Cloud Security and Privacy Risks for DAS HR and Contractor Management
VerifiedAdded on 2020/05/11
|28
|7001
|70
Report
AI Summary
This report addresses the cloud security and privacy concerns of the Department of Administrative Service (DAS), an Australian government entity providing services like payroll, HR, and contractor management. The report examines the existing threats and risks within the current in-house HR database, including deployment failures, database security flaws, data leaks, misuse of the database, SQL injection, key management issues, virus attacks, and denial-of-service attacks. It also assesses the risks and threats associated with migrating to a SaaS application, such as compliance challenges, maintenance issues, and limited data access. The report highlights the potential risks to employee data, digital identities, and the operational solutions of cloud providers like Shore and Amazon AWS. The report provides a detailed analysis of risks and threats, alongside the risk mitigation procedures to ensure the security and privacy of data in the cloud.
Running head: CLOUD PRIVACY AND SECURITY
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Cloud Privacy and Security
Name of the Student
Name of the University
Author’s note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1CLOUD PRIVACY AND SECURITY
Executive Summary
The Department of Administrative Service (DAS) caters multiple services to the State
government of Australia, the services they can get the are payroll management, HR and the
contractor management. DAS has decided to move to the cloud to furnish the business
activities. That is why DAS is concerned about the security and privacy breaches. They
believe that the cloud vendors can serve their purpose well. The cloud platform Shore and
Amazon AWS has been explained. The threats and the risks have been detailed in the report
and along with that, the risk mitigation procedures have been elaborated well.
Executive Summary
The Department of Administrative Service (DAS) caters multiple services to the State
government of Australia, the services they can get the are payroll management, HR and the
contractor management. DAS has decided to move to the cloud to furnish the business
activities. That is why DAS is concerned about the security and privacy breaches. They
believe that the cloud vendors can serve their purpose well. The cloud platform Shore and
Amazon AWS has been explained. The threats and the risks have been detailed in the report
and along with that, the risk mitigation procedures have been elaborated well.
2CLOUD PRIVACY AND SECURITY
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database..............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........8
2.3. Assess the resulting severity of risk and threat to employee data...................................9
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application................................................................................................................................12
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in-house HR database............................................................12
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application............................................................................................................................12
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........14
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................15
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................17
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................20
7. Conclusion............................................................................................................................21
8. References............................................................................................................................21
Table of Contents
1. Introduction............................................................................................................................3
2. Consideration of the data and information that DAS holds on its employees in the current
HR system..................................................................................................................................3
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database..............................................................3
2.2. The risks and threats to the employee data after migration to a SaaS application..........8
2.3. Assess the resulting severity of risk and threat to employee data...................................9
3. Consideration of the privacy of the data for those employees who will move to a SaaS
application................................................................................................................................12
3.1. Establishment of the existing threats and risks to the privacy of that data and
information contained in the in-house HR database............................................................12
3.2. The risks and threats to the privacy of the employee data after migration to a SaaS
application............................................................................................................................12
3.3. Assess the resulting severity of risk and threat to the privacy of employee data..........14
4. The threats and risks to the digital identities of Government employees from the move to
SaaS applications.....................................................................................................................15
5. Consideration of the operational solution and location(s) of the two SaaS providers for HR
and Contractor management....................................................................................................17
6. The issues of data sensitivity or jurisdiction that should be considered other than the issues
discussed..................................................................................................................................20
7. Conclusion............................................................................................................................21
8. References............................................................................................................................21
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CLOUD PRIVACY AND SECURITY
1. Introduction
The Department of Administrative Service (DAS) is known to cater multiple services
to the Australian State Government, the services catered by them are the payroll
management, payroll procurement, HR and contractor management (Haynes & Giblin, 2014).
Now DAS is worried about the security and privacy of the organisation and also the workers
of the organisation and the customers or the users associated with it.
The report will thus highlight the existing risks and threats and the vulnerabilities
prevalent within in house of the HR database. The risks and the vulnerabilities of the
employees, employees’ data risks will be evaluated in this report as well. That is why seeing
the potential risks DAS has decided to move to the cloud, the threats and risks associated
moving to the cloud has been showcased and the possible solutions to control those risks
have been detailed in the report. Amazon AWS and another cloud vendor Sore’s impact will
be highlighted to illustrate the cloud computing elaborately.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database
The risks and the threats residing within the HR database are as follows-
i. Deployment failures: The database may fail due to some faulty issues and due to
the software developers make wrong configuration and wrong coding. The database can be
under disruption at the time of execution as well (Shostack, 2014). At the time of
development of the database software the database remains untested by the developers so
1. Introduction
The Department of Administrative Service (DAS) is known to cater multiple services
to the Australian State Government, the services catered by them are the payroll
management, payroll procurement, HR and contractor management (Haynes & Giblin, 2014).
Now DAS is worried about the security and privacy of the organisation and also the workers
of the organisation and the customers or the users associated with it.
The report will thus highlight the existing risks and threats and the vulnerabilities
prevalent within in house of the HR database. The risks and the vulnerabilities of the
employees, employees’ data risks will be evaluated in this report as well. That is why seeing
the potential risks DAS has decided to move to the cloud, the threats and risks associated
moving to the cloud has been showcased and the possible solutions to control those risks
have been detailed in the report. Amazon AWS and another cloud vendor Sore’s impact will
be highlighted to illustrate the cloud computing elaborately.
2. Consideration of the data and information that DAS holds on its employees in the
current HR system
2.1. Establishment of the existing threats and risks to the security of that data and
information contained in the in-house HR database
The risks and the threats residing within the HR database are as follows-
i. Deployment failures: The database may fail due to some faulty issues and due to
the software developers make wrong configuration and wrong coding. The database can be
under disruption at the time of execution as well (Shostack, 2014). At the time of
development of the database software the database remains untested by the developers so
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CLOUD PRIVACY AND SECURITY
some faulty issues and bugs stay inside the database, the attackers taking advantage of the
bug can exploit the database.
ii. Database security flaws: The security vulnerabilities stay within the database and
these vulnerabilities can be disastrous to the organisation (Rhodes-Ousley, 2013). The
malware attacks create havoc and the whole system and the database can be under threat. the
intruders can gain access to the system through these loopholes and can exploit the entire
database and the system at will. The organisations can suffer a lot due to this attack.
Fig 1: The threats and risks associated with the database
(Source: Chockalingam et al., 2017)
iii. Data leaks: Database is considered as the backend of the development, the
business organisations’ financial data as well as the sensitive data of the employees and the
customers and the clients in the database. Therefore, the business organisations if want to
protect their database from any kind of mishaps they must ensure that their network is strong
some faulty issues and bugs stay inside the database, the attackers taking advantage of the
bug can exploit the database.
ii. Database security flaws: The security vulnerabilities stay within the database and
these vulnerabilities can be disastrous to the organisation (Rhodes-Ousley, 2013). The
malware attacks create havoc and the whole system and the database can be under threat. the
intruders can gain access to the system through these loopholes and can exploit the entire
database and the system at will. The organisations can suffer a lot due to this attack.
Fig 1: The threats and risks associated with the database
(Source: Chockalingam et al., 2017)
iii. Data leaks: Database is considered as the backend of the development, the
business organisations’ financial data as well as the sensitive data of the employees and the
customers and the clients in the database. Therefore, the business organisations if want to
protect their database from any kind of mishaps they must ensure that their network is strong
5CLOUD PRIVACY AND SECURITY
as well as secure enough, if the network is not secured then it may happen the hackers can
take advantage of the network and can exploit the database as a whole.
iv. The misuse of the database: The data in the database gets misused by several
means, due to mishandling of the employees and the mishandling of the clients or the
customers. The employees sometimes install plugins into their system, thus the applications
installed within the system becomes bulky and at the same time buggy, these plugins may
prove vulgar they can steal all the necessary information, hidden files within the system, as
well as they, can steal cookies from the browser (Chockalingam et al., 2017). Thus the
casualties of the employees can cost the company too much. Even the casualties from the
customers can cause security and privacy breach the passwords stored in the database can be
stolen from the database of the customers.
v. Hopscotch approach: The hacktivists can steal the personal files and the data from
someone’s personal account simply without using any bank card and the bank card
information, the intruders are always in search of the vulnerabilities.
vi. SQL injection: The variables do not get tested at the time of testing and the front
end database does not get the desired security with the firewall and thus the system and the
database both are vulnerable to SQL injection (Albakri et al., 2014).
vii. Key management: The database developers and the database administrators keep
the important keys in their database on the hard drive of the computer system (Chockalingam
et al., 2017). If the computer gets connected to the insecure network the intruders will attack
the computer system and will make the entire system vulnerable.
viii. Database inconsistency: The database developers, as well as the database
administrators, must be careful about the data breaches all the time if any kind of mishaps
as well as secure enough, if the network is not secured then it may happen the hackers can
take advantage of the network and can exploit the database as a whole.
iv. The misuse of the database: The data in the database gets misused by several
means, due to mishandling of the employees and the mishandling of the clients or the
customers. The employees sometimes install plugins into their system, thus the applications
installed within the system becomes bulky and at the same time buggy, these plugins may
prove vulgar they can steal all the necessary information, hidden files within the system, as
well as they, can steal cookies from the browser (Chockalingam et al., 2017). Thus the
casualties of the employees can cost the company too much. Even the casualties from the
customers can cause security and privacy breach the passwords stored in the database can be
stolen from the database of the customers.
v. Hopscotch approach: The hacktivists can steal the personal files and the data from
someone’s personal account simply without using any bank card and the bank card
information, the intruders are always in search of the vulnerabilities.
vi. SQL injection: The variables do not get tested at the time of testing and the front
end database does not get the desired security with the firewall and thus the system and the
database both are vulnerable to SQL injection (Albakri et al., 2014).
vii. Key management: The database developers and the database administrators keep
the important keys in their database on the hard drive of the computer system (Chockalingam
et al., 2017). If the computer gets connected to the insecure network the intruders will attack
the computer system and will make the entire system vulnerable.
viii. Database inconsistency: The database developers, as well as the database
administrators, must be careful about the data breaches all the time if any kind of mishaps
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CLOUD PRIVACY AND SECURITY
occur they must be ready to face the risks and the threats and based on that they should make
best decision to root out the threats occur within.
ix. Virus and worms: The virus and worms are two dangerous threats that HR
database can face. A worm basically spreads via hackers once, then the worms replicate by
itself and this can cause disruption and risk, these worms can slow down the server and the
system and can cause havoc (Pawlick & Zhu, 2017). The virus is another malicious activity
carried out by the hackers. The virus robs the important files of the HR database, the financial
data and the clients’ data. Therefore, the virus attack is responsible for data loss, data theft
and the HR database can cause malfunction due to this, the system will stop, the production
along with that can cause disruption, the workforce will have to sit idly, the organisation by
this disruption can lose the reputation (Deng et al., 2017).
x. Trojan horse: Trojan horse is the attack that occurs when any file downloaded
from no trusted source or no trusted source (Yao et al., 2017). These files can cause
disruption and steal away all the vital information of the database and the system of the HR
organisation. The employees of the organisation can access any site which is not verified and
not trustworthy. The defence mechanisms must be ready to deliver the quality security
service that can make the entire system vulnerable. The employees of the organisation if
access the vulnerable software the virus will spread across the system and the database will
suffer (Diovu & Agee, 2017).
xi. Denial of Service attack: The Denial of Service attack is another serious attack
that the HR database can suffer from (Garcia-Alfaro & Perez, 2017). The vulnerable attack
from the hackers can make things worse, it basically shut down the computer system and the
computer database, this attack generally sabotages the owner’s computer and disallows the
owners of the server and the computer system to not use the computer system. The hackers
occur they must be ready to face the risks and the threats and based on that they should make
best decision to root out the threats occur within.
ix. Virus and worms: The virus and worms are two dangerous threats that HR
database can face. A worm basically spreads via hackers once, then the worms replicate by
itself and this can cause disruption and risk, these worms can slow down the server and the
system and can cause havoc (Pawlick & Zhu, 2017). The virus is another malicious activity
carried out by the hackers. The virus robs the important files of the HR database, the financial
data and the clients’ data. Therefore, the virus attack is responsible for data loss, data theft
and the HR database can cause malfunction due to this, the system will stop, the production
along with that can cause disruption, the workforce will have to sit idly, the organisation by
this disruption can lose the reputation (Deng et al., 2017).
x. Trojan horse: Trojan horse is the attack that occurs when any file downloaded
from no trusted source or no trusted source (Yao et al., 2017). These files can cause
disruption and steal away all the vital information of the database and the system of the HR
organisation. The employees of the organisation can access any site which is not verified and
not trustworthy. The defence mechanisms must be ready to deliver the quality security
service that can make the entire system vulnerable. The employees of the organisation if
access the vulnerable software the virus will spread across the system and the database will
suffer (Diovu & Agee, 2017).
xi. Denial of Service attack: The Denial of Service attack is another serious attack
that the HR database can suffer from (Garcia-Alfaro & Perez, 2017). The vulnerable attack
from the hackers can make things worse, it basically shut down the computer system and the
computer database, this attack generally sabotages the owner’s computer and disallows the
owners of the server and the computer system to not use the computer system. The hackers
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CLOUD PRIVACY AND SECURITY
can access the private information of the HR database, the clients’ details, their account
details, the hackers can leak the information for personal interest. Also, the attack can cause
permanent damage to the system and the files (Wu, Song & Moon, 2017). The data loss can
be a huge loss for the HR database. There are other forms of Denial of Service attack. In this
scenario, one master computer takes control of a certain group of computers and these group
of computers are responsible to spread the malicious activities across the HR database and the
HR system (Biancotti, 2017). This can shut down the server of the HR database completely.
The zombie computers if attack the HR system, bombardment can occur and this
bombardment happens due to transactions of corrupted and malicious data flow.
xii. Problems of logging out: The clients in casualty often forget to log out of the
system. The clients’ network is not highly secured, thus taking advantage of the insecure
network, the hackers can gain entry to the system causing huge disruption to the organisation
as a whole (Hawkins, 2017). The data leaks are possible in this way the HR database can be
under threats the data of the database can be stolen. The clients, as well as the employees of
the company, have to face the harassments due to the heavy attack. The reputation can be
seriously challenged due to this.
xiii. Passwords: The clients often choose the weak passwords for their system and
thus creates an opportunity for the hackers. In this, the personal data of the clients’ data can
be breached and the organisation will have to take the maximum responsibility for this (Xiao
et al., 2017). With the help of brute force method, the vulnerabilities residing within get
exposed. Thus the clients must be steady while setting a password for the system.
xiv. Phishing attack: The phishing attack is conducted by the hackers to hack the
personal accounts. The hackers develop a look-alike website of the DAS by copying the
HTML code of the genuine site and can cheat the clients (Chowdhury, 2017). The clients by
can access the private information of the HR database, the clients’ details, their account
details, the hackers can leak the information for personal interest. Also, the attack can cause
permanent damage to the system and the files (Wu, Song & Moon, 2017). The data loss can
be a huge loss for the HR database. There are other forms of Denial of Service attack. In this
scenario, one master computer takes control of a certain group of computers and these group
of computers are responsible to spread the malicious activities across the HR database and the
HR system (Biancotti, 2017). This can shut down the server of the HR database completely.
The zombie computers if attack the HR system, bombardment can occur and this
bombardment happens due to transactions of corrupted and malicious data flow.
xii. Problems of logging out: The clients in casualty often forget to log out of the
system. The clients’ network is not highly secured, thus taking advantage of the insecure
network, the hackers can gain entry to the system causing huge disruption to the organisation
as a whole (Hawkins, 2017). The data leaks are possible in this way the HR database can be
under threats the data of the database can be stolen. The clients, as well as the employees of
the company, have to face the harassments due to the heavy attack. The reputation can be
seriously challenged due to this.
xiii. Passwords: The clients often choose the weak passwords for their system and
thus creates an opportunity for the hackers. In this, the personal data of the clients’ data can
be breached and the organisation will have to take the maximum responsibility for this (Xiao
et al., 2017). With the help of brute force method, the vulnerabilities residing within get
exposed. Thus the clients must be steady while setting a password for the system.
xiv. Phishing attack: The phishing attack is conducted by the hackers to hack the
personal accounts. The hackers develop a look-alike website of the DAS by copying the
HTML code of the genuine site and can cheat the clients (Chowdhury, 2017). The clients by
8CLOUD PRIVACY AND SECURITY
entering the credentials can get deceit and by getting the details of the clients the hackers can
hack the accounts of the HR database.
2.2. The risks and threats to the employee data after migration to a SaaS application
The potential risks associated with HR database are-
i. If the enterprise wants to keep back up of the data to the cloud and want to shift to the
cloud, then the vital information handling or the sensitive information handling can be tough
as they have to obey the compliance of the cloud vendors, so they can get restriction from the
cloud vendor (Feng, Wang & Li, 2014).
ii. The enterprise if earning good should not choose the option to move to the cloud as that
can create disruptions, the cloud computing needs high maintenance, higher availability and
higher scalability (Safa et al., 2015).
iii. The enterprise will not be able to get access to the data of the cloud database as the cloud
vendors will deploy everything and the cloud vendor will take the entire charge of the data of
the database of the enterprise.
iv. Moreover, they have to opt a strong secured network server as that can provide fast
internet service as well as the security by which they can run their applications, due to this,
they have to bear the heavy expenses.
v. The enterprise will have to pay the cloud vendor on a monthly basis or yearly basis for
security and the maintenance of the data and the database (de Gusmão et al., 2016).
vi. There remain data theft risks as somehow due to the intruders' attack the security of the
database can get breached. That can lead to virus and worm attack.
entering the credentials can get deceit and by getting the details of the clients the hackers can
hack the accounts of the HR database.
2.2. The risks and threats to the employee data after migration to a SaaS application
The potential risks associated with HR database are-
i. If the enterprise wants to keep back up of the data to the cloud and want to shift to the
cloud, then the vital information handling or the sensitive information handling can be tough
as they have to obey the compliance of the cloud vendors, so they can get restriction from the
cloud vendor (Feng, Wang & Li, 2014).
ii. The enterprise if earning good should not choose the option to move to the cloud as that
can create disruptions, the cloud computing needs high maintenance, higher availability and
higher scalability (Safa et al., 2015).
iii. The enterprise will not be able to get access to the data of the cloud database as the cloud
vendors will deploy everything and the cloud vendor will take the entire charge of the data of
the database of the enterprise.
iv. Moreover, they have to opt a strong secured network server as that can provide fast
internet service as well as the security by which they can run their applications, due to this,
they have to bear the heavy expenses.
v. The enterprise will have to pay the cloud vendor on a monthly basis or yearly basis for
security and the maintenance of the data and the database (de Gusmão et al., 2016).
vi. There remain data theft risks as somehow due to the intruders' attack the security of the
database can get breached. That can lead to virus and worm attack.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CLOUD PRIVACY AND SECURITY
vii. The SaaS applications are available due to server down or network unavailability. The
entire business operations will suffer also the clients could not be able to communicate with
the clients all throughout day and night 24x7 (Maitra & Madan, 2017). That will reduce the
productivity and thus the enterprise can face severe loss due to this attack.
Fig 2: Risk examination of the organisation’s workers
(Source: Kirti et al., 2017)
viii. The organisations must have a disaster plan ready with them as that can help them to
gain access to the data in case they want to conduct the business operations offline (Shameli-
Sendi, Aghababaei-Barzegar & Cheriet, 2016). The organisation may have to conduct the
business operations when they get into trouble like the occurrence of security breaches and
the server down or the network unavailability.
ix. They have to follow the rules and the policies set up the cloud vendors so the organisation
will not have total control over their database. They will also have to pursue the policies
vii. The SaaS applications are available due to server down or network unavailability. The
entire business operations will suffer also the clients could not be able to communicate with
the clients all throughout day and night 24x7 (Maitra & Madan, 2017). That will reduce the
productivity and thus the enterprise can face severe loss due to this attack.
Fig 2: Risk examination of the organisation’s workers
(Source: Kirti et al., 2017)
viii. The organisations must have a disaster plan ready with them as that can help them to
gain access to the data in case they want to conduct the business operations offline (Shameli-
Sendi, Aghababaei-Barzegar & Cheriet, 2016). The organisation may have to conduct the
business operations when they get into trouble like the occurrence of security breaches and
the server down or the network unavailability.
ix. They have to follow the rules and the policies set up the cloud vendors so the organisation
will not have total control over their database. They will also have to pursue the policies
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10CLOUD PRIVACY AND SECURITY
correlated with security set up by the cloud vendors; some alterations in the policies may not
be approved and encouraged by the cloud vendors.
2.3. Assess the resulting severity of risk and threat to employee data
The workers’ information can get hacked and the organisation’s risks related to security are
involved are illustrated in details-
Theft: Data theft by physical means as well due to the intruders' attack. The intruders
can gain entry into the system due to the insecure network. The internal employees who have
some grudge against the enterprise in order to take revenge can steal the vital information of
the database.
Neglect: Due to the negligence of the clients and the employees the aforesaid
organisation can get into trouble. The employees store the important files on their laptop or
smartphones, now if the smartphone gets lost then there that sensitive information can be
accessed by the intruders, thus the sensitive information of the organisation can get into the
wrong hands (Kirti et al., 2017). Again, the full format of the smartphone can be the reason
for permanent data loss as well. Again if the laptop gets malfunctioned, then if the technician
can gain access to the sensitive information and thus the data can be breached and again if the
laptop gets lost or permanently gets damaged then the data will be lost, also the intruders can
delete those important files and also can hack the passwords of the account of the system.
correlated with security set up by the cloud vendors; some alterations in the policies may not
be approved and encouraged by the cloud vendors.
2.3. Assess the resulting severity of risk and threat to employee data
The workers’ information can get hacked and the organisation’s risks related to security are
involved are illustrated in details-
Theft: Data theft by physical means as well due to the intruders' attack. The intruders
can gain entry into the system due to the insecure network. The internal employees who have
some grudge against the enterprise in order to take revenge can steal the vital information of
the database.
Neglect: Due to the negligence of the clients and the employees the aforesaid
organisation can get into trouble. The employees store the important files on their laptop or
smartphones, now if the smartphone gets lost then there that sensitive information can be
accessed by the intruders, thus the sensitive information of the organisation can get into the
wrong hands (Kirti et al., 2017). Again, the full format of the smartphone can be the reason
for permanent data loss as well. Again if the laptop gets malfunctioned, then if the technician
can gain access to the sensitive information and thus the data can be breached and again if the
laptop gets lost or permanently gets damaged then the data will be lost, also the intruders can
delete those important files and also can hack the passwords of the account of the system.
11CLOUD PRIVACY AND SECURITY
Fig 3: Data threats and risks and data security design based on that
(Source: Cherdantseva et al., 2016, pp-1-27)
Loss: As discussed earlier, the loss of devices can be the risks and threat of the
organisation. The hacktivists can enter the system and the steal the personal information from
the database and the system thus the HR database can become vulnerable. The hacktivists can
get the desired username and password and can enter their account (Cherdantseva et al.,
2016). In this way, both the clients and the organisations can suffer the huge monetary loss,
as well as the reputation of the company, can be under the threat. The organisation can even
lose the competitive edge due to the pitfalls.
Fig 3: Data threats and risks and data security design based on that
(Source: Cherdantseva et al., 2016, pp-1-27)
Loss: As discussed earlier, the loss of devices can be the risks and threat of the
organisation. The hacktivists can enter the system and the steal the personal information from
the database and the system thus the HR database can become vulnerable. The hacktivists can
get the desired username and password and can enter their account (Cherdantseva et al.,
2016). In this way, both the clients and the organisations can suffer the huge monetary loss,
as well as the reputation of the company, can be under the threat. The organisation can even
lose the competitive edge due to the pitfalls.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 28
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.