss of information and other threats which this project is likely to bring into the
premises. BYOD technologies provide surplus work output for the company without much
investment. This calls for the need of the project. But which strategies should be implemented to
ensure that the BYOD project is successful in Aztek? Or what should the CEO of the company
do to be able to stay within the acceptable risk level?
There are several users of mobile phones, and it might pose a problem to control their
users even in financial institutions. Most mobile phone devices use Bluetooth, wireless networks
(WLAN) as well as WI-FI in data connection. If several such devices join the same network,
information might leak from device to device. Hence, vulnerabilities are introduced (Grefen,
2013).
Aztek can employ the following strategies to enjoy the benefits of BYOD project and
also maintain the security at the best acceptable posture:
Transferring the risk
Accepting the risk
Avoid the risk
Transferring the risk
With the knowledge that the BYOD technology will bring a greater improvement to the firm,
Aztek should transfer the associated risks to a third party like for example an insurance company for
financial security. Other ways of transferring the risk include hedging, getting into partnership with
other firms and outsourcing. Despite the security threats, the business will be able to operate and make
huge profits from the project. Merging with other businesses will help Aztek to share the risk. In the
event of the risk, the company will still have surplus money to repair the damages. Despite this strategy,
the company should also find another way of minimizing the risks among its employees.
Accepting the risk
If the benefit of BYOD project is high, Aztek should accept the risk and find ways of monitoring it
to remain within the acceptable standards.
Avoid the risk
If Aztek will find it hard to transfer the risk to the third party or accept the risk, then the only
way forward is to reject the implementation of BYOD project. Some of the reasons why this firm will be
reluctant to accept the risk or to transfer the risk to a third party includes the extent of the risk: if the
IT RISK ASSESSMENT REPORT 7
The probability of the risk to occur within a short period of time is high; the company will suffer great
losses. The best thing is to avoid the entire project.
With security being the first priority of financial institutions or any other organization
working under it, like in our case Aztek, information should be in the first line before anything
else. Most frauds in the world are using mobile devices to commit cybercrimes. This is because
most of these devices are not well secured. People can hack easily into them, steal information,
and use it to commit huge crimes like terrorism. Currently, Aztek has a strong security system
installed in place (Weidman & Eeckhoutte, 2014). The work equipment is only left for
employees; no outsider will access it. With your laptop, anybody can access it, hence the poor
security of vital information.
In the Aztek environment, computers are connected over the LAN and other reliable
networks. Nevertheless, they are connected to the main computer where backup information is
kept. The backup information is security for data in case something goes wrong. With the mobile
devices, in this case, mobile phones, connecting them to the main server will cause traffic and
slow down the company’s activities. On the other side, if they are not connected, there will be no
backup data in case the device gets destroyed beyond repair, gets stolen or misplaced. This is an
increase in insecurity in the company. In the case whereby the devices are likely to infect the
systems with viruses, the best way to go about it is to find the control measures for reducing the
infection. A good example is the installation of antivirus programs. These will secure useful
documents at Aztek.
Threats, Vulnerability and consequences assessment
There are several threats and Vulnerabilities which are involved when BYOD is
introduced into Aztek. These include malicious apps, rooting/jailbreaking, untrustworthy
employees, buggy applications, lost devices and software bugs (Kasemsap, 2017).
Malicious apps
With mobile phones, some dodgy applications can accidentally slip into the Google Play
store or Apple’s App store at some point. These applications might pose a great danger to the
device, and one might end up losing data or sharing it without their knowledge. For Aztek, this
will be a great problem since the customer's data has been lost or made available to the outsiders.
The best way to protect your BYOD hardware from such threats is by installing applications
which will monitor the other applications installed on the hardware. A good example of such
software is Marble Security service. This will help IT personnel to manage the applications
installed on the devices (Ohio, 2012).
Rooting/jailbreaking
Rooting procedures often undo the security features which are placed in the devices by
the manufacturers. This opens up the BYOD devices to increase the attack risks. For this kind of
threat, the mobile device management (MDM) can be used to keep watch of the device.
Untrustworthy employees
Since BYOD devices are under the control of the owner, stealing data from the firm will
be easier. Most people like keeping their privacy, therefore, will not let anyone have access to
their mobile phones. This is a very difficult situation to control. However, with the use of
Endpoint security software data leakage can be prevented. The main challenge with this threat is
The probability of the risk to occur within a short period of time is high; the company will suffer great
losses. The best thing is to avoid the entire project.
With security being the first priority of financial institutions or any other organization
working under it, like in our case Aztek, information should be in the first line before anything
else. Most frauds in the world are using mobile devices to commit cybercrimes. This is because
most of these devices are not well secured. People can hack easily into them, steal information,
and use it to commit huge crimes like terrorism. Currently, Aztek has a strong security system
installed in place (Weidman & Eeckhoutte, 2014). The work equipment is only left for
employees; no outsider will access it. With your laptop, anybody can access it, hence the poor
security of vital information.
In the Aztek environment, computers are connected over the LAN and other reliable
networks. Nevertheless, they are connected to the main computer where backup information is
kept. The backup information is security for data in case something goes wrong. With the mobile
devices, in this case, mobile phones, connecting them to the main server will cause traffic and
slow down the company’s activities. On the other side, if they are not connected, there will be no
backup data in case the device gets destroyed beyond repair, gets stolen or misplaced. This is an
increase in insecurity in the company. In the case whereby the devices are likely to infect the
systems with viruses, the best way to go about it is to find the control measures for reducing the
infection. A good example is the installation of antivirus programs. These will secure useful
documents at Aztek.
Threats, Vulnerability and consequences assessment
There are several threats and Vulnerabilities which are involved when BYOD is
introduced into Aztek. These include malicious apps, rooting/jailbreaking, untrustworthy
employees, buggy applications, lost devices and software bugs (Kasemsap, 2017).
Malicious apps
With mobile phones, some dodgy applications can accidentally slip into the Google Play
store or Apple’s App store at some point. These applications might pose a great danger to the
device, and one might end up losing data or sharing it without their knowledge. For Aztek, this
will be a great problem since the customer's data has been lost or made available to the outsiders.
The best way to protect your BYOD hardware from such threats is by installing applications
which will monitor the other applications installed on the hardware. A good example of such
software is Marble Security service. This will help IT personnel to manage the applications
installed on the devices (Ohio, 2012).
Rooting/jailbreaking
Rooting procedures often undo the security features which are placed in the devices by
the manufacturers. This opens up the BYOD devices to increase the attack risks. For this kind of
threat, the mobile device management (MDM) can be used to keep watch of the device.
Untrustworthy employees
Since BYOD devices are under the control of the owner, stealing data from the firm will
be easier. Most people like keeping their privacy, therefore, will not let anyone have access to
their mobile phones. This is a very difficult situation to control. However, with the use of
Endpoint security software data leakage can be prevented. The main challenge with this threat is
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT RISK ASSESSMENT REPORT 8
that it is hard to control data which the Aztek employees will have legitimate access. Aztek will
be forced to tighten the controls and encrypt most of the information.
Buggy applications
Some applications can leak data accidentally or deliberately. When such data is leaked
the company will be at a great risk of losing some of its potential customers. Most people like
keeping their financial records private, letting them out to a second party will possible chase
them away. Endpoint security solutions (ESS) can be the best way to keep monitoring these
applications.
Lost devices
When a device gets lost, it is usually a great risk until it is recovered or its data wiped off.
There are several instances where crimes get committed due to the information found on the lost
devices. The longer the BYOD device stays without knowing where it is, the higher the risk
chances. Suppose it falls into the wrong hands, then Aztek will be in trouble of exposing the
financial statements of clients. The MDM is the best solution when it comes to this. Wipe all the
data in the device. Despite losing the information, Aztek is assured that the information will not
get into the hands of people with the intention of causing harm. In this case, one risk is foregone
to solve one, the most important; you will only lose the mobile device and not information
falling into the hands of the wrong people and the device. This is a good strategy for the
company in case such instances will occur upon implementation of the BYOD project.
Software bugs.
The Software bug is a big problem which faces all companies with the aim of
implementing the BYOD projects or operate under it and Aztek will be no exception. Some
phones screens get bypassed so easily hence giving someone access to some features on the
phone. The implication of this is that the company will be under a great threat of attacks from
individuals with bad intentions. The large numbers of digital devices which individuals will
bring into the company will increase the buggy amount. The best solution for the challenge is the
use of the Mobile device management applications. Nevertheless, upgrades should be made
every time new patches get into the app store. The IT experts in Aztek should be up to date with
mobile device advancements. They should know the most secure devices in the market and
encourage the employees to buy them if they are willing to bring them to work. Nevertheless,
they should know about updates every time the companies bring them to the access of the
consumers. All mobile devices which are considered to be a danger to Aztek must be quarantined
until solutions are found. There is no need to work with known risks.
Cloud computing is the best strategy for the Aztek company to secure and solve these
vulnerabilities. Cloud computing refers to the act of using the remote servers that are hosted on
the internet for data management, Storage, and processing instead of using a personal computer
or a local server. Mobile devices increase cloud computing to the firm. Though, using this
online platform to share documents via emails and other forms may pose a danger if such
information is leaked out to the wrong hands. With cloud computing, the BYOD model in Aztek
will be more secure. Cloud computing provides an external storage to the device. No
information will be stored in the mobile device. So, even if the gadget is lost, the information is
safe. Cloud computing brings security in several ways.
that it is hard to control data which the Aztek employees will have legitimate access. Aztek will
be forced to tighten the controls and encrypt most of the information.
Buggy applications
Some applications can leak data accidentally or deliberately. When such data is leaked
the company will be at a great risk of losing some of its potential customers. Most people like
keeping their financial records private, letting them out to a second party will possible chase
them away. Endpoint security solutions (ESS) can be the best way to keep monitoring these
applications.
Lost devices
When a device gets lost, it is usually a great risk until it is recovered or its data wiped off.
There are several instances where crimes get committed due to the information found on the lost
devices. The longer the BYOD device stays without knowing where it is, the higher the risk
chances. Suppose it falls into the wrong hands, then Aztek will be in trouble of exposing the
financial statements of clients. The MDM is the best solution when it comes to this. Wipe all the
data in the device. Despite losing the information, Aztek is assured that the information will not
get into the hands of people with the intention of causing harm. In this case, one risk is foregone
to solve one, the most important; you will only lose the mobile device and not information
falling into the hands of the wrong people and the device. This is a good strategy for the
company in case such instances will occur upon implementation of the BYOD project.
Software bugs.
The Software bug is a big problem which faces all companies with the aim of
implementing the BYOD projects or operate under it and Aztek will be no exception. Some
phones screens get bypassed so easily hence giving someone access to some features on the
phone. The implication of this is that the company will be under a great threat of attacks from
individuals with bad intentions. The large numbers of digital devices which individuals will
bring into the company will increase the buggy amount. The best solution for the challenge is the
use of the Mobile device management applications. Nevertheless, upgrades should be made
every time new patches get into the app store. The IT experts in Aztek should be up to date with
mobile device advancements. They should know the most secure devices in the market and
encourage the employees to buy them if they are willing to bring them to work. Nevertheless,
they should know about updates every time the companies bring them to the access of the
consumers. All mobile devices which are considered to be a danger to Aztek must be quarantined
until solutions are found. There is no need to work with known risks.
Cloud computing is the best strategy for the Aztek company to secure and solve these
vulnerabilities. Cloud computing refers to the act of using the remote servers that are hosted on
the internet for data management, Storage, and processing instead of using a personal computer
or a local server. Mobile devices increase cloud computing to the firm. Though, using this
online platform to share documents via emails and other forms may pose a danger if such
information is leaked out to the wrong hands. With cloud computing, the BYOD model in Aztek
will be more secure. Cloud computing provides an external storage to the device. No
information will be stored in the mobile device. So, even if the gadget is lost, the information is
safe. Cloud computing brings security in several ways.
IT RISK ASSESSMENT REPORT 9
Processing of data is done externally
With cloud computing, data is processed outside the mobile device. It becomes only a
medium for work. With such benefits, the procedures involved in the making of various
transactions will not be anywhere in the device until one with passwords and other security
details gets access to the site.
Data storage is outside the device
With crucial data away from the device, Aztek will benefit the security benefits of the
project (Economics of information security, 2014). No relevant data is made available to any
third party. Nevertheless, the cloud provides more space for more storage of data. The only way
an individual can access the data is to consult one with a password.
Data Security
The flow of data at Aztek is vital for the daily business transaction to take place. And so
is the data security (In Bauer, 2011). Protecting data is keeping safe from people who intend to
cause harm to your firm. Aztek should consider the risks and vulnerabilities which are likely to
befall them one the BYOD model is
Brought into use.
Cloud computing: All data is stored on the internet, not on the device
To secure data cloud computing might serve as the best way. The nice thing with cloud
computing is that (Bhowmik, 2017):
(1) It is not easy to lose that data stored online even if the BYOD devices get lost. There is
always sufficient backup for the business to run.
(2) Enough storage space. Aztek is a company dealing with several clients. There is so much
information to be kept in records. Most mobile devices like the mobile phones will not
have the capacity hold all the information. The online server is effective for it provides
the adequate space needed. Nevertheless, keeping data off the mobile device is safe since
most workers will go home with them and no one knows what kind of damage might
befall them (Dawson et al, 2014).
(3) There is maximum security for the data. Only the people with access to the website are
able to log into the powerful information of the Aztek Company.
The best way to control the security of the data is to let few people get access to the details of
the company (Bao et al., 2016). The only thing which should be kept available for the most users
is a page allowing them to conduct transactions but not get into the deep data. The only people to
get access to the data should be those who work under the IT and Accounts departments. For the
Processing of data is done externally
With cloud computing, data is processed outside the mobile device. It becomes only a
medium for work. With such benefits, the procedures involved in the making of various
transactions will not be anywhere in the device until one with passwords and other security
details gets access to the site.
Data storage is outside the device
With crucial data away from the device, Aztek will benefit the security benefits of the
project (Economics of information security, 2014). No relevant data is made available to any
third party. Nevertheless, the cloud provides more space for more storage of data. The only way
an individual can access the data is to consult one with a password.
Data Security
The flow of data at Aztek is vital for the daily business transaction to take place. And so
is the data security (In Bauer, 2011). Protecting data is keeping safe from people who intend to
cause harm to your firm. Aztek should consider the risks and vulnerabilities which are likely to
befall them one the BYOD model is
Brought into use.
Cloud computing: All data is stored on the internet, not on the device
To secure data cloud computing might serve as the best way. The nice thing with cloud
computing is that (Bhowmik, 2017):
(1) It is not easy to lose that data stored online even if the BYOD devices get lost. There is
always sufficient backup for the business to run.
(2) Enough storage space. Aztek is a company dealing with several clients. There is so much
information to be kept in records. Most mobile devices like the mobile phones will not
have the capacity hold all the information. The online server is effective for it provides
the adequate space needed. Nevertheless, keeping data off the mobile device is safe since
most workers will go home with them and no one knows what kind of damage might
befall them (Dawson et al, 2014).
(3) There is maximum security for the data. Only the people with access to the website are
able to log into the powerful information of the Aztek Company.
The best way to control the security of the data is to let few people get access to the details of
the company (Bao et al., 2016). The only thing which should be kept available for the most users
is a page allowing them to conduct transactions but not get into the deep data. The only people to
get access to the data should be those who work under the IT and Accounts departments. For the
IT RISK ASSESSMENT REPORT 10
IT experts, it is a necessity since they will need to keep updating the programming of the systems
to allow the latest software. Nevertheless, those IT experts must be those employed permanently
by the organization. For the accounts department, all transactions involving the company are run
there, it is wise to give trust to them. In any case, why would Aztek provide deep information to
the customer service department for instance? They should only have access, be able to
download the various documents including the financial statements but should never be allowed
to manipulate anyhow the data available in the servers using their personal devices (Susilo &
Mu, 2014).
With the BYOD project, the most likely risks to be involved will include the loss of the
mobile devices, lack of enough storage space, manipulation of the data stored by untrustworthy
clients among several others. I believe that the cloud computing will solve most of these
challenges (Windley, 2012).
Conclusion
BYOD technologies are crucial to the success of the Aztek Company in Australia. Given
that the large population of citizens in the country have access to the mobile devices and laptops
(Assing, Calé & Cale, 2013). Especially with the introduction of the Android platform which
can allow installation of multiple software, any company willing to increase its returns inwards
will be in a good position to implement their use. However, the most trending issue at the
moment regarding BYOD model in organizations is IT security (Andress, 2011). Despite their
advantages, these devices have the ability to bring a company down if wrongly used. The
possibility of giving information out to undesired or unknown individuals are very high. In some
instances, one might lose his device and lose all the data in it. Losing data will bring the Aztek
Company down if the BYOD project is put in place (Endrijonas, 2015).
The big question is, should risks prevent the company from implementing the BYOD
project? The best business people are those willing and ready take risks. What will keep them
going is the ability to solve the risks or integrate them into their systems. With the several ways
of solving the risks which will be brought by the implementation of the program, the company
should go ahead.
Though BYOD is a complication to most financial institutions; it is the emerging trend in
the globe. Aztek should not be left behind. Most workers get happy to use their own devices to
perform the work assigned to them. However, what should be brought into concern by the
company are some personal risks with the employees. Bringing in BYOD technologies can
interfere with the work rate at some point. Such cases include:
(i) Those who will make use of their mobile phones might get distracted by calls during
the work hours. Research indicates that most people spend much of their time sending
short texts using their phones (Gardner, 2017). This is not a habit the company can
stop.
(ii) Personal laptops contain personal information. At some point, some employees might
end up doing their own work rather than the organization’s tasks. Nevertheless, most
people keep videos, images or messages which remind them of their past. If they
come across such, they might be affected emotionally hence the reduced work rate.
IT experts, it is a necessity since they will need to keep updating the programming of the systems
to allow the latest software. Nevertheless, those IT experts must be those employed permanently
by the organization. For the accounts department, all transactions involving the company are run
there, it is wise to give trust to them. In any case, why would Aztek provide deep information to
the customer service department for instance? They should only have access, be able to
download the various documents including the financial statements but should never be allowed
to manipulate anyhow the data available in the servers using their personal devices (Susilo &
Mu, 2014).
With the BYOD project, the most likely risks to be involved will include the loss of the
mobile devices, lack of enough storage space, manipulation of the data stored by untrustworthy
clients among several others. I believe that the cloud computing will solve most of these
challenges (Windley, 2012).
Conclusion
BYOD technologies are crucial to the success of the Aztek Company in Australia. Given
that the large population of citizens in the country have access to the mobile devices and laptops
(Assing, Calé & Cale, 2013). Especially with the introduction of the Android platform which
can allow installation of multiple software, any company willing to increase its returns inwards
will be in a good position to implement their use. However, the most trending issue at the
moment regarding BYOD model in organizations is IT security (Andress, 2011). Despite their
advantages, these devices have the ability to bring a company down if wrongly used. The
possibility of giving information out to undesired or unknown individuals are very high. In some
instances, one might lose his device and lose all the data in it. Losing data will bring the Aztek
Company down if the BYOD project is put in place (Endrijonas, 2015).
The big question is, should risks prevent the company from implementing the BYOD
project? The best business people are those willing and ready take risks. What will keep them
going is the ability to solve the risks or integrate them into their systems. With the several ways
of solving the risks which will be brought by the implementation of the program, the company
should go ahead.
Though BYOD is a complication to most financial institutions; it is the emerging trend in
the globe. Aztek should not be left behind. Most workers get happy to use their own devices to
perform the work assigned to them. However, what should be brought into concern by the
company are some personal risks with the employees. Bringing in BYOD technologies can
interfere with the work rate at some point. Such cases include:
(i) Those who will make use of their mobile phones might get distracted by calls during
the work hours. Research indicates that most people spend much of their time sending
short texts using their phones (Gardner, 2017). This is not a habit the company can
stop.
(ii) Personal laptops contain personal information. At some point, some employees might
end up doing their own work rather than the organization’s tasks. Nevertheless, most
people keep videos, images or messages which remind them of their past. If they
come across such, they might be affected emotionally hence the reduced work rate.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT RISK ASSESSMENT REPORT 11
The perfect way to go about the issue is to make use of the organization’s culture, ethics and
policies. Educating staff about their work and what is ethical. Personal works or calls can be
taken during free hours or breaks. This might serve them conveniently (Gralla, 2006).
With cloud computing in place, Aztek should find it the best solution to employ the BYOD
model (Buyya, Vecchiola & Selvi, 2017). They will not have to incur expenses on IT
technologies. The only thing is to control the server and information that reach specific people to
secure data. Data security is vital to ensure that the company or clients’ information is not
breached by anyone (Endrijonas, 2015)
.
The perfect way to go about the issue is to make use of the organization’s culture, ethics and
policies. Educating staff about their work and what is ethical. Personal works or calls can be
taken during free hours or breaks. This might serve them conveniently (Gralla, 2006).
With cloud computing in place, Aztek should find it the best solution to employ the BYOD
model (Buyya, Vecchiola & Selvi, 2017). They will not have to incur expenses on IT
technologies. The only thing is to control the server and information that reach specific people to
secure data. Data security is vital to ensure that the company or clients’ information is not
breached by anyone (Endrijonas, 2015)
.
IT RISK ASSESSMENT REPORT 12
References
Andress, J. (2011). The Basics of Information Security: Understanding the Fundamentals of
InfoSec in Theory and Practice. Burlington: Elsevier Science.
Applegate, K. A. (2016). The Android. Milwaukee, WI: Gareth Stevens Pub.
Assing, D., Calé, S., & Cale, S. (2013). Mobile Access Safety: Beyond BYOD. Somerset: Wiley
Bao, F., Chen, L., Deng, R. H., & Wang, G. (2016). Information Security Practice and
Experience: 12th International Conference, ISPEC 2016, Zhangjiajie, China, November
16-18, 2016, Proceedings.
Bhowmik, S. (2017). Cloud Computing. Cambridge: Cambridge University Press
Bishop, M. (2016). Information security. Place of publication not identified: Springer
International Pu.
Buyya, R., Vecchiola, C., & Selvi, S. T. (2017). Mastering cloud computing: Foundations and
applications programming. Waltham, MA: Morgan Kaufmann
Dawson, M., Omar, M., Abramson, J., & Bessette, D. (January 01, 2014). The Future of National
and International Security on the Internet
Economics of information security. (2014). Boston: Kluwer.
Endrijonas, J. (2015). Data security. Rocklin, Calif: Prima Pub.
From the Trench of Insecurity. (August 20, 2015). The State of Security: Tripwire, 2015-8
Gardner, G. C. (January 01, 2017). The Lived Experience of Smartphone Use in a Unit of the
United States Army.
Gralla, P. (2006). How personal & Internet security works. Indianapolis, Ind.: Que Pub.
Grefen, P. (July 01, 2013). Networked Business Process Management. International Journal of
It/business Alignment and Governance (ijitbag), 4, 2, 54-82
In Bauer, J. P. (2011). Computer science research and technology: Vol. 3
In Tipton, H. F., & In Nozaki, M. K. (2014). Information security management handbook:
Volume 7.
Kasemsap, K. (January 01, 2017). Software as a Service, Semantic Web, and Big Data.
Katzan, H. (2014). Computer data security. New York: Van Nostrand Reinhold.
Kuttner, H., & Moore, C. L. (2012). Android. Wilsonville, or: EStar Books.
Ligh, M. H. (2011). Malware analyst's cookbook: Tools and techniques for fighting malicious
References
Andress, J. (2011). The Basics of Information Security: Understanding the Fundamentals of
InfoSec in Theory and Practice. Burlington: Elsevier Science.
Applegate, K. A. (2016). The Android. Milwaukee, WI: Gareth Stevens Pub.
Assing, D., Calé, S., & Cale, S. (2013). Mobile Access Safety: Beyond BYOD. Somerset: Wiley
Bao, F., Chen, L., Deng, R. H., & Wang, G. (2016). Information Security Practice and
Experience: 12th International Conference, ISPEC 2016, Zhangjiajie, China, November
16-18, 2016, Proceedings.
Bhowmik, S. (2017). Cloud Computing. Cambridge: Cambridge University Press
Bishop, M. (2016). Information security. Place of publication not identified: Springer
International Pu.
Buyya, R., Vecchiola, C., & Selvi, S. T. (2017). Mastering cloud computing: Foundations and
applications programming. Waltham, MA: Morgan Kaufmann
Dawson, M., Omar, M., Abramson, J., & Bessette, D. (January 01, 2014). The Future of National
and International Security on the Internet
Economics of information security. (2014). Boston: Kluwer.
Endrijonas, J. (2015). Data security. Rocklin, Calif: Prima Pub.
From the Trench of Insecurity. (August 20, 2015). The State of Security: Tripwire, 2015-8
Gardner, G. C. (January 01, 2017). The Lived Experience of Smartphone Use in a Unit of the
United States Army.
Gralla, P. (2006). How personal & Internet security works. Indianapolis, Ind.: Que Pub.
Grefen, P. (July 01, 2013). Networked Business Process Management. International Journal of
It/business Alignment and Governance (ijitbag), 4, 2, 54-82
In Bauer, J. P. (2011). Computer science research and technology: Vol. 3
In Tipton, H. F., & In Nozaki, M. K. (2014). Information security management handbook:
Volume 7.
Kasemsap, K. (January 01, 2017). Software as a Service, Semantic Web, and Big Data.
Katzan, H. (2014). Computer data security. New York: Van Nostrand Reinhold.
Kuttner, H., & Moore, C. L. (2012). Android. Wilsonville, or: EStar Books.
Ligh, M. H. (2011). Malware analyst's cookbook: Tools and techniques for fighting malicious
IT RISK ASSESSMENT REPORT 13
code. Indianapolis, Ind: Wiley Pub.
Miller. (2009). Cloud Computing. Que Publishing.
Mobile security: Antivirus & apps. for Android, Apple users. (2014). S.l.: CreateSpace
Ohio. (2012). Internet security. Columbus: Office of Statewide IT Policy.
Pang, A. S.-K., Dixon, W., & Hoopla digital. (2013). the distraction addiction: Getting the
information you need and the communication you want, without enraging your family, annoying
your colleagues, and destroying your soul. United States: Gildan Audio
Pradhan, D. K., International Conference on Advances in Computing and Communications,
Preetham, V. V. (2012). Internet security and firewalls. Cincinnati, Ohio: Premier Press.
Stiakakis, E., Georgiadis, C. K., & Andronoudi, A. (November 01, 2016). Users’
Perceptions about mobile security breaches. Information Systems and E-Business
Management, 14, 4, 857-882
Susilo, W., & Mu, Y. (2014). Information Security and Privacy: 19th Australasian Conference,
ACISP 2014, Wollongong, NSW, Australia, July 7-9, 2014. Proceedings. Cham: Springer
International Publishing.
United States. & United States. (2012). Information technology reform: Progress made but
future cloud computing efforts should be better planned : report to the Subcommittee on
Federal Financial Management, Government Information, Federal Services, and
International Security, Committee on Homeland Security and Governmental Affairs,
United States Senate. Washington, D.C.: U.S. Govt. Accountability Office.
United States. (2013). Information security. Washington, D.C.: U.S. Dept. of Justice, U.S.
Marshals Service, Office of Inspections, Internal Security Division.
Weidman, G., & Eeckhoutte, P. V. (2014). Penetration testing: A hands-on introduction to
hacking
Windley, P. J. (2012). The live web: Building event-based connections in the cloud. Boston,
Mass: Course Technolgy
Zelkowitz, M. V. (2015). Information security. Amsterdam: Elsevier Academic Press
code. Indianapolis, Ind: Wiley Pub.
Miller. (2009). Cloud Computing. Que Publishing.
Mobile security: Antivirus & apps. for Android, Apple users. (2014). S.l.: CreateSpace
Ohio. (2012). Internet security. Columbus: Office of Statewide IT Policy.
Pang, A. S.-K., Dixon, W., & Hoopla digital. (2013). the distraction addiction: Getting the
information you need and the communication you want, without enraging your family, annoying
your colleagues, and destroying your soul. United States: Gildan Audio
Pradhan, D. K., International Conference on Advances in Computing and Communications,
Preetham, V. V. (2012). Internet security and firewalls. Cincinnati, Ohio: Premier Press.
Stiakakis, E., Georgiadis, C. K., & Andronoudi, A. (November 01, 2016). Users’
Perceptions about mobile security breaches. Information Systems and E-Business
Management, 14, 4, 857-882
Susilo, W., & Mu, Y. (2014). Information Security and Privacy: 19th Australasian Conference,
ACISP 2014, Wollongong, NSW, Australia, July 7-9, 2014. Proceedings. Cham: Springer
International Publishing.
United States. & United States. (2012). Information technology reform: Progress made but
future cloud computing efforts should be better planned : report to the Subcommittee on
Federal Financial Management, Government Information, Federal Services, and
International Security, Committee on Homeland Security and Governmental Affairs,
United States Senate. Washington, D.C.: U.S. Govt. Accountability Office.
United States. (2013). Information security. Washington, D.C.: U.S. Dept. of Justice, U.S.
Marshals Service, Office of Inspections, Internal Security Division.
Weidman, G., & Eeckhoutte, P. V. (2014). Penetration testing: A hands-on introduction to
hacking
Windley, P. J. (2012). The live web: Building event-based connections in the cloud. Boston,
Mass: Course Technolgy
Zelkowitz, M. V. (2015). Information security. Amsterdam: Elsevier Academic Press
1 out of 13
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.