please check the requirements and quote a best priceAssessment item 2 back to top Case Study Risk...

Question

please check the requirements and quote a best price

Assessment item 2 back to top Case Study Risk Assessment Value: 25% Due Date: 18-Aug-2019 Return Date: 06-Sep-2019 Length: Approx. 4000 words Submission method options: Alternative submission method Task back to top Essential Reading: Baron, H., Heide, S., Mahmud, S., & Yeoh, J. (2019). Cloud Security Complexity: Challenges in Managing Security in Hybrid and Multi-Cloud Environments. Retrieved from https://cloudsecurityalliance.org/artifacts/cloud-security-complexity/ Scenario The Department of Administrative Services (DAS) provides a number of services to other departments in an Australian State Government. These services include HR and personnel management, payroll, contract tendering management, contractor management, and procurement. These services have all been provided from the Department’s own data centres. As a result of a change in Government policy, DAS is moving to a “Shared Services” approach. This approach will mean that DAS will centralise a number of services for the whole of Government (WofG). The result of this move will be that each Department or Agency that runs one of these services for its own users, will be required to migrate its data to DAS so that it can be consolidated into one of the DAS centralised databases. DAS will then provide these consolidated services to all other Departments and Agencies within the Government. Another Government policy mandates a “Cloud first” approach to the process of updating or acquiring software or services. Following these strategic policy changes from Government, DAS has decided to: · Purchase a HR and personnel management application from a US based company that provides a SaaS solution. · The application will provide DAS with a HR suite that will provide a complete HR suite which will also include performance management. The application provider has advised that the company’s main database is located in a Cloud datacentre based in California in the United States, with a replica database located in a cloud datacentre in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider’s processing centre in Bangalore, India. · Employee data will be uploaded from DAS daily at 12:00 AEST. This will be initially transferred to Bangalore in India for processing before being loaded into the main provider database in California. · Employees will be able to access their HR and Performance Management information through a link placed on the DAS intranet. Each employee will use their internal agency digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by each agency’s Active Directory instance and is used for internal authentication and authorisation. · Move the DAS payroll to a COTS (Commercial Off The Shelf) application that it will manage in a public cloud; You may wish to consider the Cloud Security Alliance 2019 Cloud Security Complexity report as part of your response. Tasks You have been engaged to provide a risk assessment for the planned move to s HR SaaS application offering. You are to write a report that assesses the risk to DAS in the following areas: 1. Consider the data and information that DAS holds on its employees in the current HR system. a. Establish the existing threats and risks to the security of that data and information contained in the in house HR database. (25 marks) b. Are there any other risks and threats to the employee data after migration to an SaaS application? (10 marks) c. Assess the resulting severity of risk and threat to employee data. (10 marks) 2. Consider the privacy of the data for those employees who will move to an SaaS application. a. Establish the existing threats and risks to the privacy of that data and information contained in the in house HR database. (25 marks) b. Are there any other risks and threats to the privacy of the employee data after migration to an SaaS application? (10 marks) c. Assess the resulting severity of risk and threat to the privacy of employee data. (10 marks) 3. What are the threats and risks to the digital identities of Government employees from the move to SaaS applications? (10 marks) You are to provide a written report with the following headings: · Security of Employee Data · Privacy of Employee Data · Digital Identity Issues As a rough guide, the report should be approximately about 4,000 words. Rationale back to top This assessment task will assess the following learning outcome/s: · be able to examine the legal, business and privacy requirements for a cloud deployment model. · be able to evaluate the risk management requirements for a cloud deployment model. · be able to critically analyse the legal, ethical and business concerns for the security and privacy of data to be deployed to the cloud. Marking criteria and standards back to top Question HD DI CR PS FL Q1.a. Existing threats to Security of employee data (25 marks) Comprehensive exploration of threats and risks to security of data that includes well thought out reasoning Thorough exploration of threats and risks to security of data that includes good reasoning Detailed exploration of threats and risks to security of data that includes some good reasoning Adequate exploration of threats and risks to security of data that includes some reasoning Incomplete or irrelevant exploration of threats and risks to security of data that has little or no reasoning Q1.b. New threats to security of employee data (10 marks) Comprehensive exploration of new threats and risks to security of data that includes well thought out reasoning Thorough exploration of new threats and risks to security of data that includes good reasoning Detailed exploration of new threats and risks to security of data that includes some good reasoning Adequate exploration of new threats and risks to security of data that includes some reasoning Incomplete or irrelevant exploration of new threats and risks to security of data that has little or no reasoning Q1.c Severity of risk to security employee data (10 marks) Comprehensive security risk assessment with excellent severity ratings Thorough security risk assessment with very good severity ratings Detailed security risk assessment with good severity ratings Adequate security risk assessment with reasonable severity ratings Incomplete or inadequate security risk assessment with poor or no severity ratings Q2.a Existing threats to privacy of employee data (25 marks) Comprehensive exploration of threats and risks to privacy of data that includes well thought out reasoning Thorough exploration of threats and risks to privacy of data that includes good reasoning Detailed exploration of threats and risks to privacy of data that includes some good reasoning Adequate exploration of threats and risks to privacy of data that includes some reasoning Incomplete or irrelevant exploration of threats and risks to security of data that has little or no reasoning Q2.b New threats to privacy of employee data (10 marks) Comprehensive exploration of new threats and risks to privacy of data that includes well thought out reasoning Thorough exploration of new threats and risks to privacy of data that includes good reasoning Detailed exploration of new threats and risks to privacy of data that includes some good reasoning Adequate exploration of new threats and risks to privacy of data that includes some reasoning Incomplete or irrelevant exploration of new threats and risks to security of data that has little or no reasoning Q2.c Severity of risk to privacy employee data (10 marks) Comprehensive privacy risk assessment with excellent severity ratings Thorough privacy risk assessment with very good severity ratings Detailed privacy risk assessment with good severity ratings Adequate privacy risk assessment with reasonable severity ratings Incomplete or inadequate privacy risk assessment with poor or no severity ratings Q3. Digital Identity issues (10 marks) Comprehensive exploration of digital identity threats and risks that includes well thought out reasoning Thorough exploration of digital identity threats and risks that includes good reasoning Detailed exploration of digital identity threats and risks that includes some good reasoning Adequate exploration of digital identity threats and risks that includes some reasoning Inadequate or incomplete exploration of digital identity threats and risks that includes poor or no reasoning Presentation and Referencing Up to 5 marks may be deducted for poor presentation and grammer Up to 5 marks may be deducted for incorrect or inadequate referencing Presentation back to top You are to provide a written report in Word format with the following headings: · Security of Employee Data · Privacy of Employee Data · Digital Identity Issues As a rough guide, the report should be approximately about 4,000 words.

assessment-item-2-c15vln13.docx

Ankit · Accepted Answer

Student Id
				Student Name
				Title of assignment
1. Introduction 
For the first SaaS migration in any organization, there is need to consider lot of things and components, their benefits and the threats, benefit to SaaS framework and its type which is suitable for an organization.
The type of cloud computing services in which client accessed these software or applications online and third party vendor hosts software’s or applications is called SaaS. It is also called the third kind of cloud computing service. SaaS means ‘Software as a service’. The customers do not need to manage or setup this apps or software’s as they are managed by other party vendors and this software’s are easily accessible to clients via internet. The third party vendor is responsible for these software’s security, deployment and support on their servers. Only members can have accessed the software’s on SaaS. There is need to purchase a monthly or yearly membership charges for accessing SaaS services. [Hou]
There are various risks as migrating to the SaaS which can enlighten. Here are various regular circumstances which will benefit by cloud migration as given underneath: 
· SaaS offers an environment which is ideal for software to execute reliably and easily with less load from users. 
· SaaS offers different type of tiers for small, medium and large level of business or firms 
· Users are paying for peace of mind as they are not paying for services or application. There are various examples of SaaS such as SaaS e-commerce platform that offers complete shopping cart software and hosting framework to user. SaaS e-commerce platform helps to make an online shop within few seconds and there is no headache for deployment, code and host. 
The department of Administrative Services (DAS) offers different services to various sectors in an Australian State Government. Due to change in Government rules, DAS is migrating to a “Cloud first” approach. In this report we will focus on risk assessment for DAS database and their apps as they migrate to SaaS application. The aim of this report is to discuss present risks and threats to the security of employee data and information contained in the in-house HR database and various types of threats on migrating to SaaS. There should be also focus on the privacy of DAS database information. Further discussion is on challenges regarding digital identities of DAS staff on moving to SaaS services. 
SaaS provides ready to use, out of the box recommendations which fulfil any business or organization requirements. SaaS is in the end developing over the timeframe. SaaS has upgrades the business development with giving ideal arrangements and proceeds with development to the IT business. By using different models of SaaS, the IT system and organizations offer software solutions of their choice, flexibility, scalability and options which is not offer by on premise hosting. This has given great edge to organizations and utilizing SaaS framework turns into an administration objective in every firm, as it is versatile or flexible according to requirement, and there are no worries for user to buy and stand it lazy for extensive hours.
2. Security of DAS Employee Data
2.0 Severity of risk and threat to security DAS staff data
The chance of Severity of risk and threat to security DAS staff data consist of VH (very high), H (High), M (Medium), L (Low), VL (Very Low), S (Severity) as shown below: 
	Chance
	 
	 
	 
	 
	 
	VH
	 
	 
	 
	 
	 
	 H
	 
	 
	 
	 
	 
	M
	 
	 
	 
	 
	 
	 L
	 
	 
	 
	 
	 
	VL
	 
	 
	 
	 
	 
	 S
	VL
	L
	M
	H
	VH
2.1 Existing security threats to DAS staff data
	Id
	Description of  Security Threat/Risk
	Likelihood
	Impact
	Priority
	Preventive measures
	Contingency Plans
	1.
	Risk of Legitimate privilege
	L
	M
	H
	a) There is need to manage the rights of user access and modify legitimate privileges users.
b) Admin monitors all database access activity 
	1.Employees should be trained on risk mitigation 
2.Regular backup of employee database
	2.
	Threats of database injection
	VH
	VH
	VH
	a) Database is encrypted at backend
b) Need to block malicious injection requests
	1. Employees should be trained on risk mitigation 
2.Regular backup of employee database
	3.
	Sensitive data is not managed properly
	VH
	H
	H
	a) Classify sensitive data 
b) Secure it with password policy
	1. Employees should be trained on risk mitigation 
2.Regular backup of employee database
	4.
	Risk of Excessive privileges
	L
	M
	H
	a) Admin monitors all database access activity 
b) There is need to manage the rights of user access and delete Excessive privileges users.
	1. Employees should be trained on risk mitigation 
2.Regular backup of employee database
	5.
	Risk of Backup storage
	VH
	VH
	VH
	a) Use patterns in real time to detect malicious requests for backup data
b) Create security access by Password  
	1. Employees should be trained on risk mitigation 
2.Regular backup of employee database
 
Likelihood:  VH (very high), H (High), M (Medium), L (Low), VL (Very Low), S (Severity)
Impact:   VH (very high), H (High), M (Medium), L (Low), VL (Very Low), S (Severity)
Priority:  VH (very high), H (High), M (Medium), L (Low), VL (Very Low), S (Severity)
In order to retrieve sensitive data, attackers execute their venerable code daily on server. The database of DAS or their servers are mostly prone to this attacks. The main cause behind database attack is clear that department of Administrative Services is at the centre of numerous agencies and department of government, storing data of customers, representatives and various characterized organization data. The various threats or risks to the security of DAS (department of Administrative Services) as stated below: 
a) Risk of Legitimate privilege: DAS employees within organization may abuse legitimate database privileges for stealing the private information.
b) Threats of database injection: DAS database and server is abused by injecting sql queries. The reason behind database injection threats is to get unauthorized access of DAS database. 
c) Sensitive data is not managed properly: DAS Sensitive data may be vulnerable to risks or threats when essential controls and rules or permissions are not executed.
 [Maurer 2015]
d) Risk of Excessive privileges: Excessive privileges may be misused at the time when DAS employees are asked to use default database privileges which exceed the conditions of their work duties. Many times DAS organization disuse to check access privileges for employees that edit role of their work within an organization. 
e) Risk of backup storage: There is unauthorized access by attackers on backup storage data. The motive of hacker is to theft database and misused it. [Hurtaud]
2.1 New Security risk or threat to DAS staff data after migrating to SaaS
	Id
	Threat Description 
	Likelihood
	Impact
	Priority
	Preventive Measures
	Contingency Plans
	1.
	Data access 
	M
	H
	H
	a. Company should ask privacy questions regarding data access to their SaaS provider.
b. Company should study term and conditions of SaaS provider.
	a) Admin should monitor all database access activities.
b) Data access term agreement should be signed between both parties
	2.
	Theft of credentials
	M
	VH
	VH
	a. Only admin of SaaS service provider should assign or gives rights to employees of DAS.
b. Employees with access rights shall never share their password with unknown. 
	a) admin should monitor all database access activities.
b) Backup should be taken regularly 
	3.
	No control on their own data
	VL
	H
	H
	a. Give proper information to company about shut down of SaaS server.
b.

Assessment item 2 back to top Case Study Risk Assessment Value: 25% Due Date: 18-Aug-2019 Return Date: 06-Sep-2019 Length: Approx. 4000 words Submission method options: Alternative submission method...

Answer To: Assessment item 2 back to top Case Study Risk Assessment Value: 25% Due Date: 18-Aug-2019 Return...

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment