Risk Assessment of Data and Information Security Essay

Added on - 22 Jul 2020

  • 19

    Pages

  • 6874

    Words

  • 128

    Views

  • 0

    Downloads

Trusted by +2 million users,
1000+ happy students everyday
Showing pages 1 to 4 of 19 pages
Risk Assessment
TABLE OF CONTENTSINTRODUCTION...........................................................................................................................1Assessment 2....................................................................................................................................11. Consider the data and information that DAS holds on the employees in the current HRsystem.....................................................................................................................................11). Establish the present threats and risks to the security of the data and information.........12). Other risks to the data after migration to SaaS application.............................................33). Assess the resulting severity of risk and threats to data and information of employees...42. Consider the privacy of data for those employees who will move to SaaS application.....41). Establish the existing risks and threats to the privacy......................................................42). Other risks and threats to the privacy of data and information during migration...........53). Resulting severity of risks and threats to the privacy of employees..................................63.Threats and risks to the digital identities of government employees from SaaS applications................................................................................................................................................74. Considering operational solutions and locations of SaaS for HR and contractormanagement............................................................................................................................95. Issues to data sensitivity or jurisdiction............................................................................12CONCLUSIONS............................................................................................................................13REFERENCES..............................................................................................................................15
INTRODUCTIONThe aim of the study is to analyse the risk factors which are emerging under businessorganisations. Australian state government has established 'the department of administrativeservices' to ensure the services performed under every departments example HR, personneldepartment etc. (Zhou & et. al., 2016)policies keep on fluctuating from nation to nation on atimely basis however, to provide effective information's regarding their regulations to everyorganization at different countries has been made possible due to emergence of SAAS provider's.This assessment covers the entire risks and threats to the employee data and information that hasbeen revolved in different countries and places for the processing. There are various steps insending data from one place and the risks and all these phases involves some issues which needsto be resolved in order to protect those data. In present report, the need of software up-gradationhas been observed by DAS and thus, the information is being shared at places accordingly. Thelevel at which the information has threats are the security problems at HR system of DASholding employee data, migration to SaaS, etc. and privacy issues at DAS internal system andSaaS.Assessment 21. Consider the data and information that DAS holds on the employees in the current HR system.1). Establish the present threats and risks to the security of the data and information.Current employees are considered as the most important resource for any organisation,thus, it is mandatory to keep their data and information secure and confidential. It is a myth thathackers are the main reason that causes security breaches in fact this information is leaker fromthe insiders, either intentionally or unintentionally. Initially, when the data and information of theemployees is present in the HR house of the DAS itself, then there are some risks and threatsassociated with its security and these are as follows:Exploitation of information through remote access software: It is an intentional form ofdata leakage. In this, some remote accessed software are used for stealing the data such asterminal services, Citrix and GoToMyPC.1
Sending out information through e-mails and instant messaging: This threat involvessharing of personnel information with the help of E-mails and messaging.File sharing on P2P: Peer-to-peer file sharing software such as IM is not the problem butthe trouble arises on the way of how it is used. A simple misconfiguration leads to thenetwork to go public which can be accessed by anyone (Cho & Chan, 2015). This is anunintentional type of data leakage risk.Recklessly using wireless networks: It is the biggest unintentional insider threat whichcauses due to insecure wireless network usage. The most susceptible of these attacks arethe Wi-Fi networks. In addition to this, the WLANs provided to the employees in theorganisation also results in exploitation of data.Posting information on the discussion boards: This is the easiest way to stealinformation. If the entity reveals the data openly to every department then there arethreats of stealing them.Moreover, there are various other risks which can be faced by the employees if their datahas been hacked by hackers. Under such circumstances there will be rise in the online scams,phishing and other similar cases. As in the HR database personal sensitive information is therethat can be easily accessed by such people and they may collect personal information from otherfamily members through mails or fake websites (Yüksel, Küpçü & Özkasap, 2017)Along withthis, in Australia, cases related to the online theft and cybercrime has doubled. In 2016, manycompanies have detected that they are facing the security incidents. A study on the IT companiesand cyber risk to them was commissioned by Telstra reported that the cases has doubled and willfurther rise. In IT sector, there is another way by which private information can be accessed byother people, that is Denial-of-service attack.As personal information of all the companies will be mentioned in DAS so there can becondition of cases where multiple outlooks computer-systems attack on the targeted source. Suchattacks increase the vulnerability factor of employee's personal details. By sending unlimitedmessages or malformed packets they can directly hit the DAS system and can make itslower/shut down or even crash (Wallentin & et. al, 2014)Data breaches is another issue where information can be leaked. Person working in theorganization may also send the information to the other due personal conflict or else reason.These are the threats and risk which can be generated while storing the data at DAS.2
desklib-logo
You’re reading a preview
Preview Documents

To View Complete Document

Click the button to download
Subscribe to our plans

Download This Document