Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Cybersecurity for Financial Institutions

Verified

Added on 2020/04/07

AI Summary

This assignment delves into the critical domain of cybersecurity within financial institutions. It examines the various threats and risks posed to these organizations, ranging from sophisticated malware attacks to insider threats and data breaches. Students are expected to analyze and evaluate strategies, tactics, and operational measures employed for effective risk management in this sector. The assignment emphasizes understanding vulnerabilities, assessing potential impacts, and formulating mitigation plans to safeguard sensitive financial information.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

NAME
STUDENT ID
INSTRUCTOR
AFFILIATE INSTITUTION
SUBJECT
TOPIC
DATE
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

RISK ASSESSMENT FOR OUTSOURCING IT SERVICES
EXECUTIVE SUMMARY
Key Information Technology (IT) functionality comprises a set of the major tasks performed by
the latter in the organization. These functions include planning, communication, application and
network development and technology support (Galliers et al, 2014). Outsourcing is the act of
procuring these IT functionalities from an outside vendor especially if the organization’s IT team
can carry them out. Aztek is a financial institution that is responsible for accepting deposits from
the general public and issuing out loans. It has a strong IT team that carries out all the roles of IT.
Lately, however, Aztek’s management has been considering outsourcing IT services to give the
IT team enough time to concentrate on other more demanding issues. This has been as a result of
the organization’s fast growth.
Outsourcing IT functionality is a very beneficial step to Aztek as it leads to risk sharing between
the institution and the outsourcer. It is also a cost-effective way for the organizationto have a
functioning computer system and allow sufficient time for its IT team to concentrate on other
functions such as planning. Also, it has a tax advantage since the expenses of outsourcing are
deducted from that period’s earning. It also increases the cash flow from thetransfer of software
passes and staff to the service provider. This means that the institution is not liable to that group
and the expenses they incur. These expenses become the organization’s gains. Increase in cash
flow may also stem from the lease of the equipment that is no longer in use.
IT functions that Aztek is considering outsourcing include application development and
management, desktop management, data or managed security roles and network
development.This IT functionality can expose the organization in extreme cases of IT risks such
as cyberterrorism, cybercrimes, computer fraud and cyber espionage if the outsourcer is a greedy
untrustworthy individual (Wang et al, 2015).
These risks are however avoidable if the organization carries out its outsourcing activities
diligently and cautiously by ensuring that the agreement is in written form and signed by the
outsourcer. Based on the various advantages of outsourcing IT functionality and the results of the
risk assessment, it would be prudent for Aztek to take up the decision to outsource key IT roles
(Clark, G. L., & Monk, A. H., 2013).
2

The main goal of Aztek at the moment is expansion, growth and development and outsourcing
some resources to focus on this objective will be worthwhile in the long run.The institution
should conduct regular inspection of the outsourcing process to avoid any misconduct from the
outsourcer and to tackle any problems that may arise without delay.Additionally, after
outsourcing the organization should take measures to ensure that the outsourcer did not tamper
with its crucial information or delete it. It should carry out a thorough analysis of the computer
system and networks to clarify that the components are in order and the system is still
functioning the right way (Lacity et al, 2017).
Aztek should take serious data security measures to avoid any leakage of information to the
public and competitors. The financial sector is a very competitive industry and a single wrong
move can set the institution off its game. Employees should be alert and cautious all the time to
avoid forgetting their devices in communal places. The organization can use encryptions, digital
signatures as well as biometric identifiers in securing their data, especially that which is exposed
to the public could pose serious risks to the institution.
Table of Contents
3

INTRODUCTION.......................................................................................................................................5
Main functions of IT................................................................................................................................5
OUTSOURCING IT SERVICES................................................................................................................6
Introduction.............................................................................................................................................6
Outsourcing Regulations.........................................................................................................................7
Reasons for outsourcing..........................................................................................................................7
IMPACTS OF OUTSOURCING ON AZTEK’S SECURITY....................................................................8
CYBER RISKS.......................................................................................................................................8
Cybercrimes.........................................................................................................................................9
Cyber Espionage or Cyber Spying.......................................................................................................9
Computer Fraud...................................................................................................................................9
Financial Crimes................................................................................................................................10
Cyberterrorism...................................................................................................................................10
Cyberextortion...................................................................................................................................10
Cyber Risks Mitigation......................................................................................................................11
Counterparty Risks................................................................................................................................11
Exit Strategy Risk..................................................................................................................................11
Country Risks........................................................................................................................................12
Contractual Risk....................................................................................................................................12
Access Risk...........................................................................................................................................12
Lack of Ownership................................................................................................................................12
DATA SECURITY...................................................................................................................................12
Data classification.................................................................................................................................12
RISKS TO DATA.................................................................................................................................13
Theft..................................................................................................................................................13
Data loss or Accidental loss...............................................................................................................14
Imperfect or Improper data deletion..................................................................................................14
EFFECTIVE DATA RISK MANAGEMENT.......................................................................................14
Encryption.........................................................................................................................................14
Authorization.....................................................................................................................................14
Use of Digital Signature....................................................................................................................15
Biometrics.........................................................................................................................................15
CONCLUSION.........................................................................................................................................15
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

INTRODUCTION
Main functions of IT
IT is an essential component of success in the financial sector. Financial institutions all over the
world are trying to come up with new and improved ways of making their services more
desirable and efficiently available to their customers. Their efforts have led to theavailability of
internet services in the banking sector such as telebanking, internet banking, self-inquiry
facilities and anywhere banking-everywhere banking (ATMs). Aztek company has not been left
behind in these developments. The organization has incorporated IT in most of its operations
with the aim of achieving a competitive advantage (Terlizzi et al, 2017). The major IT functions in
Aztek include planning, communication, technology support, network development and data
management and security.
Planning is mostly encompassed by Enterprise Resource Planning (ERP), which is a cross-
functional technologicalapproach that takes care of all the roles undertaken in an organization.
Aztek’s IT team works with the executive management to come up with an IT strategy that
supports all the organizational departments as well as its objectives. The team is also responsible
for ensuring that there are enough IT resources in the organization (Peppard, J., & Ward, J., 2016).
IT enables efficient and instant communication within and without the organization hence
increasing collaboration among the employees and between the management and the workers.
This enhances the efficiency and effectiveness of the work done.
Technology support is provided by the IT team whereby they attach manuals for user support on
every part of a new or improved technology to enable all employees to make effective use of the
new resource. This service is also extended by theprovision of ongoing support to users through
a helpdesk in the organization’s intranet.
It is essential for Aztek’s IT team to provide Data Management and Security measures. They
should protect the company’s data from viruses and cyber-attacks such as hacking which could
result to altering or destroying of crucial information permanently. Critical information should
also be encrypted to avoid leaks. Data management is achieved via the use of databases that
store, manage and control access to the organization’s data (Chi et al, 2017).
5

Network Development entails coming up with a new network that supports communication and
teamwork within the organization as well as enabling the outside stakeholders such as customers
to have easy access to its services. For example, Aztek’s IT team deploy Internet Protocol (IP)
networks that can carry data, voice and video messages in a single network.
OUTSOURCING IT SERVICES
Introduction
There has been an increase in the rate at which financial service providers all over the world
have been obtaining IT services from outside sources even when their IT team can undertake the
obligation (Verwaal, E., 2017).Surveys carried out in the Financial industry in the past have shown
that financial institutions outsource substantial portions of their regulated and even unregulated
functions, sometimes across a country’s boundaries (offshore outsourcing).Some organizations
move their operations to other countries or have foreign subsidiaries in a foreign country carry
out their functions for them (offshoring).
The IT services that Aztek is considering to outsource are; desktop management, application
development and maintenance, Managed Security Services(MSS)and network development.
Application development and maintenance: this includes coding which should follow a laborious
Software Development Life Cycle (SDLC) created as part of the service provider’s standard
quality process. The suppliers should therefore strictly follow the specifications given to them by
their clients. The organization’s management should monitor the procedures to compare the
actual performance with the expected levels of service provider parameters.
Desktop management: this entails physical hosting of servers and other IT assets, continuous
monitoring and capacity management of the latter,server builds and application software
installation and upgrading, backup and restoration and recovery of server systems in case of a
tragedy. Local Area Network (LAN) establishment and maintenance is also includedinthis
category.
Managed Security: this takes care of the safety of the entire IT infrastructure and all data assets
in the organization.
6

Outsourcing Regulations
Regulation of outsourcing is majorly important for theprotection of consumer interests. It also
protects stakeholders such as shareholders and policy-holders. Outsourcing is also regulated to
protect the rights of the suppliers. Such regulations include:
o Outsourcing agreement should be signed with the service provider
o The outsourcer should be named in the contract
o As a regulated entity, Aztek should have in place a comprehensive policy to guide on
whether and how the IT functionality can be appropriately outsourced. The management
should retain responsibility for the outsourcing policy and all other activities carried out
under this policy
o It should also ensure that the outsourcing activity does not diminish its ability to serve
customers or impede operativeregulation
o The entity should exercise due diligence in picking third-party service providers.
o Written documents that clearly describe all the important features of the outsourcing
arrangement should dictate the latter
o Backup facilities should be provided for by both the outsourcers and the institution to
take care of any disaster that may arise
o The organizationshould take appropriate steps requiring that the vendors protect its
confidential information and that of its clients
o Aztek should take into account outsourcing activities as an integral partof their ongoing
assessment of the regulated entity.
Reasons for outsourcing
An organization’s decision to outsource depends on various on a combination of logistical,
organizational and financial considerations. In Aztek’s case, the principal reason for outsourcing
would be, cost reduction. This stems from the fact that long-term outsourcing contracts convert
the variable costs involved in fixed costs thus making IT usage in the organization more
predictable. Cost reduction is achieved by Return on Investment (ROI) by the project over a long
period of time. This method is used because Aztek is planning on outsourcing the resources for a
while to enhance its growth and expansion.
ROI= (total benefits- total costs)/ total costs
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Return on Investment Cumulation- Example
In this case for example, ROI= (213000-181000)/ 181000
ROI = 0.177
This equals to 18 percent which is relatively beneficial to the organization in that period of time.
Thus, the organization procures more benefits than losses from the outsourcing.
Other advantages include:
 Tax advantage: outsourcing expenses are deducted from the current earnings that would
have otherwise been subtracted from an internal data processing department’s hardware
over time which is usually included in taxes.
 Risk sharing: this results from shared responsibilities between the company and the
expert undertaking those functions.
 Improved concentration on other business functions: many organizations outsource minor
business processes to outside vendors to put all their energy on carrying out core business
functions. Software and hardware upgrades become the responsibility of the outsourcer
thus the client no longer have to deal with the day-to-day information system operations.
 There is a possibility for yielding capital if the outsourcer purchases Aztek’s hardware
assets to use in his or her work.
8

 Cash flow improvements: this results from the transfer of software licenses andpersonnel
to the supplier. This also includes maintenance costs for the data center and release of the
organization from the obligation of a previously leased a plant or equipment.
 Expertise: organizations also outsource to ensure that those functions are performed
excellently especially in cases where there are no experts in that area within the
organization.Their facilities are equipped with excessively designed systems to avert
power and cooling failures and to detect leakage of water, smoke or extreme heat and
anything else that would adversely affect system action. The vendors’ operation
procedures might include advanced system and communication monitoring tools that are
designed to ensure uninterrupted processing and network availability.
IMPACTS OF OUTSOURCING ON AZTEK’S SECURITY
Aztek’s infrastructural and data security measures do a very good job in ensuring the
organization’s data safety and smooth running of the computer system. The IT team has however
been quite occupied lately with trying to fulfill major requirements of the organization such as
planning. The current security system has therefore been running for a while and needs an
update. Due to the insufficient time by Aztek’s IT team, it is more efficient to outsource these
security services. Unfortunately, there are various risks associated with this process, both to the
organization as a whole and to the stakeholders (Riggins, F., & Weber, D., 2016).
CYBERRISKS
Cyber risks describe the possibility of loss, disruptionin daily business operation, or damage to
an organization’s reputation caused by dysfunction in its Information Communication
Technology (ICT), computer networks and systems.
Cyberattacksrefer to any offensive action undertaken by nations, organizations, groups of people
or individuals targeting computer information systems, networks or other infrastructure (Page et
al, 2017). They include cybercrimes and cyber espionage.
Cybercrimes
This is any crime involving a computer or a network whereby the latter may have been used in
committing the misconduct or where it is the target. These offenses are committed with a
criminal motive of intentionally ruining the reputation of the individual or the organization or
causing physical or psychological harm or costing the victim otherwise. Cybercrime therefore
9

may threaten an individual’s or organization’s security and financial position (Johnson, A. L.,
2016).
Cyber Espionage or Cyber Spying
It refers to the use of computer networks to gain unauthorized access to an organization’s
confidential information (Bang et al, 2017). Acquiring those services from outside the
organization would expose its important data to the third party. Activities such as desktop
management, application and network development enable the developer to come into contact
with their client’s crucial data. The vendors could use that information against Aztek later on in
case of an argument or a misunderstanding or for their selfish gains. In other words, the
outsourcer may not be an individual of great character and may use that opportunity to get into
the organization’s system, get confidential information and probably share it with the company’s
competitors.
Additionally, this information can be obtained by use of malicious software, hacking or proxy
servers to hinder Aztek from ever trying the leak to their outsourcers. They may also have the
motive to continue control over the organization’s computer system even long after their contract
has been depleted, for strategic advantages or sabotaging reasons.
Computer Fraud
Computer fraud refers to an act of misinterpreting data to make an organization or individual do
or refrain from doing something that will eventually lead to losses (Cumming et al, 2017).
Procuring IT personnel from outside the organization would make Aztek vulnerable to computer
fraud since the outsourcer may alter the data in the company’s system and consequently mislead
all the other operators.This can be achieved through, changingof deleting stored data, altering
data before entry, entering false data, destroying, stealing or altering theoutput. Thisis easily
achievable by the individuals at the desktop management and is usually hard to detect.
Financial Crimes
Bank fraud
This refers to the use of illegal means to obtain money, property or other assets held or owned by
a financial institution or the act of fraudulently posing as a bank in order to receive currency
from depositors. Not directly affiliated to Aztek, it is possible for the outsourcers to acquire these
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

resources for their benefit or someone else’s. (Kshetri, N., & Voas, J., 2017).There are various types
of bank fraud such as stolen cheques and payment cards, forgery in checks and documents,
fraudulent wire transfer, bill discounting, skimming or duplication of card information,
impersonation or identity theft and money laundering. All these actions can be easily carried out
via the internet of by a group of people working together. A fraudulent outsourcer who apart
from knowing his or her way around the bank, its operations and its worth also has computer
intellect will find it incredibly simple to obtain these resources with limited help or even with no
help at all.
Cyberterrorism
A cyber terrorist is someone who threatens or coerces an organization to advance their wishes by
launching a computer-related attack against their systems,networks or information contained in
them. The outsourcer may take the opportunity of working for Aztek to advance his or her
objectives. For example, he or she may create a virus that would attack Aztek’s computer
systems long after the work is done and make demands to the organizationwith the aim of
achieving his or her goals.
Cyberextortion
Outsourcing of key IT functionality exposes Aztek to malicious hackers who subjects their
computer system to repeated denial of service or other attacks. These hackers may be affiliated
with the outsourcers and end up asking for money or other resources in return for ending the
attacks.
Cyber Risks Mitigation
Aztek should take proper steps to ensure that connected devices around the institution are well
connected to have a chance at beating the cyber criminals at their own game. These steps include
regular change of pass codes, creation of complex passwords and disabling unnecessary remote
connections and features. The organization’s technology team should have a thorough
understanding of the continuously evolving cyber risks and the knowledge on how to mitigate
them. This is, however, not a problem just for the IT team but for the organization as a whole.
The institution’s management should ensure that it has enough resources to take care of the
11

arising cyber-attacks. In addition, it should constantly educate its employees especially the IT
personnel on how to avoid the arousal of those risks or manage them where they are inevitable.
It is evident that outsourcing key IT functionality to the third party is a risky decision for an
organization to work. Those risks can however be managed to minimize them, especially since
most of them are brought to the company by untrustworthy vendors. An organization should
therefore make sure that the outsourcer they are about to work with is trustworthy. It should also
make their agreement legal by ensuring that it is a written document and signed by the supplier.
The organization should involve its lawyer in this process no matter how well the outsourcer is
known to them (Johnson, K. N., 2015).Categorically, the risks involved are:
Counterparty Risks
In the case where the supplier is not an expert there would arise inconsistencies in the workflow
such as untimely delivery, inappropriate categorization of responsibilities and low-quality output.
The supplier may also not have full focus on Aztek’s requirements which would lead to
incompletion of the task designated to him or her. Outsourcing key IT functionalities would also
be an expensive exercise due to the nature of those functions. This is important work to the
organization and the vendor may take advantage of that fact to make his or her services even
costlier.
Exit Strategy Risk
Over-reliance on one firm to work on Aztek’s IT department may put it in jeopardy whereby
appropriate exit strategiesare not put in place.This also -arises from theloss of the required
crucial skills within the organization preventing it from undertaking its own IT tasks.
Country Risks
If Aztek decides on offshore outsourcing, the other nation’s political, economic and legal climate
may create added risks. This would increase the complexity of the outsourcing process in
addition tothat of business continuity, growth and expansion.
Contractual Risk
This is the possibility of loss arising from failure in contract performance. This happens when
one or all the parties fail to honor the terms of their agreement.
12

Access Risk
Outsourcing may hinder a regulated entity from providing required information to the regulators
in thetime leading to unplanned for misunderstandings and delay in the organization\n’s
workflow.
Lack of Ownership
In outsourcing the client has to give over control to the supplier. Aztek would therefore lose
ownership of their outsourced IT functionality up until the installation of the project is over.
DATA SECURITY
Data classification
This is the process of organizing data into various groupings for efficiency and ease of data
retrieval and usage.
Data classification is important because it enablesorganizations to cut storage and backup costs
while speeding up data searches. It can also help the company meet legal and regulatory
requirements for retrieving a certain piece of information within the given timeframe.
Written procedures and approaches for data classification should define the groups and
conditions the organization uses to organize data and stipulate the duties and responsibilities of
all employees in the company regardinginformation stewardship. A data steward is a senior-level
employee who oversees the lifecycle of all the institutional data.
Data lifecycle provides an overview of stages involved in successful management and
preservation of an organization’s data for use and reuse. This management is achieved via a
policy-based approach called Data Life Cycle Management (DLM) that supervises the
institutional data throughout its lifecycle.
The process of data classification begins with creating a data classification scheme, followed by
formation of security standards that stipulate appropriatedata management practices for each
class and storage specifications that outline the data’s lifecycle necessities. For effectiveness,
aorganization scheme should be simple and easy enough so that all employees can implement it
without major setbacks. A data classification scheme can appear as indicated below:
Category 1: data that may be freely exposed to the public such as an organization’s contact
information
13

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Category 2: internal data that can only be disclosed to stakeholders of the company, for example,
organizational charts
Category 3: sensitive internal data that can negatively impact the organization’s operations is
disclosed. This may include employee reviews and contracts with third- parties such as
outsourcers
Category 4: highly sensitive data that could put the company in legal of financial risk if
disclosed, for example, customer account information and employee social security numbers.
Data classification Risks Risk Mitigation
Category 2 data loss, imperfect deletion employee education
Category 3 data loss encryption, digital signatures
Category 4 theft biometrics, authorization and
digital signatures
Risks and Risk Mitigation for various data categories
RISKS TO DATA
Theft
This is a deliberate attack on an institution’s stored data by outsiders probably with malicious
intent, for example criminals looking to sell the data for money. Thiscan sometimes cause more
damage than theexposure of the data to the public.
14

Data loss or Accidental loss
An organization’s data can land in the hands of the wrong people through daily careless handling
of the latter by those responsible for it. Mishandling involves actions such as losing, misplacing
or forgetting a laptop in a public place, file and backup tapes misplacement (Maurer et al, 2017).
Imperfect or Improper data deletion
Before an organization decides to sell all its old computers and other IT infrastructure the
personnel responsible should ensure that they have properly and completely erased all the data
that the components previously contained. Once those devices have been sold, they no longer
belong to the company and therefore any information that may have been retained in them is
susceptible to the public (Puthal et al, 2017).
In addition, leaving important data without encrypting it with a password or some code makes it
vulnerable to hackers and even thieves. Important paper files should be properly disposed of as
well, by use of a cross-cut paper shredder, recycling or trustworthy trash pickup service
regarding appropriate disposal.
EFFECTIVE DATA RISK MANAGEMENT
Encryption
This is one of the most popular and competent data security methods used by organizations
currently. It refers to the process of translating data into another form of code whereby only
persons with a specific password or a secret key, formerly decryption key can have access to it
(Mazumder et al, 2017).
Data encryption is done by use of encryption algorithms and its main importance is to protect
digital data confidentiality while it is being transmitted to other computer networks via the
internet or during storage. Encryption algorithms offer non-repudiation, integrity and
authentication, that is, they ensure that the sender cannot deny having sent the message, the
message has not changed since it was sent and that the origin of the message can be verified.
Authorization
This entails specifying access rights or privileges. In an organizational situation this applies to
category 4 of data whereby due to its highly sensitive nature, only the directors or the
management of the company are allowed access to this data (Bertino, E., & Ferrari, E., 2017). This
restriction of access to certain class of data may be achieved via the use of certain cards that are
only issued to the senior management or other personnel who are allowed access.
15

Use of Digital Signature
In financial institutions, digital signatures are used to prove the authenticity and integrity of
customers, for example, during account opening in banks. They are equivalent to handwritten
signatures and stamped seals. Digital signatures have an advantage over handwritten paperwork
since they cannot be easily forged, tampered with, refuted or destroyed (Tiwari, P. K., & Joshi, S.,
2016). They are also time-saving in that customers don’t have to wait long for the paperwork to
be completed. This also applies in the case of account opening where the process can take only
an hour or even minutes unlike a while ago when it took days sometimes. The digital medium
also enables documents to be tracked as they move from the sender to the receiver. The only
disadvantage posed by these documents is that they are not allowed in court in every jurisdiction,
unlike paperwork.
Biometrics
It is used as a means of identification and in controlling access to specific data. This controlis
achieved by the use of distinctive measurable characteristics known as Biometric identifiers,
whichare categorized as either physiological characteristics (fingerprints, face recognition, iris
recognition and DNA) or behavioral characteristics which include, typing rhythm, gait and voice
recognition.The biometric identity system specifies an individual using these quantifiable
biological features. Biometrics authentication is an effective method of securing data from
unauthorized individuals since the identifiers cannot be shared between persons.
CONCLUSION
In summary, it is evident that outsourcing key IT functionality is a weighty decision for a
financial institution like Aztek and therefore should not be taken lightly. It is an incredibly
advantageous action if the organization is cautious in choosing its outsourcers as it allows the IT
team more time to concentrate and work on other core activities that affect the company such as
planning for the future. This leads to growth and expansion of the organization, which is the
main goal for many developing companies Aztek included.Outsourcing IT functionality also has
other benefits such as possible increase in cashflow, tax and expenses reduction and decrease in
the work load for the institution’s IT personnel. Outsourcing can be a very risky activity,
however, especially if the organization does not have perfect knowledge or no acquittance with
the service provider. It would therefore be a smart decision for the organization to have adequate
security on their data. Securing important information about a company such as Aztek would
ensure that there is no leakage of facts to the public and unauthorized individuals have no access
to it. Currently, the most common and effective methods of securing data used by many
organizations all over the world are biometrics, digital signatures, authorization and
16

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

encryption.Aztek should also adopt these means of data security and be ready to employ any
other systems that are devised in the future regarding the latter.
17

REFERENCES
Lacity, M., Yan, A., & Khan, S. (2017, January). Review of 23 Years of Empirical Research on Information
Technology Outsourcing Decisions and Outcomes. In Proceedings of the 50th Hawaii International
Conference on System Sciences.
Verwaal, E. (2017). Global outsourcing, explorative innovation and firm financial performance: A
knowledge-exchange based perspective. Journal of World Business, 52(1), 17-27.
Cumming, D., Johan, S., & Schweizer, D. (2017). Information systems, agency problems, and
fraud. Information Systems Frontiers, 19(3), 421-424.
Terlizzi, M. A., & Albertin, A. L. (2017). IT benefits management in financial institutions: Practices and
barriers. International Journal of Project Management, 35(5), 763-782.
Chi, M., Zhao, J., George, J. F., Li, Y., & Zhai, S. (2017). The influence of inter-firm IT governance
strategies on relational performance: The moderation effect of information technology
ambidexterity. International Journal of Information Management, 37(2), 43-53.
Peppard, J., & Ward, J. (2016). The strategic management of information systems: Building a digital
strategy. John Wiley & Sons.
Riggins, F., & Weber, D. (2016). Exploring the impact of information and communication technology (ICT)
on intermediation market structure in the microfinance industry. The African Journal of Information
Systems, 8(3), 1.
Galliers, R. D., & Leidner, D. E. (Eds.). (2014). Strategic information management: challenges and
strategies in managing information systems. Routledge.
Clark, G. L., & Monk, A. H. (2013). The scope of financial institutions: in-sourcing, outsourcing and off-
shoring. Journal of Economic Geography, 13(2), 279-298.
Puthal, D., Nepal, S., Ranjan, R., & Chen, J. (2017). A dynamic prime number based efficient security
mechanism for big sensing data streams. Journal of Computer and System Sciences, 83(1), 22-42.
Bertino, E., & Ferrari, E. (2017). Big data security and privacy. In A Comprehensive Guide Through the
Italian Database Research Over the Last 25 Years (pp. 425-439). Springer International Publishing.
Makeshwar, P. S., & Borse, G. (2017). Improving Security in Group Based Data Sharing Using Multicast
Key Agreement. International Journal of Engineering Science, 4468.
Mazumder, S., Shaw, N. K., Dey, B., & Mahmuda, F. (2017). ENHANCE THE DATA SECURITY BY
CHANGINGTHE ENCRYPTION TECHNIQUE BASED ON DATA PATTERN IN BLOCK BASED
PRIVATE KEY DATA ENCRYPTION. International Journal, 8(7).
Tiwari, P. K., & Joshi, S. (2016). Data security for software as a service. In Web-Based Services:
Concepts, Methodologies, Tools, and Applications (pp. 864-880). IGI Global.
Page, J., Kaur, M., & Waters, E. (2017). Directors’ liability survey: Cyber-attacks and data loss—a
growing concern. Journal of Data Protection & Privacy, 1(2), 173-182.
Bang, S. W., Jung, B. S., & Lee, S. C. (2017). Research on financial institutional network partition design
for anti-hacking. Journal of Computer Virology and Hacking Techniques, 1-7.
Kshetri, N., & Voas, J. (2017). Banking on Availability. Computer, 50(1), 76-80.
Matania, E., Yoffe, L., & Goldstein, T. (2017). Structuring the national cyber defense: in evolution towards
a Central Cyber Authority. Journal of Cyber Policy, 2(1), 16-25.
18

van Wegberg, R. S., Klievink, A. J., & van Eeten, M. J. G. (2017). Discerning Novel Value Chains in
Financial Malware. European Journal on Criminal Policy and Research, 1-20.
Kolini, F., & Janczewski, L. (2017). Clustering and Topic Modelling: A New Approach for Analysis of
National Cyber Security Strategies.
Johnson, A. L. (2016). Cybersecurity for Financial Institutions: The Integral Role of Information Sharing in
Cyber Attack Mitigation. NC Banking Inst., 20, 277.
Maurer, T., Levite, A., & Perkovich, G. (2017). Toward a global norm against manipulating the integrity of
financial data (No. 2017-38). Economics Discussion Papers.
Wang, J., Gupta, M., & Rao, H. R. (2015). Insider threats in a financial institution: Analysis of attack-
proneness of information systems applications. MIS quarterly, 39(1).
Malhotra, Y. (2015). Cybersecurity & Cyber-Finance Risk Management: Strategies, Tactics, Operations,
&, Intelligence: Enterprise Risk Management to Model Risk Management: Understanding Vulnerabilities,
Threats, & Risk Mitigation (Presentation Slides).
Johnson, K. N. (2015). Cyber Risks: Emerging Risk Management Concerns for Financial Institutions. Ga.
L. Rev., 50, 131.
Uma, M., & Padmavathi, G. (2013). A Survey on Various Cyber Attacks and their Classification. IJ
Network Security, 15(5), 390-396.
Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B., & Chon, S. (2014). An analysis of the nature of
groups engaged in cybercrime.
Mikhed, V., & Vogan, M. (2017). How Data Breaches Affect Consumer Credit.
Qiu, M., Gai, K., Thuraisingham, B., Tao, L., & Zhao, H. (2016). Proactive user-centric secure data
scheme using attribute-based semantic access controls for mobile clouds in financial industry. Future
Generation Computer Systems.
Grossman, S. A., & Roy, P. (2016). Learn the 5 keys to boosting effectiveness of your cybersecurity
program. Campus Security Report, 13(4), 1-6.
Martins, C., Oliveira, T., & Popovič, A. (2014). Understanding the Internet banking adoption: A unified
theory of acceptance and use of technology and perceived risk application. International Journal of
Information Management, 34(1), 1-13.
19