User Account

All Pages

Develop privacy and personal data protection strategies

Assignment Help Computer Network Security
Reference no: EM132103286

Scenario

You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to disadvantaged people in the community.

The Charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly Windows Server 2008 R2 for desktop services, database and file services. It also has 10 Red Hat Enterprise Linux 5 servers to service public facing Web pages, Web services and support.

The Charity is considering joining a community cloud provided by a public cloud vendor in order to provide a number of applications to all 500 support staff and administrative users. A small number of the Charity's applications are mission critical and the data that those applications use is both confidential and time sensitive.

The community cloud would also be used to store the Charity's 200TB of data. The data would be held in a SaaS database run by the public cloud vendor. The Charity's data contains a considerable amount of confidential information about the people to whom the Charity provides services.

The Charity collects PII data on the clients who use its services so that it can assist them to manage their different service requirements. This PII data also includes holding some digital identity data for some of the more disadvantaged clients, particularly if they also have mental health issues.

The cloud vendor has made a presentation to management that indicates that operational costs will drop dramatically if the cloud model is adopted. However, the Board of the Charity is concerned with the privacy and security of the data that it holds on the people that it provides services to in the community. It is concerned that a data breach may cause considerable damage to substantially disadvantaged people in the community.

The Board asks that you prepare a report that proposes appropriate privacy and security policies for the Charity's data.

The charity has also decided to:
- Purchase a HR and personnel management application from a US based company that provides a SaaS application.

o The application will provide the charity with a HR suite that will provide a complete HR suite which will also include performance management. The application provider has advised that the company's main database is in California, with a replica in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider's processing centre in Bangalore, India.

o Employee data will be uploaded from DAS daily at 12:00 AEST. This will be processed in Bangalore before being loaded into the main provider database.

o Employees can access their HR and Performance Management information through a link placed on the charity intranet. Each employee will use their internal charity digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by the charity's Active Directory Instance and is used for internal authentication and authorisation.

- Move the the charity payroll to a COTS (Commercial Off The Shelf) application that it will manage in a public cloud;
o This application will provide the Charity with the suite of tools necessary to process and manage payrolls for all agencies within DAS. The application provider has advised that their software is distributed throughout the AWS cloud with instances in US East, US West, Europe, Asia Pacific, China and South America.
o All configuration, maintenance, updates and feature releases are provided from the provider's offices in San Francisco, Beijing, Singapore, Mumbai and Dublin.
o The provider does not do any additional processing of data entered into the application.
o The charity payroll staff may access the payroll application through a SSO (Single Sign On) link to a secure URL. Authentication is made using the user's charity ID credentials. Each authorised user's authentication credentials are uploaded to the application to allow them to logon and access the payroll.
o Data is uploaded to the application by the charity's payroll staff for each agency staff member, but can also be uploaded in bulk using a CSV file. CSV files are uploaded using an upload link in the application.
o Completed payroll files are sent to the appropriate banking institutions through a secure link provided by each bank.
o Regular transaction and audit reports for each agency are available to the charity's payroll staff.

- Move the charity Intranet into a Microsoft SharePoint PaaS platform so that it can provide Intranet services to all users in the charity no matter where they are located.

o This solution will provide the charity with the ability to provide Intranet services to all users with each charity location having its own site within the overall structure.
o The PaaS offering has been chosen as it gives the charity administrators the ability to configure the sites for all separate charity locations, and still allow users to access any of those individual sites.
o The application provider has advised that their software is distributed throughout the Azure cloud with instances in US East, US West, Europe, Asia Pacific, China and Australia.
o It is proposed that users will be able to access the platform through an SSO (Single Sign On) link to the platform portal. Authentication will be made using the user's charity ID credentials . The charity will need to use Active Directory Federated Services (ADFS) to federate to an Azure AD instance for authentication and authorisation. This authentication process will be validated with a SAML 2.0 certificate.
o The charity's web staff will be able to configure all the separate charity location sites to reflect their own internal news, along with a range of news provided by the charity.

Tasks
After your successful engagement to provide a security and privacy risk assessment for the charity, you and your team have again been engaged to develop privacy and personal data protection strategies for the charity.

The task:

Your team is to write a report that proposes appropriate policies for DAS in the following areas:
1. Develop a Privacy strategy proposal for the charity. The strategy should include the following items:
1. Management of personal information,
2. Collection and management of solicited personal information,
2. The controls that you recommend that would:
1. Implement the privacy strategy.
3. Develop a personal data protection strategy proposal for the charity. This strategy should include:
1. Protection of personal information,
4. The controls that you recommend that would:
1. Mitigate the previously identified security risks,

Reference no: EM132103286

Questions Cloud

Determine the amount of cash laura dress delivery expects : Required: Determine the amount of cash Laura's Dress Delivery expects to collect from accounts receivable during January
Which of logical fallacies were using trying to persuade you : Write of a time that someone tried to persuade you by using one of the 17 logical fallacies described in your first power point? Name which specific fallacy.
Discuss your thoughts on what seung is describing : In your response, discuss your thoughts on what Seung is describing. Summarize his key points. What are strengths/limitations of his findings?
Compute the company return on investment : BusServ Corporation provides business-to-business services on the Internet. Compute the company's return on investment (ROI)
Develop privacy and personal data protection strategies : write a report that proposes appropriate policies for DAS - Management of personal information - develop privacy and personal data protection strategies
What is our business strategy : What is our business strategy? and, How do we develop leaders capable of executing our strategy?
Design a program based on research methods : The work you have done during your internship at ACME has been recognized and now there are many agencies in your area looking for a comprehensive plan using.
Why write literature reviews : A literature review can be just a simple summary of the sources, but it usually has an organizational pattern and combines both summary and synthesis.
Prepare a production budget for the third quarter : Required: Prepare a production budget for the third quarter showing the number of units to be produced each month and for the quarter in total

Reviews

inf2103286

10/15/2018 9:36:00 PM

Appreciate the assignment. Thanks to the expert who has completed my homework. This is one of the best experts on expertsmind follows all instructions will give you A+ WORK PICK THIS EXPERT !!!! Appreciations !!

len2103286

9/3/2018 9:52:26 PM

please make my assignment accurately i want reference with plagiarism report. kindly make sure the fonts size must be 11 and add 5 references of APA style. thats all i want. please make it a quality one, i want maximum marks.

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd