Comprehensive IT Risk Management Report for Aztek's Financial Services
VerifiedAdded on  2020/04/07
|21
|5543
|435
Report
AI Summary
This report assesses IT risks for Aztek as they integrate IT services and outsource operations. It highlights advantages, disadvantages, and financial risks, detailing systematic and unsystematic risks, strategic risks, market risks, and credit risks. The report emphasizes compliance with government regulations and best practices. It analyzes threats such as phishing attacks, data packet sniffing, IP spoofing, port scanning, and backdoors, and proposes control measures to mitigate these risks. It recommends a security model focused on recognizing objectives, assessing applications, and highlighting security objectives to protect sensitive client and company data. The document is available on Desklib, a platform offering study tools and solved assignments for students.
Running head: IT RISK MANAGEMENT
IT Risk Management
Name of the Student
Name of the University
Author’s note
IT Risk Management
Name of the Student
Name of the University
Author’s note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1IT RISK MANAGEMENT
Executive Summary
The report has been developed for Aztek as they are going to adopt the IT services to
facilitate their company's objectives and also to outsource their services to a third party
company. The advantages and disadvantages, the financial risks have been highlighted in the
report, along with that the financial risks have been discussed. The threats and the
vulnerabilities have been showcased in the report as well. The security measures that Aztek
must adopt to mitigate the risks have been elaborated in the report as well. The secure
business operations can assist Aztek as well as their stakeholders and investors.
Executive Summary
The report has been developed for Aztek as they are going to adopt the IT services to
facilitate their company's objectives and also to outsource their services to a third party
company. The advantages and disadvantages, the financial risks have been highlighted in the
report, along with that the financial risks have been discussed. The threats and the
vulnerabilities have been showcased in the report as well. The security measures that Aztek
must adopt to mitigate the risks have been elaborated in the report as well. The secure
business operations can assist Aztek as well as their stakeholders and investors.
2IT RISK MANAGEMENT
Table of Contents
Introduction................................................................................................................................3
Review in regards to the financial services................................................................................3
Government regulations.............................................................................................................5
Best practices.............................................................................................................................6
Review of project along with the current security measures.....................................................6
Analysing threats, vulnerabilities and the final outcome...........................................................7
Control measures to mitigate the threats associated with Aztek..............................................13
References................................................................................................................................17
Table of Contents
Introduction................................................................................................................................3
Review in regards to the financial services................................................................................3
Government regulations.............................................................................................................5
Best practices.............................................................................................................................6
Review of project along with the current security measures.....................................................6
Analysing threats, vulnerabilities and the final outcome...........................................................7
Control measures to mitigate the threats associated with Aztek..............................................13
References................................................................................................................................17
3IT RISK MANAGEMENT
Introduction
Aztek is going to adopt the IT services to embellish their company’s objectives and
also to outsource their services to a third party company and they can be highly benefitted
from the cloud technology (Wu & Olson, 2015).
The report will highlight the threats and the vulnerabilities involved with the system.
The report will also showcase the security measures by which they can carry on their
business activities in a well-secured manner.
Review in regards to the financial services
The risks correlated with the financial sector are-
The systematic risks
The systematic risks are the risks in which individual has no control over. The risks
occur due to the external factors are influenced by external factors like war, political factors
whose effect cannot be controlled by any enterprise or any organisation or any industry.The
systematic risks also get affected by the interest rates and the recession (McNeil, Frey &
Embrechts, 2015). They can be divided into the following categories- Interest rate, risk,
market risk and the purchasing power risk. Here in this risk none have clue.
The Unsystematic risks
The risks can be well controlled. The individuals or any organisations can control and
manage the risks. The risks are within one's range and can be mitigated by simple means. The
types of risks that fall under unsystematic risk are a financial risk factor, liquidity risk and
operational risks (Lam, 2014). The effect is malignant compared to the systematic risk.
Relevant risk
Introduction
Aztek is going to adopt the IT services to embellish their company’s objectives and
also to outsource their services to a third party company and they can be highly benefitted
from the cloud technology (Wu & Olson, 2015).
The report will highlight the threats and the vulnerabilities involved with the system.
The report will also showcase the security measures by which they can carry on their
business activities in a well-secured manner.
Review in regards to the financial services
The risks correlated with the financial sector are-
The systematic risks
The systematic risks are the risks in which individual has no control over. The risks
occur due to the external factors are influenced by external factors like war, political factors
whose effect cannot be controlled by any enterprise or any organisation or any industry.The
systematic risks also get affected by the interest rates and the recession (McNeil, Frey &
Embrechts, 2015). They can be divided into the following categories- Interest rate, risk,
market risk and the purchasing power risk. Here in this risk none have clue.
The Unsystematic risks
The risks can be well controlled. The individuals or any organisations can control and
manage the risks. The risks are within one's range and can be mitigated by simple means. The
types of risks that fall under unsystematic risk are a financial risk factor, liquidity risk and
operational risks (Lam, 2014). The effect is malignant compared to the systematic risk.
Relevant risk
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4IT RISK MANAGEMENT
The systematic risk falls under the relevant risk. The relevant risks are those risks which can
be detected, the risks which can be analysed, the risks which can be controlled. The relevant
risks are systematic risks and not he unsystematic risks where individuals or nay enterprises
have no control over (Chance & Brooks, 2015). The key risks which fall under the category
are the operational risk, legal risk, regulatory risk and solvency risk.
Strategic risk
The strategic risks get erupted in the organisation due to improper decision-making
and wrong strategy due to which a project fails. The risks also state that the management
team has failed to come up with the changes. This risk can affect the growth of the
organisation.
Market risk
The market risks are the risks which get erupted due to the abnormal price rise of any
commodity or any resources. The price rise affects the company, affects the finance section
of the company (Chance & Brooks, 2015). The market risk is correlated with the financial
market risk, interest rate risk and the equity risk.
Credit risk
The credit risks occur when the borrower fails to pay the loan they have taken. The
lender should have taken the responsibility to judge whether the borrower is capable to repay
the loan with interest or not, if not judged properly the risk gets erupted. The credit risks
occur when the money lender lose the whole money or the whole principle.
The legal compliance of all the countries are more or less same and Australia is no
exception. Aztek must abide by the legal compliance as this can benefit them in the long run,
this can assist them to take the best decision so that they can run the business activities
The systematic risk falls under the relevant risk. The relevant risks are those risks which can
be detected, the risks which can be analysed, the risks which can be controlled. The relevant
risks are systematic risks and not he unsystematic risks where individuals or nay enterprises
have no control over (Chance & Brooks, 2015). The key risks which fall under the category
are the operational risk, legal risk, regulatory risk and solvency risk.
Strategic risk
The strategic risks get erupted in the organisation due to improper decision-making
and wrong strategy due to which a project fails. The risks also state that the management
team has failed to come up with the changes. This risk can affect the growth of the
organisation.
Market risk
The market risks are the risks which get erupted due to the abnormal price rise of any
commodity or any resources. The price rise affects the company, affects the finance section
of the company (Chance & Brooks, 2015). The market risk is correlated with the financial
market risk, interest rate risk and the equity risk.
Credit risk
The credit risks occur when the borrower fails to pay the loan they have taken. The
lender should have taken the responsibility to judge whether the borrower is capable to repay
the loan with interest or not, if not judged properly the risk gets erupted. The credit risks
occur when the money lender lose the whole money or the whole principle.
The legal compliance of all the countries are more or less same and Australia is no
exception. Aztek must abide by the legal compliance as this can benefit them in the long run,
this can assist them to take the best decision so that they can run the business activities
5IT RISK MANAGEMENT
smoothly and fast. The external risk can be fatal for any organisation or to an industry that is
why the unsystematic risk must be deal with patience (Chance & Brooks, 2015). The external
risks can cause a devastating effect to Aztek and the can increase the risks.
Aztek’s internal risks are-
The communication technique procedure
The transparent techniques follow through
In this case, Aztek must develop certain strategies to meet their business goals, have
to adopt certain strategies so that Aztek can execute the projects comfortably without any
risks. Aztek must take the initiative to educate their employees and if the employees have the
sound knowledge on the threats and the vulnerabilities and the security measures then they
can serve the customers well and with much ease (Bromiley et al., 2015. They can well adept
with the cloud technology and the IT services quite well. This can enhance their business
activities and market share as a whole.
Government regulations
The federal body of each and every country apply certain rules, certain policies and
by following those rules and the policies the organisations the enterprises can work fast with
more productivity. Similarly, Aztek following the rules and the policies made by Australia
can embellish their business activities as a whole. This can help to conduct the business
effectively as well as ethically (Sadgrove, 2016). Thus Aztek management team should act
proactively and must follow the rules accordingly as that can provide them with the business
benefits. The factors on which the authorities must focus on-
smoothly and fast. The external risk can be fatal for any organisation or to an industry that is
why the unsystematic risk must be deal with patience (Chance & Brooks, 2015). The external
risks can cause a devastating effect to Aztek and the can increase the risks.
Aztek’s internal risks are-
The communication technique procedure
The transparent techniques follow through
In this case, Aztek must develop certain strategies to meet their business goals, have
to adopt certain strategies so that Aztek can execute the projects comfortably without any
risks. Aztek must take the initiative to educate their employees and if the employees have the
sound knowledge on the threats and the vulnerabilities and the security measures then they
can serve the customers well and with much ease (Bromiley et al., 2015. They can well adept
with the cloud technology and the IT services quite well. This can enhance their business
activities and market share as a whole.
Government regulations
The federal body of each and every country apply certain rules, certain policies and
by following those rules and the policies the organisations the enterprises can work fast with
more productivity. Similarly, Aztek following the rules and the policies made by Australia
can embellish their business activities as a whole. This can help to conduct the business
effectively as well as ethically (Sadgrove, 2016). Thus Aztek management team should act
proactively and must follow the rules accordingly as that can provide them with the business
benefits. The factors on which the authorities must focus on-
6IT RISK MANAGEMENT
i. The policies made by the federal authority must be carefully examined, it must be checked
whether the policies are related to financial sections or not. If those policies are applied must
be applied in an effective manner so that the productivity can be gained.
ii. The risks residing within the company must be checked and analysed, the market of the
employees and the financial market must be analysed as well. Otherwise, the company will
face huge losses.
iii. The process which is absolute necessity must be followed accordingly and that to be
followed in the best way. Following the procedure, the risks incurred within the organisation
huge losses can be minimised (Bolton, Chen & Wang, 2013).
Best practices
Aztek by following the aforesaid procedures can solve the problems that incurred as a
result of outsourcing. The challenges that Aztek faced while conducting the business
activities must be addressed and if possible in some cases must be discussed with the
investors and the stakeholders to get an any better outcome. The following report has
showcased the advantages as well as the problems incurred while performing the mentioned
practices.
Review of project along with the current security measures
The report has showcased various aspects of the Aztek company as a whole. The
benefits and the ill effects of the related IT services have been detailed in the report. The IT
services that Aztek has planned to perform are network configuration, installation of
application software and conducting proper management system for the desktop (Ali,
Warren, & Mathiassen, 2017). Aztek needs to identify the various aspects of the IT services
i. The policies made by the federal authority must be carefully examined, it must be checked
whether the policies are related to financial sections or not. If those policies are applied must
be applied in an effective manner so that the productivity can be gained.
ii. The risks residing within the company must be checked and analysed, the market of the
employees and the financial market must be analysed as well. Otherwise, the company will
face huge losses.
iii. The process which is absolute necessity must be followed accordingly and that to be
followed in the best way. Following the procedure, the risks incurred within the organisation
huge losses can be minimised (Bolton, Chen & Wang, 2013).
Best practices
Aztek by following the aforesaid procedures can solve the problems that incurred as a
result of outsourcing. The challenges that Aztek faced while conducting the business
activities must be addressed and if possible in some cases must be discussed with the
investors and the stakeholders to get an any better outcome. The following report has
showcased the advantages as well as the problems incurred while performing the mentioned
practices.
Review of project along with the current security measures
The report has showcased various aspects of the Aztek company as a whole. The
benefits and the ill effects of the related IT services have been detailed in the report. The IT
services that Aztek has planned to perform are network configuration, installation of
application software and conducting proper management system for the desktop (Ali,
Warren, & Mathiassen, 2017). Aztek needs to identify the various aspects of the IT services
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IT RISK MANAGEMENT
that can assist them to carry out the business operations in an effective manner. Aztek has
planned to undertake the strategies that can prove helpful in mere future.
The stakeholders involves the-
i. The government agencies work together in accordance with the policies relevant to
outsourcing.
ii. Investors of Aztek
iii. The management team and staffs of Aztek
iv. Regular clients and irregular clients
Analysing threats, vulnerabilities and the final outcome
Effective decision making is important and must be chosen wisely to outsource all the
IT services and for this reason, Aztek should test all the vulnerabilities of the company. This
kind of initiative will help them to get the desired result which can help them to enhance the
services. The threats can be disastrous so they must be handled with care and effective
decision-making can help to mitigate the threats and vulnerabilities incurred. Generally,
Aztek serves financial services to the clients all over Australia s (Rittinghouse & Ransome,
2016). Therefore they deal with the personal information of the clients and that is why they
must safeguard these vital data of the customers safely and securely and must not disclose.
However, due to the malware attack, those data can get hacked and breached.
The IT services’ risks if not diminished in time can create havoc. The whole database
and the system can get breached as a result of this and Aztek’s reputation can be under threat.
The company can lose the clients’ base, can even lose huge lots of money (Choo, 2014). Thus
a security model must be developed to add the security measures to the Aztek database and
that can assist them to carry out the business operations in an effective manner. Aztek has
planned to undertake the strategies that can prove helpful in mere future.
The stakeholders involves the-
i. The government agencies work together in accordance with the policies relevant to
outsourcing.
ii. Investors of Aztek
iii. The management team and staffs of Aztek
iv. Regular clients and irregular clients
Analysing threats, vulnerabilities and the final outcome
Effective decision making is important and must be chosen wisely to outsource all the
IT services and for this reason, Aztek should test all the vulnerabilities of the company. This
kind of initiative will help them to get the desired result which can help them to enhance the
services. The threats can be disastrous so they must be handled with care and effective
decision-making can help to mitigate the threats and vulnerabilities incurred. Generally,
Aztek serves financial services to the clients all over Australia s (Rittinghouse & Ransome,
2016). Therefore they deal with the personal information of the clients and that is why they
must safeguard these vital data of the customers safely and securely and must not disclose.
However, due to the malware attack, those data can get hacked and breached.
The IT services’ risks if not diminished in time can create havoc. The whole database
and the system can get breached as a result of this and Aztek’s reputation can be under threat.
The company can lose the clients’ base, can even lose huge lots of money (Choo, 2014). Thus
a security model must be developed to add the security measures to the Aztek database and
8IT RISK MANAGEMENT
system. Aztek requires cooperation from the clients as they are going to shift to the cloud,
shift to a cloud platform. They should not forget the demands and wishes of the third party
organisation. In this case, Aztek's management team has developed a model and the model is
based on the following factors-
Strategies to recognise the objectives- The risks involved with the database storage is
the main area of concern. The secured framework can protect them from potential threats and
cater them the best solutions.
The assassination of applications- The application programs must be chosen wisely
by Aztek. The assessment of risks must be conducted after that. The aforesaid approach can
help them to get the desired outcome they want (Islam et al., 2016). The secured framework
can help them to use the IT services in a more efficient manner; it also assists them to take
the best plan to assure the security of their database and the system.
The highlight of the features of the security objectives- Aztek via the security
framework model can assess the vulnerabilities and the threats associated with Aztek's
system. The Aztek management should act in a proactive manner and should be aware of the
fact their database contains the sensitive information of the clients and also the financial data
of their company (Choo, 2014). These data must not get compromised at any cost and Aztec
should make sure of this.
Identification of threats
Phishing attacks- The phishing attack is carried out by the hackers. The hackers gain
access to one’s system and stole all the vital data. They copy the HTML code of Aztek and
develop a site which is Aztek look-alike. The users who are innocent tries to gain access to
the system entering all the credentials and thus the hackers acquire all the credentials for
system. Aztek requires cooperation from the clients as they are going to shift to the cloud,
shift to a cloud platform. They should not forget the demands and wishes of the third party
organisation. In this case, Aztek's management team has developed a model and the model is
based on the following factors-
Strategies to recognise the objectives- The risks involved with the database storage is
the main area of concern. The secured framework can protect them from potential threats and
cater them the best solutions.
The assassination of applications- The application programs must be chosen wisely
by Aztek. The assessment of risks must be conducted after that. The aforesaid approach can
help them to get the desired outcome they want (Islam et al., 2016). The secured framework
can help them to use the IT services in a more efficient manner; it also assists them to take
the best plan to assure the security of their database and the system.
The highlight of the features of the security objectives- Aztek via the security
framework model can assess the vulnerabilities and the threats associated with Aztek's
system. The Aztek management should act in a proactive manner and should be aware of the
fact their database contains the sensitive information of the clients and also the financial data
of their company (Choo, 2014). These data must not get compromised at any cost and Aztec
should make sure of this.
Identification of threats
Phishing attacks- The phishing attack is carried out by the hackers. The hackers gain
access to one’s system and stole all the vital data. They copy the HTML code of Aztek and
develop a site which is Aztek look-alike. The users who are innocent tries to gain access to
the system entering all the credentials and thus the hackers acquire all the credentials for
9IT RISK MANAGEMENT
entering their system (Albakri et al., 2014). The hackers also attack the clients by means of
spam emails the innocent clients click on the suspicious email and get trapped.
Data Packet Sniffing- The insecure network can be vulnerable to attack, the insecure
network along with the data flow through this network can get hijacked by the hackers and in
this way they can rob all the sensitive data of the clients.
IP spoofing-IP spoofing is another means by which Aztek's clients can get trapped.
The hackers generally carried out their attack remaining in the background hibernating from
others. They hide their source and attack (Albakri et al., 2014). Thus Aztek can only find out
that the hackers have attacked but cannot be able to find out from which source they are
carrying out their vulnerable attack.
Port Scanning- The hackers via port scanning can know the service Aztek is utilising
in their office premises. Then the hackers try to figure out the loopholes in their services and
find out the loopholes they carry out their attack. Azteks’ system can be exploited by the
same.
Backdoors- The backdoors are created by the web developers to facilitate the
development of the site. The web developers keep a constant look on the website code and
decide
Identification of vulnerabilities
i. Predictable session identifiers- Using the Base 64 the hackers identify the session
identifiers. The algorithm is reverse engineered by the hackers to carry on their misdeeds.
ii. Dependent on client-side validation- The settings of browser and the browser
history can get hacked and along with that the Javascript stored in the database gets disabled
by the hackers. In this way, the security of the system and the database can get threatened.
entering their system (Albakri et al., 2014). The hackers also attack the clients by means of
spam emails the innocent clients click on the suspicious email and get trapped.
Data Packet Sniffing- The insecure network can be vulnerable to attack, the insecure
network along with the data flow through this network can get hijacked by the hackers and in
this way they can rob all the sensitive data of the clients.
IP spoofing-IP spoofing is another means by which Aztek's clients can get trapped.
The hackers generally carried out their attack remaining in the background hibernating from
others. They hide their source and attack (Albakri et al., 2014). Thus Aztek can only find out
that the hackers have attacked but cannot be able to find out from which source they are
carrying out their vulnerable attack.
Port Scanning- The hackers via port scanning can know the service Aztek is utilising
in their office premises. Then the hackers try to figure out the loopholes in their services and
find out the loopholes they carry out their attack. Azteks’ system can be exploited by the
same.
Backdoors- The backdoors are created by the web developers to facilitate the
development of the site. The web developers keep a constant look on the website code and
decide
Identification of vulnerabilities
i. Predictable session identifiers- Using the Base 64 the hackers identify the session
identifiers. The algorithm is reverse engineered by the hackers to carry on their misdeeds.
ii. Dependent on client-side validation- The settings of browser and the browser
history can get hacked and along with that the Javascript stored in the database gets disabled
by the hackers. In this way, the security of the system and the database can get threatened.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10IT RISK MANAGEMENT
iii. SQL injection- SQL injection threats is another notable one. The hackers by
exploiting the Aztek database can acquire the credentials of the clients from the database.
iv. Unauthorised execution of operations- The authorization and authentication of
Aztek can get threatened by the hackers and Aztek can face severe loss.
v. Cross-site scripting- The cookies can get stolen from the browsers by the hackers
and make it exploitable to attack (Peltier, 2016). The hackers who have the knowledge of
web scripting language, CSS and HTML can exploit and make any Aztek’s client website
vulnerable to attack. The hackers can install virus too.
vi. Issues related to uploading- The Aztek system applications and the database can
be under serious threat due to the malware attack. The hackers via XSS and the Trojans can
exploit the system and the database.
vii. Issues related to logging out- The clients sometimes feel too lazy to log out of the
system, the attackers can gain into the Aztek account via an insecure network and can rob the
important data of the database, thus the clients' data can get breached (Sennewald & Baillie,
2015).
viii. Passwords- The clients sometimes set very easy predictable passwords for their
system which can be guessable and thus the system becomes vulnerable to attack. The lazy
approach from the clients can prove dangerous (Rittinghouse & Ransome, 2016). The hackers
via brute force method can gain access to the system and expose the vulnerabilities residing
within the database and the system of Aztek.
ix. The unencrypted passwords- The clients unknowingly store passwords in their
system as they tend to forget the password. The attackers attack the system via virus and
malware and Trojan virus and acquire those files where the password is written. Also, the
iii. SQL injection- SQL injection threats is another notable one. The hackers by
exploiting the Aztek database can acquire the credentials of the clients from the database.
iv. Unauthorised execution of operations- The authorization and authentication of
Aztek can get threatened by the hackers and Aztek can face severe loss.
v. Cross-site scripting- The cookies can get stolen from the browsers by the hackers
and make it exploitable to attack (Peltier, 2016). The hackers who have the knowledge of
web scripting language, CSS and HTML can exploit and make any Aztek’s client website
vulnerable to attack. The hackers can install virus too.
vi. Issues related to uploading- The Aztek system applications and the database can
be under serious threat due to the malware attack. The hackers via XSS and the Trojans can
exploit the system and the database.
vii. Issues related to logging out- The clients sometimes feel too lazy to log out of the
system, the attackers can gain into the Aztek account via an insecure network and can rob the
important data of the database, thus the clients' data can get breached (Sennewald & Baillie,
2015).
viii. Passwords- The clients sometimes set very easy predictable passwords for their
system which can be guessable and thus the system becomes vulnerable to attack. The lazy
approach from the clients can prove dangerous (Rittinghouse & Ransome, 2016). The hackers
via brute force method can gain access to the system and expose the vulnerabilities residing
within the database and the system of Aztek.
ix. The unencrypted passwords- The clients unknowingly store passwords in their
system as they tend to forget the password. The attackers attack the system via virus and
malware and Trojan virus and acquire those files where the password is written. Also, the
11IT RISK MANAGEMENT
hackers search for the hidden files in the system where the password is saved in unencrypted
form.
x. Phishing attack- The phishing attack is another noteworthy mention which is a
disastrous one, the hackers send spam emails to the clients of Aztek claiming that they are
sending emails from Aztek (Almorsy et al., 2016). The clients can unknowingly enter those
malicious sites and thus can lose confidentiality and lose all the credentials and can even lose
all the sensitive data.
xi. The absence of account lockout- The account lockout absenteeism can lead to
cybercrime attack.
xii. Not showing the previous sessions- The innocent clients unknowingly can enter
their personal information again and again and thus risks their own privacy. In this way by
catering the username, password the clients can get into trouble and their confidential data
can get breached (Ahmad & Maynard, 2014).
xiii. No appropriate settings for cookie security: The hackers can develop a channel
for Aztek clients and the server and via this channel, the browser cookies get transmitted
(Siponen Mahmood & Pahnila, 2014). The hackers first exploit the system and gain access to
those browser cookies and this way threats can spread all over Aztek.
xiv. Weak cyphers- The attackers can expose the system and the database and can
record what is being transacted and in this way, the SSL key is cracked the intruders get into
the system.
It can be concluded that Aztek management needs to implement a correct strategy via
which the security management risks can be checked. Via this method correct methodologies
must be adapted to control, to implement, and to work on the information security system.
hackers search for the hidden files in the system where the password is saved in unencrypted
form.
x. Phishing attack- The phishing attack is another noteworthy mention which is a
disastrous one, the hackers send spam emails to the clients of Aztek claiming that they are
sending emails from Aztek (Almorsy et al., 2016). The clients can unknowingly enter those
malicious sites and thus can lose confidentiality and lose all the credentials and can even lose
all the sensitive data.
xi. The absence of account lockout- The account lockout absenteeism can lead to
cybercrime attack.
xii. Not showing the previous sessions- The innocent clients unknowingly can enter
their personal information again and again and thus risks their own privacy. In this way by
catering the username, password the clients can get into trouble and their confidential data
can get breached (Ahmad & Maynard, 2014).
xiii. No appropriate settings for cookie security: The hackers can develop a channel
for Aztek clients and the server and via this channel, the browser cookies get transmitted
(Siponen Mahmood & Pahnila, 2014). The hackers first exploit the system and gain access to
those browser cookies and this way threats can spread all over Aztek.
xiv. Weak cyphers- The attackers can expose the system and the database and can
record what is being transacted and in this way, the SSL key is cracked the intruders get into
the system.
It can be concluded that Aztek management needs to implement a correct strategy via
which the security management risks can be checked. Via this method correct methodologies
must be adapted to control, to implement, and to work on the information security system.
12IT RISK MANAGEMENT
The standards and the policies must be followed to embellish the business operations as well
as the deliverance method. Aztek can adopt the code of practice developed upon ISO strategy
and they can get benefits via this approach. Aztek can even diminish the risks associated with
the company's premises for the IT services via this method (Sawik, 2013). Thus in case of the
control mechanism, proper guidance can be initiated to make the necessary changes to
improve the quality of services Aztek offers.
Aztek must adopt the cloud technology for good, this can largely benefit the clients, the
employees and the stakeholders of Aztek. The cloud technology can help them to conduct
business in agile and efficient manner. Also with the advent of cloud computing, they can
stay connected with their customers all throughout day and night. However, they must be
careful about all the issues associated with cloud computing, they have to have secured
network connectivity and relatively fast bandwidth to get their job done (Chen et al., 2013).
They must consider the below factors while conducting business operations over cloud-
1. Usage of the features of the services.
2. Confidentiality
3. Availability of the options (Pascoal, 2012).
4. Problems related to integrity
5. Transparency followed between both the companies
6. Multi-party or company trust
By showcasing the above factors Aztek can develop an effective strategy to conduct their
business activities and on the other side can check the threats and the vulnerabilities
associated with the company. The stakeholders and the investors can be greatly benefitted by
The standards and the policies must be followed to embellish the business operations as well
as the deliverance method. Aztek can adopt the code of practice developed upon ISO strategy
and they can get benefits via this approach. Aztek can even diminish the risks associated with
the company's premises for the IT services via this method (Sawik, 2013). Thus in case of the
control mechanism, proper guidance can be initiated to make the necessary changes to
improve the quality of services Aztek offers.
Aztek must adopt the cloud technology for good, this can largely benefit the clients, the
employees and the stakeholders of Aztek. The cloud technology can help them to conduct
business in agile and efficient manner. Also with the advent of cloud computing, they can
stay connected with their customers all throughout day and night. However, they must be
careful about all the issues associated with cloud computing, they have to have secured
network connectivity and relatively fast bandwidth to get their job done (Chen et al., 2013).
They must consider the below factors while conducting business operations over cloud-
1. Usage of the features of the services.
2. Confidentiality
3. Availability of the options (Pascoal, 2012).
4. Problems related to integrity
5. Transparency followed between both the companies
6. Multi-party or company trust
By showcasing the above factors Aztek can develop an effective strategy to conduct their
business activities and on the other side can check the threats and the vulnerabilities
associated with the company. The stakeholders and the investors can be greatly benefitted by
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13IT RISK MANAGEMENT
this approach (Dotcenko, Vladyko & Letenko, 2014). The outsourced tasks can be greatly
carried out significantly in a secure manner.
Thus to acquire the best possible benefits, the company needs to acquire the secure model
to develop effective service level agreement. This initiative can assist them to overcome the
challenges and assist to implement the best method by which the company can be highly
benefitted.
Control measures to mitigate the threats associated with Aztek
i. Managing an accurate inventory of control system devices: Aztek should not
allow their computer nodes to stay connected with any kind of wired or wireless network
partly if gets connected to any sort of network partly then the hackers will get the opportunity
to grasp over the insecure network (Kimwele, 2014). Therefore, Aztek must keep an eye on
the system nodes whether they are connected as a whole and should check whether they are
partly connected or not, otherwise via those loopholes the hackers can enter the system.
ii. Developing network boundaries: The network boundaries are there to assure
security to the system and the database and to detect any defects within the security
framework model (Fenz et al., 2014). These are the controls that are used to filter out the
inbound and outbound traffic. The firewall is network boundary equipment and is used to
check the malicious data flow and in this way, the network must be governed.
iii. Using Secure Remote Access methods: Aztek should use the Virtual Private
Network as they are known to cater the secure channel via which they can carry on their
business operations. The Aztek clients can conduct all the financial activities in a safe and
secure manner, they can also protect and safeguard their system due to this secure channel
this approach (Dotcenko, Vladyko & Letenko, 2014). The outsourced tasks can be greatly
carried out significantly in a secure manner.
Thus to acquire the best possible benefits, the company needs to acquire the secure model
to develop effective service level agreement. This initiative can assist them to overcome the
challenges and assist to implement the best method by which the company can be highly
benefitted.
Control measures to mitigate the threats associated with Aztek
i. Managing an accurate inventory of control system devices: Aztek should not
allow their computer nodes to stay connected with any kind of wired or wireless network
partly if gets connected to any sort of network partly then the hackers will get the opportunity
to grasp over the insecure network (Kimwele, 2014). Therefore, Aztek must keep an eye on
the system nodes whether they are connected as a whole and should check whether they are
partly connected or not, otherwise via those loopholes the hackers can enter the system.
ii. Developing network boundaries: The network boundaries are there to assure
security to the system and the database and to detect any defects within the security
framework model (Fenz et al., 2014). These are the controls that are used to filter out the
inbound and outbound traffic. The firewall is network boundary equipment and is used to
check the malicious data flow and in this way, the network must be governed.
iii. Using Secure Remote Access methods: Aztek should use the Virtual Private
Network as they are known to cater the secure channel via which they can carry on their
business operations. The Aztek clients can conduct all the financial activities in a safe and
secure manner, they can also protect and safeguard their system due to this secure channel
14IT RISK MANAGEMENT
(Crossler et al., 2013). Aztek can safely use the printers and websites connecting to the
Internet due to this secured channel.
iv. Establishment of role-based access controls: The clients should be given certain
permission to use the database and system and that should not exceed. The employees should
also be given the permission to access the database according to their job role. In this way,
the hackers' entry can be checked to an extent. Thus Aztek can carry out their business
activities in a secure manner (AlHogail et al., 2015). This initiative also let us know that the
malicious activities of the hackers. Aztek can also utilize the logging capabilities and via this
method, Aztek can enhance their security in their office premises.
v. Use of strong passwords: The clients must act in a proactive manner while using
the Aztek system. They must utilize a password which is not predictable, cannot be guessed
easily and cannot be predicted so easily that is why the password which the clients set must
contain at least one big case letter, one small-case letter and one symbol, and the password
must be overall eight digits long. The password set by the clients cannot be anyone’s one
place or anyone’s name (Bell, Ndje & Lele, 2013). Thus setting a strong password they can
assure safety and security of them and also Aztek, otherwise, the weak password can lead to
vulnerabilities like hacking of one's personal data. Thus they all must be careful while
choosing the password for their system.
vi. Installation of antivirus software: Aztek must not deny the positive effect of
antivirus software. Aztek must choose antivirus software wisely otherwise there is a chance
their vital data can get breached. They must know that the antivirus software is capable to
defend that malicious software those try to enter the system. The system can get overall
security due to the approach. They also should use the latest hardware, latest software and the
latest operating system as this can help them to achieve the goals. They also must update their
(Crossler et al., 2013). Aztek can safely use the printers and websites connecting to the
Internet due to this secured channel.
iv. Establishment of role-based access controls: The clients should be given certain
permission to use the database and system and that should not exceed. The employees should
also be given the permission to access the database according to their job role. In this way,
the hackers' entry can be checked to an extent. Thus Aztek can carry out their business
activities in a secure manner (AlHogail et al., 2015). This initiative also let us know that the
malicious activities of the hackers. Aztek can also utilize the logging capabilities and via this
method, Aztek can enhance their security in their office premises.
v. Use of strong passwords: The clients must act in a proactive manner while using
the Aztek system. They must utilize a password which is not predictable, cannot be guessed
easily and cannot be predicted so easily that is why the password which the clients set must
contain at least one big case letter, one small-case letter and one symbol, and the password
must be overall eight digits long. The password set by the clients cannot be anyone’s one
place or anyone’s name (Bell, Ndje & Lele, 2013). Thus setting a strong password they can
assure safety and security of them and also Aztek, otherwise, the weak password can lead to
vulnerabilities like hacking of one's personal data. Thus they all must be careful while
choosing the password for their system.
vi. Installation of antivirus software: Aztek must not deny the positive effect of
antivirus software. Aztek must choose antivirus software wisely otherwise there is a chance
their vital data can get breached. They must know that the antivirus software is capable to
defend that malicious software those try to enter the system. The system can get overall
security due to the approach. They also should use the latest hardware, latest software and the
latest operating system as this can help them to achieve the goals. They also must update their
15IT RISK MANAGEMENT
system and the database regularly along with that they must apply patches (Singh et al.,
2013). Thus it will help them to carry out their business activities in agile and effective
manner. The outdated software and hardware are threats to any system and Aztek is no
exception so they must be careful.
vii. Enforcing policies for mobile devices: The mobile devices must have an antivirus
installed and along with that the clients must use a strong password for the system. This can
save the sensitive information stored in the system by the installation of the aforesaid
approach.
viii. Cybersecurity team: The cybersecurity plays an important role to fight with the
hackers. The Aztek employees must know all the security measures as that will help them to
carry out their business operations in safe and secure manner. Any hackers if want to gain
entry to the system they can get to know the vulnerable attack and also about the vulnerable
network (Singh et al., 2013). The cybersecurity team thus can educate the Aztek employees
to conduct the business activities.
ix. Involving executives: The executives can prove to be beneficial while identifying
any cybersecurity risks erupt within the system; they can also help to connect to the
stakeholders (Bell, Ndje & Lele, 2013). The executives are aware of the cybersecurity threats
thus can provide best solutions to the check the IT risks and also this effective decision can
help them in the long run.
x. Implement a disaster plan beforehand: A disaster management plan must be made
as this can help to effectively run the business and to make best decisions, also the company’s
huge losses can be controlled (Bell, Ndje & Lele, 2013). Like any other organisations, a
disaster plan is absolute necessity for Aztek too.
system and the database regularly along with that they must apply patches (Singh et al.,
2013). Thus it will help them to carry out their business activities in agile and effective
manner. The outdated software and hardware are threats to any system and Aztek is no
exception so they must be careful.
vii. Enforcing policies for mobile devices: The mobile devices must have an antivirus
installed and along with that the clients must use a strong password for the system. This can
save the sensitive information stored in the system by the installation of the aforesaid
approach.
viii. Cybersecurity team: The cybersecurity plays an important role to fight with the
hackers. The Aztek employees must know all the security measures as that will help them to
carry out their business operations in safe and secure manner. Any hackers if want to gain
entry to the system they can get to know the vulnerable attack and also about the vulnerable
network (Singh et al., 2013). The cybersecurity team thus can educate the Aztek employees
to conduct the business activities.
ix. Involving executives: The executives can prove to be beneficial while identifying
any cybersecurity risks erupt within the system; they can also help to connect to the
stakeholders (Bell, Ndje & Lele, 2013). The executives are aware of the cybersecurity threats
thus can provide best solutions to the check the IT risks and also this effective decision can
help them in the long run.
x. Implement a disaster plan beforehand: A disaster management plan must be made
as this can help to effectively run the business and to make best decisions, also the company’s
huge losses can be controlled (Bell, Ndje & Lele, 2013). Like any other organisations, a
disaster plan is absolute necessity for Aztek too.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16IT RISK MANAGEMENT
Conclusion
It can be concluded from the above discourse that Aztek must adopt the cloud
technology for good. They also must be aware of the threats and vulnerabilities associated
with the system. They must be knowledgeable about the security measures that must be
applied to secure their database and the system. The security measures can also help them to
conduct business activities over the cloud platform. The cloud platform can cater them the
competitive edge to succeed in the business. Apart from this, they must abide by the SLA
factors and regulations to ethically and efficiently conduct IT services.
Conclusion
It can be concluded from the above discourse that Aztek must adopt the cloud
technology for good. They also must be aware of the threats and vulnerabilities associated
with the system. They must be knowledgeable about the security measures that must be
applied to secure their database and the system. The security measures can also help them to
conduct business activities over the cloud platform. The cloud platform can cater them the
competitive edge to succeed in the business. Apart from this, they must abide by the SLA
factors and regulations to ethically and efficiently conduct IT services.
17IT RISK MANAGEMENT
References
Ahmad, A., & Maynard, S. (2014). Teaching information security management: reflections
and experiences. Information Management & Computer Security, 22(5), 513-536.
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and
Communication Networks, 7(11), 2114-2124.
AlHogail, A. (2015). Design and validation of information security culture
framework. Computers in human behavior, 49, 567-575.
Ali, A., Warren, D., & Mathiassen, L. (2017). Cloud-based business services innovation: A
risk management model. International Journal of Information Management, 37(6),
639-649.
Almorsy, M., Grundy, J., & MĂĽller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Bell, B. G., Ndje, Y. J., & Lele, C. (2013). Information systems security management:
optimized model for strategy, organization, operations. American Journal of Control
Systems an Information Technology, (1), 22.
Bolton, P., Chen, H., & Wang, N. (2013). Market timing, investment, and risk
management. Journal of Financial Economics, 109(1), 40-62.
Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing:
Results from a case study of Swiss companies. International journal of information
management, 33(5), 726-733.
References
Ahmad, A., & Maynard, S. (2014). Teaching information security management: reflections
and experiences. Information Management & Computer Security, 22(5), 513-536.
Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk
assessment framework for cloud computing environments. Security and
Communication Networks, 7(11), 2114-2124.
AlHogail, A. (2015). Design and validation of information security culture
framework. Computers in human behavior, 49, 567-575.
Ali, A., Warren, D., & Mathiassen, L. (2017). Cloud-based business services innovation: A
risk management model. International Journal of Information Management, 37(6),
639-649.
Almorsy, M., Grundy, J., & MĂĽller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Bell, B. G., Ndje, Y. J., & Lele, C. (2013). Information systems security management:
optimized model for strategy, organization, operations. American Journal of Control
Systems an Information Technology, (1), 22.
Bolton, P., Chen, H., & Wang, N. (2013). Market timing, investment, and risk
management. Journal of Financial Economics, 109(1), 40-62.
Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing:
Results from a case study of Swiss companies. International journal of information
management, 33(5), 726-733.
18IT RISK MANAGEMENT
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4),
265-276.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management.
Cengage Learning.
Chen, Z., Han, F., Cao, J., Jiang, X., & Chen, S. (2013). Cloud computing-based forensic
analysis for collaborative network security management system. Tsinghua science and
technology, 18(1), 40-50.
Choo, K. K. R. (2014). A cloud security risk-management strategy. IEEE Cloud
Computing, 1(2), 52-56.
Cremonini, M. (2016). Cloud Security Risk Management. Cloud Computing Security:
Foundations and Challenges, 87.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R.
(2013). Future directions for behavioral information security research. computers &
security, 32, 90-101.
Dotcenko, S., Vladyko, A., & Letenko, I. (2014, February). A fuzzy logic-based information
security management for software-defined networks. In Advanced Communication
Technology (ICACT), 2014 16th International Conference on (pp. 167-171). IEEE.
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information
security risk management. Information Management & Computer Security, 22(5),
410-430.
Bromiley, P., McShane, M., Nair, A., & Rustambekov, E. (2015). Enterprise risk
management: Review, critique, and research directions. Long range planning, 48(4),
265-276.
Chance, D. M., & Brooks, R. (2015). Introduction to derivatives and risk management.
Cengage Learning.
Chen, Z., Han, F., Cao, J., Jiang, X., & Chen, S. (2013). Cloud computing-based forensic
analysis for collaborative network security management system. Tsinghua science and
technology, 18(1), 40-50.
Choo, K. K. R. (2014). A cloud security risk-management strategy. IEEE Cloud
Computing, 1(2), 52-56.
Cremonini, M. (2016). Cloud Security Risk Management. Cloud Computing Security:
Foundations and Challenges, 87.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R.
(2013). Future directions for behavioral information security research. computers &
security, 32, 90-101.
Dotcenko, S., Vladyko, A., & Letenko, I. (2014, February). A fuzzy logic-based information
security management for software-defined networks. In Advanced Communication
Technology (ICACT), 2014 16th International Conference on (pp. 167-171). IEEE.
Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current challenges in information
security risk management. Information Management & Computer Security, 22(5),
410-430.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19IT RISK MANAGEMENT
Goldstein, A., & Frank, U. (2016). Components of a multi-perspective modeling method for
designing and managing IT security systems. Information Systems and e-Business
Management, 14(1), 101-140.
Islam, S., Fenz, S., Weippl, E., & Kalloniatis, C. (2016). Migration Goals and Risk
Management in Cloud Computing: A Review of State of the Art and Survey Results
on Practitioners. International Journal of Secure Software Engineering (IJSSE), 7(3),
44-73.
Kimwele, M. W. (2014). Information technology (IT) security in small and medium
enterprises (SMEs). In Information Systems for Small and Medium-sized
Enterprises (pp. 47-64). Springer Berlin Heidelberg.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a
systematic literature review. In Future Information Technology (pp. 285-295).
Springer, Berlin, Heidelberg.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. CRC Press.
Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Goldstein, A., & Frank, U. (2016). Components of a multi-perspective modeling method for
designing and managing IT security systems. Information Systems and e-Business
Management, 14(1), 101-140.
Islam, S., Fenz, S., Weippl, E., & Kalloniatis, C. (2016). Migration Goals and Risk
Management in Cloud Computing: A Review of State of the Art and Survey Results
on Practitioners. International Journal of Secure Software Engineering (IJSSE), 7(3),
44-73.
Kimwele, M. W. (2014). Information technology (IT) security in small and medium
enterprises (SMEs). In Information Systems for Small and Medium-sized
Enterprises (pp. 47-64). Springer Berlin Heidelberg.
Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a
systematic literature review. In Future Information Technology (pp. 285-295).
Springer, Berlin, Heidelberg.
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. CRC Press.
Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. CRC Press.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
20IT RISK MANAGEMENT
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security
planning. Decision Support Systems, 55(1), 156-164.
Sennewald, C. A., & Baillie, C. (2015). Effective security management. Butterworth-
Heinemann.
Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information security
management (ism) practices: Lessons from select cases from India and
Germany. Global Journal of Flexible Systems Management, 14(4), 225-239.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
Wu, D. D., & Olson, D. L. (2015). Financial Risk Management. In Enterprise Risk
Management in Finance (pp. 15-22). Palgrave Macmillan UK.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.
Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security
planning. Decision Support Systems, 55(1), 156-164.
Sennewald, C. A., & Baillie, C. (2015). Effective security management. Butterworth-
Heinemann.
Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information security
management (ism) practices: Lessons from select cases from India and
Germany. Global Journal of Flexible Systems Management, 14(4), 225-239.
Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), 217-
224.
Wu, D. D., & Olson, D. L. (2015). Financial Risk Management. In Enterprise Risk
Management in Finance (pp. 15-22). Palgrave Macmillan UK.
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.