Describe about the IT Risk Management?
This report is about outsourcing information technology from a third party in business process of a company named Aztec that operates in Australia. Outsourcing IT involves variety of function such as operating services, local area network and software hardware and software, application development, etc
IT outsourcing is a common phenomena in financial service (Herbane, 2005). It is so because primarily outsourcing helps in cost reduction. There are also several roles of the outsourcer of it function such as investigation and violation of review report, plays role for maintenance of procedures and policies of information security of clients, building awareness and techniques to use information system via training etc
When companies like Aztec outsourced it services they have to share this information with the staff of the outsourcer. Majority of the companies in financial sector miss to make agreements with the third party when they negotiate for the IT function (Hopkins, 2003). As the result they have to pay extra during system crash in order to make back up of lost information (Merna & Al-Thani, 2008).
Financial sector is a sector which changes their organization process constantly. Information technology in financial service industry, especially in business process of Aztec changes in very small time span in particular real side of organizational business process (Macdonald, 1995).
Financial sector industry is unable to moving forward without using information technology system. Information system is one of the most important technologies within financial sector that generates process automatically.
Due to increase of excessive competition, Aztec has to generate excessive capacity within their business process and depress their margin. Marginal edge of the risk thinking will be the best procedure and tempting them toward the failure via building riskier portfolio and removing the margins (Merna & Al-Thani, 2008). In the financial service industry, Aztec faces high barrier that prohibited their business and make it more badly than its competitors. Hence it is identified that competition within the business of Aztec is working asymmetrically due to low development of technology. Using information technology Aztec would be able to offer better services to their customer that fulfill customer requirement and also increase customer base. According to vinaja(2008) most of the business organization in financial service sector outsourced IT functionalities in terms of diversification and generates high revenue growth.
Outsourcing information technology fundamentals in the business process of Aztec may create the culmination of sense making in for the organization. Sense making allows the organization in scanning the whole environment and interpret with each other properly. Based on the information it helps in taking action.
The shifting from brink to click in financial services like Aztec has created various risks like reputational risk, system risk, money laundering risk, financial risk, strategic risk etc. it also includes other problems like requirement of software and hardware which includes high investment by the company which also leads to the problem of integration of the old system with the new system, excess capacity and also cost control issues. There also is the problem of the current system being outdated.
The company takes total responsibility of maintaining security of implemented system. Budgetary constraint is also one of the most difficult parts to undertake within operational process of Aztec. If the organization outsourced the specific functions of IT asset, the company Aztec can gain their access of information in financial service sector and constraint the budgetary. Outsourcing of IT fundamental within the business process of organization in financial service industry can represent the transaction cost theory contradiction. Outsourcing the specific function of IT asset in business process of Aztec, the company is able to monitor their costs in better way. The tools and technique of information technology also reduce production cost when it was outsourced.
Aztec would the following threats while outsourcing it’s it functionalities like desktop and network management or application development to a third party:
1] Customer protection
2] Data confidentiality
3] System availability
4] System integration
5] Transaction and customer authenticity
Aztec must make it sure it sure that their customers are properly authenticated before the access the sensitive information of the customer. As the customer are logged into their account for quite a long time their information are stored in the data base which creates chance of it being directly attacked on the system or the customers confidential information through worm, spamming, key worming etc
Data confidentiality refers to protection of valuable information and at the same time permitting authorized access. The ability of data protection through software and also recover data in case of their loss through backup, recovery policy etc gets reduced for Aztec.
The customers who are online depended online expect 24hrs service online each day. Thus by outsourcing it will not be ensuring that there is ample of capacity and resources in terms of software, operating capabilities and software for all round service.
By outsourcing the It functionalities, Aztec may face operating flaws and transaction error that might result due to latent transmission or processing as the system would be totally automated.
If the outsourcing partner is not authentic, there might be issues related to transaction and customer authenticity. By outsourcing Aztec needs to make sure about the methods that their outsourcing partners are utilizing for protecting the customer authenticity and transaction.
Banks may be misled due to security risk exposures and also risks of becoming victim of security breach, which might become a serious problem for banks and their users. If Aztec focuses on utilizing the present automated system of vulnerability management, it have some hidden flaws which do not have the capabilities to accurately resolve the outcomes. This impact may include inappropriate security vulnerabilities, inefficient utilization of utilization of IT resources and possible exploitation due to cybercriminals and also inundated resources of IT security that might lead to absenteeism of the employees, lower satisfaction level of job and as also erroneous risk of security which will destroy the credible information security system of Aztec.
The risk treatment process aim at selecting security measure to avoid reduces, transfer and reduce risk and produce a risk treatment plan that is the output of the process with the residual risk subject to the assessment of the management.
It risk management includes following five steps
To develop a comprehensive information risk management{irm} framework the organization must fix each member it’s responsibility.
Not all level of business requires the same level of protection. Contractual obligation and legislative mandate may determine business control for some organization, but for others informed judgment calls in conjunction with partners in line of business is necessary. When accessing the criticality of a function, answering these three questions can be done
Ciso needs to measure the security controls in all of these business groups to be able to do their jobs effectively. ciso should also employ a framework based approach to identify and measure these areas in order to track their progress over time.
An irm framework must ensure that these controls are defined, enforced, measured, monitored and reported. For areas where these controls may not sufficiently mitigate the risk, cisos must ensure that those risk are reduced transferred and accepted,
Many security mangers are focused on gathering and reporting tactical and status update information. To develop a successful security metrics metrics program, cisos need to identify, prioritize , monitor and measure security based on business goal and objectives. They should then focus on translating those measurements into business language that can be of use to executive management.
Conclusion:
This report is adopted for providing detail information about information technology process when an organization of financial service sector outsourced IT function from third party. In the first phase of this report analyst report represents an overview of financial service sector in Australia. In this part the analyst include all the relevant information about the IT the financial services including government regulation. In the second part of the report analyst describes the review of current security posture of Aztec from the point of view of the IT security policies. After described the current scenario posture of information technology system when it outsourced from the third party analyze the threat, vulnerabilities and consequence for it control frame work. At the last part of this study , analyst described the possible data security issues when the IT system outsourced and provide recommendation to mitigate that identified issues.
References:
Chorafas, D. (2007). Risk management technology in financial services. Burlington, MA: Butterworth-Heinemann.
Clinical Waste and Its Risk Management. (2001). Clinical Risk, 7(6), 251-252. doi:10.1258/1356262011928572
Dionne, G. (2013). Risk Management: History, Definition, and Critique. Risk Management And Insurance Review, 16(2), 147-166. doi:10.1111/rmir.12016
Herbane, B. (2005). Risk Management on the Internet. Risk Manag (Bas), 7(2), 65-66. doi:10.1057/palgrave.rm.8240213
Hopkins, A. (2003). Risk. Risk Manag (Bas), 5(1), 85-85. doi:10.1057/palgrave.rm.8240143
Macdonald, J. (1995). Quality and the financial service sector. Managing Service Quality: An International Journal, 5(1), 43-46. doi:10.1108/09604529510081794
Merna, T., & Al-Thani, F. (2008). Corporate risk management. Chichester, England: Wiley.
Merna, T., & Al-Thani, F. (2008). Corporate risk management. Chichester, England: Wiley.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download