User Account

All Pages

Establish the existing threats and risks to the security

Assignment Help Business Management
Reference no: EM132078275

Risk Assessment

Task

Scenario

You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to disadvantaged people in the community.

The Charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly Windows Server 2008 R2 for desktop services, database and file services. It also has 10 Red Hat Enterprise Linux 5 servers to service public facing Web pages, Web services and support.

The Charity is considering joining a community cloud provided by a public cloud vendor in order to provide a number of applications to all 500 support staff and administrative users. A small number of the Charity's applications are mission critical and the data that those applications use is both confidential and time sensitive.

The community cloud would also be used to store the Charity's 200TB of data. The data would be held in a SaaS database run by the public cloud vendor. The Charity's data contains a considerable amount of confidential information about the people to whom the Charity provides services.

The Charity collects PII data on the clients who use its services so that it can assist them to manage their different service requirements. This PII data also includes holding some digital identity data for some of the more disadvantaged clients, particularly if they also have mental health issues.

The cloud vendor has made a presentation to management that indicates that operational costs will drop dramatically if the cloud model is adopted. However, the Board of the Charity is concerned with the privacy and security of the data that it holds on the people that it provides services to in the community. It is concerned that a data breach may cause considerable damage to substantially disadvantaged people in the community.

The Board asks that you prepare a report that proposes appropriate privacy and security policies for the Charity's data.

The charity has also decided to:

  • Purchase a HR and personnel management application from a US based company that provides a SaaS solution.
    • The application will provide the charity with a complete HR suite, which will also include performance management. The application provider has advised that the company's main database is in California, with a replica in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider's processing centre in Bangalore, India.
    • Employee data will be uploaded from the charity daily at 12:00 AEST. This will be processed in Bangalore before being loaded into the main provider database.
    • Employees can access their HR and Performance Management information through a link placed on the Charity intranet. Each employee will use their internal charity digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by the charity's Active Directory instance and is used for internal authentication and authorisation.
  • Move the charity payroll to a COTS (Commercial Off The Shelf) application that it will manage in a public cloud;
  • Move the charity Intranet into a Microsoft SharePoint PaaS offering so that it can provide Intranet services to all agencies in the WofG.

Tasks

You have been engaged to provide a risk assessment for the planned moves to SaaS application offerings.

You are to write a report that assesses the risks to the charity for just their planned moves in the HR area:

  1. Consider the data and information that the charity holds on its employees in the current HR system.
    1. Establish the existing threats and risks to the security of that data and information contained in the in-house HR database.
    2. Are there any additional risks and threats to employee data that may arise after migration to an SaaS application?
    3. Assess the resulting severity of risk and threat to employee data.
  2. Consider the privacy of the data for those employees who will move to an SaaS application.
    1. Establish the existing threats and risks to the privacy of that data and information contained in the in house HR database.
    2. Are there any additional risks and threats to the privacy of the employee data after migration to an SaaS application?
    3. Assess the resulting severity of risk and threat to the privacy of employee data.
  3. What are the threats and risks to the digital identities of charity employees from the move to SaaS applications?
  4. Consider the operational solution and location(s) of the SaaS provider for HR management. Does either the operational solution, or the operational location, or both, increase or mitigate the threats and risks identified for the security and privacy of employee data?
  5. Are there any issues of ethics, data sensitivity or jurisdiction that should be considered by the charity?

You are to provide a written report with the following headings:

  • Security of Employee Data
  • Privacy of Employee Data
  • Digital Identity Issues
  • Provider Solution Issues
  • Data Sensitivity

As a rough guide, the report should not be longer than about 5,000 words.

Reference no: EM132078275

Questions Cloud

Reflect on how you applied the knowledge gained in security : Reflect on how you applied the knowledge gained in Security Architecture and Design & Physical Security classes this semester to your internship or work.
What are the tax implications of this distribution : Cash of $50,000 is distributed to Pearlie on November 15. What are the tax implications of this distribution
How should you not report computer crime : What is most often overlooked when planning for information security?What is not considered the misuse of information?
Recruitment and selection in canada : Read the Google case presented on page 518 of Recruitment and Selection in Canada(2016). You have been hired by Google to evaluate its newly implemented
Establish the existing threats and risks to the security : Establish the existing threats and risks to the security of that data and information contained in the in-house HR database.
How does robot security devices allow effective security : How does robot security devices allow effective and safer security in dangerous areas? In proper APA format, write a minimum of 2 paragraphs.
Write about the physical security in detail : Write 250 words on physical security and 250 words on telecommunications network security related to work experience. How do we use them in our work environment
Emergency medical treatment and active labor act : The Emergency Medical Treatment and Active Labor Act (EMTALA) mandates that individuals cannot be refused medical treatment from a hospital for the inability
What you would recommend as an alternative tool : BUS519 Review the Monte Carlo Analysis method presented in Chapter 15 of the Hillson and Simon text. Then, determine whether or not you would recommend.

Reviews

Write a Review

Business Management Questions & Answers

  What skills and traits do you believe make a good manager

What skills and traits do you believe make a good manager? Do you think these skills and traits are learned or innate, and why? Search the internet for an article that supports your position and post the link in your thread for everyone to read.

  What are the benefits to the aim approach

What are the benefits to the Aim Approach: Toward an All-Inclusive Workplace? Please provide opinions, thoughts and feelings and provide any references.

  Organizational sectors

Explain what are the different organizational sectors and what is the function of design in manufacturing?

  Valid for purposes of assignment

Please note: Wikipedia and other sources are NOT considered to be valid for purposes of this assignment.

  Start with a small finanicial goal

Is the best approach is to start with a small finanicial goal, and build up to a larger financial goal to avoid being discouraged?

  Difference between the short-run and long-run

The difference between the short-run and long-run explains why many Canadian oil companies have continued to produce output even though the low price of oil means that they are earning negative economic profits.

  Organization maintain its image while dealing

How can an organization maintain its image while dealing with a talent surplus? If layoffs are necessary, what would you recommend managers do to ensure that survivors remain committed and productive?

  How does the patient protection and affordable care act

How does the Patient Protection and Affordable Care Act (PPACA) affect our health care system--the needs, the access, the financing

  Adr clause to the contract

Which party is likely to benefit the most from the addition of the ADR clause to the contract? Explain.

  Hypothesis and sub hypotheses

The seven parts of this research must be written in APA format and must include the context of the problem, statement of the problem, research question and sub questions or hypothesis and sub hypotheses, significance of the study, research design and..

  Annual growth rates for the us economy

What are the annual growth rates for the U.S. economy over the last 5 - 10 years? Has GDP been growing or declining over this time-frame? Explain what factors might have caused GP to increase or decrease over this time-frame.

  Artistic expression to being about money

Over the last century,do you think music has changed from being about artistic expression to being about money and business?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd