IT Risk Management Project on Aztek

Question: Discuss about the IT Risk Management Project on Aztek. Answer: IT risk assessment on BYOD within Aztek Financial Services Sector Review In this report, the primary aim is presented to demonstrate the BYOD scheme in projects and its risk management. Risk management is to be conducted with financial services sector reviewing, security requirements, threats identification, and data security risk management. Moreover, these individual sections should be considered with maintaining policy guidelines with necessary initiatives. The risks should be prepared with identifying its severity, impact, likelihood and prioritized mitigation as well (Garcia et al., 2014). The financial sector generally suggests configuring some guidelines to save expenditure and money for integrating it in nay organization. The BYOD strategy is quite efficient with mandatory policy follow-up. Therefore, in this report, the primary risk lies in security and protection concern. As BYOD deals with individual and personal device, security requirements should be enforced among the stakeholders (Bouvain, Baumann Lundmark, 2013). First, the security conce rns are identified as risks from the assessment results and further, the changes were introduced in the study for mitigating them systematically. Most evidently, organizations consider BYOD strategy as saving expenditure with passing their hardware utilization cost and monthly services to the users. To some extent, the finance department should consider some concerns as primary with ensuring limited cost escalation (Fletschner Kenney, 2014). However, the reimbursement should be typically addressed to the eligible devices, conditions for reimbursement, limitations of reimbursement, and monthly stipend amounts. The financial sector should consider the following: Device and Repair Expenditure: The employees should pay for device cost, maintenance, and any repair cost typically (Mols, 2013; Franchoo Pollard, 2012). Moreover, individual employees should be responsible for replacing the devices in terms of most common cases of lost and found. Voice and Data Plan Cost: There are some existing types of cost for payment in BYOD strategy. Some organizations prefer to pay monthly allowance or stipend to the employees for contributing regarding specific data and voice plan. Some organizations entirely pay for the plans whereas, some approach to specific sets of users as managers, executives, and employees (Frame White, 2014). Some of the organizations do not bear any reimbursement cost, they allows a general Wi-Fi connection for employees and allows employees to tether in mobile data plan. In general, the recommendation should be put as not providing any expenses in this aspect as costs can be getting out of control (Chen Zhao, 2012). It is much important considering country wise topics as tax regulations, local service provider contracts, and others. Roaming Charges Responsibility: The roaming charges should be identified as one of the significant risks for any telecom expense management. Telecom expense should avoid this risk as it is a part of EMM solution (Garcia et al., 2014). Moreover, the organizations contact users directly and proactively take notifications from them to avoid device-roaming-state costs. High billing and expenditure can be avoided in this manner. Offer for iTunes Purchases Reimbursement: iTunes is not allowed from most of the organizations for individual applications through it. However, with iTunes and Apples bulk purchasing program, the corporate distribution can purchase most applications and can manage them in EMM tool (Bouvain, Baumann Lundmark, 2013). Mostly, the licensing plan can be beneficial with groups of employees for adoption. For one-off applications, the expense approval can be accepted from manager. Support Cost and Expenditure: The support for Information Technology organizations is identified as community-based approach with offering self-service wikis and up-front support system (Chen Zhao, 2012). The Information Technology support should be responsible for corporate applications, e-mail and calendar software support. Accessories Reimbursement: The personal device accessories should be as per individual responsibility. As individual employee should choose their accessories as their choice; therefore, this cost is solely dependent on employees. Security Posture Review BYOD is one of the most effective and innovative technological advancement of IT that is providing several benefits to the business organizations. Aztek is also implementing this approach within their organization in order to make their positioning better in the financial marketplace (Aebi et al., 2012). In contrast with this scenario, the organization might be facing some of the technological challenges within their premises (Bessis O'Kelly, 2015). When it comes the impact of BYOD within the financial institution or organization these challenges can be classified into four various domains. These are explained as follows: Regulatory environment and financial organization The financial data disclosure is one of the effective aspects that must be regulated within any financial organizations. In contrast with the contemporary situation of Aztek, it is found that the organization is almost providing all the details to their organizational members in order to do their business processes (Bolton et al., 2013). This aspect makes the organization weak in comparison with their competitors. The disclosure of the share values and other financial data to the their competitors make them fall in difficult situation. Mitigation Technique: Mobile life cycle management is only way to reduce this risk from the financial organization. Aztek can implement applications that will be proving security to the organizational data and networks (Chance Brooks, 2015). These policies implementation will be helpful in reducing the risks and other challenges related to BYOD. Business content, device security and business application access BYOD allows the resources and financial data of the Aztek to be shared among the employees of the organization. This introduces the chances of the data leakages and misuses of the organization as well a financial data to be misused (Christoffersen, 2012). This reduces the efficiency and impact of the organization within the target market. The chances of risks and data thefts are increased with the concerned aspects. Mitigation Technique: According to the IDC's U.S. Mobile Enterprise Services Survey done it is found that the financial organizations should secure the mobile access of their employees to their organizational resources in order to misuse or any other kind of usages. This will reduce the impact of the IT risks on the concerned platform of Aztek. These aspects not only focus on the BYOD perspectives but also it tries to focus on the applications that are used by the employees for doing their business operations or their personal searches and details findings. Maintenance of updates and change in policies BYOD is getting popular among all the business sectors; the financial sector is not an exception in this list (Cole et al., 2013). The financial sector is experiencing a massive move to the digital transformation. Aztek is also introducing this innovative technological advancement within their organization. they are trying to implement these updated version of the technological advancement in order to make more money within their concerned target market. This aspect is making the privacy and security of financial data a question (DeAngelo Stulz, 2015). Aztek is implementing the BYO within their concerned organizational structure but they are not aware of the security challenges of these technological advancements. Lack of knowledge in information system, data availability, confidentiality and other important aspects that must be considered in case of the BYOD is casing the disturbed structure of information system in Aztek. Mitigation Technique: In contrast with the problematic situations highlighted for the concerned aspect it is clear that Aztek should include the professional and consulting service for BYOD risk mitigation. In addition to this, this above mentioned policy will not only improve the situation but also it helps in maintaining the life cycle management within the organization (Dorfman Cather, 2012). In contrast with the risk, it is found that this group can also create and implement an organizational strategy for managing the BYOD risks within the Aztek. Management of financial implications related to data and voice usages The use of the personal devices for managing the financial details and data within Aztek involves the easy of operating and dividing the workload among the concerned employees. With the help of this system architecture, the employees can easily manage their personal and professional life as well (Fertis et al., 2012). In contrast with the situation this aspect has benefitted the organization by giving the chance of retaining to the employee but this flexibility includes the a problem related to the management of the business and personal content within the personal devices of the employees. There are the segment highlighted that the voice and data spend on the employee devices or more specifically phones are increasing the operating expenses of Aztek. This critical aspect introduces a threat that the employees are misusing the organizational resources through their personal devices (Glendon et al., 2016). Mitigation Technique: There are several technologies that can be used in finding the solution for the above mentioned problem within the Aztek workplace. That is ATT data solution, which can be applied at the application level for restricting the employees in using the voice and data content while accessing the non-business content during the business operations (Hopkin, 2014). This solution is trusted for its support from the enterprise mobility management solution providers to Aztek. Threats, Vulnerabilities and Consequences Assessment Threats in BYOD platform The BYOD is one of the most effective technological advancements that is improving the database management within the financial organizations (Hu, 2016). Though there are several advantages of BYOD, still several aspects are challenging the BYOD platform in improving the stages of technological development. These threats are described as follows: Increased chances of data leakage: As the workplace is entirely dependent on the mobile devices the chances of data leakage is being increased (Hull, 2012). In addition to this, the concerned scenarios of the Aztek it is found that all the financial document and resources are being shared with the employees as well their personal devices so the chances of misusing the organizational data s well as financial data is increased (Ittner Keusch, 2015). Whenever the personal devices are connected with organizational network and other uses the organizational data for business perspectives as well as to satisfy their own needs they misuse those data and Aztek faces the threats of data leakage from the organizational workplace. Mixing of personal and business data: One of the most massive threats in the workplace of the Aztek is that the organization is that all the organizational and financial data is being stored in a same device (Lam, 2014). Therefore, in contrast with this kind of situation it is found that there are certain kinds of data that can be released in front of the audience or to the eternal world, which is not good for the development of the organization. Therefore, this case needs to be protected. Mobile devices introduce the most effective threat that is the threat of malware detection within the personal devices that may be introduced by the hackers or outsiders of the organization. IT infrastructure: Another most effective threat of Aztek is the IT infrastructure. This aspect is very important in order to maintain the organizational context as well as the IT system architecture of the Aztek. The CIO of the organization needs to maintain the IT infrastructure in order to make all the information system operation perfectly (McNeil et al., 2015). Poor structure of the Information system results into the high impact of the threats on the organizational objectives and goal. Malicious Applications: As the employees are using their personal devices in order to maintain the business operations, this aspect introduces several negative impacts on the organizational objectives (Pritchard PMP, 2014). They members use many applications for their personal usages that may affect the organizational data or financial data of Aztek. BYOD increases challenges concerned with the scenario of the information system. Vulnerabilities of BYOD BYOD is the technological advancement that allows the employees to bring their own device into the workplace in order to do the business requirements (Sodhi t al., 2012). They feel easy to maintain these business operations from their home as well with the help of this policy approved by the Aztek. Previously the financial sectors faced so many problems due to making impossible collaborations possible but after the implementation of the BYOD, structure within Aztek the organization felt so many positive aspects in contrast with their demands and core objectives (Sadgrove, 2016). In contrast with the contemporary scenario of Aztek it is found that the organization is facing so many problems only because of the impact of BYOD in the organization. For the above mentioned aspects the organization needs to analyze the vulnerabilities of the BYOD with respect to their organizational objectives. These vulnerabilities are explained as follows: The biggest problem associated with the BYOD platform is that the BYOD philosophy cannot resists all the inappropriate text, images and other resources that is found in the web content (Soin Collier, 2013). All of these aspects are transmitted along with the information of the concerned organization that is not good for the development of the organization. Another disability of the BYOD is that it cannot also restrict the gaming with the help of the filtering process (Aebi et al., 2012). The so the organizational resources and financial data can also be leaked through the gamming adds provided by the sites. As the employees of the Aztek are fond of using the technological solutions with the help of BYOD it becomes very difficult to make the relation with the employees and with the higher authorities of the organization (Bessis O'Kelly, 2015). This aspect makes the internal bonding weak of the organization. This aspect makes the organization a weak performer in the competitive market. Aztek is one financial organization that has to manage the organizational data with very efficiency (Bolton et al., 2013). The misuse of the financial data may results into the reduction of organizational values. Most of the time, the members use the organizational resources to satisfy their own needs while managing the business aspects. Another major vulnerabilities concerned with the use f BYOD within the organizational perspectives it is found that the organization can face many loss, theft of data and other aspects that may impact on the organizational values and objectives. There are chances of network misuse by the organizational members. This aspect make the organizational members to attack the organizational resources (Chance Brooks, 2015). Consequences of BYOD from IT Risk Control Framework Consequences of the IT control framework that will be measuring the impact of the BYOD on the organizational structure are very important in order to maintain the organizational development (Christoffersen, 2012). The context of the BYOD within Aztek can be explained with the help of the ITIL framework. This framework uses following aspects as the elements: Strategy: This stage of the control framework is necessary in order to check the strategic nature of the IT structure is being used within any organization. This relates the risks and other vulnerabilities that may be caused due to this aspect (Cole et al., 2013). In case of Aztek, using the ITIL framework will be helpful in recognizing the problems. Design: The designing aspect can be easily discussed with the help of the analyzing the design of the BYOD structure and its implications within the Aztek. Transition: Transition is the phase where the control framework can check the transformation of the data and other important aspect that is being related to the BYOD within Aztek. Operation: The operation is one of the most important stages of the IT risk-controlling framework. This stage assures about the operating measures within the context of the BYOD (DeAngelo Stulz, 2015). This aspect mainly supports the various aspect that must be elaborated for the structuring the implementation of the BYOD with respect to the Aztek. Continual improvements: Continual improvements are also necessary in order to maintain the improvements within the risk assessment and management techniques. Recommendations for the Aztek Following recommendations can be given in order to maintain the risk assessment and control measures within Aztek: The risk oversight determination of the BYOD risk factors can be helpful in mitigating those risks. Enhancement of the risk intelligence within the organization can be improvised. Reason behind the risks can be identified with respect to the organization improvements. Entity risk-assessment process for managing the IT risks can be helpful for Aztek. In contrast with the situation of the Aztek, proper communication measures can be helpful in finding the solutions of BYOD issues within the organization. Data Security The data security for BYOD management is always stated as making employees being under watch as well as making them uncomfortable. Mostly, the perception of data security should be ensured for enhanced productivity and rather without hampering the BYOD implementation policy (Sood, 2012; Rewagad Pawar, 2013). Therefore, there are some ways to protect the security and privacy of the employees in order to ensure corporate data under the personal devices as well. The security procedures should include the following: Data privacy and Prime Importance Investigation: The data under BYOD policy should be considered with access rights. The employees should know to what extent they are able to access the data and as well they should be fully aware about it (Zhu et al., 2014). Mostly, the data legislation varies from different regions; hence, it would be challenging for multinational organizations due to different region wise device access rights. There must be some common features as the activity tracing, lock and wipe, and basic monitoring of their data access and application usage (Mohamed, Abdelkader El-Etriby, 2012). The details of such monitoring access should be kept under record to enroll BYOD policy listing. The employees should be listed under this policy to access rights. Data management rather than the device: Implementation of Mobile Application Management (MAM) ensures that work-related data and applications can be used for controlling the data access (Luxton, Kayl Mishkind, 2012). The MAM can be used for specification to the corporate file management and data storage to sort out the shared devices. Mostly, the corporate data and applications can be wiped out in case when the employee shut down the system within shorter time. The device shutdown can cause wiped out data within seconds for volatile entries in table and databases (Fletschner Kenney, 2014; Mols, 2013). In prior systems, the data security was not up to the standard where the data can be removed without any access rights. The application and personal data should be kept separate from the professional data to keep them secure from sudden accidents. Including the Employee Consent for long way: The BYPD policy should have a best way to incorporate the employee consent and as well as the organization transparency. The consent utilization is most effective way to include the rights and responsibilities for data usage (Frame White, 2014; Chen Zhao, 2012). The information and the consequences of losing devices should be kept under the consent for clear outlining. The clear and well-written policies are used for documenting the employee wise devices and their individual access rights. The official employees should have proper consent for avoiding the risk of legislative actions taken from the organization (Rewagad Pawar, 2013). The experts agree that transparency is primary consideration for bringing the trust gap into practice. Personal device security: The personal devices security and suitable data privacy can be maintained with EMM tool as the SAP Afaria for securing the personal and corporate data as well. In case of lost device, the employees should consider the phased approach with dealing alongside the organization policy (Sood, 2012; Rewagad Pawar, 2013). The remote locking scheme can be used for self-service portal access and device control. In cases the device is not recovered the full or selective wiping must be taken into consideration for issues. The selective wiping can moreover remove the corporate data under the process with personal data and as well as the professional records and histories (Bouvain, Baumann Lundmark, 2013). The user can utilize selective wiping of data for under certain situations as well. GPS tracking: The GPS tracking can be turned off with sudden companies for tracking down the employees in most of the time (Frame White, 2014). The EMM tool as the SAP Afaria can be utilized for only capability of tracking GPS turn off features. Therefore, from this report, the primary takeaways should be considered for taking the decision of BYOD and COPE model for several stakeholders (Mols, 2013). The primary takeaways should be the following for essential approach of BYOD: Primary and necessary benefits should be considered from the organization as it can be gained from BYOD model (Garcia et al., 2014). The key stakeholders should be identified for gaining their individual support. Formal sponsorship for executive should be established in this aspect. Communities and self-service scenarios should be utilized for strategic BYOD model preparation (Luxton, Kayl Mishkind, 2012). EMM solution as SAP Afaria can be utilized as ensuring individual requirements were addressed properly in this aspect. Country wise implementation and documentation reuse is required for adjusting the individual countrys individual requirements (Zhu et al., 2014). Scalable BYOD program is often considered as better PR for Information Technology team with general perception of benefits from employee viewpoint. The communication can be rolled out with regional through the executive team entities. References Aebi, V., Sabato, G., Schmid, M. (2012). Risk management, corporate governance, and bank performance in the financial crisis.Journal of Banking Finance,36(12), 3213-3226. Bessis, J., O'Kelly, B. (2015).Risk management in banking. John Wiley Sons. Bolton, P., Chen, H., Wang, N. (2013). Market timing, investment, and risk management.Journal of Financial Economics,109(1), 40-62. Bouvain, P., Baumann, C., Lundmark, E. (2013). Corporate social responsibility in financial services: A comparison of Chinese and East Asian banks vis--vis American banks.International Journal of Bank Marketing,31(6), 420-439. Chance, D. M., Brooks, R. (2015).Introduction to derivatives and risk management. Cengage Learning. Chen, D., Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. InComputer Science and Electronics Engineering (ICCSEE), 2012 International Conference on(Vol. 1, pp. 647-651). IEEE. Christoffersen, P. F. (2012).Elements of financial risk management. Academic Press. Cole, S., Gin, X., Tobacman, J., Topalova, P., Townsend, R., Vickery, J. (2013). Barriers to household risk management: Evidence from India.American Economic Journal: Applied Economics,5(1), 104-135. DeAngelo, H., Stulz, R. M. (2015). Liquid-claim production, risk management, and bank capital structure: Why high leverage is optimal for banks.Journal of Financial Economics,116(2), 219-236. Dorfman, M. S., Cather, D. A. (2012).Introduction to risk management and insurance. Pearson Higher Ed. Fertis, A., Baes, M., Lthi, H. J. (2012). Robust risk management.European Journal of Operational Research,222(3), 663-672. Fletschner, D., Kenney, L. (2014). Rural womens access to financial services: credit, savings, and insurance. InGender in agriculture(pp. 187-208). Springer Netherlands. Frame, W. S., White, L. J. (2014). Technological change, financial innovation, and diffusion in banking. Franchoo, T., Pollard, M. (2012). The application of European competition law in the financial services sector.Journal of European competition law practice, lps027. Garcia, C., Wendt, J., Lyon, L., Jones, J., Littell, R. D., Armstrong, M. A., ... Powell, C. B. (2014). Risk management options elected by women after testing positive for a BRCA mutation.Gynecologic oncology,132(2), 428-433. Glendon, A. I., Clarke, S., McKenna, E. (2016).Human safety and risk management. Crc Press. Hopkin, P. (2014).Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Hu, W. (2016). Calibration of multivariate generalized hyperbolic distributions using the EM algorithm, with applications in risk management, portfolio optimization and portfolio credit risk. Hull, J. (2012).Risk Management and Financial Institutions,+ Web Site(Vol. 733). John Wiley Sons. Ittner, C. D., Keusch, T. (2015, March). The Influence of Board of Directors Risk Oversight on Risk Management Maturity and Firm Risk-Taking. AAA. Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Luxton, D. D., Kayl, R. A., Mishkind, M. C. (2012). mHealth data security: The need for HIPAA-compliant standardization.Telemedicine and e-Health,18(4), 284-288. McNeil, A. J., Frey, R., Embrechts, P. (2015).Quantitative risk management: Concepts, techniques and tools. Princeton university press. Mohamed, E. M., Abdelkader, H. S., El-Etriby, S. (2012, May). Enhanced data security model for cloud computing. InInformatics and Systems (INFOS), 2012 8th International Conference on(pp. CC-12). IEEE. Mols, N. P. (2013). The Internet and the banks strategic distribution channel decisions.International Journal of Bank Marketing. Pritchard, C. L., PMP, P. R. (2014).Risk management: concepts and guidance. CRC Press. Rewagad, P., Pawar, Y. (2013, April). Use of digital signature with Diffie Hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. InCommunication Systems and Network Technologies (CSNT), 2013 International Conference on(pp. 437-439). IEEE. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Sodhi, M. S., Son, B. G., Tang, C. S. (2012). Researchers' perspectives on supply chain risk management.Production and Operations Management,21(1), 1-13. Soin, K., Collier, P. (2013). Risk and risk management in management accounting and control.Management Accounting Research,24(2), 82-87. Sood, S. K. (2012). A combined approach to ensure data security in cloud computing.Journal of Network and Computer Applications,35(6), 1831-1838. Zhu, X., Liu, R., Li, Y., Huang, H., Wang, Q., Wang, D., ... Zhu, H. (2014). An AIE-active boron-difluoride complex: multi-stimuli-responsive fluorescence and application in data security protection.Chemical Communications,50(85), 12951-12954.