ITC 568 - Cloud Security and Privacy Report
Added on 2020-02-24
34 Pages10001 Words50 Views
Business DevelopmentData Science and Big DataEconomicsPolitical Science
|
|
|
Running head: CLOUD SECURITY AND PRIVACY
Cloud security and privacy
(Department of Administrative Service)
Name of the student:
Name of the university:
Author Note
Cloud security and privacy
(Department of Administrative Service)
Name of the student:
Name of the university:
Author Note
1
CLOUD SECURITY AND PRIVACY
Executive summary
The DAS or the Department of the Administrative Service at Australia supplies various services to
various departments of the state government of the country. The report is developed to keep the
privacy strategy for personal data and the personal data protection in mind. It has been also
recommending the privacy controls and the strategies of personal information protection.
CLOUD SECURITY AND PRIVACY
Executive summary
The DAS or the Department of the Administrative Service at Australia supplies various services to
various departments of the state government of the country. The report is developed to keep the
privacy strategy for personal data and the personal data protection in mind. It has been also
recommending the privacy controls and the strategies of personal information protection.
2
CLOUD SECURITY AND PRIVACY
Table of Contents
Introduction:..........................................................................................................................................4
1. Privacy strategy for personal data:....................................................................................................4
1.1. Management of personal information:........................................................................................4
1.2. Collection and management of solicited personal information:.................................................5
1.3. Use and disclosure of personal information:..............................................................................6
1.4. Use and security of digital identities:.........................................................................................6
1.5. Security of personal information:...............................................................................................7
1. 6. Access to personal information:................................................................................................8
1.7. Quality and correction of personal information:........................................................................8
2. Recommended Privacy controls:.......................................................................................................9
2.1. Mitigating the previously identified privacy risks:.....................................................................9
2.2. Implement the privacy strategy:...............................................................................................11
3. Personal data protection strategy:....................................................................................................14
3.1. Protection of personal information:..........................................................................................14
3.2. Authorized access & disclosure of personal information:........................................................15
3.3. De-identification of personal data:...........................................................................................16
3.4. Use of personal digital identities:.............................................................................................16
3.5. Security of personal data:.........................................................................................................18
3.6. Archiving of personal data:......................................................................................................19
4. Recommended personal data protection strategy:...........................................................................21
CLOUD SECURITY AND PRIVACY
Table of Contents
Introduction:..........................................................................................................................................4
1. Privacy strategy for personal data:....................................................................................................4
1.1. Management of personal information:........................................................................................4
1.2. Collection and management of solicited personal information:.................................................5
1.3. Use and disclosure of personal information:..............................................................................6
1.4. Use and security of digital identities:.........................................................................................6
1.5. Security of personal information:...............................................................................................7
1. 6. Access to personal information:................................................................................................8
1.7. Quality and correction of personal information:........................................................................8
2. Recommended Privacy controls:.......................................................................................................9
2.1. Mitigating the previously identified privacy risks:.....................................................................9
2.2. Implement the privacy strategy:...............................................................................................11
3. Personal data protection strategy:....................................................................................................14
3.1. Protection of personal information:..........................................................................................14
3.2. Authorized access & disclosure of personal information:........................................................15
3.3. De-identification of personal data:...........................................................................................16
3.4. Use of personal digital identities:.............................................................................................16
3.5. Security of personal data:.........................................................................................................18
3.6. Archiving of personal data:......................................................................................................19
4. Recommended personal data protection strategy:...........................................................................21
3
CLOUD SECURITY AND PRIVACY
4.1. Mitigating the previously identified security risks:..................................................................21
4.2. Recommended personal data protection strategy:....................................................................25
Conclusion:..........................................................................................................................................27
References:..........................................................................................................................................28
CLOUD SECURITY AND PRIVACY
4.1. Mitigating the previously identified security risks:..................................................................21
4.2. Recommended personal data protection strategy:....................................................................25
Conclusion:..........................................................................................................................................27
References:..........................................................................................................................................28
4
CLOUD SECURITY AND PRIVACY
Introduction:
The cloud-based solution refers to various services, resources, applications that are available
to the users on demand through online from the cloud service providers. The organizations have
been typically using the cloud computing for increasing the capacity, improve the functionalities and
incorporate extra services on demand (Lafuente, 2015).
The DAS or the Department of the Administrative Service at Australia has been providing
various services to various sections of the state government of the country. A successful engagement
of their team is completed, for providing the privacy and security analysis for DAS. The group has
again attempted to create the strategies regarding the privacy and personal data protection.
The following report is prepared to keep the privacy strategy for personal data and the
personal data protection in mind. It has also recommended the privacy controls and the strategies of
personal information protection.
1. Privacy strategy for personal data:
1.1. Management of personal information:
This is all about searching, placing, managing and sustaining the information. It also deals
with the privacy management and the data flow. DAS needed to place the external factors away from
retrieving the data rather than providing permission from the cloud service providers. The
organization has needed to safeguard the time. They have been also concentrating on the retrieval of
data instead of taking permission from online. This personal information management denotes the
measuring and evaluating. DAS requires finding out whether the tool would harm or not. They
should also be aware of the alternate strategies (Felbermayr, Hauptmann & Schmerer, 2014). The
managing includes the abilities to make the data known. This has been referring to the learning and
CLOUD SECURITY AND PRIVACY
Introduction:
The cloud-based solution refers to various services, resources, applications that are available
to the users on demand through online from the cloud service providers. The organizations have
been typically using the cloud computing for increasing the capacity, improve the functionalities and
incorporate extra services on demand (Lafuente, 2015).
The DAS or the Department of the Administrative Service at Australia has been providing
various services to various sections of the state government of the country. A successful engagement
of their team is completed, for providing the privacy and security analysis for DAS. The group has
again attempted to create the strategies regarding the privacy and personal data protection.
The following report is prepared to keep the privacy strategy for personal data and the
personal data protection in mind. It has also recommended the privacy controls and the strategies of
personal information protection.
1. Privacy strategy for personal data:
1.1. Management of personal information:
This is all about searching, placing, managing and sustaining the information. It also deals
with the privacy management and the data flow. DAS needed to place the external factors away from
retrieving the data rather than providing permission from the cloud service providers. The
organization has needed to safeguard the time. They have been also concentrating on the retrieval of
data instead of taking permission from online. This personal information management denotes the
measuring and evaluating. DAS requires finding out whether the tool would harm or not. They
should also be aware of the alternate strategies (Felbermayr, Hauptmann & Schmerer, 2014). The
managing includes the abilities to make the data known. This has been referring to the learning and
5
CLOUD SECURITY AND PRIVACY
the practices of the activities of the people. This is to achieve, generate, store, maintain, use,
distribute and organize the information required to meet the aims. Additionally, it has been focusing
on the documents like paper, electronic, web references and others for future storage and re-usage.
One of the popular concepts of the management is whether DAS possess the exact data in proper
format at the proper place inadequate amount. In actuality, DAS should be spending an important
section of time by doing away with the pervasive issues of the data fragmentation.
1.2. Collection and management of solicited personal information:
Since SaaS has been supplying various services and working with the employees, partners,
clients, and the volunteers engaged, it has been obvious that they have needed to collect and manage
the solicited personal data informing about the individuals. This has been the capability to bring the
critical and the ethical duties. DAS has required knowing the legal necessities for managing the
information regarding the people. DAS is responsible for the tasks and should assure that it does not
go against the relevant laws (Pfeifer, 2016). These laws have been collecting and using the string
data about the people. The people are turning to highly knowledgeable about the privacy and data
protection concerns. DAS must take into consideration the process very tactically for managing the
data of the persons. They must assure that the values of DAS get reflected and meet the reasonable
demands of the clients.
APP3 draws the APP entities that are collecting the solicited data. APP differentiates
between the collection of solicited data and the getting of unsolicited data done by the APP entities.
Since APP collects the data the perquisites have been showing variation according to its sensitivity
(Kristal, 2017). Apart from this, it has been also considering the entity as the company or agency. It
included how the APP entity collects the personal data. This needed the same necessities applied to
all the APP entities and to all types of personal data.
CLOUD SECURITY AND PRIVACY
the practices of the activities of the people. This is to achieve, generate, store, maintain, use,
distribute and organize the information required to meet the aims. Additionally, it has been focusing
on the documents like paper, electronic, web references and others for future storage and re-usage.
One of the popular concepts of the management is whether DAS possess the exact data in proper
format at the proper place inadequate amount. In actuality, DAS should be spending an important
section of time by doing away with the pervasive issues of the data fragmentation.
1.2. Collection and management of solicited personal information:
Since SaaS has been supplying various services and working with the employees, partners,
clients, and the volunteers engaged, it has been obvious that they have needed to collect and manage
the solicited personal data informing about the individuals. This has been the capability to bring the
critical and the ethical duties. DAS has required knowing the legal necessities for managing the
information regarding the people. DAS is responsible for the tasks and should assure that it does not
go against the relevant laws (Pfeifer, 2016). These laws have been collecting and using the string
data about the people. The people are turning to highly knowledgeable about the privacy and data
protection concerns. DAS must take into consideration the process very tactically for managing the
data of the persons. They must assure that the values of DAS get reflected and meet the reasonable
demands of the clients.
APP3 draws the APP entities that are collecting the solicited data. APP differentiates
between the collection of solicited data and the getting of unsolicited data done by the APP entities.
Since APP collects the data the perquisites have been showing variation according to its sensitivity
(Kristal, 2017). Apart from this, it has been also considering the entity as the company or agency. It
included how the APP entity collects the personal data. This needed the same necessities applied to
all the APP entities and to all types of personal data.
6
CLOUD SECURITY AND PRIVACY
Moreover, it has been also considering the entity has been an agency or any company. This has been
including how the APP entity has been gathering the personal data. This has been the similar
requirements applying to every APP entities and to every kind of the personal data.
1.3. Use and disclosure of personal information:
For this reason, APP has been gathering the personal data. The basis on which the APP entity
has been using or disclosing the personal data is discussed here. It is never revealed to the entities
depending on any ground or to determine whether to shut the personal data till the disclosure or
usage is required by the law. The factor at section 6.1 of the APP standards is defined as the implied
or the express consent. The following one has been the checking of whether data has been providing
the content in a voluntarily way. This consent is denoting to a particular and the individuals have
possessed the ability to make sense and communicate with the consent. About the using and
disclosure of the personal data where there has been a high expectation of individuals and related to
basic reason to collect has been undergoing some principles.
The APP has been allowing the APP for using and disclosing the information for extra
reasons (Müller & Neumann, 2015). It occurs has the public demand the entity to make use or show
the data for this additional reason. It includes the searching of whether data has been sensitive or not.
It has also been including the finding whether the information is sensitive or not. The secondary
purpose here has been related to the basic cause of collection.
1.4. Use and security of digital identities:
Various trends have been driving the requirements for the digital identity systems. The initial
one is the rise of the volume of transaction. The quantity of the transaction depending on identities is
developing because of the advent of the use of digital channels. Then there is the rise of the
transaction complexity. The transactions are rising through the disparate entities in spite of the
relationships established before. Let the instance of the cross-border transaction be taken here. It has
CLOUD SECURITY AND PRIVACY
Moreover, it has been also considering the entity has been an agency or any company. This has been
including how the APP entity has been gathering the personal data. This has been the similar
requirements applying to every APP entities and to every kind of the personal data.
1.3. Use and disclosure of personal information:
For this reason, APP has been gathering the personal data. The basis on which the APP entity
has been using or disclosing the personal data is discussed here. It is never revealed to the entities
depending on any ground or to determine whether to shut the personal data till the disclosure or
usage is required by the law. The factor at section 6.1 of the APP standards is defined as the implied
or the express consent. The following one has been the checking of whether data has been providing
the content in a voluntarily way. This consent is denoting to a particular and the individuals have
possessed the ability to make sense and communicate with the consent. About the using and
disclosure of the personal data where there has been a high expectation of individuals and related to
basic reason to collect has been undergoing some principles.
The APP has been allowing the APP for using and disclosing the information for extra
reasons (Müller & Neumann, 2015). It occurs has the public demand the entity to make use or show
the data for this additional reason. It includes the searching of whether data has been sensitive or not.
It has also been including the finding whether the information is sensitive or not. The secondary
purpose here has been related to the basic cause of collection.
1.4. Use and security of digital identities:
Various trends have been driving the requirements for the digital identity systems. The initial
one is the rise of the volume of transaction. The quantity of the transaction depending on identities is
developing because of the advent of the use of digital channels. Then there is the rise of the
transaction complexity. The transactions are rising through the disparate entities in spite of the
relationships established before. Let the instance of the cross-border transaction be taken here. It has
7
CLOUD SECURITY AND PRIVACY
needed more accuracy and protection to identify the data that has been sensitive (Smith & Ross,
2014). Moreover, there has been the rise in the speed of the financial and harms regarding the
reputations. The ineffective actors are the financial systems increasingly sober in the usage of
technologies and tools. It is done to control the activities that are illicit. It has been also including the
abilities for causing the financial and the reputational harms by exploiting the actual systems of
identity. The digital identity system has comprised of different layers. All of them have been serving
different reasons.
As per the WEF report, there are six typical layers. The initial one is the standard. Their task
is to govern the overall activities to eradicate the issues regarding consistency and coordination.
Then there is the attribute collection. The required user attributes are appropriately achieved here.
They are also stored and the protected. The next one is the authentication. The mechanisms are
delivering the links to the users to the attributes to avoid the inconsistent authentication. The next
one is the exchange of attributes. The mechanisms have been delivering to exchange the attributes
among the different attributes (Kristal, 2017). The next one is the verification. The proper rules and
the relationships are needed to implement to authorize what the service users are entitled to access
on the attribute basis. Finally, there is the service delivery. In this case, the users are supplied with
the effective and easy-using services.
1.5. Security of personal information:
It was comprised of different terms as listed in the APP11. This includes the interference,
unauthorized accessing, misuse and loss unauthorized modification, and disclosure. There has been
lying different examples and analysis by which the terms have been retrieving common meanings.
Firstly there is the misuse. The personal data is misused as it is used by the APP entity that has not
been allowed by the Act. Then there is the interference. This takes place as there is no attack on the
personal data. Despite all this, it has not been updating the content as necessary. The next is the loss.
CLOUD SECURITY AND PRIVACY
needed more accuracy and protection to identify the data that has been sensitive (Smith & Ross,
2014). Moreover, there has been the rise in the speed of the financial and harms regarding the
reputations. The ineffective actors are the financial systems increasingly sober in the usage of
technologies and tools. It is done to control the activities that are illicit. It has been also including the
abilities for causing the financial and the reputational harms by exploiting the actual systems of
identity. The digital identity system has comprised of different layers. All of them have been serving
different reasons.
As per the WEF report, there are six typical layers. The initial one is the standard. Their task
is to govern the overall activities to eradicate the issues regarding consistency and coordination.
Then there is the attribute collection. The required user attributes are appropriately achieved here.
They are also stored and the protected. The next one is the authentication. The mechanisms are
delivering the links to the users to the attributes to avoid the inconsistent authentication. The next
one is the exchange of attributes. The mechanisms have been delivering to exchange the attributes
among the different attributes (Kristal, 2017). The next one is the verification. The proper rules and
the relationships are needed to implement to authorize what the service users are entitled to access
on the attribute basis. Finally, there is the service delivery. In this case, the users are supplied with
the effective and easy-using services.
1.5. Security of personal information:
It was comprised of different terms as listed in the APP11. This includes the interference,
unauthorized accessing, misuse and loss unauthorized modification, and disclosure. There has been
lying different examples and analysis by which the terms have been retrieving common meanings.
Firstly there is the misuse. The personal data is misused as it is used by the APP entity that has not
been allowed by the Act. Then there is the interference. This takes place as there is no attack on the
personal data. Despite all this, it has not been updating the content as necessary. The next is the loss.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Investigation Data Privacy and Security Australia Report 2022lg...
|24
|6742
|9
2CLOUD SECURITY CLOUD SECURITY Cloud Security Name of the Student Name of the University Author's Note: Executive Summarylg...
|19
|4535
|120
Cloud Computing Report 2022lg...
|24
|7085
|19
Information Technology Assignment: Privacy and Data Protectionlg...
|27
|10026
|55
Cloud Privacy and Privacy Policylg...
|25
|7029
|142
Risk assessment for the DAS | Reportlg...
|23
|6822
|19