User Account

All Pages

ITC568 Cloud Privacy and Security Assignment

Assignment Help Computer Engineering
Reference no: EM132847332 , Length: 2560 WORDS

ITC568 Cloud Privacy and Security - Charles Sturt University

Learning outcome 1: be able to examine the legal, business and privacy requirements for a cloud deployment model;

Learning outcome 2: be able to evaluate the risk management requirements for a cloud deployment model;
Learning outcome 3: be able to critically analyse the legal, ethical and business concerns for the security and privacy of data to be deployed to the cloud;
Learning outcome 4: be able to develop and present a series of proposed security controls to manage the security and privacy of data deployed to the cloud;
Learning outcome 5: be able to develop and present a cloud governance framework to underpin the cloud operations for an enterprise.

Assessment item 1 - Privacy and Security Ethical Assessment

This assignment is designed to get you to reflect on your personal approach and feelings on information security and privacy.

Task:

A State Government has decided to implement their own Automated Facial Recognition Authentication (AFRA) system to enhance user authentication and identification for access to various state-level services. Initially, these services are to include application for, and renewal of, vehicle, boat and firearms licences. The government has said that these services will use AFRA as a trial to assess the benefits and savings before considering a wider roll-out to other services.

The State Police Service have indicated that they would like to see a roll-out of AFRA into the streets of all major cities in the state. They believe that AFRA would enable the Police to quickly identify criminals and other "persons of interest".

You have been asked to prepare a paper that considers the possible risks, benefits and ethical implications of the proposed uses of the AFRA system.

Your report should cover the following:

1. Discuss the possible risks and benefits that could be realised from the use of the AFRA system to identify individual users who wish to apply for or renew a licence.

2. Discuss the ethical implications for an individual's privacy from their use of AFRA to apply for or renew a licence.

3. Discuss the possible risk, benefits and ethical implications of the State Police's proposed use of AFRA.

4. What do you see as the potential legal and ethical implications (particularly with regard to the Privacy Act) of introducing AFRA, firstly for user access to state services and secondly for use on the streets of major cities?

As a guide, your word limit for this assignment should be around 2,000 words. Referencing using the APA 7th edition format is required.

Assessment item 2 - Case Study Risk Assessment

Scenario

The Department of Administrative Services (DAS) provides a number of services to other departments in an Australian State Government. These services include HR and personnel management, payroll, contract tendering management, contractor management, and procurement. These services have all been provided from the Department's own data centres.
As a result of a change in Government policy, DAS is moving to a "Shared Services" approach. This approach will mean that DAS will centralise a number of services for the whole of Government (WofG). The result of this move will be that each Department or Agency that runs one of these services for its own users, will be required to migrate its data to DAS so that it can be consolidated into one of the DAS centralised databases. DAS will then provide these consolidated services to all other Departments and Agencies within the Government.
Another Government policy mandates a "Cloud first" approach to the process of updating or acquiring software or services. Following these strategic policy changes from Government, DAS has decided to:

• Purchase a HR and personnel management application from a US based company that provides a SaaS solution.

The application will provide DAS with a HR suite that will provide a complete HR suite which will also include performance management. The application provider has advised that the company's main database is located in a Cloud datacentre based in California in the United States, with a replica database located in a cloud datacentre in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider's processing centre in Bangalore, India.

Employee data will be uploaded from DAS daily at 12:00 AEST. This will be initially transferred to Bangalore in India for processing before being loaded into the main provider database in California.

Employees will be able to access their HR and Performance Management information through a link placed on the DAS intranet. Each employee will use their internal agency digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by each agency's Active Directory instance and is used for internal authentication and authorisation.

• Move the DAS payroll to a COTS (Commercial Off The Shelf) application that it will manage in a public cloud;
You may wish to consider the Cloud Security Alliance 2019 Cloud Security Complexity report as part of your response.

Tasks
You have been engaged to provide a risk assessment for the planned move to s HR SaaS application offering.
You are to write a report that assesses the risk to DAS in the following areas:
1. Consider the data and information that DAS holds on its employees in the current HR system.
a. Establish the existing threats and risks to the security of that data and information contained in the in house HR database.
b. Are there any other risks and threats to the employee data after migration to
an SaaS application?

c. Assess the resulting severity of risk and threat to employee data.
2. Consider the privacy of the data for those employees who will move to an SaaS application.
a. Establish the existing threats and risks to the privacy of that data and information contained in the in house HR database.
b. Are there any other risks and threats to the privacy of the employee data after migration to an SaaS application?
c. Assess the resulting severity of risk and threat to the privacy of employee data.
3. What are the threats and risks to the digital identities of Government employees from the move to SaaS applications?

You are to provide a written report with the following headings:
• Security of Employee Data
• Privacy of Employee Data
• Digital Identity Issues
As a rough guide, the report should be no more than about 3,000 words.

Assessment item 3 - Privacy and Data Protection Assessment

Scenario

The Department of Administrative Services (DAS) provides a number of services to other departments in an Australian State Government. These services include HR and personnel management, payroll, contract tendering management, contractor management, and procurement. These services have all been provided from the Department's own data centres.

As a result of a change in Government policy, DAS is moving to a "Shared Services" approach. This approach will mean that DAS will centralise a number of services for the whole of Government (WofG). The result of this move will be that each Department or Agency that runs one of these services for its own users, will be required to migrate its data to DAS so that it can be consolidated into one of the DAS centralised databases. DAS will then provide these consolidated services to all other Departments and Agencies within the Government.

Another Government policy mandates a "Cloud first" approach to the process of updating or acquiring software or services. Following these strategic policy changes from Government, DAS has decided to:

• Purchase a HR and personnel management application from a US based company that provides a SaaS solution.

The application will provide DAS with a HR suite that will provide a complete HR suite which will also include performance management. The application provider has advised that the company's main database is located in a Cloud datacentre based in California in the United States, with a replica database located in a cloud datacentre in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider's processing centre in Bangalore, India.

Employee data will be uploaded from DAS daily at 12:00 AEST. This will be initially transferred to Bangalore in India for processing before being loaded into the main provider database in California.

Employees will be able to access their HR and Performance Management information through a link placed on the DAS intranet. Each employee will use their internal agency digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by each agency's Active Directory instance and is used for internal authentication and authorisation.

Tasks
After your successful engagement to provide a security and privacy risk assessment for the DAS, you have again been engaged to consider some additional questions that DAS management has raised.

Prepare a presentation for DAS Management using the TRA you recently completed on the security and privacy of employee data. Your presentation is to show:

1. Discuss whether the operational solution using a SaaS application, and the location(s) of the SaaS provider for HR management, may affect the security posture of DAS.

2. Discuss whether the operational solution, the operational location(s), or both, act to increase or mitigate the threats and risks identified for the security and privacy of employee data?

3. Discuss the security and privacy implications for DAS of the data processing location?

4. Discuss any issues of data sensitivity that you think should be considered with either the chosen solution or the storage/processing locations?

5. Discuss any issues of data sovereignty that you think should be considered?

Assessment item 4 - Privacy & Data Strategy

Scenario
The Department of Administrative Services (DAS) provides a number of services to other departments in an Australian State Government. These services include HR and personnel management, payroll, contract tendering management, contractor management, and procurement. These services have all been provided from the Department's own data centres.
As a result of a change in Government policy, DAS is moving to a "Shared Services" approach. This approach will mean that DAS will centralise a number of services for the whole of

Government (WofG). This means that each Department or Agency that runs one of these services for its own users, will be required to migrate its data to DAS so that it can be consolidated into the DAS centralised database. DAS will then provide these consolidated services to all other Departments and Agencies within the Government.

The Government has now decided that they want to centralise the application and renewal of licences from a number of different agencies into one single portal. The portal will be branded as MyLicence. The Government's strategy is that the process of licence application or renewal for virtually all licences follows an almost identical workflow, even though some of the data may differ for different types of licences. Their aim is to have a single workflow for all licences, with some additional steps in case of special requirements for a particular type of licence.

The Government also sees the opportunity to gain a better view of what licences each citizen holds, and wants to link that data to other data that they hold about each citizen. In order to achieve this, the Government plans to encourage citizens to register on the MyLicence portal and create their own informal digital identity. This will allow all the licences, renewal dates, and other associated information for that digital identity to be available for viewing on a single page. This data, particularly when linked to a citizen's digital identity, can then be used for more effective planning and decision making by Government and other public agencies.

The plan also has the advantage of simplifying the process of acquiring and renewing licences for its citizens so that they only need to go to a single web portal to acquire the licenses that they require.

The Government proposes, in line with its "Cloud First" policy, to use a public cloud provider to host the MyLicence portal, processing and databases. The Government also wants to ensure that all data remains on Australian soil so that it can ensure that data sovereignty does not cause any issues with MyLicence. However the Government is also committed to ensuring that the MyLicence portal makes maximum use of all the possible advantages of the public cloud.

Tasks

After your successful engagement to provide a security and privacy risk assessment for the DAS, you have again been engaged to develop a Personally Identifiable Information (PII) privacy and personal data protection strategy for the MyLicence portal.

You are to write a report that proposes appropriate policies for DAS in the following areas:

1. Develop a PII strategy proposal for the DAS MyLicence portal. The strategy should consider the threats and risks to both Privacy and data protection for the PII data collected in the MyLicence portal as well as possible controls to mitigate the identified risks.

2. Develop a strategy to protect the informal Digital Identity that a user may create in the MyLicence portal. You should consider both the privacy and data protection aspects for a digital identity as well as possible controls to mitigate the identified risks.

3. Develop a strategy to ensure data sovereignty for the MyLicence portal

4. Develop a PowerPoint or Google slides presentation that gives a comprehensive overview of the three (3) tasks in a maximum of 30 slides.

You are to submit the following documents to complete this assessment:

• A PowerPoint or Google slides presentation that gives a comprehensive overview of the three (3) tasks.
The presentation should be a maximum of 30 slides, including introduction, conclusions and recommendations.
Each slide should have speaking notes in the Notes section which expand on the information in the slide.
The slides should give refer to the additional information contained in the appendices.
Images and quotations used in slides must be referenced on that slide. The slide deck does not require a reference list.
• The PII strategy is to be attached in a separate Word document. This document should be fully referenced in APA 7th edition format, and should not exceed 3 pages. This document title is to be: Appendix A: PII Strategy for MyLicence.
• The Digital Identity strategy is to be attached in a separate Word document. This document should be fully referenced in APA 7th edition format, and should not exceed 3 pages. This document title is to be: Appendix A: Digital Identity Strategy for MyLicence.
• The Data Sovereignty strategy is to be attached in a separate Word document. This document should be fully referenced in APA 7th edition format, and should not exceed 3 pages. This document title is to be: Appendix C: Data Sovereignty Strategy for MyLicence.

Assessment item 5 - Security, Privacy and Data Sovereignty strategy

Scenario
The sudden increase in COVID-19 cases worldwide has caused considerable disruption in many countries. However, a number of countries have started to use an individual tracking approach to try and contain the spread of the virus.

A number of countries have developed mobile phone apps that track people and their movements.

Tasks

After your successful engagement to develop privacy and personal data protection strategies for DAS, you have been engaged by the Department of Health (DoH) to advise on the development of privacy and data protection for CovidSafe users. DoH expect up to 16 million Australian mobile users to download and use this app. DoH have announced that they will be using a major U.S. based public cloud provider to host the CovidSafe data, but claim that the data will always be under Australian Government control.

You are to provide a report to DoH that:

1. Discusses the possible threats and risks to the security of user data on mobile phones, and in linked Cloud and financial accounts from the use of the CovidSafe app.

2. Discusses the possible threats to the privacy of a user's data, location and activities from the use of the CovidSafe app.

3. Discusses the issues of data sovereignty that may apply to the storage of CovidSafe data in U.S. based Cloud storage.

4. You are to recommend that DoH adopt:
a. Possible security controls that would prevent the loss or breach of user data, while still enabling effective tracking for COVID-19, and the reasons these controls will be effective.
b. Possible privacy controls to protect user privacy, particularly of data, location and activity, while still enabling effective tracking of COVID-19, and the reasons these controls will be effective.
c. Possible controls to ensure that the CovidSafe data remains under Australian data sovereignty and control, and the reasons these controls will be effective.

Presentation
Your report should use the following heading structure:
• Data and security risks
• Privacy, location and activity issues
• Data sovereignty issues
• Recommendations:
Security controls Privacy controls
Data sovereignty controls
Your report should be about 3,000 to 4,000 words.

Attachment:- Cloud Privacy and Security.rar

Reference no: EM132847332

Questions Cloud

What is effective decision making : What is effective decision making? Please let me know where you received your information
Discussion-mia hunter-contains unread posts : The topic that I chose was Product Development. I found an article related to COVID19 and in light of a global pandemic, the federal government pursued efforts
Explain personnel plan-hrm plan remain consistent and static : Benjamin Franklin once suggested that failure to plan is a plan to fail. Thus, is it critical that business plans have developed that chart the future direction
Compute the net purchase amounts under the net method : The purchase discount is 2/10, n/30. Freight is 500, FOB shipping point, freight collect. Compute the net purchase amounts under the net method
ITC568 Cloud Privacy and Security Assignment : ITC568 Cloud Privacy and Security Assignment Help and Solution, Charles Sturt University - Assessment Writing Service
Effective leadership in the achievement of organisationa : About 10 secondary objectives of effective leadership in the achievement of organisation?
Are there any known any transformational leaders : Are there any known any transformational leaders? What were they like? What did they do to make them a transformational leader?
What are strategic alternatives available to healthcare : What are strategic alternatives available to healthcare organizations today?
Discuss recent developments on brexit : a. Discuss recent developments on Brexit, NAFTA/USMCA, and TPP/CPTPP. Be sure to first give a brief synopsis each.

Reviews

Write a Review

Computer Engineering Questions & Answers

  Create a movie where one item is moving from top to bottom

Write a function to create a movie where one item is moving from the top to the bottom and another item is moving from the bottom to the top.

  Do you think that this vision explains innovation

Do you think that this vision explains innovation and research in HCI 1998-2017?

  Change the algorithms parameters and comment on the results

Apriori accepts only nominal data types while FPgrowth only accepts binominal data types.

  Implementing model to check the vulnerability

Construct a simple threat model which explains the risk this represents: attacker(s), vulnerability, assets, attack vector, and the likelihood of occurrence, likely impact, and the plausible mitigations.

  How much time will it take with pipelining fully explain

alwaysclean is a laundromat that has three operations wash dry and iron. it takes 30 minutes to wash one load 40

  Write seperate functions that return the allowed processors

Write seperate functions that return the allowed processors, last used process, and number of threads of a process when given a user provided pid.

  Define the metadata

Define the metadata. Do you think it is important to remove metadata before distributing a document? Justify your answer.

  Compute the velocity of a parachutist exactly and numerical

Write pseudocode for a function that computes the velocity of a parachutist exactly and numerically as a function of time from 0s to 30s using Euler's method.

  Explain each risk impact on the organization

Explain each risk's impact on the organization. Provide a defined mitigation for each vulnerability, such as an incident response plan, disaster recovery plan.

  What are the differences between sgml xml and xhtml

Use your favorite search engine to figure out what are the differences between SGML, HTML 5, XML, HTML 4.01, and XHTML.

  Determine the structure of the write-up

Has the aim of the project been clearly stated to align with and provide as solution to the project problem - Has a review of relevant literature been conducted

  Determine processing gain and interference margin

[Processing Gain and Interference Margin] Suppose that we require Eb/Jo = 10 dB to achieve reliable communication with binary PSK.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd