MINISTRY OF EDUCATION AND SCIENCE OF THE REPUBLIC OF

KAZAKHSTAN

«ASTANA IT UNIVERSITY»

IT RISK MANAGEMENT FINAL

Completed by students: Abeshov Adil, Ibraimov Zulyar, Serikova Dariya

Group: ITM-2105

Checked by: Mohamed Ibrahim

Astana, 2024
 Risk register

Risk ID Risk Description Risk Type Impact Description Probabilit Impact Risk Mitigation Notes Owner
y Factor

R001 Adoption of Opportuni Accelerates service 4 4 16 Embrace Cutting-edge Tech. CTO/ CIO
Cutting-edge ty delivery and
Technology enhances customer
experience.

R002 Cybersecurity Threat Loss of customer 5 5 25 Implement encryption, conduct Chief

Breach trust and financial security audits Security
loss. Officer

R003 Srategic Opportuni Offers 3 5 15 Establish robust risk assessment Director

Partnerships ty opportunities for protocols and ongoing of
co-innovation and monitoring mechanisms to Strategic
market expansion. ensure strategic partnerships Partnershi
align with organizational ps
objectives, values, and risk
tolerance.

R004 Compliance Threat Penalties and 4 4 16 Implement comprehensive Chief

Failure reputational compliance frameworks Complian
damage. encompassing regular audits, ce Officer
training programs, and
automated monitoring systems.

R005 Regulatory Opportuni Leads to efficiency 3 4 12 Proactively adapt to regulatory Chief

Compliance ty gains and changes through continuous Complian
Innovations competitive monitoring, agile policy ce Officer
advantage. implementation, and leveraging
technology for compliance
 tracking and reporting.

R006 Technology Threat Service disruption 3 4 12 Develop a comprehensive IT

Failure and operational technology resilience plan Manager
losses. encompassing redundancy
measures, robust backup
systems, and rapid response
protocols

R007 Staff Skill Opportuni Increases efficiency 4 3 12 Prioritize ongoing staff skill HR
Development ty and innovation development through tailored Departme
capacity. training programs, mentorship nt
initiatives, and knowledge-
sharing platforms.

R008 Market Opportuni Entering new 2 5 10 Analyze market trends, growth CEO
Expansion: ty geographic or projections, and regulatory
demographic requirements to assess the
markets to increase feasibility and risks associated
customer base and with expanding into new
revenue streams. territories.

Risk Response Strategy

Risk identification

Fortitude Financial Solutions conducts regular and comprehensive risk assessments to identify vulnerabilities and threats across its IT infrastructure.
These assessments involve: analyzing potential risks to customer data, financial transactions critical systems

Risk governance
Recognizing the complexity and importance of managing IT risks, Fortitude Financial Solutions has established a dedicated team comprising
cybersecurity experts, compliance officers, and IT professionals. This interdisciplinary team collaborates to develop and implement effective risk
mitigation strategies.

Cybersecurity measures

The organization has implemented a range of robust cybersecurity measures to protect against cyber threats. These measures include: deploying
firewalls intrusion detection systems encryption protocols multi-factor authentication

Cyber Threats monitoring

To enhance its ability to detect and respond to cyber threats in real-time, Fortitude Financial Solutions has deployed advanced threat intelligence
tools. These tools continuously monitor the IT environment for suspicious activities, enabling prompt detection and mitigation of potential security
breaches

Positive Risks Response:

Adoption of Cutting-edge Technology:

● Exploit Strategy: Allocate increased budget for R&D in blockchain and AI technologies, aiming to develop new financial products.
● Implementation Tasks: Identify technological trends, invest in pilot projects, and conduct market feasibility studies. Train staff on
new technologies.
● Time and Cost Estimates: 6-12 months, $300,000 for research, development, and training programs.

Strategic Partnerships:

● Share Strategy: Form joint ventures or alliances with fintech companies to co-develop financial solutions.
● Implementation Tasks: Identify potential partners, conduct due diligence, and negotiate partnership terms. Integrate systems and
processes.
● Time and Cost Estimates: 4-8 months, $100,000 for partnership establishment and integration.

Negative Risks Response:

Cybersecurity Breach:
 ● Mitigate Strategy: Implement a multi-layered cybersecurity framework including advanced threat detection, encryption, and incident
response protocols.
● Implementation Tasks: Upgrade security infrastructure, conduct regular penetration testing, and train employees on cybersecurity
awareness.
● Time and Cost Estimates: 3-6 months, $250,000 for security enhancements and training.

Compliance Failure:

● Avoid Strategy: Regularly review and update compliance protocols to align with current regulations. Hire a compliance officer to
oversee compliance efforts.
● Implementation Tasks: Conduct compliance audits, update policies and procedures, and provide compliance training to staff.
● Time and Cost Estimates: 2-4 months, $50,000 for audits and compliance updates.

Applying the Matrix to Fortitude Financial Solutions

Cybersecurity Breach: Probability (5, Very High), Impact (5, Very High) => Very High Risk

Compliance Failure: Probability (4, High), Impact (4, High) => High Risk

Technology Failure: Probability (3, Medium), Impact (4, High) => Medium Risk

Adoption of Cutting-edge Technology: Probability (4, High), Impact (4, High) => High Risk (as an opportunity, high risk here means high potential
reward)

Strategic Partnerships: Probability (3, Medium), Impact (5, Very High) => Medium Risk (also considered as a high-reward opportunity)