Risk assessment for the DAS | Report
Added on 2022-09-18
23 Pages6822 Words19 Views
Business DevelopmentData Science and Big Data
|
|
|
Running head: RISK ASSESSMENT FOR THE DAS
Risk assessment for the DAS
Enter: Name of the Student
Enter: Name of the University
Author Note
Risk assessment for the DAS
Enter: Name of the Student
Enter: Name of the University
Author Note
RISK ASSESSMENT FOR THE DAS
1
Executive Summary
There are diverse categories of security concerns which are related with the employee data
and business data which are associated with Department of Administrative Services (DAS)
which provides a wide range of facilities to the other branches of Australian State
government. The changes on the government policy has resulted in the amalgamation of a
HR and personnel management systems which was supposed to improve the performance of
each of the stakeholders associated with DAS. There are different categories of risks
associated with the business data which are circulated in the business environment of DAS in
terms of both internal and external threats. This report shall be discussing a privacy strategy
proposal as well as a personal data protection strategy which can be very much useful for
DAS to safeguard the data from each of these threats. The enactment procedure of each of the
two different strategy shall also be focussed in this report.
1
Executive Summary
There are diverse categories of security concerns which are related with the employee data
and business data which are associated with Department of Administrative Services (DAS)
which provides a wide range of facilities to the other branches of Australian State
government. The changes on the government policy has resulted in the amalgamation of a
HR and personnel management systems which was supposed to improve the performance of
each of the stakeholders associated with DAS. There are different categories of risks
associated with the business data which are circulated in the business environment of DAS in
terms of both internal and external threats. This report shall be discussing a privacy strategy
proposal as well as a personal data protection strategy which can be very much useful for
DAS to safeguard the data from each of these threats. The enactment procedure of each of the
two different strategy shall also be focussed in this report.
RISK ASSESSMENT FOR THE DAS
2
Table of Contents
1. Introduction............................................................................................................................4
2. Privacy strategy for personal data..........................................................................................5
a. Management of personal information................................................................................6
b. Collection and management of solicited personal information..........................................6
c. Use and disclosure of personal information.......................................................................7
d. Use and security of digital identities..................................................................................8
e. Security of personal information........................................................................................9
f. Access to personal information.........................................................................................10
g. Quality and correction of personal information...............................................................11
3. Recommended privacy controls...........................................................................................12
a. Mitigate the previously identified privacy risks...............................................................12
b. Implement the privacy strategy........................................................................................14
4. Personal data protection strategy.........................................................................................14
a. Protection of personal information...................................................................................15
b. Authorized access & disclosure of personal information................................................15
c. Use of personal digital identities......................................................................................15
5. Recommended personal data protection controls................................................................16
a. Mitigate the previously identified data security risks......................................................17
b. Implement the personal data protection strategy.............................................................18
6. Conclusion............................................................................................................................18
7. Reference..............................................................................................................................20
2
Table of Contents
1. Introduction............................................................................................................................4
2. Privacy strategy for personal data..........................................................................................5
a. Management of personal information................................................................................6
b. Collection and management of solicited personal information..........................................6
c. Use and disclosure of personal information.......................................................................7
d. Use and security of digital identities..................................................................................8
e. Security of personal information........................................................................................9
f. Access to personal information.........................................................................................10
g. Quality and correction of personal information...............................................................11
3. Recommended privacy controls...........................................................................................12
a. Mitigate the previously identified privacy risks...............................................................12
b. Implement the privacy strategy........................................................................................14
4. Personal data protection strategy.........................................................................................14
a. Protection of personal information...................................................................................15
b. Authorized access & disclosure of personal information................................................15
c. Use of personal digital identities......................................................................................15
5. Recommended personal data protection controls................................................................16
a. Mitigate the previously identified data security risks......................................................17
b. Implement the personal data protection strategy.............................................................18
6. Conclusion............................................................................................................................18
7. Reference..............................................................................................................................20
RISK ASSESSMENT FOR THE DAS
3
1. Introduction
Privacy and personal data protection strategy can be defined as the strategy which are
very much helpful to shield the organizational data as well as the employee data from diverse
categories of security threats coming from both inside the organization as well as from
external threats coming from the social engineers.
Every organization has different categories of data in their business environment such
as the employee data where detailed information of the workers are stored, payroll data,
contractual data and procurement data. Each of these different categories of data has to be
stored and monitored on regular intervals because organizational targets depend upon the
protection of these data (Hervas-Drane & Casadesus-Masanell, 2018). Confidentiality of the
data is generally maintained if the data is secured from any sort of unauthorised access.
Maintaining the reliability of the data is one of the most significant technical issues which are
faced by most of the business organizations all over the world (Gai et al., 2016). Privacy
strategy can be defined as the legal documentation procedure which are enacted by different
business organizations to protect the employee data and the customer data.
DAS is one of the most significant department of the Australian State Government
(ASG). DAS is responsible to provide wide range of service to the other departments of ASG
such as the payroll and contract tendering management (Ghezzi, Cortimiglia & Frank, 2015).
However, the changes in government policy has resulted in the incorporation of many new
approaches such as the centralized database and cloud first approach regarding the use of the
software and services which are used in DAS.
DAS is looking forward to purchase a HR and personnel management application
from a US based application development organization. This US based organization provides
SaaS applications to each of their clients. The incorporation of the new application is
3
1. Introduction
Privacy and personal data protection strategy can be defined as the strategy which are
very much helpful to shield the organizational data as well as the employee data from diverse
categories of security threats coming from both inside the organization as well as from
external threats coming from the social engineers.
Every organization has different categories of data in their business environment such
as the employee data where detailed information of the workers are stored, payroll data,
contractual data and procurement data. Each of these different categories of data has to be
stored and monitored on regular intervals because organizational targets depend upon the
protection of these data (Hervas-Drane & Casadesus-Masanell, 2018). Confidentiality of the
data is generally maintained if the data is secured from any sort of unauthorised access.
Maintaining the reliability of the data is one of the most significant technical issues which are
faced by most of the business organizations all over the world (Gai et al., 2016). Privacy
strategy can be defined as the legal documentation procedure which are enacted by different
business organizations to protect the employee data and the customer data.
DAS is one of the most significant department of the Australian State Government
(ASG). DAS is responsible to provide wide range of service to the other departments of ASG
such as the payroll and contract tendering management (Ghezzi, Cortimiglia & Frank, 2015).
However, the changes in government policy has resulted in the incorporation of many new
approaches such as the centralized database and cloud first approach regarding the use of the
software and services which are used in DAS.
DAS is looking forward to purchase a HR and personnel management application
from a US based application development organization. This US based organization provides
SaaS applications to each of their clients. The incorporation of the new application is
RISK ASSESSMENT FOR THE DAS
4
supposed to improve the organizational performance of each of the stakeholders of this
organization. Employee data shall be uploaded from DAS and these data shall be processed
in Bangalore, India. The new application shall be allowing the employees working in DAS to
access the HR and performance management system using the DAS digital identify which are
generated from the DAS active directory. The entire authorization procedure will be validated
by SAML 2.0 certificate.
Security Assertion Mark-up Language (SAML) is uses the XML framework which
are deployed to exchange authentication and authorization of data amongst the security
domains of business organizations. Digitally signed XML documents are deployed in this
authentication procedure (Franczyk & Ludwig, 2018). The ensuing unit of the paper shall be
developing a privacy strategy proposal for DAS so that they can secure the organization data
and business data from both external and internal threats.
2. Privacy strategy for personal data
There are diverse categories of departments which are there associated with the DAS
which provides a wide variety of services are provided by this department. Maintaining the
reliability and the availability of the organizational data is very much significant for this
organization (Hoepman, 2018). However, there are different categories of threats and
vulnerabilities associated with the business data which are accessed in this department
coming from both inside the organization as well from outside (Edgar, 2015). The external
threats include the cyber security threats like ransomware. The access of the business data is
not limited in this organization which is the other source of concern which has to be resolved
in the first place so confidentiality of the business data is sustained.
4
supposed to improve the organizational performance of each of the stakeholders of this
organization. Employee data shall be uploaded from DAS and these data shall be processed
in Bangalore, India. The new application shall be allowing the employees working in DAS to
access the HR and performance management system using the DAS digital identify which are
generated from the DAS active directory. The entire authorization procedure will be validated
by SAML 2.0 certificate.
Security Assertion Mark-up Language (SAML) is uses the XML framework which
are deployed to exchange authentication and authorization of data amongst the security
domains of business organizations. Digitally signed XML documents are deployed in this
authentication procedure (Franczyk & Ludwig, 2018). The ensuing unit of the paper shall be
developing a privacy strategy proposal for DAS so that they can secure the organization data
and business data from both external and internal threats.
2. Privacy strategy for personal data
There are diverse categories of departments which are there associated with the DAS
which provides a wide variety of services are provided by this department. Maintaining the
reliability and the availability of the organizational data is very much significant for this
organization (Hoepman, 2018). However, there are different categories of threats and
vulnerabilities associated with the business data which are accessed in this department
coming from both inside the organization as well from outside (Edgar, 2015). The external
threats include the cyber security threats like ransomware. The access of the business data is
not limited in this organization which is the other source of concern which has to be resolved
in the first place so confidentiality of the business data is sustained.
RISK ASSESSMENT FOR THE DAS
5
a. Management of personal information
Personal information management is incorporated in DAS as it can help to organize,
acquire, maintain and retrieve business data from each of the different departments. The data
from each department as well as the services provided in HR and management, procurement
management, contractor management, and payroll can be secured using the personal
information management (Culnan, 2019). Designation, trading period and attendance of each
of the employees working in this organization can be managed and monitored using the
personal information system. Thus, the incorporation of personal information can be very
much useful in DAS as it can help them to secure the organizational data from data security
threats.
Description of the ways to manage personal information
Collection of the data Only the necessary data must be collected from each of the stakeholder
holders of this organization.
Accuracy Only the current data must be accessed in DAS.
Storage and security Data should be protected from getting misused and inappropriate
access
Use Any sort of third party access must be restricted.
Disclosure Inappropriate disclosure of the data must be restricted.
Transparency Accessibility of the employee data as well as the organizational data
must be set by network administrators.
Table 1: Ways to manage personal information
(Source: Created by author)
b. Collection and management of solicited personal information
There are numerous stakeholders who involved in this business, the incorporation of
the HR and personal management application which is going to be installed in the working
environment of DAS. Collection as well as the management of the personal information is a
significant challenge which can be observed in DAS due to the increasing number of cyber
security incidents (Cortimiglia, Ghezzi & Frank, 2016). The personal data has to travel from
California to Bangalore, as a result, effective security policies and protocols must be
5
a. Management of personal information
Personal information management is incorporated in DAS as it can help to organize,
acquire, maintain and retrieve business data from each of the different departments. The data
from each department as well as the services provided in HR and management, procurement
management, contractor management, and payroll can be secured using the personal
information management (Culnan, 2019). Designation, trading period and attendance of each
of the employees working in this organization can be managed and monitored using the
personal information system. Thus, the incorporation of personal information can be very
much useful in DAS as it can help them to secure the organizational data from data security
threats.
Description of the ways to manage personal information
Collection of the data Only the necessary data must be collected from each of the stakeholder
holders of this organization.
Accuracy Only the current data must be accessed in DAS.
Storage and security Data should be protected from getting misused and inappropriate
access
Use Any sort of third party access must be restricted.
Disclosure Inappropriate disclosure of the data must be restricted.
Transparency Accessibility of the employee data as well as the organizational data
must be set by network administrators.
Table 1: Ways to manage personal information
(Source: Created by author)
b. Collection and management of solicited personal information
There are numerous stakeholders who involved in this business, the incorporation of
the HR and personal management application which is going to be installed in the working
environment of DAS. Collection as well as the management of the personal information is a
significant challenge which can be observed in DAS due to the increasing number of cyber
security incidents (Cortimiglia, Ghezzi & Frank, 2016). The personal data has to travel from
California to Bangalore, as a result, effective security policies and protocols must be
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Investigation Data Privacy and Security Australia Report 2022lg...
|24
|6742
|9
Information Technology Assignment: Privacy and Data Protectionlg...
|27
|10026
|55
ITC 568 - Cloud Security and Privacy Reportlg...
|34
|10001
|50
Cloud Privacy and Security: Threat and Risk Assessment, PII Privacy Strategies, Digital Identity and Controls, Governance Planlg...
|35
|1107
|202
ITC 568 Assignment on Cloud Privacy and Securitylg...
|31
|6988
|278
Cloud Privacy and Privacy Policylg...
|25
|7029
|142