Ask a question from expert

Ask now

Report | Cloud Computing in DAS

22 Pages5610 Words356 Views
   

Added on  2019-11-25

Report | Cloud Computing in DAS

   Added on 2019-11-25

BookmarkShareRelated Documents
Cloud Computing in DASName of the StudentName of the UniversityAuthor Note
Report | Cloud Computing in DAS_1
Table of Contents4033 Introduction..................................................................................................................................3Security of Employee Data....................................................................................................................3Existing security threats to Employee data........................................................................................3Explaining issues...............................................................................................................................5New Security Threat to Employee data (after moving to SaaS).........................................................6Explain issues....................................................................................................................................8Severity Matrix......................................................................................................................................9Privacy of Employee Data...................................................................................................................10Existing privacy threats and risks to the privacy of employee data..................................................10New Security Threat to Employee data (after moving to SaaS).......................................................12Severity Matrix................................................................................................................................13Digital Identity Issues..........................................................................................................................14Explanation briefly..........................................................................................................................14Provider Solution Issues and why?..................................................................................................15Solution Architecture Including Security and Privacy.........................................................................16Data Sensitivity...................................................................................................................................16Appendix.............................................................................................................................................20Group Communication....................................................................................................................20
Report | Cloud Computing in DAS_2
4033 IntroductionThe DAS (Department of the Administrative Service) is responsible for delivering manyservices for the various departments of the state government in Australia. The data centre ofthe DAS is the one who is accountable for delivering the services for the department. A newservice provider has been introduced to DAS in order to upgrade the existing system named‘SaaS’ (Software-as-a-Service), which is a centrally hosting licensed model and softwaredelivery services. A team of two members is being introduced to the management for thedelivery of a risk management program, which will be helpful in identifying the threats andrisks to the privacy and security of employee’s data, who are employed in DAS. Followingreport presents a severity matrix in order to show the likelihood, priority and the impact ofthe identified risks and threats. They are rated based on the consideration.Security of Employee DataExisting security threats to Employee dataS.NoSecurityThreat/RiskDescriptionLikelihoodImpactPriorityPreventive ActionsContingency PlansStudent1S1.CloudComputingVLVHVHoEncrypting files before uploadingoProtecting credentials from unauthorized accessoAccessing Third party servicesoKeep changing the credentials or using auto generated passwordS2.PoorconfigurationMVHVHoSystems should be wellconfigured and pre-checkedoupdating applications and operating system on regular basisoThe IT team should cross-check the configuration before connecting itto the network.S3.Weak securityarchitecture orHHMoThere should be pre-existent of personnel inoIT expert advices from external
Report | Cloud Computing in DAS_3
non-existing ofsecurityarchitectureorder to design securityarchitecture for the systems off DAS (Sundarrajan, 2014). S4.Third partysoftware in thesystemMHMoUsing personal applications, database and servers.oThere should be no cloud storage.oThird party should be licensed and policies should meet the requirements of DASoRegularly updating the applications provided by serviceproviders.Student 2S5.BotnetsLVHVHoStrong IT security architectureoProper encryption to the files that are about to upload into the cloudoProper and licensed antivirus (Asghari, Eten& Bauer, 2015).oChoosing option forauto-update for the firewalls and antivirus.oOperating system should be original and updated.S6.ExternalremovabledevicesLLVLoDAS should provide personal external devices to the employees.oBYOD (Bring Your Own Device) should not be implemented in the management system.oThere should not be any auto run option or it should be disabled oTraining to the employees on how to use external device in the office premises.
Report | Cloud Computing in DAS_4
for the devices connecting externally to the system.S7.WebsitesVHHVHoBlocking access to the websites that may contain malicious programming.oUsing updated firewalls.oInstalling latest anti-virus and keep updated that anti-virus whenever it arrives at market.oTraining to the employees about accessing proper websites.S8.PhishingHVHMoInstalling professional enterprises into the system.oProviding training to the employees onregular basis.Likelihood - VL, L,M, H, VHImpact-VL, L,M, H, VHPriority- VL, L, M,H, VHExplaining issues1.Cloud Computing: Cloud computing can lead to various security issues related to the information of the employees that are being saved on the Cloud. Saving files and information on the internet makes it vulnerable to cyber-attacks and data breaches. Considering latest databreaches it can be said that cybercrimes are the real concern for this new digital world.2.Poor configuration: It can be considered as a pre-existing threat that was complete responsibility of the providers and suppliers. Poor configured system can easily be breached by the intruders and could lead to several security issues related to the employees of DAS (Lafuente, 2015). Proper IT team should be appointed before making purchase of computers in order to pre-check the supplies.3.Weak security architecture or non-existing of security architecture: Weak security architecture of the network is another important aspect that can lead expose of personal and sensitive information and alternatively affect the security of the employees and the
Report | Cloud Computing in DAS_5
organization too. There should be updated and always presence of a security architecture for the network that is being used within the organization.4.Third party software in the system: Using third party software makes the organization completely reliable on that organization, which makes them dependent to those third party on“what, when and how” that data should be used. Nothing is stable in this digital world specially, with respect to the information system. Breaches that affect the third party will automatically affect the information and data of the organization, which was relied on those third parties.5.Botnets:Botnets are not a new concept in the cybercrime. They are being used in order to get access to the systems whose access is highly secured. These could be spread into the system by mails, files or several other means and allow unauthorized users to access the system.6.External removable devices: Many malware coding can be transferred to the systems in which those devices had been used(Felbermayr, Hauptmann &Schmerer, 2014). Not all the computers are safe and using external devices could lead towards transferring of those malicious viruses from one system to another.7.Websites: Generally using untrusted websites leads toward download of malicious coding that could harm the system. These websites often asks to download applications that are not certified or licensed. Using secured, certified and safe websites should be the first step in order to keep the data secured into the system.8.Phishing: It is term used in computer science generally related to transfer of malicious programs via emails or messages.New Security Threat to Employee data(after moving to SaaS)S.NoNew Security Threat/Risk of employee data Description (after moving toSaas)LikelihoodImpactPriorityPreventive ActionsContingency Plans
Report | Cloud Computing in DAS_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cloud Security - ITC 568 | Assignment
|12
|2975
|261

Security and Privacy of Employee Data | Report
|34
|6311
|63

Security of Employee Data Report 2022
|15
|4031
|18

Security and Privacy of Employee Data - Desklib
|25
|6301
|272

Security of Employee Data Question 2022
|16
|5147
|28

Security of Employee Data Assignment 2022
|17
|5058
|16