Scenario You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to...

1 answer below »
Please do according to the bold letters on draft


Scenario  You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to disadvantaged people in the community.   The Charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly Windows Server 2008 R2 for desktop services, database and file services. It also has 10 Red Hat Enterprise Linux 5 servers to service public facing Web pages, Web services and support.  The Charity is considering joining a community cloud provided by a public cloud vendor in order to provide a number of applications to all 500 support staff and administrative users. A small number of the Charity's applications are mission critical and the data that those applications use is both confidential and time sensitive.  The community cloud would also be used to store the Charity's 200TB of data. The data would be held in a SaaS database run by the public cloud vendor. The Charity's data contains a considerable amount of confidential information about the people to whom the Charity provides services.   The Charity collects PII data on the clients who use its services so that it can assist them to manage their different service requirements. This PII data also includes holding some digital identity data for some of the more disadvantaged clients, particularly if they also have mental health issues.  The cloud vendor has made a presentation to management that indicates that operational costs will drop dramatically if the cloud model is adopted. However, the Board of the Charity is concerned with the privacy and security of the data that it holds on the people that it provides services to in the community. It is concerned that a data breach may cause considerable damage to substantially disadvantaged people in the community. The Board asks that you prepare a report that proposes appropriate privacy and security policies for the Charity's data.  The charity has also decided to: · Purchase a HR and personnel management application from a US based company that provides a SaaS solution.  · The application will provide the charity with a complete HR suite, which will also include performance management. The application provider has advised that the company's main database is in California, with a replica in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider's processing centre in Bangalore, India.  · Employee data will be uploaded from the charity daily at 12:00 AEST. This will be processed in Bangalore before being loaded into the main provider database.  · Employees can access their HR and Performance Management information through a link placed on the Charity intranet. Each employee will use their internal charity digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by the charity's Active Directory instance and is used for internal authentication and authorisation.  · Move the charity payroll to a COTS (Commercial Off The Shelf) application that it will manage in a public cloud;  · Move the charity Intranet into a Microsoft SharePoint PaaS offering so that it can provide Intranet services to all agencies in the WofG.  Tasks You have been engaged to provide a risk assessment for the planned moves to SaaS application offerings. You are to write a report that assesses the risks to the charity for just their planned moves in the HR area: 1. Consider the data and information that the charity holds on its employees in the current HR system.  1. Establish the existing threats and risks to the security of that data and information contained in the in-house HR database. (10 marks) 2. Are there any additional risks and threats to employee data that may arise after migration to an SaaS application? (10 marks) 3. Assess the resulting severity of risk and threat to employee data. (10 marks) 2. Consider the privacy of the data for those employees who will move to an SaaS application.  1. Establish the existing threats and risks to the privacy of that data and information contained in the in house HR database. (10 marks) 2. Are there any additional risks and threats to the privacy of the employee data after migration to an SaaS application? (10 marks) 3. Assess the resulting severity of risk and threat to the privacy of employee data. (10 marks) 3. What are the threats and risks to the digital identities of charity employees from the move to SaaS applications? (10 marks) 4. Consider the operational solution and location(s) of the SaaS provider for HR management. Does either the operational solution, or the operational location, or both, increase or mitigate the threats and risks identified for the security and privacy of employee data? (20 marks) 5. Are there any issues of ethics, data sensitivity or jurisdiction that should be considered by the charity? (10 marks) You are to provide a written report with the following headings: · Security of Employee Data · Privacy of Employee Data · Digital Identity Issues · Provider Solution Issues · Data Sensitivity As a rough guide, the report should not be longer than about 5,000 words.
Answered Same DayAug 06, 2020

Answer To: Scenario You are the principal consultant for a community based Charity. The Charity is involved in...

Ankit answered on Aug 12 2020
152 Votes
Introduction
For organizations thinking about their first SaaS migration, there are a great deal of components that you'll need to consider, from the advantages and the risks, to the SaaS benefit model and sort that is appropriate for your firm.
SaaS is third type of cloud computing. SaaS is Software as a service. SaaS is a software type of cloud computing in which a third party supplier hosts applications and these software or applications is licenced to customers. This software’s are made available to customers on the Internet. There is no need to deploy and manage this software’s by customers as it is maintained by third party supplier. The third party supplier is in charge of the security, execution, and support of the software’s on their servers. Software’s on SaaS are auth
orized on a membership premise. Customers need to buy a month to month charge for type of service and number of clients required. [Hufford]
There are numerous risks that moving to the SaaS can illuminate. Here are some run of the mill situations that will profit by cloud relocation as listed below:
· Your application is encountering more traffic and it's getting to be strong equivalent assets on the move to be able to look of the increasing request.
· You have to decrease operational expenses, while expanding its the effectiveness of IT processes.
· Your customers need quick application usage and instalment, and hence need to concentrate more on built while limit assets overhead.
· Your customers need to expand their work topographically, but you guess that surround up a several locale foundation with their helpful hand, schedule, person, and error check exertion will be a verified.
The Charity is associated with finding and giving settlement, mental health care benefits, preparing and help services to burdened individuals in the community.
SaaS is eventually evolving over the period of time, and it has enhances the industry growth with providing optimal solutions and continues growth to the IT industry. With the help of SaaS systems, the IT infrastructure and companies providing software solutions has expanded themselves from one time solution provided to solution provider with enhancements over the time, and pay as per your requirement. This has given good edge to companies and using SaaS system becomes a management goal in each organization, as it is scalable as per need, and you don’t need to purchase and sit it idle for long time.
The main purpose of this document is give a risk assessment for the database and software’s of for a community based Charity moves to SaaS application offerings. In this document we will focus on the current threats and risks to the security of employee data and information contained in the in-house HR database and other risks on moving to SaaS. We will discuss the privacy of employee’s data. The document further focuses on digital identities issues of charity employees on migrate to SaaS applications. The document also focuses on provider Solution Issues and data Sensitivity issues or jurisdiction issues that should be observed by the charity.
Security of Employee Data
Daily hackers run their malicious code on server and try to extract sensitive information, and the charity database servers are regularly the essential focuses of these assaults. The reason databases are attacked on so frequently is very straightforward that charity database is at the core of many association, saving records of clients, employees and other classified business information. Currently there are various threats and risks to the security of charity data as listed below:
a) Excessive privileges risk: At the point when employees are allowed default database privileges that surpass the prerequisites of their job tasks, these privileges may be manhandled. Sometimes charity organization neglect to edit access privileges for staff that change role of job inside firm or leave the firm.
b) Legitimate privilege risk: employees inside charity firm may mishandle legitimate database privileges for theft the confidential data.
c) Sql injection database threats: The database of charity is attacked by running sql queries. The main purpose of sql injection threats is to gain unrestricted access of database.
d) Backup storage risk: Hackers gain unauthorized access to backup storage media.
As an outcome, various security threats have included the steal of sensitive database backup disks and tapes. [Maurer 2015]
Security of employee data that come after moving to a SaaS
“The charity organizations is glad in the wake of actualizing SaaS, on the grounds that they never again need to manage the administration of programming applications, most organizations won't care for giving control of their information to another person. A business has no clue how their SaaS vendor may secure their information and what backup methodology that their specialist co-op will have set up. The main thing that a business can pass by is the expression of their specialist co-op affirming that they will guarantee that their customer’s information will be very much taken care of. “Here are some of risks:
1. Usage Risk: Usage Risk is the risk to firm database that depends upon on how they are using a particular SaaS app.  The risk is also based on how particular firm store sensitive data.
2. Data security Risk: Data security Risk is based on how service provider holding the firm data and who can view the data. [Motiwala 2013]
3. Licensing related issues: For instance, what number of clients can access to particular software if SaaS is being utilized and will a SaaS specialist co-op charge additional if a bigger number of clients than what are permitted utilize a single occasion of a specific software apps.
4. Cost of integration: Another main consideration for SaaS incorporation is price. It is extremely costly to incorporate SaaS, and your IT group should be exceedingly talented too all together for the mix to be fruitful. You need to shoulder the extra cost of profoundly talented IT professionals or need to rope in cloud counselling firms that give mastery in incorporation. These organizations give integration as a service and deal with framework and data integration. [Rishab]
5. How much data storage limit shall SaaS provider provide for their clients and what are the expenses for extra data storage.
6. What sort of help is offered by the product vendor and is this help free.
7. Extra costs which may not be as evident as the forthright costs that a business faces. For instance the cost of IT expert to oversee on-premises programming applications or the expenses of giving preparing with a specific end goal to instruct representatives how to associate with and utilize SaaS programming application services. [searchitchannel]
After giving you overview of the risks involved above in SaaS, you can see that there are certainly some areas where if possible we can avoid the usage of such systems and processes. These are helpful as well sometimes, but sometimes they create havoc and problem for the companies, people and its employees if not properly safe, secure and defined. Decisions to take SaaS systems should be taken after consideration of these factors.
Privacy of Employee Data
Privacy means to protect the data from un-authorized access. Employee data can possibly make financial and social incentive for both the clients and the associations who work with each other. The capacity of the associations to secure and utilize individual data has expanded colossally with inventive utilization of innovation; be that as it may, it likewise builds the hazard to the protection of individual data. Guaranteeing information protection through each phase of data life cycle (accumulation, stockpiling, handling, maintenance, sharing and transfer) has turned out to be extremely basic for associations to remain...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here