IT Risk Assessment Case Study

Verified

Added on 2019/09/23

AI Summary

This assignment requires students to conduct an IT Risk Assessment case study for a fictional company called Aztek, which operates in the Australian Financial Services sector. The student must select one project from a provided list and perform a thorough risk assessment, considering factors such as financial services regulations, security posture, data security, and potential threats, vulnerabilities, and consequences. The report should include an executive summary, a review of the project's impact on the current security posture, a risk assessment based on IT control frameworks and industry recommendations, and a special focus on data security risks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Task
IT Risk Assessment Case Study in support of a significant technology decision that is to be taken by a
fictional company called Aztek that operates in the Australian Financial Services sector.
Senior executives in both business and technology divisions within Aztec have collected a portfolio of
projects from their respective strategists that could be potentially funded for deployment. The portfolio
includes projects such as:
• Allowing employees to bring their own devices (laptops, tablets and mobile phones for example) into the
workplace to be used as their main or sole devices in achieving their work tasks.
• Migrating business-critical applications and their associated data sources to an external Cloud hosting
solution.
• Outsourcing key IT functionality such as the network, desktop management or application development
to a third party.
• Upgrading or introducing a major technology such as mobile platforms and applications, migrating to an
improved networking technology (such as IPv6), creating a corporate-wide email archive for compliance
purposes, or upgrading applications and desktop operating systems.
Each of these potential projects carries significant IT risks which will need to be managed to support the
business case as to whether the project should go forward. In this case study, you are the IT Risk
Assessment lead at Aztek, and your role is to be the interface between business stakeholders and
technologists, translating potential technical difficulties into risk language to facilitate effective decision-
making by stakeholders.
For the Aztek case study you will need to select one of the projects from the list above for a thorough IT
Risk Assessment. You may select another project beyond those listed above with the approval of the
subject coordinator, and you may wish to select a project that is relevant to your workplace for example.
Your deliverable for this ITC 596 Case Study is an IT Risk Assessment report, written for the intended
audience of Aztek management providing a risk assessment of the project you have selected to consider.
Your report must be a Microsoft Word document, 15 – 25 pages in length at 12 point font and single
spacing. The report must address the following criteria:
• An Executive Summary at the beginning of the report which provides a clear statement of the IT
technology project that is being assessed, and an overview of your recommendations to Aztek
management as to the merits of the project based on your risk assessment (2 – 3 pages in length).
• A review of the project with respect to the Financial Services sector, which would include any relevant
government or industry regulation or compliance, and any established best practices (2 – 3 pages in
length).
• A review of the project impact on the current security posture of Aztec, as expressed by its current
maturity against IT Security policies and procedures (3 – 5 pages in length).
• A risk assessment based on threats, vulnerabilities and consequences derived from an IT control
framework and any existing industry risk recommendations for the project. For example, there are several
consortia for Cloud Computing that have created IT Risk Assessments for this technology (4 – 10 pages
in length).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

• Specially address risks for Data Security from the viewpoint in the project of what data will be used, who
will have access to the data and where will the data flow (2 – 4 pages in length).
Rationale
• To assess that the student has a holistic grasp of IT Risk Assessment techniques and issues, which can
then be applied to produce valuable support for decision-makers.
• Develop an IT Risk Assessment opinion from both a bottom-up perspective of assessing controls,
threats and vulnerabilities, and translate these findings into business risk language.
• Deliver an IT Risk Assessment based on a proposed business project that required technical risk to be
assessed and managed.
Marking criteria
Criteria
The report addresses all the stated sections in detail, with a common meaning and purpose flowing through
the sections, leading to an authoritative conclusion, in a well-formatted document written without
grammatical errors.
• (15%) Executive Summary – clear risk-based opinions that business stakeholders understand and can
be used directly for decision-support
• (15%) Financial Services sector review – clear perspective to business stakeholders on similar projects
in their sector, and any relevant regulation
• (20%) Security posture review – clear assessment of the project’s impact on current security posture in
terms of changes to the posture and the required mitigation actions to remain at an acceptable posture.
• (30%) Threats, vulnerabilities and consequences assessment – demonstrate that the specific changes
introduced by the project have been assessed systematically assessed according to lists and frameworks
for threats, vulnerabilities and controls.
• (20%) Data Security – demonstrate the data flows associated with the project have been identified,
assessed against policies and any risks mitigated.
Presentation
 Assignments are required to be submitted in either Word format (.doc, or .docx), Open Office
format (.odf), Rich Text File format (.rtf) or .pdf format. Each assignment must be submitted as a
single document.
 Assignments should be typed using 10 or 12 point font. APA referencing style should be used. A
reference list should be included with each assessment item.
 All diagrams that are required should be inserted into the document in the appropriate position.
Diagrams that are submitted in addition to the assignment document will not be marked.

1 out of 2

+13062052269

info@desklib.com

IT Risk Assessment Case Study

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

BYOD Security and Privacy in Enterprise

Cloud Computing Security and Risks

Cloud Computing: Security & Privacy

Cloud Computing Security in Business Systems

Information System Risk Management

Mobile Device Usage in Education