IT Risk Management Assessment: National Australia Bank Case Study
VerifiedAdded on 2025/06/23
|18
|3693
|163
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
IT RISK MANAGEMENT ASSESSMENT ITEM 2
1
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction......................................................................................................................................3
Part 1................................................................................................................................................4
Plan, Develop and manage a security policy...................................................................................4
System access security policy......................................................................................................4
Develop system access security policy........................................................................................4
Manage system access security policy.........................................................................................5
Part B...............................................................................................................................................7
1. Introduction of National Australia Bank and its IT system.....................................................7
2. Risks involved in the IT system of National Australia Bank...................................................8
3. Consequence of risks...............................................................................................................9
4. Inherent risk assessment.........................................................................................................10
5. Mitigate the risk.....................................................................................................................11
6. Residual risk assessment........................................................................................................12
7. Create a Risk Register based on the risks identified in the IT systems and priorities of the
risk using a standardized framework such as the ANSI B11.0.TR3 Risk Assessment Matrix..12
Conclusion.....................................................................................................................................13
References......................................................................................................................................14
2
Introduction......................................................................................................................................3
Part 1................................................................................................................................................4
Plan, Develop and manage a security policy...................................................................................4
System access security policy......................................................................................................4
Develop system access security policy........................................................................................4
Manage system access security policy.........................................................................................5
Part B...............................................................................................................................................7
1. Introduction of National Australia Bank and its IT system.....................................................7
2. Risks involved in the IT system of National Australia Bank...................................................8
3. Consequence of risks...............................................................................................................9
4. Inherent risk assessment.........................................................................................................10
5. Mitigate the risk.....................................................................................................................11
6. Residual risk assessment........................................................................................................12
7. Create a Risk Register based on the risks identified in the IT systems and priorities of the
risk using a standardized framework such as the ANSI B11.0.TR3 Risk Assessment Matrix..12
Conclusion.....................................................................................................................................13
References......................................................................................................................................14
2
Introduction
It is important for managing the security policies and planning of an organization. The data
which have collected by the organization can help them to find out the previous track record of a
person. The below assignment would analyze the information technology system of a particular
organization. The assignment will also provide information for the different security policies that
can be considered as the security factors of the organization. The below report will also explain
the importance of online security system in the relation of providing better security to the data
which have collected by the organization.
3
It is important for managing the security policies and planning of an organization. The data
which have collected by the organization can help them to find out the previous track record of a
person. The below assignment would analyze the information technology system of a particular
organization. The assignment will also provide information for the different security policies that
can be considered as the security factors of the organization. The below report will also explain
the importance of online security system in the relation of providing better security to the data
which have collected by the organization.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Part 1
Plan, Develop and manage a security policy
System access security policy
The commonwealth government of Australia is developing a system access security policy for
the better management of patient’s health-related information. The system access security policy
can provide help to the organizations in accessing the important health-related data of their
patients. The proper security of information is an essential responsibility of an organization and a
system need to be developed by the organizations that can provide help in accessing the
important information about the patients (Agca, et. al., 2017). In the security policy of
commonwealth government Australia these three policies can be added:
Plan system access security policy: The commonwealth government of Australia is trying to
plan a system access security policy that can help them in accessing the data and information
regarding a patient. The system access security policy would protect the important data of the
patient and the website of the respective will also become protected from some unethical
activities like hacking. The commonwealth has launched it is "My health record" online security
system that can be used by the staff of the organization. in the planning of their system access
security policies they can take the following steps:
Creating broad policies: The commonwealth government of Australia needs to include
some broad policies for covering the different areas of the health industry of Australia.
Should be written: The security policies must be developed in a written format and need
to provide better guidelines to each member of the health care industry of Australia.
Beginning with a standard policy format: The process can become easier if the
government uses a standard format for the policies.
Involving employees: The security policies need to be followed by the employees so, it
is important to support the employees while planning the system accessing security
policies.
4
Plan, Develop and manage a security policy
System access security policy
The commonwealth government of Australia is developing a system access security policy for
the better management of patient’s health-related information. The system access security policy
can provide help to the organizations in accessing the important health-related data of their
patients. The proper security of information is an essential responsibility of an organization and a
system need to be developed by the organizations that can provide help in accessing the
important information about the patients (Agca, et. al., 2017). In the security policy of
commonwealth government Australia these three policies can be added:
Plan system access security policy: The commonwealth government of Australia is trying to
plan a system access security policy that can help them in accessing the data and information
regarding a patient. The system access security policy would protect the important data of the
patient and the website of the respective will also become protected from some unethical
activities like hacking. The commonwealth has launched it is "My health record" online security
system that can be used by the staff of the organization. in the planning of their system access
security policies they can take the following steps:
Creating broad policies: The commonwealth government of Australia needs to include
some broad policies for covering the different areas of the health industry of Australia.
Should be written: The security policies must be developed in a written format and need
to provide better guidelines to each member of the health care industry of Australia.
Beginning with a standard policy format: The process can become easier if the
government uses a standard format for the policies.
Involving employees: The security policies need to be followed by the employees so, it
is important to support the employees while planning the system accessing security
policies.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Being updated: The system polices must be updated at a different time and the
government of Australia need to update their policies according to the different
circumstances.
Providing training to the employees: Only having policies is not enough but the health
care industry of Australia need to make their employees trained for the system access
security policies (Garcia, et. al., 2017).
Develop system access security policy: After planning about the security access security policy
the commonwealth government of Australia needs to develop a better system access security
policy. The commonwealth government of Australia can take these following steps to develop
better system access security policy:
It is important to talk with the other members of the organization and those could be
security auditors because they can better conclude the needs of security.
Observing the technologies that the organization will use in their environment. For
example; if the system of organization is connected with the internet then it becomes
necessary to protect the internet from the outside users.
Determining the overall approach of security as follow
Strict: To know the security scheme it is necessary to include a strict policy.
Average: The average security policy gives users access to objects and it can be
based upon the authority which was provided to the employees.
Relaxed: in this kind of environment the commonwealth government of Australia
can allow the users to access more objects from the system.
Creating a full statement regarding security. The security policy needs to state the overall
approach of what kind of assets required protection.
The government can develop a draft of its security policy
The additional notes can be made by the commonwealth government Australia.
Manage system access security policy
It is important for the commonwealth government of Australia to develop better management of
security policies and for managing the security policies in a better way the respective
government can make use of following access control methods:
5
government of Australia need to update their policies according to the different
circumstances.
Providing training to the employees: Only having policies is not enough but the health
care industry of Australia need to make their employees trained for the system access
security policies (Garcia, et. al., 2017).
Develop system access security policy: After planning about the security access security policy
the commonwealth government of Australia needs to develop a better system access security
policy. The commonwealth government of Australia can take these following steps to develop
better system access security policy:
It is important to talk with the other members of the organization and those could be
security auditors because they can better conclude the needs of security.
Observing the technologies that the organization will use in their environment. For
example; if the system of organization is connected with the internet then it becomes
necessary to protect the internet from the outside users.
Determining the overall approach of security as follow
Strict: To know the security scheme it is necessary to include a strict policy.
Average: The average security policy gives users access to objects and it can be
based upon the authority which was provided to the employees.
Relaxed: in this kind of environment the commonwealth government of Australia
can allow the users to access more objects from the system.
Creating a full statement regarding security. The security policy needs to state the overall
approach of what kind of assets required protection.
The government can develop a draft of its security policy
The additional notes can be made by the commonwealth government Australia.
Manage system access security policy
It is important for the commonwealth government of Australia to develop better management of
security policies and for managing the security policies in a better way the respective
government can make use of following access control methods:
5
Mandatory access control: This is a security model in which the right of access can be
regulated by a central authority based on the multiple levels of security. The
commonwealth government of Australia can use this access control method. The example
could be security Enhanced Linux is the implementation of MAC on the Linux operating
system.
Role-based access control: It is a widely used access control method that makes control
of accessing the resources based on individuals and groups with definite business
functions.
Use of access control
The use of access control can minimize the risk of unlawful access to a physical and logical
system. It is the fundamental constituent of security fulfillment programs that can ensure the
security technologies and make sure that the security policies are in place to defend private
information such as patient data. The access control system can become difficult to manage in
the present dynamic environment of the IT industry. The commonwealth government of
Australia can take control of getting better security regarding the data of patients.
Implementing access control
The access control is a process that is incorporated into the IT environment of the
commonwealth government of Australia. It can include identity and access management system.
This system supplies access control software, the database of a user and the tools of management
for access control of policies, auditing, and enforcement. The commonwealth government of
Australia can apply these access controls for making a better-controlled patient's data and
information. These access controls can provide better security to their new online security portal
“My health record”.
6
regulated by a central authority based on the multiple levels of security. The
commonwealth government of Australia can use this access control method. The example
could be security Enhanced Linux is the implementation of MAC on the Linux operating
system.
Role-based access control: It is a widely used access control method that makes control
of accessing the resources based on individuals and groups with definite business
functions.
Use of access control
The use of access control can minimize the risk of unlawful access to a physical and logical
system. It is the fundamental constituent of security fulfillment programs that can ensure the
security technologies and make sure that the security policies are in place to defend private
information such as patient data. The access control system can become difficult to manage in
the present dynamic environment of the IT industry. The commonwealth government of
Australia can take control of getting better security regarding the data of patients.
Implementing access control
The access control is a process that is incorporated into the IT environment of the
commonwealth government of Australia. It can include identity and access management system.
This system supplies access control software, the database of a user and the tools of management
for access control of policies, auditing, and enforcement. The commonwealth government of
Australia can apply these access controls for making a better-controlled patient's data and
information. These access controls can provide better security to their new online security portal
“My health record”.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Part B
Conducting a Risk assessment
1. Introduction of National Australia Bank and its IT system
The National Australia Bank is one of the fourth largest financial institutions of Australia in
provisions of market capitalization, earning and consumers. The national Australian Bank was
ranked as 21st largest bank in the world. As per the measurement of total assets the organization
was ranked 50th largest bank in the world. As per the report of 2014, National Australia Bank
was operated 1590 service center and branches. The organization is having almost 4, 412 ATM’s
across Australia, New Zealand and Asia and the organization are serving almost 12.7 million
consumers. The national Australia bank was introduced as National commercial Banking
Corporation of Australia Limited in the year of 1982. It was formed by the merger of National
Bank of Australasia and the commercial banking company of Sydney. The company which was
founded after the result was National Australian Bank. The delayed financial base of the
compound article activated important offshore development over the resulting year. The
representative officers of the respective organization were appointed in Chicago, Beijing, Dallas,
Shanghai, and many more countries. Many other equations which were followed by the
organization were –Bank of New Zealand in the year of 1992 and the organization covered
almost 26% market shares of the New Zealand market. National Australia Bank has also
involved its operations in the US and closed its offices from Chicago, Atlanta, Dallas, San
Francisco and Houston in the year of 1991 (Trounson and DeWitt, 2016).
The IT system
The National Australia Bank is a financial services organization which includes almost 40,000
employees in their organization. There are almost 1, 800 branches of this organization and
service center. These service center and organization is responsible for providing quality services
to almost 4, 60, 000 shareholders. The information technology system of this organization is very
rapid and efficient. The business analysis is using by the organization for the better flow of
information in the environment of National Australia Bank. The IT business analyst can analyze
the hardware, software and IT services in the organization. The flow of data system of national
Australia Bank was a point to point solution. The organization is using the computer system to
7
Conducting a Risk assessment
1. Introduction of National Australia Bank and its IT system
The National Australia Bank is one of the fourth largest financial institutions of Australia in
provisions of market capitalization, earning and consumers. The national Australian Bank was
ranked as 21st largest bank in the world. As per the measurement of total assets the organization
was ranked 50th largest bank in the world. As per the report of 2014, National Australia Bank
was operated 1590 service center and branches. The organization is having almost 4, 412 ATM’s
across Australia, New Zealand and Asia and the organization are serving almost 12.7 million
consumers. The national Australia bank was introduced as National commercial Banking
Corporation of Australia Limited in the year of 1982. It was formed by the merger of National
Bank of Australasia and the commercial banking company of Sydney. The company which was
founded after the result was National Australian Bank. The delayed financial base of the
compound article activated important offshore development over the resulting year. The
representative officers of the respective organization were appointed in Chicago, Beijing, Dallas,
Shanghai, and many more countries. Many other equations which were followed by the
organization were –Bank of New Zealand in the year of 1992 and the organization covered
almost 26% market shares of the New Zealand market. National Australia Bank has also
involved its operations in the US and closed its offices from Chicago, Atlanta, Dallas, San
Francisco and Houston in the year of 1991 (Trounson and DeWitt, 2016).
The IT system
The National Australia Bank is a financial services organization which includes almost 40,000
employees in their organization. There are almost 1, 800 branches of this organization and
service center. These service center and organization is responsible for providing quality services
to almost 4, 60, 000 shareholders. The information technology system of this organization is very
rapid and efficient. The business analysis is using by the organization for the better flow of
information in the environment of National Australia Bank. The IT business analyst can analyze
the hardware, software and IT services in the organization. The flow of data system of national
Australia Bank was a point to point solution. The organization is using the computer system to
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
store, transmit and manipulate the data of their consumers (Hirakawa, et. al., 2016). The
communication system of this organization is also included as the information technology system
of the organization. In the information technology system of National Australia Bank the
management is using the following technology for the better flow of available information:
Microsoft SQL server for ADR performance, operational data store, and data mart
database
Microsoft SQL server incorporation services for remove, transform and load.
Microsoft excel for ad hoc reporting, ETL processes which were developed to consume
data same as the system.
2. Risks involved in the IT system of National Australia Bank
In the information technology system of national Australian bank the following risk could be
involved:
General IT risks
Hardware and software failure: The system failure can be happened by software failure
or hardware related issues. The respective organization can face this situation and it can
become a cause of reboot, freeze and the system can stop working (Gul and Guneri,
2016).
Viruses: The different kind of viruses can damage the information technology of the
National Australian Bank. The viruses are referred to the computer codes that can copy
themselves and can spread from one computer to another. These viruses can damage the
operations of a computer.
Human errors: The wrong data processing, careless data removal or unintentional
opening of impure attachments of e-mail can harm the informational technology of
National Australia Bank (Mogensen, et. al., 2016).
Criminal IT Threats
8
communication system of this organization is also included as the information technology system
of the organization. In the information technology system of National Australia Bank the
management is using the following technology for the better flow of available information:
Microsoft SQL server for ADR performance, operational data store, and data mart
database
Microsoft SQL server incorporation services for remove, transform and load.
Microsoft excel for ad hoc reporting, ETL processes which were developed to consume
data same as the system.
2. Risks involved in the IT system of National Australia Bank
In the information technology system of national Australian bank the following risk could be
involved:
General IT risks
Hardware and software failure: The system failure can be happened by software failure
or hardware related issues. The respective organization can face this situation and it can
become a cause of reboot, freeze and the system can stop working (Gul and Guneri,
2016).
Viruses: The different kind of viruses can damage the information technology of the
National Australian Bank. The viruses are referred to the computer codes that can copy
themselves and can spread from one computer to another. These viruses can damage the
operations of a computer.
Human errors: The wrong data processing, careless data removal or unintentional
opening of impure attachments of e-mail can harm the informational technology of
National Australia Bank (Mogensen, et. al., 2016).
Criminal IT Threats
8
Hackers: Hackers are the people who illegally break into the computer system and these
people can negatively harm the information technology system of the respective
organization.
Fraud: The computer can be used by the users to modify the data for their illegal
benefits.
Password theft: The passwords can be theft by the hackers and the information can be
used negatively.
Denial-of- service: The National Australia Bank can receive some online attacks that
stop the access of website for the authorized user.
Security breaks: it could be the physical breaks as well as the online breaks.
Staff dishonesty: sometimes the staff can become dishonest towards the organizational
responsibilities and they can theft some important information of the organization. The
theft of consumer data can be a cause of staff dishonesty (Cumberbatch, et. al., 2016).
9
people can negatively harm the information technology system of the respective
organization.
Fraud: The computer can be used by the users to modify the data for their illegal
benefits.
Password theft: The passwords can be theft by the hackers and the information can be
used negatively.
Denial-of- service: The National Australia Bank can receive some online attacks that
stop the access of website for the authorized user.
Security breaks: it could be the physical breaks as well as the online breaks.
Staff dishonesty: sometimes the staff can become dishonest towards the organizational
responsibilities and they can theft some important information of the organization. The
theft of consumer data can be a cause of staff dishonesty (Cumberbatch, et. al., 2016).
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3. Consequence of risks
(Source: hsewatch.com, 2019)
The above risk assessment tool can analyze the level of risk included in the environment of the
National Australia Bank. It plots the likelihoods of the risks against the harshness of the effect.
The risk assessment matrix can be in the form of a table and the National Australian Bank can
use this matrix for knowing the level of risk involved in their organization. There can be four
colors in this table that show the segmentation of different risks involved in the respective
organization. In the risk matrix table, green color indicates the low level of risks involved in
national Australia Bank. The yellow color shows the consequences of medium risks involved in
the organization (Grimmer, et. al., 2014). The organization can take some kind of reasonable
steps for this kind of risks. These risks cannot be involved as the urgent risks. The orange color is
an indicator of higher risk which can be involved in the respective organization. The
management of NAB needs to take necessary actions against these kinds of risks. In the end, the
risks highlighted with red color are the extreme risks involved in the organization. These are the
critical risks and the organization needs to take immediate actions against these kinds of risks.
The national Bank of Australia can use the risk matrix to differentiate the level of risks involved
10
(Source: hsewatch.com, 2019)
The above risk assessment tool can analyze the level of risk included in the environment of the
National Australia Bank. It plots the likelihoods of the risks against the harshness of the effect.
The risk assessment matrix can be in the form of a table and the National Australian Bank can
use this matrix for knowing the level of risk involved in their organization. There can be four
colors in this table that show the segmentation of different risks involved in the respective
organization. In the risk matrix table, green color indicates the low level of risks involved in
national Australia Bank. The yellow color shows the consequences of medium risks involved in
the organization (Grimmer, et. al., 2014). The organization can take some kind of reasonable
steps for this kind of risks. These risks cannot be involved as the urgent risks. The orange color is
an indicator of higher risk which can be involved in the respective organization. The
management of NAB needs to take necessary actions against these kinds of risks. In the end, the
risks highlighted with red color are the extreme risks involved in the organization. These are the
critical risks and the organization needs to take immediate actions against these kinds of risks.
The national Bank of Australia can use the risk matrix to differentiate the level of risks involved
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
in their organization and they can take necessary steps for resolving those risks (Sadgrove,
2016).
11
2016).
11
4. Inherent risk assessment
There could be some of the multifaceted transactions of National Australia Bank that required
judicious experiences of an accounted. There is a need for knowledge and judgment to be
evidence. These transactions could become a barrier in front of the respective organization. The
risk that may be exclusion or barrier in the financial statement of an organization even after the
implementation of control is called inherent risk (Saitta, et. al., 2017).
Assessment of inherent Risk
The independent review of the financial statement of an organization and its financial practices is
called financial audit. The major purpose of the financial audit is to make sure that the
information captured into the financial report is adequate and right. The auditor is responsible for
reducing the inherent risk from the organization. Various factors can provide an effect on the
inherent risk of the organization. Here are those factors:
Business nature: The nature of business affects on the transactional complexity of the
organization. The associations in which the transaction of goods and services happens
rapidly majorly face the level of inherent risks in their organization. The organizations
that deal regularly with patent and logical property may having the complex transactions
External environment: business transactions could be affected by several kinds of
external environments. These factors could be generic economical situations, movements
of currency and different rates of interest. These factors can provide an impact on the
availability of investments of the organization (Gottschalk and Nowack, 2016).
12
There could be some of the multifaceted transactions of National Australia Bank that required
judicious experiences of an accounted. There is a need for knowledge and judgment to be
evidence. These transactions could become a barrier in front of the respective organization. The
risk that may be exclusion or barrier in the financial statement of an organization even after the
implementation of control is called inherent risk (Saitta, et. al., 2017).
Assessment of inherent Risk
The independent review of the financial statement of an organization and its financial practices is
called financial audit. The major purpose of the financial audit is to make sure that the
information captured into the financial report is adequate and right. The auditor is responsible for
reducing the inherent risk from the organization. Various factors can provide an effect on the
inherent risk of the organization. Here are those factors:
Business nature: The nature of business affects on the transactional complexity of the
organization. The associations in which the transaction of goods and services happens
rapidly majorly face the level of inherent risks in their organization. The organizations
that deal regularly with patent and logical property may having the complex transactions
External environment: business transactions could be affected by several kinds of
external environments. These factors could be generic economical situations, movements
of currency and different rates of interest. These factors can provide an impact on the
availability of investments of the organization (Gottschalk and Nowack, 2016).
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.