logo

Cloud Privacy and Security

The assignment involves implementing a community cloud for a charity organization that provides accommodation, mental health services, training, and support services to disadvantaged people in the community. The charity has joined a public cloud vendor's community cloud to access applications for their staff and store their data. The data contains confidential information about the charity's clients, including PII data and digital identity data for some clients with mental health issues.

18 Pages3664 Words384 Views
   

Added on  2023-06-04

About This Document

This article discusses the risks associated with storing personally identifiable information (PII) in the cloud and proposes strategies for mitigating them. The article covers cyber security, malware infection, stolen storage devices, hacking, and operational risks. The TRA document is used to identify the risks and propose mitigation strategies. The article is relevant for anyone interested in cloud privacy and security.

Cloud Privacy and Security

The assignment involves implementing a community cloud for a charity organization that provides accommodation, mental health services, training, and support services to disadvantaged people in the community. The charity has joined a public cloud vendor's community cloud to access applications for their staff and store their data. The data contains confidential information about the charity's clients, including PII data and digital identity data for some clients with mental health issues.

   Added on 2023-06-04

ShareRelated Documents
Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author Note
Cloud Privacy and Security_1
1
CLOUD PRIVACY AND SECURITY
Table of Contents
Appendix A: The TRA........................................................................................................2
References........................................................................................................................6
Appendix B: PII Strategy.....................................................................................................7
Cyber security Attack and Mitigation Strategy...............................................................7
Malware Infection by Phishing and Mitigation Strategy.................................................8
Risk of Stolen Storage devices and its mitigation...........................................................9
Risk of Hacking or gaining Physical access to the network and its Mitigation..............9
Operational Risk and Mitigation strategy......................................................................10
References......................................................................................................................11
Appendix C: Digital Identity.............................................................................................12
Strategy..........................................................................................................................12
References......................................................................................................................14
Appendix D: Governance Plan..........................................................................................15
References......................................................................................................................17
Cloud Privacy and Security_2
2
CLOUD PRIVACY AND SECURITY
Appendix A: The TRA
The Community based charity is planning to move to cloud. The organization will be
implementing a SaaS HR and Personnel management suite, a COTS payroll solution and the
PaaS SharePoint services. The MySupport Portal that has been developed to make the charity’s
client register on the MySupport portal is needed to undertake threat and risk assessment. This is
needed since MyPortal will be considering the storage of personally identifiable information.
Personally identifiable information can be defined as the information that helps in identifying an
individual (Majeed, Ullah & Lee, 2017). This information directly defines the identity of an
individual. The threat and risk assessment for the data stored in MySupport portal is necessary
since it will be storing the digital data of the clients. This data is private and confidential and
therefore the threat and risk assessment of the data is essential.
In general, all the information that is termed as personally identifiable information is
sensitive. In this case PII data includes personally identifiable financial information, social
security number and so on. There are certain threats and security challenges associated with the
PII challenges. The PII data that is stored in MySupport portal is put at risk mainly due to the
risks of cyber attacks and data breaches (Barocas & Nissenbaum, 2014). Data breach is a
significant threat associated with PII data. Attackers mainly target the personally identifiable
data as it can facilitates identity threat, fraud and attacks including social engineering attacks and
phishing. Thus the need for protecting the personally identifiable information is immense. Thus a
threat and risk assessment is documented for MySupport Portal that has the capability of
identification and mitigation of the threats.
Cloud Privacy and Security_3
3
CLOUD PRIVACY AND SECURITY
The major risks that have been identified for the MySupport portal include the privacy
and the data protection aspects. Threat and risk assessment can be considered as a pillar of
security risk management for protection of the PII data. The TRA for MySupport Portal is
represented in the following table-
Threat Probability Severity Description Mitigation
Approach
Stolen Credentials
(Li, 2013)
High High This risk of stolen
credential is
considerably high
since the Charity
company is making
use of a public
cloud platform
(Louw & von
Solms, 2013). Since
the probability and
the severity of this
risk is high, this risk
is needed to be
mitigated.
Risk reduction
is the
mitigation
approach that is
recommended
for this
particular
scenario
Malware Infection
by Phishing
High High The use of public
cloud platform
gives rise to the
possibility of
MySupport portal in
Risk avoidance
is the
recommended
risk mitigation
strategy for this
Cloud Privacy and Security_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cloud Privacy and Security: Threat and Risk Assessment, PII Privacy Strategies, Digital Identity and Controls, Governance Plan
|35
|1107
|202

Threat and Risk Assessment for PII ( Personal Identifiable Information )
|20
|6165
|318

Risk-Based Approach for Data Protection in GDPR
|5
|693
|182

Personal Identifiable Information Strategy
|7
|1822
|206

ITC568 - Cloud Privacy and Security
|18
|2193
|34

Cloud Privacy and Security : Assignment
|18
|4804
|105