Desirable Future Technology Risk Management â€Myassignmenthelp.Com

Question: Discuss About The Desirable Future Technology Risk Management? Answer: Introduction There are numerous business set ups and units that have been established all across the world that carry out the business operations and activities as per their respective industry type. Some of these sectors are mandatory for every country and some may have a lesser significance as compared to the rest. One of the most significant, mandatory and crucial sectors is the finance sector upon which a major share of the economy is based upon. Aztek is the finance firm from Australia that has a good hold in the market and a decent customer base associated with it. As the business units expand, there comes an increased responsibility and accountability on the organizations to perform better and serve its customers in a better manner. With the business expansion, there are a few infrastructural, operational and technical issues that are being witnessed. It has become required to overcome these issues so that the business continuity and service quality is maintained. The suggestions have been given by the team of directors and leadership in this area including the concept of BYOD, deployment of cloud hosting services and outsourcing of IT functions. On the basis of the suggestions provided and the organizational issues, the project that has been selected is the use of BYOD scheme. Project Details Overview BYOD stands for Bring Your Own Devices and it is a scheme that allows the involvement of the devices owned by the office employees in the business units. One of the growing trends in the present times is that of IT consumerization. There are various mechanisms that are present which can be included to promote the same and BYOD is an initiative associated with IT consumerization. The use of technical gadgets is on a rise in the current times and there are individuals that own many such gadgets and devices. Some of the examples of these devices include mobile phones, desktops, laptops, modems, connecting wires, tablets etc. Most of these devices are portable in nature and be carried from one place to the other. BYOD allows the employees to bring such devices to office and use them to execute business activities, services, tasks and operations. The BYOD project will offer many benefits to the organization, its customers and its stakeholders as well. There will also be certain challenges and drawbacks that may come up. Project Review from Finance Service Sector The business functions and activities in the organizations are guarded and managed by certain guidelines and policies. In the finance sector also there are bodies and agencies that have been set up by the Government to control and monitor the associated operations. One such government body in Australia is termed as Australian Securities and Investments Commission (ASIC). This body regulates the corporate activities of the corporate organizations and firms. The set of rules, policies and laws that are stated by ASIC must be adhered and all the Australian financial firms shall comply with the same. In every business sector, the necessity to maintain and follow the ethical and professional guidelines is mandatory. Australia has specified all these guidelines for the business organizations under Australian Code of Conduct (ASC). The set of tasks that come under BYOD must also conform to the ASC codes. Aztek has the business domain as finance and the frequency of financial transactions and payments in the company is more in number as compared to the other organizations. All the electronic payments and the financial transactions that take place must comply with e-payments code that comes under the ASIC policies and framework. Security and privacy of information is necessary to be maintained and the same shall be made possible by adhering to the Intellectual Property and Privacy laws defined by the government and legal bodies of Australia. BYOD Description: Financial Aspects The objectives that have been defined by Aztek have customer satisfaction and engagement as the focal point. Some of the points under the business objectives are: The customers must be provided with the financial solutions that are reliable, accurate, quick and usable. The percentage of employee satisfaction and engagement with Aztek must not drop down and shall always be maintained. The percentage of customer satisfaction and engagement with Aztek must not drop down and shall always be maintained. The customers must be provided with the release and end products as per the promised delivery dates. All the projects that are taken up by Aztek also have the project goals which shall be in accordance with the goals of the firm to achieve strategic alignment. There are certain tools and applications that are complex in nature and it provides an advantage to the organization if such tools are tested and used by the resources prior to the actual usage. This leads to the deeper understanding and operational ease with the tool and also makes the resource comfortable with its usage leading to avoidance of errors and lesser execution time. The company tools will run on employee devices which will provide them with the ability to experience the functioning of the tools leading to better service execution and solution design. The complexity of operations and their execution will reduce leading to better productivity, efficiency and satisfaction for employees which will in turn improve customer satisfaction as well. The organizational activities and infrastructure will improve as there will be better communication and sharing along with better integration. In terms of the company budget and finances, the BYOD project will offer several advantages to Aztek. Currently, the devices that are used in the organization for the execution of business activities are procured by the organization from its share of expenses. This includes a huge investment for an organization that is under expansion. BYOD scheme will eliminate these costs which may be used in other activities. The employees will be able to explore the tools and application from off-the-office locations which will provide them with better operational ease leading to avoidance of operational costs due to errors, mistakes and reworks (Gessner, 2016). Testing is an activity that is a part of every project and the tools required for test execution and test creation may be different for every project. For instance, a project involving a mobile based financial solution may require different devices like Android based mobile device, iOS based mobile device, Windows based mobile device etc. with different screen sizes and resolutions. This will involve additional costs and the devices may not be required once the project is completed. These additional and unnecessary costs will be avoided after the use of BYOD scheme (Retailwire, 2016). Aztek IT Security Policies Procedures BYOD will offer many benefits and advantages to Aztek in terms of the ability to achieve the organization goals with ease, enhanced engagement of the customers and employees of the organization and many others. One of the major benefits as discussed under the financial aspect of the project above would be the elimination of unnecessary costs and expenses. These benefits will be abundant in number but there will also be many issues that will be related with BYOD in the areas of implementation, integration and usage. Security will be the main issue in this area and there will be numerous risks to the information and network security that might be witnessed. There are many threat and risk agents that will be the carriers of these security issues and these carriers will be required to be checked in all the measures that are implemented from the security point of view. Aztek has always been an organization that has made sure that the state of security in the organization and in association with the applications and services related with the organization are always maintained. BYOD scheme that has been selected for implementation is Aztek has its own set of security issues. The security policies of Aztek do not include the countermeasures that can be executed for the prevention and control of the BYOD related attacks and would be necessary to be updated. It would be required to first analyze the associated security risks and plan out the control, avoidance and prevention measures that shall be applied. The various forms of the risks and security attacks in association with the BYOD scheme can be categorized in three broad categories and areas viz. information security risks, risks to the device security and network security risks. The devices that the employees currently own were brought by them for the personal use. The security aspect of the personal activities and the professional activities are different from one another. There might be basic security precautions that the employee may have taken for the device protection which would not be sufficient for use in Aztek. Therefore, the IT Security team at Aztek must review the device from the security aspect and must also install the necessary security updates and tags for making the device fit to be used in the organization (Coleman, 2011). The security risks associated with the category of information and network security attacks must be controlled and avoided by using the technological tools and administrative checks. The disa ster recovery mechanisms must also be stated carefully. BYOD scheme is a new scheme that will be used in Aztek and the employees will also not be aware of the threats that they might bring along with the use of unsecure networks and applications. The device of the employees, such as the Smartphone will be used for many personal activities along with the professional tasks. There may be certain applications that may not be secure and may cause a negative implication on other applications or the security of the device. There may be malware attacks or eavesdropping activities that may take place. Also, the use of devices on the public Wi-Fi connections may also bring in many unknown risks to the employees Smartphone (Newton, 2015). The employees will be required to be provided with the information on the secure use of the device so that the applications and information related with Aztek is not impacted in a negative manner (Trendmicro, 2016). BYOD Scheme: Risk Assessment There are many risks that may take place in the organization and its associated applications. These risks may belong to different categories and one such category is the security risks (Crane, 2013). A security risk is defined as an occurrence which may lead to the compromise of the security of any of the component associated with the organization which may have serious implication. Process for Risk Management For the management of the risks that will emerge with the implementation of the BYOD scheme in Aztek, there is a process that has been defined to control, avoid, prevent and detect the risks. The process is termed as risk management and it is also one of the knowledge areas that come under the domain of project management. This process will provide the management and leadership with the guidelines and mechanisms on adequate management of the risks. Risk Management Process Risk identification shall be the first stage in the process of risk management and in this stage the security team, management and the IT team of the organization must create a list of sources from which they may attain maximum information on the probable risk areas (Capterra, 2016). A list of these risk areas along with the specific risk events shall be prepared in this stage (Berg, 2016). The risk areas and events that are identified shall then be assessed and their probability and implication on the organization and its components shall be calculated. The prioritization in terms of the treatment of the risk must also be calculated on the basis of the risk factors (Castsoftware, 2016). One the priority, impact and likelihood of the risk is assessed, the response and treatment strategy for the risks shall be calculated. These strategies shall be based upon the nature of the risk and the damage that it may cause. For instance, it would be best to avoid some of the risks while for the other risks the best possible treatment would be to accept or transfer the risk (Microsoft, 2016). The next set of phases shall focus upon the management and senior authorities to marketing that the risk is monitored and controlled by applying the treatment strategies and is also closed after completion (Vila, 2012). Risk Register The risk register that has been prepared for the BYOD project at Aztek includes the risks that have been identified and also suggests the best treatment and response strategy that can be applied for the control of the risk. The category of the risk along with their probability and impact has also been included in the register after the assessment of the risks on different parameters. Risk Name Risk Category Probability Risk Impact Risk Response Treatment Strategy Information Breaches Information Security Risk Moderate High The treatment strategy that shall be followed in this case shall be risk avoidance by using automated technical tools and administrative checks for information protection Information Leakage Information Security Risk Moderate High The treatment strategy that shall be followed in this case shall be risk avoidance by using automated technical tools and administrative checks for information protection (Informationweek, 2016) Loss of the Device Device Security Risk Low High Risk avoidance shall be used as the treatment strategy for this risk which shall be implemented by using device tracking tools, device safety tools and technical controls Message Media Alteration Information/Network Security Risk Moderate High The treatment strategy that shall be followed in this case shall be risk mitigation by enhancing the information integrity by using network safety tools (Grimes, 2016) SQL Injection Information Security Risk Moderate Moderate The treatment strategy that shall be followed in this case shall be risk avoidance by using automated technical tools and administrative checks for information protection (Usask, 2017) Flooding Attacks Information/Network Security Risk Moderate Moderate -High The treatment strategy that shall be followed in this case shall be risk avoidance by using automated technical anti-denial and intrusion detection tools for information and network protection (Stoneburner, 2002) Exploitation of Security Vulnerabilities Information/Network/Device Security Risk Moderate Moderate The treatment strategy that shall be followed in this case shall be risk avoidance by analyzing the security weaknesses and using the parameters and mechanisms for elimination of the same Malware Attacks and Injections Information/Network Security Risk Moderate Moderate-High The treatment strategy that shall be followed in this case shall be risk avoidance by using anti-malware tools and applications Spoofing Attacks Network Security Risk Low Moderate The treatment strategy that shall be followed in this case shall be risk mitigation by enhancing network management and control and creating alerts for the users in such an occurrence Man in the middle Attacks Network Security Risk Moderate Moderate The treatment strategy that shall be followed in this case shall be risk mitigation by enhancing network management and control and creating alerts for the users in such an occurrence Insider threats and attacks may also take place in Aztek in which the threat agents will be the employees. BYOD scheme is a new scheme that will be used in Aztek and the employees will also not be aware of the threats that they might bring along with the use of unsecure networks and applications. The device of the employees, such as the Smartphone will be used for many personal activities along with the professional tasks. There may be certain applications that may not be secure and may cause a negative implication on other applications or the security of the device. There may be malware attacks or eavesdropping activities that may take place. Also, the use of devices on the public Wi-Fi connections may also bring in many unknown risks to the employees Smartphone (Qld, 2016). There are two forms of insider threats viz. deliberate and accidental. The scenario just discussed is an example of the accidental threat as the employee was not aware of the risk and its impact. However, there may be selfish motives that may be involved and the employee may purposely transfer the information to the unauthorized entites (Markovic-Petrovic Stojanovic, 2014). Data Security for the BYOD Scheme An organization has many assets that it requires to manage. Some of these assets come under the category of critical assets and some are classified as non-critical assets. The security requirements of critical assets are more than the non-critical assets. Data and information are the organizational assets that are included in the critical assets classification and the security requirement of these assets is therefore very high (Scu, 2016). Aztek is carrying out its business since a long time and there are many projects that it handles. Due to the involvement of different clients and employees along with the execution of many projects simultaneously, there are huge data sets that the organization is required to manage securely. The data sets include the information from different categories, such as, confidential, public, sensitive, private etc (Test-institute, 2016). There are many risks to these data sets in terms of security and the primary reason of these risks is the involvement of different components and sources (Chapman, 2000). The security parameters and mechanisms that are applied for the private information and data set is different form a public data set or confidential data set. This may lead to the presence of security weaknesses and vulnerabilities. There are various operations that can be performed on the data and information sets. These operations may include the read only ability, modification or deletion of the data etc. The users that are allowed to execute these operations must be selected and provided with the privileges on the basis of the user type and the information category. All the modification, deletion and any of the updates on the data shall be allowed to be performed by the data administrator or the security manager only. This will avoid the attacks associated with integrity and availability of the data. The sensitive and confidential data sets shall be allowed to be accessed only by the CEO, Board of directors along with Security Manager and Database Administrator. The private data sets shall be accessible to be read by the stakeholders of the data and the data analysts. The public data sets must be allowed to be read by the stakeholders, data analysts, data scientists and data owners. Conclusion Aztek has decided to implement BYOD scheme in its infrastructure which would lead to various benefits and will also come up with certain issues. The use of technical gadgets is on a rise in the current times and there are individuals that own many such gadgets and devices. Some of the examples of these devices include mobile phones, desktops, laptops, modems, connecting wires, tablets etc. Most of these devices are portable in nature and be carried from one place to the other. BYOD allows the employees to bring such devices to office and use them to execute business activities, services, tasks and operations. BYOD will offer many benefits and advantages to Aztek in terms of the ability to achieve the organization goals with ease, enhanced engagement of the customers and employees of the organization and many others. One of the major benefits as discussed under the financial aspect of the project above would be the elimination of unnecessary costs and expenses. There will also be many issues that will be related with BYOD in the areas of implementation, integration and usage. Security will be the main issue in this area and there will be numerous risks to the information and network security that might be witnessed. There are many threat and risk agents that will be the carriers of these security issues and these carriers will be required to be checked in all the measures that are implemented from the security point of view. The various forms of the risks and security attacks in association with the BYOD scheme can be categorized in three broad categories and areas viz. information security risks, risks to the device security and network security risks. Insider threats and attacks may also take place in Aztek in which the threat agents will be the employees. For the management of the risks that will emerge with the implementation of the BYOD scheme in Aztek, there is a process that has been defined to control, avoid, prevent and detect the risks. The process is termed as risk management and it is also one of the knowledge areas that come under the domain of project management. This process will provide the management and leadership with the guidelines and mechanisms on adequate management of the risks. References Berg, H. (2016). Risk Management. Retrieved 25 September 2017, from https://ww.gnedenko-forum.org/Journal/2010/022010/RTA_2_2010-09.pdf Berg, H. (2010). Risk Management: Procedures, Methods and Experiences. Retrieved 25 September 2017, from https://ww.gnedenko-forum.org/Journal/2010/022010/RTA_2_2010-09.pdf Capterra,. (2016). Best Risk Management Software | 2016 Reviews of the Most Popular Systems. Capterra.com. civil-engineering 25 September 2017, from https://www.capterra.com/risk-management-software/ Castsoftware,. (2016). What is Software Risk How To Prevent Software Risk | CAST Software. Castsoftware.com. Retrieved 25 September 2017, from https://www.castsoftware.com/research-labs/software-risk Chapman, C. (2000). A desirable future for technology risk management. International Journal Of Risk Assessment And Management, 1(1/2), 69. https://dx.doi.org/10.1504/ijram.2000.001488 Cioupdate,. (2016). Effective Measures to Deal with Cloud Security -- CIO Update. Cioupdate.com. Retrieved 25 September 2017, from https://www.cioupdate.com/technology-trends/effective-measures-to-deal-with-cloud-security.html Coleman, T. (2011). A Practical Guide to Risk Management. Cfapubs.org. Retrieved 25 September 2017, from https://www.cfapubs.org/doi/pdf/10.2470/rf.v2011.n3.1 Crane, L. (2013). Introduction to Risk Management. Retrieved 25 September 2017, from https://extensionrme.org/pubs/IntroductionToRiskManagement.pdf Development, C. (2013). What are the 5 Risk Management Process Steps?. Continuing Professional Development. Retrieved 25 September 2017, from https://continuingprofessionaldevelopment.org/risk-management-steps-in-risk-management-process/ Dey, P. (2008). Risk management in information technology projects. International Journal Of Risk Assessment And Management, 9(3), 311. https://dx.doi.org/10.1504/ijram.2008.019747 Gessner, D. (2016). Towards a User-Friendly Security-Enhancing BYOD Solution. Retrieved 25 September 2017, from https://in.nec.com/en_IN/images/120324.pdf Grimes, R. (2016). The 5 cloud risks you have to stop ignoring. InfoWorld. Retrieved 25 September 2017, from https://www.infoworld.com/article/2614369/security/the-5-cloud-risks-you-have-to-stop-ignoring.html InformationWeek,. (2016). 9 Worst Cloud Security Threats - InformationWeek. InformationWeek. Retrieved 25 September 2017, from https://www.informationweek.com/cloud/infrastructure-as-a-service/9-worst-cloud-security-threats/d/d-id/1114085?page_number=2 Markovic-Petrovic, J., Stojanovic, M. (2014). An Improved Risk Assessment Method for SCADA Information Security. Elektronika Ir Elektrotechnika, 20(7). https://dx.doi.org/10.5755/j01.eee.20.7.8027 Microsoft,. (2016). Risk Management Process Overview. Technet.microsoft.com. Retrieved 25 September 2017, from https://technet.microsoft.com/en-us/library/cc535304.aspx Newton, P. (2015). Managing Project Risks. Retrieved 25 September 2017, from https://www.free-management-ebooks.com/dldebk-pdf/fme-project-risk.pdf Proconceptsllc,. (2016). Risk Radar Enterprise, Risk Management Software | Pro-Concepts LLC. Proconceptsllc.com. Retrieved 25 September 2017, from https://www.proconceptsllc.com/risk-radar-enterprise.html Qld,. (2016). Risks of cloud computing | Queensland Government. Business.qld.gov.au. Retrieved 25 September 2017, from https://www.business.qld.gov.au/business/running/technology-for-business/cloud-computing-business/cloud-computing-risks Retailwire,. (2016). Happiness Is Bringing Your Own Computer Devices to Work RetailWire. Retailwire.com. Retrieved 25 September 2017, from https://www.retailwire.com/discussion/16188/happiness-is-bringing-your-own-computer-devices-to-work Scu,. (2016). The Risk Management Process - Risk Management - SCU. Scu.edu.au. Retrieved 25 September 2017, from https://scu.edu.au/risk_management/index.php/8/ Stoneburner, G. (2002). Risk Management Guide for Information Technology Systems. Retrieved 25 September 2017, from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf Test-institute,. (2016). What Is Software Risk And Software Risk Management? - International Software Test Institute. Test-institute.org. Retrieved 25 September 2017, from https://www.test-institute.org/What_Is_Software_Risk_And_Software_Risk_Management.php Trendmicro,. (2016). BYOD - Consumerization of IT Mobility - Trend Micro USA. Trendmicro.com. Retrieved 25 September 2017, from https://www.trendmicro.com/us/enterprise/challenges/it-consumerization/ Uasask. (2017). IT Risk Management Procedure. Retrieved 25 September 2017, from https://www.usask.ca/ict/documents/IT%20Risk%20Management%20Procedure.pdf Vila, S. (2012). Risk Management Model in ITIL. Retrieved 25 September 2017, from https://fenix.tecnico.ulisboa.pt/downloadFile/395144242579/Risk%20management%20on%