Question:
Discuss About The Spending And Preparedness Financial Sector?
Before implementing a BYOD policy, Aztek must carefully scrutinize both the business and security implications of the project. This policyis regulated by various legislative measures and controls described in the Freedom of Information Act 1982, Archives Act 1983, and also the Privacy Act 1988. These regulations govern the BYOD implementation criteria in an organizationand the relevant legal control measure to oversee the policy. These legislative regulations were necessary due to the liability risks marketing from adopting a BYOD policy in an organization. To ensure thesuccess of the BYOD project, the ICT management team of Aztek must develop a BYOD strategy, determine the implications of the project on any potentially existing BYOD, identify related legislation and regulations, communicate the organization’s BYOD policies, and the relevant financial and technical support measures.
In order to successfully implement a BYOD strategy that compliments the business structure of Aztek, it is crucial to carefully formulatea strategy that is tailored to the needs and activities of Aztek. A strategy is importantso as to clearly analyze the risks involved and the appropriate measures (Ghosh, Gajar & Rai, 2013). The absence of a strategy might create a situation whereby BYOD policies are employee driven.
To developing a BYOD strategy for Aztek, the ICT team under the guidance of the management will conduct a pilot trial of a few employees in a low-risk section of Aztek. A review of the pilot trial using clearly defined success measures will provide Aztek management with an overview ofthe project’s security implications, its cost-benefit relevance, and the impact on Aztek’s business activities.
In today’s technological culture, it is likely that there exists an authorized or unauthorized BYOD framework in any organization. Aztek must first determine the possible BYOD existingprior to the implementation of the strategy. This information can be obtained from Aztek’s employees and other relevant stakeholders. A review of the organization’s assigned devices can also help in mapping out the existing framework and implement the new strategy in a complementary manner.
According to the Information Security Manual (ISM) by the Australian government, it is important for any organization to seek legal advice before allowing employees to access the organization’s systems using their personal devices so as to carefully understand the legal issues and liabilities imposed by a BYOD strategy.
Aztek must carefully determine how to implement the policy in a manner that will facilitate employees’ compliance and support. Among the most effective ways ensure user compliance is by involving all relevant stakeholders in developing and implementing the BYOD policies (Lebek, Degirmenci & Breitner, 2013). This will ensurea policy that is complementaryto the business and workforce structure of Aztek, employee motivation, and that the needs of all affected parties are met. The management of Aztek can alternatively offer BYOD as an optional strategy rather than mandatory.In order to ensure full awareness, the policy must be communicated to all departments, employees, and stakeholders. The policy must clearly highlight the authorized devices, the organizational data that they are permitted to access, authorized applications and software, storage and distribution regulations, non-compliance repercussions, and the controls that the managementis obligated to enforced to ensure the success of the BYOD strategy. To ensure the compliance of all employees and to prevent legal liabilities, the employees of Aztek will be required to sign an Acceptable Use Policy that stipulates their authorized behavior and consequent repercussions of any violationsof the policy.
In developing a BYOD strategy, it is necessary for Aztek to determine the technical support implications of the strategy. A BYOB strategy would result in awide variety of personal devices with different operating systems, manufacturers, configuration settings, and electrical layouts. It would, therefore, be ineffective to assign Aztek’s IT support desk with the responsibility of managing the devices. Possible solutions for Aztek include issuing a list of approved devices or providing basic technical training to the employees.
The main aim organizational goal of Aztek is to ensure shareholders’ wealth maximization and making profits. It is therefore important to consider the financial implications of a BYOD strategy before its implementation (Seigneur et al., 2013).This includes concerns about expenses from internet and connectivity while at Aztek or outside the office, personal devices provided by Aztek, and the relevance of these expenses in helping accomplish Aztek’s organizational goal.All this will be dependent on Aztek’s budget, financial resources, and necessity of the BYOD strategy to the organization.
In today’s modern environment, it is challenging for any organization to adapt. This challenge is especially crucial to financial service organizations such as Aztek. Financial service institutions face high data security risk and management obligations. The situation is worsened by the increased level of competition among financial service organizations (Gustav & Kabanda, 2016). These institutions manage the sensitive financial information of their many clients. Implementing a BYOD strategy, therefore, imposes a huge risk on Aztek and other financial service institutions. The security of the customer’s sensitive financial information is put at risk of loss or even malicious manipulation when employees are authorized toaccess to this information from their personal devices. The management of financial institutions is often faced with a dilemma of improving the customers’ security and meeting the auditor’s requirements on the one hand and increasing organizational efficiency and customer relationson the other hand (Vijayan,& Hardy, 2015).
To mitigate the security risks as a result of a BYOD strategy, Aztek can specifically assign authorized devices to a regulated number of reliableemployees. By controlling the specific business and employees, Aztek can ensure security and efficiency of its financial services. With the continuously growing number of mobile devices, it is important for financial institutions to implement BYOD policies that are complementary to the organizations. This is particularly crucial for financial institutions in the modern age. A survey by IDC revealed that a huge number of financial institutionsare exposed to risk related to employees’ personal devices (Burt, 2014). The institutions do not have relevant strategies and policies to govern the use of mobile devices, applications, and mobile security concerns for their employees.
In order to address the security concern, Aztek must first evaluate the impact of a BYOD strategy on the organizational goal of wealth maximization. The organization should then formulate efficient methods to govern employees’ personal device use, authorized data and content, applications’ compliance, privacy, and general security. In addition to enforcing these policies, Aztek may consider seeking the professional servicesof solution providers such as AT&T and the likes. These solution providers are specialized in providing BYOD solution, formulation of policies, risk assessment, and control measures to assist in the management of the policies.
It is important to realize that technological evolution is inevitable(Guan, 2012). Aztek should, therefore, strive to leverage the advances in technology to its own benefit.This can be achieved by carefully planning a BYOD strategy under the current of future advances in devices, mobile networking, and application management. The need for the management team to implement a robust BYOD strategy is further emphasized by the financial data risks faced by Aztek.
Although BYOD presents many opportunities and benefits to an Aztek, it also exposes the organization to various security threats and risk as outlined above. Studies have shown that most breaches on the securityframework of organizations are adirect result of using personal devices to access the organizations’ sensitive data(Keyes, 2013). Therefore, Aztek must enforce appropriate measures to maintain integrity and confidentiality,ensure compliance by the employees, manage the security risk, and preserve the availability of sensitive data in a secure manner. Some information when placedin the wrong hands may cause substantial damage to the organizations, client’s image, operational complications, and even financial loss.
Aztek faces various vulnerabilities, threats, and consequences of a BYOD strategy. This report will analyze the risks based on the devices selected for the BYOD strategy, potential malicious programs or applications, insecure user engagement, unauthorized access, sensitive data exposure, loss of BYOD devices, and the loss of informational integrity.
The first thing for Aztek to consider in the risk assessment are the personal devices that the organization will authorize to access Aztek’s sensitive information (Suby, 2013). This assessment will include the device manufacturers, operating system platforms, and security features in the respective devices. Aztek’s assessment team must also determine the security threats imposed by each of these devices. Information on the merits and demerits of all authorized devices should be availed to the employees along with strategies to cope with any security issues that may arise as a result of the devices (Watkins, 2014).
There are a wide variety of malicious applications designed to steal, modify, or sniff sensitive information. As users interact with their devices, they often tend to customize the devices or access the internet for work-related and personal use. This exposes their devices to an attack by malicious programs that may access the sensitive operations information in those devices (Chin et al., 2011). A risk assessment is, therefore, necessary to determine possible infection avenues and ways of tackling the risk. Aztek may consider limiting application downloads to only trusted and authorized markets, ensure installation of malware prevention programs, and sensitive the users on the security threats, mitigation procedures and ways to avoid infection (Felt et al., 2011).
Risk arises based on the operational behavior of employees as they interact with their personaldevices (Mansfield-Devine, 2012). Insecure behavior may expose the devices to malware attacks or inadvertent leakage of sensitive information (Ballagas et al., 2004). Aztek is especially vulnerable due to the sensitivity of the financial services it offers. This risk assessment aims to determine the employees’ level of competency in handling sensitive organizational data from their personal devices.
BYOD poses a major threat to Aztek’s information as a result of unauthorized access. Unlike organizational devices which are safely protected and managed by Aztek’s security team, the security of personal devices, especially outside the office, is solelyto the user (Keyes, 2013). This poses the risk that an unauthorized third party may obtain access to the devices and Aztek’s sensitive data. Employees must be sensitized on security measure to prevent unauthorized access.
Under a BYOD strategy, employees can access and distributeAztek’s information from multi-points and in different locations. This exposes the information of this financial institution to manipulation and unauthorized use. The variety of devices also complicates the process of controlling data access and applying security measure to monitor the access, use, and distribution of Aztek’s sensitive information.
It is easy for employees to lose devices containing sensitive information. The devices might contain financial information, private documents,sensitive emails among others. Such information when used maliciously may damage Aztek reputation and its clients. Sincea misplaced device exposes Aztek to various critical risks, appropriate measures to manage the vulnerability should be put in place. Aztek may introduce tools to manage all personal devices remotely (Oppliger, 2011). With these tools, the IT team should have the relevant access to remotely lock lost devices or even wipe them clean if the need arises.
A defining characteristic of any BYOD strategy is the seamless integration of work and personal environments (Song, 2014). As the users interact with their personal devices on both environments, they expose Aztek to the loss of data integrity. A user may alter crucial information by mistake while interacting with the devices for personal use. It is therefore important for Aztek’s management and ICT team to provide security measures to avoid accidental alteration of Aztek’s information.
The final part of this report analyzes the data flow and security risk of implementing a BYOD strategy.BYOB poses a privacy concern to Aztek. While in the process of obtaining work-related information from a personal device, it’s likely that the organization may accidentallyobtainthe user’s personal information (Garba et al., 2015).The Australian government has set out rules and regulations governing how organizations can store their clients’ sensitive information such as bank account details, social security numbers, driver’s license among others (Downer & Bhattacharya, 2015). Aztek must, therefore, determine how these regulations affect their BYOD strategy. The organization must determine the legally authorized information that its employees can store on their personal devices. Employees must likewise be sensitized on the governing laws and prohibited by way of a written agreement from storing such information.There also exists laws that require financial institutions to securely destroy or encrypt sensitive information regarding their customers such as financial reports or medical records (Moyer, 2013).
In conclusion, a Bring-Your-Own-Device (BYOD) strategy bring various benefits and opportunities that will help Aztek achieve its organizational goal. The opportunity, however,presents the organization with various security and privacy risk. The Aztek must ensure compliance with all relevant laws regulating the financial services sector.The evolution of technology has facilitated a trend whereby privacy legislationisbeing developed and enforced continuously (French, Guo & Shim, 2014). Aztek must be alert to amendments and new laws as we implement the BYOD strategy.
References
Ballagas, R., Rohs, M., Sheridan, J. G., & Borchers, J. (2004, September). Byod: Bring your own device. In Proceedings of the Workshop on Ubiquitous Display Environments, Ubicomp (Vol. 2004).
Burt, J. (2011). BYOD trend pressures corporate networks. eweek, 28(14), 30-31.
Chin, E., Felt, A. P., Greenwood, K., & Wagner, D. (2011, June). Analyzing inter-application communication in Android. In Proceedings of the 9th international conference on Mobile systems, applications, and services (pp. 239-252). ACM.
Downer, K., & Bhattacharya, M. (2015, December). BYOD security: A new business management challenge. In Smart City/SocialCom/SustainCom (SmartCity), 2015 IEEE International Conference on (pp. 1128-1133). IEEE.
Felt, A. P., Chin, E., Hanna, S., Song, D., & Wagner, D. (2011, October). Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security(pp. 627-638). ACM.
French, A. M., Guo, C., & Shim, J. P. (2014). Current Status, Issues, and Future of Bring Your Own Device (BYOD). CAIS, 35, 10.
Garba, A. B., Armarego, J., Murray, D., & Kenworthy, W. (2015). Review of the information security and privacy challenges in Bring Your Own Device (BYOD) environments. Journal of Information privacy and security, 11(1), 38-54.
Ghosh, A., Gajar, P. K., & Rai, S. (2013). Bring your own device (BYOD): Security risks and mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70.
Guan, L. (2012). Established BYOD management policies needed. Government News, 32(2), 9.
Gustav, A., & Kabanda, S. (2016). BYOD adoption concerns in the South African financial institution sector. In CONF-IRM (p. 59).
French, A. M., Guo, C., & Shim, J. P. (2014). Current Status, Issues, and Future of Bring Your Own Device (BYOD). CAIS, 35, 10.
Keyes, J. (2013). Bring your own devices (BYOD) survival guide. CRC press.
Lebek, B., Degirmenci, K., & Breitner, M. H. (2013). Investigating the influence of security, privacy, and legal concerns on employees’ intention to use BYOD mobile devices.
Mansfield-Devine, S. (2012). Interview: BYOD and the enterprise network. Computer fraud & security, 2012(4), 14-17.
Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. It Professional, 14(5), 53-55.
Mitrovic, Z., Veljkovic, I., Whyte, G., & Thompson, K. (2014, November). Introducing BYOD in an organisation: the risk and customer services view points. In The 1st Namibia Customer Service Awards & Conference (pp. 1-26).
Morrow, B. (2012). BYOD security challenges: control and protect your most sensitive data. Network Security, 2012(12), 5-8.
Moyer, J. E. (2013). Managing mobile devices in hospitals: A literature review of BYOD policies and usage. Journal of Hospital Librarianship, 13(3), 197-208.
Oppliger, R. (2011). Security and privacy in an online world. Computer, 44(9), 21-22.
Pillay, A., Diaki, H., Nham, E., Senanayake, S., Tan, G., & Deshpande, S. (2013). Does BYOD increase risks or drive benefits. Melbourne, The University of Melbourne.
Scarfo, A. (2012, November). New security perspectives around BYOD. In Broadband, Wireless Computing, Communication and Applications (BWCCA), 2012 Seventh International Conference on (pp. 446-451). IEEE.
Shim, J. P., Mittleman, D., Welke, R., French, A. M., & Guo, J. C. (2013). Bring your own device (BYOD): Current status, issues, and future directions.
Song, Y. (2014). “Bring Your Own Device (BYOD)” for seamless science inquiry in a primary school. Computers & Education, 74, 50-60.
Suby, M. (2013). The 2013 (ISC) 2 Global Information Security Workforce Study. Frost & Sullivan in partnership with Booz Allen Hamilton for ISC2.
Thomson, G. (2012). BYOD: enabling the chaos. Network Security, 2012(2), 5-8.
Vijayan, J., & Hardy, G. M. (2015). Security Spending and Preparedness in the Financial Sector: A SANS Survey.
Watkins, B. (2014). The impact of cyber attacks on the private sector. Briefing Paper, Association for International Affair, 12.
Wiech, D. (2013). The benefits and risks of BYOD. Manufacturing Business Technology.
Zahadat, N., Blessner, P., Blackburn, T., & Olson, B. A. (2015). BYOD security engineering: A framework and its analysis. Computers & Security, 55, 81-99.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order formOnce we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignmentAs soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download