Developing a Comprehensive Risk Management Strategy for Aztek Inc.
VerifiedAdded on 2019/10/31
|20
|5080
|285
Report
AI Summary
The assignment content discusses the risks associated with Aztek's employees using their personal devices for professional tasks, which may lead to network-based attacks and accidental exposure of official information. To manage these risks, a risk analysis is necessary to identify potential threats, followed by the development of measures for network security and management. The plan should include administrative checks, stronger technical controls, and physical security measures. Additionally, the organization's security strategy must be updated with the latest set of controls.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Aztek: IT Risk Management
Bring Your Own Devices (BYOD)
9/22/2017
Bring Your Own Devices (BYOD)
9/22/2017
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Management at Aztek
Executive Summary
Aztek is a company that is based out of Australia and that provides financial activities to the users and its
customers. The organization has been working for the users of Australia and beyond to provide them with
the best quality services. There are many new clients and partners that are now collaborating with Aztek
which has brought additional set of services that need to be executed. In this phase of expansion, there are
many operational and information management issues that have been coming up. The management of the
company has suggested many projects that may resolve such issues. The project that has been selected for
implementation is the Bring Your Own Devices (BYOD) and its inclusion in the organization. The report
covers the organization and project overview along with its analysis from the financial aspect. The
changes that the organization will bring to the organization in terms of the update of the strategy has been
covered and the project risks and risk management process. The types of information and their
management from the security perspective have also been included.
Findings and Recommendations
There are many security threats and threats that are identified and described in the report with the
implementation of BYOD project (Cioupdate, 2016).
Many different countermeasures are necessary to be implemented in order to ensure that the risks and
attacks are avoided and prevented. These countermeasures are classified in three classes as administrative
controls, technical controls and physical controls.
The recommended controls under the category of administrative controls include the use of technology in
the form of administrative checks. There are validation and verification processes that shall be executed
by the administration of Aztek by using technical tools as well. The management and administration must
carry out verification techniques like reviews, inspections and control procedures by using automated
tracking tools and audit systems. There shall also be discussions carried out with the security team and
departments so that the required updates can be done in the security strategy and policy followed by
Aztek.
The second set of controls as countermeasures that have been recommended for Aztek include the use of
enhanced technologies. The first process shall be research and analysis of new technologies that can be
applied in the area of security. There are new concepts that have been invented in the area of technology
such as business intelligence and Big Data. These technologies shall be used to improve the security, such
as, use of data analysis for analyzing the behavior of patterns and trends followed by attackers. There are
2
Executive Summary
Aztek is a company that is based out of Australia and that provides financial activities to the users and its
customers. The organization has been working for the users of Australia and beyond to provide them with
the best quality services. There are many new clients and partners that are now collaborating with Aztek
which has brought additional set of services that need to be executed. In this phase of expansion, there are
many operational and information management issues that have been coming up. The management of the
company has suggested many projects that may resolve such issues. The project that has been selected for
implementation is the Bring Your Own Devices (BYOD) and its inclusion in the organization. The report
covers the organization and project overview along with its analysis from the financial aspect. The
changes that the organization will bring to the organization in terms of the update of the strategy has been
covered and the project risks and risk management process. The types of information and their
management from the security perspective have also been included.
Findings and Recommendations
There are many security threats and threats that are identified and described in the report with the
implementation of BYOD project (Cioupdate, 2016).
Many different countermeasures are necessary to be implemented in order to ensure that the risks and
attacks are avoided and prevented. These countermeasures are classified in three classes as administrative
controls, technical controls and physical controls.
The recommended controls under the category of administrative controls include the use of technology in
the form of administrative checks. There are validation and verification processes that shall be executed
by the administration of Aztek by using technical tools as well. The management and administration must
carry out verification techniques like reviews, inspections and control procedures by using automated
tracking tools and audit systems. There shall also be discussions carried out with the security team and
departments so that the required updates can be done in the security strategy and policy followed by
Aztek.
The second set of controls as countermeasures that have been recommended for Aztek include the use of
enhanced technologies. The first process shall be research and analysis of new technologies that can be
applied in the area of security. There are new concepts that have been invented in the area of technology
such as business intelligence and Big Data. These technologies shall be used to improve the security, such
as, use of data analysis for analyzing the behavior of patterns and trends followed by attackers. There are
2
IT Risk Management at Aztek
also other technical tools that have been invented in the form of anti-malware and anti-denial tools.
Advanced encryption tools along with many of the intrusion detection tools shall also be used.
Physical controls are often not considered as applicable in the new-age business set-ups. It is because of
the reason that there is an increased use of virtual technology and concepts in all the business units.
However, the applicability of the physical controls shall also be considered and improved in Aztek for the
protection of information and devices. There shall be implementation of latest forms of authentication,
access control and identity management that must be used and applied in Aztek.
The use of all of these technologies and concepts in Aztek will strengthen the overall security of the
organization. There must also be user awareness that must be created to ensure that the user errors and
mistakes are avoided.
There shall also be update and maintenance process that must be carried out for the devices of the
employees. These processes will lead to the avoidance of the risks that come up due to security flaws in
the devices. The security and IT team must carry out audits to identify the devices of the employees that
require an update to be installed.
3
also other technical tools that have been invented in the form of anti-malware and anti-denial tools.
Advanced encryption tools along with many of the intrusion detection tools shall also be used.
Physical controls are often not considered as applicable in the new-age business set-ups. It is because of
the reason that there is an increased use of virtual technology and concepts in all the business units.
However, the applicability of the physical controls shall also be considered and improved in Aztek for the
protection of information and devices. There shall be implementation of latest forms of authentication,
access control and identity management that must be used and applied in Aztek.
The use of all of these technologies and concepts in Aztek will strengthen the overall security of the
organization. There must also be user awareness that must be created to ensure that the user errors and
mistakes are avoided.
There shall also be update and maintenance process that must be carried out for the devices of the
employees. These processes will lead to the avoidance of the risks that come up due to security flaws in
the devices. The security and IT team must carry out audits to identify the devices of the employees that
require an update to be installed.
3
IT Risk Management at Aztek
Introduction.................................................................................................................................................5
Description of Aztek................................................................................................................................5
BYOD: Project Overview........................................................................................................................5
Financial Services Review of the BYOD Project........................................................................................6
Description of Project from the Financial Perspective.............................................................................7
Impact of BYOD on the Current Security Infrastructure of Aztek..............................................................8
Risk Assessment Process...........................................................................................................................10
Process for the Management of Risks....................................................................................................10
Risk Register for Aztek.........................................................................................................................11
Data Security for Aztek.............................................................................................................................14
Conclusion.................................................................................................................................................15
References.................................................................................................................................................17
4
Introduction.................................................................................................................................................5
Description of Aztek................................................................................................................................5
BYOD: Project Overview........................................................................................................................5
Financial Services Review of the BYOD Project........................................................................................6
Description of Project from the Financial Perspective.............................................................................7
Impact of BYOD on the Current Security Infrastructure of Aztek..............................................................8
Risk Assessment Process...........................................................................................................................10
Process for the Management of Risks....................................................................................................10
Risk Register for Aztek.........................................................................................................................11
Data Security for Aztek.............................................................................................................................14
Conclusion.................................................................................................................................................15
References.................................................................................................................................................17
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Risk Management at Aztek
Introduction
Description of Aztek
There are various sectors and industries that are set up in every country that contribute towards
the economy and growth for the same. One such industry is the finance industry that comprises
of many financial agencies, organizations and business units. Australia is also home to many
such set ups that are providing excellent financial services and operations to the people and an
example of the same is Aztek. It is an Australian organization that provides finance related
services and therefore, manages and processes information related with the same. The population
of the world is increasing rapidly and so is the demand for every service and solution. Aztek has
managed to establish a good name in the market due to which its customer base has grown over
the years. However, the current infrastructure and environment at Aztek is no longer suitable to
perform the business operations with the required quality and results. There are various issues
that are being coming up in terms of information sharing and management, communication
activities, business operations and continuity. Also, with the increase in the volumes and
varieties of information, the types and number of security occurrences has also increased. The
organization information is one of the prime assets for Aztek which cannot be avoided at any
cost.
Looking at the severity of the situation, the management at Aztek has proposed many projects.
These projects have the objectives to make sure that the current set of problems is avoided and
the business continuity and revenues are enhanced.
The report covers the risk assessment and management for the project that has been
recommended for Aztek.
BYOD: Project Overview
Bring Your Own Devices (BYOD) is a scheme in which the members of staff of a particular
organization are granted the permission to bring and use their personal gadgets and devices in
office for the execution and accomplishment of the official tasks and activities. The several
projects that have been recommended by the management were analyzed with their respective
pros and cons and the one that has been selected for implementation at Aztek is BYOD project.
5
Introduction
Description of Aztek
There are various sectors and industries that are set up in every country that contribute towards
the economy and growth for the same. One such industry is the finance industry that comprises
of many financial agencies, organizations and business units. Australia is also home to many
such set ups that are providing excellent financial services and operations to the people and an
example of the same is Aztek. It is an Australian organization that provides finance related
services and therefore, manages and processes information related with the same. The population
of the world is increasing rapidly and so is the demand for every service and solution. Aztek has
managed to establish a good name in the market due to which its customer base has grown over
the years. However, the current infrastructure and environment at Aztek is no longer suitable to
perform the business operations with the required quality and results. There are various issues
that are being coming up in terms of information sharing and management, communication
activities, business operations and continuity. Also, with the increase in the volumes and
varieties of information, the types and number of security occurrences has also increased. The
organization information is one of the prime assets for Aztek which cannot be avoided at any
cost.
Looking at the severity of the situation, the management at Aztek has proposed many projects.
These projects have the objectives to make sure that the current set of problems is avoided and
the business continuity and revenues are enhanced.
The report covers the risk assessment and management for the project that has been
recommended for Aztek.
BYOD: Project Overview
Bring Your Own Devices (BYOD) is a scheme in which the members of staff of a particular
organization are granted the permission to bring and use their personal gadgets and devices in
office for the execution and accomplishment of the official tasks and activities. The several
projects that have been recommended by the management were analyzed with their respective
pros and cons and the one that has been selected for implementation at Aztek is BYOD project.
5
IT Risk Management at Aztek
There are different gadgets and technical devices that individuals own in the present times with
some of the common devices being Smartphones, laptops, tablets, routers, modems etc. Aztek is
a financial firm that is still growing and expanding. It may be challenging for the firm to procure
different devices for different projects. For instance, a financial application and service that is
provided by Aztek may be tested before release on the mobile devices. It would be required to
test the same on different operating systems like Android, Windows, iOS etc. This will need at
least four to five mobile devices which will come with a considerable cost. With the concept of
BYOD, the same process can be done without any additional cost by asking the employees to use
their own devices for the testing purpose.
The costs that will be avoided in such processed may be utilized in other activities and tasks.
Financial Services Review of the BYOD Project
There are different types of information that the organizations deal with. Some of these
information types may come under the least risk zones and there may be certain information sets
that may require highest form of security and control. Financial information is critical and very
sensitive in nature and the security of such information type cannot be taken lightly. The
majority of information sets that belong to Aztek come under this category only. The control and
secure monitoring of these information sets is therefore mandatory which shall also be guarded
by multiple security laws and protocols. Australia has many bodies and departments that regulate
the financial operations in the country and also look after the financial information for its correct
flow and protection. One such body is Australian Securities and Investments Commission
(ASIC). As the name suggests, ASIC is responsible for all types of payments that are carried out
and their adherence to the standards and compliance norms.
The rules and policies that are defined by ASIC must be followed and maintained by Aztek in its
implementation of BYOD in its architecture.
In the current era, most of the payment processes are done online. The rules and policies around
the electronic payments are different from the non-electronic payments. These e-payments are
therefore guarded and regulated by an e-payments code which has been defined by ASIC.
6
There are different gadgets and technical devices that individuals own in the present times with
some of the common devices being Smartphones, laptops, tablets, routers, modems etc. Aztek is
a financial firm that is still growing and expanding. It may be challenging for the firm to procure
different devices for different projects. For instance, a financial application and service that is
provided by Aztek may be tested before release on the mobile devices. It would be required to
test the same on different operating systems like Android, Windows, iOS etc. This will need at
least four to five mobile devices which will come with a considerable cost. With the concept of
BYOD, the same process can be done without any additional cost by asking the employees to use
their own devices for the testing purpose.
The costs that will be avoided in such processed may be utilized in other activities and tasks.
Financial Services Review of the BYOD Project
There are different types of information that the organizations deal with. Some of these
information types may come under the least risk zones and there may be certain information sets
that may require highest form of security and control. Financial information is critical and very
sensitive in nature and the security of such information type cannot be taken lightly. The
majority of information sets that belong to Aztek come under this category only. The control and
secure monitoring of these information sets is therefore mandatory which shall also be guarded
by multiple security laws and protocols. Australia has many bodies and departments that regulate
the financial operations in the country and also look after the financial information for its correct
flow and protection. One such body is Australian Securities and Investments Commission
(ASIC). As the name suggests, ASIC is responsible for all types of payments that are carried out
and their adherence to the standards and compliance norms.
The rules and policies that are defined by ASIC must be followed and maintained by Aztek in its
implementation of BYOD in its architecture.
In the current era, most of the payment processes are done online. The rules and policies around
the electronic payments are different from the non-electronic payments. These e-payments are
therefore guarded and regulated by an e-payments code which has been defined by ASIC.
6
IT Risk Management at Aztek
The protection of financial as well as other information that is associated with Aztek shall be
protected as per the Intellectual Property and Privacy guidelines.
Description of Project from the Financial Perspective
There are many different goals and objectives that have been listed and included by Aztek as a
business unit.
To serve the customers with high-grade financial services that have utmost reliability and
accuracy and least complexity involved.
To make sure that the engagement and satisfaction levels of the employees associated
with the organization is always high and is improved.
To make sure that the engagement and satisfaction levels of the customers associated
with the organization is always high and is improved.
To complete all the organizational activities as per the delivery schedule and the project
budget.
The goals and objectives of a project are also involved which shall be aligned with the
organizational goals. The case is the same with BYOD project which will be implemented in
Aztek.
The employees that are working in Aztek will gain an opportunity to bring their own
devices which will be installed with the applications and tools being used for the
organizational tasks. This will allow the employees to have a better work life balance as
they will be able to work at home and other non-office locations as well. This will add to
the objectives one and two of the organization as listed above.
Better efficiency of the employees will contribute towards the better and accurate results
of the financial operations. In this way, the customers will be provided with their
expected services and their engagement levels will improve.
Many additional costs in terms of cost of procurement and maintenance will be
eliminated which will increase the adherence to the budget.
Apart from the strategic alignment of the project with the organizational objectives, a number of
additional benefits will also be involved.
7
The protection of financial as well as other information that is associated with Aztek shall be
protected as per the Intellectual Property and Privacy guidelines.
Description of Project from the Financial Perspective
There are many different goals and objectives that have been listed and included by Aztek as a
business unit.
To serve the customers with high-grade financial services that have utmost reliability and
accuracy and least complexity involved.
To make sure that the engagement and satisfaction levels of the employees associated
with the organization is always high and is improved.
To make sure that the engagement and satisfaction levels of the customers associated
with the organization is always high and is improved.
To complete all the organizational activities as per the delivery schedule and the project
budget.
The goals and objectives of a project are also involved which shall be aligned with the
organizational goals. The case is the same with BYOD project which will be implemented in
Aztek.
The employees that are working in Aztek will gain an opportunity to bring their own
devices which will be installed with the applications and tools being used for the
organizational tasks. This will allow the employees to have a better work life balance as
they will be able to work at home and other non-office locations as well. This will add to
the objectives one and two of the organization as listed above.
Better efficiency of the employees will contribute towards the better and accurate results
of the financial operations. In this way, the customers will be provided with their
expected services and their engagement levels will improve.
Many additional costs in terms of cost of procurement and maintenance will be
eliminated which will increase the adherence to the budget.
Apart from the strategic alignment of the project with the organizational objectives, a number of
additional benefits will also be involved.
7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Management at Aztek
The devices of the employees will remain with them and during the days wherein there
will be lesser work in the organization; these may be used for hands-on on the upcoming
financial operations and project activities by the employees. In this manner, they will be
able to gain the required ease of usage and familiarity along with possible risk areas that
will be involved.
The employees will be able to share their details of work and the activities completed in a
day with their Project and Functional Managers using the resource management and
reporting tools through their devices (Gessner, 2016).
Testing of the applications and services will be done with much ease and with the use of
increased number of devices using the BYOD scheme. It will enhance the chances of
identifying more number of bugs and defects.
The employees will be able to share the information and stay connected with fellow
employees at all times (Retailwire, 2016).
The rules and guidelines that have been stated by the Australian Boards and Bodies will also be
maintained in the project. On the basis of the feasibility study, the project has been found to be
feasible from the viewpoints of operational, technical and economical feasibility.
Impact of BYOD on the Current Security Infrastructure of Aztek
BYOD is a scheme that has a number of positive implications on the organizations but it comes
with its own challenges and issues. The same would happen with the implementation of BYOD
in Aztek. All of the risks and threats will require a specific medium for execution and this
medium is termed as a threat agent. There may be many different agents that may be present
within and outside of the organization that may give shape to the attacks. For instance, the staff
members, internal and external networks, technical tools and equipment, end-users etc. will come
under the category of threat agents. There will be a strategy that will be required for the handling
and control of these threats.
BYOD is a new and first of its kind project that will be implemented in Aztek. This will lead to
the emergence of many new forms of security risks and attacks and a control strategy will need
to be added up for the same.
8
The devices of the employees will remain with them and during the days wherein there
will be lesser work in the organization; these may be used for hands-on on the upcoming
financial operations and project activities by the employees. In this manner, they will be
able to gain the required ease of usage and familiarity along with possible risk areas that
will be involved.
The employees will be able to share their details of work and the activities completed in a
day with their Project and Functional Managers using the resource management and
reporting tools through their devices (Gessner, 2016).
Testing of the applications and services will be done with much ease and with the use of
increased number of devices using the BYOD scheme. It will enhance the chances of
identifying more number of bugs and defects.
The employees will be able to share the information and stay connected with fellow
employees at all times (Retailwire, 2016).
The rules and guidelines that have been stated by the Australian Boards and Bodies will also be
maintained in the project. On the basis of the feasibility study, the project has been found to be
feasible from the viewpoints of operational, technical and economical feasibility.
Impact of BYOD on the Current Security Infrastructure of Aztek
BYOD is a scheme that has a number of positive implications on the organizations but it comes
with its own challenges and issues. The same would happen with the implementation of BYOD
in Aztek. All of the risks and threats will require a specific medium for execution and this
medium is termed as a threat agent. There may be many different agents that may be present
within and outside of the organization that may give shape to the attacks. For instance, the staff
members, internal and external networks, technical tools and equipment, end-users etc. will come
under the category of threat agents. There will be a strategy that will be required for the handling
and control of these threats.
BYOD is a new and first of its kind project that will be implemented in Aztek. This will lead to
the emergence of many new forms of security risks and attacks and a control strategy will need
to be added up for the same.
8
IT Risk Management at Aztek
The newest addition in the organization will be in the form of the devices that will be brought in
by the employees for the execution of the professional tasks. These devices may have the
security tools implemented in them which may be fit for the personal tasks of the employees but
may not be sufficient for the protection of the organizational information. An analysis of these
devices would be required to be done by the IT and security team at Aztek to make the devices
suitable for use. The basic security in the form of malware protection, intrusion detection,
authentication and access control will be necessary to be implemented.
The threat agents that are associated with Aztek may include many different entities but a large
portion of the attacks will take place through the medium of networks. A risk analysis of all of
these network based attacks will be necessary to be done which shall be followed by the
development of the measures for network security and management. There are many new tools
that have been created with the development of technology in the area of network technology.
These tools along with the latest concepts of business intelligence shall be applied for removing
the threats and attacks from their root altogether. This will end all the probability of the attack
taking place in the future (Coleman, 2011).
The employees of Aztek will make use of their devices at their homes and other non-office
locations as well. This is because their devices will be equipped with the specific tools and
applications that will be required for the execution of professional tasks. However, some of these
applications must be allowed to be accessed from the office networks only. This is because
public networks and use of devices by the unauthorized users may add up to the likelihood of the
risks (Newton, 2015).
The devices of the employees may be used by their family members and friends as well. These
individuals may access the official tools and the information may get exposed to them. Such will
be the accidental attacks to security and privacy of information. There may also be intentional
attacks that the employees may execute so that they may receive monetary or other benefits from
the parties. The strategies will be required to be developed and implemented for the avoidance of
such insider threats (Trendmicro, 2016).
The security policy must explicitly state the risks and the corresponding security strategy to treat
them.
9
The newest addition in the organization will be in the form of the devices that will be brought in
by the employees for the execution of the professional tasks. These devices may have the
security tools implemented in them which may be fit for the personal tasks of the employees but
may not be sufficient for the protection of the organizational information. An analysis of these
devices would be required to be done by the IT and security team at Aztek to make the devices
suitable for use. The basic security in the form of malware protection, intrusion detection,
authentication and access control will be necessary to be implemented.
The threat agents that are associated with Aztek may include many different entities but a large
portion of the attacks will take place through the medium of networks. A risk analysis of all of
these network based attacks will be necessary to be done which shall be followed by the
development of the measures for network security and management. There are many new tools
that have been created with the development of technology in the area of network technology.
These tools along with the latest concepts of business intelligence shall be applied for removing
the threats and attacks from their root altogether. This will end all the probability of the attack
taking place in the future (Coleman, 2011).
The employees of Aztek will make use of their devices at their homes and other non-office
locations as well. This is because their devices will be equipped with the specific tools and
applications that will be required for the execution of professional tasks. However, some of these
applications must be allowed to be accessed from the office networks only. This is because
public networks and use of devices by the unauthorized users may add up to the likelihood of the
risks (Newton, 2015).
The devices of the employees may be used by their family members and friends as well. These
individuals may access the official tools and the information may get exposed to them. Such will
be the accidental attacks to security and privacy of information. There may also be intentional
attacks that the employees may execute so that they may receive monetary or other benefits from
the parties. The strategies will be required to be developed and implemented for the avoidance of
such insider threats (Trendmicro, 2016).
The security policy must explicitly state the risks and the corresponding security strategy to treat
them.
9
IT Risk Management at Aztek
Risk Assessment Process
Risk is defined as any activity or action that may have a positive or negative impact with its
result and may not be preferred for the entities in which they may occur. In most cases, the
outcome of these risks is negative. There are many risks that are associated with the BYOD
project of Aztek that need to be assessed and managed with a proper plan and with utmost
dedication (Crane, 2013).
Process for the Management of Risks
Risk management is a process that combines many steps and phases that are taken to make sure
that the risks are avoided. The management of these risks and occurrences need to be treated
with a proper plan and the following is the set of phases that will be involved in the risk
management procedure followed at Aztek.
Aztek: Process for the management of risks
An identification of the risks will be required so that the further actions and steps may be taken
(Capterra, 2016). There are various data sources that shall be explored to make sure that the risks
are correctly identified (Berg, 2016).
The next step in the process shall include the correct assessment and prioritization of the risks.
This step in the risk management process will list down the risks in the form of a risk register.
The risk register will provide the information on the risk and its description, its impact and
likelihood along with the level in terms of the overall risk ranking (Castsoftware, 2016).
Planning is an essential step in every activity and the same holds true for the management of the
risks as well. The risk management plan must list down the resources responsible for the
management of risks along with the description of the processes for the handling of the risks that
are identified and analyzed. The next process shall include the treatment strategies that may be
applied and the guidelines that shall be taken for the treatment strategy for a particular risk
(Microsoft, 2016).
10
Risk
Identification
Risk
Assessmentand
Prioritization
Risk Planning &
Treatment
Risk Tracking
and Report Risk Control Monitor and
Review
Risk Assessment Process
Risk is defined as any activity or action that may have a positive or negative impact with its
result and may not be preferred for the entities in which they may occur. In most cases, the
outcome of these risks is negative. There are many risks that are associated with the BYOD
project of Aztek that need to be assessed and managed with a proper plan and with utmost
dedication (Crane, 2013).
Process for the Management of Risks
Risk management is a process that combines many steps and phases that are taken to make sure
that the risks are avoided. The management of these risks and occurrences need to be treated
with a proper plan and the following is the set of phases that will be involved in the risk
management procedure followed at Aztek.
Aztek: Process for the management of risks
An identification of the risks will be required so that the further actions and steps may be taken
(Capterra, 2016). There are various data sources that shall be explored to make sure that the risks
are correctly identified (Berg, 2016).
The next step in the process shall include the correct assessment and prioritization of the risks.
This step in the risk management process will list down the risks in the form of a risk register.
The risk register will provide the information on the risk and its description, its impact and
likelihood along with the level in terms of the overall risk ranking (Castsoftware, 2016).
Planning is an essential step in every activity and the same holds true for the management of the
risks as well. The risk management plan must list down the resources responsible for the
management of risks along with the description of the processes for the handling of the risks that
are identified and analyzed. The next process shall include the treatment strategies that may be
applied and the guidelines that shall be taken for the treatment strategy for a particular risk
(Microsoft, 2016).
10
Risk
Identification
Risk
Assessmentand
Prioritization
Risk Planning &
Treatment
Risk Tracking
and Report Risk Control Monitor and
Review
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Risk Management at Aztek
The management and administrative bodies must look after the status of the risks by carrying out
verification and validation processes frequently (Development, 2013). The risks shall be
monitored and controlled and a report must be prepared for covering the activities that are
carried out for every risk (Vila, 2012).
Risk Register for Aztek
ID Name Likelih
ood
Impact Description Ranki
ng
Level
Highest – 1
Lowest - 5
AZR
1
Informatio
n and data
breaches
Medium High The networks or
the poor access
control measures
may be utilized
by the attackers
to breach the
information sets
in the database
Critica
l Risk
1
AZR
2
Informatio
n Leakage
Medium High The contents and
properties of the
information may
get leaked while
its transmission
and sharing
(Informationwee
k, 2016)
Critica
l Risk
2
AZR
3
Account
Hacking
Medium High The user and
employee
accounts may get
hacked by the
hackers and
Mediu
m
Risk
3
11
The management and administrative bodies must look after the status of the risks by carrying out
verification and validation processes frequently (Development, 2013). The risks shall be
monitored and controlled and a report must be prepared for covering the activities that are
carried out for every risk (Vila, 2012).
Risk Register for Aztek
ID Name Likelih
ood
Impact Description Ranki
ng
Level
Highest – 1
Lowest - 5
AZR
1
Informatio
n and data
breaches
Medium High The networks or
the poor access
control measures
may be utilized
by the attackers
to breach the
information sets
in the database
Critica
l Risk
1
AZR
2
Informatio
n Leakage
Medium High The contents and
properties of the
information may
get leaked while
its transmission
and sharing
(Informationwee
k, 2016)
Critica
l Risk
2
AZR
3
Account
Hacking
Medium High The user and
employee
accounts may get
hacked by the
hackers and
Mediu
m
Risk
3
11
IT Risk Management at Aztek
attackers to
obtain the
information and
access.
AZR
4
Security
Vulnerabili
ties
High Medium-
High
The existing
weaknesses and
vulnerabilities
present in the
security
architecture of
Aztek may be
exploited and
misused
(Grimes, 2016)
High
Risk
3
AZR
5
SQL
Injection
Attacks
Medium High The SQL queries
that are used in
the databases for
performing
various
operations may
be injected with
malicious codes
and programs
(Usask, 2017)
High
Risk
3
AZR
6
Availabilit
y Attacks
Medium
-High
High Information
availability may
be compromised
with the
introduction of
traffic on the
internal and
Critica
l Risk
1
12
attackers to
obtain the
information and
access.
AZR
4
Security
Vulnerabili
ties
High Medium-
High
The existing
weaknesses and
vulnerabilities
present in the
security
architecture of
Aztek may be
exploited and
misused
(Grimes, 2016)
High
Risk
3
AZR
5
SQL
Injection
Attacks
Medium High The SQL queries
that are used in
the databases for
performing
various
operations may
be injected with
malicious codes
and programs
(Usask, 2017)
High
Risk
3
AZR
6
Availabilit
y Attacks
Medium
-High
High Information
availability may
be compromised
with the
introduction of
traffic on the
internal and
Critica
l Risk
1
12
IT Risk Management at Aztek
external
networks of
Aztek that may
lead to a
breakdown
situation
(Stoneburner,
2002)
AZR
7
Device
Related
Risks
Medium High The employees
may lose their
devices in an
accident or a
deliberate
attempt by the
attacker to steal
the devices for
accessing the
information
Critica
l Risk
1
AZR
8
Virus and
ransomwar
e attacks
High High There are
various forms of
malware like
viruses and
ransomware that
may be triggered
and launched for
causing damage
High
Risk
2
AZR
9
Impersonat
ion attacks
Medium Medium-
High
The attackers
may impersonate
themselves as
authentic users
to trick the users
Critica
l Risk
1
13
external
networks of
Aztek that may
lead to a
breakdown
situation
(Stoneburner,
2002)
AZR
7
Device
Related
Risks
Medium High The employees
may lose their
devices in an
accident or a
deliberate
attempt by the
attacker to steal
the devices for
accessing the
information
Critica
l Risk
1
AZR
8
Virus and
ransomwar
e attacks
High High There are
various forms of
malware like
viruses and
ransomware that
may be triggered
and launched for
causing damage
High
Risk
2
AZR
9
Impersonat
ion attacks
Medium Medium-
High
The attackers
may impersonate
themselves as
authentic users
to trick the users
Critica
l Risk
1
13
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Management at Aztek
and get
information from
them, for
example,
spoofing and
phishing attacks
AZR
10
Eavesdrop
ping
Attack
Medium Medium The networks
that are used in
the project may
be attacked by
the malevolent
entities and they
may eavesdrop
the same by
capturing the
activities on the
network
High 2
There may also be situations in which the users, that is, the device owners may not take adequate
measures for the avoidance and prevention of the risks. For instance, they may not update their
devices regularly to avoid the attacks and threats (Qld, 2016). This may lead to the increased
probability of the risks.
There are also risks and threats that may come up in the form of insider threats. The devices of
the employees may be used by their family members and friends as well. These individuals may
access the official tools and the information may get exposed to them. Such will be the
accidental attacks to security and privacy of information. There may also be intentional attacks
that the employees may execute so that they may receive monetary or other benefits from the
parties. The strategies will be required to be developed and implemented for the avoidance of
such insider threats (Markovic-Petrovic & Stojanovic, 2014).
14
and get
information from
them, for
example,
spoofing and
phishing attacks
AZR
10
Eavesdrop
ping
Attack
Medium Medium The networks
that are used in
the project may
be attacked by
the malevolent
entities and they
may eavesdrop
the same by
capturing the
activities on the
network
High 2
There may also be situations in which the users, that is, the device owners may not take adequate
measures for the avoidance and prevention of the risks. For instance, they may not update their
devices regularly to avoid the attacks and threats (Qld, 2016). This may lead to the increased
probability of the risks.
There are also risks and threats that may come up in the form of insider threats. The devices of
the employees may be used by their family members and friends as well. These individuals may
access the official tools and the information may get exposed to them. Such will be the
accidental attacks to security and privacy of information. There may also be intentional attacks
that the employees may execute so that they may receive monetary or other benefits from the
parties. The strategies will be required to be developed and implemented for the avoidance of
such insider threats (Markovic-Petrovic & Stojanovic, 2014).
14
IT Risk Management at Aztek
Data Security for Aztek
Financial information is critical and very sensitive in nature and the security of such information
type cannot be taken lightly. The majority of information sets that belong to Aztek come under
this category only. The control and secure monitoring of these information sets is therefore
mandatory which shall also be guarded by multiple security laws and protocols.
Sensitive Data: The information including the passwords and PIN number of the users for
accessing their financial data or the transactional details associated with the user accounts
(Scu, 2016).
Confidential Data: The financial services and projects taken up by the organization along
with the new set of technologies and activities that the organization might be working
upon.
Private Data: The information of the members of the staff and the customers such as their
names and address and contact details (Test-institute, 2016).
Public Data: The set of goals and strategies of the organization with the vision and
mission.
The above set of information categories and types shall be allowed to be accessed only to the
users who are authorized to handle the same. It shall be based upon the attributes and the roles of
the users (Chapman, 2000).
Information Classification User role and Privileges
Type of the information/data: Sensitive Information Sets Allowed to be Accessed –
Board of directors of Aztek and company CEO
Resources responsible and accountable for the
maintenance of security: CIO of the company
and security manager
Type of the information/data: Confidential Information Sets Allowed to be Accessed –
Project Managers & Leaders, Department
Heads
Resources responsible and accountable for the
maintenance of security - CIO of the company
and security manager
15
Data Security for Aztek
Financial information is critical and very sensitive in nature and the security of such information
type cannot be taken lightly. The majority of information sets that belong to Aztek come under
this category only. The control and secure monitoring of these information sets is therefore
mandatory which shall also be guarded by multiple security laws and protocols.
Sensitive Data: The information including the passwords and PIN number of the users for
accessing their financial data or the transactional details associated with the user accounts
(Scu, 2016).
Confidential Data: The financial services and projects taken up by the organization along
with the new set of technologies and activities that the organization might be working
upon.
Private Data: The information of the members of the staff and the customers such as their
names and address and contact details (Test-institute, 2016).
Public Data: The set of goals and strategies of the organization with the vision and
mission.
The above set of information categories and types shall be allowed to be accessed only to the
users who are authorized to handle the same. It shall be based upon the attributes and the roles of
the users (Chapman, 2000).
Information Classification User role and Privileges
Type of the information/data: Sensitive Information Sets Allowed to be Accessed –
Board of directors of Aztek and company CEO
Resources responsible and accountable for the
maintenance of security: CIO of the company
and security manager
Type of the information/data: Confidential Information Sets Allowed to be Accessed –
Project Managers & Leaders, Department
Heads
Resources responsible and accountable for the
maintenance of security - CIO of the company
and security manager
15
IT Risk Management at Aztek
Type of the information/data: Private Information Sets Allowed to be Accessed –
Data Scientists and Data Managers (Dey,
2008)
Resources responsible and accountable for the
maintenance of security – Security Manager,
Security Analysts
Type of the information/data: Public Information Sets Allowed to be Accessed –
Company stakeholders
Resources responsible and accountable for the
maintenance of security – Security team of
Aztek
Conclusion
Aztek is an Australian organization that provides finance related services and therefore, manages
and processes information related with the same. The population of the world is increasing
rapidly and so is the demand for every service and solution. Aztek has managed to establish a
good name in the market due to which its customer base has grown over the years. However, the
current infrastructure and environment at Aztek is no longer suitable to perform the business
operations with the required quality and results. There are various issues that are being coming
up in terms of information sharing and management, communication activities, business
operations and continuity.
BYOD is a new and first of its kind project that will be implemented in Aztek. This will lead to
the emergence of many new forms of security risks and attacks and a control strategy will need
to be added up for the same. The newest addition in the organization will be in the form of the
devices that will be brought in by the employees for the execution of the professional tasks. The
threat agents that are associated with Aztek may include many different entities but a large
portion of the attacks will take place through the medium of networks. A risk analysis of all of
these network based attacks will be necessary to be done which shall be followed by the
development of the measures for network security and management. The devices of the
employees may be used by their family members and friends as well. These individuals may
16
Type of the information/data: Private Information Sets Allowed to be Accessed –
Data Scientists and Data Managers (Dey,
2008)
Resources responsible and accountable for the
maintenance of security – Security Manager,
Security Analysts
Type of the information/data: Public Information Sets Allowed to be Accessed –
Company stakeholders
Resources responsible and accountable for the
maintenance of security – Security team of
Aztek
Conclusion
Aztek is an Australian organization that provides finance related services and therefore, manages
and processes information related with the same. The population of the world is increasing
rapidly and so is the demand for every service and solution. Aztek has managed to establish a
good name in the market due to which its customer base has grown over the years. However, the
current infrastructure and environment at Aztek is no longer suitable to perform the business
operations with the required quality and results. There are various issues that are being coming
up in terms of information sharing and management, communication activities, business
operations and continuity.
BYOD is a new and first of its kind project that will be implemented in Aztek. This will lead to
the emergence of many new forms of security risks and attacks and a control strategy will need
to be added up for the same. The newest addition in the organization will be in the form of the
devices that will be brought in by the employees for the execution of the professional tasks. The
threat agents that are associated with Aztek may include many different entities but a large
portion of the attacks will take place through the medium of networks. A risk analysis of all of
these network based attacks will be necessary to be done which shall be followed by the
development of the measures for network security and management. The devices of the
employees may be used by their family members and friends as well. These individuals may
16
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Risk Management at Aztek
access the official tools and the information may get exposed to them. Such will be the
accidental attacks to security and privacy of information.
The management of these risks and occurrences need to be treated with a proper plan with the
use of administrative checks, stronger technical controls and physical security. Also, the security
plan and the security strategy that is followed in the organization must be updated with the latest
set of controls in all of these three areas.
17
access the official tools and the information may get exposed to them. Such will be the
accidental attacks to security and privacy of information.
The management of these risks and occurrences need to be treated with a proper plan with the
use of administrative checks, stronger technical controls and physical security. Also, the security
plan and the security strategy that is followed in the organization must be updated with the latest
set of controls in all of these three areas.
17
IT Risk Management at Aztek
References
Berg, H. (2016). Risk Management. Retrieved 22 September 2017, from http://ww.gnedenko-
forum.org/Journal/2010/022010/RTA_2_2010-09.pdf
Berg, H. (2010). Risk Management: Procedures, Methods and Experiences. Retrieved 3
September 2017, from http://ww.gnedenko-forum.org/Journal/2010/022010/RTA_2_2010-
09.pdf
Capterra,. (2016). Best Risk Management Software | 2016 Reviews of the Most Popular Systems.
Capterra.com. Retrieved 22 September 2017, from http://www.capterra.com/risk-
management-software/
Castsoftware,. (2016). What is Software Risk & How To Prevent Software Risk | CAST Software.
Castsoftware.com. Retrieved 22 September 2017, from
http://www.castsoftware.com/research-labs/software-risk
Chapman, C. (2000). A desirable future for technology risk management. International Journal
Of Risk Assessment And Management, 1(1/2), 69.
http://dx.doi.org/10.1504/ijram.2000.001488
Cioupdate,. (2016). Effective Measures to Deal with Cloud Security -- CIO Update.
Cioupdate.com. Retrieved 22 September 2017, from http://www.cioupdate.com/technology-
trends/effective-measures-to-deal-with-cloud-security.html
Coleman, T. (2011). A Practical Guide to Risk Management. Cfapubs.org. Retrieved 3
September 2017, from http://www.cfapubs.org/doi/pdf/10.2470/rf.v2011.n3.1
Crane, L. (2013). Introduction to Risk Management. Retrieved 3 September 2017, from
http://extensionrme.org/pubs/IntroductionToRiskManagement.pdf
Development, C. (2013). What are the 5 Risk Management Process Steps?. Continuing
Professional Development. Retrieved 22 September 2017, from
http://continuingprofessionaldevelopment.org/risk-management-steps-in-risk-management-
process/
18
References
Berg, H. (2016). Risk Management. Retrieved 22 September 2017, from http://ww.gnedenko-
forum.org/Journal/2010/022010/RTA_2_2010-09.pdf
Berg, H. (2010). Risk Management: Procedures, Methods and Experiences. Retrieved 3
September 2017, from http://ww.gnedenko-forum.org/Journal/2010/022010/RTA_2_2010-
09.pdf
Capterra,. (2016). Best Risk Management Software | 2016 Reviews of the Most Popular Systems.
Capterra.com. Retrieved 22 September 2017, from http://www.capterra.com/risk-
management-software/
Castsoftware,. (2016). What is Software Risk & How To Prevent Software Risk | CAST Software.
Castsoftware.com. Retrieved 22 September 2017, from
http://www.castsoftware.com/research-labs/software-risk
Chapman, C. (2000). A desirable future for technology risk management. International Journal
Of Risk Assessment And Management, 1(1/2), 69.
http://dx.doi.org/10.1504/ijram.2000.001488
Cioupdate,. (2016). Effective Measures to Deal with Cloud Security -- CIO Update.
Cioupdate.com. Retrieved 22 September 2017, from http://www.cioupdate.com/technology-
trends/effective-measures-to-deal-with-cloud-security.html
Coleman, T. (2011). A Practical Guide to Risk Management. Cfapubs.org. Retrieved 3
September 2017, from http://www.cfapubs.org/doi/pdf/10.2470/rf.v2011.n3.1
Crane, L. (2013). Introduction to Risk Management. Retrieved 3 September 2017, from
http://extensionrme.org/pubs/IntroductionToRiskManagement.pdf
Development, C. (2013). What are the 5 Risk Management Process Steps?. Continuing
Professional Development. Retrieved 22 September 2017, from
http://continuingprofessionaldevelopment.org/risk-management-steps-in-risk-management-
process/
18
IT Risk Management at Aztek
Dey, P. (2008). Risk management in information technology projects. International Journal Of
Risk Assessment And Management, 9(3), 311. http://dx.doi.org/10.1504/ijram.2008.019747
Gessner, D. (2016). Towards a User-Friendly Security-Enhancing BYOD Solution. Retrieved 22
September 2017, from http://in.nec.com/en_IN/images/120324.pdf
Grimes, R. (2016). The 5 cloud risks you have to stop ignoring. InfoWorld. Retrieved 22
September 2017, from http://www.infoworld.com/article/2614369/security/the-5-cloud-
risks-you-have-to-stop-ignoring.html
InformationWeek,. (2016). 9 Worst Cloud Security Threats - InformationWeek.
InformationWeek. Retrieved 22 September 2017, from
http://www.informationweek.com/cloud/infrastructure-as-a-service/9-worst-cloud-security-
threats/d/d-id/1114085?page_number=2
Markovic-Petrovic, J., & Stojanovic, M. (2014). An Improved Risk Assessment Method for
SCADA Information Security. Elektronika Ir Elektrotechnika, 20(7).
http://dx.doi.org/10.5755/j01.eee.20.7.8027
Microsoft,. (2016). Risk Management Process Overview. Technet.microsoft.com. Retrieved 22
September 2017, from https://technet.microsoft.com/en-us/library/cc535304.aspx
Newton, P. (2015). Managing Project Risks. Retrieved 3 September 2017, from http://www.free-
management-ebooks.com/dldebk-pdf/fme-project-risk.pdf
Proconceptsllc,. (2016). Risk Radar® Enterprise, Risk Management Software | Pro-Concepts
LLC. Proconceptsllc.com. Retrieved 22 September 2017, from
http://www.proconceptsllc.com/risk-radar-enterprise.html
Qld,. (2016). Risks of cloud computing | Queensland Government. Business.qld.gov.au.
Retrieved 22 September 2017, from
https://www.business.qld.gov.au/business/running/technology-for-business/cloud-
computing-business/cloud-computing-risks
Retailwire,. (2016). Happiness Is … Bringing Your Own Computer Devices to Work –
RetailWire. Retailwire.com. Retrieved 22 September 2017, from
http://www.retailwire.com/discussion/16188/happiness-is-bringing-your-own-computer-
19
Dey, P. (2008). Risk management in information technology projects. International Journal Of
Risk Assessment And Management, 9(3), 311. http://dx.doi.org/10.1504/ijram.2008.019747
Gessner, D. (2016). Towards a User-Friendly Security-Enhancing BYOD Solution. Retrieved 22
September 2017, from http://in.nec.com/en_IN/images/120324.pdf
Grimes, R. (2016). The 5 cloud risks you have to stop ignoring. InfoWorld. Retrieved 22
September 2017, from http://www.infoworld.com/article/2614369/security/the-5-cloud-
risks-you-have-to-stop-ignoring.html
InformationWeek,. (2016). 9 Worst Cloud Security Threats - InformationWeek.
InformationWeek. Retrieved 22 September 2017, from
http://www.informationweek.com/cloud/infrastructure-as-a-service/9-worst-cloud-security-
threats/d/d-id/1114085?page_number=2
Markovic-Petrovic, J., & Stojanovic, M. (2014). An Improved Risk Assessment Method for
SCADA Information Security. Elektronika Ir Elektrotechnika, 20(7).
http://dx.doi.org/10.5755/j01.eee.20.7.8027
Microsoft,. (2016). Risk Management Process Overview. Technet.microsoft.com. Retrieved 22
September 2017, from https://technet.microsoft.com/en-us/library/cc535304.aspx
Newton, P. (2015). Managing Project Risks. Retrieved 3 September 2017, from http://www.free-
management-ebooks.com/dldebk-pdf/fme-project-risk.pdf
Proconceptsllc,. (2016). Risk Radar® Enterprise, Risk Management Software | Pro-Concepts
LLC. Proconceptsllc.com. Retrieved 22 September 2017, from
http://www.proconceptsllc.com/risk-radar-enterprise.html
Qld,. (2016). Risks of cloud computing | Queensland Government. Business.qld.gov.au.
Retrieved 22 September 2017, from
https://www.business.qld.gov.au/business/running/technology-for-business/cloud-
computing-business/cloud-computing-risks
Retailwire,. (2016). Happiness Is … Bringing Your Own Computer Devices to Work –
RetailWire. Retailwire.com. Retrieved 22 September 2017, from
http://www.retailwire.com/discussion/16188/happiness-is-bringing-your-own-computer-
19
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT Risk Management at Aztek
devices-to-work
Scu,. (2016). The Risk Management Process - Risk Management - SCU. Scu.edu.au. Retrieved
22 September 2017, from http://scu.edu.au/risk_management/index.php/8/
Stoneburner, G. (2002). Risk Management Guide for Information Technology Systems. Retrieved
3 September 2017, from
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/
nist800-30.pdf
Test-institute,. (2016). What Is Software Risk And Software Risk Management? - International
Software Test Institute. Test-institute.org. Retrieved 22 September 2017, from
http://www.test-institute.org/What_Is_Software_Risk_And_Software_Risk_Management.p
hp
Trendmicro,. (2016). BYOD - Consumerization of IT & Mobility - Trend Micro USA.
Trendmicro.com. Retrieved 22 September 2017, from
http://www.trendmicro.com/us/enterprise/challenges/it-consumerization/
Uasask. (2017). IT Risk Management Procedure. Retrieved 3 September 2017, from
https://www.usask.ca/ict/documents/IT%20Risk%20Management%20Procedure.pdf
Vila, S. (2012). Risk Management Model in ITIL. Retrieved 3 September 2017, from
https://fenix.tecnico.ulisboa.pt/downloadFile/395144242579/Risk%20management%20on%
20
devices-to-work
Scu,. (2016). The Risk Management Process - Risk Management - SCU. Scu.edu.au. Retrieved
22 September 2017, from http://scu.edu.au/risk_management/index.php/8/
Stoneburner, G. (2002). Risk Management Guide for Information Technology Systems. Retrieved
3 September 2017, from
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/
nist800-30.pdf
Test-institute,. (2016). What Is Software Risk And Software Risk Management? - International
Software Test Institute. Test-institute.org. Retrieved 22 September 2017, from
http://www.test-institute.org/What_Is_Software_Risk_And_Software_Risk_Management.p
hp
Trendmicro,. (2016). BYOD - Consumerization of IT & Mobility - Trend Micro USA.
Trendmicro.com. Retrieved 22 September 2017, from
http://www.trendmicro.com/us/enterprise/challenges/it-consumerization/
Uasask. (2017). IT Risk Management Procedure. Retrieved 3 September 2017, from
https://www.usask.ca/ict/documents/IT%20Risk%20Management%20Procedure.pdf
Vila, S. (2012). Risk Management Model in ITIL. Retrieved 3 September 2017, from
https://fenix.tecnico.ulisboa.pt/downloadFile/395144242579/Risk%20management%20on%
20
1 out of 20
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.