logo

Threat and Risk Assessment for PII ( Personal Identifiable Information )

20 Pages6165 Words318 Views
   

Added on  2020-04-07

Threat and Risk Assessment for PII ( Personal Identifiable Information )

   Added on 2020-04-07

ShareRelated Documents
qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwPII StrategyThreat and Risk Assessment for PII in“MyLicence” Portal
Threat and Risk Assessment for PII ( Personal Identifiable Information )_1
1. IntroductionSince the Australian state government has centralized the application and deployed the singleworkflow of all licenses through single web portal called “MyLicence”, the threat and riskanalysis of the Personal Identifiable Information (PII) is an essential obsession. The Departmentof Administrative Services (DAS) has implemented the cloud model for incorporating the sharedservices like Personnel Management, contractor management, payroll solution, and Whole ofGovernment (WofG) development.By the deployment of MyLicence portal, the citizens can acquire and renew their licences in acustomized way. By this way, the citizens register on the web portal and create their owninformal digital identity. But this leads to the confrontation of several security risks andvulnerabilities of the sensitive PII data of the citizens. This report illustrates the Threat and Risk Assessment (TRA) for the PII data stored in theMyLicence portal. Moreover, a PII strategy proposal for the portal is drafted and the privacy andinformation protection facets are considered for alleviating the identified risks andvulnerabilities.2. Threat and Risk Assessment (TRA) for PII data in MyLicencePortal2.1. Introduction to PIIAny information which is utilized to solely recognize or identify an individual is termed asPersonal Identifiable Information (PII). This data is also associated with the identical data fromexternal sources. The PII data comprises wide collection of information for locating the uniqueindividuals, like birth date, personal addresses, license numbers, bank account numbers, creditcard numbers, payroll data, etc. Even when the individuals have more concerns on the disclosureof their personal information, this problem exists in the portal like MyLicence that contains widerange of PII stored in it.The examples of PII in MyLicence Include:
Threat and Risk Assessment for PII ( Personal Identifiable Information )_2
First Name or Last NameAddress of the citizenAgeTelephone or Mobile NumbersCredit Card NumbersRaceCriminal EvidenceBirth DateGender, and other unique details related to the citizens.2.2. Cloud Identifiable VulnerabilitiesSome technologists concentrate on cloud related vulnerabilities rather than the risks and threats.The specific cloud vulnerabilities for the PII data are given below:The vulnerabilities can be found inside the cryptanalysis and the service leanedframework.The main source of vulnerabilities can emerge from one of the cloud computing aspects like openness, pay as you consume model, and collection of resources (Grobauer, Walloschek & Stocker, 2011).Insufficient transparency in service contributor’s policy is also another issue.2.3. Cloud Specific ThreatsThe cloud specific threats for PII data can be categorized as follows:2.3.1. Exploitation and disreputable utilization of cloud computingThe IaaS contributors proffer infinite number of storage capacity, network, and compute resources to the customers. The hackers and malevolent code developers conduct their spiteful tasks with associated requirements. In the portal like MyLicence, the PII data can be extracted bythe attackers through password tracking methods, Distributed Denial of Service, initiating
Threat and Risk Assessment for PII ( Personal Identifiable Information )_3
vibrant threat points, botnet authority, congregating the malicious data, constructing mottled tables, etc (Chu, Chow, Tzeng, Zhou & Deng, 2014).By this way, the privacy of PII data contained in the portal will be affected. There is a possibilityof utilization of the IaaS servers by botnets for commanding activities. 2.3.2. Distributed technology concernsThe distribution of architecture comprising CPU hoard, Graphics Processing Unit (GPU), etc. is offered by the IaaS providers. But, these architectural components are not able to provide the isolation aspects to the multi-resident frameworks (Dabrowski & Mills, 2011). For solving this issue, an implicit supervising component controls the access in between the computing sources and organization operating systems. Even then, the supervising component has revealed some imperfections such that the third party operating system can have unacceptable access to the PII data or impact on the triggering manifesto.2.3.3. PII Data loss or leakageThe data can be negotiated in several ways. An example is the modification of data without anyendorsement of the unique content. The PII data loss can be due to lack of authorization,management, improper utilization of encryption keys, perseverance and arrangementconfrontations, functional errands, data center inconsistency, risk of fraternity, authenticationissues, and failure recuperation.2.3.4. Unstable Application Programming Interface (API)The customers use to manage the cloud services through the API provided by the cloud suppliers. The activities like monitoring, stipulation, coordination, and administration are offeredby these software interfaces (Apecechea, Inci, Eisenbarth & Sunar, 2014). The reusable passwords and API reliance are other examples of API threats.3. PII Strategy Proposal For the organization of various sizes, cloud computing provided infinite storage space and other computing abilities. By this way, the DAS is liberated from buying, administering, and
Threat and Risk Assessment for PII ( Personal Identifiable Information )_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Threat and Risk Assessment for MyLicense Portal - Desklib
|11
|2635
|488

Cloud Privacy and Security
|18
|3664
|384

Cloud Privacy and Security : Assignment
|18
|4804
|105

Cloud Privacy and Security: Threat and Risk Assessment, PII Privacy Strategies, Digital Identity and Controls, Governance Plan
|35
|1107
|202

Department of Administrative Services : Case Study
|4
|638
|239

Assignment of Cloud Privacy and Security
|13
|3394
|89