logo

Securing and Privacy Name of the University Author Name: Cloud based Approach

24 Pages5598 Words311 Views
   

University Of Melbourne

   

Information Security and Privacy (INFO30006)

   

Added on  2020-03-01

About This Document

INFO30006 - The Various Security, Privacy Risks | Report, discusses about the various security and privacy risks and threats that are associated with the conventional HR database and the cloud-based approaches. The model of the cloud approach used here is the SaaS model. The chosen organization is the Department of Administrative Service located in Australithe approach that is being made by the DAS. This approach is the Shared Services Approach. The report also includes the securities and the privacy issues that are associated by adopting the various intended requirements.

Securing and Privacy Name of the University Author Name: Cloud based Approach

   

University Of Melbourne

   

Information Security and Privacy (INFO30006)

   Added on 2020-03-01

ShareRelated Documents
Running head: SECURITY AND PRIVACY
Security and privacy
Name of the Student
Name of the University
Author Note
Securing and Privacy Name of the University Author Name: Cloud based Approach_1
Executive Summary
The following report discusses about the various security and privacy risks and threats that are
associated with the conventional HR database and the cloud based approaches. The model of
cloud approach used here is the SaaS model. The chosen organization is the Department of
Administrative Service located in Australia. The report also discusses about the digital identity
issues and the jurisdictions associated with data security and cloud computing.
Securing and Privacy Name of the University Author Name: Cloud based Approach_2
Table of Contents
Introduction:....................................................................................................................................3
Discussion:.......................................................................................................................................3
Security of employee data:..........................................................................................................4
Risks and threats in the in house HR database of the DAS:....................................................4
Risks and threats after migration to SaaS application:............................................................6
Assessment of resulting Security of Employee Data...............................................................8
Privacy of employee data:.........................................................................................................11
Risks and threats in the privacy of the data in the in house HR database:............................11
Risks and threats after the migration to SaaS applications:...................................................12
Assessment of Privacy of Employee Data:............................................................................13
Digital identity issues:...............................................................................................................17
Provider solution issues:............................................................................................................18
Data sensitivity and jurisdiction:...............................................................................................19
Conclusion:....................................................................................................................................20
References:....................................................................................................................................22
Securing and Privacy Name of the University Author Name: Cloud based Approach_3
Introduction:
The Department of Administrative Services (DAS) is used to provide public services to
the other department s present in the Australian state government. The services that are provided
include the personnel management and HR, management of contract tendering, payroll,
procurement and contractor management. The data centre of the department is responsible for
providing such services.
This report discusses about the approach that is being made by the DAS. This approach is
the Shared Services Approach. The report also includes the securities and the privacy issues that
are associated by adopting the various intended requirements. The report also covers the identity
risks that can be associated with the approach. In addition, the risks of the provider of such
services along with the sensitivity in data are also included in the report.
Discussion:
The main concept to be applied is the Shared Services approach. The main idea of this
approach is to centralize the services that are being provided by the DAS. These services are now
been made to be provided to the whole government. The requirements of this approach are the
need of different departments of the government to migrate their resources to the central server.
The departments who were intending their data and resources for their users now need to upload
the resources to the central servers to incorporate the idea of shared services. This migration will
be done on the DAS central database. After the migration of the data and resources, the DAS will
be responsible for sharing the gathered resources among all the present departments of the
government. This approach is further strengthened by the presence of a government policy that
requires the presence of incorporation of cloud computing architecture for the updating the
services present. The payroll of the DAS will b incorporated in the COTS (Commercial off the
Securing and Privacy Name of the University Author Name: Cloud based Approach_4
Shelf) application that will help in managing the payroll related services directly from the cloud.
The DAS intranet will also be incorporated in to the Microsoft SharePoint PaaS to provide the
services associated with the intranet to all the departments of the government.
To meet the intended outcomes, the DAS has decided to adopt certain services to help
facilitate the service procurement. Firstly, the DAS is responsible for purchasing a HR and
personnel management application from an US based company. The main idea is to get Software
as a service (SaaS) model. The application software is supposed to include the HR management
and the personnel management application embedded on it. To apply this, the provider of the
application has informed the DAS about their main database situated in Dublin, Ireland.
Along with the HR and personnel management, the DAS will also acquire Contractor
management application software to help visualize and manage the contractor that is being
associated in the DAS.
Security of employee data:
Risks and threats in the in house HR database of the DAS:
The in house of the HR department is subjected to many threats and risks. The traditional
database grants many privileges in case of access and this invites many forms of risks and threats
to the data and resource involved. The first risk to the HR database is the excessive or misuse of
privileges granted (Ted et al., 2013). When employees are given access to the whole system, they
may cause damage depending on the intentions of the employee involved. For example, a banker
with full access to the employee savings account may change the data of any other employee to
create a nuisance in the flow of operation. In addition, when an employee is terminated, the
access to the information remains and due to the change in emotional stability, the access of such
data can create problems by hampering the operation of the company or organization involved.
Securing and Privacy Name of the University Author Name: Cloud based Approach_5
This unnecessary risk arises due to the acquisitions of full access to the database involved. The
more privilege given to an employee, the more vulnerable and the more prone to attacks the
system gets.
Risks and threats are also provided when an unauthorized user tries to get access to the
system by attacking the system (Aloul et al., 2012). This is termed as a cyber attack. The HR
database is the traditional one and for accessing this in an unauthorized process, the SQL
injection attack is used. This attack gives the rogue user access to the entire database and crucial
information is unethically accessed using this process. This is also another threat as it may affect
the security related aspects of the employees. Malware is also another form of unauthorized
access and the infected system is not aware of the state of it. The employees or users still work
on the infected computer and their information is unethically accessed. This is also another risk
to the employee data as the security and privacy of the data and resources are hampered. The
more information a data centre possesses, the more vulnerable and the more prone to attacks the
system gets.
The transactions that are ongoing in any company or organization involved must be
recorded automatically in the database servers. The failure to comply with such process may lead
to problems to be associated with the organizations as well as the employees concerned (Arasu et
al., 2013). For example, the transactions of one month for salary might not be recorded and the
database may show that the employees have their salaries even in the next month and might not
avail for the salary acquisition. This may lead to employee related problems. Organizations or
companies with poor auditing mechanism face difficulties in streamlining their operations. As, a
result the companies or organizations involved turn to third party providers to give access to
system that helps in auditing. However, the most important thing to consider is the user interface
and detailed mechanism. The detailed mechanism of the third party processes do not consider all
Securing and Privacy Name of the University Author Name: Cloud based Approach_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Threats and Risks to the Digital Identities of Government Employees
|23
|5094
|679

Data Privacy and Security in Cloud Computing
|28
|7001
|70

Cloud Security Report 2022
|23
|6412
|11

ITC568 - Report Of Cloud Privacy & Security | Australian Government
|17
|3601
|222

Threat and Risk Assessment for MyLicense Portal - Desklib
|11
|2635
|488

Administrative Services Department Report 2022
|16
|4808
|23