Security and Privacy of Employee Data - Desklib
Added on 2022-10-02
25 Pages6301 Words272 Views
|
|
|
Running head: SECURITY AND PRIVACY OF EMPLOYEE DATA
Security and Privacy of Employee Data
Name of the Student:
Name of the university:
Author note:
Security and Privacy of Employee Data
Name of the Student:
Name of the university:
Author note:
SECURITY AND PRIVACY OF EMPLOYEE DATA2
Introduction:
The state government of Australia receives a number of services from an
organization known as the department of Administrative Services or DAS. This service provider
provided them with many services that included management, payroll, tendering and many more.
There were a few risk that were identified in this system for which the DAS Company wanted to
shift the information to the cloud as “shared services” (McIlwraith, 2016) Shared Services works
with the help of SaaS model of the cloud computing technology. Though there are many
advantages of developing cloud access to the users, there are few constraints of using them too.
This report discuss all about the privacy and the security threats that the organization’s users can
face when a whole information system is shifted from minor data centers to clouds. They are
then put into the risk management register for the assessment of their priority (Haney et al,
2017). The priority level shows how much importance the issue has and how early does it needed
to be fixated.
Introduction:
The state government of Australia receives a number of services from an
organization known as the department of Administrative Services or DAS. This service provider
provided them with many services that included management, payroll, tendering and many more.
There were a few risk that were identified in this system for which the DAS Company wanted to
shift the information to the cloud as “shared services” (McIlwraith, 2016) Shared Services works
with the help of SaaS model of the cloud computing technology. Though there are many
advantages of developing cloud access to the users, there are few constraints of using them too.
This report discuss all about the privacy and the security threats that the organization’s users can
face when a whole information system is shifted from minor data centers to clouds. They are
then put into the risk management register for the assessment of their priority (Haney et al,
2017). The priority level shows how much importance the issue has and how early does it needed
to be fixated.
SECURITY AND PRIVACY OF EMPLOYEE DATA3
1. Security of Employee Data
Sl.
No
.
Security
Threat/Risk
Description
Likelihood
Impact
Priority
Preventive
Actions
Contingency Plans
1. Data
Integrity
High (H) High(H) Very
High(VH)
1.
Maintenance.
2. Digital
Signatures.
1. staff training required
2. storage in cloud
2. Secrecy Medium(M
)
High(H) Medium(M) 1. Upgrade
Procedures.
2. Safeguard
Data.
1. encryption of data required
3. Availability Low(L) Medium(M) Medium(M) 1.
Monitoring
Processes.
1. Perform Risk Analysis.
4. Malware High(H) Very
High(VH)
High(H) 1. Update the
system.
1. Update anti malware
software regularly.
5. Database
Injection
Attacks
High(H) Very
High(VH)
High(H) 1. Usage of
Prepared
Statements.
2. Usage of
Stored
Procedures.
1. SQL input Validation is
required
2. Usage of prepared
statements instead of using
dynamic queries.
o Existing security threats to Employee data
Likelihood - VL, L, M, H, VH
Impact- - VL, L, M, H, VH
Priority- - VL, L, M, H, VH
1. Security of Employee Data
Sl.
No
.
Security
Threat/Risk
Description
Likelihood
Impact
Priority
Preventive
Actions
Contingency Plans
1. Data
Integrity
High (H) High(H) Very
High(VH)
1.
Maintenance.
2. Digital
Signatures.
1. staff training required
2. storage in cloud
2. Secrecy Medium(M
)
High(H) Medium(M) 1. Upgrade
Procedures.
2. Safeguard
Data.
1. encryption of data required
3. Availability Low(L) Medium(M) Medium(M) 1.
Monitoring
Processes.
1. Perform Risk Analysis.
4. Malware High(H) Very
High(VH)
High(H) 1. Update the
system.
1. Update anti malware
software regularly.
5. Database
Injection
Attacks
High(H) Very
High(VH)
High(H) 1. Usage of
Prepared
Statements.
2. Usage of
Stored
Procedures.
1. SQL input Validation is
required
2. Usage of prepared
statements instead of using
dynamic queries.
o Existing security threats to Employee data
Likelihood - VL, L, M, H, VH
Impact- - VL, L, M, H, VH
Priority- - VL, L, M, H, VH
SECURITY AND PRIVACY OF EMPLOYEE DATA4
Explain issues
1. Data Integrity: The consistency and accuracy of data is termed as data integrity. Data
integrity provides protection from inappropriate modification of information.
Modification involves insertion, creation, deletion and status change of data.
Maintenance of data integrity is keeping data intact and same throughout the full life
cycle. This consists of data capture, updates, storage, backups and transfers. Whenever
data procession takes place, a risk is always present for data corruption (Kearns, 2016).
Integrity may be lost if unappropriated changes occur with intention or by accidental acts.
Data integrity is essential for quality control and handling OOS results. Data integrity
also introduces the data safety with respect to regulatory compliance. It is maintained by
collection of processes, standards and rules implementation during design phase.
2. Secrecy: The act of information hiding from individuals or from groups is termed as
secrecy. Revealing of data should not take place to users who are not authorized. Secrecy
can be controversial which depends on the nature and content of the secret. Excessive
revealing of information can dispute with morality of confidentiality and privacy (Kearns,
2016). Secrecy exists in different ways such as encryption where technical and
mathematical strategies can be used for hiding messages, true secrecy where participants
are given certain restrictions and obfuscation where data is hidden in plane observation.
3. Availability: Availability is a condition where consumers can access a provided data. So,
with respect to database, data availability refers to if there is a database available, that
data can be accessed by the data users, that is, customers, business and application users.
Any criteria that makes the data inaccessible is the opposite of availability. Another
outlook of availability is the amount of time a system is used for production work (Bosch
Explain issues
1. Data Integrity: The consistency and accuracy of data is termed as data integrity. Data
integrity provides protection from inappropriate modification of information.
Modification involves insertion, creation, deletion and status change of data.
Maintenance of data integrity is keeping data intact and same throughout the full life
cycle. This consists of data capture, updates, storage, backups and transfers. Whenever
data procession takes place, a risk is always present for data corruption (Kearns, 2016).
Integrity may be lost if unappropriated changes occur with intention or by accidental acts.
Data integrity is essential for quality control and handling OOS results. Data integrity
also introduces the data safety with respect to regulatory compliance. It is maintained by
collection of processes, standards and rules implementation during design phase.
2. Secrecy: The act of information hiding from individuals or from groups is termed as
secrecy. Revealing of data should not take place to users who are not authorized. Secrecy
can be controversial which depends on the nature and content of the secret. Excessive
revealing of information can dispute with morality of confidentiality and privacy (Kearns,
2016). Secrecy exists in different ways such as encryption where technical and
mathematical strategies can be used for hiding messages, true secrecy where participants
are given certain restrictions and obfuscation where data is hidden in plane observation.
3. Availability: Availability is a condition where consumers can access a provided data. So,
with respect to database, data availability refers to if there is a database available, that
data can be accessed by the data users, that is, customers, business and application users.
Any criteria that makes the data inaccessible is the opposite of availability. Another
outlook of availability is the amount of time a system is used for production work (Bosch
SECURITY AND PRIVACY OF EMPLOYEE DATA5
& Micevska-Scharf, 2017). The application’s availability will change for different
organizations, for different systems of the organization and even for different users. Data
with poor performance can be accessed, however accessing a database which is
unavailable is not possible. The users cannot perform their respective job if there is
suffering in performance (Beautement, Becker, Parkin, Krol & Sasse, 2016). Availability
consists of four primary components that assures that the systems are up to the mark and
business can be done.
4. Malware: Malware is a software that is designed intentionally for causing damage to a
server, client, network or a computer. Malware causes the damage after its
implementation or implanted to a computer and perform direct executable scripts, codes
and other data. Malware is known as computer worms, viruses, Trojan horses, spyware,
scare ware, random ware and adware in media. Malware contains malicious intent that
acts against computer user’s interest and does not consist of software which creates
unintentional harm that is termed as a bug (Kent, 2016). Programs that are supplied
officially by the companies is considered as malware if they perform secretly against the
computer user’s interest. Sensitive data can be stolen by perennial threat malware through
infected devices.
5. Data Injection Attacks: Two types of data injection attacks are present such as SQL
injection which mark the conventional database systems and NoSQL injection which
target “big data” policy. A SQL injection attack have SQL query’s insertion from client
with input data into application. Sensitive data can be read from database through a
successful SQL injection, database can be modified, administration operations can be
modified in the database, a provided file’s content can be recovered from file system of
& Micevska-Scharf, 2017). The application’s availability will change for different
organizations, for different systems of the organization and even for different users. Data
with poor performance can be accessed, however accessing a database which is
unavailable is not possible. The users cannot perform their respective job if there is
suffering in performance (Beautement, Becker, Parkin, Krol & Sasse, 2016). Availability
consists of four primary components that assures that the systems are up to the mark and
business can be done.
4. Malware: Malware is a software that is designed intentionally for causing damage to a
server, client, network or a computer. Malware causes the damage after its
implementation or implanted to a computer and perform direct executable scripts, codes
and other data. Malware is known as computer worms, viruses, Trojan horses, spyware,
scare ware, random ware and adware in media. Malware contains malicious intent that
acts against computer user’s interest and does not consist of software which creates
unintentional harm that is termed as a bug (Kent, 2016). Programs that are supplied
officially by the companies is considered as malware if they perform secretly against the
computer user’s interest. Sensitive data can be stolen by perennial threat malware through
infected devices.
5. Data Injection Attacks: Two types of data injection attacks are present such as SQL
injection which mark the conventional database systems and NoSQL injection which
target “big data” policy. A SQL injection attack have SQL query’s insertion from client
with input data into application. Sensitive data can be read from database through a
successful SQL injection, database can be modified, administration operations can be
modified in the database, a provided file’s content can be recovered from file system of
SECURITY AND PRIVACY OF EMPLOYEE DATA6
database and in few cases commands can be issued to operating system (Malik & Patel,
2016). SQL injection attacks are one kind of injection attack where the predefined SQL
commands are effected by the injection of SQL commands to data-plane input. Identity,
causing repudiation issues like change in balance or transaction void, tempering with data
present can be spoofed by attackers through SQL injection attacks allow revelation of
complete data available in the system, data destruction and making the data unavailable
and becoming database server’s administrators. ASP and PHP applications have SQL
injection as for generality of older interfaces (Kotenko, Levshun, & Chechulin, 2016). As
for the availability of programmatic interfaces, ASP.NET and J2EE applications have
less chance of being exploited by SQL injections.
database and in few cases commands can be issued to operating system (Malik & Patel,
2016). SQL injection attacks are one kind of injection attack where the predefined SQL
commands are effected by the injection of SQL commands to data-plane input. Identity,
causing repudiation issues like change in balance or transaction void, tempering with data
present can be spoofed by attackers through SQL injection attacks allow revelation of
complete data available in the system, data destruction and making the data unavailable
and becoming database server’s administrators. ASP and PHP applications have SQL
injection as for generality of older interfaces (Kotenko, Levshun, & Chechulin, 2016). As
for the availability of programmatic interfaces, ASP.NET and J2EE applications have
less chance of being exploited by SQL injections.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents