Aztek Company: Risk Management Assessment of IT Project ITC596

Verified

Added on 2020/04/07

AI Summary

This report provides a risk management assessment for Aztek Company concerning a project allowing employees to use personal IT devices. It examines potential risks within the financial services sector, including systematic, credit, counterparty, operational, and legal risks. The report also analyzes security posture, focusing on cyber security threats like mobile banking risks, and assesses threats, vulnerabilities, and consequences. Data security is a key focus, including data identification, flow, access, and mitigation strategies. The report concludes with recommendations for Aztek Company to mitigate risks and ensure project success. The report emphasizes the importance of understanding and managing IT risks to ensure information security and business success. This report is an example of how Desklib provides comprehensive resources, including past papers and solved assignments, to aid students in their studies.

ITC596 RISK MANAGEMENT ASSESSMENT
NAME
STUDENT ID
SUBJECT
TOPIC
DATE
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

PROJECT TO ALLOW BUSINESS EMPLOYEES TO USE THEIR PERSONAL
INFORMATION TECHNOLOGY DEVICES IN THE BUSINESS
EXECUTIVE SUMMARY
This is a report of Aztek Company risk management assessment on its trial to choose the best
project for its information technology (IT). The report involves the choosing of an IT project
from other projects and assessing potential risks that can be involved in that project. The report
illustrates different risks affecting financial institutions but specifically those that can affect
Aztek Company after implementing the project on allowing employees to use their technology
appliances like laptops, mobile phones, software and hardware devices, programs and networks
to conduct the business operations (Trydid et al, 2014). In that case the project discusses about
any potential risk that may arise in relation to the project. For instance, the project will indicate
the risks associated with financial services offered by the Company, security status of the
company, possible threats and vulnerable fields and impacts that may be caused by those threats
or risks after the project is implemented and the solutions that may be used by the company to
reduce those risks, i.e. methods to avoid, prevent and address the risks.
2

In that case, financial services risks that affect financial institutions like Aztek Company are
basic generic risks that are associated with the company’s services provision. They include risks
like systematic risks, credit risks, counterparty risks, operational risks and legal risks. These risks
are capable of affecting the financial position of a company. According to Wu et al, 2014, the
fact that financial organizations deal with both money and asset value, these risks can cause
adverse impacts to the business’s finances, either negatively or positively. The security status
risks are basically associated with the company’s technology and cyber security status. Most of
the financial institutions are currently prone to the use of technological devices to conduct their
daily operations, e.g. businesses have introduced mobile banking which an easier way to access,
send and spend funds (Cole et al, 2017). All of these appliances have become a threat to a
business’s security system by increasing the opportunity for breach and attack. Furthermore,
these cyber security attacks also are a threat to most businesses that use the modern technology
methods and devices hence leaving the company’s security system being vulnerable (Hatvani,
2015). All of these threats and risks are capable of causing a lot of negative effects to a business
especially in terms of financial status and information theft. Therefore, as for Aztek Company,
the project idea faces a lot of challenges but it can be effective and efficient for the company if
the risks are assessed and managed carefully. The company, should therefore be able to identify
all possible risks in all field and areas of its operations and come up with effective and suitable
solutions to mitigate these risks if the project is to succeed. In addition to that, the company
should ensure that all the employees, stakeholders and business owners are all on board with the
idea and that they intend for it to succeed.
3

Table of Contents
INTRODUCTION.....................................................................................................................................5
FINANCIAL SERVICES SECTOR REVIEW.......................................................................................5
Systematic Risks....................................................................................................................................6
Credit Risks...........................................................................................................................................6
Counterparty Risks...............................................................................................................................7
Operational Risks..................................................................................................................................7
Legal Risks.............................................................................................................................................7
SECURITY POSTURE REVIEW...........................................................................................................8
Types of Cyber Security Risks..............................................................................................................9
Mobile banking risks.........................................................................................................................9
Social networking risks...................................................................................................................10
Security breach and attacks............................................................................................................10
Internet of Things............................................................................................................................11
THREATS, VULNERABILITIES AND CONSEQUANCES ASSESSMENT...................................12
Threats.................................................................................................................................................12
Consequences.......................................................................................................................................14
DATA SECURITY..................................................................................................................................15
Project DataIdentification...................................................................................................................15
Data Flow and Access..........................................................................................................................16
Risks Mitigation...................................................................................................................................16
CONCLUSION........................................................................................................................................16
REFERENCES........................................................................................................................................18
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INTRODUCTION
Information Technology (IT) risk management is the application of business principles and
practices (that handle business risks) in an IT organization with the aim of controlling,
organizing, directing and planning to potential that may occur in the field. IT risk management
assists businesses in identifying the risk that relate to business ownership, business operations,
influence, adoption and implementation of IT devices and appliances. This means that through
IT risk management, businesses are able to avoid, prevent and manage these potential threats to
their IT operations or department (Beauchamp-Akatova et al, 2013). Business uncertainties or
risks can cause great impacts to business operations, especially the businesses whose operations
rely entirely on the information technology department and applications. In that case, IT risk
management becomes an important aspect of ensuring information security because of its ability
to inflict support on the business operations towards achieving its goals and objectives.
Therefore, it is clear it is important for business management team to be able to access and
manage IT risks for it succeed.
FINANCIAL SERVICES SECTOR REVIEW
There are many business organizations in the world that can be said to be financial institutions
offering financial services and products, e.g. depositories (like banks, credit associations and
thrifts), insurance companies (life assurance, property, health and injury insurances), investment
businesses (real estate, trust funds, REMICs and REITs), finance companies, exchange
companies (stock exchange companies, insurance businesses) to name just but a few. The
5

financial institutions are guided and governed by certain specific government rules and
regulations in relation to their services and products. The role of these regulations is to help these
financial institutions to continue upholding the services they offer to their country or rather
customers as well as to the government (Sweeting, 2017). Just like any other business, the
financial institutions are faced with different kind of risks during their operations. The risks
associated with the provision of financial services by financial institutions differ according to
services provided or rather according to the type of institution itself. The different kind of
services include the following: origination, distribution, packaging, servicing, intermediation and
market making services (Schneider et al, 2011). Therefore, financial institutions being some of
the most fundamental organizations in every country, they must find ways of managing those
risks that are capable of affecting their operations negatively.The following are the risk
categories that affect financial institutions:
Systematic Risks
These risks are associated with the change of asset value according to systematic aspects. This
means that the financial institution assumes this risk personally when its assets change in value
due to changes in economic conditions. Examples of these risks are change in interest rates
caused by economic changes. Therefore, to be able to manage these kinds of risks, financial
businesses focus on tracking, be aware and understand some of the systematic changes that may
a risk occurrence like interest rate risks, commodity price risks, foreign exchange risk among
others (Acharya et al, 2017).
Credit Risks
They occur when the business debtors do no pay back what they owe. This happens mostly to
financial businesses that offer crediting services but especially those that that highly illiquid
6

assets as credit cover (Kavun et al, 2016). The credit risk can be caused by the unwillingness or
inability of the debtor to pay the company. These risks is capable of affecting both the business
crediting operations, the business shareholders profits and the debtor’s ability to borrow funds
(Bonsall IV et al, 2016).
Counterparty Risks
This risks is associated with a trading partner’s failure to perform as expected. These risks can be
caused by systematic/economic, political or legal changes or effects towards the trading partner
to the financial institution. To avoid and prevent such a risk from occurring, the business should
ensure that all possible influences are evaluated and analyzed effectively before drawing or
starting the trading partnership. Additionally, all partners should work together to ensure
solutions are available and ready to be implemented whenever such changes occur.
Operational Risks
Operational risks occur whenever the financial institution carries out a transaction, eg product or
service processing and when taking or making trading deliveries in exchange for money.
Furthermore, these kinf risk may occur when the business is doing it record keeping, computing
payment amounts, processing system failures and while trying to comply with certain financial
rules and regulations set by the government. These risks can cause extreme negative impacts
towards a business operations and its financial budgets and expenses. To mitigate such a risk,
businesses should ensure that their processes and practices are completely in accordance with
government regulations and that their employees are well qualified and experienced in their
respective areas.
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Legal Risks
They are related to the legal standards set by the government and other authorities (like court
orders) expected to be achieved and adhered to by the financial institution. However, these legal
risks may also arise when a business fails to follow the laws and rules set to govern a contractual
agreement when trading with partners. For instance, environmental regulations set by the
government affect the operations of institutions like real estate institutions by affecting the value
of the older buildings. Other rules that govern business management for operations and
employees like fraud and security law violations can cause adverse negative effects towards a
business.
With that in mind, it is safe to say that, every financial institution is viable to at least one of these
risks depending with the services it offers. Additionally, every business should come up with
different ways to identify these risks and manage them effectively to increase its success chances
in the financial business industry.
SECURITY POSTURE REVIEW
When it comes to security status of a financial institution, the main business IT appliance and
devices are involved. Therefore, the security of a financial institution is determined by the
security provided by the technology appliances and devices being used by the business to
conduct its operations, g computers, software and hardware appliances, computer networks,
programs and applications. It is important to note that, in the current, a large number of
businesses are now using these appliance to conduct their operations- especially the financial
institutions (Sinclair et al, 2007). The financial businesses are currently using the improved
technological devices to process services, communicate, invest and conduct other operations.
These institutions are using the internet and computers to transfer funds, receive funds, carry out
8

investment operations among other things (Reim et al, 2016); simply called e-commerce.
However, research has proved that security treats to these devices has increased over the last
number of years with very high margins. This has been caused by the technology development
and advancement which is relative to the improvement of these devices and appliances. This
means that when the security threats increase towards the computers, its components and internet
and its components, then treats towards financial institutions increase.
In general terms, these threats can be referred to as cyber insecurities and can be caused by
implementation of such practices like allowing employee to carry their own technology
appliances to work. Most financial institutions are currently prone to cyber insecurities than any
other business organizations. These cyber insecurities are caused by the cyber criminals whose
main objective is to steal money of financial information about the institution or its customers.
However, there are other aims for cyber insecurity, e.g. disruption of business operations,
destruction of critical business infrastructure, compromise of financial business information etc.
therefore, in a financial institution risk management, the business must focus on the management
of cyber security risks and threats (Jouini et al, 2014).
Types of Cyber Security Risks
Mobile banking risks
This refers to the use of mobile phones to receive or send money from one region to another. In
the current business world, many businesses have adopted the use of mobile banking services
which they describe to be a very effective and efficient method for both the customer and the
financial organization (Greenwood et al, 2015). However, mobile security status has become a
big challenge for financial institutions. This is simply because the traditional methods
implemented to protect financial information of the customer is not effective for the mobile
9

banking practice (Gitman et al, 2015). Financial institutions have created mobile applications
that are becoming popular to the customers in conducting their financial operations. However,
these applications are facing threat of attack especially with the increase in mobile phone
application robustness. When the app is robust, the financial information of the user is at risk of
being exposed to unauthorized person which may lead to theft of funds without disturbing the
functionality of the app or mobile phone and therefore not notifying the owner.
Social networking risks
There is an increase in the use of social media platforms by businesses when carrying out their
operations like advertising, marketing, promotion and sales among other things. This also means
that there is increase in mobile phones and social media connections especially in platforms like
twitter, LinkedIn, Facebook and Instagram o name a few (Phippen et al, 2014). Financial
institutions have also adopted the use of these social media platforms whereby most of them also
create accounts with the objective of improving customer communication and relations
(Alhabeeb et al, 2010). When financial institutions join these platforms, they increase the
chances of fake account creation by unauthorized persons who try to trick users into providing
confidential information e.g. about their finances, account passwords and account login details
among other things. These risks can also be realized when business employees leak business
secrets in those platforms without permission.
Security breach and attacks
Security breach is related to password hacking, description of encrypted data, change or
manipulating of data. All these breaches are capable of causing adverse problems for businesses
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

if not managed effectively. Such kind of breaches can lead to information theft or theft of funds
which is a loss for businesses. Cyber security attacks like use of malware, botnets, ransomware,
Trojan horses, viruses and spyware to name just but a few, have also proved to be extremely
dangerous for business organizations, especially the financial institutions (Sadgrove, 2016). This
is simply because, most financial institutions use technology devices like computers, software
and hardware computer appliances, computer networks, programs and applications that are
extremely prone to such attacks (Gerić et al, 2007). These attacks affect an appliance’s use and
operation by restricting access or disrupting the operation processes.
Internet of Things
This has offered new hacking opportunities for cyber criminals. These is basically the connection
of technological devices and appliances to the internet to help them operate, e.g. home
appliances, vehicles, medical devices etc. in relation to financial institutions, devices like CCTV
cameras and ATM machines rely on technology to operate, e.g. banks. Therefore, their use can
lead to theft and other attacks that cause expensive problems to the institution.
Other risks like software engineering, phishing, farming, inside attacks, skimming, spoofing,
DoS attacks etc. are also common when it comes to financial institution cyber security (Raba et
al, 2012). However, given that financial institutions’ operations relate to dealing with money,
investments and assets, they certainly become constant targets for cyber security risks and
threats. These risks can cause immense losses to both the institutions and customers. Therefore,
it is important for Aztek Company to identify and understand some of these threats that can
affect its operations by attacking its security systems. When the company decides on
implementation of the said project, these chances of these risks increasing and affecting the
business operations are extremely high.
11

THREATS, VULNERABILITIES AND CONSEQUANCES ASSESSMENT
Threats
Financial threats aimed at disrupting financial institution’s operations are become more and more
as technology advances. These threats are mostly the cyber security threats discussed above.
Recent research has shown that cyber security crime threat has increasingly been dominated by
massive security attacks. According to Vasile et al, 2012, these attacks have become more
sophisticated in a way that they are now chasing after the financial institution’s financial
information instead of the individual customers. It is clear that these attacks are becoming a
common practice for different groups of criminals ranging from large state-like organizations to
small decentralized individual groups funded and supported by self-directed networks.
Nevertheless, these attacks are not easily to carry out and are rarely successful but when
successful, they cause great damage to the financial organization as well as yield extremely high
profits for the criminals. This is what attracts most of these groups into targeting these
institutions and especially those that are rated to be more successful in terms of profits than
others (Landier, 2011), e.g. top most rated banks in Australia (National Australia Bank- NAB,
Commonwealth Bank- CBA, Australian New Zealand-ANZ Bank and Westpac-WBC).
In that case, when Aztek Company implements the project in question, the chances of these
threats becoming real are extremely high. When employees are allowed to carry their personal
laptops and other devices to work in these financial organizations, there are chances that they
may bring these threats with them. Apparently, most of the financial organizations have security
systems set up for their networks and computers as well as their appliances to protect them from
certain threats. A large number of financial institutions have developed a firewall to protect their
devices from being attacked by viruses, malware, spyware, worms. Additionally they have set up
12