Global Journal Flexible Systems Management -Myassignmenthelp.Com

Question: Discuss About The Global Journal Flexible Systems Management? Answer: Introduction Aztek is going to adopt the IT services to embellish their companys objectives and also to outsource their services to a third party company and they can be highly benefitted from the cloud technology (Wu Olson, 2015). The report will highlight the threats and the vulnerabilities involved with the system. The report will also showcase the security measures by which they can carry on their business activities in a well-secured manner. Review in regards to the financial services The systematic risks are the risks in which individual has no control over. The risks occur due to the external factors are influenced by external factors like war, political factors whose effect cannot be controlled by any enterprise or any organisation or any industry.The systematic risks also get affected by the interest rates and the recession (McNeil, Frey Embrechts, 2015). They can be divided into the following categories- Interest rate, risk, market risk and the purchasing power risk. Here in this risk none have clue. The Unsystematic risks The risks can be well controlled. The individuals or any organisations can control and manage the risks. The risks are within one's range and can be mitigated by simple means. The types of risks that fall under unsystematic risk are a financial risk factor, liquidity risk and operational risks (Lam, 2014). The effect is malignant compared to the systematic risk. The systematic risk falls under the relevant risk. The relevant risks are those risks which can be detected, the risks which can be analysed, the risks which can be controlled. The relevant risks are systematic risks and not he unsystematic risks where individuals or nay enterprises have no control over (Chance Brooks, 2015). The key risks which fall under the category are the operational risk, legal risk, regulatory risk and solvency risk. The strategic risks get erupted in the organisation due to improper decision-making and wrong strategy due to which a project fails. The risks also state that the management team has failed to come up with the changes. This risk can affect the growth of the organisation. The market risks are the risks which get erupted due to the abnormal price rise of any commodity or any resources. The price rise affects the company, affects the finance section of the company (Chance Brooks, 2015). The market risk is correlated with the financial market risk, interest rate risk and the equity risk. The credit risks occur when the borrower fails to pay the loan they have taken. The lender should have taken the responsibility to judge whether the borrower is capable to repay the loan with interest or not, if not judged properly the risk gets erupted. The credit risks occur when the money lender lose the whole money or the whole principle. The legal compliance of all the countries are more or less same and Australia is no exception. Aztek must abide by the legal compliance as this can benefit them in the long run, this can assist them to take the best decision so that they can run the business activities smoothly and fast. The external risk can be fatal for any organisation or to an industry that is why the unsystematic risk must be deal with patience (Chance Brooks, 2015). The external risks can cause a devastating effect to Aztek and the can increase the risks. In this case, Aztek must develop certain strategies to meet their business goals, have to adopt certain strategies so that Aztek can execute the projects comfortably without any risks. Aztek must take the initiative to educate their employees and if the employees have the sound knowledge on the threats and the vulnerabilities and the security measures then they can serve the customers well and with much ease (Bromiley et al., 2015. They can well adept with the cloud technology and the IT services quite well. This can enhance their business activities and market share as a whole. Government regulations The federal body of each and every country apply certain rules, certain policies and by following those rules and the policies the organisations the enterprises can work fast with more productivity. Similarly, Aztek following the rules and the policies made by Australia can embellish their business activities as a whole. This can help to conduct the business effectively as well as ethically (Sadgrove, 2016). Thus Aztek management team should act proactively and must follow the rules accordingly as that can provide them with the business benefits. The factors on which the authorities must focus on- The policies made by the federal authority must be carefully examined, it must be checked whether the policies are related to financial sections or not. If those policies are applied must be applied in an effective manner so that the productivity can be gained. The risks residing within the company must be checked and analysed, the market of the employees and the financial market must be analysed as well. Otherwise, the company will face huge losses. iii. The process which is absolute necessity must be followed accordingly and that to be followed in the best way. Following the procedure, the risks incurred within the organisation huge losses can be minimised (Bolton, Chen Wang, 2013). Best practices Aztek by following the aforesaid procedures can solve the problems that incurred as a result of outsourcing. The challenges that Aztek faced while conducting the business activities must be addressed and if possible in some cases must be discussed with the investors and the stakeholders to get an any better outcome. The following report has showcased the advantages as well as the problems incurred while performing the mentioned practices. Review of project along with the current security measures The report has showcased various aspects of the Aztek company as a whole. The benefits and the ill effects of the related IT services have been detailed in the report. The IT services that Aztek has planned to perform are network configuration, installation of application software and conducting proper management system for the desktop (Ali, Warren, Mathiassen, 2017). Aztek needs to identify the various aspects of the IT services that can assist them to carry out the business operations in an effective manner. Aztek has planned to undertake the strategies that can prove helpful in mere future. The stakeholders involves the- The government agencies work together in accordance with the policies relevant to outsourcing. Investors of Aztek iii. The management team and staffs of Aztek Regular clients and irregular clients Analysing threats, vulnerabilities and the final outcome Effective decision making is important and must be chosen wisely to outsource all the IT services and for this reason, Aztek should test all the vulnerabilities of the company. This kind of initiative will help them to get the desired result which can help them to enhance the services. The threats can be disastrous so they must be handled with care and effective decision-making can help to mitigate the threats and vulnerabilities incurred. Generally, Aztek serves financial services to the clients all over Australia s (Rittinghouse Ransome, 2016). Therefore they deal with the personal information of the clients and that is why they must safeguard these vital data of the customers safely and securely and must not disclose. However, due to the malware attack, those data can get hacked and breached. The IT services risks if not diminished in time can create havoc. The whole database and the system can get breached as a result of this and Azteks reputation can be under threat. The company can lose the clients base, can even lose huge lots of money (Choo, 2014). Thus a security model must be developed to add the security measures to the Aztek database and system. Aztek requires cooperation from the clients as they are going to shift to the cloud, shift to a cloud platform. They should not forget the demands and wishes of the third party organisation. In this case, Aztek's management team has developed a model and the model is based on the following factors- Strategies to recognise the objectives- The risks involved with the database storage is the main area of concern. The secured framework can protect them from potential threats and cater them the best solutions. The assassination of applications- The application programs must be chosen wisely by Aztek. The assessment of risks must be conducted after that. The aforesaid approach can help them to get the desired outcome they want (Islam et al., 2016). The secured framework can help them to use the IT services in a more efficient manner; it also assists them to take the best plan to assure the security of their database and the system. The highlight of the features of the security objectives- Aztek via the security framework model can assess the vulnerabilities and the threats associated with Aztek's system. The Aztek management should act in a proactive manner and should be aware of the fact their database contains the sensitive information of the clients and also the financial data of their company (Choo, 2014). These data must not get compromised at any cost and Aztec should make sure of this. Identification of threats Phishing attacks- The phishing attack is carried out by the hackers. The hackers gain access to ones system and stole all the vital data. They copy the HTML code of Aztek and develop a site which is Aztek look-alike. The users who are innocent tries to gain access to the system entering all the credentials and thus the hackers acquire all the credentials for entering their system (Albakri et al., 2014). The hackers also attack the clients by means of spam emails the innocent clients click on the suspicious email and get trapped. Data Packet Sniffing- The insecure network can be vulnerable to attack, the insecure network along with the data flow through this network can get hijacked by the hackers and in this way they can rob all the sensitive data of the clients. IP spoofing-IP spoofing is another means by which Aztek's clients can get trapped. The hackers generally carried out their attack remaining in the background hibernating from others. They hide their source and attack (Albakri et al., 2014). Thus Aztek can only find out that the hackers have attacked but cannot be able to find out from which source they are carrying out their vulnerable attack. Port Scanning- The hackers via port scanning can know the service Aztek is utilising in their office premises. Then the hackers try to figure out the loopholes in their services and find out the loopholes they carry out their attack. Azteks system can be exploited by the same. Backdoors- The backdoors are created by the web developers to facilitate the development of the site. The web developers keep a constant look on the website code and decide Identification of vulnerabilities Predictable session identifiers- Using the Base 64 the hackers identify the session identifiers. The algorithm is reverse engineered by the hackers to carry on their misdeeds. Dependent on client-side validation- The settings of browser and the browser history can get hacked and along with that the Javascript stored in the database gets disabled by the hackers. In this way, the security of the system and the database can get threatened. iii. SQL injection- SQL injection threats is another notable one. The hackers by exploiting the Aztek database can acquire the credentials of the clients from the database. Unauthorised execution of operations- The authorization and authentication of Aztek can get threatened by the hackers and Aztek can face severe loss. Cross-site scripting- The cookies can get stolen from the browsers by the hackers and make it exploitable to attack (Peltier, 2016). The hackers who have the knowledge of web scripting language, CSS and HTML can exploit and make any Azteks client website vulnerable to attack. The hackers can install virus too. Issues related to uploading- The Aztek system applications and the database can be under serious threat due to the malware attack. The hackers via XSS and the Trojans can exploit the system and the database. vii. Issues related to logging out- The clients sometimes feel too lazy to log out of the system, the attackers can gain into the Aztek account via an insecure network and can rob the important data of the database, thus the clients' data can get breached (Sennewald Baillie, 2015). viii. Passwords- The clients sometimes set very easy predictable passwords for their system which can be guessable and thus the system becomes vulnerable to attack. The lazy approach from the clients can prove dangerous (Rittinghouse Ransome, 2016). The hackers via brute force method can gain access to the system and expose the vulnerabilities residing within the database and the system of Aztek. The unencrypted passwords- The clients unknowingly store passwords in their system as they tend to forget the password. The attackers attack the system via virus and malware and Trojan virus and acquire those files where the password is written. Also, the hackers search for the hidden files in the system where the password is saved in unencrypted form. Phishing attack- The phishing attack is another noteworthy mention which is a disastrous one, the hackers send spam emails to the clients of Aztek claiming that they are sending emails from Aztek (Almorsy et al., 2016). The clients can unknowingly enter those malicious sites and thus can lose confidentiality and lose all the credentials and can even lose all the sensitive data. The absence of account lockout- The account lockout absenteeism can lead to cybercrime attack. xii. Not showing the previous sessions- The innocent clients unknowingly can enter their personal information again and again and thus risks their own privacy. In this way by catering the username, password the clients can get into trouble and their confidential data can get breached (Ahmad Maynard, 2014). xiii. No appropriate settings for cookie security: The hackers can develop a channel for Aztek clients and the server and via this channel, the browser cookies get transmitted (Siponen Mahmood Pahnila, 2014). The hackers first exploit the system and gain access to those browser cookies and this way threats can spread all over Aztek. xiv. Weak cyphers- The attackers can expose the system and the database and can record what is being transacted and in this way, the SSL key is cracked the intruders get into the system. It can be concluded that Aztek management needs to implement a correct strategy via which the security management risks can be checked. Via this method correct methodologies must be adapted to control, to implement, and to work on the information security system. The standards and the policies must be followed to embellish the business operations as well as the deliverance method. Aztek can adopt the code of practice developed upon ISO strategy and they can get benefits via this approach. Aztek can even diminish the risks associated with the company's premises for the IT services via this method (Sawik, 2013). Thus in case of the control mechanism, proper guidance can be initiated to make the necessary changes to improve the quality of services Aztek offers. Aztek must adopt the cloud technology for good, this can largely benefit the clients, the employees and the stakeholders of Aztek. The cloud technology can help them to conduct business in agile and efficient manner. Also with the advent of cloud computing, they can stay connected with their customers all throughout day and night. However, they must be careful about all the issues associated with cloud computing, they have to have secured network connectivity and relatively fast bandwidth to get their job done (Chen et al., 2013). They must consider the below factors while conducting business operations over cloud- Usage of the features of the services. Confidentiality Availability of the options (Pascoal, 2012). Problems related to integrity Transparency followed between both the companies Multi-party or company trust By showcasing the above factors Aztek can develop an effective strategy to conduct their business activities and on the other side can check the threats and the vulnerabilities associated with the company. The stakeholders and the investors can be greatly benefitted by this approach (Dotcenko, Vladyko Letenko, 2014). The outsourced tasks can be greatly carried out significantly in a secure manner. Thus to acquire the best possible benefits, the company needs to acquire the secure model to develop effective service level agreement. This initiative can assist them to overcome the challenges and assist to implement the best method by which the company can be highly benefitted. Control measures to mitigate the threats associated with Aztek Managing an accurate inventory of control system devices: Aztek should not allow their computer nodes to stay connected with any kind of wired or wireless network partly if gets connected to any sort of network partly then the hackers will get the opportunity to grasp over the insecure network (Kimwele, 2014). Therefore, Aztek must keep an eye on the system nodes whether they are connected as a whole and should check whether they are partly connected or not, otherwise via those loopholes the hackers can enter the system. Developing network boundaries: The network boundaries are there to assure security to the system and the database and to detect any defects within the security framework model (Fenz et al., 2014). These are the controls that are used to filter out the inbound and outbound traffic. The firewall is network boundary equipment and is used to check the malicious data flow and in this way, the network must be governed. iii. Using Secure Remote Access methods: Aztek should use the Virtual Private Network as they are known to cater the secure channel via which they can carry on their business operations. The Aztek clients can conduct all the financial activities in a safe and secure manner, they can also protect and safeguard their system due to this secure channel (Crossler et al., 2013). Aztek can safely use the printers and websites connecting to the Internet due to this secured channel. Establishment of role-based access controls: The clients should be given certain permission to use the database and system and that should not exceed. The employees should also be given the permission to access the database according to their job role. In this way, the hackers' entry can be checked to an extent. Thus Aztek can carry out their business activities in a secure manner (AlHogail et al., 2015). This initiative also let us know that the malicious activities of the hackers. Aztek can also utilize the logging capabilities and via this method, Aztek can enhance their security in their office premises. Use of strong passwords: The clients must act in a proactive manner while using the Aztek system. They must utilize a password which is not predictable, cannot be guessed easily and cannot be predicted so easily that is why the password which the clients set must contain at least one big case letter, one small-case letter and one symbol, and the password must be overall eight digits long. The password set by the clients cannot be anyones one place or anyones name (Bell, Ndje Lele, 2013). Thus setting a strong password they can assure safety and security of them and also Aztek, otherwise, the weak password can lead to vulnerabilities like hacking of one's personal data. Thus they all must be careful while choosing the password for their system. Installation of antivirus software: Aztek must not deny the positive effect of antivirus software. Aztek must choose antivirus software wisely otherwise there is a chance their vital data can get breached. They must know that the antivirus software is capable to defend that malicious software those try to enter the system. The system can get overall security due to the approach. They also should use the latest hardware, latest software and the latest operating system as this can help them to achieve the goals. They also must update their system and the database regularly along with that they must apply patches (Singh et al., 2013). Thus it will help them to carry out their business activities in agile and effective manner. The outdated software and hardware are threats to any system and Aztek is no exception so they must be careful. vii. Enforcing policies for mobile devices: The mobile devices must have an antivirus installed and along with that the clients must use a strong password for the system. This can save the sensitive information stored in the system by the installation of the aforesaid approach. viii. Cybersecurity team: The cybersecurity plays an important role to fight with the hackers. The Aztek employees must know all the security measures as that will help them to carry out their business operations in safe and secure manner. Any hackers if want to gain entry to the system they can get to know the vulnerable attack and also about the vulnerable network (Singh et al., 2013). The cybersecurity team thus can educate the Aztek employees to conduct the business activities. Involving executives: The executives can prove to be beneficial while identifying any cybersecurity risks erupt within the system; they can also help to connect to the stakeholders (Bell, Ndje Lele, 2013). The executives are aware of the cybersecurity threats thus can provide best solutions to the check the IT risks and also this effective decision can help them in the long run. mplement a disaster plan beforehand: A disaster management plan must be made as this can help to effectively run the business and to make best decisions, also the companys huge losses can be controlled (Bell, Ndje Lele, 2013). Like any other organisations, a disaster plan is absolute necessity for Aztek too. Conclusion It can be concluded from the above discourse that Aztek must adopt the cloud technology for good. They also must be aware of the threats and vulnerabilities associated with the system. They must be knowledgeable about the security measures that must be applied to secure their database and the system. The security measures can also help them to conduct business activities over the cloud platform. The cloud platform can cater them the competitive edge to succeed in the business. Apart from this, they must abide by the SLA factors and regulations to ethically and efficiently conduct IT services. References Ahmad, A., Maynard, S. (2014). Teaching information security management: reflections and experiences.Information Management Computer Security,22(5), 513-536. Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., Ahmed, A. (2014). Security risk assessment framework for cloud computing environments.Security and Communication Networks,7(11), 2114-2124. AlHogail, A. (2015). Design and validation of information security culture framework.Computers in human behavior,49, 567-575. Ali, A., Warren, D., Mathiassen, L. (2017). Cloud-based business services innovation: A risk management model.International Journal of Information Management,37(6), 639-649. Almorsy, M., Grundy, J., Mller, I. (2016). An analysis of the cloud computing security problem.arXiv preprint arXiv:1609.01107. Bell, B. G., Ndje, Y. J., Lele, C. (2013). Information systems security management: optimized model for strategy, organization, operations.American Journal of Control Systems an Information Technology, (1), 22. Bolton, P., Chen, H., Wang, N. (2013). Market timing, investment, and risk management.Journal of Financial Economics,109(1), 40-62. Brender, N., Markov, I. (2013). Risk perception and risk management in cloud computing: Results from a case study of Swiss companies.International journal of information management,33(5), 726-733. Bromiley, P., McShane, M., Nair, A., Rustambekov, E. (2015). Enterprise risk management: Review, critique, and research directions.Long range planning,48(4), 265-276. Chance, D. M., Brooks, R. (2015).Introduction to derivatives and risk management. Cengage Learning. Chen, Z., Han, F., Cao, J., Jiang, X., Chen, S. (2013). Cloud computing-based forensic analysis for collaborative network security management system.Tsinghua science and technology,18(1), 40-50. Choo, K. K. R. (2014). A cloud security risk-management strategy.IEEE Cloud Computing,1(2), 52-56. Cremonini, M. (2016). Cloud Security Risk Management.Cloud Computing Security: Foundations and Challenges, 87. Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., Baskerville, R. (2013). Future directions for behavioral information security research.computers security,32, 90-101. Dotcenko, S., Vladyko, A., Letenko, I. (2014, February). A fuzzy logic-based information security management for software-defined networks. InAdvanced Communication Technology (ICACT), 2014 16th International Conference on(pp. 167-171). IEEE. Fenz, S., Heurix, J., Neubauer, T., Pechstein, F. (2014). Current challenges in information security risk management.Information Management Computer Security,22(5), 410-430. Goldstein, A., Frank, U. (2016). Components of a multi-perspective modeling method for designing and managing IT security systems.Information Systems and e-Business Management,14(1), 101-140. Islam, S., Fenz, S., Weippl, E., Kalloniatis, C. (2016). Migration Goals and Risk Management in Cloud Computing: A Review of State of the Art and Survey Results on Practitioners.International Journal of Secure Software Engineering (IJSSE),7(3), 44-73. Kimwele, M. W. (2014). Information technology (IT) security in small and medium enterprises (SMEs). InInformation Systems for Small and Medium-sized Enterprises(pp. 47-64). Springer Berlin Heidelberg. Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Latif, R., Abbas, H., Assar, S., Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. InFuture Information Technology(pp. 285-295). Springer, Berlin, Heidelberg. McNeil, A. J., Frey, R., Embrechts, P. (2015).Quantitative risk management: Concepts, techniques and tools. Princeton university press. Peltier, T. R. (2016).Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Pritchard, C. L., PMP, P. R. (2014).Risk management: concepts and guidance. CRC Press. Rittinghouse, J. W., Ransome, J. F. (2016).Cloud computing: implementation, management, and security. CRC press. Rittinghouse, J. W., Ransome, J. F. (2016).Cloud computing: implementation, management, and security. CRC press. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Sawik, T. (2013). Selection of optimal countermeasure portfolio in IT security planning.Decision Support Systems,55(1), 156-164. Sennewald, C. A., Baillie, C. (2015).Effective security management. Butterworth-Heinemann. Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., Ojha, A. (2013). Information security management (ism) practices: Lessons from select cases from India and Germany.Global Journal of Flexible Systems Management,14(4), 225-239. Siponen, M., Mahmood, M. A., Pahnila, S. (2014). Employees adherence to information security policies: An exploratory field study.Information management,51(2), 217-224. Wu, D. D., Olson, D. L. (2015). Financial Risk Management. InEnterprise Risk Management in Finance(pp. 15-22). Palgrave Macmillan UK.