Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

Outsourcing Information Technology Risk Management Add in library

expert-image Hafizah Chen 4.9/5 hire me
311 Download7 Pages 1,590 Words


Describe about the IT Risk Management?



This report is about outsourcing information technology from a third party in business process of a company named Aztec that operates in Australia. Outsourcing IT involves variety of function such as operating services, local area network and software hardware and software, application development, etc

IT outsourcing is a common phenomena in financial service (Herbane, 2005). It is so because primarily outsourcing helps in cost reduction. There are also several roles of the outsourcer of it function such as investigation and violation of review report, plays role for maintenance of procedures and policies of information security of clients, building awareness and techniques to use information system via training etc

When companies like Aztec outsourced it services they have to share this information with the staff of the outsourcer. Majority of the companies in financial sector miss to make agreements with the third party when they negotiate for the IT function (Hopkins, 2003). As the result they have to pay extra during system crash in order to make back up of lost information (Merna & Al-Thani, 2008).

Financial service sector review

Financial sector is a sector which changes their organization process constantly. Information technology in financial service industry, especially in business process of Aztec changes in very small time span in particular real side of organizational business process (Macdonald, 1995).

Financial sector industry is unable to moving forward without using information technology system. Information system is one of the most important technologies within financial sector that generates process automatically.

Due to increase of excessive competition, Aztec has to generate excessive capacity within their business process and depress their margin. Marginal edge of the risk thinking will be the best procedure and tempting them toward the failure via building riskier portfolio and removing the margins (Merna & Al-Thani, 2008). In the financial service industry, Aztec faces high barrier that prohibited their business and make it more badly than its competitors. Hence it is identified that competition within the business of Aztec is working asymmetrically due to low development of technology. Using information technology Aztec would be able to offer better services to their customer that fulfill customer requirement and also increase customer base. According to vinaja(2008) most of the business organization in financial service sector outsourced IT functionalities in terms of diversification and generates high revenue growth.


Security posture review

Outsourcing information technology fundamentals in the business process of Aztec may create the culmination of sense making in for the organization. Sense making allows the organization in scanning the whole environment and interpret with each other properly. Based on the information it helps in taking action.

The shifting from brink to click in financial services like Aztec has created various risks like reputational risk, system risk, money laundering risk, financial risk, strategic risk etc. it also includes other problems like requirement of software and hardware which includes high investment by the company which also leads to the problem of integration of the old system with the new system, excess capacity and also cost control issues. There also is the problem of the current system being outdated.

The company takes total responsibility of maintaining security of implemented system. Budgetary constraint is also one of the most difficult parts to undertake within operational process of Aztec. If the organization outsourced the specific functions of IT asset, the company Aztec can gain their access of information in financial service sector and constraint the budgetary. Outsourcing of IT fundamental within the business process of organization in financial service industry can represent the transaction cost theory contradiction. Outsourcing the specific function of IT asset in business process of Aztec, the company is able to monitor their costs in better way. The tools and technique of information technology also reduce production cost when it was outsourced.

Aztec would the following threats while outsourcing it’s it functionalities like desktop and network management or application development to a third party:

1] Customer protection

2] Data confidentiality

3] System availability

4] System integration

5] Transaction and customer authenticity

Customer protection

Aztec must make it sure it sure that their customers are properly authenticated before the access the sensitive information of the customer. As the customer are logged into their account for quite a long time their information are stored in the data base which creates chance of it being directly attacked on the system or the customers confidential information through  worm, spamming, key worming etc


Data confidentiality

Data confidentiality refers to protection of valuable information and at the same time permitting authorized access. The ability of data protection through software and also recover data in case of their loss through backup, recovery policy etc gets reduced for Aztec.

System availability

The customers who are online depended online expect 24hrs service online each day. Thus by outsourcing it will not be ensuring that there is ample of capacity and resources in terms of software, operating capabilities and software for all round service.

System integrity

By outsourcing the It functionalities, Aztec may face operating flaws and transaction error that might result due to latent transmission or processing as the system would be totally automated.

Transaction and customer authenticity

If the outsourcing partner is not authentic, there might be issues related to transaction and customer authenticity. By outsourcing Aztec needs to make sure about the methods that their outsourcing partners are utilizing for protecting the customer authenticity and transaction.


Vulnerabilities of outsourcing

Banks may be misled due to security risk exposures and also risks of becoming victim of security breach, which might become a serious problem for banks and their users. If Aztec focuses on utilizing the present automated system of vulnerability management, it have some hidden flaws which do not have the capabilities to accurately resolve the outcomes. This impact may include inappropriate security vulnerabilities, inefficient utilization of utilization of IT resources and possible exploitation due to cybercriminals and also inundated resources of IT security that might lead to absenteeism of the employees, lower satisfaction level of job and as also erroneous risk of security which will destroy the credible information security system of Aztec.

Risk mitigation

The risk treatment process aim at selecting security measure to avoid reduces, transfer and reduce risk and produce a risk treatment plan that is the output of the process with the residual risk subject to the assessment of the management.

It risk management includes following five steps

1] Understand and define your information risk universe

To develop a comprehensive information risk management{irm} framework the organization must fix each member it’s responsibility.

2] Determine confidentiality integrity and availability requirement

Not all level of business requires the same level of protection. Contractual obligation and legislative mandate may determine business control for some organization, but for others informed judgment calls in conjunction with partners in line of business is necessary. When accessing the criticality of a function, answering these three questions can be done

  • How confidential is the function
  • Is the accuracy of the function’s information relied on heavily?
  • If this functions not there when needed, what are the consequences?

3] Define your control

Ciso needs to measure the security controls in all of these business groups to be able to do their jobs effectively. ciso should also employ a framework based approach to identify and measure these areas in  order to track their progress over time.


4] Develop enforcement, monitoring and response mechanism

An irm framework must ensure that these controls are defined, enforced, measured, monitored and reported. For areas where these controls may not sufficiently mitigate the risk, cisos must ensure that those risk are reduced transferred and accepted,

5] measure and report.

Many security mangers are focused on gathering and reporting tactical and status update information. To develop a successful security metrics metrics program, cisos need to identify, prioritize , monitor and measure security based on business goal and objectives. They should then focus on translating those measurements into business language that can be of use to executive management.


This report is adopted for providing detail information about information technology process when an organization of financial service sector outsourced IT function from third party. In the first phase of this report analyst report represents an overview of financial service sector in Australia. In this part the analyst include all the relevant information about the IT the financial services including government regulation. In the second part of the report analyst describes the review of current security posture of Aztec from the point of view of the IT security policies. After described the current scenario posture of information technology system when it outsourced from the third party analyze the threat, vulnerabilities and consequence for it control frame work. At the last part of this study , analyst described the possible data security issues when the IT system outsourced and provide recommendation to mitigate that identified issues.



Chorafas, D. (2007). Risk management technology in financial services. Burlington, MA: Butterworth-Heinemann.

Clinical Waste and Its Risk Management. (2001). Clinical Risk7(6), 251-252. doi:10.1258/1356262011928572

Dionne, G. (2013). Risk Management: History, Definition, and Critique. Risk Management And Insurance Review16(2), 147-166. doi:10.1111/rmir.12016

Herbane, B. (2005). Risk Management on the Internet. Risk Manag (Bas)7(2), 65-66. doi:10.1057/palgrave.rm.8240213

Hopkins, A. (2003). Risk. Risk Manag (Bas)5(1), 85-85. doi:10.1057/palgrave.rm.8240143

Macdonald, J. (1995). Quality and the financial service sector. Managing Service Quality: An International Journal5(1), 43-46. doi:10.1108/09604529510081794

Merna, T., & Al-Thani, F. (2008). Corporate risk management. Chichester, England: Wiley.

Merna, T., & Al-Thani, F. (2008). Corporate risk management. Chichester, England: Wiley.


At, we understand that when students get stuck with tough assignments, they look for affordable services. To assist students with complex assignments, we have built a team of skilled cheap essay writers. has become one stop solution for all students who often look for answers related to their search similar to do my essay at the cheap rate or who can write my essay at affordable prices. Students prefer hiring us as we have the best provisions to render services related to do my essay online at a reasonable rate.

Most Downloaded Sample of Management

274 Download1 Pages 48 Words

Toulin Method Of Argumentation

You are required to write a researched argument essay that convinces persuades the reader of your position / stance. This is an academic, researched and referenced do...

Read More Tags: Australia Arlington Management Management University of New South Wales Management 
202 Download9 Pages 2,237 Words

Consumer Behavior Assignment

Executive Summary The purpose of this report is to elaborate the factors which are considered by individuals before selecting an occupation. Choosing an occupati...

Read More Tags: Australia Arlington Management Management University of New South Wales Management 
367 Download13 Pages 3,112 Words

Internet Marketing Plan For River Island

Introduction With the increase enhancement in the field of technology, it has been considered essential by the businesses to implement such technology in their b...

Read More Tags: Australia Arlington Management Management University of New South Wales Management 
328 Download9 Pages 2,203 Words

Strategic Role Of HR In Mergers & Acquisitions

Executive Summary In a merger & acquisition, role of an HR has emerged as a very critical function. At each stage of merger and acquisition process, HR plays a s...

Read More Tags: Australia Arlington Management Management University of New South Wales Management 
355 Download7 Pages 1,521 Words

Relationship Between Knowledge Management, Organization Learning And HRM

Introduction In this competitive business environment where every business organization is trying to attract the customers of each other, it becomes essential for ...

Read More Tags: Australia Arlington Management Management University of New South Wales Management 
Free plagiarismFree plagiarism check online on mobile
Have any Query?