Cloud Privacy and Security
VerifiedAdded on  2023/06/04
|18
|3664
|384
AI Summary
This article discusses the risks associated with storing personally identifiable information (PII) in the cloud and proposes strategies for mitigating them. The article covers cyber security, malware infection, stolen storage devices, hacking, and operational risks. The TRA document is used to identify the risks and propose mitigation strategies. The article is relevant for anyone interested in cloud privacy and security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author Note
Cloud Privacy and Security
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
CLOUD PRIVACY AND SECURITY
Table of Contents
Appendix A: The TRA........................................................................................................2
References........................................................................................................................6
Appendix B: PII Strategy.....................................................................................................7
Cyber security Attack and Mitigation Strategy...............................................................7
Malware Infection by Phishing and Mitigation Strategy.................................................8
Risk of Stolen Storage devices and its mitigation...........................................................9
Risk of Hacking or gaining Physical access to the network and its Mitigation..............9
Operational Risk and Mitigation strategy......................................................................10
References......................................................................................................................11
Appendix C: Digital Identity.............................................................................................12
Strategy..........................................................................................................................12
References......................................................................................................................14
Appendix D: Governance Plan..........................................................................................15
References......................................................................................................................17
CLOUD PRIVACY AND SECURITY
Table of Contents
Appendix A: The TRA........................................................................................................2
References........................................................................................................................6
Appendix B: PII Strategy.....................................................................................................7
Cyber security Attack and Mitigation Strategy...............................................................7
Malware Infection by Phishing and Mitigation Strategy.................................................8
Risk of Stolen Storage devices and its mitigation...........................................................9
Risk of Hacking or gaining Physical access to the network and its Mitigation..............9
Operational Risk and Mitigation strategy......................................................................10
References......................................................................................................................11
Appendix C: Digital Identity.............................................................................................12
Strategy..........................................................................................................................12
References......................................................................................................................14
Appendix D: Governance Plan..........................................................................................15
References......................................................................................................................17
2
CLOUD PRIVACY AND SECURITY
Appendix A: The TRA
The Community based charity is planning to move to cloud. The organization will be
implementing a SaaS HR and Personnel management suite, a COTS payroll solution and the
PaaS SharePoint services. The MySupport Portal that has been developed to make the charity’s
client register on the MySupport portal is needed to undertake threat and risk assessment. This is
needed since MyPortal will be considering the storage of personally identifiable information.
Personally identifiable information can be defined as the information that helps in identifying an
individual (Majeed, Ullah & Lee, 2017). This information directly defines the identity of an
individual. The threat and risk assessment for the data stored in MySupport portal is necessary
since it will be storing the digital data of the clients. This data is private and confidential and
therefore the threat and risk assessment of the data is essential.
In general, all the information that is termed as personally identifiable information is
sensitive. In this case PII data includes personally identifiable financial information, social
security number and so on. There are certain threats and security challenges associated with the
PII challenges. The PII data that is stored in MySupport portal is put at risk mainly due to the
risks of cyber attacks and data breaches (Barocas & Nissenbaum, 2014). Data breach is a
significant threat associated with PII data. Attackers mainly target the personally identifiable
data as it can facilitates identity threat, fraud and attacks including social engineering attacks and
phishing. Thus the need for protecting the personally identifiable information is immense. Thus a
threat and risk assessment is documented for MySupport Portal that has the capability of
identification and mitigation of the threats.
CLOUD PRIVACY AND SECURITY
Appendix A: The TRA
The Community based charity is planning to move to cloud. The organization will be
implementing a SaaS HR and Personnel management suite, a COTS payroll solution and the
PaaS SharePoint services. The MySupport Portal that has been developed to make the charity’s
client register on the MySupport portal is needed to undertake threat and risk assessment. This is
needed since MyPortal will be considering the storage of personally identifiable information.
Personally identifiable information can be defined as the information that helps in identifying an
individual (Majeed, Ullah & Lee, 2017). This information directly defines the identity of an
individual. The threat and risk assessment for the data stored in MySupport portal is necessary
since it will be storing the digital data of the clients. This data is private and confidential and
therefore the threat and risk assessment of the data is essential.
In general, all the information that is termed as personally identifiable information is
sensitive. In this case PII data includes personally identifiable financial information, social
security number and so on. There are certain threats and security challenges associated with the
PII challenges. The PII data that is stored in MySupport portal is put at risk mainly due to the
risks of cyber attacks and data breaches (Barocas & Nissenbaum, 2014). Data breach is a
significant threat associated with PII data. Attackers mainly target the personally identifiable
data as it can facilitates identity threat, fraud and attacks including social engineering attacks and
phishing. Thus the need for protecting the personally identifiable information is immense. Thus a
threat and risk assessment is documented for MySupport Portal that has the capability of
identification and mitigation of the threats.
3
CLOUD PRIVACY AND SECURITY
The major risks that have been identified for the MySupport portal include the privacy
and the data protection aspects. Threat and risk assessment can be considered as a pillar of
security risk management for protection of the PII data. The TRA for MySupport Portal is
represented in the following table-
Threat Probability Severity Description Mitigation
Approach
Stolen Credentials
(Li, 2013)
High High This risk of stolen
credential is
considerably high
since the Charity
company is making
use of a public
cloud platform
(Louw & von
Solms, 2013). Since
the probability and
the severity of this
risk is high, this risk
is needed to be
mitigated.
Risk reduction
is the
mitigation
approach that is
recommended
for this
particular
scenario
Malware Infection
by Phishing
High High The use of public
cloud platform
gives rise to the
possibility of
MySupport portal in
Risk avoidance
is the
recommended
risk mitigation
strategy for this
CLOUD PRIVACY AND SECURITY
The major risks that have been identified for the MySupport portal include the privacy
and the data protection aspects. Threat and risk assessment can be considered as a pillar of
security risk management for protection of the PII data. The TRA for MySupport Portal is
represented in the following table-
Threat Probability Severity Description Mitigation
Approach
Stolen Credentials
(Li, 2013)
High High This risk of stolen
credential is
considerably high
since the Charity
company is making
use of a public
cloud platform
(Louw & von
Solms, 2013). Since
the probability and
the severity of this
risk is high, this risk
is needed to be
mitigated.
Risk reduction
is the
mitigation
approach that is
recommended
for this
particular
scenario
Malware Infection
by Phishing
High High The use of public
cloud platform
gives rise to the
possibility of
MySupport portal in
Risk avoidance
is the
recommended
risk mitigation
strategy for this
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CLOUD PRIVACY AND SECURITY
facing this risk.
Since both the
probability and
severity of this risk
is high, an
appropriate risk
mitigation approach
is needed.
identified risk.
Stolen Storage
devices
Low High Since the data will
be stored in cloud,
this risk the chances
of facing this risk is
considerably low
Risk Avoidance
Hacking or gaining
Physical access to
the network
Medium Medium Hacking is a
significant threat to
which the PII data
of MySupport portal
is exposed to.
Risk Reduction.
It is a risk
mitigation
strategy that
has been
proposed and
reduction in the
risk can be
achieved by
ensuring proper
security of the
network.
Operational Risk Low Low Operational risks Risk transfer is
CLOUD PRIVACY AND SECURITY
facing this risk.
Since both the
probability and
severity of this risk
is high, an
appropriate risk
mitigation approach
is needed.
identified risk.
Stolen Storage
devices
Low High Since the data will
be stored in cloud,
this risk the chances
of facing this risk is
considerably low
Risk Avoidance
Hacking or gaining
Physical access to
the network
Medium Medium Hacking is a
significant threat to
which the PII data
of MySupport portal
is exposed to.
Risk Reduction.
It is a risk
mitigation
strategy that
has been
proposed and
reduction in the
risk can be
achieved by
ensuring proper
security of the
network.
Operational Risk Low Low Operational risks Risk transfer is
5
CLOUD PRIVACY AND SECURITY
mainly refers to the
situation that can be
faced by the charity
company and
therefore mitigation
of this is essential
the proposed
risk mitigation
strategy for this
identified
threat. The
operational risk
can be
transferred to a
third party who
is willing to
take this risk.
The public
cloud vendor
can act as the
third party
willing to take
the risk.
The table above represents the threats and the risks to which the MySupport Portal of the
charity company is exposed to. The PII data of the client that will be stored in the MySupport
Portal is exposed to the risks that are identified in the table above. The need for management and
mitigation of these risks is immense mainly because protection of the clients’ data is essential
since the data is confidential.
References
CLOUD PRIVACY AND SECURITY
mainly refers to the
situation that can be
faced by the charity
company and
therefore mitigation
of this is essential
the proposed
risk mitigation
strategy for this
identified
threat. The
operational risk
can be
transferred to a
third party who
is willing to
take this risk.
The public
cloud vendor
can act as the
third party
willing to take
the risk.
The table above represents the threats and the risks to which the MySupport Portal of the
charity company is exposed to. The PII data of the client that will be stored in the MySupport
Portal is exposed to the risks that are identified in the table above. The need for management and
mitigation of these risks is immense mainly because protection of the clients’ data is essential
since the data is confidential.
References
6
CLOUD PRIVACY AND SECURITY
Barocas, S., & Nissenbaum, H. (2014). Big data's end run around procedural privacy
protections. Communications of the ACM, 57(11), 31-33.
Li, J. (2013). Privacy policies for health social networking sites. Journal of the American
Medical Informatics Association, 20(4), 704-707.
Louw, C., & von Solms, S. (2013, October). Personally identifiable information leakage through
online social networks. In Proceedings of the South African Institute for Computer
Scientists and Information Technologists Conference (pp. 68-71). ACM.
Majeed, A., Ullah, F., & Lee, S. (2017). Vulnerability-and diversity-aware anonymization of
personally identifiable information for improving user privacy and utility of publishing
data. Sensors, 17(5), 1059.
CLOUD PRIVACY AND SECURITY
Barocas, S., & Nissenbaum, H. (2014). Big data's end run around procedural privacy
protections. Communications of the ACM, 57(11), 31-33.
Li, J. (2013). Privacy policies for health social networking sites. Journal of the American
Medical Informatics Association, 20(4), 704-707.
Louw, C., & von Solms, S. (2013, October). Personally identifiable information leakage through
online social networks. In Proceedings of the South African Institute for Computer
Scientists and Information Technologists Conference (pp. 68-71). ACM.
Majeed, A., Ullah, F., & Lee, S. (2017). Vulnerability-and diversity-aware anonymization of
personally identifiable information for improving user privacy and utility of publishing
data. Sensors, 17(5), 1059.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
CLOUD PRIVACY AND SECURITY
Appendix B: PII Strategy
The risks associated with the privacy and data protection of the personally identifiable
information stored in the MySupport portal is needed to be mitigated as the portal will be storing
the details of the clients of the charity company. The TRA document has identified the risks
associated with the protection of the privacy and confidentially of the data stored. The document
further gives an overview of the mitigation approaches of each of the identified risk. The aim of
this document is to identify the strategies and the approaches that can possibly mitigate the risks
associated with the storage of data (Ward, Ibarra & Ruddle, 2013). The risks associated with the
privacy and data protection aspects of the storage of PII data in portal include the risk of stolen
credentials due to the cyber security attack, the risk of malware infection or phishing, the risk of
stolen storage device, the risk of hacking and operational risk leading to certain issues with
protection and preservation of data confidentiality (Jang-Jaccard & Nepal, 2014). The strategy
proposal for the data stored in the MySupport portal is discussed in the following sections.
Cyber security Attack and Mitigation Strategy
Cyber security awareness is necessary to avoid the risks of cyber security attack on the
personally identifiable information that is stored in the MySupport portal. Cyber security of the
personal identifiable information is needed mainly because this information can be used to locate
or identify an individual (Ullah, Khan & Aboalsamh, 2013). This is a significant risk associated
with PII and according to the TRA, the probability of occurrence of the risk and the severity of
this risk is high.
CLOUD PRIVACY AND SECURITY
Appendix B: PII Strategy
The risks associated with the privacy and data protection of the personally identifiable
information stored in the MySupport portal is needed to be mitigated as the portal will be storing
the details of the clients of the charity company. The TRA document has identified the risks
associated with the protection of the privacy and confidentially of the data stored. The document
further gives an overview of the mitigation approaches of each of the identified risk. The aim of
this document is to identify the strategies and the approaches that can possibly mitigate the risks
associated with the storage of data (Ward, Ibarra & Ruddle, 2013). The risks associated with the
privacy and data protection aspects of the storage of PII data in portal include the risk of stolen
credentials due to the cyber security attack, the risk of malware infection or phishing, the risk of
stolen storage device, the risk of hacking and operational risk leading to certain issues with
protection and preservation of data confidentiality (Jang-Jaccard & Nepal, 2014). The strategy
proposal for the data stored in the MySupport portal is discussed in the following sections.
Cyber security Attack and Mitigation Strategy
Cyber security awareness is necessary to avoid the risks of cyber security attack on the
personally identifiable information that is stored in the MySupport portal. Cyber security of the
personal identifiable information is needed mainly because this information can be used to locate
or identify an individual (Ullah, Khan & Aboalsamh, 2013). This is a significant risk associated
with PII and according to the TRA, the probability of occurrence of the risk and the severity of
this risk is high.
8
CLOUD PRIVACY AND SECURITY
The cyber security attack or data breach is a significant threat to the PII data mainly
because the data is being stored in a public cloud which is prone to attacks. Therefore the
strategy that has been identified or proposed to mitigate the risk is it reduction.
The strategy for reducing this risk includes enforcing data protection in public cloud. The
process of enforcing the needed security involves the use of different data protection paradigms
or choosing a trusted vendor (Mills & Goldsmith, 2014). The In-house system designing is
another recommended approach for enforcing security in public cloud.
Malware Infection by Phishing and Mitigation Strategy
Another significant threat associated with the PII data that is being stored in the portal is
malware infection. This malware infection can be implanted in the stored data by phishing. The
data of the registered clients is stored in public cloud to make it easily accessible. However, the
data stored is exposed to the threats of malware infection. Therefore proper risk management is
necessary (Khonji, Iraqi & Jones, 2013). Malware infection is spread through phishing and
therefore it is necessary to identify an approach that will help in mitigation of the risks associated
with malware infection and phishing.
The severity of malware threat is high mainly because the data is being stored in public
cloud environment that increases the chances of data breach. Phishing is considered one of the
significant reasons that might result in malware attack as it is the easiest way to infuse malware
into a system. It is a type of social engineering attack that can possibly steal the users’ data, login
credentials of the clients and their credit card numbers thus risking their privacy (Kumar,
Srikanth & Tejeswini, 2016). A malware attack can therefore possibly risk the data protection
aspects of the portal and therefore this risk is needed to be mitigated with high priority. In the
CLOUD PRIVACY AND SECURITY
The cyber security attack or data breach is a significant threat to the PII data mainly
because the data is being stored in a public cloud which is prone to attacks. Therefore the
strategy that has been identified or proposed to mitigate the risk is it reduction.
The strategy for reducing this risk includes enforcing data protection in public cloud. The
process of enforcing the needed security involves the use of different data protection paradigms
or choosing a trusted vendor (Mills & Goldsmith, 2014). The In-house system designing is
another recommended approach for enforcing security in public cloud.
Malware Infection by Phishing and Mitigation Strategy
Another significant threat associated with the PII data that is being stored in the portal is
malware infection. This malware infection can be implanted in the stored data by phishing. The
data of the registered clients is stored in public cloud to make it easily accessible. However, the
data stored is exposed to the threats of malware infection. Therefore proper risk management is
necessary (Khonji, Iraqi & Jones, 2013). Malware infection is spread through phishing and
therefore it is necessary to identify an approach that will help in mitigation of the risks associated
with malware infection and phishing.
The severity of malware threat is high mainly because the data is being stored in public
cloud environment that increases the chances of data breach. Phishing is considered one of the
significant reasons that might result in malware attack as it is the easiest way to infuse malware
into a system. It is a type of social engineering attack that can possibly steal the users’ data, login
credentials of the clients and their credit card numbers thus risking their privacy (Kumar,
Srikanth & Tejeswini, 2016). A malware attack can therefore possibly risk the data protection
aspects of the portal and therefore this risk is needed to be mitigated with high priority. In the
9
CLOUD PRIVACY AND SECURITY
TRA, a risk mitigation strategy for the malware risk is proposed. This risk is needed to be
avoided and the strategy for risk avoidance includes not responding to the spam mails.
Furthermore, the clients should be kept aware of the different phishing techniques. The portal
should be installed with an anti phishing toolbar that can possibly help in avoiding this risk. The
use of firewalls is also recommended as the risk mitigation strategy for mitigation of the risks
associated with malware and phishing.
Risk of Stolen Storage devices and its mitigation
Another risk associated with the portal that has been identified in the TRA is risk of
stolen devices. The data of the client are being stored in public cloud. It is known that there are
certain security risks associated with the use of public cloud. According to the TRA, it can be
seen that the probability of occurrence of this risk is quite low. However, if this risk occurs, it
might act as a significant issue since the severity of the risk is quite high. Therefore, it is
necessary to mitigate this risk as well. As a risk mitigation strategy, it is recommended that this
particular risk is needed to be avoided. This can be done by allowing only the registered
individuals an access to the data that is stored in the public cloud linked to portal. This might
help in considerably reducing this risk.
Risk of Hacking or gaining Physical access to the network and its Mitigation
The TRA has identified the risk of hacking into the network. This risk is needed to be
analysed and addressed as well. Risks reduction is the mitigation strategy recommended by the
TRA. The probability of occurrence and severity of the risk is medium and therefore this risk
may not be addressed with high priority. The mitigation strategy that has been identified by the
CLOUD PRIVACY AND SECURITY
TRA, a risk mitigation strategy for the malware risk is proposed. This risk is needed to be
avoided and the strategy for risk avoidance includes not responding to the spam mails.
Furthermore, the clients should be kept aware of the different phishing techniques. The portal
should be installed with an anti phishing toolbar that can possibly help in avoiding this risk. The
use of firewalls is also recommended as the risk mitigation strategy for mitigation of the risks
associated with malware and phishing.
Risk of Stolen Storage devices and its mitigation
Another risk associated with the portal that has been identified in the TRA is risk of
stolen devices. The data of the client are being stored in public cloud. It is known that there are
certain security risks associated with the use of public cloud. According to the TRA, it can be
seen that the probability of occurrence of this risk is quite low. However, if this risk occurs, it
might act as a significant issue since the severity of the risk is quite high. Therefore, it is
necessary to mitigate this risk as well. As a risk mitigation strategy, it is recommended that this
particular risk is needed to be avoided. This can be done by allowing only the registered
individuals an access to the data that is stored in the public cloud linked to portal. This might
help in considerably reducing this risk.
Risk of Hacking or gaining Physical access to the network and its Mitigation
The TRA has identified the risk of hacking into the network. This risk is needed to be
analysed and addressed as well. Risks reduction is the mitigation strategy recommended by the
TRA. The probability of occurrence and severity of the risk is medium and therefore this risk
may not be addressed with high priority. The mitigation strategy that has been identified by the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
CLOUD PRIVACY AND SECURITY
TRA is risk reduction. This risk can be reduced by making use of firewalls in network protection
to eliminate the illegal access into the system.
Operational Risk and Mitigation strategy
Another risk that can possibly affect the privacy and the security of the data stored into
the portal include the operational risk (Hopkin, 2018). Any disruption in the normal operation of
the portal will mainly be because of the issues arising due to risk in privacy and security.
However, the TRA has identified that the probability of occurrence and the severity of this risk is
quite low. The risk mitigation strategy of this particular risk includes the risk transfer (Cruz,
Peters & Shevchenko, 2014). The cloud vendor should take the charge of mitigation of this risk
and ensure smooth operation of the MySupport portal.
CLOUD PRIVACY AND SECURITY
TRA is risk reduction. This risk can be reduced by making use of firewalls in network protection
to eliminate the illegal access into the system.
Operational Risk and Mitigation strategy
Another risk that can possibly affect the privacy and the security of the data stored into
the portal include the operational risk (Hopkin, 2018). Any disruption in the normal operation of
the portal will mainly be because of the issues arising due to risk in privacy and security.
However, the TRA has identified that the probability of occurrence and the severity of this risk is
quite low. The risk mitigation strategy of this particular risk includes the risk transfer (Cruz,
Peters & Shevchenko, 2014). The cloud vendor should take the charge of mitigation of this risk
and ensure smooth operation of the MySupport portal.
11
CLOUD PRIVACY AND SECURITY
References
Cruz, M. G., Peters, G. W., & Shevchenko, P. V. (2014). Fundamental aspects of operational
risk and insurance analytics: A handbook of operational risk. John Wiley & Sons.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of
Computer and System Sciences, 80(5), 973-993.
Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing detection: a literature survey. IEEE
Communications Surveys & Tutorials, 15(4), 2091-2121.
Kumar, J. D., Srikanth, V., & Tejeswini, L. (2016). Email phishing attack mitigation using server
side email addon. Indian Journal of Science and Technology, 9(19).
Mills, S., & Goldsmith, R. (2014). Cybersecurity challenges for program managers. DEFENSE
ACQUISITION UNIV FT BELVOIR VA.
Ullah, I., Khan, N., & Aboalsamh, H. A. (2013, April). Survey on botnet: Its architecture,
detection, prevention and mitigation. In Networking, Sensing and Control (ICNSC), 2013
10th IEEE International Conference on (pp. 660-665). IEEE.
Ward, D., Ibarra, I., & Ruddle, A. (2013). Threat analysis and risk assessment in automotive
cyber security. SAE International Journal of Passenger Cars-Electronic and Electrical
Systems, 6(2013-01-1415), 507-513.
CLOUD PRIVACY AND SECURITY
References
Cruz, M. G., Peters, G. W., & Shevchenko, P. V. (2014). Fundamental aspects of operational
risk and insurance analytics: A handbook of operational risk. John Wiley & Sons.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of
Computer and System Sciences, 80(5), 973-993.
Khonji, M., Iraqi, Y., & Jones, A. (2013). Phishing detection: a literature survey. IEEE
Communications Surveys & Tutorials, 15(4), 2091-2121.
Kumar, J. D., Srikanth, V., & Tejeswini, L. (2016). Email phishing attack mitigation using server
side email addon. Indian Journal of Science and Technology, 9(19).
Mills, S., & Goldsmith, R. (2014). Cybersecurity challenges for program managers. DEFENSE
ACQUISITION UNIV FT BELVOIR VA.
Ullah, I., Khan, N., & Aboalsamh, H. A. (2013, April). Survey on botnet: Its architecture,
detection, prevention and mitigation. In Networking, Sensing and Control (ICNSC), 2013
10th IEEE International Conference on (pp. 660-665). IEEE.
Ward, D., Ibarra, I., & Ruddle, A. (2013). Threat analysis and risk assessment in automotive
cyber security. SAE International Journal of Passenger Cars-Electronic and Electrical
Systems, 6(2013-01-1415), 507-513.
12
CLOUD PRIVACY AND SECURITY
Appendix C: Digital Identity
The protection of data associated with the MySupport Portal extends to the protection of
the informal digital identity that a client or user is creating in the portal. Considering the fact that
public cloud will be used for data storage the risk becomes prominent. Thus a strategy is needed
to be identified in order to ensure that the data stored or generated in the portal is secured. The
strategy for protecting the privacy and the confidentiality of the data is discussed in the following
section.
Strategy
In order to ensure data protection, it is essential to enforce encryption as the primary data
protection need. Encryption will help in data protection even if it gets stolen. Encryption ensures
that the data can only be accessed by the register or authorised users (Noor & Hassan, 2013).
Thus it is recommended to be a primary strategy for data protection. This will maintain the
confidentiality of the data stored in the system.
Along with the enforcement of encryption, the charity company should ensure that the
access to the portal should be given to the rightful and trusted individual (Munir & Palaniappan,
2013). Registration with valid ID proof is a must to get an access to the portal and this will
ensure that no trespassers are given an access to the portal. This will maintain the data privacy.
Information security protection is another aspect for protection of digital identity that has
a risk of hacking. The approach recommended for ensuring information security is that the users
should make use of alphanumeric password that is difficult to guess (Ghosh, Gajar & Rai, 2013).
This can reduce the risk of hacking and data theft thereby eliminating the information security
risks.
CLOUD PRIVACY AND SECURITY
Appendix C: Digital Identity
The protection of data associated with the MySupport Portal extends to the protection of
the informal digital identity that a client or user is creating in the portal. Considering the fact that
public cloud will be used for data storage the risk becomes prominent. Thus a strategy is needed
to be identified in order to ensure that the data stored or generated in the portal is secured. The
strategy for protecting the privacy and the confidentiality of the data is discussed in the following
section.
Strategy
In order to ensure data protection, it is essential to enforce encryption as the primary data
protection need. Encryption will help in data protection even if it gets stolen. Encryption ensures
that the data can only be accessed by the register or authorised users (Noor & Hassan, 2013).
Thus it is recommended to be a primary strategy for data protection. This will maintain the
confidentiality of the data stored in the system.
Along with the enforcement of encryption, the charity company should ensure that the
access to the portal should be given to the rightful and trusted individual (Munir & Palaniappan,
2013). Registration with valid ID proof is a must to get an access to the portal and this will
ensure that no trespassers are given an access to the portal. This will maintain the data privacy.
Information security protection is another aspect for protection of digital identity that has
a risk of hacking. The approach recommended for ensuring information security is that the users
should make use of alphanumeric password that is difficult to guess (Ghosh, Gajar & Rai, 2013).
This can reduce the risk of hacking and data theft thereby eliminating the information security
risks.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13
CLOUD PRIVACY AND SECURITY
A public key cryptography is recommended as an approach for protecting the digital data
of the use. The use of cryptographic keys can possibly help in protecting the informal digital
identity that a user might create by limiting the access to the data only to the trusted individuals
(Choo, 2014).
These are certain basic strategies of data protection that the charity company can possibly
make use of to protect the informal digital indent that its users or clients might create on the
portal.
CLOUD PRIVACY AND SECURITY
A public key cryptography is recommended as an approach for protecting the digital data
of the use. The use of cryptographic keys can possibly help in protecting the informal digital
identity that a user might create by limiting the access to the data only to the trusted individuals
(Choo, 2014).
These are certain basic strategies of data protection that the charity company can possibly
make use of to protect the informal digital indent that its users or clients might create on the
portal.
14
CLOUD PRIVACY AND SECURITY
References
Choo, K. K. R. (2014). A cloud security risk-management strategy. IEEE Cloud
Computing, 1(2), 52-56.
Ghosh, A., Gajar, P. K., & Rai, S. (2013). Bring your own device (BYOD): Security risks and
mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70.
Munir, K., & Palaniappan, S. (2013). Secure cloud architecture. Advanced Computing, 4(1), 9.
Noor, M. M., & Hassan, W. H. (2013). Wireless networks: developments, threats and
countermeasures. International Journal of Digital Information and Wireless
Communications (IJDIWC), 3(1), 125-140.
CLOUD PRIVACY AND SECURITY
References
Choo, K. K. R. (2014). A cloud security risk-management strategy. IEEE Cloud
Computing, 1(2), 52-56.
Ghosh, A., Gajar, P. K., & Rai, S. (2013). Bring your own device (BYOD): Security risks and
mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70.
Munir, K., & Palaniappan, S. (2013). Secure cloud architecture. Advanced Computing, 4(1), 9.
Noor, M. M., & Hassan, W. H. (2013). Wireless networks: developments, threats and
countermeasures. International Journal of Digital Information and Wireless
Communications (IJDIWC), 3(1), 125-140.
15
CLOUD PRIVACY AND SECURITY
Appendix D: Governance Plan
The risk mitigation approach for protection of the PII data and the digital identities of the
users of MyLicence Portal is recommended in the strategy proposal. However, it is necessary to
ensure that the said risks do not come back and for that a data governance plan is needed to be
proposed. The data governance steps for protection of PII data and digital identity are as follows-
1. Acceptable use policies are needed to be created so that the privacy risks to the stored
data can be reduced (Bhansali, 2013). This would include clear definition of the confidentiality
of the data and how to protect the same.
2. An IT team should be present to manage and control the data that is being stored or
generated in the portal. The team will help the users to understand the acceptable use policies
defined by the organization that includes the handling and storing of the PII data.
Apart from these two strategies, the company should prioritize the PII data in terms of
privacy protection to eliminate the chances of data theft (Kamioka, Luo & Tapanainen, 2016).
The governance plan for personal and PII data for the DAS users of the HR personnel
management suite is needed to be identified as well. The governance plan for protection of data
of the DAS users is as follows-
1. Installation of the latest updates and the security patches is a recommended strategy for
ensuring data governance (Tallon, 2013).
2. Any anonymous proxy should be entirely blocked from accessing the network.
The above discussed strategies are proposed in order to ensure that the data stored in HR
Personnel Management Suite are properly governed.
CLOUD PRIVACY AND SECURITY
Appendix D: Governance Plan
The risk mitigation approach for protection of the PII data and the digital identities of the
users of MyLicence Portal is recommended in the strategy proposal. However, it is necessary to
ensure that the said risks do not come back and for that a data governance plan is needed to be
proposed. The data governance steps for protection of PII data and digital identity are as follows-
1. Acceptable use policies are needed to be created so that the privacy risks to the stored
data can be reduced (Bhansali, 2013). This would include clear definition of the confidentiality
of the data and how to protect the same.
2. An IT team should be present to manage and control the data that is being stored or
generated in the portal. The team will help the users to understand the acceptable use policies
defined by the organization that includes the handling and storing of the PII data.
Apart from these two strategies, the company should prioritize the PII data in terms of
privacy protection to eliminate the chances of data theft (Kamioka, Luo & Tapanainen, 2016).
The governance plan for personal and PII data for the DAS users of the HR personnel
management suite is needed to be identified as well. The governance plan for protection of data
of the DAS users is as follows-
1. Installation of the latest updates and the security patches is a recommended strategy for
ensuring data governance (Tallon, 2013).
2. Any anonymous proxy should be entirely blocked from accessing the network.
The above discussed strategies are proposed in order to ensure that the data stored in HR
Personnel Management Suite are properly governed.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
16
CLOUD PRIVACY AND SECURITY
The COTS payroll suite will be storing the PII and the financial data of the clients. As an
approach of ensuring security, the use of encryption and cryptographic keys are proposed.
However, appropriate data governance is needed to be enforced. The strategy for governance of
this data is discussed as follows-
1. In order to prevent the accidental transmission of the confidential data, the applications
linked with the payroll suite should be actively monitored by the IT management team.
2. The users of the Payroll suite should be educated about the secure use of the same as a
part of the data governance plan (Zuiderwijk & Janssen, 2014)
3. The correct working of the layered data protection approach (which includes
encryption, threat protection and policy compliance) should be monitored.
4. The antivirus and the firewall protection should be regularly updated to prevent any
sort of data breach.
CLOUD PRIVACY AND SECURITY
The COTS payroll suite will be storing the PII and the financial data of the clients. As an
approach of ensuring security, the use of encryption and cryptographic keys are proposed.
However, appropriate data governance is needed to be enforced. The strategy for governance of
this data is discussed as follows-
1. In order to prevent the accidental transmission of the confidential data, the applications
linked with the payroll suite should be actively monitored by the IT management team.
2. The users of the Payroll suite should be educated about the secure use of the same as a
part of the data governance plan (Zuiderwijk & Janssen, 2014)
3. The correct working of the layered data protection approach (which includes
encryption, threat protection and policy compliance) should be monitored.
4. The antivirus and the firewall protection should be regularly updated to prevent any
sort of data breach.
17
CLOUD PRIVACY AND SECURITY
References
Bhansali, N. (Ed.). (2013). Data Governance: Creating Value from Information Assets. CRC
Press.
Kamioka, T., Luo, X., & Tapanainen, T. (2016, June). An Empirical Investigation of Data
Governance: the Role of Accountabilities. In PACIS (p. 29).
Tallon, P. P. (2013). Corporate governance of big data: Perspectives on value, risk, and
cost. Computer, 46(6), 32-38.
Zuiderwijk, A., & Janssen, M. (2014). Open data policies, their implementation and impact: A
framework for comparison. Government Information Quarterly, 31(1), 17-29.
CLOUD PRIVACY AND SECURITY
References
Bhansali, N. (Ed.). (2013). Data Governance: Creating Value from Information Assets. CRC
Press.
Kamioka, T., Luo, X., & Tapanainen, T. (2016, June). An Empirical Investigation of Data
Governance: the Role of Accountabilities. In PACIS (p. 29).
Tallon, P. P. (2013). Corporate governance of big data: Perspectives on value, risk, and
cost. Computer, 46(6), 32-38.
Zuiderwijk, A., & Janssen, M. (2014). Open data policies, their implementation and impact: A
framework for comparison. Government Information Quarterly, 31(1), 17-29.
1 out of 18
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.