Project Report: Risk Management Systems in Banking

Section A: Part 2

Design Phase

While going through the design phase of the ASB bank, the biggest issue is to identify the flaws and come up with adequate measures to counter them. There might be multiple flaws which the team can come across while going through the design phase. The design phase is considered as the first and the most important phase concerned to any kind of project. The phase mostly consists of identifying the probable threats and countering them with a desirable schematic design to fairly eliminate them. This is for obvious reason required before the execution and the implementation of the project or the required changes in the system. The design phase constitutes the creation of multiple data and design documents to create and imply in the later phases (Ran & Nedovic-Budic, 2016). However, the probable flaws during the completion of the design phase for the organization in question, ASB Bank, are as follows:

• The reliance conventions may be incorrect by nature due to calculation flaws
• Laxity to any authorisation steps by the officials
• Not validating with the aim of the organization with the design of the project before implementing

Implementation phase

The implementation phase which is also known as the execution phase is considered as the third step into any project development life cycle. The phase however is important for the desirable execution of the project which has been proposed. The phase puts the plans or the strategies into practice for the execution of the proposed plan (Muriana & Vizzini, 2017). The needs of the project are need-fully identified before the completion of the phase as to comply the phase every need must be precisely declared All the threats are taken into consideration and then the modelling tools are either implemented or developed as per the requirements.

Threat model

To counter the mentioned threats of the organization in question, ASB Bank, a necessary threat model must be considered and at times not all generic or premade threat models can live up to the job (Smith, Liang, James & Lin, 2017). Thus, the development of a threat model comes into consideration. Threat modelling is not always done by security engineers that the world might think as threat modelling being an important step most scrum masters and project developers must master for the benefit of their organization. The few important steps to consider before the development of a new threat model as per the requirements are as follows:

• Identification of threats – the probable threats are measured and thus accordingly the counters measures are considered
• Identification of vulnerabilities – the identification of the overplayed threats as which may result into a larger threat in the coming future business of the organization.

Drawing the model

(Figure: Risks associated to the organization)

(Source: Author)

Analysing the threats

As already discussed, a threat can be anything that accounts in the inappropriate results from a business or a project, often a threat can lead to the dispersal of various business possibilities and it has been observed that neglected threats has disrupted the flow of business as a whole. Threats or risks are considered to be human as well as non-human thus the possibility of any threat becomes comparably huge (Hallikas & Lintukangas, 2016). The analysis of a threat or a risk is very important in order to identify its probabilities into disrupting the flow of the business and thus for the case of ASB back the threats mentioned needs to be studies, kept a track of and put up with newer and better ways to tackle them on a long run. The structure of a bank may contain huge number of threats considered from the human work force to the possibility of the cyber security threats (Fraser & Simkins, 2016). The analysis for the threats mentioned for the organization in question are as follows:

• Incorrect trust assessment – the threat is simply dependent on the data collected by the data collection team as at times when physical labour is involved into an organization mostly there is always a possibility of miscalculations or while data collections; such threats are predictable in the context of threat analysis thus it has to be countered with necessary steps.
• Carelessness from the officials – is a threat that haunts most largely working financial groups as not all employees are same and not all perform with the same amount of dedication as others thus there is always a chance of officials to underperform and even create turmoil by neglecting issues that may compromise the functionality of the organization.
• Undesired data collection – the process of data collection being a long an intricate one which contains many a step within it there is always a huge chance of sustaining undesired or a flawed system of compiling and collecting data thus giving rise to the flawed data being collected.
•  (Thorne et al., 2018).

Application phase

Developing and implementing the threat model

The threat model is mainly developed utilizing the available information regarding the organization in question, ASB bank, thus most information is either collected from pre-recorded documents and field data as modelling a threat model involves the intricate knowledge of the working structure of the business and the possible flaws in the system. During this phase an applicable model to the desired model is created which is also called a prototype and it is brought into practice in a controlled environment as before concluding into implementing such a large model the feasibility and the success rate has to be checked. Thus, process is also known as the simulation or alpha testing (Collignon er al.,2016). Through the process of testing the whole model is brought into the physical world off the documents and thus this helps in understanding the implacability of the suggested prototype. The simulation is basically carried out in a local circle thus the feedback is carried in and depending on the provided feedback the next steps are formulated. ASB bank had previously applied such processes by introducing state of the art technologically advanced ATM machines only at rural areas and collecting the feasibility of the systems from the controlled usage of it, once the organization had been confident enough to be able to implement the technology into the much busier and urban area they had implied it, thus resulting a predictable success (Qian & Lin, 2016). The case suggests the implication of the changes needed for a much more secure transaction transfer method thusthe easiest way to understand and project the success of the changes when implied through a prototype, which would lend a probability of a rollback if needed.

Other than the mentioned changes the possible models the possible methods that the bank may follow for a detailed risk elimination would be:

• PASTA (Process for Attack Simulation and Threat Analysis) – which precisely is a risk focused method
• TRIKE - which is specifically a skill process method in accordance to risks
• VAST (Visual, Agile and Simple Threat modelling) – is too a risk centric approach
• OCTAVE – which involves the addressing of technical and non-technical approach

The tool that has been used for the modelling of the threats is Microsoft Threat Modelling tool 2014. The following are the screenshots of the procedure followed to install and use the tool.

Install and configure the threat model tool

(Figure: Microsoft Threat Modelling Tool 2014)

(Source: Author)

(Figure: Installation of additional mitigation tools)

(Source: Author)

Testing of threat and mitigation

Threat 1

Testing using Nmap

It is clear in the testing that,” Transition control protocol “port (number 1143)” is not open in the nmap testing tool, which means client’s detail and important information is secure and not alter or stolen by unauthorized person.

Threat 2

Mitigation

1 Row level security must be implemented to prevent user’s account to access each other data.

2 least-privileged tokens must be used while connecting with cloud gateway.

Threat 3

Testing performed for bruteforce attack

Threat 4

Section B

Summary

The main objective of the project is to understand the workings of a banking system. The organization in question is ASB bank or the Auckland Savings Bank. The bank has an underlining scenario where it faces many a threat during the transferring and the transaction of funds using the digital systems or the online banking scenario. However, the research helps in an intricate understanding of the process of the bank and thus coming through with better and improved methods to annihilate the risks improves greatly ASB bank helps us understand the compatibility and the complexities of the traditional banking measures into the current world however their prevailing risks of the risks may be tackled utilizing the risk management methods and as the requirement calls for developing newer improved models of risk countering methods specifically for the organization. The report suggests the risks and the counter measures to the risks to manage and simply reduce them on the long run however, the risks have also been reviewed to know the current standings of the mentioned risks and understand the possible outcomes and the new counter measures which needs to be taken to counter future risks.

Introduction

The report tends to provide the intricate knowledge through which the banking organization, ASB bank, conducts their business and thus the risks involved into such sector of working. The banking society or the banking organization being a giant it is in the sector, there are many a risk involved into the compliance of the business it serves to itself and d the people it serves. The report clearly signifies the risks involved and the risks possible with the help of the risk management models and the counters to such proposed and possible risks.               

(Figure: Context Diagram of ASB bank)

(Source: Author)

The diagram shows the intricate details of the bank in question, ASB bank.

(Figure: Risks associated)

(Source: Author)

Working principle

The working principle of the report indicates the whole mitigation process and the risks associated with the ASB bank and the main ways how the risks are handled. The focus being the risk elimination, the process followed is efficient thus it allows the easy execution. The risks then are mitigated as required and then maintaining clear intervals the risks are addressed to or reviewed for future analysis and pure elimination.

(Figure: DFD of ASB bank)

(Source: Author)

Discussions

Outcomes of the project

 The outcomes of the project suggest the possible changes needed in accordance to the identified risks to the whole project. The risks that had been identified had been addressed to and thus the mitigation of the risks had been performed with success. The risks mitigated however cannot be measured the future success until it has been brought into practice for a longer period.

Problems faced during the project

The project had gone through multiple implemented stages thus there had been many complications thus asserting into the faced problems. The main one being, the success of the risk mitigation cannot be measured until a thorough review has been performed.

Conclusion

It is safe to conclude that the project had helped in the introduction of the risk management systems and the mitigation of the risks into the intricate ASB banking world. The report helped in developing a new model to tackle risks in the organization thus helping in the future implementations of the risks.

References

• Adam, T. R., Fernando, C. S., & Golubeva, E. (2015). Managerial overconfidence and corporate risk management. Journal of Banking & Finance, 60, 195-208.
• Collignon, P. C., Conly, J. M., Andremont, A., McEwen, S. A., Aidara-Kane, A., World Health Organization Advisory Group, Bogotá Meeting on Integrated Surveillance of Antimicrobial Resistance (WHO-AGISAR), ... & Dang Ninh, T. (2016). World Health Organization ranking of antimicrobials according to their importance in human medicine: a critical step for developing risk management strategies to control antimicrobial resistance from food animal production. Clinical Infectious Diseases, 63(8), 1087-1093.
• Fraser, J. R., & Simkins, B. J. (2016). The challenges of and solutions for implementing enterprise risk management. Business horizons, 59(6), 689-698.
• Hallikas, J., & Lintukangas, K. (2016). Purchasing and supply: An investigation of risk management performance. International Journal of Production Economics, 171, 487-494.
• Muriana, C., & Vizzini, G. (2017). Project risk management: A deterministic quantitative technique for assessment and mitigation. International Journal of Project Management, 35(3), 320-340.
• Qian, Q., & Lin, P. (2016). Safety risk management of underground engineering in China: Progress, challenges and strategies. Journal of Rock Mechanics and Geotechnical Engineering, 8(4), 423-442.
• Ran, J., & Nedovic-Budic, Z. (2016). Integrating spatial planning and flood risk management: A new conceptual framework for the spatially integrated policy infrastructure. Computers, Environment and Urban Systems, 57, 68-79.
• Smith, L., Liang, Q., James, P., & Lin, W. (2017). Assessing the utility of social media as a data source for flood risk management using a real‐time modelling framework. Journal of Flood Risk Management, 10(3), 370-380.
• Thorne, C. R., Lawson, E. C., Ozawa, C., Hamlin, S. L., & Smith, L. A. (2018). Overcoming uncertainty and barriers to adoption of Blue‐Green Infrastructure for urban flood risk management. Journal of Flood Risk Management, 11, S960-S972.

Final report of threat analysis

(Figure: Threat analysis)

(Source: Author)

(Figure: Designing the model as per the requirements) (source: author)

Screenshots