Synthesis Concept of Information and Analytical †Free Samples

Question: Discuss about the Synthesis Concept of Information and Analytical. Answer: Introduction: Information Technology (IT) risk management is the application of business principles and practices (that handle business risks) in an IT organization with the aim of controlling, organizing, directing and planning to potential that may occur in the field. IT risk management assists businesses in identifying the risk that relate to business ownership, business operations, influence, adoption and implementation of IT devices and appliances. This means that through IT risk management, businesses are able to avoid, prevent and manage these potential threats to their IT operations or department (Beauchamp-Akatova et al, 2013). Business uncertainties or risks can cause great impacts to business operations, especially the businesses whose operations rely entirely on the information technology department and applications. In that case, IT risk management becomes an important aspect of ensuring information security because of its ability to inflict support on the business operations towards achieving its goals and objectives. Therefore, it is clear it is important for business management team to be able to access and manage IT risks for it succeed. Financial Services Sector Review There are many business organizations in the world that can be said to be financial institutions offering financial services and products, e.g. depositories (like banks, credit associations and thrifts), insurance companies (life assurance, property, health and injury insurances), investment businesses (real estate, trust funds, REMICs and REITs), finance companies, exchange companies (stock exchange companies, insurance businesses) to name just but a few. The financial institutions are guided and governed by certain specific government rules and regulations in relation to their services and products. The role of these regulations is to help these financial institutions to continue upholding the services they offer to their country or rather customers as well as to the government (Sweeting, 2017). Just like any other business, the financial institutions are faced with different kind of risks during their operations. The risks associated with the provision of financial services by fin ancial institutions differ according to services provided or rather according to the type of institution itself. The different kind of services include the following: origination, distribution, packaging, servicing, intermediation and market making services (Schneider et al, 2011). Therefore, financial institutions being some of the most fundamental organizations in every country, they must find ways of managing those risks that are capable of affecting their operations negatively.The following are the risk categories that affect financial institutions: These risks are associated with the change of asset value according to systematic aspects. This means that the financial institution assumes this risk personally when its assets change in value due to changes in economic conditions. Examples of these risks are change in interest rates caused by economic changes. Therefore, to be able to manage these kinds of risks, financial businesses focus on tracking, be aware and understand some of the systematic changes that may a risk occurrence like interest rate risks, commodity price risks, foreign exchange risk among others (Acharya et al, 2017). They occur when the business debtors do no pay back what they owe. This happens mostly to financial businesses that offer crediting services but especially those that that highly illiquid assets as credit cover (Kavun et al, 2016). The credit risk can be caused by the unwillingness or inability of the debtor to pay the company. These risks is capable of affecting both the business crediting operations, the business shareholders profits and the debtors ability to borrow funds (Bonsall IV et al, 2016). This risks is associated with a trading partners failure to perform as expected. These risks can be caused by systematic/economic, political or legal changes or effects towards the trading partner to the financial institution. To avoid and prevent such a risk from occurring, the business should ensure that all possible influences are evaluated and analyzed effectively before drawing or starting the trading partnership. Additionally, all partners should work together to ensure solutions are available and ready to be implemented whenever such changes occur. Operational risks occur whenever the financial institution carries out a transaction, eg product or service processing and when taking or making trading deliveries in exchange for money. Furthermore, these kinf risk may occur when the business is doing it record keeping, computing payment amounts, processing system failures and while trying to comply with certain financial rules and regulations set by the government. These risks can cause extreme negative impacts towards a business operations and its financial budgets and expenses. To mitigate such a risk, businesses should ensure that their processes and practices are completely in accordance with government regulations and that their employees are well qualified and experienced in their respective areas. They are related to the legal standards set by the government and other authorities (like court orders) expected to be achieved and adhered to by the financial institution. However, these legal risks may also arise when a business fails to follow the laws and rules set to govern a contractual agreement when trading with partners. For instance, environmental regulations set by the government affect the operations of institutions like real estate institutions by affecting the value of the older buildings. Other rules that govern business management for operations and employees like fraud and security law violations can cause adverse negative effects towards a business. With that in mind, it is safe to say that, every financial institution is viable to at least one of these risks depending with the services it offers. Additionally, every business should come up with different ways to identify these risks and manage them effectively to increase its success chances in the financial business industry. When it comes to security status of a financial institution, the main business IT appliance and devices are involved. Therefore, the security of a financial institution is determined by the security provided by the technology appliances and devices being used by the business to conduct its operations, g computers, software and hardware appliances, computer networks, programs and applications. It is important to note that, in the current, a large number of businesses are now using these appliance to conduct their operations- especially the financial institutions (Sinclair et al, 2007). The financial businesses are currently using the improved technological devices to process services, communicate, invest and conduct other operations. These institutions are using the internet and computers to transfer funds, receive funds, carry out investment operations among other things (Reim et al, 2016); simply called e-commerce. However, research has proved that security treats to these devices h as increased over the last number of years with very high margins. This has been caused by the technology development and advancement which is relative to the improvement of these devices and appliances. This means that when the security threats increase towards the computers, its components and internet and its components, then treats towards financial institutions increase. In general terms, these threats can be referred to as cyber insecurities and can be caused by implementation of such practices like allowing employee to carry their own technology appliances to work. Most financial institutions are currently prone to cyber insecurities than any other business organizations. These cyber insecurities are caused by the cyber criminals whose main objective is to steal money of financial information about the institution or its customers. However, there are other aims for cyber insecurity, e.g. disruption of business operations, destruction of critical business infrastructure, compromise of financial business information etc. therefore, in a financial institution risk management, the business must focus on the management of cyber security risks and threats (Jouini et al, 2014). Types of Cyber Security Risks This refers to the use of mobile phones to receive or send money from one region to another. In the current business world, many businesses have adopted the use of mobile banking services which they describe to be a very effective and efficient method for both the customer and the financial organization (Greenwood et al, 2015). However, mobile security status has become a big challenge for financial institutions. This is simply because the traditional methods implemented to protect financial information of the customer is not effective for the mobile banking practice (Gitman et al, 2015). Financial institutions have created mobile applications that are becoming popular to the customers in conducting their financial operations. However, these applications are facing threat of attack especially with the increase in mobile phone application robustness. When the app is robust, the financial information of the user is at risk of being exposed to unauthorized person which may lead to theft of funds without disturbing the functionality of the app or mobile phone and therefore not notifying the owner. There is an increase in the use of social media platforms by businesses when carrying out their operations like advertising, marketing, promotion and sales among other things. This also means that there is increase in mobile phones and social media connections especially in platforms like twitter, LinkedIn, Facebook and Instagram o name a few (Phippen et al, 2014). Financial institutions have also adopted the use of these social media platforms whereby most of them also create accounts with the objective of improving customer communication and relations (Alhabeeb et al, 2010). When financial institutions join these platforms, they increase the chances of fake account creation by unauthorized persons who try to trick users into providing confidential information e.g. about their finances, account passwords and account login details among other things. These risks can also be realized when business employees leak business secrets in those platforms without permission. Security breach is related to password hacking, description of encrypted data, change or manipulating of data. All these breaches are capable of causing adverse problems for businesses if not managed effectively. Such kind of breaches can lead to information theft or theft of funds which is a loss for businesses. Cyber security attacks like use of malware, botnets, ransomware, Trojan horses, viruses and spyware to name just but a few, have also proved to be extremely dangerous for business organizations, especially the financial institutions (Sadgrove, 2016). This is simply because, most financial institutions use technology devices like computers, software and hardware computer appliances, computer networks, programs and applications that are extremely prone to such attacks (Geri? et al, 2007). These attacks affect an appliances use and operation by restricting access or disrupting the operation processes. This has offered new hacking opportunities for cyber criminals. These is basically the connection of technological devices and appliances to the internet to help them operate, e.g. home appliances, vehicles, medical devices etc. in relation to financial institutions, devices like CCTV cameras and ATM machines rely on technology to operate, e.g. banks. Therefore, their use can lead to theft and other attacks that cause expensive problems to the institution. Other risks like software engineering, phishing, farming, inside attacks, skimming, spoofing, DoS attacks etc. are also common when it comes to financial institution cyber security (Raba et al, 2012). However, given that financial institutions operations relate to dealing with money, investments and assets, they certainly become constant targets for cyber security risks and threats. These risks can cause immense losses to both the institutions and customers. Therefore, it is important for Aztek Company to identify and understand some of these threats that can affect its operations by attacking its security systems. When the company decides on implementation of the said project, these chances of these risks increasing and affecting the business operations are extremely high. Financial threats aimed at disrupting financial institutions operations are become more and more as technology advances. These threats are mostly the cyber security threats discussed above. Recent research has shown that cyber security crime threat has increasingly been dominated by massive security attacks. According to Vasile et al, 2012, these attacks have become more sophisticated in a way that they are now chasing after the financial institutions financial information instead of the individual customers. It is clear that these attacks are becoming a common practice for different groups of criminals ranging from large state-like organizations to small decentralized individual groups funded and supported by self-directed networks. Nevertheless, these attacks are not easily to carry out and are rarely successful but when successful, they cause great damage to the financial organization as well as yield extremely high profits for the criminals. This is what attracts most of these gr oups into targeting these institutions and especially those that are rated to be more successful in terms of profits than others (Landier, 2011), e.g. top most rated banks in Australia (National Australia Bank- NAB, Commonwealth Bank- CBA, Australian New Zealand-ANZ Bank and Westpac-WBC). In that case, when Aztek Company implements the project in question, the chances of these threats becoming real are extremely high. When employees are allowed to carry their personal laptops and other devices to work in these financial organizations, there are chances that they may bring these threats with them. Apparently, most of the financial organizations have security systems set up for their networks and computers as well as their appliances to protect them from certain threats. A large number of financial institutions have developed a firewall to protect their devices from being attacked by viruses, malware, spyware, worms. Additionally they have set up tight security measures that protect business operations and data from being breached and stolen. Therefore, the project should ensure that no machine that can be used in the financial building without being scanned for security threats. Financial institutions are vulnerable to cyber security attacks as long as technology improves. Most financial institutions like banks have developed new ways to ease customers access to funds. They have created better ways to save, send and spend money. This has created more competition opportunities for businesses towards being a dominant in these sector- especially with technology advancement. On the other hand, as the institutions improve access for their customers, they also offer increase in vulnerability of the organizational security system (Peng, 2009). This means that by advertising these new methods of access by customers, they also give strategies to potential criminals to attack and breach their security system. In addition to that, most financial institutions are prone to the storage of information in an online system.The institutions store most of their sensitive and confidential data, when encrypted, in the name safe keeping (Olson et al, 2015). These kind of storage make these institutions easier targets for cyber security attack or breach. The institutions become more vulnerable when they start using technology advanced appliances and devices to conduct their operations. Through this they also the customers information in jeopardy. As for Aztek Company, the implementation of the project should mean serious security scrutiny and measures. When the project is implemented, it increases the chances of vulnerability of the company. The employees will have company security passwords which they can use outside the company building. By doing this, they increase the opportunities for the cyber criminals to access company information. Therefore, the company should ensure that is has identified all possible vulnerability areas and found solutions for them. Every financial organization should ensure that any risk related to security of data or assets is identified, carefully analyzed and evaluated to reduce the chances of security breach or attack (Aven, 2016). Other than that, a business can ensure that all its assets are safe and secure and that its networks are protected from unauthorized access and use. In the case of Oztek Company, when the project of allowing employees to use their personal devices in conducting business operations can cause serious negative effects and consequences like: Leakage of organizational data to unauthorized personnel. This is an effect that can happen both intentionally and in an unintentional way. Apparently, the most common way that employee may end up leaking business information is through the social networking platforms. They get access to the company page or website and post unauthorized information. Loss of confidential information. This occurs mostly when employee appliances like laptops, hardware, software and mobile phones get lost. If these appliances have been being used by the employee to perform their responsibilities in the company, then some crucial information about the company may be lost (Glendon et al, 2016). Creating a platform for criminal hacking. When employees use mobile phone and laptops in a business operation and building, they create an opportunity for hackers to access the companys security network hence accessing its information. Offers an opportunity for attack by malicious applications. When employees use their devices in a business environment, they create better access for criminals to access the companys network system and transfer malicious applications and programs that disrupt or restrict the businesss operations and processed. Actions leading to the effects Remote worker security Unauthorized physical and network access Unauthorized application use Misuse of password and login/logout procedures and details Therefore, before implementing a policy that allows employees to use their personal appliances for business operations, the management team should identify and understand the potential impacts caused by that policy towards business operations and performance. Project DataIdentification The project managers and the project team members will be used to assess possible project risks and create possible solutions for the risks. The team will be allowed to access all the company departments, analyze all the processes involved in completion an operations and identify potential risks that may arise after the implementation of the project. In addition to that, the project team will be involved in evaluating and checking all the employee appliances like laptops, mobile phones, software and hardware devices and other programs that can be applicable in any business operation and process (Hansson et al, 2014). The project team will also be responsible for evaluating the companys network security system and the security levels for the whole organization, especially those that relate to financial information data protection and safety. The main aim of this process is to be able to identify possible security risks and suitable solutions to those risks. The security risks data collected will first be accessed by the top management team of Aztek Company. This is because they are the main parties involved in the implementation of the project policy. However, later these risks will be communicated to the other employees to be able to get opinions from them. The risk information that will be given to the employees will be one that relates to them. However, there will be a chance for them to air out their ideas on the project which encourages project participation and acceptance (Nicolas et al, 2017). When the risks are identified, the employee, top management team and project team members opinions will be considered when deciding the suitable solution to the risks. For instance, the cyber security risks will be mitigated by developing a strong and reliable firewall to prevent security breach and malicious application attacks (Mehra et al, 2017). The risk of appliance loss will be reduced by installing the devices with traceable programs and applications to be used whenever they are stolen. The risk of information loss and leakage will be reduced by installing programs that will protect employee devices from being hacked and being used to breach company network firewall. Conclusion Project risk management is an essential process towards ensuring project success. The risk management process involves risk assessment process, risk mitigation process and risk evaluation process (monitoring and controlling). However, the risk assessment process involves the identification of the potential project risks, analysis of the identified risk, risk estimation and finally risk evaluation. In a financial institution, the operations are mostly conducted by the use of information technology devices and appliances. In the modern world, technology advancement has caused an increase in IT risks especially those that relate to cyber security. Additionally, with such a project like allowing employees to use their personal devices in performing business operations, the risks of insecurity also increases. Therefore, I can say that Aztek Company should be ready to perform an effective risk assessment plan to be able to succeed in its project. References Acharya, V. V., Pedersen, L. H., Philippon, T., Richardson, M. (2017). Measuring systemic risk.The Review of Financial Studies,30(1), 2-47. Alhabeeb, M., Almuhaideb, A., Le, P. D., Srinivasan, B. (2010, April). Information security threats classification pyramid. InAdvanced Information Networking and Applications Workshops (WAINA), 2010 IEEE 24th International Conference on(pp. 208-213). IEEE. Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation.European Journal of Operational Research,253(1), 1-13. Beauchamp-Akatova, E., Curran, R. (2013). From initial risk assessments to system risk management.Journal of Modelling in Management,8(3), 262-289. Bonsall IV, S. B., Holzman, E. R., Miller, B. P. (2016). Managerial ability and credit risk assessment.Management Science,63(5), 1425-1449. Choi, T. M., Chan, H. K., Yue, X. (2017). Recent development in big data analytics for business operations and risk management.IEEE transactions on cybernetics,47(1), 81-92. Cole, S., Gin, X., Vickery, J. (2017). How does risk management influence production decisions? Evidence from a field experiment.The Review of Financial Studies,30(6), 1935-1970. Geri?, S., Hutinski, Ã… ½. (2007). Information system security threats classifications.Journal of Information and Organizational Sciences,31(1), 51-61. Gitman, L. J., Juchau, R., Flanagan, J. (2015).Principles of managerial finance. Pearson Higher Education AU. Glendon, A. I., Clarke, S., McKenna, E. (2016).Human safety and risk management. Crc Press. Greenwood, R., Landier, A., Thesmar, D. (2015). Vulnerable banks.Journal of Financial Economics,115(3), 471-485. Hansson, S. O., Aven, T. (2014). Is risk analysis scientific?.Risk Analysis,34(7), 1173-1183. Hatvani, E. N. C. (2015). Risk analysis and risk management in the public sector and in public auditing.Public Finance Quarterly,1, 7. Haimes, Y. Y. (2015).Risk modeling, assessment, and management. John Wiley Sons. Jouini, M., Rabai, L. B. A., Aissa, A. B. (2014). Classification of security threats in information systems.Procedia Computer Science,32, 489-496. Kavun, S., Vorotintcev, M. (2016). Credit Risk Assessment for Financial Institutions Activity.Journal of Finance and Economics,4(5), 142-150. Landier, A. (2011). Vulnerable banks. Loonczi, P., Ne?as, P., Na?, N. (2016). RISK MANAGEMENT IN INFORMATION SECURITY.Journal of Management, (1), 28. Mehra, Y. S. (2017). Awareness of Risk Management Practices System in Indian Commercial Banks-A Perception based Analysis.Asian Journal of Research in Banking and Finance,7(5), 1-12. Nicolas, S., May, P. V. (2017). Building an effective compliance risk assessment programme for a financial institution.Journal of Securities Operations Custody,9(3), 215-224. Olson, D. L., Wu, D. D. (2015).Enterprise risk management(Vol. 3). World Scientific Publishing Co Inc. Peng, X. (2009, July). An integrated risk management model for financial institutions. InBusiness Intelligence and Financial Engineering, 2009. BIFE'09. International Conference on(pp. 414-418). IEEE. Phippen, A., Ashby, S. (2014). Digital behaviors and people risk: Challenges for risk management. InSocial media in strategic management(pp. 1-26). Emerald Group Publishing Limited. Rabai, L. B. A., Jouini, M., Nafati, M., Aissa, A. B., Mili, A. (2012, June). An economic model of security threats for cloud computing systems. InCyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on(pp. 100-105). IEEE. Rahman, S. (2011). Credit risk management practices in Banks: An appreciation.Journal of Islamic Economics, Banking and Finance,7(3), 37-62. Reim, W., Parida, V., Sjdin, D. R. (2016). Risk management for product-service system operation.International Journal of Operations Production Management,36(6), 665-686. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Schneider, G. P., Sheikh, A., Simione, K. A. (2011, January). Managing risk in uncertain times: How internal audit can help. InAllied Academies International Conference. Academy of Accounting and Financial Studies. Proceedings(Vol. 16, No. 1, p. 29). Jordan Whitney Enterprises, Inc. Sinclair, S., Smith, S. W., Trudeau, S., Johnson, M. E., Portera, A. (2007, December). Information risk in financial institutions: Field study and research roadmap. InInternational Workshop on Enterprise Applications and Services in the Finance Industry(pp. 165-180). Springer, Berlin, Heidelberg. Sweeting, P. (2017).Financial enterprise risk management. Cambridge University Press. Trydid, O. M., Kavun, S. V., Goykhman, M. I. (2014). Synthesis concept of information and analytical support for bank security system.Aktual'ni Problemy Ekonomiky= Actual Problems in Economics, (161), 449. Vasile, E., Croitoru, I., Mitran, D. (2012). RISK MANAGEMENT IN THE FINANCIAL AND ACCOUNTING ACTIVITY.Internal Auditing Risk Management,7(1). Wu, D. D., Chen, S. H., Olson, D. L. (2014). Business intelligence in risk management: Some recent progresses.Information Sciences,256, 1-7.