Conduct a risk assessment for the charitys data

Reference no: EM131794763 , Length: word count:8000

Scenario

You are the Senior Systems Administrator for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to disadvantaged people in the community.

The Charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly Windows Server 2008 R2 for desktop services, database and file services. It also has about 10 Red Hat Enterprise Linux 5 servers for public facing Web pages, services and support.

The Charity is considering joining a community cloud provided by a public cloud vendor in order to provide a number of applications to all 500 support staff and administrative users. A small number of the Charity's applications are mission critical and the data that those applications use is both confidential and time sensitive.

The community cloud would also be used to store the Charity's 200TB of data. The data would be held in a SaaS database run by the public cloud vendor. The Charity's data contains a considerable amount of confidential information about the people to whom the Charity provides services.

The Charity collects PII data on the clients who use its services so that it can assist them to manage their different service requirements. This PII data also includes holding some digital identity data for some of the more disadvantaged clients, particularly if they also have mental health issues.

The cloud vendor has made a presentation to management that indicates that operational costs will drop dramatically if the cloud model is adopted. However, the Board of the Charity is concerned with the privacy and security of the data that it holds on the people that it provides services to in the community. It is concerned that a data breach may cause considerable damage to substantially disadvantaged people in the community.

The Board asks that you prepare a report that proposes appropriate privacy and security policies for the Charity's data.

The task:

Your team is to write a report that proposes appropriate policies for the Charity in the following areas:

1. Conduct a risk assessment for the Charity's data. Consider the data and information that Charity holds on its clients in its current system.
a. Establish the existing threats and risks to the security of that data and information contained in the in house database.
b. Are there any other risks and threats to the client data after migration to an SaaS application?
c. Assess the resulting severity of risk and threat to client data.

2. What are the threats and risks to the digital identities of the Charity's clients from the move to a SaaS database?

3. Develop a Privacy strategy proposal for the Charity. The strategy should include the following items:
a. Management of personal information,

b. Collection and management of solicited personal information,
c. Use and disclosure of personal information,
d. Use and security of digital identities,
e. Security of personal information,
f. Access to personal information,
g. Quality and correction of personal information.
4. Develop a personal data protection strategy proposal for the Charity. This strategy should include:
a. Protection of personal information,
b. Authorised access & disclosure of personal information,
c. De-identification of personal data,
d. Use of personal digital identities,
e. Security of personal data,
f. Archiving of personal data.

You are to provide a written report with the following headings:
- Data Risk assessment
- Privacy strategy for personal data
- Personal data protection strategy

As a rough guide, the report should not be longer than about 8,000 words.

Rationale
This assignment aligns with the following learning outcomes of this subject:
- be able to examine the legal, business and privacy requirements for a cloud deployment model;
- be able to evaluate the risk management requirements for a cloud deployment model;
- be able to critically analyse the legal, ethical and business concerns for the security and privacy of data to be deployed to the cloud;
- be able to develop and present a series of proposed security controls to manage the security and privacy of data deployed to the cloud;

Reference no: EM131794763

Questions Cloud

Add a delete operation to the heap adt that can be used : Add a delete operation to the Heap ADT that can be used to delete an item anywhere in the heap.

Calculate the standard deviation of each stock : Calculate the standard deviation of each stock. (Do not round intermediate calculations. Enter your answers as a percent rounded to 2 decimal places.

Record the journal entry to recognize the removal of the oil : A mining company pays $10,000,000 for a piece of land that they estimate has recoverable reserve. Record the journal entry to recognize the removal of this oil.

What gain or loss is recognized by the corporation : What gain or loss is recognized by the corporation when it issues its shares to Dave? What is the basis to the corporation of the property it received from Dave

Conduct a risk assessment for the charitys data : ITC568 - Conduct a risk assessment for the Charity's data. Consider the data and information that Charity holds on its clients in its current system

Design a class template for the adt priority queue : Design a class template for the ADT Priority Queue, using the heap-based implementation described in this section.

Make journal entries to record the retirement : Prepare the adjusting entry at December 31, assuming straight-line amortization of the discount. Make the entry to record the partial refunding

Draw a sequence of trees like those in the text : Draw a sequence of trees like those in the text to illustrate the actions of split to and qui court () while sorting the given list.

How does the fica tax compare to the self-employment tax : How does the FICA tax compare to the self-employment tax? How are these two taxes similar and how do they differ? Give several examples and reasons.

Reviews

len1794763

1/3/2018 7:20:34 AM

Q4. Personal data protection strategy (20 marks) Comprehensive development of policy covering all aspects, with Thorough development of policy covering most aspects, Detailed development of policy covering most Adequate development of policy covering some Incomplete or inadequate development of policy excellent analysis of with proficient aspects, with aspects, with covering few protection of data analysis of competent some analysis aspects, with protection of analysis of of protection of little or no data protection of data analysis of data protection of data Presentation Up to 5 marks may be deducted for poor presentation, spelling and grammar

len1794763

1/3/2018 7:20:28 AM

Q3. Privacy strategy for personal data (20 marks) Comprehensive development of policy covering all aspects, with Thorough development of policy covering most aspects, Detailed development of policy covering most Adequate development of policy covering some Incomplete or inadequate development of policy excellent discussion with proficient aspects, with aspects, with covering few of threats and risks discussion of good some aspects, with to privacy of data threats and risks discussion of discussion of little or no to privacy of threats and threats and discussion of data risks to privacy risks to privacy threats and of data of data risks to privacy of data

len1794763

1/3/2018 7:20:22 AM

Q1c. Severity of risk to security client data Comprehensive security risk assessment with Thorough security risk assessment with Detailed security risk assessment Adequate security risk assessment Incomplete or inadequate security risk excellent severity very good with good with assessment ratings severity ratings severity ratings reasonable with poor or no severity ratings severity ratings Q2. Existing threats to digital identities from use of SaaS database Comprehensive exploration of threats and risks to digital identities Thorough exploration of threats and risks to digital Detailed exploration of threats and risks to digital Adequate exploration of threats and risks to digital Incomplete or irrelevant exploration of threats and that includes well identities that identities that identities that risks to digital thought out includes good includes some includes some identities that reasoning reasoning good reasoning reasoning has little or no reasoning

len1794763

1/3/2018 7:20:15 AM

Marking Rubric Question HD DI CR PS FL Q1a. Existing threats to Security of client data Comprehensive exploration of threats and risks to security of data that Thorough exploration of threats and risks to security of Detailed exploration of threats and risks to security Adequate exploration of threats and risks to security Incomplete or irrelevant exploration of threats and includes well data that of data that of data that risks to security thought out includes good includes some includes some of data that has reasoning reasoning good reasoning reasoning little or no reasoning Q1b. New threats to security of client data Comprehensive exploration of new threats and risks to Thorough exploration of new threats and Detailed exploration of new threats Adequate exploration of new threats Incomplete or irrelevant exploration of security of data that risks to security and risks to and risks to new threats includes well of data that security of data security of data and risks to thought out includes good that includes that includes security of data reasoning reasoning some good some that has little reasoning reasoning or no reasoning

Write a Review

Required(*) Message

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

User Account

All Pages