Personal Identifiable Information Strategy for DAS Portal

Verified

Added on 2020/05/08

AI Summary

This report, focusing on a Personal Identifiable Information (PII) strategy, examines the data security risks associated with the DAS My License Portal. It identifies potential threats such as data loss, malware attacks, and data breaches, emphasizing the sensitivity of the data stored. The report proposes various risk control procedures, including data encryption, secure access controls, and employee training to mitigate these threats. It stresses the importance of identifying all PII within the system and adhering to relevant laws and contractual requirements such as COPPA, HIPAA, and GLB. Furthermore, it highlights the need for regular risk assessments, the implementation of security controls, and the prioritization of data to safeguard sensitive information. The report also discusses risk management strategies like mitigation, avoidance, and acceptance, and emphasizes the role of participation from experts and stakeholders in ensuring security and privacy. Finally, it underscores the significance of establishing policies, providing employee training, and utilizing de-identification and encryption techniques to enhance data protection.

Running head: PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Personal Identifiable Information Strategy
Name of Student
Name of University

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Appendix B
2. PII strategy proposal for DAS MY License portal
PII is the data which is utilised to uniquely identify and locate a person. It basically involves the information and the data by which the
individual can be identified, the information also involves the credit card information, the date of birth and much more. The use of the IT
technology can help to manage the data that are stored in the DAS My License Portal. The threats and the risks related to the collection of data
via My license Portal are discussed in the following-
i. The data and the information of the My License Portal are sensitive and confidential and the major risks involved with the portal are the loss of
data, malware attack and the data breach.
ii. Un-patched system and the unpatched software is another major risk which is related to the data privacy of the online portal.
iii. The flaws in the network architecture can enhance the possibilities of the loss of data and the data breach.
iv. The data stored in the database can be vulnerable and can be prone to major risks and threats.
v. The malware attack and the virus attack can prove disastrous to the enterprise as it can slow down the server, it can shut down the server and
can cause major disputes to the company.

2
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
vi. The risks associated with the identity theft and atomicity risk is the high case. This mainly occurs due to the robbing of the vital and sensitive
data of the employees and the clients associated with the company. This is a major risk of the company related with PII.
The risk control procedures can prove fruitful to the enterprise. The process of encryption of the sensitive data can assist in authorized
access, only the authorised persons can gain access to the system and the database. The secured access control can help in the limited use of the
data of the database and only the persons who are a charge of data can access or view the data, in this way the security can be assured. The
employees of the organisations must have the proper training, they should have sound knowledge of the BYOD as these aspects can check or
diminish the correlated risks associated with the organisation.
Identification of all the Personal Identification Information which is prevalent in the system- The organisations must be aware of all the
data flow, the employees and the management team must know all the beneficial aspects of the data and the data flow, in this way they get an
overview on how to safeguard the sensitive information. They can get to know which procedures should be initiated in the organization. The
organization must make a habit of all the review and auditing of all the data flow within the organization, with the help of Personal Identifiable
Information the management team and the employees can be able to manage, maintain the data flow and can manage the clients and the business
partners.
Laws and the contractual requirements that should be recognised to cater the security and privacy to the data of Personal Identifiable
Information-The policies and the regulations from the contractual sectors must be given the protection to protect and secure the data of the

3
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Personal Identifiable Information. The laws, policies and the regulations that are adopted by the organization are COPPA (Children’s Online
Privacy Protection Act), HIPAA (Health Insurance Portability and Accountability Act) and GLB (Gramm Leach Bliley). The laws, policies and
the regulations must be implied to the local level as on the Local level to get the safeguard the Personal Identifiable Information.
All the risks, threats, vulnerabilities associated with the system must be assessed and the security controls must be implied to mitigate the
risk. To mitigate the risk, threats and the vulnerabilities of the organization compliance regulations and the privacy must be considered as that
secure and protect the Personal Identifiable Information. The basis of compliance is served by the different compliance efforts and he reporting
efforts. The corporate for good governance is very crucial and vital for the aforesaid organization. For protecting and securing the data of the
database of the organization the risk, threats and the vulnerabilities must be analysed and best solutions for controlling the database must be
catered. All the regulated Personal Identifiable Information must be identified and the sensitive data must be identified and the risks associated
with reputational and the reputational must be well examined to get the best outcome. The commitments which are needed to comply the policies
and the regulations and the laws must be identified and necessary actions must be taken to apply the same. Compliance threats that are related to
internal commitments and the external commitments must be detected. Also, the likelihood of the threats associated with the threats must also be
examined. There are various risk management strategies that can embellish the business operations of the organizations and they are mitigation,
avoidance, acceptance and the sharing. To assure the security and privacy, participation is the main goal or the main objective if the risk
assessment procedures, the participation involve the experts who are skilled in the subjects and the stakeholders. The outside examiners must
participate in the assuring the security and privacy as well.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Accumulation of Personal Identifiable Information those are necessary to carry out the business functions- The data or the identification
that is necessary for the organization that can cater the security and the privacy must be protected and secured and those must be obtained and
accumulated by proper means and must save them for the future use. Here the big data plays a significant role to store all the vital information of
the data of the database and the organisation by storing all the data that are required for the organisation. Therefore, to keep a record of all the
information be it the financial data and the customers’ sensitive data can be stored efficiently by the big data and the big data can also help to
assess the data with simplicity and with ease. In this way, the credentials of the Personal Identifiable Information can be protected and secured.
The data and the information used by the Personal Identifiable Information must be prioritized and based on that the organisation must
choose the data which is more important and should store accordingly to the database, the username of the customer is less confidential
compared to the passwords and also compared to the credentials of the clients of the bank. If the intruders or the hackers hack the information of
the system they can get the basic information of the clients and thus they do not gain access to the passwords and the private bank details. Thus
the privacy can safeguard from the clients. Thus the intruder's attack will cause less harm to the organization. Every organization follows a
different strategy and in this case, DAS must choose the best solution to protect the Personal Identifiable Information of the organization.
The safeguard must be initiated to cater the best security solution to the Personal Identifiable Information of the organization- The risks
assessment should utilize the safeguards so that Personal Identifiable Information can be secured and protected utilized in the organization. The
security, as well as the privacy, must be ensured within the organisation that is an absolute necessity. The risk controlling techniques showcase

5
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
that the safeguards need to be adopted to ensure the security and the privacy. The safeguards methods that are needed to follow within the
organisation are-
Creation of procedures and the policies- the policies, regulations, the process must be maintained by the organization so that they can use
the Personal Identifiable Information efficiently. The employees of the organization, as well as the clients of the organization, must follow the
procedures and the policies to efficiently utilize the security and the privacy features within the organization. The training must be provided to
the employees of the organization so that they can use the security and the privacy features effectively on their premises, they can control and
protect the data to assist the clients and can mitigate the risks occurring in the organization. The training can help to assess the risks in the first
place. The de-identification can safeguard, protect and secure the data and can assist in the security procedure. The encryption is the procedure to
safeguard the database and the system.
Bibliography:
Amin, R., & Biswas, G. P. (2015). A secure three-factor user authentication and key agreement protocol for tmis with user anonymity. Journal
of medical systems, 39(8), 78.
Biham, E., & Shamir, A. (2012). Differential cryptanalysis of the data encryption standard. Springer Science & Business Media.
Chen, H. C., & Lee, P. P. (2012, October). Enabling data integrity protection in regenerating-coding-based cloud storage. In Reliable Distributed
Systems (SRDS), 2012 IEEE 31st Symposium on (pp. 51-60). IEEE.