IT RISK MANAGEMENT
The final assessment for ITC 596 is to deliver an IT Risk Assessment Case Study in support of a significant technology decision that is to be taken by a fictional company called Aztek that operates in the Australian Financial Services sector.
Senior executives in both business and technology divisions within Aztec have collected a portfolio of projects from their respective strategists that could be potentially funded for deployment. The portfolio includes projects such as:
• Allowing employees to bring their own devices (laptops, tablets and mobile phones for example) into the workplace to be used as their main or sole devices in achieving their work tasks.
• Migrating business-critical applications and their associated data sources to an external Cloud hosting solution.
• Outsourcing key IT functionality such as the network, desktop management or application development to a third party.
• Upgrading or introducing a major technology such as mobile platforms and applications, migrating to an improved networking technology (such as IPv6), creating a corporate-wide email archive for compliance purposes, or upgrading applications and desktop operating systems.
Each of these possible initiatives entails considerable IT risks that must be handled to support the business case for moving forward with the project. As the IT Risk Assessment Lead at Aztek in this case study, your responsibility is to serve as the liaison between business stakeholders and engineers, translating prospective technical challenges into risk language to aid stakeholders in making informed decisions.
You must choose one of the projects from the list above for the Aztek case study in order to conduct an exhaustive IT risk assessment. With the topic coordinator’s permission, you are free to choose a different project in addition to those that have already been mentioned. For instance, you can choose a project that is pertinent to your place of employment.
Your deliverable for this ITC 596 Case Study is an IT Risk Assessment report that provides a risk assessment of the project you have chosen to take into consideration. It is produced for the intended audience of Aztek management.
Your report must be formatted as a Microsoft Word document with a page count of 15 to 25 and a font size of 12 points. The following requirements must be covered in the report:
• A two- to three-page executive summary at the start of the report that gives a clear description of the IT technology project being evaluated and a summary of your suggestions for Aztek management regarding the project’s merits based on your risk assessment.
• A study of the project in relation to the financial services business, which would include any pertinent laws, rules, or compliances from the government or industry, as well as any recognized best practices (2–3 pages in length).
• A summary of the project’s effects on Aztec’s security posture as indicated by the company’s level of compliance with IT security rules and procedures (3 to 5 pages in length).
• An evaluation of the project’s risks based on threats, vulnerabilities, and outcomes gleaned from an IT control framework and any risk recommendations already made by the industry. For instance, various cloud computing consortia have produced IT risk assessments for this technology that range in length from 4 to 10 pages.
• Specifically discuss the risks associated with data security from the project’s perspective of how the data will be utilized, who will have access to it, and where it will flow (2–4 pages in length).
Save your time - order a paper!
Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlinesOrder Paper Now
The following learning objectives are to be met by the students with this project:
• be able to apply both quantitative and qualitative risk management techniques and to compare and contrast the benefits of each technique; • be able to critically analyze the various approaches for mitigating security risk, including when to use insurance to transfer IT risk; • be able to critically evaluate IT security risks in terms of vulnerabilities;
Criteria HD CR PS HD
consistency, intent, meaning, format, and grammar The report thoroughly covers each of the above components, with a unifying theme and goal that unify them all and drive the study’s conclusion. The report is well-formatted and free of grammatical errors. The report thoroughly covers each of the above components, with a unifying theme and goal that unify them all and drive the report’s conclusion. It is a well-formatted document free of grammatical errors. The report thoroughly discusses each of the mentioned topics and draws a logical conclusion in a well-formatted paper. The report covers each of the listed areas and comes to a believable conclusion. The report’s inadequate or incomplete coverage of all the specified components leads to a logical conclusion.
• (15%) Executive Summary: concise risk-based judgments that business stakeholders can utilize right now to aid in decision-making
• (20%) Security posture review: a clear assessment of the project’s impact on current security posture in terms of changes to the posture and the required mitigation actions to remain at an acceptable posture. • (30%) Threats, vulnerabilities, and consequences assessment: show that the specific changes introduced by the project have the intended consequences.
• (20%) Data Security: Show that the project’s data flows have been identified and evaluated in accordance with policies, and any risks have been reduced.