Delivery in day(s): 3
ITC596 IT Risk Management Assignment Help
Outsourcing of key IT functions like network design and deployment may help the organizations to save time and cost along with risk of failures in business. The report will present the overview of the financial sectors to demonstrate how they are using outsourcing and IT services to grow and sustain. The report will also present the security in Aztec which is a finance service sector in Australia. Regulatory impact on business processing will be discussed along with prospective of stakeholders. The report will also determine the threads, vulnerabilities and consequences in project for the organization. The issue of implementation and developments will be discussed and assessed properly. The report will identify the ways in which organization can enforce the data security in workplace. The report will make use of factionary organization Aztec to make proper link with real world.
Financial Services sector review
The economic strength of a country is driven by the financial services which include the banking sector, insurance and non-banking sectors as the major contribution in services. Financial services are provided by the financial industries in country in which banking is at top to serve the people for management of capital, investments and insurance. Financial sector are using information technology to increase the productivity and accuracy in management. The impact of information technology has enhanced the data management and networking in industry to share and use information securely. Business stakeholders must need to know that industry is competitive in nature to sustain and has similarity in most of projects (Mwega, 2011).
The financial sector demands the high accuracy as well as security on data as most of capital is stored in the form of numbers only. Financial service sectors mainly use a system which is capable to handle the data management and operations of business effectively. For instance, banking sector where most of the data is stored in databases to share and use among number of users spread across globally. Banking sector needs to store the information of employees, customers, account details, transactional details and future events to occur on specific events for loans and insurance. The supplementary business operations likes IT system and assets development and deployment, network structuring, data management mechanism selection and community engagements are outsourced to other organizations so that industry can focus on the main business operation- finance management. Finance sectors are unaware with information technologies required to safeguard the data and capital in business and therefore, they can outsourced the services to related organizations to save the processing capital and time (Michie, 2011).
Currently, financial service sector has contribution of about 34% in outsourcing of information technology related works. Organizations are using outsourcing to speed up the business processing and to reduce the risk of failures at centric location in business as data and processes are diverted to third party organizations; they became their liability to accomplish. In this manner, financial sectors can focus on flow and share of capital rather than to puzzle with secondary responsibilities in workplace. In first half of 2012 most of banking services in United Kingdom started to outsource their infrastructure deployment and IT processing so that they can focus on business. The end of second half of 2013 is evidence that organizations have achieved the benefits in term of increased 4% total gross revenue. The same effect is true in present year and will lead the changes in same proportion as expected (Cole.et.al.2011).
Regulations and regulatory frameworks are changed over the time to meet the outsourcing arrangements and facilities with proper implementations of contracts and services. Financial service sector can govern the risk and quality of services outsourced to other organizations. Also the support and liability patterns are made centric to outsourcing organizations under the control of regulations. The regulations of Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) have empowered the financial sectors to govern the use of data and business secrets during the outsourcing and modified the structure of contracts to increase the liability in services. The supervision acts related to investment and insurance are making the control of financial sectors to quality and services without delay and must cost (Haldane.et.al.2010). Outsourcing services are inventing new approaches to handle the services and quality within the criteria of governmental rules and policies. Regulation of investment ensures the financial sectors to achieve the desired outcome with outsourcing organization. Outsourcing has solved the problems of organization to focus on the main objectives in business and achieved high throughput with liable relations to outsourcing organizations.
Security posture review
The outsourcing project of Aztec will impact the performance and quality in business processing as organization only need to aware with the business prospective and the arrangements for business and business services will be handled by outsourcing firms. The current structure of organization for the security implementation and policies are effective if all the users in workplace are seems to be loyal and less trained in information system. Proper security is implemented to get access with financial machines and computers to obtain the business information. Confidential information is managed inside the organization with proper surveillances and policies (Damodaran, 2016). The structure of organization enforces the flow of data from top to bottom and there are less chances of information leak and capital theft in workplace. Desktop applications and network design is robust to meet the requirements of organization for security and sharing but it seems the lack of extensibility and recovering features to retain the operations authorised and consistent over failures.
From the analysis of major drawbacks in Aztec for scalability, accessibility and application level security to access the information, the project is proposed. The project is designed to outsource the work of network implementation and maintenance to third party organization which has experience of years and trust of customers (Pilbeam, 2010). The network design operations, desktop and mobile application development for workplace performance and community engagements are outsourced to achieve market advantages in term of cost and time. The liability and risk is shared with third party for security in workplace for data and assets. The project has assessed the role of IT services in financial sector to establish the business to heights. Al though, the implementation of project will make some modification in present working approaches and security implementations. The project will restructure the network design and connectivity to other services. The physical security with sensors and alarms are at consideration to implement in workplace to ensure authorised business processing practices and patterns.
Aztec needs to ensure the security on files and databases where the business information is stored. There should be also the well organized and tested procedure to retrieve the data efficiently. Addition to it, organization needs static and analytical data from the previous operations in business for decision making which can be outsourced for strategic purpose and to manage the business effectively (Hyman, 2014). Aztec management can focus on primary operations in business like resource management and financial services strategies along with the cost saving on secondary essential practices in organization like data generations and management, security and migration to updated technologies. Organization is not from the background of technology and instead to deal with technical portions in business, organization can handle the work easily and effectively.
The outsourcing will help to identify the best solution to problems in organization for security and data management. At other side, it is also possible to have influence on business operations and practices. The implementation of security according to outsourcing organization may lead the changes in workplace routines and practices. Aztec needs to determine the group of users those will be liable to handle the system and the credentials of system security should be impasse to authorised entities only. Aztec may need to train the employees for new features and assets in organization so that productive use of resource can be made. Employees, resources and assets may be rearranged; policies can be prepared for user responsibilities and roles, documents to illustrate the implementation essentials for organization (Ulbrich, 2013). The security of existing business processing must be assessed properly to cover the requirements in new system. Outsourcing may be auctioned to offshore or inshore to find the right solution provider for organizations. The documents and contracts can be prepared to keep the trust worthy relations between organization and outsourcing firms. Organization may grant permissions to observe and work inside the workplace.
In order to adapt the security in current infrastructure, it is required to collect the information about the mitigating requirements in workplace. The mitigating activities are required to adapt the security practices in effective manner. For the Aztec following mitigating activities are identified:
The internal infrastructure may be changed to physically secure the network resources like servers and routers. Also the network mechanisms are changed to meet the future demands of scalability and security on transmission and encryption of information.
Employees in organizations are categorised according to their skills and experience so that IT services can be handles and operated by them. Training and development programs can be designed to train the employees to work with new information system in workplace and to interact with information sent from outsourcing organization (Viney & Phillips, 2012).
Technical business processing jobs may be done at offshore centre. Therefore it becomes necessary to collect the information at time and effectively to use them in decision making process. Organization may be to hire outsourcing to equip the workplace to obtain the information from remote locations.
In financial section, the security is at top, both for resource and for data. Therefore, organization needs to secure the physical location and cabins with advance surveillance and authorisation tools.
Threats, vulnerabilities and consequences assessment
The proposed IT project is effective to deliver the security and performance in workplace but the project must be assessed for the threats, vulnerabilities and consequences. Aztec has outsourced the development of network for business processing. A network system may have threads on security and performance. System must be tested to assess the threats and issues on implementation of network system.
Aztec network system is tested against the following security threads to protect the data and resource in workplace (Brauch, 2011). Some of the main categories of the threads are:
Network system is made up of hardware and software so that there is possibility of logical attacks on system. The routers and switches mainly work on the configuration of system which is just the arrangement of codes and values through software. The implementing authority of network design must need to assess the system for logical attacks so that information can be secured from being theft or inconsistent to use. The major reasons behind the logical attacks in network security are software bugs and already extent vulnerabilities. Software bugs may be used by cyber criminals to breach into system for information and intentional loss in organization (Oatley.et.al.2013). Normally logical attacks take place due to improper installation of software programs and avoid to the upgrade of system to latest and stable release of code. Administrators of network system are liable to install the trustworthy applications to manage the network processing in Aztec. Timely upgrade and close of open holes in network system helps to eliminate the possibility of logical attacks.
The network system in organization is tested for the open holes in software and applications. Firewall and routers are configured for the authorised access to resources only. User access control list and filters are applied to answer the security threads. Some of the logical threads those are specific to network security are assessed in system:
Malware: The intentionality created code to damage the performance and security of the network. Malware code may enter into network with the unauthorised packets and mails. Firewall is setup and configured to identify the threads in the form of malwares. Malware may silently stole the information from system and transmit them to another location in network to theft the information (Lei, 2011).
Trojans: Trojan horses are harmful applications those may enter in system with anonymous devices and connection in internet. Trojan horses are targeted to observe the keystrokes and other information from user computer. Also the applications may traffic the network system with unwanted data packets. System is well planned to implement with a strong virus and malware detection system so that unwanted and harmful programming code can be removed from network and system to retain the network usability.
The attacks those are specially directed to damage the resources in network are put under the category of resource attacks. Resources are back end for any services in network system. Aztec needs the network for the financial services and communication. Therefore the network may contain the information which is confidential or not transferable to others for business purpose. Resources of network may be targeted to prevent certain operations within time so that market competitions and advantages can be favoured or business secrets can be destroyed (Choi.et.al.2010). Servers in network for Aztec contain business files and employees records. The mail server contains the communication inside the workplace those may contain the strategies and planning for financial benefits in organization. The loss or such information and plans may lead the business down. Resource attacks are made due to the improper physical or somehow logical security to resources. Attacker may damage the resources physically or block the authorization to certain resource so that organization lost assets as well as information stored in them.
Attacker may gain access to specific routers and servers to damage them or natural disasters may do this, therefore back bone system and resources must be kept secure under the surveillance and policies. The activities of authorised users also need to managed and overview over the time to determine the degree of follow for rules and policies. Inter communication must be encrypted to store for later use. The useful financial procedures and data should be replicated to retrieve them in case of lost. The network system for financial organization Aztec is designed with the consideration of possible attacks on resources and network performance (Albanese.et.al.2012). The system is safe guarded from accidental as well as intentional lost.
The network system is assessed for the vulnerabilities on security. Vulnerabilities in network security may be open patches, authorization and configurations.
The software to manage the network system and security are well tested and upgraded to their stable releases. Also the software part is secured with integration to hardware security so that there are no open patches in designed system to hack. Open patches of software may create the issue of decreased performance and anonymous functions in operations. At present all the applications in network system are updates for the software performance as well as for hardware. Latest and stable hardware equipments are used to make the system robust and trustworthy in changing environment of business. Addition to it, vulnerable systems are isolated from main network and treated specially with high quality resources and mechanism to access (Javid & Azad, 2010).
At each hardware and software, the strong passwords are used so that guess and social engineering can be eliminated to obtain the passwords. For administrative purpose, granted user list is also managed to access the system. Addition to soft keys, hardware authorization is provided to Aztec for more security. The authorised users in organization are guided to keep their password and credentials secure along with periodic change.
The hardware and software applications in network system for Aztec are configured with standard practices to eliminate the appearance of unwanted software code and packets in network. Specially, firewall and routers are configured well to obtain the packages and encryptions from authorized and granted system in network. Anonymous traffic and applications in networks are treated well to reduce the hazards (Pishvaee.et.al.2011).
The IT outsourcing was typically difficult due to the consequences in implementation and design. Aztec finance sector has extended set of employees and customers. The business positions and operations are rearranged to help the team to deal with design and implementation at workplace. The following consequences are assessed during project implementation:
Business constraints: The business of organization is vast and the seriousness of business demands the system to be complete within minimum time and cost. Organization also needs to implement the system as effectively as it may be so that financial information can be secured. The scope and returns with business are identified to design the system. The working environment and user skills are recognised to make the system acceptable and useful. Including all the business constraints the cost of project is determined (Subramanian, 2010).
Market trends: upcoming requirements in business are also determined along with network consumptions and performance to prepare a system which is long lasting in workplace. Organizational requirements and objectives are identified to meet in network. The designed system is capable to handle the business operations and management under the scalability and security. Market trends for new technologies and hardware are included along with proper use of capital and existing resources of Aztec. The final cost for the project also depends on the time and available resources. Al though, the network design project is accomplished with adequate amount of investment so meet the requirements of organization and business (Pahlavan, 2011).
Data security is been mainly referred to the protective digital privacy measures which are been applied to avoid the unauthorized access to the databases, website and the computer system. Data security is largely focused to the protection of the data from being affected by any fraud. It has been found that it is very much important for the organization to ensure the data security in each and every aspect and avoid any of the misuses of the same. The data security is been also known as the information security (IS) or computer security in many of the fields. In other words, data security is been considered to be a practice of protecting the data from illegal misuse of corruption (Chen & Zhao, 2012). It ensures the privacy by data security along with the protection of personal and corporate data. In context of the current case, the outsourcing of the network includes wide ranges of issues which must be kept in mind by the organizations. The IT professionals of Aztek must acquire adequate amount of information and knowledge about the data security while establishing the network so that to assure the security of the data being stored in the network systems. Aztek must implement various measures to protect the data while developing the network and keeping the information secured with the same.
The data security mainly includes both logical i.e. authentication, authorization, passwords and encryption and physical security i.e. storage and networking cabinets, restricted access and locks on server, etc. The logical security involves the protection of the network with firewalls, virus detection programs on server, running antispyware and network addressed storage systems. It is very much important to make sure that the databases, application, server operating systems and file systems are being secured so that to avoid any of the illegal or disrupting access to the data. Implementation of the storage system based volume or rational units in the network would also contribute in the protection of the data (Stallings, 2014). In order to ensure the network data security Aztek could make use of the following measures:
Firewalls: Firewalls is been listed among the most commonly used security measure which helps in protecting the stored data in the network systems. A firewall is basically a software program of hardware which facilitates in keeping the hackers, viruses and other unauthorized access far from the computer over a new network. The firewall restricts the access to each and every activity except the services which the user needs to use specifically. A firewall monitors the outgoing and incoming network traffic and makes decision on whether to block or allow the specific flow of data on the basis of a defined set of security policies. There are wide ranges of firewalls which could be implemented by Aztek to secure its data such as next-generation firewall, proxy firewall, unified threat management firewall, packet filter firewall, etc.
Physical security: With respect to the data security, the physical security is the protection of software, hardware, data, networks, etc. from the physical event which could lead to the serious losses or damage to the organization. Physical security includes three basic elements such as surveillance, access control and testing. It has been identified that there are various measures which could ensure a physical security such as: setting up surveillance, locking the server room and limiting the access of the system to the reliable and trusted users only. There could be various acts which could impact the network and its security and thus requires being protected from the unauthorized access like hackers (Ulbrich, 2013).
Intrusion-detection system: An Intrusion-detection system or IDS is defined as the software application which monitors the network system for the malicious activity or policy violations. It has found that any of the illegal activity being detected by this software is usually reported to the administrator or is gathered centrally by making use of the security information and the event management (SIEM) system. This system mainly unites the outputs for different sources and use alarm filtering techniques to differentiate the unauthorized acts from the false alarms. The system is mainly classified into two types i.e. Host based IDS and network based IDS. It has been found that it is difficult for the attackers to detect the IDS as it do not generate any traffic itself and includes broken TCP/IP so that they do not having any specific IP address and could not be accessed by any of the unauthorized user (Damodaran, 2016).
Antivirus system: There are various antivirus packages which could be used by Aztek for the data security purposes. Norton antivirus and McAfee are some of the common antivirus system which are generally used in the computer systems or networks for securing the data from any of the malicious activity. It has been seen that this system is been commonly used by the administrators and is installed by them on the servers. On the contrary to this, it has been even found that there is no particular policy for the regular updates of the system. It could lead to the risks over the protection or the data security over the network and result in the losses due to any malicious activity (Choi.et.al.2010).
Therefore, Aztek could make use of these measures to mitigate over the data security risks or issues in its functionalities and ensure the effectiveness of its data and results.
The report has been concluded the working of financial service sector and the impact of regulations on business processing. It has been identified that most of financial services are using outsourcing to reduce the effort and cost on business processing. The report has determined the similar projects and described them to present the market scenario before the business stakeholder in Aztec. The report has also presented the position of security in organization and how the new implementation needs to mitigate the requirements and activities for sustainability in workplace. Security system in Aztec is analysed with present status and changes are determined for deployment of new system. Later report has assessed the vulnerabilities, threads and consequences on network security. The data security has been considered significant for organization and appropriate policies and information flows are identified for data security.
Books and Journals
Albanese, M., Jajodia, S., & Noel, S. (2012, June). Time-efficient and cost-effective network hardening using attack graphs. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012) (pp. 1-12). IEEE.
Brauch, H. G. (2011). Concepts of security threats, challenges, vulnerabilities and risks. In Coping with Global Environmental Change, Disasters and Security (pp. 61-106). Springer Berlin Heidelberg.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Choi, J. P., Fershtman, C., & Gandal, N. (2010). Network security: Vulnerabilities and disclosure policy. The Journal of Industrial Economics,58(4), 868-894.
Cole, S., Sampson, T., & Zia, B. (2011). Prices or knowledge? What drives demand for financial services in emerging markets?. The Journal of Finance,66(6), 1933-1967.
Damodaran, A. (2016). Damodaran on valuation: security analysis for investment and corporate finance (Vol. 324). John Wiley & Sons.
Haldane, A., Brennan, S., & Madouros, V. (2010). What is the contribution of the financial sector: Miracle or mirage?. The Future of Finance, 87.
Hyman, D. N. (2014). Public finance: A contemporary application of theory to policy. Cengage Learning.
Javid, A. A., & Azad, N. (2010). Incorporating location, routing and inventory decisions in supply chain network design. Transportation Research Part E: Logistics and Transportation Review, 46(5), 582-597.