Scenario You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to...

1 answer below »
Please do according to bold letters in draft


Scenario  You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to disadvantaged people in the community.   The Charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly Windows Server 2008 R2 for desktop services, database and file services. It also has 10 Red Hat Enterprise Linux 5 servers to service public facing Web pages, Web services and support.  The Charity is considering joining a community cloud provided by a public cloud vendor in order to provide a number of applications to all 500 support staff and administrative users. A small number of the Charity's applications are mission critical and the data that those applications use is both confidential and time sensitive.  The community cloud would also be used to store the Charity's 200TB of data. The data would be held in a SaaS database run by the public cloud vendor. The Charity's data contains a considerable amount of confidential information about the people to whom the Charity provides services.   The Charity collects PII data on the clients who use its services so that it can assist them to manage their different service requirements. This PII data also includes holding some digital identity data for some of the more disadvantaged clients, particularly if they also have mental health issues.  The cloud vendor has made a presentation to management that indicates that operational costs will drop dramatically if the cloud model is adopted. However, the Board of the Charity is concerned with the privacy and security of the data that it holds on the people that it provides services to in the community. It is concerned that a data breach may cause considerable damage to substantially disadvantaged people in the community. The Board asks that you prepare a report that proposes appropriate privacy and security policies for the Charity's data.  The charity has also decided to: · Purchase a HR and personnel management application from a US based company that provides a SaaS solution.  · The application will provide the charity with a complete HR suite, which will also include performance management. The application provider has advised that the company's main database is in California, with a replica in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider's processing centre in Bangalore, India.  · Employee data will be uploaded from the charity daily at 12:00 AEST. This will be processed in Bangalore before being loaded into the main provider database.  · Employees can access their HR and Performance Management information through a link placed on the Charity intranet. Each employee will use their internal charity digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by the charity's Active Directory instance and is used for internal authentication and authorisation.  · Move the charity payroll to a COTS (Commercial Off The Shelf) application that it will manage in a public cloud;  · Move the charity Intranet into a Microsoft SharePoint PaaS offering so that it can provide Intranet services to all agencies in the WofG.  Tasks You have been engaged to provide a risk assessment for the planned moves to SaaS application offerings. You are to write a report that assesses the risks to the charity for just their planned moves in the HR area: 1. Consider the data and information that the charity holds on its employees in the current HR system.  1. Establish the existing threats and risks to the security of that data and information contained in the in-house HR database. (10 marks) 2. Are there any additional risks and threats to employee data that may arise after migration to an SaaS application? (10 marks) 3. Assess the resulting severity of risk and threat to employee data. (10 marks) 2. Consider the privacy of the data for those employees who will move to an SaaS application.  1. Establish the existing threats and risks to the privacy of that data and information contained in the in house HR database. (10 marks) 2. Are there any additional risks and threats to the privacy of the employee data after migration to an SaaS application? (10 marks) 3. Assess the resulting severity of risk and threat to the privacy of employee data. (10 marks) 3. What are the threats and risks to the digital identities of charity employees from the move to SaaS applications? (10 marks) 4. Consider the operational solution and location(s) of the SaaS provider for HR management. Does either the operational solution, or the operational location, or both, increase or mitigate the threats and risks identified for the security and privacy of employee data? (20 marks) 5. Are there any issues of ethics, data sensitivity or jurisdiction that should be considered by the charity? (10 marks) You are to provide a written report with the following headings: · Security of Employee Data · Privacy of Employee Data · Digital Identity Issues · Provider Solution Issues · Data Sensitivity As a rough guide, the report should not be longer than about 5,000 words.
Answered Same DayAug 06, 2020

Answer To: Scenario You are the principal consultant for a community based Charity. The Charity is involved in...

Amit answered on Aug 11 2020
160 Votes
Full Name :
    
    Student ID :
    
    Subject :
    
    Assignment No :
    
    Due Date :
    
    Lecturer’s Name :
    
Security, privacy, and digital identification of data for employees working on SaaS
Your Name:
Your Email:
College name, University name, Country name
Table of Contents
a)    Introduction    3
b)    Data security for employees    4
1.    Threats and risks to data security    4
2.    Added Security risks caused by installing SaaS based applications    5
3.    Severity for supplied security risks to database of employees    7
c)    Data privacy for employees    8
1.    Threats and risks to data security    8
2.    Added Security risks caused by installing SaaS based applications    9
3.    Severity for supplied security risks to database of employees    11
d)    Issues in digital identification    12
e)    Solution
to identified issues    13
f)    Sensitivity of data    14
g)    References:    15
a) Introduction
The Security among information and the databases is required to safeguard info from the un-authorized access from the oldsters and hackers. Loss of knowledge directs associate organization to the financial losses. Security configurations on the cloud based computing service provides secure platform to the organizations to store their confidential and sensitive data. On the contrary, there is a high chance of knowledge breaches and knowledge stealing from the cloud based services. This report focuses on these threats of cloud computing network of a community based charity of Australia. Any security and privacy issues with the employee data once fixing SaaS application throughout this organization is analyzed here in conjunction with its severity. Digital identity issues with SaaS and provider resolution issues unit painted throughout this report compared to its application among the USA. It to boot evaluates data sensitivity issues supported cyber security laws of the USA as well as Australia.
The security of database is huge concern for various organizations because it contains broad vary of knowledge and keep functions within the server. Maintenance for privacy and security is important in info server by limiting un-authorized access to stay information confidential and forestall information loss. The protection issues in cloud primarily based storage square measure severe because it is often accessed by multiple persons with multiple ways. This report analyses the protection and privacy of worker information before and once implementation of SaaS application within the home info of a community primarily based charity. Digital determine problems square measure analyzed during this report once moving to SaaS application with moral problems and information sensitivity issues.
b) Data security for employees
1. Threats and risks to data security
It is discovered from the case study that the charity home uses very little data centre with windows server 2008 for desktop services. This server uses third party based totally storage code which could store little bit of employee data. This server is unable to want work of all employees in charity. Bit of data and knowledge storage accessibility in in-house data of Charity turn out a haul to store all confidential knowledge in their info what is more as enticing of data is in addition time intense. Therefore, the charity joins with community cloud with a public cloud trafficker to produce varied vary of applications to 500 support staffs and body users of Charity. It’s legendary that the data of Charity is confidential and time sensitive.
On the alternative hand, it's legendary that Charity uses community cloud services to store their 200 TB of data that's travel by the overall public cloud trafficker with a SaaS application. Confidential data is hold on in data and thus the data square measure usually accessed by the oldsters to whom the charity offers permissions to access the data. Insecure arthropod genus square measure usually utilized by the unauthorized people at the time of data breaching. Malware injection square measure, usually, gettable inside the data which winds up in data losses. It raises security problems as unauthorized people can hack the system and fetch knowledge from cloud server. As a result of its Associate in Nursing open server, anyone can use the ID proof of charity employees and may access the data from Charity’s data [Puthal et al, 2015].
Mistreatment of cloud services is in addition a risk and denial of service attack is finished due to unauthorized access and malware injection. Information is hijacked or modified by the oldsters that access the information illegally from the cloud services. It’ll injury the highest server knowledge and so the charity becomes unable to provide status services to the disadvantaged people because of information loss. The treatment for the oldsters is delayed because of losing of recorded information involving their health condition. It is noted from the case study that Charity uses Red hat Enterprise UNIX system 5 for desktop services. It facilities in UNIX system 5 is just vulnerable as unauthorized assailant can send a specially-crafted RPC request to crash and execute impulsive code of the enterprise. It is a heap of severe as a result of the system holder cannot get time to become tuned in to information exploitation from on-line database. Exploitable bugs are used by the attackers to infiltrate the desktop system of Charity therefore on steal information. They will lead of the system and disrupt whole system of the charity home. It’ll have an impression on the system of the charity and provide important risks in server. Multi-tenancy system is required to access and share memory or resources therefore on clear attack surface.
2. Added Security risks caused by installing SaaS based applications
Case situation shows that unit of time management of Charity brings America based mostly SaaS resolution for his or her knowledge server to confirm a lot of storage of their knowledge. As SaaS application offers a lot of storage to stay the worker knowledge furthermore as provide security to the information. On the contrary, the operational prices of the corporate are often reduced when putting in this might model to the charity system. It’s known that main security issues related to SaaS application are that it's lack of transparency and uncertainty of knowledge location. Uncertainty of information location will increase time to access right knowledge and sensitive data are often accessed by others. Lack of transparency within the security protocol will increase distrust among the workers and also the underprivileged folks within the community. It additionally enhances problems like hacking of security protocol that may corrupt all knowledge of the cloud system of Charity.
Individuals cannot management their knowledge directly as SaaS supplier is responsible of all responsibilities of knowledge storage. Within the charity system, the workers will access data from the performance and unit of time management of the Charity through the link of charity net. Internal charity digital IDs that is generated from Charity Directory would be utilized by the workers to demonstrate to the unit of time and performance management system. Therefore, there's risk of knowledge breaches. As knowledge are keep with the secret writing protocol, there are low risks of knowledge hacking as standardized method is needed to be followed at the time of data breaches. As per the opinion, knowledge fraud is one amongst the largest issues related to SaaS application through the usage of credit cards. Therefore, it lowers the protection of MasterCard data of the workers of Charity.
It will utterly clean up the Windows server 2008 and Linux five primarily based OS of Charity. Therefore, the organization may be needed to vary their security policies and defend the services from extra information leak....
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here