Security and Privacy of Employee Data | Report
34 Pages6311 Words63 Views
Added on 2020-02-24
Security and Privacy of Employee Data | Report
Added on 2020-02-24
ShareRelated Documents
Cloud Security
Name of the student
Name of the University
Author Note
Name of the student
Name of the University
Author Note
Introduction:
The DAS or the Department of the Administrative Service provides
numerous services to other departments at Australia. The services have
been delivered from the data centre of the department.
The Software as a Service has been the licensing model and the
software delivery hosted centrally. These services have been provided
from the data centers of DAS.
The report has covered the security and privacy about the employee
data. Next it has discussed the problems regarding the digital identity.
Lastly it has undergone through the problems about data sensitivity and
the provider solution.
1. Security of Employee Data:
S.N
o
Security
Threat/Risk
Description
Likelihood
Impact
Priority
Preventive
Actions
Contingency
Plans
Student 1
R.a. Non-existent
of Security
Architecture
VL VH VH Pre-existent of
Personnel for
designing
security
architecture of
the system (Sun,
2012).
Individual out
of the
organization
for expert
advice.
R.b. Client Side M VH VH Implementation Checking
The DAS or the Department of the Administrative Service provides
numerous services to other departments at Australia. The services have
been delivered from the data centre of the department.
The Software as a Service has been the licensing model and the
software delivery hosted centrally. These services have been provided
from the data centers of DAS.
The report has covered the security and privacy about the employee
data. Next it has discussed the problems regarding the digital identity.
Lastly it has undergone through the problems about data sensitivity and
the provider solution.
1. Security of Employee Data:
S.N
o
Security
Threat/Risk
Description
Likelihood
Impact
Priority
Preventive
Actions
Contingency
Plans
Student 1
R.a. Non-existent
of Security
Architecture
VL VH VH Pre-existent of
Personnel for
designing
security
architecture of
the system (Sun,
2012).
Individual out
of the
organization
for expert
advice.
R.b. Client Side M VH VH Implementation Checking
applications
and software
that are not
patched
of robust patch
management
program into the
system
Regularly
updates of
security
software
Student 2
R.c. Spear
Phishing and
Phishing
H H M installation of
professional
enterprise level
by DAS
Providing
regular and
proper training
to the
employee of
DAS about the
internet
security.
R.d. Websites M H M Anti-malware
device, Updated
firewall and
antivirus
Installation of
new anti-virus
Re. Poor
Configuratio
n
L VH VH Implementation
of configuration
management
policy for the
hardware used to
connect with
internet.
Implementatio
n of new
Network
Access Control
Solution.
and software
that are not
patched
of robust patch
management
program into the
system
Regularly
updates of
security
software
Student 2
R.c. Spear
Phishing and
Phishing
H H M installation of
professional
enterprise level
by DAS
Providing
regular and
proper training
to the
employee of
DAS about the
internet
security.
R.d. Websites M H M Anti-malware
device, Updated
firewall and
antivirus
Installation of
new anti-virus
Re. Poor
Configuratio
n
L VH VH Implementation
of configuration
management
policy for the
hardware used to
connect with
internet.
Implementatio
n of new
Network
Access Control
Solution.
Student 3
Rf. Mobile
Devices
L L VL Using personal
and protected
devices
Encrypting files
that are being
saved in the
database using
mobile device.
Student 4
Rg. Cloud
Computing
VH H VH Cross checking
the offered
services by SaaS
and whether it
accomplices with
the information
security system
requirements of
DAS or not.
Check whether
offered
application is
applicable with
privacy acts
and Family
Education
Rights or not.
R.h. Removable
Media
H VH M Putting “auto
run” feature of
the system into
disable mode.
Training about
how to use
external device
in the
organization
premises.
R.i. Botnets VH H H Implementation
of strong security
architect
Analysis for
encrypting the
data sent over
Implementing
holistic
approach to
data security of
the system.
Rf. Mobile
Devices
L L VL Using personal
and protected
devices
Encrypting files
that are being
saved in the
database using
mobile device.
Student 4
Rg. Cloud
Computing
VH H VH Cross checking
the offered
services by SaaS
and whether it
accomplices with
the information
security system
requirements of
DAS or not.
Check whether
offered
application is
applicable with
privacy acts
and Family
Education
Rights or not.
R.h. Removable
Media
H VH M Putting “auto
run” feature of
the system into
disable mode.
Training about
how to use
external device
in the
organization
premises.
R.i. Botnets VH H H Implementation
of strong security
architect
Analysis for
encrypting the
data sent over
Implementing
holistic
approach to
data security of
the system.
the internet
(Asghari, Eeten &
Bauer, 2015).
R.j. Zero-day
Attacks
H H H Recruiting highly
experienced IT.
Keeping
abreast of less
software
patches.
Existing security threats to Employee data
Likelihood - VL, L, M, H, VH
Impact- - VL, L, M, H, VH
Priority- - VL, L, M, H, VH
(Asghari, Eeten &
Bauer, 2015).
R.j. Zero-day
Attacks
H H H Recruiting highly
experienced IT.
Keeping
abreast of less
software
patches.
Existing security threats to Employee data
Likelihood - VL, L, M, H, VH
Impact- - VL, L, M, H, VH
Priority- - VL, L, M, H, VH
Explain issues
1. The threats identified in the previous decades are same almost. This
continued to plaguing the business at present. The popular threat in
the in-house HR database has been the additional privileges as the
employees are been granted. The DAS could fail in updating the
access privileges for the altering roles of the employees at their
organization. The users could also abuse the legitimate database
privileges for unauthorized reasons (Lafuente, 2015). There could
also be the attacks regarding the database injections. One of the
primary types of these attacks has been the NoSQL and the SQL
injections.
2. The SQL injections are targeted to the traditional data base
systems. The other one has been targeting on the platforms of the
big-data. In both the scenarios the attack of the input injection done
successfully could deliver the attacker with the restricted access
into the entire database. Then there has been the malware. This is a
long lasting danger. This has been used to retrieve the sensitive
data through the original legitimate customers using the damaged
devices. The following one is the exposure of the storage media.
3. The media backup storage has been unprotected regularly from the
assaults. In the same way the numerous security beaches has been
incorporated with the theft of the tapes and discs supporting the
database. There has been exploitation of the less powerful
databases also. This has been taking about a month to fix the
issues. The attackers have been presently knowledgeable regarding
1. The threats identified in the previous decades are same almost. This
continued to plaguing the business at present. The popular threat in
the in-house HR database has been the additional privileges as the
employees are been granted. The DAS could fail in updating the
access privileges for the altering roles of the employees at their
organization. The users could also abuse the legitimate database
privileges for unauthorized reasons (Lafuente, 2015). There could
also be the attacks regarding the database injections. One of the
primary types of these attacks has been the NoSQL and the SQL
injections.
2. The SQL injections are targeted to the traditional data base
systems. The other one has been targeting on the platforms of the
big-data. In both the scenarios the attack of the input injection done
successfully could deliver the attacker with the restricted access
into the entire database. Then there has been the malware. This is a
long lasting danger. This has been used to retrieve the sensitive
data through the original legitimate customers using the damaged
devices. The following one is the exposure of the storage media.
3. The media backup storage has been unprotected regularly from the
assaults. In the same way the numerous security beaches has been
incorporated with the theft of the tapes and discs supporting the
database. There has been exploitation of the less powerful
databases also. This has been taking about a month to fix the
issues. The attackers have been presently knowledgeable regarding
in which way to rob the unpatched databases or databases having
default records and configuration parameters.
4. There have been risks that have generated from the sensitive data.
These data have been left unmanaged. The organization could
struggle to store the appropriate stock of the databases and the
primary information objects that are present inside that
(Felbermayr, Hauptmann & Schmerer, 2014). Now, this has been the
original cause lying behind a huge amount of events about the data
breaches due to human carelessness.
S.N
o
New
Security
Threat/Ri
sk of
employe
e data
Descripti
on (after
moving
to Saas)
Likelihood
Impact
Priority
Preventive
Actions
Contingen
cy Plans
default records and configuration parameters.
4. There have been risks that have generated from the sensitive data.
These data have been left unmanaged. The organization could
struggle to store the appropriate stock of the databases and the
primary information objects that are present inside that
(Felbermayr, Hauptmann & Schmerer, 2014). Now, this has been the
original cause lying behind a huge amount of events about the data
breaches due to human carelessness.
S.N
o
New
Security
Threat/Ri
sk of
employe
e data
Descripti
on (after
moving
to Saas)
Likelihood
Impact
Priority
Preventive
Actions
Contingen
cy Plans
Student 1
R1.
a
Insider H VH VH 1.
Establishmen
t of well
defined
privilege
rights of the
management
system
2. Enforcing
the rights
introduced in
the privilege
1. Annual
training
and
awareness
programs
by DAS.
2. Audit
Programs
R1.
b.
Poor
Passwords
VH M H 1.
Implementin
g more
advanced
authenticatio
n capabilities
2. Using
autopasswor
d generating
software
Training
programs
for creating
strong
password
R1.
a
Insider H VH VH 1.
Establishmen
t of well
defined
privilege
rights of the
management
system
2. Enforcing
the rights
introduced in
the privilege
1. Annual
training
and
awareness
programs
by DAS.
2. Audit
Programs
R1.
b.
Poor
Passwords
VH M H 1.
Implementin
g more
advanced
authenticatio
n capabilities
2. Using
autopasswor
d generating
software
Training
programs
for creating
strong
password
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cloud Security - ITC 568 | Assignmentlg...
|12
|2975
|261
Report | Cloud Computing in DASlg...
|22
|5610
|356
Security of Employee Data Assignment 2022lg...
|17
|5058
|16
Security of Employee Data Report 2022lg...
|15
|4031
|18
Security and Privacy of Employee Data - Deskliblg...
|25
|6301
|272
Security of Employee Data Question 2022lg...
|16
|5147
|28