logo

Aztek IT Risk Assessment Case Study September 26 2017 Aztek Financial Services

   

Added on  2019-11-14

17 Pages5482 Words245 Views
1IT RiskAssessmentCase StudyAztek

IT Risk Management for AztekTable of ContentsFinancial Services Review.....................................................................................................................5Security Posture of Aztek......................................................................................................................6Securing Devices and Information.....................................................................................................7Addressing the Application specific Risks........................................................................................8Risk Assessment....................................................................................................................................8TVA Analysis....................................................................................................................................9Countermeasures & Security Programs...........................................................................................10Data Security.......................................................................................................................................12Data Classification & Security Analysis..........................................................................................13Conclusion...........................................................................................................................................14References...........................................................................................................................................162

IT Risk Management for AztekExecutive SummaryThe report has been prepared to carry out IT risk assessment for Aztek which is a finance companyfrom Australia. The finance review and security posture for the organization has been covered in thereport in association with a new concept that the company will implement in association with theBring You Own Device (BYOD) scheme. The challenges associated with this scheme and the securityrisks that may emerge have been covered. The initial section of the report will focus upon the government policies and regulations that may havean impact on the decision of the organization to allow the employees to bring their devices in office.The report covers the acts and standards, such as NSW Act along with the Workplace Privacy Act2011 in association with the BYOD scheme. The next section of the report will cover the various forms of security threats and vulnerabilities thatemerge along with the data security issues with the decision to implement the BYOD scheme. ACybersecurity framework has been used for the purpose of risk assessment so that the core functionsare explored and the security controls are highlighted for each of these categories. The strategies associated with the protection of the data have been covered from the point of view ofseveral data classification schemes along with the associated measures that can be used for thesecurity of the data. Findings & RecommendationsThe BYOD project has been analyzed from various aspects to understand its feasibility and utility toAztek. Aztek has a large network of employees, customers, partners, vendors and stakeholders. The primarygoal of the organization is to enhance its customer base by providing better, accurate and securefinancial services along with the enhancements of revenues. BYOD will allow the use of employee-owned devices which will lead to better productivity of the employees and will assist in theachievement of the goals. The project is feasible from the organizational point of view. The operations that will be carried out by the employees will be tracked and monitored using remotetracking and management. The employees will also be able to access the organizational tools andapplications from their homes and outside of office premises to gain hands-on on the applications.This will lead to lesser occurrence of operational mistakes. The BYOD scheme will therefore befeasible from the operational point of view. 3

IT Risk Management for AztekTechnical tools and applications that are being used by the organization are compatible with most ofthe recent and widely used operating systems. These tools will be easily integrated with the devices ofthe employees. Also, the security department will install the necessary technical controls andapplications for enhancing the security of the device. The project is feasible from the technical pointof view. There are no laws or regulations created by the Australian Government regarding the prevention ofemployee-owned devices in the offices. There are specific rules to financial industry that will beadhered during the project along with information privacy laws. The project is feasible from thepolitical point of view as well. There are many risks that have been identified from the security aspect in association with the BYODscheme. These risks may emerge as the potential disadvantages for the project. However, it is possibleto put a check on these risks and avoid them by using correct set of methods, plans, policies andcontrols. There will be many advantages that will be offered with the implementation of BYOD in theorganization. The first advantage would be in the form of reduced costs. The costs associated with theprocurement of the devices, maintenance of the devices, infrastructural and operations costs will bereduced. The employees will be allowed to access most of the organizational tools and applicationsfrom any of the remote location which would enhance their operational excellence leading to betterproductivity and efficiency levels. The customers will also be satisfied as their demands will be metand the quality of services will also improve. This would lead to better revenues and market shares aswell. 4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Report on IT Risk Management for Aztek
|17
|4994
|31

Aztek Risk Management & Assessment
|18
|5082
|30

Aztek: Risk Management & Assessment
|18
|4841
|31

ITC596 - IT Risk Management - Case study of Aztek company
|18
|4571
|103

IT Risk Assessment Aztek | Case Study
|16
|5483
|42

Aztek: IT Risk Management Bring Your Own Devices (BYOD)
|20
|5080
|285