Running head: RISK ASSESSMENT 1
RISK ASSESSMENT 4
Case Study Phase 1
Name
Class
Instructor
Date
Risk is defined as the possibility of a threat to exploit vulnerabilities which are found within information systems to cause harm and compromise data. Risk occurs in different types and they affect information systems differently depending on the vulnerability being exploited and there intended faction.
Risks in the industry financial sector in firms, such as Wells Fargo, are associated with the loose of client information, loss of financial proprietary information as well as the risk of fraud when their information systems platform gets hacked. For the research, risk on client information will be in focus as it is the most prominent form of risks that various financial firm face (McLaughlin, 2018). Risk towards client details occurs in the form of hackers, a systems glitch which leads to clients having a slow time accessing their funds and compromising of client information which can mismatch of vital client information leading to loses to the company.
Information and technology is an important aspect of Wells Fargo operations since it keeps all the records of its clients and tracking various transactions that the company makes with different stakeholders. One of the risks that the company faces is human error, since its employees are in charge of ensuring they key in the right information, every now and then, employees might key in the wrong information for a client and this can lead to the company information systems holding the wrong information pertaining to different clients. This makes it easier for people to commit fraud and embezzle funds from the bank (Willcocks, 2013).
Wells Fargo being a financial institution is repeatedly under threat by hackers and people trying to amend their financial situations which means that they need to ensure that their financial systems are safe and have no risks which can be exploited by any party. Being that the Wells Fargo is a major credit company, the company risks the loss of its client’s data if it happens to be hacked and also when clients provide their private information to fraudsters who use the information to conduct credit card fraud where they open up credit cards and lines using the client’s name.
In the recent past, Wells Fargo has been accused of opening up accounts for its clients without their consent which is major personnel risk which the firm used to increase their revenues but in the process ended up losing revenues through court fines and a reduction of its brand market worth. Information systems face internals risks as highlighted by this move and having information systems which would warn employees and the managers of the firm of various ethical violations would have helped the company to maintain its brand's and save revenue which it used to pay court fines and damages (McLaughlin, 2018).
Wells Fargo as a firm, uses various algorithms to invest in diff ...
Running head RISK ASSESSMENT 1RISK ASSESSMENT4.docx
1. Running head: RISK ASSESSMENT 1
RISK ASSESSMENT 4
Case Study Phase 1
Name
Class
Instructor
Date
Risk is defined as the possibility of a threat to exploit
vulnerabilities which are found within information systems to
cause harm and compromise data. Risk occurs in different types
and they affect information systems differently depending on
the vulnerability being exploited and there intended faction.
Risks in the industry financial sector in firms, such as
Wells Fargo, are associated with the loose of client information,
loss of financial proprietary information as well as the risk of
fraud when their information systems platform gets hacked. For
2. the research, risk on client information will be in focus as it is
the most prominent form of risks that various financial firm
face (McLaughlin, 2018). Risk towards client details occurs in
the form of hackers, a systems glitch which leads to clients
having a slow time accessing their funds and compromising of
client information which can mismatch of vital client
information leading to loses to the company.
Information and technology is an important aspect of
Wells Fargo operations since it keeps all the records of its
clients and tracking various transactions that the company
makes with different stakeholders. One of the risks that the
company faces is human error, since its employees are in charge
of ensuring they key in the right information, every now and
then, employees might key in the wrong information for a client
and this can lead to the company information systems holding
the wrong information pertaining to different clients. This
makes it easier for people to commit fraud and embezzle funds
from the bank (Willcocks, 2013).
Wells Fargo being a financial institution is repeatedly
under threat by hackers and people trying to amend their
financial situations which means that they need to ensure that
their financial systems are safe and have no risks which can be
exploited by any party. Being that the Wells Fargo is a major
credit company, the company risks the loss of its client’s data if
it happens to be hacked and also when clients provide their
private information to fraudsters who use the information to
conduct credit card fraud where they open up credit cards and
lines using the client’s name.
In the recent past, Wells Fargo has been accused of
opening up accounts for its clients without their consent which
is major personnel risk which the firm used to increase their
revenues but in the process ended up losing revenues through
court fines and a reduction of its brand market worth.
Information systems face internals risks as highlighted by this
move and having information systems which would warn
employees and the managers of the firm of various ethical
3. violations would have helped the company to maintain its
brand's and save revenue which it used to pay court fines and
damages (McLaughlin, 2018).
Wells Fargo as a firm, uses various algorithms to invest in
different projects to generate more revenue. The company faces
risk as the client's funds are used to invest in the projects to
ensure that the firm is able to cater for its operational costs.
Since the algorithm is based on the internet, it can get attacked
by different malware which would affect its performance giving
the wrong results (Willcocks, 2013). The wrong results will
mean that the company will be investing in projects which will
not achieve the expected return and this puts the client’s
finances at risk.
The risks are experienced by multiple financial firms
which lead to the firms investing in more modern and updated
systems which have been tested to have fewer bugs and to have
fewer risks compared to the prevailing information systems. The
financial industry tends to stay ahead of the market by investing
and acquiring new technology to ensure that it does not
comprised and the vulnerabilities are easily fixed since it is the
financier of most economies.
References
McLaughlin, T. (2018, February 01). Wells Fargo loses big
client after dialing up risk in retirement funds. Retrieved March
30, 2018, from https://www.reuters.com/article/us-wellsfargo-
funds-texas/wells-fargo-loses-big-client-after-dialing-up-risk-
in-retirement-funds-idUSKBN1FL5L5
Willcocks, L. (2013). Information management: the evaluation
of information systems investments. Springer.
Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K.
(2012). Computer security: principles and practice. Pearson
Education.
4. Module 5 Assignments
For this module you are required to complete the following
assignments:
· Chapter 9: exercises # 2 - 7
2. State three advantages of an Ethernet-based metropolitan area
network over a SONET-based metropolitan area network.
3. Which type of network application requires more elaborate
software: connection-oriented or connectionless? Explain.
4. Create an analogy similar to the telephone call/sending-a-
letter scenarios that demonstrates the differences between
connection-oriented and connectionless network applications.
5. Explain the difference between a network node and a network
station.
6. Does a datagram network require any setup time before a
packet is transmitted? If so, when and how often?
7. Does a virtual circuit network require any setup time before a
packet is transmitted? If so, when and how often?
Thinking Outside the Box #4
One form of congestion avoidance is the permit system, in
which a node must have a permit before it can transmit. Suppose
a wide area network is using a permit system to control
5. suggestion. What happens if, for some unknown reason, all the
permits disappear? How can this event be detected? How can
this event be repaired?
For this lab, you are completing a BIA for a company or
organization. The lab provides a list of
companies/organizations to choose from, which are listed
below. However, I prefer for students to complete the lab
assignment based upon the topic of choice for the case study
(Wells Fargo was the topic I chose, it is attached). So, if Bank
of America is the topic of your case study, then you would
complete a BIA for BOA. You are to complete the table
provided in Part A of the lab assignment. The far left column
contains business functions that may or may not apply to the
company/organization. You will determine this. You will rate
the criticality of the business function to the company or
organization and the applicable RTO for that business function.
You will then state how an interruption would impact the IT
infrastructure, which is the far right column. For example, what
impact would a disruption have within a company if that
function is not restored in a particular time? After completion
of the table, you will then provide an executive summary of the
table to present to upper management. This is part B of the
assignment. Part A is completion of the table provided in Part
A and Part B is the executive summary.
BIA Lab Options or you can use the topic of the case study
(Wells Fargo).
a. Healthcare provider under HIPAA compliance law
b. Regional bank under GLBA compliance law
c. Nationwide retailer under PCI DSS standard requirements
d. Higher-education institution under FERPA compliance law
Complete the Deliverables as assigned below.
6. Do Complete
1. Lab #7 – Assessment Worksheet, Part A - BIA of business
functions and operations2. Lab #7 – Assessment Worksheet,
Part B - Business Impact Analysis Executive Summary
Student Lab Manual
-46-
Laboratory #7
Lab #7: Perform a Business Impact Analysis for a Mock IT
Infrastructure
Learning Objectives and Outcomes
Upon completing this lab, students will be able to:
• Define the goal and objective of a Business Impact Analysis
(BIA)
• Identify where a Business Impact Analysis (BIA) fits within a
Business Continuity Plan (BCP)
• Identify mission critical applications and access to data
requirements for a given scenario
7. • Perform a Business Impact Analysis (BIA) utilizing a
qualitative assessment approach
• Create a Business Impact Analysis executive summary report
for management
Required Setup and Tools
This is a paper-based lab and does not require the use of a
“mock” IT infrastructure or virtualized server
farm.
The standard Instructor and Student VM workstation with
Microsoft Office 2007 or higher is required for
this lab. Students will need access to their completed, Lab #4 –
Assessment Worksheet, Part A – Perform
a Qualitative Risk Assessment for an IT Infrastructure
prioritizing the risks, threats, and vulnerabilities
identified from the qualitative risk assessment.
In addition, Microsoft Word is a required tool for the student to
craft a BIA utilizing a qualitative
assessment approach to prioritize mission critical applications,
data, and IT systems and elements that are
9. www.jblearning.com
All Rights Reserved.
-47-
5. Identify the scenario/vertical industry you were provided in
Lab #4 - assigned by your Instructor:
a. Healthcare provider under HIPPA compliance law
b. Regional bank under GLBA compliance law
c. Nationwide retailer under PCI DSS standard requirements
d. Higher-education institution under FERPA compliance law
6. Conduct a BIA by assigning a qualitative business impact
value for each identified business
functions and operations: Critical, Major, or Minor or None.
7. From this prioritization, identify the IT systems, applications,
and resources that are impacted.
8. Assess the recovery time objectives needed for the IT
systems, applications, and resources.
9. Complete Lab #7 – Assessment Worksheet, Part A – BIA
Process Flow Sheets and Part B –
Assessment Questions.
10. Craft a four-paragraph executive summary according to the
following outline:
a. Goals and purpose of the BIA – unique to your scenario
10. b. Summary of Findings – business functions and assessment
c. Prioritizations – critical, major, and minor classifications
d. IT systems and applications impacted - to support the defined
recovery time objectives
11. Work on Lab #7 – Assessment Worksheet and Questions and
submit with your executive
summary.
Deliverables
Upon completion of Lab #7 - Perform a Business Impact
Analysis for a Mock IT Infrastructure, students
are required to provide the following deliverables as part of this
lab:
1. Lab #7 – Assessment Worksheet, Part A - BIA of business
functions and operations
2. Lab #7 – Assessment Worksheet, Part B - Business Impact
Analysis Executive Summary
3. Lab #7 - Assessment Questions and Answers
Evaluation Criteria and Rubrics
The following are the evaluation criteria and rubrics for Lab #7
that the students must perform:
1. Was the student able to define the goal and objective of a
11. Business Impact Analysis (BIA)? –
[20%]
2. Was the student able to identify where a Business Impact
Analysis (BIA) fits within a Business
Continuity Plan (BCP)? – [20%]
Student Lab Manual
-48-
3. Was the student able to identify mission critical applications
and access to data requirements for a
given scenario? – [20%]
4. Was the student able to perform a Business Impact Analysis
(BIA) utilizing a qualitative
assessment approach? – [20%]
5. Was the student able to create a Business Impact Analysis
executive summary report for
management? – [20%]
12. Student Lab Manual
-49-
Lab #7: Assessment Worksheet
Part A – Perform a Business Impact Analysis for an IT
Infrastructure
Course Name:
_____________________________________________________
________
Student Name:
_____________________________________________________
________
Instructor Name:
_____________________________________________________
______
Lab Due Date:
13. _____________________________________________________
________
Overview
When performing a BIA, you are trying to assess and align the
affected IT systems, applications, and
resources to their required recovery time objectives (RTOs).
The prioritization of the identified mission
critical business functions will define what IT systems,
applications, and resources are impacted. The
RTO will drive what kind of business continuity and recovery
steps are needed to maintain IT operations
within the specified time frames.
1. Performa BIA assessment and fill in the following chart:
Business Function Business Impact Recovery
IT Systems/Apps
Or Process Factor Time
Objective Infrastructure Impacts
Internal and external voice
communications with
customers in real-time
Internal and external e-mail
communications with
customers via store and
14. forward messaging
DNS – for internal and
external IP communications
Internet connectivity for e-
mail and store and forward
customer service
Self-service website for
customer access to
information and personal
account information
Student Lab Manual
-50-
e-Commerce site for online
customer purchases or
scheduling 24x7x365
15. Payroll and human
resources for employees
Real-time customer service
via website, e-mail, or
telephone requires CRM
Network management and
technical support
Marketing and events
Sales orders or customer/
student registration
Remote branch office sales
order entry to headquarters
Voice and e-mail
communications to remote
branches
Accounting and finance
support: Accts payable,
Accts receivable, etc.
Part B – Craft a Business Impact Analysis Executive Summary
16. Craft a BIA executive summary, follow this structure and
format:
a. Goals and purpose of the BIA – unique to your scenario
b. Summary of Findings – business functions and assessment
c. Prioritizations – critical, major, and minor classifications
d. IT systems and applications impacted - to support the defined
recovery time objectives