Thursday, December 5, 2019
Spending And Preparedness Financial Sector -Myassignmenthelp.Com
Question: Discuss About The Spending And Preparedness Financial Sector? Answer: Introducation Before implementing a BYOD policy, Aztek must carefully scrutinize both the business and security implications of the project. This policyis regulated by various legislative measures and controls described in the Freedom of Information Act 1982, Archives Act 1983, and also the Privacy Act 1988. These regulations govern the BYOD implementation criteria in an organizationand the relevant legal control measure to oversee the policy. These legislative regulations were necessary due to the liability risks marketing from adopting a BYOD policy in an organization. To ensure thesuccess of the BYOD project, the ICT management team of Aztek must develop a BYOD strategy, determine the implications of the project on any potentially existing BYOD, identify related legislation and regulations, communicate the organizations BYOD policies, and the relevant financial and technical support measures. Develop a BYOD strategy In order to successfully implement a BYOD strategy that compliments the business structure of Aztek, it is crucial to carefully formulatea strategy that is tailored to the needs and activities of Aztek. A strategy is importantso as to clearly analyze the risks involved and the appropriate measures (Ghosh, Gajar Rai, 2013). The absence of a strategy might create a situation whereby BYOD policies are employee driven. To developing a BYOD strategy for Aztek, the ICT team under the guidance of the management will conduct a pilot trial of a few employees in a low-risk section of Aztek. A review of the pilot trial using clearly defined success measures will provide Aztek management with an overview ofthe projects security implications, its cost-benefit relevance, and the impact on Azteks business activities. Existing BYOD framework In today's technological culture, it is likely that there exists an authorized or unauthorized BYOD framework in any organization. Aztek must first determine the possible BYOD existingprior to the implementation of the strategy. This information can be obtained from Azteks employees and other relevant stakeholders. A review of the organizations assigned devices can also help in mapping out the existing framework and implement the new strategy in a complementary manner. Legislations and Regulations According to the Information Security Manual (ISM) by the Australian government, it is important for any organization to seek legal advice before allowing employees to access the organizations systems using their personal devices so as to carefully understand the legal issues and liabilities imposed by a BYOD strategy. Communicating the Organizations Policy Aztek must carefully determine how to implement the policy in a manner that will facilitate employees compliance and support. Among the most effective ways ensure user compliance is by involving all relevant stakeholders in developing and implementing the BYOD policies (Lebek, Degirmenci Breitner, 2013). This will ensurea policy that is complementaryto the business and workforce structure of Aztek, employee motivation, and that the needs of all affected parties are met. The management of Aztek can alternatively offer BYOD as an optional strategy rather than mandatory.In order to ensure full awareness, the policy must be communicated to all departments, employees, and stakeholders. The policy must clearly highlight the authorized devices, the organizational data that they are permitted to access, authorized applications and software, storage and distribution regulations, non-compliance repercussions, and the controls that the managementis obligated to enforced to ensure the success o f the BYOD strategy. To ensure the compliance of all employees and to prevent legal liabilities, the employees of Aztek will be required to sign an Acceptable Use Policy that stipulates their authorized behavior and consequent repercussions of any violationsof the policy. Technical Support In developing a BYOD strategy, it is necessary for Aztek to determine the technical support implications of the strategy. A BYOB strategy would result in awide variety of personal devices with different operating systems, manufacturers, configuration settings, and electrical layouts. It would, therefore, be ineffective to assign Azteks IT support desk with the responsibility of managing the devices. Possible solutions for Aztek include issuing a list of approved devices or providing basic technical training to the employees. Financial Support The main aim organizational goal of Aztek is to ensure shareholders wealth maximization and making profits. It is therefore important to consider the financial implications of a BYOD strategy before its implementation (Seigneur et al., 2013).This includes concerns about expenses from internet and connectivity while at Aztek or outside the office, personal devices provided by Aztek, and the relevance of these expenses in helping accomplish Azteks organizational goal.All this will be dependent on Azteks budget, financial resources, and necessity of the BYOD strategy to the organization. Impact of the BYOD Project on Security In todays modern environment, it is challenging for any organization to adapt. This challenge is especially crucial to financial service organizations such as Aztek. Financial service institutions face high data security risk and management obligations. The situation is worsened by the increased level of competition among financial service organizations (Gustav Kabanda, 2016). These institutions manage the sensitive financial information of their many clients. Implementing a BYOD strategy, therefore, imposes a huge risk on Aztek and other financial service institutions. The security of the customers sensitive financial information is put at risk of loss or even malicious manipulation when employees are authorized toaccess to this information from their personal devices. The management of financial institutions is often faced with a dilemma of improving the customers security and meeting the auditors requirements on the one hand and increasing organizational efficiency and customer r elationson the other hand (Vijayan, Hardy, 2015). To mitigate the security risks as a result of a BYOD strategy, Aztek can specifically assign authorized devices to a regulated number of reliableemployees. By controlling the specific business and employees, Aztek can ensure security and efficiency of its financial services. With the continuously growing number of mobile devices, it is important for financial institutions to implement BYOD policies that are complementary to the organizations. This is particularly crucial for financial institutions in the modern age. A survey by IDC revealed that a huge number of financial institutionsare exposed to risk related to employees personal devices (Burt, 2014). The institutions do not have relevant strategies and policies to govern the use of mobile devices, applications, and mobile security concerns for their employees. In order to address the security concern, Aztek must first evaluate the impact of a BYOD strategy on the organizational goal of wealth maximization. The organization should then formulate efficient methods to govern employees personal device use, authorized data and content, applications compliance, privacy, and general security. In addition to enforcing these policies, Aztek may consider seeking the professional servicesof solution providers such as ATT and the likes. These solution providers are specialized in providing BYOD solution, formulation of policies, risk assessment, and control measures to assist in the management of the policies. It is important to realize that technological evolution is inevitable(Guan, 2012). Aztek should, therefore, strive to leverage the advances in technology to its own benefit.This can be achieved by carefully planning a BYOD strategy under the current of future advances in devices, mobile networking, and application management. The need for the management team to implement a robust BYOD strategy is further emphasized by the financial data risks faced by Aztek. Although BYOD presents many opportunities and benefits to an Aztek, it also exposes the organization to various security threats and risk as outlined above. Studies have shown that most breaches on the securityframework of organizations are adirect result of using personal devices to access the organizations sensitive data(Keyes, 2013). Therefore, Aztek must enforce appropriate measures to maintain integrity and confidentiality,ensure compliance by the employees, manage the security risk, and preserve the availability of sensitive data in a secure manner. Some information when placedin the wrong hands may cause substantial damage to the organizations, clients image, operational complications, and even financial loss. Risk Assessment Aztek faces various vulnerabilities, threats, and consequences of a BYOD strategy. This report will analyze the risks based on the devices selected for the BYOD strategy, potential malicious programs or applications, insecure user engagement, unauthorized access, sensitive data exposure, loss of BYOD devices, and the loss of informational integrity. Devices selected The first thing for Aztek to consider in the risk assessment are the personal devices that the organization will authorize to access Azteks sensitive information (Suby, 2013). This assessment will include the device manufacturers, operating system platforms, and security features in the respective devices. Azteks assessment team must also determine the security threats imposed by each of these devices. Information on the merits and demerits of all authorized devices should be availed to the employees along with strategies to cope with any security issues that may arise as a result of the devices (Watkins, 2014). Malicious Programs There are a wide variety of malicious applications designed to steal, modify, or sniff sensitive information. As users interact with their devices, they often tend to customize the devices or access the internet for work-related and personal use. This exposes their devices to an attack by malicious programs that may access the sensitive operations information in those devices (Chin et al., 2011). A risk assessment is, therefore, necessary to determine possible infection avenues and ways of tackling the risk. Aztek may consider limiting application downloads to only trusted and authorized markets, ensure installation of malware prevention programs, and sensitive the users on the security threats, mitigation procedures and ways to avoid infection (Felt et al., 2011). User Engagement Risk arises based on the operational behavior of employees as they interact with their personaldevices (Mansfield-Devine, 2012). Insecure behavior may expose the devices to malware attacks or inadvertent leakage of sensitive information (Ballagas et al., 2004). Aztek is especially vulnerable due to the sensitivity of the financial services it offers. This risk assessment aims to determine the employees level of competency in handling sensitive organizational data from their personal devices. Unauthorized Access BYOD poses a major threat to Azteks information as a result of unauthorized access. Unlike organizational devices which are safely protected and managed by Azteks security team, the security of personal devices, especially outside the office, is solelyto the user (Keyes, 2013). This poses the risk that an unauthorized third party may obtain access to the devices and Azteks sensitive data. Employees must be sensitized on security measure to prevent unauthorized access. Sensitive Data Exposure Under a BYOD strategy, employees can access and distributeAzteks information from multi-points and in different locations. This exposes the information of this financial institution to manipulation and unauthorized use. The variety of devices also complicates the process of controlling data access and applying security measure to monitor the access, use, and distribution of Azteks sensitive information. Loss of Devices It is easy for employees to lose devices containing sensitive information. The devices might contain financial information, private documents,sensitive emails among others. Such information when used maliciously may damage Aztek reputation and its clients. Sincea misplaced device exposes Aztek to various critical risks, appropriate measures to manage the vulnerability should be put in place. Aztek may introduce tools to manage all personal devices remotely (Oppliger, 2011). With these tools, the IT team should have the relevant access to remotely lock lost devices or even wipe them clean if the need arises. Informational Integrity A defining characteristic of any BYOD strategy is the seamless integration of work and personal environments (Song, 2014). As the users interact with their personal devices on both environments, they expose Aztek to the loss of data integrity. A user may alter crucial information by mistake while interacting with the devices for personal use. It is therefore important for Azteks management and ICT team to provide security measures to avoid accidental alteration of Azteks information. Data Flow and Security The final part of this report analyzes the data flow and security risk of implementing a BYOD strategy.BYOB poses a privacy concern to Aztek. While in the process of obtaining work-related information from a personal device, its likely that the organization may accidentallyobtainthe users personal information (Garba et al., 2015).The Australian government has set out rules and regulations governing how organizations can store their clients sensitive information such as bank account details, social security numbers, drivers license among others (Downer Bhattacharya, 2015). Aztek must, therefore, determine how these regulations affect their BYOD strategy. The organization must determine the legally authorized information that its employees can store on their personal devices. Employees must likewise be sensitized on the governing laws and prohibited by way of a written agreement from storing such information.There also exists laws that require financial institutions to securely destro y or encrypt sensitive information regarding their customers such as financial reports or medical records (Moyer, 2013). In conclusion, a Bring-Your-Own-Device (BYOD) strategy bring various benefits and opportunities that will help Aztek achieve its organizational goal. The opportunity, however,presents the organization with various security and privacy risk. The Aztek must ensure compliance with all relevant laws regulating the financial services sector.The evolution of technology has facilitated a trend whereby privacy legislationisbeing developed and enforced continuously (French, Guo Shim, 2014). Aztek must be alert to amendments and new laws as we implement the BYOD strategy. References Ballagas, R., Rohs, M., Sheridan, J. G., Borchers, J. (2004, September). Byod: Bring your own device. InProceedings of the Workshop on Ubiquitous Display Environments, Ubicomp(Vol. 2004). Burt, J. (2011). BYOD trend pressures corporate networks.eweek,28(14), 30-31. Chin, E., Felt, A. P., Greenwood, K., Wagner, D. (2011, June). Analyzing inter-application communication in Android. InProceedings of the 9th international conference on Mobile systems, applications, and services(pp. 239-252). ACM. Downer, K., Bhattacharya, M. (2015, December). BYOD security: A new business management challenge. InSmart City/SocialCom/SustainCom (SmartCity), 2015 IEEE International Conference on(pp. 1128-1133). IEEE. Felt, A. P., Chin, E., Hanna, S., Song, D., Wagner, D. (2011, October). Android permissions demystified. InProceedings of the 18th ACM conference on Computer and communications security(pp. 627-638). ACM. French, A. M., Guo, C., Shim, J. P. (2014). Current Status, Issues, and Future of Bring Your Own Device (BYOD).CAIS,35, 10. Garba, A. B., Armarego, J., Murray, D., Kenworthy, W. (2015). Review of the information security and privacy challenges in Bring Your Own Device (BYOD) environments.Journal of Information privacy and security,11(1), 38-54. Ghosh, A., Gajar, P. K., Rai, S. (2013). Bring your own device (BYOD): Security risks and mitigating strategies.Journal of Global Research in Computer Science,4(4), 62-70. Guan, L. (2012). Established BYOD management policies needed.Government News,32(2), 9. Gustav, A., Kabanda, S. (2016). BYOD adoption concerns in the South African financial institution sector. InCONF-IRM(p. 59). French, A. M., Guo, C., Shim, J. P. (2014). Current Status, Issues, and Future of Bring Your Own Device (BYOD).CAIS,35, 10. Keyes, J. (2013).Bring your own devices (BYOD) survival guide. CRC press. Lebek, B., Degirmenci, K., Breitner, M. H. (2013). Investigating the influence of security, privacy, and legal concerns on employees' intention to use BYOD mobile devices. Mansfield-Devine, S. (2012). Interview: BYOD and the enterprise network.Computer fraud security,2012(4), 14-17. Miller, K. W., Voas, J., Hurlburt, G. F. (2012). BYOD: Security and privacy considerations.It Professional,14(5), 53-55. Mitrovic, Z., Veljkovic, I., Whyte, G., Thompson, K. (2014, November). Introducing BYOD in an organisation: the risk and customer services view points. InThe 1st Namibia Customer Service Awards Conference(pp. 1-26). Morrow, B. (2012). BYOD security challenges: control and protect your most sensitive data.Network Security,2012(12), 5-8. Moyer, J. E. (2013). Managing mobile devices in hospitals: A literature review of BYOD policies and usage.Journal of Hospital Librarianship,13(3), 197-208. Oppliger, R. (2011). Security and privacy in an online world.Computer,44(9), 21-22. Pillay, A., Diaki, H., Nham, E., Senanayake, S., Tan, G., Deshpande, S. (2013). Does BYOD increase risks or drive benefits.Melbourne, The University of Melbourne. Scarfo, A. (2012, November). New security perspectives around BYOD. InBroadband, Wireless Computing, Communication and Applications (BWCCA), 2012 Seventh International Conference on(pp. 446-451). IEEE. Shim, J. P., Mittleman, D., Welke, R., French, A. M., Guo, J. C. (2013). Bring your own device (BYOD): Current status, issues, and future directions. Song, Y. (2014). Bring Your Own Device (BYOD) for seamless science inquiry in a primary school.Computers Education,74, 50-60. Suby, M. (2013). The 2013 (ISC) 2 Global Information Security Workforce Study.Frost Sullivan in partnership with Booz Allen Hamilton for ISC2. Thomson, G. (2012). BYOD: enabling the chaos.Network Security,2012(2), 5-8. Vijayan, J., Hardy, G. M. (2015). Security Spending and Preparedness in the Financial Sector: A SANS Survey. Watkins, B. (2014). The impact of cyber attacks on the private sector.Briefing Paper, Association for International Affair, 12. Wiech, D. (2013). The benefits and risks of BYOD.Manufacturing Business Technology. Zahadat, N., Blessner, P., Blackburn, T., Olson, B. A. (2015). BYOD security engineering: A framework and its analysis.Computers Security,55, 81-99.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.