Privacy and Security System | Assignment
Added on - 25 Sep 2019
Assessment item 1Privacy and Security Reflectionvalue- 10%Due Date:25-Jul-2018Length:Approx. 3000 wordsTaskThis assignment is designed to get you to reflect on your personal approach and feelings oninformation security and privacy.Read:Lau, Y. (2015). Cybercrime in cloud: Risks and responses in Hong Kong, Singapore. In Ko,R., & Choo, K.(Eds.). (2015). The Cloud Security Ecosystem: Technical, Legal, Business andManagement Issues. Waltham, MA: Syngress.This chapter discusses some of the approaches to cybercrime that are taken by both the HongKong and Singapore governments. But, any approach to cybercrime comes with risks toinformation security and privacy.Tasks:Assume that an Australian State Government has reviewed the Singapore Government’sSmart Nation Plan and has decided to implement their own Smart State Plan. This willinitially consist of a network of smart sensors and cameras at traffic lights, bus stops, rubbishbins, etc. in their CBD to monitor citizens behaviour and address street crime.1. Discuss what you see as the personal and ethical implications for your privacy of theproposed Government’s Smart Sensor Network by looking at:a. The types or categories of people affected by this proposal,b. What behavioural changes you might expect to see from normal citizens,c. Would you expect to see changes in individual behaviours, such as choice of activities,changes in time schedules, etc.The next part of the Government’s plan is to deploy a Smart WiFi Network which willconsist of a series of sensor boxes to act as WiFi hotspots throughout the city. This wouldallow the introduction of a heterogeneous network where smart phones and other devicescould seamless switch between mobile data and WiFi.2. Discuss what you see as the personal and ethical implications for your privacy of theproposed Government’s Smart WiFi Network by looking at:
a. The types or categories of people affected by this proposal,b. What behavioural changes you might expect to see from normal citizens using theirmobile devices in the CBD,c. Would you expect to see changes in individual behaviours, such as choice of activities,changes in time schedules, etc.d. What are the implications for you If you had sensitive information on your mobiledevice that you did not want to share?The Smart State Plan will also enrol all citizens with a Digital Identity to ensure that they cancorrectly be identified and access services provided by the state both electronically andphysically.3. If you were visiting the State Capital after the Smart State Plan has rolled out, do you thinkthat the use of a digital identity would assist you to maintain your privacy while using yourmobile phone or devices during your visit? Discuss the reasons for your answer.4. What steps do you think that you could take to ensure the security and privacy of yourdigital identity while operating your mobile device(s) in this environment? Discuss each stepthat you would take along with its advantages and disadvantages.Each question is worth 25 marks and your overall score will be scaled out of 10. As a guide,your word limit for this assignment should be around 3,000 words.Rationaleback to topThis assessment task will assess the following learning outcome/s:be able to critically analyse the legal, ethical and business concerns for the securityand privacy of data to be deployed to the cloud.Marking criteria and standards
QuestionHDQ1. Smart Sensors (25 marks)Comprehensiveexploration of privacyand ethical issuesfrom both personaland behaviouralviewpointsThoroughexplorationofprivacy andethicalissueswithgoodpersonal andbehaviouralviewpointsQ2. WiFi hotspots (25 marks)Comprehensive exploration of security& sensitive data issues from bothpersonal and behavioural viewpointsThorough exploration of security &sensitive data issues with manypersonal and behavioural viewpointsQ3. Digital Identity (25 marks)Comprehensive discussion of issueswith use of digital identityThorough discussion of issues with useof digital identityQ4. Security & privacy controls (25marks)Comprehensive exploration of steps totake to enhance security and privacyof mobile devicesThorough exploration of steps to take toenhance security and privacydevicesPresentation
Assessment item 2Risk AssessmentDue Date:1-Aug-2018Length-5000wordsValue-25%TaskScenarioYou are the principal consultant for a community based Charity. The Charity is involved inlocating and providing accommodation, mental health services, training and support servicesto disadvantaged people in the community.The Charity currently runs a small data centre that has some 50 x86 64 bit servers runningmainly Windows Server 2008 R2 for desktop services, database and file services. It also has10 Red Hat Enterprise Linux 5 servers to service public facing Web pages, Web services andsupport.The Charity is considering joining a community cloud provided by a public cloud vendor inorder to provide a number of applications to all 500 support staff and administrative users. Asmall number of the Charity's applications are mission critical and the data that thoseapplications use is both confidential and time sensitive.The community cloud would also be used to store the Charity's 200TB of data. The datawould be held in a SaaS database run by the public cloud vendor. The Charity's data containsa considerable amount of confidential information about the people to whom the Charityprovides services.The Charity collects PII data on the clients who use its services so that it can assist them tomanage their different service requirements. This PII data also includes holding some digitalidentity data for some of the more disadvantaged clients, particularly if they also have mentalhealth issues.
The cloud vendor has made a presentation to management that indicates that operational costswill drop dramatically if the cloud model is adopted. However, the Board of the Charity isconcerned with the privacy and security of the data that it holds on the people that it providesservices to in the community. It is concerned that a data breach may cause considerabledamage to substantially disadvantaged people in the community.The Board asks that you prepare a report that proposes appropriate privacy and securitypolicies for the Charity's data.The charity has also decided to:Purchasea HR and personnelmanagementapplicationfrom a US basedcompanythatprovidesa SaaS solution.oThe applicationwill providethe charitywith a completeHR suite, whichwill alsoincludeperformancemanagement.The applicationproviderhas advisedthat thecompany'smain databaseis in California,with a replicain Dublin,Ireland.However,all data processing,configuration,maintenance,updatesand featurereleasesareprovidedfrom the applicationprovider'sprocessingcentrein Bangalore,India.oEmployeedata will be uploadedfrom the charitydaily at 12:00AEST.This will beprocessedin Bangalorebeforebeingloadedinto the main providerdatabase.oEmployeescan accesstheir HR and PerformanceManagementinformationthrougha link placedon the Charityintranet.Each employeewill use their internalcharitydigitalID to authenticateto the HR and Performancemanagementsystem.TheinternaldigitalID is generatedby the charity'sActiveDirectoryinstanceand is usedfor internalauthenticationand authorisation.Movethe charitypayrollto a COTS (CommercialOff The Shelf)applicationthat it willmanagein a publiccloud;Movethe charityIntranetinto a MicrosoftSharePointPaaS offeringso that it can provideIntranetservicesto all agenciesin the WofG.TasksYou have been engaged to provide a risk assessment for the planned moves to SaaSapplication offerings.You are to write a report that assesses the risks to the charity for just their planned moves inthe HR area:1.Considerthe data and informationthat the charityholds on its employeesin the currentHRsystem.1.Establishthe existingthreatsand risks to the securityof that data and informationcontainedin the in-houseHR database.(10 marks)2.Are there any additionalrisks and threatsto employeedata that may arise aftermigrationto an SaaS application?(10 marks)3.Assessthe resultingseverityof risk and threatto employeedata. (10 marks)2.Considerthe privacyof the data for thoseemployeeswho will moveto an SaaS application.
1.Establishthe existingthreatsand risks to the privacyof that data and informationcontainedin the in houseHR database.(10 marks)2.Are there any additionalrisks and threatsto the privacyof the employeedata aftermigrationto an SaaS application?(10 marks)3.Assessthe resultingseverityof risk and threatto the privacyof employeedata. (10marks)3.What are the threatsand risks to the digitalidentitiesof charityemployeesfrom the moveto SaaS applications?(10 marks)4.Considerthe operationalsolutionand location(s)of the SaaS providerfor HR management.Does eitherthe operationalsolution,or the operationallocation,or both, increaseormitigatethe threatsand risks identifiedfor the securityand privacyof employeedata?(20marks)5.Are there any issuesof ethics,data sensitivityor jurisdictionthat shouldbe consideredbythe charity?(10 marks)You are to provide a written report with the following headings:Securityof EmployeeDataPrivacyof EmployeeDataDigitalIdentityIssuesProviderSolutionIssuesData SensitivityAs a rough guide, the report should not be longer than about 5,000 words.RationaleThis assessment task will assess the following learning outcome/s:be able to examinethe legal, businessand privacyrequirementsfor a clouddeploymentmodel.be able to evaluatethe risk managementrequirementsfor a cloud deploymentmodel.be able to criticallyanalysethe legal, ethicaland businessconcernsfor the securityandprivacyof data to be deployedto the cloud.Marking criteria and standardsQuestionHDDIQ1.1. Existing threats to Security ofComprehensive exploration of threatsThoroughexploration of threats and