Tuesday, May 5, 2020
Data Mining Applications For Risk Detection ââ¬Myassignmenthelp.Com
Question: Discuss About The Data Mining Applications For Risk Detection? Answer: Introduction This report analyzes the IT risks that are prevalent in allowing employees to bring their own devices in the work place. The assessment analyzes the IT risk that Aztek will be exposed to by allowing their employees to bring their own devices such as laptops, tablets, and mobile devices to the workplace to be used as the main or the only devices in achieving task at the workplace. IT risk management is the process of applying methods and techniques of risk management to manage situations and scenario that exposes a business organization to undesirable outcomes. IT Risk management is considered as part of the broad enterprise risk management. This structuring, establishing, maintaining and continuous monitoring, repair and maintenance of information security management system helps to ensure the important data and the systems are secure and free from interference. Some of the common risks in IT include lack of proper documentation, poor communication in the organization, lack of proper coordination in the organization, risk of failure of the devices, lack of data security, third party risk management issues, risk of fraud and misconduct, risk of complacency by the employees, risk of crisis occurring in the organization, risk of misuse of devices and the risk conflicts between the employees and the organization (Olson Wu,2008). This report analyzes all the potential risk situations in the environment of Aztek. The paper analyzes the potential loss from this risk and helps to examine on whether or not the company should go ahead with the project. The paper also analyzes the project in respect to the Financial Service Sector which includes government and private institutions. This will help to provide important information to help in carrying out this task, the existing recommendation in this industry and the consequences and threats arising from the IT framework being used by the organization. Review of project in respect to the financial services sector The project of Aztek allowing employees to bring their own devices and use them at the workplace has many risks associated with it. Given that Aztek is a financial institution, it is clear that there are risks levels are high since the financial services industry is already at risk due to the probability of theft or fraud. Most financial institutions in Australia and globally, nowadays use mobile devices or tablets to provide services to clients. The use of these devices has been driven by the growth in the usage of internet and mobile technology by customers. This has resulted to change in behavior of consumers. Consumers nowadays are not interested in visiting financial institutions physically and they prefer getting the services they require from the comfort of their mobile device or other gadgets such as tablets or laptop (Moran, 2014). The need for fast and efficient services has resulted in increase in usage of technology in financial services industry. This has therefore broug ht about the need for most of the staff working in financial organizations to use these electronic devices while carrying out their tasks at the workplace. The risks that are most prevalent for Aztek allowing its employees to use their own devices to perform tasks in the organization include. The employees may tend to misuse social media. Social media sites are the bottom line of today`s mobile phone technological innovations. There are very many social media sites today and most of them are compatible with mobile phones and other devices such as laptops and tablets. Allowing employees to bring their own devices to the company for use in performing tasks related to the their job might result to employees misusing social media (Harkins, 2013). This may be through posting personal messages to customers and this may result to undesirable consequence for the company. The company has social media accounts which it uses to communicate regularly with its customers and which helps the company to get feedback from customers. Therefore allowing customers to use personal devices to carry out tasks related to the job may lead to customers using social media in appropriately and may end up ruining the companys relationship with customers. The employees may also engage customers unprof essionally by starting dating or any other casual inappropriate behavior. Allowing customers to use their personal devices at the workplace may lead to violation of regulatory requirements in the industry. The financial services industry has many regulations related to the transactions and relations with customers. The financial industry restricts the sharing of client information with other people and it may result to serious violations which may end up being so costly for the business. The use of personal devices by employees may result to the risk of violating the privacy regulations in the industry. The financial industry has strict regulations regarding the privacy of customers and therefore the risk of this project is too high. The financial industry regulators have put restriction on the handling of financial records regarding the handling of accounting information. The recording of cash transactions and other aspects of accounting that are sensitive in te operations of the business are sensitive and therefore the industry regulations have set basic rules and policies regarding the accounting information. Use of personal devices by employees of the in Aztek may result to increase in contradicting information being entered by different employees and thus making it difficult to account for the daily transactions at the company. The use of personal devices by employees at Aztek may also result to unauthorized employees getting access to confidential company information. This is because the use of these devices will make it easy for all employees to access passwords and other security to the IT system of the company (Hussain, 2010). Due to this access, the employees who are not allowed to assess particular information may get access to this information and thus resulting to loss of confidentiality within the organization. Some employees may tend to misuse the confidential information obtained and this may result to harm for the company. The confidential information obtained may also be traded to the competitors and used to intimidate Aztek. This may eventually give the competitors a competitive advantage and therefore ruin the market share of Aztek. Review of project in regard to current security posture of Aztek The use of personal devices by the employees of the company may result to violation of some company policies and procedures. The companys code of ethics has clear indications concerning the operations of the company and the conduct of employees at the workplace. By allowing employees to use their personal devices at the workplace, this would be in contradiction to the policy which indicates that only specific employees are allowed access to data and information concerning the company accounts and information on customers. Only senior company employees are allowed to assess the data on important customer information. Therefore by allowing all employees to use their personal devices to carry out tasks at the organization, it may result to the employees and the organization itself disregarding the ethics and policies of the company. The risk of violating the company policies may lead to lack of discipline among employees in regard to other matters in the company. The project by Aztek of allowing all employees to bring their personal devices for the use in carrying out company tasks results to the risk of losing important company data. By allowing employees to use their personal devices to carry out tasks related to the job,it may expose the company to unprecedented risk situation breach of security. The personal devices of employees may not be that secure and might be corrupted with many different viruses in form of software. Therefore, when these devices are allowed access to the companys databases and other software, it may destroy all the data available in the system. The backup data servers may also be destroyed and this leads to the loss of important information on customers and the company itself. This would cost the company directly and indirectly since information is very important in this financial services industry. The company may end up getting sued by various customers on the loss of their records by the company. The company woul d also lose important historical information which is used for decision making by the company. Loss of data on the company may bring about total failure of system used to store the data and this also costs the company a lot of money to reinstate these systems. The use of personal devices by employees may enable the employees to interfere with the databases of the company. This may result to loss of bulk data of the company and also loss of security on the accounting information systems used by the company. The other IT risk associated with the allowing employees to bring their own devices to the company for use in performing tasks is that it results to loss of productivity in the company. By employees using their own devices such as laptops and mobile phones may result to employees using a lot of the time at work on engaging in personal issues and activities using their devices. Particularly social media frenzy has become an issue at the workplace with many young employees who represent the largest proportion of the companys employees. A research conducted in Australia by Hillson, (2011) indicates that 73% of employees use almost every minute they find themselves free at the workplace on social media. Employees are always alert to check the responses and messages they get on social media and this distracts them from the target that the company is focusing on. It would be difficult for the supervisors to know whether an employee is using the device for their own communication or they ar e using the device for work purpose. The employees in the company may decide to take advantage of this project to spend time in social media and other forms of communication to chart with friends instead of them concentrating satisfying the needs of customers which is their main mandate. This therefore results to loss of a lot of man hours which would have otherwise have been used to serve clients and answer their questions as well as address their complaints. This therefore results to decrease in productivity of employees and therefore the company loses a lot of revenue due to this. The company also incurs a lot of expenses on paying employees who are not maximizing output. Assessment of risk based on threats, vulnerabilities and consequences derived from the IT Framework Hardware impact is another major risk that Aztek is exposed too in regard to the new project of allowing employees to carry their own devices for use in carrying out tasks related to the company operations. The devices owned by different employees vary in terms of hardware components. The devices that possibly could be used in the company include mobile phones, laptops and tablets. These devices hardware components are different from one another since they are from different manufacturers. This means that these devices are different in usage and some of them may be more difficult to use than the others. Some personal devices may also fail to perform complex task at the workplace and therefore making it difficult for some employees to perform their duties effectively (Sukel, 2016). Some of these personal devices may be more difficult to use than others and these differences may present a major challenge for the organization. The organization needs to train all the employees on how the y can use their personal devices to perform tasks at the organization. The risk of the hardware devices owned by the employees being incompatible with the software used by the company is very high. The software used by Aztek to record and store the financial information on customers and all the transactions with other business organization is very complex (Ghosh, 2012). This means that there is a very high possibility that the software fails to fit in with the hardware components of the employees and hence the devices may not be able to accomplish the objective that Aztek intended. The compatibility of the software and the hardware components is a very crucial aspect of in the IT project and therefore, in case any of the devices fails to run the software of the company, the employees will get inconvenienced or will be forced to buy another device. The risk of storage issues and future referencing of information is a major risk for Aztek project of allowing employees to bring their own devices for the use in performing tasks at the workplace. Some of the devices owned by the employees have very minimal storage spaces and may not be able to handle information related to the companies` operations (Koyuncugil Ozgulbas, 2011). This therefore means that the company may face issues on storing customer data and important transactions undertaken by the company. Aztek by adopting this project exposes itself to the risk of losing storage space and hence losing some important information which could be useful to the organization. Aztek may also be forced to buy extra storage devices to be used in the company. The project of allowing employees to use their own devices to carry out tasks related to the employees job description may result to the company losing intellectual property rights and company business secrets. This is because; the employees may get an opportunity to hack into the databases of the company which has very secretive and important information on the company. The employees may decide to reveal this information to a third party with bad faith. This information may be used to benefit other organizations in the same or other industries without the permit or the license from Aztek. The leakage of the trade secrets and the intellectual property rights may result to the competitors using this data and important information to benefit them. Aztek may on the process end up losing customers to the competitors and hence loss of revenue and decrease in profit margins of the company. The other IT risk that is associated with this project is that it may result to misstatement and omission in the financial statements. The accounting process is very critical in achieving correct information when preparing the final reports for an organization. If Aztek allows employees to use their personal devices in recording financial transactions, the employees may omit some of the information with hidden purpose motive. The employees may also record the wrong information intentionally and it may be difficult for the management to notice the misstatement and the omissions. This misstatement and omissions may be carried out to the final financial reports. This may result to the company incurring very high costs in internal audit of financial statements. It may also create a perception among clients and potential investors that the company is not transparent in its dealings and may be trying to exaggerate financial information for its own gain (Solozhent, 2009).The handling of the companys financial transactions by many employees in Aztek may result to the company being unable to track and verify information entered on its database. The other risk associated with the project of allowing employees to use their own devices to perform their own tasks at Aztek s that it would result to unsupport by management. The implementation of this project would result to a situation where the employees make decisions on their own accord possibly without consulting the management of the company. When the employees use their own devices, they may develop a sense of ownership of the company itself and may feel the need to exercise a lot of control in the company. This has the danger of employees making the wrong decisions that are not of interest to the company. Decision making of the company becomes decentralized and there is likely loss of control and coordination in the company. Apart from decision making that is unsupported by management, the project may bring about a situation where there is lack of communication within the organization. Giving orders and instructions to the junior staff by the supervisors becomes tiresome since the flow of information and communication becomes distorted. Communication between the company and customers as well as other corporate partners becomes very difficult since the employees may give conflicting responses to questions and comments made by the customers. When this happens therefore, customers lose confidence in the organization and they may decide to seek for the financial services elsewhere. Aztek may therefore start performing poorly financially and this has detrimental effect on all the stakeholders in the company. The implementation of the project on employees using their own devices to perform work related tasks may result to the risk of the business failing to achieve its objective. Aztek has clearly stated long term and short term goals. The goals are outlined in the companys strategic plan and the marketing plan. One of the objectives of the company this year is to expand customer base through a coordinated use of social media and other aggressive marketing techniques. For the company to achieve this, the social media communication efforts of the company have to be highly coordinated and organized in order to ensure that the company is able to transmit the desired message effectively. This therefore ensures that the company is able to communicate effectively with its customers. If all the employees are entrusted with the responsibility of communicating to customers may end up making the organization fail to achieve its objective. The loss of productivity by the companies` employees is also a major destruction for the company. Since the devices will destruct employees from focusing on their main objective and task in the company, it will affect the output of the whole organization and hence resulting to loss of income. The day to day operations of the company may also get distracted by the use of the personal devices in the company and this result to poor coordination and service delivery to clients. The company is also exposed to the risk of failure to incorporate IT policies and controls into the business. In order to implement the project successfully, the company needs to incorporate the IT policies and controls into the business framework of the company. This is important in ensuring that all the activities of the organization are well aligned to the information technology system that the company is using. This is important in helping to achieve the objective of efficiency within the business organization. failure to achieve this incorporation may result to disjointed effort and waste of IT resources without them achieving the purpose they were meant to achieve. Aztek is also exposed to the risk of storage, retention and forensic issues restricting the industry. The nature of the industry that Aztek is operating in makes it very important to have devices that are capable of strong large volumes of data safely(Ackermann, 2013). The devices should also have the capability of retaining data for a long time. Data retention is important since it is an important source of referencing or the company. A company can use the past data recorded by the system to solve disputes that may occur in future. Apart from exposing the company to the risk of losing important data through poor storage and data retention methods, this project also brings about the forensic issues in case of fraud. The financial services sector all over the world is associated with high level and sophisticated fraud. Therefore, in case fraud happens within the company, it is important to have in place an IT system that is able to support investigations on the crime. If Aztek allows all its employees to use their personal devices to perform tasks and functions related to their job, it would be difficult for forensics to be able to trace information and follow up the case to its very end. Since the individual employees have control of their own devices, they will most likely interfere with the evidence to conceal information which would have otherwise been crucial in the investigation. This therefore means that Aztek would expose itself to a very big risk of being defrauded by its own employees and failing to trace the criminals using reliable forensic investigation. In case fraud occurs, the company stands to lose a lot of money. Aztek would be exposed to the risk of inappropriate and inaccurate audit procedures. When the financial transactions are carried out using the personal devices of employees, it becomes difficult for the auditor to trace the original transactions and ascertain the information and records kept by the employees. This is made difficult by the fact that the employees personal devices are used for many other different purposes and it would not be professional and ethical to rely on the employees personal devices when auditing the companies` books of account. Therefore, it is risky for the company since it may rely on information that is of low confidence level and therefore may end up giving inaccurate report. It may also make it necessary for the company to put in place strong internal control measures and policies to ensure that the company complies with the standards and requirements when it comes to accounting for various items in the company. The new project by Aztek is exposed to the risk of not being viable for a long time. Sustaining the project for a long time while getting the desirable results may prove to be very difficult for the company (Bodie Taqqu, 2012). This is because; there are many issues that surround the use of personal devices at work. For example if an employee loses his/her device, it may be difficult for the employee to acquire a new one instantly and hence bringing about inconvenience at the workplace. The project is unsustainable also because of the need for very close supervision so as to ensure that the devices are being used for the right purpose at the workplace. Therefore, Aztek risks investing in the new IT system which may end up becoming unsustainable and not viable and hence may get discarded after just a short while. Conclusion Management of IT risks is very important for any business organization. This is because, it is a powerful tool to avoid the business getting into investments that are not viable or making loses due to things that could have been predicted and avoided. This paper analyzes the IT risks that the project by Aztek on allowing employees to use their own devices to perform work functions. The report analyzes the industry regulations and policies that may hinder the implementation and functioning of this system. Proper investigation and analysis is done to establish the potential risks that may come with the implementation of the project. From the analysis carried out in this essay, I would recommend that Aztek should not implement this project since its too risky for the company and may end up distracting the company from achieving its primary objective. References Ackermann, T. (2013). IT security risk management: Perceived IT security risks in the context of cloud computing. Wiesbaden: Springer Gabler. Bodie, Z., Taqqu, R. (2012). Risk less and prosper: Your guide to safer investing. Hoboken, N.J: Wiley. Cunningham, W. V. (2008). Youth at risk in Latin America and the Caribbean: Understanding the causes, realizing the potential. Washington, D.C: World Bank. Ghosh, A. (2012). Managing risks in commercial and retail banking. Singapore: John Wiley Sons. Gibson, D. (2015). Managing risk in information systems, second edition. Burlington, MA: Jones Bartlett Learning. Harkins, M. (2013). Managing risk and information security: Protect to enable. New York: Apress. Hillson, D. (2011). Managing risk in projects. (Managing risk in projects.) Farnham, Surrey [u.a.: Gower. Hussain, A. (2010). Managing operational risk in financial markets. Oxford: Butterworth-Heinemann. Koyuncugil, A. S., Ozgulbas, N. (2011). Surveillance technologies and early warning systems: Data mining applications for risk detection. Hershey, PA: Information Science Reference. Moran, A. (2014). Agile risk management. Sukel, K. (2016). The art of risk: The new science of courage, caution, and chance. Solozhent?s?ev, E. D. (2009). Scenario logic and probabilistic management of risk in business and engineering. New York: Springer. Olson, D. L., Wu, D. D. (2008). New frontiers in enterprise risk management. Berlin: Springer.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.