National Australian Bank IT Risk Assessment Report
VerifiedAdded on 2025/06/23
|18
|3263
|151
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
ITC596 - IT RISK MANAGEMENT ASSESSMENT ITEM 2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
Introduction.................................................................................................................................................3
ASSESSMENT TWO.................................................................................................................................4
Part One.......................................................................................................................................................4
Part Two......................................................................................................................................................8
Inherent risk assessment in national Australian bank................................................................................11
Mitigating the risk.....................................................................................................................................13
Residual risk assessment...........................................................................................................................14
Create a Risk Register...............................................................................................................................14
Conclusion.................................................................................................................................................16
References:................................................................................................................................................17
Introduction.................................................................................................................................................3
ASSESSMENT TWO.................................................................................................................................4
Part One.......................................................................................................................................................4
Part Two......................................................................................................................................................8
Inherent risk assessment in national Australian bank................................................................................11
Mitigating the risk.....................................................................................................................................13
Residual risk assessment...........................................................................................................................14
Create a Risk Register...............................................................................................................................14
Conclusion.................................................................................................................................................16
References:................................................................................................................................................17
Introduction
Risk management is defined as the process which focuses on managing the risk in desired
manner and at the same time it also ensures effective working of the organisation. It also focuses
on the set rules and regulations which are consist of procedures and policies which should by the
people in order to achieve the results in proper manner and there should be no amount of loss in
relation with the other data and information. This report summarizes about the issues which are
in relation with the data security and should be prepared by having the proper plan and
management of the plan accordingly. It also has inclusion of “My health record” which is
focused on concluding the data which are in regards with the individual’s health information and
protection towards that. It also concludes the use of risk assessment which involves proper
understanding of the IT systems.
Risk management is defined as the process which focuses on managing the risk in desired
manner and at the same time it also ensures effective working of the organisation. It also focuses
on the set rules and regulations which are consist of procedures and policies which should by the
people in order to achieve the results in proper manner and there should be no amount of loss in
relation with the other data and information. This report summarizes about the issues which are
in relation with the data security and should be prepared by having the proper plan and
management of the plan accordingly. It also has inclusion of “My health record” which is
focused on concluding the data which are in regards with the individual’s health information and
protection towards that. It also concludes the use of risk assessment which involves proper
understanding of the IT systems.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
ASSESSMENT TWO
Part One
Plan, Develop and Manage a Security Policy
The System security plan is termed as the specified formal plan which tends to determine the
action plan to maintain the control over the computer or information system. It includes the
systematic approach and other techniques which provides the security and protects the system in
which they have chances of unauthorized users. It also helps in identifying the viruses or if the
company IT system ha seeing any unknown hacker which can cause huge destructions in the
company.
The access control of the company is consists of the various security techniques which helps in
proper use of resources in the computing environment and their main focus lies on minimizing
the risk in the organisation. Access control comprises of two types such as physical and logical.
In physical contact the limit controls are way limited such as campuses, building room and other
IT possessions. Logical access control limits the connections which are present in the computer
network, system files and data (Safa& Furnell,2016).
The companies or organisations use the different access control prototypes which is basically
depends upon the requirement and also the use of measures for compliances which tends to
secure the data and information from other people.
The plan is made in accordance which concludes all the control of users and system
which helps in maintenance of interaction or communication with other system and users.
In flow of information there should be proper control between the subject and monitoring
the information which requires proper restrictions and maintain the data confidentiality
(Choyi & Vinokurov,2012).
It also has the list of users which has access of the system.
It includes the access control system which includes the methods and determines the
access of system such as user id’s, passwords, digital cards, biometrics etc.
Part One
Plan, Develop and Manage a Security Policy
The System security plan is termed as the specified formal plan which tends to determine the
action plan to maintain the control over the computer or information system. It includes the
systematic approach and other techniques which provides the security and protects the system in
which they have chances of unauthorized users. It also helps in identifying the viruses or if the
company IT system ha seeing any unknown hacker which can cause huge destructions in the
company.
The access control of the company is consists of the various security techniques which helps in
proper use of resources in the computing environment and their main focus lies on minimizing
the risk in the organisation. Access control comprises of two types such as physical and logical.
In physical contact the limit controls are way limited such as campuses, building room and other
IT possessions. Logical access control limits the connections which are present in the computer
network, system files and data (Safa& Furnell,2016).
The companies or organisations use the different access control prototypes which is basically
depends upon the requirement and also the use of measures for compliances which tends to
secure the data and information from other people.
The plan is made in accordance which concludes all the control of users and system
which helps in maintenance of interaction or communication with other system and users.
In flow of information there should be proper control between the subject and monitoring
the information which requires proper restrictions and maintain the data confidentiality
(Choyi & Vinokurov,2012).
It also has the list of users which has access of the system.
It includes the access control system which includes the methods and determines the
access of system such as user id’s, passwords, digital cards, biometrics etc.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
It should include the systems backup and other procedures which can help in restoring the
data.
The development of security policy has requirements of the things which are involved in the
process of risk assessment. It provides the clear picture of the risks which are required in
development of plan. The plan is consist of the information which cannot be shared to outsiders
and have huge severity which implies that it requires high amount of security. There are different
rules and regulations which are in accordance with the various ethical standards are as follows:
Firstly, development of the information security plan which will help in fighting with initiation
of the Cyber Crime. The formation of policies is designed in the manner which ensures the
protection of data and information by any unauthorized access. The information is set according
to the IT structure and protection of data and information towards the same.
The documented policy provides the necessary help to the employee which is focused on
fulfilling the needs and requirements of government contracts such as HIPPA and other related
healthcare compliance. At the time of Commonwealth games, Government of Australia launched
“My health record” which records the information of individual’s health. “My heath record” is
operated by the Health industry in order to record the issues which are related to the individuals
and sharing information which will provide best care. The access of “My heath record” has
provided to the staff member such as System Administrator, Doctor, Nurse, Pathologist and
Patient.
The development of security policy helps in protecting the data and other IT risks in which
customers are not paying attention which is important to federal or state government. The
development of any information in regards with the security policy should be distributed among
employees and vendors in order to gain trust from new business partners.
The development of security policy will helps in determining the difficulties which arises in path
of “My heath record” and any violation of policies will lead to the certain consequences. It
provides information about the Cyber-attacks to the employees and solution for the threats which
also include government interventions which should be implemented in the way and leads to the
generation of maximum results.
data.
The development of security policy has requirements of the things which are involved in the
process of risk assessment. It provides the clear picture of the risks which are required in
development of plan. The plan is consist of the information which cannot be shared to outsiders
and have huge severity which implies that it requires high amount of security. There are different
rules and regulations which are in accordance with the various ethical standards are as follows:
Firstly, development of the information security plan which will help in fighting with initiation
of the Cyber Crime. The formation of policies is designed in the manner which ensures the
protection of data and information by any unauthorized access. The information is set according
to the IT structure and protection of data and information towards the same.
The documented policy provides the necessary help to the employee which is focused on
fulfilling the needs and requirements of government contracts such as HIPPA and other related
healthcare compliance. At the time of Commonwealth games, Government of Australia launched
“My health record” which records the information of individual’s health. “My heath record” is
operated by the Health industry in order to record the issues which are related to the individuals
and sharing information which will provide best care. The access of “My heath record” has
provided to the staff member such as System Administrator, Doctor, Nurse, Pathologist and
Patient.
The development of security policy helps in protecting the data and other IT risks in which
customers are not paying attention which is important to federal or state government. The
development of any information in regards with the security policy should be distributed among
employees and vendors in order to gain trust from new business partners.
The development of security policy will helps in determining the difficulties which arises in path
of “My heath record” and any violation of policies will lead to the certain consequences. It
provides information about the Cyber-attacks to the employees and solution for the threats which
also include government interventions which should be implemented in the way and leads to the
generation of maximum results.
The Company had launched the “My heath record” which ensures better functioning and
provide access to the control policy which addresses the purpose, scope, roles and
responsibilities and commitment towards the organizational entities (Andersson &
Pettersson,2015). The organisation has issued the policies in proper documented procedures
which are in accordance with the same:
The “My heath record” requires the management of services which are as follows:
It requires identifying the account type such as individual, group, system, guest or any
other source.
It requires identifying unauthorized users which are used by the information system to
use the privileges which are restricted by the company.
It also focus on gaining the approvals which are required in forming of accounts and at
the same time they also deal with the activation, deactivation and removal of accounts.
Deactivating the activities which are temporary in nature and terminating the accounts
which are no longer in use.
It also provides the system access which has proper validation and authorization.
The organisations also have installed the automated mechanisms which support the
management of system accounts (Shahbazi, 2014).
The automated system performs the audit which is in regards with the account creation,
modification and termination action whenever required.
The organisation requires logout when the tasks are completed and also helps in determining the
use of account of information system. It also helps in monitoring the usage of information system
accounts and deals with the organisational work in accordance with the “My heath record”. It
also includes managing the dynamics which have user privileges and they are associated with
several authorizations.
The approach which are in accordance with the information generation and system accounts to
have privileges and also includes different services which should be implemented in running the
access functions and it also focus on the needs of the organisation. The organisation requires the
establishment which has privileges for the use of “My heath record” and organising the
information system and also managing the same (Andres & Saruwatari,2012).
provide access to the control policy which addresses the purpose, scope, roles and
responsibilities and commitment towards the organizational entities (Andersson &
Pettersson,2015). The organisation has issued the policies in proper documented procedures
which are in accordance with the same:
The “My heath record” requires the management of services which are as follows:
It requires identifying the account type such as individual, group, system, guest or any
other source.
It requires identifying unauthorized users which are used by the information system to
use the privileges which are restricted by the company.
It also focus on gaining the approvals which are required in forming of accounts and at
the same time they also deal with the activation, deactivation and removal of accounts.
Deactivating the activities which are temporary in nature and terminating the accounts
which are no longer in use.
It also provides the system access which has proper validation and authorization.
The organisations also have installed the automated mechanisms which support the
management of system accounts (Shahbazi, 2014).
The automated system performs the audit which is in regards with the account creation,
modification and termination action whenever required.
The organisation requires logout when the tasks are completed and also helps in determining the
use of account of information system. It also helps in monitoring the usage of information system
accounts and deals with the organisational work in accordance with the “My heath record”. It
also includes managing the dynamics which have user privileges and they are associated with
several authorizations.
The approach which are in accordance with the information generation and system accounts to
have privileges and also includes different services which should be implemented in running the
access functions and it also focus on the needs of the organisation. The organisation requires the
establishment which has privileges for the use of “My heath record” and organising the
information system and also managing the same (Andres & Saruwatari,2012).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Part Two
Introduction of National Australia Bank
National Australia Bank commonly known as the NAB which is one of the four largest financial
institutions in Australia in regards with the market capitalisation, earnings and as well as
consumers. National Australia Bank was ranked as the 21st largest bank in the world which is
measured by the market capitalisation. National Australia Bank is serving their operations in
Australia, New Zealand and Asia which has 12.7 million customers. National Australia Bank is
technology friendly company and at the same time it is large user of the Siebel and Teradata
CRM systems. It has also received the recognition for the adoption and becoming a leader in
Customer relationship management. National Australia Bank has sponsored the Australian Rules
football from the scratch till the elite level. It has also provided the support towards the
community group volunteers in and around Australia. National Australia Bank has also provided
financial support and relief to drought and flood affected areas in Queensland and Victoria
(Fontijn & Holtman,2015).
The Use of IT Systems in National Australia Bank
The use of Information technology is based upon the tool which National Australia Bank uses to
work with the information and also provide support for the same. The IT system provides the
protection towards the data and information of the consumers and it also helps in managing the
security against online transactions, security for passwords and use of applications in the phone
everything is regulated by the IT system in the proper manner.
Introduction of National Australia Bank
National Australia Bank commonly known as the NAB which is one of the four largest financial
institutions in Australia in regards with the market capitalisation, earnings and as well as
consumers. National Australia Bank was ranked as the 21st largest bank in the world which is
measured by the market capitalisation. National Australia Bank is serving their operations in
Australia, New Zealand and Asia which has 12.7 million customers. National Australia Bank is
technology friendly company and at the same time it is large user of the Siebel and Teradata
CRM systems. It has also received the recognition for the adoption and becoming a leader in
Customer relationship management. National Australia Bank has sponsored the Australian Rules
football from the scratch till the elite level. It has also provided the support towards the
community group volunteers in and around Australia. National Australia Bank has also provided
financial support and relief to drought and flood affected areas in Queensland and Victoria
(Fontijn & Holtman,2015).
The Use of IT Systems in National Australia Bank
The use of Information technology is based upon the tool which National Australia Bank uses to
work with the information and also provide support for the same. The IT system provides the
protection towards the data and information of the consumers and it also helps in managing the
security against online transactions, security for passwords and use of applications in the phone
everything is regulated by the IT system in the proper manner.
Identify and explain any major risk in the IT systems components
The emergence of technology and up gradation has reached to the heights which involve the less
involvement of traditional way of banking rather than people are more drawn towards the use of
technology. It has created various for the options for the customer and makes them use of online
banking, credit cards and other transactions which has high level involvement of IT. Online
transactions has huge risk these days as people are finding comfort in using the online
applications rather than going to bank and pursuing their activities. It reduces the burden from
the employees and at the same time it creates more work for the IT people and system. The
online procedures give rise to the cyber risks which requires proper management towards the
same. IT has increased the level of competition and also forced them to integrate with the new
technologies which help in satisfying the customers (Rani & Gangal, 2012).
The emergence of technology and up gradation has reached to the heights which involve the less
involvement of traditional way of banking rather than people are more drawn towards the use of
technology. It has created various for the options for the customer and makes them use of online
banking, credit cards and other transactions which has high level involvement of IT. Online
transactions has huge risk these days as people are finding comfort in using the online
applications rather than going to bank and pursuing their activities. It reduces the burden from
the employees and at the same time it creates more work for the IT people and system. The
online procedures give rise to the cyber risks which requires proper management towards the
same. IT has increased the level of competition and also forced them to integrate with the new
technologies which help in satisfying the customers (Rani & Gangal, 2012).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Consequences of the Risk
The Bank deals in numerous amounts of transactions on the daily basis which shows it gives rise
to the various other consequences which can huge destruction in the National Australian Bank.
The risks which are involved in the online transactions are huge and lead to the loss of trust and
customers from the National Australian Bank. The risks with online transactions is wrongful use
of one time password, login related information, passwords etc. if lost or used by any other
person can cause huge amount of loss to the other person. It also leads to the generation of
inappropriate access control and entry of unauthorized sources in the National Australian Bank
server and cause the loss of data and credible information which should not get leaked in any
manner.
The Bank deals in numerous amounts of transactions on the daily basis which shows it gives rise
to the various other consequences which can huge destruction in the National Australian Bank.
The risks which are involved in the online transactions are huge and lead to the loss of trust and
customers from the National Australian Bank. The risks with online transactions is wrongful use
of one time password, login related information, passwords etc. if lost or used by any other
person can cause huge amount of loss to the other person. It also leads to the generation of
inappropriate access control and entry of unauthorized sources in the National Australian Bank
server and cause the loss of data and credible information which should not get leaked in any
manner.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Inherent risk assessment in national Australian bank
National Australian bank is generally engaged in risky lending practices as it is often exposed to
bad debts. The loans which are not recovered by the bank are known as bad loans. These loans
are written off as bad debts. This is the risk when bank lend money to people. If people are not
able to repay the amount taken from bank they are considered as insolvent and bank have to
suffer from the loss. The bank is exposed to various risks and exhibits a strict loan management.
The ability of bank to provision and forecast its bad loan risk states that it has good
understanding of the amount of risk that is undertaken by the bank. Increasing ratio of provision
indicates that bank seems to be too cautious in respect to its expectations of bad debts. Risks
which are faces by national Australian bank are: -
Credit risk: - this risk occurs when a potential borrower fails to meet the payment obligation with
the terms agreed by the bank. This involves two uncertainties, repayment of dues and repayment
of dues of bank on time. Credit risk sometimes leads to reputational risk. Reputational risk is the
risk which occurs due to various dubious actions taken by the banks, this risk majorly damages
bank’s image in the market. This risk sometimes occurs due to negative publicity of the bank
without any solid evidence. This risk can occur due to following reasons: -
Uncertain income of borrowers (Huang, et. al., 2012).
Unwillingness of borrowers to repay the loan amount
Heavy losses in the business of borrowers.
Cyber security risk: - this risk is referred as most prevalent IT risk. These risk are generally faces
by banks that keep electronic information of the customers safe and private from misuse, damage
or theft etc. these risk occurs because of some internal and external factors in bank. These are: -
Poor password policies
Inappropriate logical access control
Lack of control over business transactions
National Australian bank is generally engaged in risky lending practices as it is often exposed to
bad debts. The loans which are not recovered by the bank are known as bad loans. These loans
are written off as bad debts. This is the risk when bank lend money to people. If people are not
able to repay the amount taken from bank they are considered as insolvent and bank have to
suffer from the loss. The bank is exposed to various risks and exhibits a strict loan management.
The ability of bank to provision and forecast its bad loan risk states that it has good
understanding of the amount of risk that is undertaken by the bank. Increasing ratio of provision
indicates that bank seems to be too cautious in respect to its expectations of bad debts. Risks
which are faces by national Australian bank are: -
Credit risk: - this risk occurs when a potential borrower fails to meet the payment obligation with
the terms agreed by the bank. This involves two uncertainties, repayment of dues and repayment
of dues of bank on time. Credit risk sometimes leads to reputational risk. Reputational risk is the
risk which occurs due to various dubious actions taken by the banks, this risk majorly damages
bank’s image in the market. This risk sometimes occurs due to negative publicity of the bank
without any solid evidence. This risk can occur due to following reasons: -
Uncertain income of borrowers (Huang, et. al., 2012).
Unwillingness of borrowers to repay the loan amount
Heavy losses in the business of borrowers.
Cyber security risk: - this risk is referred as most prevalent IT risk. These risk are generally faces
by banks that keep electronic information of the customers safe and private from misuse, damage
or theft etc. these risk occurs because of some internal and external factors in bank. These are: -
Poor password policies
Inappropriate logical access control
Lack of control over business transactions
Open banking risk: - this process works as a single platform for a number of participants to
engage in open infrastructure that aims at enhancing customer experience. In this risk aggregated
customer data such as banking transactions which are kept safe are under significant risk
(Callaghan & Hubbard, 2016).
engage in open infrastructure that aims at enhancing customer experience. In this risk aggregated
customer data such as banking transactions which are kept safe are under significant risk
(Callaghan & Hubbard, 2016).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.