Threat and Risk Assessment for MyLicense Portal - Desklib
11 Pages2635 Words488 Views
Added on 2023-06-06
About This Document
This article discusses the security threats and risks associated with the MyLicense portal and provides preventive actions to mitigate them. It also includes a severity assessment of the risks and threats to employee data privacy.
Threat and Risk Assessment for MyLicense Portal - Desklib
Added on 2023-06-06
ShareRelated Documents
THREAT AND RISK ASSESSMENT
According to the Australian State Government initiatives the role of the department of the
administrative services is to deliver numbers of services to the other departments through
taking information from their own data centers. The set of operational services offered by the
department of administrative services holds payroll, personnel management, contract
management, human resource management, contract as well as tendering management etc. As
per the current age of policy and regulations developed by the government it is defined that,
the DAS is focused to move their existing services to the shared service approaches. The set
of services offered collectively by the DAS needs to centralize their services. Apart from this,
the DAS also needs to centralize their service approach all for the whole of government
(WofG). The clients who will adopt services from the DAS must migrate all the information
to the newly updates data server for higher range of security. As it is the responsibility of the
database administrator to keep the confidential data protected from the rest of the unwanted
and unauthenticated users. Only the department and agencies of the government are allowed
to access information from the server and none of the external users are capable to access
data from the server. According to the very first policy of the Government cloud technology
and mechanism the different services that are decided to be implemented by the DAS include
the following:
HR and Personal Management SaaS suite SaaS suite for the human Resource
management and personal management as well
SaaS suite for the contractor management
Payroll solution developed for the AWS COTS
SharePoint platform based on PaaS intranet WofG
The newly designed single web based portal which is known as MyLicense needs to
centralize all their application in details and other information as well. The renewed license
or the client agencies will be stored in the single web portal. For the license application as
well as for the renewal of the virtual license this specific strategy for is required. Not only
this but also, identical workflow is also allows by this application. In order to gain better view
for the license of the citizens as well s better summation between the information they
possess, MyLicense expects to give some of the new opportunities. All the citizens will be
encouraged to keep themselves registered to the MyLicense. It will help to create the digital
According to the Australian State Government initiatives the role of the department of the
administrative services is to deliver numbers of services to the other departments through
taking information from their own data centers. The set of operational services offered by the
department of administrative services holds payroll, personnel management, contract
management, human resource management, contract as well as tendering management etc. As
per the current age of policy and regulations developed by the government it is defined that,
the DAS is focused to move their existing services to the shared service approaches. The set
of services offered collectively by the DAS needs to centralize their services. Apart from this,
the DAS also needs to centralize their service approach all for the whole of government
(WofG). The clients who will adopt services from the DAS must migrate all the information
to the newly updates data server for higher range of security. As it is the responsibility of the
database administrator to keep the confidential data protected from the rest of the unwanted
and unauthenticated users. Only the department and agencies of the government are allowed
to access information from the server and none of the external users are capable to access
data from the server. According to the very first policy of the Government cloud technology
and mechanism the different services that are decided to be implemented by the DAS include
the following:
HR and Personal Management SaaS suite SaaS suite for the human Resource
management and personal management as well
SaaS suite for the contractor management
Payroll solution developed for the AWS COTS
SharePoint platform based on PaaS intranet WofG
The newly designed single web based portal which is known as MyLicense needs to
centralize all their application in details and other information as well. The renewed license
or the client agencies will be stored in the single web portal. For the license application as
well as for the renewal of the virtual license this specific strategy for is required. Not only
this but also, identical workflow is also allows by this application. In order to gain better view
for the license of the citizens as well s better summation between the information they
possess, MyLicense expects to give some of the new opportunities. All the citizens will be
encouraged to keep themselves registered to the MyLicense. It will help to create the digital
identified for each of the citizens. In order to view the data relate to license different
information are required. For the development of the privacy and personal data different
protection strategies are to be implemented.
Security threats to PII of MyLicence Portal
S.
No.
Security Threat/Risk
Description
Likelihood
Impact
Priority Preventive Actions Contingency Plans
Student 1Student ID
1. Personal Identifiable
Information security
H H VH 1. A secured
communication
approaches are
available that is
incorporated to
encryption
technology
2. Application of
proper security over
the network is also
required
1. Operational continuity
2. Communication crisis
3. Proper readiness
checking for the IT
security id also required
by the system
developers
2. HIPAA Data Security and
Compliance
M M M 1. Safeguard
application
technology in order
to provide physical
security
2. Break ins are being
prevented
3. Safeguard from the
administration
4. Safeguard from the
technical aspects
1. Make partners to sign
Business Associate
Agreements (BAA)
2. Governing HIPAA
policy
3. CJIS Data Security H VH H 1. Physical security 1. The law enforcements
information are required. For the development of the privacy and personal data different
protection strategies are to be implemented.
Security threats to PII of MyLicence Portal
S.
No.
Security Threat/Risk
Description
Likelihood
Impact
Priority Preventive Actions Contingency Plans
Student 1Student ID
1. Personal Identifiable
Information security
H H VH 1. A secured
communication
approaches are
available that is
incorporated to
encryption
technology
2. Application of
proper security over
the network is also
required
1. Operational continuity
2. Communication crisis
3. Proper readiness
checking for the IT
security id also required
by the system
developers
2. HIPAA Data Security and
Compliance
M M M 1. Safeguard
application
technology in order
to provide physical
security
2. Break ins are being
prevented
3. Safeguard from the
administration
4. Safeguard from the
technical aspects
1. Make partners to sign
Business Associate
Agreements (BAA)
2. Governing HIPAA
policy
3. CJIS Data Security H VH H 1. Physical security 1. The law enforcements
2. Preventing
information access
by unauthorized
users
3. Authentication based
in multiple factors
4. Usability of data
security is needed
5. High level security I
terms of encryption
is required
should not be
perceived to be
impaired.
2. In case any additional
services are required,
they will be called
upon.
4. Data Security H H H 1. Requirements for the
encryption
technology and other
specifications.
2. Prevention policy
should be
implemented based
on data safety
1. For the cyberspace
operations ready forces
are to be maintained.
2. Risks are to be
migrated to proper data
5. Cyber Terrorism VH H H 1. Around vendor
premises security
approaches are
needed
2. Security power
system are to be
maximized
1. Maintenance and
planning of proper
cyber options to
control conflict.
2. Shared threats are to be
determined and
international stability
and security should be
increased.
Student 2 Student ID 6. Rogue Security Software L H L 1. Security loss
checking
2. Usage of the HTTP.
1. Impact analysis for the
businesses
2. Policy development for
the CP
7. Redirecting the DNS H M L 1. With the usage of the 1. Active directory
information access
by unauthorized
users
3. Authentication based
in multiple factors
4. Usability of data
security is needed
5. High level security I
terms of encryption
is required
should not be
perceived to be
impaired.
2. In case any additional
services are required,
they will be called
upon.
4. Data Security H H H 1. Requirements for the
encryption
technology and other
specifications.
2. Prevention policy
should be
implemented based
on data safety
1. For the cyberspace
operations ready forces
are to be maintained.
2. Risks are to be
migrated to proper data
5. Cyber Terrorism VH H H 1. Around vendor
premises security
approaches are
needed
2. Security power
system are to be
maximized
1. Maintenance and
planning of proper
cyber options to
control conflict.
2. Shared threats are to be
determined and
international stability
and security should be
increased.
Student 2 Student ID 6. Rogue Security Software L H L 1. Security loss
checking
2. Usage of the HTTP.
1. Impact analysis for the
businesses
2. Policy development for
the CP
7. Redirecting the DNS H M L 1. With the usage of the 1. Active directory
malicious domains
monitoring and
controlling are
required.
operations should be
managed.
2. Detect and Defend
potential attacks on
active directory.
8. Ransomware threats H VH VH 1. In depth approach for
defence are to be
adopted
2. Public file access are
needed to be
restricted all over
1. Data backup and
disaster recovery are
necessary
2. Business continuity
should have to be
implemented
9. Threats upon Zero Day L M L 1. Maximum rate of
protection is needed
that is possible
through application
firewall
2. Launch only those
applications that are
essential.
3. Holes in OS and
other applications are
fixed.
4. Chose Host Intrusion
Protection System
(HIPS) Anti-virus
protection.
1. In order to respond to
the crisis capacities
are to be established.
Threats are to be
integrated for all the
cases
10. Vulnerabilities with the
Wi-Fi connection
H M M 1. Portals are not be
accessed by public
wi fi connection
2. License process
should be avoided for
wi fi
1. For continuous
operation contingency
planning is required
monitoring and
controlling are
required.
operations should be
managed.
2. Detect and Defend
potential attacks on
active directory.
8. Ransomware threats H VH VH 1. In depth approach for
defence are to be
adopted
2. Public file access are
needed to be
restricted all over
1. Data backup and
disaster recovery are
necessary
2. Business continuity
should have to be
implemented
9. Threats upon Zero Day L M L 1. Maximum rate of
protection is needed
that is possible
through application
firewall
2. Launch only those
applications that are
essential.
3. Holes in OS and
other applications are
fixed.
4. Chose Host Intrusion
Protection System
(HIPS) Anti-virus
protection.
1. In order to respond to
the crisis capacities
are to be established.
Threats are to be
integrated for all the
cases
10. Vulnerabilities with the
Wi-Fi connection
H M M 1. Portals are not be
accessed by public
wi fi connection
2. License process
should be avoided for
wi fi
1. For continuous
operation contingency
planning is required
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Assignment of Cloud Privacy and Securitylg...
|13
|3394
|89
Cloud Privacy and Security : Assignmentlg...
|18
|4804
|105
Threat and Risk Assessment for PII ( Personal Identifiable Information )lg...
|20
|6165
|318
Department of Administrative Services : Case Studylg...
|4
|638
|239
Case Study of Department of Administrative Serviceslg...
|4
|809
|184
Assignment Cloud Privacy and Securitylg...
|5
|1526
|80