IT Risk Management for SMEs
VerifiedAdded on  2020/04/01
|21
|5513
|36
AI Summary
This assignment delves into the critical topic of IT risk management within the context of Small and Medium-sized Enterprises (SMEs). It examines various aspects of information security, including risk assessment methodologies, control strategies, and best practices for implementing robust security measures in SMEs. The assignment likely draws upon relevant literature and frameworks to provide a comprehensive understanding of IT risk management challenges and solutions specific to this business sector.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author’s note
IT Risk Management
Name of the Student
Name of the University
Author’s note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1IT RISK MANAGEMENT
Executive Summary
The report is primarily based on Aztek and the IT services they are adapting to facilitate their
core business activities and to outsource their services to third-party company. The facilities
that the IT services can offer are huge, although there are certain risks, threats and
vulnerabilities associated with it. The report has broadly discussed the threats and the
vulnerabilities and also along with that the security measures and the control measures have
been elaborated in details. A security framework model must be initiated as this model can
improve the security of their system and the database and will help to run their business. The
IT services can certainly embellish their company growth and so the management team of
Aztek must act responsibly and must focus on to secure the system and the database.
Executive Summary
The report is primarily based on Aztek and the IT services they are adapting to facilitate their
core business activities and to outsource their services to third-party company. The facilities
that the IT services can offer are huge, although there are certain risks, threats and
vulnerabilities associated with it. The report has broadly discussed the threats and the
vulnerabilities and also along with that the security measures and the control measures have
been elaborated in details. A security framework model must be initiated as this model can
improve the security of their system and the database and will help to run their business. The
IT services can certainly embellish their company growth and so the management team of
Aztek must act responsibly and must focus on to secure the system and the database.
2IT RISK MANAGEMENT
Table of Contents
Introduction....................................................................................................................3
Review in regards to the financial services....................................................................3
Government regulations.................................................................................................6
Best practices.................................................................................................................6
Review of project along with the current security measures.........................................7
Analysing threats, vulnerabilities and the final outcome...............................................7
Security measures to check the threats associated with Aztek....................................13
Conclusion....................................................................................................................15
References....................................................................................................................17
Table of Contents
Introduction....................................................................................................................3
Review in regards to the financial services....................................................................3
Government regulations.................................................................................................6
Best practices.................................................................................................................6
Review of project along with the current security measures.........................................7
Analysing threats, vulnerabilities and the final outcome...............................................7
Security measures to check the threats associated with Aztek....................................13
Conclusion....................................................................................................................15
References....................................................................................................................17
3IT RISK MANAGEMENT
Introduction
Aztek has decided to shift to the cloud and they are hoping to shift to the IT can be a
blessing for them, the IT services can offer the facilities that can help them to enrich their
business activities, the IT services can help them to outsource their services to third-party
company and can be largely benefitted, however, they should be mindful of all the risks
associated with the IT services (Lam, 2014).
The report will focus on financial risks, the threats and the vulnerabilities associated
with the IT services. The report will highlight the security or the control measures that they
should adopt to conduct their business operations in a better way.
Review in regards to the financial services
The risks associated with the financial services are-
The systematic risks
The systematic risks are the risks over which the organisation has no control. The
risks generally occur due to some external aspects and the effect is felt throughout the
company and throughout the industry. The risks involve war, political events or any other
recession, even the interest rates are also considered as well (Wu & Olson, 2015). The
aforesaid risks are classified as a market risk, Interest Rate Risk and the purchasing power
risk.
The Unsystematic risks
The risks are termed as a diversified risk; the risk is carried out within the enterprise.
The risk effect is considerably lesser and generally affects an enterprise’s resources. The
enterprise assesses the risk and they themselves solve the issues or the risks within. The
operational risk, liquidity risk, financial risks are the risks described over here (McNeil, Frey
Introduction
Aztek has decided to shift to the cloud and they are hoping to shift to the IT can be a
blessing for them, the IT services can offer the facilities that can help them to enrich their
business activities, the IT services can help them to outsource their services to third-party
company and can be largely benefitted, however, they should be mindful of all the risks
associated with the IT services (Lam, 2014).
The report will focus on financial risks, the threats and the vulnerabilities associated
with the IT services. The report will highlight the security or the control measures that they
should adopt to conduct their business operations in a better way.
Review in regards to the financial services
The risks associated with the financial services are-
The systematic risks
The systematic risks are the risks over which the organisation has no control. The
risks generally occur due to some external aspects and the effect is felt throughout the
company and throughout the industry. The risks involve war, political events or any other
recession, even the interest rates are also considered as well (Wu & Olson, 2015). The
aforesaid risks are classified as a market risk, Interest Rate Risk and the purchasing power
risk.
The Unsystematic risks
The risks are termed as a diversified risk; the risk is carried out within the enterprise.
The risk effect is considerably lesser and generally affects an enterprise’s resources. The
enterprise assesses the risk and they themselves solve the issues or the risks within. The
operational risk, liquidity risk, financial risks are the risks described over here (McNeil, Frey
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4IT RISK MANAGEMENT
& Embrechts, 2015). The examples of unsystematic risks are liquidity risk, operational risk
factor and the business risk.
Relevant risk
The relevant risk consists of the both systematic risk and unsystematic risk. The
systematic risk is not taken into consideration as relevant risk as the risk cannot be controlled.
The unsystematic risk is taken into consideration as the relevant risk as the risk can be
assessed and can be controlled (Chance & Brooks, 2015). The financial risks involved are
solvency risk, strategic risk, liquidity risk, counterparty risk, regulatory risk and the legal risk.
Strategic risk
The strategic risks occur when any organisation takes any wrong decision and use
their company resources in wrong way. The faulty business plan can be the reason for the
failure of projects, the company can even face losses due to the business tactical mistake or
the strategy mistake.
Market risk
The market risk occurs when the prices of a particular resource augment in the market
(Lam, 2014). The price of the market products can increase due to interest rate risk, financial
market risks and the equity risk.
Credit risk
The credit risk occurs when the borrower becomes unsuccessful in repaying the loan,
in other scenarios the lenders who lend money is unsuccessful to detect whether the borrower
is capable to repay the money back or not.
& Embrechts, 2015). The examples of unsystematic risks are liquidity risk, operational risk
factor and the business risk.
Relevant risk
The relevant risk consists of the both systematic risk and unsystematic risk. The
systematic risk is not taken into consideration as relevant risk as the risk cannot be controlled.
The unsystematic risk is taken into consideration as the relevant risk as the risk can be
assessed and can be controlled (Chance & Brooks, 2015). The financial risks involved are
solvency risk, strategic risk, liquidity risk, counterparty risk, regulatory risk and the legal risk.
Strategic risk
The strategic risks occur when any organisation takes any wrong decision and use
their company resources in wrong way. The faulty business plan can be the reason for the
failure of projects, the company can even face losses due to the business tactical mistake or
the strategy mistake.
Market risk
The market risk occurs when the prices of a particular resource augment in the market
(Lam, 2014). The price of the market products can increase due to interest rate risk, financial
market risks and the equity risk.
Credit risk
The credit risk occurs when the borrower becomes unsuccessful in repaying the loan,
in other scenarios the lenders who lend money is unsuccessful to detect whether the borrower
is capable to repay the money back or not.
5IT RISK MANAGEMENT
The legal compliance is necessary to consider in Australia and this assists in taking up
the best strategy which can significantly furnish the business activities. There are external
risks factors associated with political factors too which can affect the company's performance
(Chance & Brooks, 2015). These factors need to be detected and based on that the external
factors must be assessed in an effective manner. The carrying out of business operations
effectively can diminish the risk occurrence within the company.
Internal risks are related to different factors like -
ď‚· The communication procedure
ď‚· Following of transparent procedure
In the given scenario, Aztek must adopt the best possible strategy to communicate
with the outsourced company; the strategy must be taken in a way such that the risk incurred
can be diminished. In some scenarios, the enterprise can decide to train the employees of the
enterprise to adopt the best strategy such that the company does not face such kind of loss.
The strategies have been taken to enhance the quality of the customer experience and the
customer service. Aztek must be careful if any mishaps occur within the company then the
whole reputation can be under threats and thus the reputation of Aztek will be threatened.
Aztek being adopting the IT services must be aware of all the IT threats, vulnerabilities and
the security measures (Bromiley et al., 2015). The security measures can assist Aztek to
conduct the business activities in a more secure manner and Aztek can gain profit as a result
of this.
Government regulations
The federal body of Australia has imposed certain rules and every individual
including the enterprises must follow the rules imposed. The strict rules and regulations can
The legal compliance is necessary to consider in Australia and this assists in taking up
the best strategy which can significantly furnish the business activities. There are external
risks factors associated with political factors too which can affect the company's performance
(Chance & Brooks, 2015). These factors need to be detected and based on that the external
factors must be assessed in an effective manner. The carrying out of business operations
effectively can diminish the risk occurrence within the company.
Internal risks are related to different factors like -
ď‚· The communication procedure
ď‚· Following of transparent procedure
In the given scenario, Aztek must adopt the best possible strategy to communicate
with the outsourced company; the strategy must be taken in a way such that the risk incurred
can be diminished. In some scenarios, the enterprise can decide to train the employees of the
enterprise to adopt the best strategy such that the company does not face such kind of loss.
The strategies have been taken to enhance the quality of the customer experience and the
customer service. Aztek must be careful if any mishaps occur within the company then the
whole reputation can be under threats and thus the reputation of Aztek will be threatened.
Aztek being adopting the IT services must be aware of all the IT threats, vulnerabilities and
the security measures (Bromiley et al., 2015). The security measures can assist Aztek to
conduct the business activities in a more secure manner and Aztek can gain profit as a result
of this.
Government regulations
The federal body of Australia has imposed certain rules and every individual
including the enterprises must follow the rules imposed. The strict rules and regulations can
6IT RISK MANAGEMENT
assist the enterprises to conduct the business operations efficiently and ethically. The
regulations will help the managers of Aztek to learn about the issues which are faced by the
employees and proper rules and regulations can help to mitigate those risks within. It is the
duty of the management to detect whether everything is going on the basis of regulations of
the company or not (Sadgrove, 2016). It is also the responsibility of the finance team to
monitor the finance section within the company premises and also look for opportunities to
increase the profit of the company. Therefore, certain policies must be taken into
consideration before proceeding –
i. The rules and regulations must be in accordance with the financial sections and those
policies must be properly undertaken and must be applied effectively in financial sections.
ii. The threats and the risk must be properly evaluated and for this reason, the financial
market and the market of the employees must be carefully examined. This evaluation can
protect the company from losses (Bolton, Chen & Wang, 2013). Also, the tasks undertaken
must be kept in digital format as well as in written format.
iii. Aztek must follow the government’s policies and must accordingly. Only by this
procedure, they can safeguard their companies from huge losses.
Best practices
Aztek must have a proper risk management plan. Only the effective plan can help
them to conduct business activities in agile and effective manner. The issues Aztek face must
be well taken care of and if possible must be communicated with the stakeholders to find out
a suitable solution to those issues faced. In this way, a healthy relationship can be developed
between investors and the stakeholders (Ali, Warren, & Mathiassen, 2017). The report has
also highlighted the advantages and the disadvantages the practices of Aztek can bring in.
assist the enterprises to conduct the business operations efficiently and ethically. The
regulations will help the managers of Aztek to learn about the issues which are faced by the
employees and proper rules and regulations can help to mitigate those risks within. It is the
duty of the management to detect whether everything is going on the basis of regulations of
the company or not (Sadgrove, 2016). It is also the responsibility of the finance team to
monitor the finance section within the company premises and also look for opportunities to
increase the profit of the company. Therefore, certain policies must be taken into
consideration before proceeding –
i. The rules and regulations must be in accordance with the financial sections and those
policies must be properly undertaken and must be applied effectively in financial sections.
ii. The threats and the risk must be properly evaluated and for this reason, the financial
market and the market of the employees must be carefully examined. This evaluation can
protect the company from losses (Bolton, Chen & Wang, 2013). Also, the tasks undertaken
must be kept in digital format as well as in written format.
iii. Aztek must follow the government’s policies and must accordingly. Only by this
procedure, they can safeguard their companies from huge losses.
Best practices
Aztek must have a proper risk management plan. Only the effective plan can help
them to conduct business activities in agile and effective manner. The issues Aztek face must
be well taken care of and if possible must be communicated with the stakeholders to find out
a suitable solution to those issues faced. In this way, a healthy relationship can be developed
between investors and the stakeholders (Ali, Warren, & Mathiassen, 2017). The report has
also highlighted the advantages and the disadvantages the practices of Aztek can bring in.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IT RISK MANAGEMENT
Review of project along with the current security measures
The report has been prepared by Aztek company. Both the benefits and the
disadvantages correlated with IT services carried out by Aztek have been discussed in the
report (Ali, Warren, & Mathiassen, 2017). The IT services that Aztek conducts in their
premises are network implementation, implementation of software and implementation of a
proper management system for the desktop.
Analysing threats, vulnerabilities and the final outcome
Aztek must take efficient decisions to conduct the business activities and also to
outsource IT services. Thus they must a threat model to identify the potential risks and the
threats that can create loopholes in Aztek. Aztek must find out the best solution to safeguard
their business activities. Aztek must take into consideration the threats and the risk intensely
otherwise there is a possibility Aztek can get in serious trouble. Aztek provides financial
benefits to its customers so it is their duty to store the customers' data in the database safely
and securely. Thus they must consider the security measures via which they can protect the
confidential information.
The IT service that Aztek work on must be carried on in a safe and secure manner,
otherwise there is a chance that the Aztek can face huge losses and there is a possibility their
reputation gets endangered (Ali, Warren, & Mathiassen, 2017). That is why Aztek must
cooperate and coordinate and should work on as per the outsourced organisations’ demands.
This can certainly check the negative impact of the company.
Strategies to detect security goals- The risks associated with database storage has
been showcased in the report. This initiative can assist Aztek to take the correct decision to
implement the best policy and by this method, the information can be stored efficiently.
Review of project along with the current security measures
The report has been prepared by Aztek company. Both the benefits and the
disadvantages correlated with IT services carried out by Aztek have been discussed in the
report (Ali, Warren, & Mathiassen, 2017). The IT services that Aztek conducts in their
premises are network implementation, implementation of software and implementation of a
proper management system for the desktop.
Analysing threats, vulnerabilities and the final outcome
Aztek must take efficient decisions to conduct the business activities and also to
outsource IT services. Thus they must a threat model to identify the potential risks and the
threats that can create loopholes in Aztek. Aztek must find out the best solution to safeguard
their business activities. Aztek must take into consideration the threats and the risk intensely
otherwise there is a possibility Aztek can get in serious trouble. Aztek provides financial
benefits to its customers so it is their duty to store the customers' data in the database safely
and securely. Thus they must consider the security measures via which they can protect the
confidential information.
The IT service that Aztek work on must be carried on in a safe and secure manner,
otherwise there is a chance that the Aztek can face huge losses and there is a possibility their
reputation gets endangered (Ali, Warren, & Mathiassen, 2017). That is why Aztek must
cooperate and coordinate and should work on as per the outsourced organisations’ demands.
This can certainly check the negative impact of the company.
Strategies to detect security goals- The risks associated with database storage has
been showcased in the report. This initiative can assist Aztek to take the correct decision to
implement the best policy and by this method, the information can be stored efficiently.
8IT RISK MANAGEMENT
Assess the application- The requirements and the demand for each company are
different. Aztek, for this reason, must choose software applications wisely. Ztek should assess
the risks associated with that application (Choo, 2014). The risk assessment will help them to
furnish the business goals; also it helps Aztek’s management team to take the appropriate
decision to take the best decision to safeguard their clients’ sensitive data.
Identification of threats
Phishing attacks- The attack involves hacking of one’s confidential data and account
credentials. The intruders copy the HTML code of Aztek and develop a website, a replica of
Aztek website. The Aztek clients being unaware of the fact can gain access to the fake
website by giving credentials. The intruders getting the credentials can steal the vital
information of the clients (Islam et al., 2016). This attack is also carried out by them via
emails. The attackers send emails to the clients providing them with the links, the clients
upon clicking the link got directed to the fake website, in this way their sensitive data can get
breached.
Data Packet Sniffing- The hacktivist can take advantage of the insecure network, can
hack it and can take control over the data flow, in this way the clients’ personal data can get
breached by the intruders’ attack.
IP spoofing-The hacktivist can change the source of data flow thus one cannot trace
the source of attack (Rittinghouse & Ransome, 2016). Aztek's system if getting compromised
Aztek can only identify the malicious data flow but can be unsuccessful to detect the source
of the attack.
Assess the application- The requirements and the demand for each company are
different. Aztek, for this reason, must choose software applications wisely. Ztek should assess
the risks associated with that application (Choo, 2014). The risk assessment will help them to
furnish the business goals; also it helps Aztek’s management team to take the appropriate
decision to take the best decision to safeguard their clients’ sensitive data.
Identification of threats
Phishing attacks- The attack involves hacking of one’s confidential data and account
credentials. The intruders copy the HTML code of Aztek and develop a website, a replica of
Aztek website. The Aztek clients being unaware of the fact can gain access to the fake
website by giving credentials. The intruders getting the credentials can steal the vital
information of the clients (Islam et al., 2016). This attack is also carried out by them via
emails. The attackers send emails to the clients providing them with the links, the clients
upon clicking the link got directed to the fake website, in this way their sensitive data can get
breached.
Data Packet Sniffing- The hacktivist can take advantage of the insecure network, can
hack it and can take control over the data flow, in this way the clients’ personal data can get
breached by the intruders’ attack.
IP spoofing-The hacktivist can change the source of data flow thus one cannot trace
the source of attack (Rittinghouse & Ransome, 2016). Aztek's system if getting compromised
Aztek can only identify the malicious data flow but can be unsuccessful to detect the source
of the attack.
9IT RISK MANAGEMENT
Port Scanning- The port scanning is the technique by which the activists trace or
identify the service which Aztek is using in the cloud system, thus can implant a virus on the
system and can make their system vulnerable to attack.
Backdoors- The web developers create backdoors for applications while building a
software application or website and via this backdoor, the developers keep an eye on the code
executed (Albakri et al., 2014). Similarly, in case of Aztek site there are backdoors which can
be a threat to the organisation, thus the developers must take the initiative and remove the
backdoor so that the hackers do not get any kind of scope to attack the system.
Identification of vulnerabilities
i. Predictable session identifiers- Base 64 usage can let the hackers to recognise the
session identifiers, they also reverse engineered the algorithms and modify it and carry on
their malicious activities.
ii. Dependence on client-side validation- The browser history and settings can get
hijacked and with that the Javascript stored in the database gets disabled and thus, the privacy
and security of the system and the database can get endangered.
iii. SQL injection- Another noteworthy threat is SQL injection. The hackers can gain
the credentials of the clients exploiting the account of the clients.
iv. Unauthorised execution of operations- The authentication can be severely
violated due to the attack of the hacktivists and Aztek can face the disaster (Albakri et al.,
2014).
v. Cross-site scripting- The browser cookies can get stolen from the browsers by the
hackers and make it exploitable to attack (Peltier, 2016). The hacktivist who have the
Port Scanning- The port scanning is the technique by which the activists trace or
identify the service which Aztek is using in the cloud system, thus can implant a virus on the
system and can make their system vulnerable to attack.
Backdoors- The web developers create backdoors for applications while building a
software application or website and via this backdoor, the developers keep an eye on the code
executed (Albakri et al., 2014). Similarly, in case of Aztek site there are backdoors which can
be a threat to the organisation, thus the developers must take the initiative and remove the
backdoor so that the hackers do not get any kind of scope to attack the system.
Identification of vulnerabilities
i. Predictable session identifiers- Base 64 usage can let the hackers to recognise the
session identifiers, they also reverse engineered the algorithms and modify it and carry on
their malicious activities.
ii. Dependence on client-side validation- The browser history and settings can get
hijacked and with that the Javascript stored in the database gets disabled and thus, the privacy
and security of the system and the database can get endangered.
iii. SQL injection- Another noteworthy threat is SQL injection. The hackers can gain
the credentials of the clients exploiting the account of the clients.
iv. Unauthorised execution of operations- The authentication can be severely
violated due to the attack of the hacktivists and Aztek can face the disaster (Albakri et al.,
2014).
v. Cross-site scripting- The browser cookies can get stolen from the browsers by the
hackers and make it exploitable to attack (Peltier, 2016). The hacktivist who have the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10IT RISK MANAGEMENT
knowledge of CSS, web scripting language and HTML can expose any Aztek’s client
website.
vi. Issues related to uploading- The Aztek system applications and the database can
be under serious threat due to the malware attack. The hackers via XSS and the Trojans can
exploit the system and the database.
vii. Issues related to logging out- The clients sometimes feel too lazy to log out of the
system, the attackers can gain into the Aztek account via an insecure network and can rob the
important data of the database, thus the clients' data can get breached (Sennewald & Baillie,
2015).
viii. Passwords- The clients sometimes set very easy predictable passwords for their
system which can be guessable and thus the system becomes vulnerable to attack. The lazy
approach from the clients can prove dangerous (Rittinghouse & Ransome, 2016). The hackers
via brute force method can gain access to the system and expose the vulnerabilities residing
within the database and the system of Aztek.
ix. The unencrypted passwords- The clients unknowingly store passwords in their
system as they tend to forget the password. The attackers attack the system via virus and
malware and Trojan virus and acquire those files where the password is written. Also, the
hackers search for the hidden files in the system where the password is saved in unencrypted
form.
x. Phishing attack- The phishing attack is another noteworthy mention which is a
disastrous one, the hackers send spam emails to the clients of Aztek claiming that they are
sending emails from Aztek (Almorsy et al., 2016). The clients can unknowingly enter those
knowledge of CSS, web scripting language and HTML can expose any Aztek’s client
website.
vi. Issues related to uploading- The Aztek system applications and the database can
be under serious threat due to the malware attack. The hackers via XSS and the Trojans can
exploit the system and the database.
vii. Issues related to logging out- The clients sometimes feel too lazy to log out of the
system, the attackers can gain into the Aztek account via an insecure network and can rob the
important data of the database, thus the clients' data can get breached (Sennewald & Baillie,
2015).
viii. Passwords- The clients sometimes set very easy predictable passwords for their
system which can be guessable and thus the system becomes vulnerable to attack. The lazy
approach from the clients can prove dangerous (Rittinghouse & Ransome, 2016). The hackers
via brute force method can gain access to the system and expose the vulnerabilities residing
within the database and the system of Aztek.
ix. The unencrypted passwords- The clients unknowingly store passwords in their
system as they tend to forget the password. The attackers attack the system via virus and
malware and Trojan virus and acquire those files where the password is written. Also, the
hackers search for the hidden files in the system where the password is saved in unencrypted
form.
x. Phishing attack- The phishing attack is another noteworthy mention which is a
disastrous one, the hackers send spam emails to the clients of Aztek claiming that they are
sending emails from Aztek (Almorsy et al., 2016). The clients can unknowingly enter those
11IT RISK MANAGEMENT
malicious sites and thus can lose confidentiality and lose all the credentials and can even lose
all the sensitive data.
xi. The absence of account lockout- The account lockout absenteeism can lead to
cybercrime attack.
xii. Not showing the previous sessions- The innocent clients unknowingly can enter
their personal information again and again and thus risks their own privacy. In this way by
catering the username, password the clients can get into trouble and their confidential data
can get breached (Ahmad & Maynard, 2014).
xiii. No appropriate settings for cookie security: The hackers can develop a channel
for Aztek clients and the server and via this channel, the browser cookies get transmitted
(Siponen Mahmood & Pahnila, 2014). The hackers first exploit the system and gain access to
those browser cookies and this way threats can spread all over Aztek.
xiv. Weak cyphers- The attackers can expose the system and the database and can
record what is being transacted and in this way, the SSL key is cracked the intruders get into
the system.
The management team of Aztek should take effective decision to mitigate the risks
related to financing and the IT services. The executive should act in a proactive manner. They
also should have sound knowledge on the security and the control measures via which the
information security system can be greatly embellished. They must follow the federal body's
rules and policies as that can give them the option to run the business activities more securely
and ethically and effectively. They must take up the code of practice that is based on ISO
strategy and they can gain huge benefits by this methodology (Chen et al., 2013). The risks
residing within the Aztek premises can be checked to a greater extent with the help of this
malicious sites and thus can lose confidentiality and lose all the credentials and can even lose
all the sensitive data.
xi. The absence of account lockout- The account lockout absenteeism can lead to
cybercrime attack.
xii. Not showing the previous sessions- The innocent clients unknowingly can enter
their personal information again and again and thus risks their own privacy. In this way by
catering the username, password the clients can get into trouble and their confidential data
can get breached (Ahmad & Maynard, 2014).
xiii. No appropriate settings for cookie security: The hackers can develop a channel
for Aztek clients and the server and via this channel, the browser cookies get transmitted
(Siponen Mahmood & Pahnila, 2014). The hackers first exploit the system and gain access to
those browser cookies and this way threats can spread all over Aztek.
xiv. Weak cyphers- The attackers can expose the system and the database and can
record what is being transacted and in this way, the SSL key is cracked the intruders get into
the system.
The management team of Aztek should take effective decision to mitigate the risks
related to financing and the IT services. The executive should act in a proactive manner. They
also should have sound knowledge on the security and the control measures via which the
information security system can be greatly embellished. They must follow the federal body's
rules and policies as that can give them the option to run the business activities more securely
and ethically and effectively. They must take up the code of practice that is based on ISO
strategy and they can gain huge benefits by this methodology (Chen et al., 2013). The risks
residing within the Aztek premises can be checked to a greater extent with the help of this
12IT RISK MANAGEMENT
method. For this reason, they must adopt the control measures and should follow the
guidelines effectively to make the required changes to enhance the quality of IT services.
Aztek can enjoy the cloud technology and this can cater Aztek with the best services
that they can get. The cloud technology can help them to communicate with the clients
throughout day and night. Also, the cloud technology can make their business procedures fast
and effective. However, they should be mindful of the problems related to cloud computing.
All they need is fast bandwidth and fast and secure network connectivity to carry out their
business activities (Sawik, 2013). The below factors must be considered while carrying out
the business activities and they are-
i. Issues which is related to integrity
ii. Company trust
iii. The transparency that to be followed by Aztek and third party outsourced companies
iv. Confidentiality
v. Use of the features available for IT services
vi. Availability of the options
The above factors suggest that Aztek must take up the effective decision strategy to
carry out their business. The effective decision strategy can also help them to fight with the
system and the database loopholes or vulnerabilities (Pascoal, 2012). The outsourced tasks
can be largely benefitted due to the methodology and decision they adopted.
For this reason, to get the maximum productivity and the advantages, Aztek must take
up the effective service level agreement (Dotcenko, Vladyko & Letenko, 2014). The
approach can help them to overcome the barriers and can help them in the long run.
method. For this reason, they must adopt the control measures and should follow the
guidelines effectively to make the required changes to enhance the quality of IT services.
Aztek can enjoy the cloud technology and this can cater Aztek with the best services
that they can get. The cloud technology can help them to communicate with the clients
throughout day and night. Also, the cloud technology can make their business procedures fast
and effective. However, they should be mindful of the problems related to cloud computing.
All they need is fast bandwidth and fast and secure network connectivity to carry out their
business activities (Sawik, 2013). The below factors must be considered while carrying out
the business activities and they are-
i. Issues which is related to integrity
ii. Company trust
iii. The transparency that to be followed by Aztek and third party outsourced companies
iv. Confidentiality
v. Use of the features available for IT services
vi. Availability of the options
The above factors suggest that Aztek must take up the effective decision strategy to
carry out their business. The effective decision strategy can also help them to fight with the
system and the database loopholes or vulnerabilities (Pascoal, 2012). The outsourced tasks
can be largely benefitted due to the methodology and decision they adopted.
For this reason, to get the maximum productivity and the advantages, Aztek must take
up the effective service level agreement (Dotcenko, Vladyko & Letenko, 2014). The
approach can help them to overcome the barriers and can help them in the long run.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13IT RISK MANAGEMENT
Security measures to check the threats associated with Aztek
i. Managing an accurate inventory of control system devices: Aztek should not
allow their computer nodes to stay connected with any kind of wired or wireless network
partly if gets connected to any sort of network partly then the hackers will get the opportunity
to grasp over the insecure network (Kimwele, 2014). Therefore, Aztek must keep an eye on
the system nodes whether they are connected as a whole and should check whether they are
partly connected or not, otherwise via those loopholes the hackers can enter the system.
ii. Developing network boundaries: The network boundaries are there to assure
security to the system and the database and to detect any defects within the security
framework model (Fenz et al., 2014). These are the controls that are used to filter out the
inbound and outbound traffic. The firewall is network boundary equipment and is used to
check the malicious data flow and in this way, the network must be governed.
iii. Using Secure Remote Access methods: Aztek should use the Virtual Private
Network as they are known to cater the secure channel via which they can carry on their
business operations. The Aztek clients can conduct all the financial activities in a safe and
secure manner, they can also protect and safeguard their system due to this secure channel
(Crossler et al., 2013). Aztek can safely use the printers and websites connecting to the
Internet due to this secured channel.
iv. Establishment of role-based access controls: The clients should be given certain
permission to use the database and system and that should not exceed. The employees should
also be given the permission to access the database according to their job role. In this way,
the hackers' entry can be checked to an extent. Thus Aztek can carry out their business
activities in a secure manner (AlHogail et al., 2015). This initiative also let us know that the
Security measures to check the threats associated with Aztek
i. Managing an accurate inventory of control system devices: Aztek should not
allow their computer nodes to stay connected with any kind of wired or wireless network
partly if gets connected to any sort of network partly then the hackers will get the opportunity
to grasp over the insecure network (Kimwele, 2014). Therefore, Aztek must keep an eye on
the system nodes whether they are connected as a whole and should check whether they are
partly connected or not, otherwise via those loopholes the hackers can enter the system.
ii. Developing network boundaries: The network boundaries are there to assure
security to the system and the database and to detect any defects within the security
framework model (Fenz et al., 2014). These are the controls that are used to filter out the
inbound and outbound traffic. The firewall is network boundary equipment and is used to
check the malicious data flow and in this way, the network must be governed.
iii. Using Secure Remote Access methods: Aztek should use the Virtual Private
Network as they are known to cater the secure channel via which they can carry on their
business operations. The Aztek clients can conduct all the financial activities in a safe and
secure manner, they can also protect and safeguard their system due to this secure channel
(Crossler et al., 2013). Aztek can safely use the printers and websites connecting to the
Internet due to this secured channel.
iv. Establishment of role-based access controls: The clients should be given certain
permission to use the database and system and that should not exceed. The employees should
also be given the permission to access the database according to their job role. In this way,
the hackers' entry can be checked to an extent. Thus Aztek can carry out their business
activities in a secure manner (AlHogail et al., 2015). This initiative also let us know that the
14IT RISK MANAGEMENT
malicious activities of the hackers. Aztek can also utilize the logging capabilities and via this
method, Aztek can enhance their security in their office premises.
v. Use of strong passwords: The clients must act in a proactive manner while using
the Aztek system. They must utilize a password which is not predictable, cannot be guessed
easily and cannot be predicted so easily that is why the password which the clients set must
contain at least one big case letter, one small-case letter and one symbol, and the password
must be overall eight digits long. The password set by the clients cannot be anyone’s one
place or anyone’s name (Bell, Ndje & Lele, 2013). Thus setting a strong password they can
assure safety and security of them and also Aztek, otherwise, the weak password can lead to
vulnerabilities like hacking of one's personal data. Thus they all must be careful while
choosing the password for their system.
vi. Installation of antivirus software: Aztek must not deny the positive effect of
antivirus software. Aztek must choose antivirus software wisely otherwise there is a chance
their vital data can get breached. They must know that the antivirus software is capable to
defend that malicious software those try to enter the system. The system can get overall
security due to the approach. They also should use the latest hardware, latest software and the
latest operating system as this can help them to achieve the goals. They also must update their
system and the database regularly along with that they must apply patches (Singh et al.,
2013). Thus it will help them to carry out their business activities in agile and effective
manner. The outdated software and hardware are threats to any system and Aztek is no
exception so they must be careful.
vii. Enforcing policies for mobile devices: The mobile devices must have an antivirus
installed and along with that the clients must use a strong password for the system. This can
malicious activities of the hackers. Aztek can also utilize the logging capabilities and via this
method, Aztek can enhance their security in their office premises.
v. Use of strong passwords: The clients must act in a proactive manner while using
the Aztek system. They must utilize a password which is not predictable, cannot be guessed
easily and cannot be predicted so easily that is why the password which the clients set must
contain at least one big case letter, one small-case letter and one symbol, and the password
must be overall eight digits long. The password set by the clients cannot be anyone’s one
place or anyone’s name (Bell, Ndje & Lele, 2013). Thus setting a strong password they can
assure safety and security of them and also Aztek, otherwise, the weak password can lead to
vulnerabilities like hacking of one's personal data. Thus they all must be careful while
choosing the password for their system.
vi. Installation of antivirus software: Aztek must not deny the positive effect of
antivirus software. Aztek must choose antivirus software wisely otherwise there is a chance
their vital data can get breached. They must know that the antivirus software is capable to
defend that malicious software those try to enter the system. The system can get overall
security due to the approach. They also should use the latest hardware, latest software and the
latest operating system as this can help them to achieve the goals. They also must update their
system and the database regularly along with that they must apply patches (Singh et al.,
2013). Thus it will help them to carry out their business activities in agile and effective
manner. The outdated software and hardware are threats to any system and Aztek is no
exception so they must be careful.
vii. Enforcing policies for mobile devices: The mobile devices must have an antivirus
installed and along with that the clients must use a strong password for the system. This can
15IT RISK MANAGEMENT
save the sensitive information stored in the system by the installation of the aforesaid
approach.
viii. Cybersecurity: The cybersecurity plays an important role to fight with the
hackers. The Aztek employees must know all the security measures as that will help them to
carry out their business operations in safe and secure manner. Any hackers if want to gain
entry to the system they can get to know the vulnerable attack and also about the vulnerable
network (Singh et al., 2013). The cyber security team thus can educate the Aztek employees
to conduct the business activities.
ix. Involving executives: The executives can prove to be beneficial while identifying
any cybersecurity risks erupt within the system; they can also help to connect to the
stakeholders (Bell, Ndje & Lele, 2013). The executives are aware of the cybersecurity threats
thus can provide best solutions to the check the IT risks and also this effective decision can
help them in the long run.
x. Implement a disaster plan beforehand: A disaster management plan must be made
as this can help to effectively run the business and to make best decisions, also the company’s
huge losses can be controlled (Bell, Ndje & Lele, 2013). Like any other organisations, a
disaster plan is an absolute necessity for Aztek too.
Conclusion
It can be concluded from the above discourse that they can get significant benefits if
adopt the IT services and the cloud technology. The cloud technology can help them in their
business in the long run. The cloud technology can assist to cater better IT services thus more
productivity can be expected. This can also help them to build a healthy relationship with
clients. However, they should be mindful of the risks, threats and the vulnerabilities in
save the sensitive information stored in the system by the installation of the aforesaid
approach.
viii. Cybersecurity: The cybersecurity plays an important role to fight with the
hackers. The Aztek employees must know all the security measures as that will help them to
carry out their business operations in safe and secure manner. Any hackers if want to gain
entry to the system they can get to know the vulnerable attack and also about the vulnerable
network (Singh et al., 2013). The cyber security team thus can educate the Aztek employees
to conduct the business activities.
ix. Involving executives: The executives can prove to be beneficial while identifying
any cybersecurity risks erupt within the system; they can also help to connect to the
stakeholders (Bell, Ndje & Lele, 2013). The executives are aware of the cybersecurity threats
thus can provide best solutions to the check the IT risks and also this effective decision can
help them in the long run.
x. Implement a disaster plan beforehand: A disaster management plan must be made
as this can help to effectively run the business and to make best decisions, also the company’s
huge losses can be controlled (Bell, Ndje & Lele, 2013). Like any other organisations, a
disaster plan is an absolute necessity for Aztek too.
Conclusion
It can be concluded from the above discourse that they can get significant benefits if
adopt the IT services and the cloud technology. The cloud technology can help them in their
business in the long run. The cloud technology can assist to cater better IT services thus more
productivity can be expected. This can also help them to build a healthy relationship with
clients. However, they should be mindful of the risks, threats and the vulnerabilities in
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16IT RISK MANAGEMENT
relation to IT services. Therefore, they must adopt the security framework model to secure
the business process. They can abide by the policies to execute their business process
ethically and effectively. The report has highlighted all these aspects in details.
relation to IT services. Therefore, they must adopt the security framework model to secure
the business process. They can abide by the policies to execute their business process
ethically and effectively. The report has highlighted all these aspects in details.
17IT RISK MANAGEMENT
References
Ahmad, A., & Maynard, S. (2014). Teaching information security management: reflections
and experiences. Information Management & Computer Security, 22(5), 513-536.
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and
Communication Networks, 7(11), 2114-2124.
AlHogail, A. (2015). Design and validation of information security culture
framework. Computers in human behavior, 49, 567-575.
Ali, A., Warren, D., & Mathiassen, L. (2017). Cloud-based business services innovation: A
risk management model. International Journal of Information Management, 37(6),
639-649.
Almorsy, M., Grundy, J., & MĂĽller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Bell, B. G., Ndje, Y. J., & Lele, C. (2013). Information systems security management:
optimized model for strategy, organization, operations. American Journal of Control
Systems an Information Technology, (1), 22.
Bolton, P., Chen, H., & Wang, N. (2013). Market timing, investment, and risk
management. Journal of Financial Economics, 109(1), 40-62.
Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing:
Results from a case study of Swiss companies. International journal of information
management, 33(5), 726-733.
References
Ahmad, A., & Maynard, S. (2014). Teaching information security management: reflections
and experiences. Information Management & Computer Security, 22(5), 513-536.
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and
Communication Networks, 7(11), 2114-2124.
AlHogail, A. (2015). Design and validation of information security culture
framework. Computers in human behavior, 49, 567-575.
Ali, A., Warren, D., & Mathiassen, L. (2017). Cloud-based business services innovation: A
risk management model. International Journal of Information Management, 37(6),
639-649.
Almorsy, M., Grundy, J., & MĂĽller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Bell, B. G., Ndje, Y. J., & Lele, C. (2013). Information systems security management:
optimized model for strategy, organization, operations. American Journal of Control
Systems an Information Technology, (1), 22.
Bolton, P., Chen, H., & Wang, N. (2013). Market timing, investment, and risk
management. Journal of Financial Economics, 109(1), 40-62.
Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing:
Results from a case study of Swiss companies. International journal of information
management, 33(5), 726-733.
18IT RISK MANAGEMENT
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4),
265-276.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management.
Cengage Learning.
Chen, Z., Han, F., Cao, J., Jiang, X., & Chen, S. (2013). Cloud computing-based forensic
analysis for collaborative network security management system. Tsinghua science and
technology, 18(1), 40-50.
Choo, K. K. R. (2014). A cloud security risk-management strategy. IEEE Cloud
Computing, 1(2), 52-56.
Cremonini, M. (2016). Cloud Security Risk Management. Cloud Computing Security:
Foundations and Challenges, 87.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R.
(2013). Future directions for behavioral information security research. computers &
security, 32, 90-101.
Dotcenko, S., Vladyko, A., & Letenko, I. (2014, February). A fuzzy logic-based information
security management for software-defined networks. In Advanced Communication
Technology (ICACT), 2014 16th International Conference on (pp. 167-171). IEEE.
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information
security risk management. Information Management & Computer Security, 22(5),
410-430.
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4),
265-276.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management.
Cengage Learning.
Chen, Z., Han, F., Cao, J., Jiang, X., & Chen, S. (2013). Cloud computing-based forensic
analysis for collaborative network security management system. Tsinghua science and
technology, 18(1), 40-50.
Choo, K. K. R. (2014). A cloud security risk-management strategy. IEEE Cloud
Computing, 1(2), 52-56.
Cremonini, M. (2016). Cloud Security Risk Management. Cloud Computing Security:
Foundations and Challenges, 87.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R.
(2013). Future directions for behavioral information security research. computers &
security, 32, 90-101.
Dotcenko, S., Vladyko, A., & Letenko, I. (2014, February). A fuzzy logic-based information
security management for software-defined networks. In Advanced Communication
Technology (ICACT), 2014 16th International Conference on (pp. 167-171). IEEE.
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information
security risk management. Information Management & Computer Security, 22(5),
410-430.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19IT RISK MANAGEMENT
Goldstein, A., & Frank, U. (2016). Components of a multi-perspective modeling method for
designing and managing IT security systems. Information Systems and e-Business
Management, 14(1), 101-140.
Islam, S., Fenz, S., Weippl, E., & Kalloniatis, C. (2016). Migration Goals and Risk
Management in Cloud Computing: A Review of State of the Art and Survey Results
on Practitioners. International Journal of Secure Software Engineering (IJSSE), 7(3),
44-73.
Kimwele, M. W. (2014). Information technology (IT) security in small and medium
enterprises (SMEs). In Information Systems for Small and Medium-sized
Enterprises (pp. 47-64). Springer Berlin Heidelberg.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a
systematic literature review. In Future Information Technology (pp. 285-295).
Springer, Berlin, Heidelberg.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. CRC Press.
Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Goldstein, A., & Frank, U. (2016). Components of a multi-perspective modeling method for
designing and managing IT security systems. Information Systems and e-Business
Management, 14(1), 101-140.
Islam, S., Fenz, S., Weippl, E., & Kalloniatis, C. (2016). Migration Goals and Risk
Management in Cloud Computing: A Review of State of the Art and Survey Results
on Practitioners. International Journal of Secure Software Engineering (IJSSE), 7(3),
44-73.
Kimwele, M. W. (2014). Information technology (IT) security in small and medium
enterprises (SMEs). In Information Systems for Small and Medium-sized
Enterprises (pp. 47-64). Springer Berlin Heidelberg.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a
systematic literature review. In Future Information Technology (pp. 285-295).
Springer, Berlin, Heidelberg.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. CRC Press.
Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
20IT RISK MANAGEMENT
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security
planning. Decision Support Systems, 55(1), 156-164.
Sennewald, C. A., & Baillie, C. (2015). Effective security management. Butterworth-
Heinemann.
Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information security
management (ism) practices: Lessons from select cases from India and
Germany. Global Journal of Flexible Systems Management, 14(4), 225-239.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
Wu, D. D., & Olson, D. L. (2015). Financial Risk Management. In Enterprise Risk
Management in Finance (pp. 15-22). Palgrave Macmillan UK.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security
planning. Decision Support Systems, 55(1), 156-164.
Sennewald, C. A., & Baillie, C. (2015). Effective security management. Butterworth-
Heinemann.
Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information security
management (ism) practices: Lessons from select cases from India and
Germany. Global Journal of Flexible Systems Management, 14(4), 225-239.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
Wu, D. D., & Olson, D. L. (2015). Financial Risk Management. In Enterprise Risk
Management in Finance (pp. 15-22). Palgrave Macmillan UK.
1 out of 21
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.