Cloud Security and Privacy Policy Report for Australian Government
VerifiedAdded on 2022/10/13
|25
|7029
|142
Report
AI Summary
This report focuses on the cloud security and privacy concerns within the Department of Administrative Services (DAS), an Australian government department transitioning to a shared services model with a cloud-first approach. The report analyzes the implications of this shift, particularly regarding the handling of sensitive data from various government services like HR, payroll, and procurement. It proposes a comprehensive privacy and security strategy, addressing data management, collection, use, disclosure, and the security of digital identities. The report emphasizes the importance of compliance with the Privacy Act 1988 and recommends specific controls, including data encryption, access control protocols, and the implementation of role-based access control. Furthermore, it addresses data protection threats and recommends mitigation strategies, such as incorporating effective surveillance detectors and cloud computing infrastructure for scalable storage. The report concludes by evaluating the effectiveness of the recommended security and privacy policies in ensuring data protection and compliance within the DAS framework.
Running head: REPORT ON CLOUD PRIVACY AND SECURITY POLICY
REPORT
ON
CLOUD PRIVACY AND SECURITY POLICY
Name of the Student
Name of the University
Author Note:
REPORT
ON
CLOUD PRIVACY AND SECURITY POLICY
Name of the Student
Name of the University
Author Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1Cloud Security and Privacy Policy
Table of Contents
Introduction:...............................................................................................................................1
Proposal of Privacy and Security Strategy for Department of Administrative Service (DAS): 2
Management of Personal Information-..................................................................................3
Collection and Management of solicited personal information:............................................3
Use and Disclosure of Personal Information:........................................................................4
Use and Security of Digital Identities:...................................................................................5
Security of personal Information:..........................................................................................5
Access to personal Information:.............................................................................................5
Quality and correction of personal information:....................................................................6
Recommended Controls:............................................................................................................6
Implementation of Privacy Strategy-.....................................................................................7
Personal Data Protection of DAS:..............................................................................................9
Personal Data Protect Strategy-...........................................................................................10
Authorised Access and Discloser of Personal Information-................................................10
Use of Personal Digital Identities........................................................................................11
Data Protection Control(s):......................................................................................................12
Mitigation of data protection threats-...................................................................................13
Implementation of Data Protection Strategy-......................................................................14
Conclusion:..............................................................................................................................15
Table of Contents
Introduction:...............................................................................................................................1
Proposal of Privacy and Security Strategy for Department of Administrative Service (DAS): 2
Management of Personal Information-..................................................................................3
Collection and Management of solicited personal information:............................................3
Use and Disclosure of Personal Information:........................................................................4
Use and Security of Digital Identities:...................................................................................5
Security of personal Information:..........................................................................................5
Access to personal Information:.............................................................................................5
Quality and correction of personal information:....................................................................6
Recommended Controls:............................................................................................................6
Implementation of Privacy Strategy-.....................................................................................7
Personal Data Protection of DAS:..............................................................................................9
Personal Data Protect Strategy-...........................................................................................10
Authorised Access and Discloser of Personal Information-................................................10
Use of Personal Digital Identities........................................................................................11
Data Protection Control(s):......................................................................................................12
Mitigation of data protection threats-...................................................................................13
Implementation of Data Protection Strategy-......................................................................14
Conclusion:..............................................................................................................................15
2Cloud Security and Privacy Policy
Introduction:
The primary objective of this report is to effectively elaborate the aspect of security
and privacy risk factors present in the Department of Administrative services, with the
purpose to provide effective solution to address the identified problems. After investigating
the case scenario it has been noticed that there is a significant impact of security concern in
the operations of the Department of Administrative Services. Followed by this aspect it has
been noticed that the higher authorities of DAS has expressed their interest towards
converting the traditional working procedure into an effective shared services which must
holds the features of a centralized database as it has intended to migrate the present data of
DAS into a single server from which can perform the desired operations. Considering the
above mentioned purpose the administrator has also mentioned that they have basically
focused on the incorporation of the cloud computing infrastructure into the organizational
infrastructure. Hence, this paper will be highly focused on the implementing cloud security
and privacy concern in the nominated organizational aspect. Followed by the purpose to
enhance the security services on the operations of the nominated organizational services it
has been noticed that currently the organization is based on the traditional working process
which offers several impactful services to the Australian state government with the purpose
to enhance their services (Alenezi et al., 2017). Those services includes the human resource
management process, personnel management process, payroll process, the management of
contractors, tendering process as well as the procurement process. Since, from the above
discussion it can be stated that all of the mentioned services holds several individual data set
which needs to be managed by the nominated organization. Hence, considering this
complexity in the working process it has mentioned that it needs to integrate database of each
service performed in the organization with the purpose to enhance the services of the
organization by making it more cost effective, accurate as well as less time consuming
Introduction:
The primary objective of this report is to effectively elaborate the aspect of security
and privacy risk factors present in the Department of Administrative services, with the
purpose to provide effective solution to address the identified problems. After investigating
the case scenario it has been noticed that there is a significant impact of security concern in
the operations of the Department of Administrative Services. Followed by this aspect it has
been noticed that the higher authorities of DAS has expressed their interest towards
converting the traditional working procedure into an effective shared services which must
holds the features of a centralized database as it has intended to migrate the present data of
DAS into a single server from which can perform the desired operations. Considering the
above mentioned purpose the administrator has also mentioned that they have basically
focused on the incorporation of the cloud computing infrastructure into the organizational
infrastructure. Hence, this paper will be highly focused on the implementing cloud security
and privacy concern in the nominated organizational aspect. Followed by the purpose to
enhance the security services on the operations of the nominated organizational services it
has been noticed that currently the organization is based on the traditional working process
which offers several impactful services to the Australian state government with the purpose
to enhance their services (Alenezi et al., 2017). Those services includes the human resource
management process, personnel management process, payroll process, the management of
contractors, tendering process as well as the procurement process. Since, from the above
discussion it can be stated that all of the mentioned services holds several individual data set
which needs to be managed by the nominated organization. Hence, considering this
complexity in the working process it has mentioned that it needs to integrate database of each
service performed in the organization with the purpose to enhance the services of the
organization by making it more cost effective, accurate as well as less time consuming
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3Cloud Security and Privacy Policy
(Aljawarneh & Yassein 2016). However, while developing a centralized database there is
huge necessity of implementing the effective privacy and security strategies with the purpose
to protect the data as it has been noticed that the approached system will be based on internet
operation. Along with managing the database of the several services it has been also noticed
that the approached system will also consist the feature to gather as well as analyze the
employ data with the purpose to provide more customize experience to the employ related to
their identification, verification as well. Hence, considering the above mentioned aspect this
paper will focus on elaborating the cloud security and privacy concerns. In order to support
the discussion this paper will focus on the recommendation of privacy regulation which will
help to address the security issues of managing personal information, accessing those
information, correction of those information. Along with this, it will also provide the
suggestion of effective security controls which will help to reduce the risk which has been
identified in the case scenario of DAS (Almorsy, Grundy & Müller 2016). Followed by this it
will also consist a detail elaboration of eth discussion related to the personal data protection
policies and procedures, considering which it will then recommend the most effective
strategy to address the identified issues on personal data protection. Lastly, it will conclude
by stating the effectiveness of the recommended security and privacy policies of the
organization in order to analyze the appropriateness of the above discussion.
Proposal of Privacy and Security Strategy for Department of
Administrative Service (DAS):
After investigating the case scenario of the nominated organization DAS it has been
noticed that since, the authorities of the organization has expressed their interest towards
converting their operational services into an integrated data handling, they have mentioned
that they want to adopt the feature of cloud infrastructure into DAS’s operational
infrastructure. Followed by this aspect, after a thorough investigation of the application of
(Aljawarneh & Yassein 2016). However, while developing a centralized database there is
huge necessity of implementing the effective privacy and security strategies with the purpose
to protect the data as it has been noticed that the approached system will be based on internet
operation. Along with managing the database of the several services it has been also noticed
that the approached system will also consist the feature to gather as well as analyze the
employ data with the purpose to provide more customize experience to the employ related to
their identification, verification as well. Hence, considering the above mentioned aspect this
paper will focus on elaborating the cloud security and privacy concerns. In order to support
the discussion this paper will focus on the recommendation of privacy regulation which will
help to address the security issues of managing personal information, accessing those
information, correction of those information. Along with this, it will also provide the
suggestion of effective security controls which will help to reduce the risk which has been
identified in the case scenario of DAS (Almorsy, Grundy & Müller 2016). Followed by this it
will also consist a detail elaboration of eth discussion related to the personal data protection
policies and procedures, considering which it will then recommend the most effective
strategy to address the identified issues on personal data protection. Lastly, it will conclude
by stating the effectiveness of the recommended security and privacy policies of the
organization in order to analyze the appropriateness of the above discussion.
Proposal of Privacy and Security Strategy for Department of
Administrative Service (DAS):
After investigating the case scenario of the nominated organization DAS it has been
noticed that since, the authorities of the organization has expressed their interest towards
converting their operational services into an integrated data handling, they have mentioned
that they want to adopt the feature of cloud infrastructure into DAS’s operational
infrastructure. Followed by this aspect, after a thorough investigation of the application of
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4Cloud Security and Privacy Policy
cloud computing in the nominated organizational infrastructure, several security and privacy
issues has been raised which holds significant negative impact on the services of the
organization. Considering those identified security and privacy issues a detail elaboration
related to the regulation with the purpose to develop an effective privacy strategy in
mentioned below:-
Management of Personal Information-
In order to provide security and privacy to the personal information of the
organization Department of Administrative Service it has been noticed that there is a huge
necessity of incorporating effective information security control with the purpose to regulate
the security and privacy control for managing personal information into the organizational
infrastructure. Considering the above discussion it has been noticed that the nominated
organization offers the services to the Government of Australia which indicates that it is one
of the most sensitive field where, there is a huge necessity to maintain data privacy (Basu et
al., 2018). Followed by the above mentioned objectives, according to the Privacy Act 1988
the organization needs to manage their personal data in such way that each of the information
are well categorized as well as the collected information should be gather in a structured
manner. Followed by this aspect it has been also noticed that it is also essential to incorporate
effective information management system which will help to effectively manage and process
the information due to which it will offer the capability of maintaining, retrieving as well as
organizing the organization’s data (Bhushan & Gupta 2017).
Collection and Management of solicited personal information:
Followed by the above mentioned aspects it has been noticed that in the operational
field of any organization which works with the real time customer data, it is essential to
implement effective data collection and management policy which will help to enhance the
services of the organization and will help to reduce the risk factors as well. Those strategic
cloud computing in the nominated organizational infrastructure, several security and privacy
issues has been raised which holds significant negative impact on the services of the
organization. Considering those identified security and privacy issues a detail elaboration
related to the regulation with the purpose to develop an effective privacy strategy in
mentioned below:-
Management of Personal Information-
In order to provide security and privacy to the personal information of the
organization Department of Administrative Service it has been noticed that there is a huge
necessity of incorporating effective information security control with the purpose to regulate
the security and privacy control for managing personal information into the organizational
infrastructure. Considering the above discussion it has been noticed that the nominated
organization offers the services to the Government of Australia which indicates that it is one
of the most sensitive field where, there is a huge necessity to maintain data privacy (Basu et
al., 2018). Followed by the above mentioned objectives, according to the Privacy Act 1988
the organization needs to manage their personal data in such way that each of the information
are well categorized as well as the collected information should be gather in a structured
manner. Followed by this aspect it has been also noticed that it is also essential to incorporate
effective information management system which will help to effectively manage and process
the information due to which it will offer the capability of maintaining, retrieving as well as
organizing the organization’s data (Bhushan & Gupta 2017).
Collection and Management of solicited personal information:
Followed by the above mentioned aspects it has been noticed that in the operational
field of any organization which works with the real time customer data, it is essential to
implement effective data collection and management policy which will help to enhance the
services of the organization and will help to reduce the risk factors as well. Those strategic
5Cloud Security and Privacy Policy
policies includes the awareness while collecting data from the customers. While describing
this aspect it has been noticed that there is a huge necessity of collecting the data from the
users with the user consent as it is not ethically right to gather personal information without
the consent of the owner. Followed by this it needs to provide the detail about the information
management process in which it will perform the data analysis as well. Since, analysis of
personal data may significantly harm the privacy of the user thus, it is essential to inform the
user about the information management process.
Use and Disclosure of Personal Information:
Followed by the above discussion it has been noticed that the gather information will
be shared to the government of Australia for further processing which will then utilize those
information for enhancing their services which will impact on enhancing the quality of the
services. Considering these usage of the gathered information it has been noticed that the
personal information of the individual should not disclosed until and unless few specific
situation occurs which includes if any organization is sharing any personal information of any
individual it is highly essential for the organization to inform the individual about the
information sharing, along with this the mentioned concern should be protected in a
documentation in case of any further query (Elzamly et al., 2017). Followed by this the
disclosure of information needs to be as per the government law. Along with the above
specifications the disclosure must be agreed by the government regulation and in case of any
violation occurs there should be penalty as well.
Use and Security of Digital Identities:
Digital identity is nothing but an identity which is adopted by a cyberspace in order to
identify an individual, device or any organization. Followed by this aspect it has been noticed
the digital identities are used to identify authenticate devices, individuals as well as the
policies includes the awareness while collecting data from the customers. While describing
this aspect it has been noticed that there is a huge necessity of collecting the data from the
users with the user consent as it is not ethically right to gather personal information without
the consent of the owner. Followed by this it needs to provide the detail about the information
management process in which it will perform the data analysis as well. Since, analysis of
personal data may significantly harm the privacy of the user thus, it is essential to inform the
user about the information management process.
Use and Disclosure of Personal Information:
Followed by the above discussion it has been noticed that the gather information will
be shared to the government of Australia for further processing which will then utilize those
information for enhancing their services which will impact on enhancing the quality of the
services. Considering these usage of the gathered information it has been noticed that the
personal information of the individual should not disclosed until and unless few specific
situation occurs which includes if any organization is sharing any personal information of any
individual it is highly essential for the organization to inform the individual about the
information sharing, along with this the mentioned concern should be protected in a
documentation in case of any further query (Elzamly et al., 2017). Followed by this the
disclosure of information needs to be as per the government law. Along with the above
specifications the disclosure must be agreed by the government regulation and in case of any
violation occurs there should be penalty as well.
Use and Security of Digital Identities:
Digital identity is nothing but an identity which is adopted by a cyberspace in order to
identify an individual, device or any organization. Followed by this aspect it has been noticed
the digital identities are used to identify authenticate devices, individuals as well as the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6Cloud Security and Privacy Policy
organizations. However, along with this scenario there should be effective strategic policy to
utilize and provide security to the digital identities. In order to establish effective security
policies it is essential to have an authorized organization which will gather the digital
identities, along with that there should be effective improvement of the encryption
technology which will provide protection to the identities. Along with this effective
supervision is also necessary to protect the digital identities within the organization.
Security of personal Information:
Followed by the purpose to enable effective policy for ensuring security of the
personal data with is the organization it is essential to considering the aspects of data
confidentiality, integrity as well as the accessibility of the information that are present in the
organization. Hence, in order to protect the personal data effective safeguards needs to be
incorporated which will enable physical data protection measures, technical data protection
measures as well as the administrative measures (Gou, Yamaguchi & Gupta 2017). These
measures will protect the personal information from unauthorized access.
Access to personal Information:
Followed by the above mentioned strategies it is also essential for the organization to
enable effective access control protocols within the organizations infrastructure in order to
maintain efficient data accessibility for the users. Hence, with the purpose to enable the above
mentioned measures it should incorporate the Role based Access control policy within the
organization (Hussain et al., 2017).
Quality and correction of personal information:
Followed by the above mentioned aspect it is also essential to address issues
regarding the quality and the correction of the personal data with effective strategies in which
it will allow the authority to investigate the information and analyze the accuracy as well as
organizations. However, along with this scenario there should be effective strategic policy to
utilize and provide security to the digital identities. In order to establish effective security
policies it is essential to have an authorized organization which will gather the digital
identities, along with that there should be effective improvement of the encryption
technology which will provide protection to the identities. Along with this effective
supervision is also necessary to protect the digital identities within the organization.
Security of personal Information:
Followed by the purpose to enable effective policy for ensuring security of the
personal data with is the organization it is essential to considering the aspects of data
confidentiality, integrity as well as the accessibility of the information that are present in the
organization. Hence, in order to protect the personal data effective safeguards needs to be
incorporated which will enable physical data protection measures, technical data protection
measures as well as the administrative measures (Gou, Yamaguchi & Gupta 2017). These
measures will protect the personal information from unauthorized access.
Access to personal Information:
Followed by the above mentioned strategies it is also essential for the organization to
enable effective access control protocols within the organizations infrastructure in order to
maintain efficient data accessibility for the users. Hence, with the purpose to enable the above
mentioned measures it should incorporate the Role based Access control policy within the
organization (Hussain et al., 2017).
Quality and correction of personal information:
Followed by the above mentioned aspect it is also essential to address issues
regarding the quality and the correction of the personal data with effective strategies in which
it will allow the authority to investigate the information and analyze the accuracy as well as
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7Cloud Security and Privacy Policy
the relevance of the gathered data in order to make sure that the collected data is correct and
relevant (Hussein & Khalid 2016).
Recommended Controls:
In this discussion it will briefly elaborate how the application of effective information
control measures will enhance the security and privacy of nominated organization. Followed
by this discussion it will now provide a detail elaboration on the mitigation approaches which
will be helpful to address the identified limitations in the working services of the Automatic
Face Recognition Authentication (AFRA) System. Those mitigation approaches are listed
below:
Since, in the first place it has been noticed that less effective communication process as
well as the complexity of the approached system is causing significant problem which is
causing huge impact on the services of the AFRA system. Hence, after analysing the
aspects of the mentioned limitations it is recommended to incorporate effective
surveillance detectors which will provide effective coverage to detect the issues related to
the complexity present in the current surveillance issues. Followed by this it also requires
to incorporate effective communication system within the AFRA system to communicate
with the users as well.
Along with the above identified problem it has been also noticed that there is a significant
problem present related to the storage issues in which it is mentioned that in AFRA
storage issue is one of the most impactful as there is a huge necessity of large scale data
storage for the mentioned system. Thus, it is recommended to incorporate the cloud
computing infrastructure as cloud storage offers large scalability as well as it offers
effective data management features. Hence, it can be stated that it will be very effective to
mitigate the mentioned limitation.
the relevance of the gathered data in order to make sure that the collected data is correct and
relevant (Hussein & Khalid 2016).
Recommended Controls:
In this discussion it will briefly elaborate how the application of effective information
control measures will enhance the security and privacy of nominated organization. Followed
by this discussion it will now provide a detail elaboration on the mitigation approaches which
will be helpful to address the identified limitations in the working services of the Automatic
Face Recognition Authentication (AFRA) System. Those mitigation approaches are listed
below:
Since, in the first place it has been noticed that less effective communication process as
well as the complexity of the approached system is causing significant problem which is
causing huge impact on the services of the AFRA system. Hence, after analysing the
aspects of the mentioned limitations it is recommended to incorporate effective
surveillance detectors which will provide effective coverage to detect the issues related to
the complexity present in the current surveillance issues. Followed by this it also requires
to incorporate effective communication system within the AFRA system to communicate
with the users as well.
Along with the above identified problem it has been also noticed that there is a significant
problem present related to the storage issues in which it is mentioned that in AFRA
storage issue is one of the most impactful as there is a huge necessity of large scale data
storage for the mentioned system. Thus, it is recommended to incorporate the cloud
computing infrastructure as cloud storage offers large scalability as well as it offers
effective data management features. Hence, it can be stated that it will be very effective to
mitigate the mentioned limitation.
8Cloud Security and Privacy Policy
Since, it has been also observed high implementation cost is also a significant problem
present it is recommended to utilize integrated surveillance systems as well as the cloud
computing infrastructure which will significantly reduce the cost of the implementation of
AFRA as cloud computing is on paid services thus, the organization will only pay the
prize what they are using. Along with that it will also impact the expenses of AFRA.
Followed by the above mentioned aspects it has been also noticed that there is a huge
limitation related to the data privacy within the AFRA system. Since, it has been noticed
that AFRA database consist of several personal data thus, it is recommended to implement
effective encryption process due to which it will be able to restrict the data breach. Along
with that incorporation of VPN will also help to reduce the identified risk factors.
Hence, followed by the above mentioned aspect it has been also noticed that in the
operations of AFRA there is a significant risk present related to the personal data analysis.
Hence, it is recommended to enable the strategy in which it will inform the users about the
data processing and only after the approval of the user the personal data will be collected.
Implementation of Privacy Strategy-
Followed by the above identified limitations in the nominated technology AFRA, it is
now essential to implement effective privacy strategies within the organizations operations in
order to protect the privacy data to the organization as well as to maintain the privacy of the
users. Hence, considering this aspect it is suggested to AFRA to incorporate below mentioned
strategies:-
Since, it has been noticed that in the AFRA system there is significant impact of less
effective communication system which is effecting the privacy of the nominated IT
system due to which a concern has been raised. In order to mitigate the identified
problem it is highly essential to incorporate effective communicate medium in order to
Since, it has been also observed high implementation cost is also a significant problem
present it is recommended to utilize integrated surveillance systems as well as the cloud
computing infrastructure which will significantly reduce the cost of the implementation of
AFRA as cloud computing is on paid services thus, the organization will only pay the
prize what they are using. Along with that it will also impact the expenses of AFRA.
Followed by the above mentioned aspects it has been also noticed that there is a huge
limitation related to the data privacy within the AFRA system. Since, it has been noticed
that AFRA database consist of several personal data thus, it is recommended to implement
effective encryption process due to which it will be able to restrict the data breach. Along
with that incorporation of VPN will also help to reduce the identified risk factors.
Hence, followed by the above mentioned aspect it has been also noticed that in the
operations of AFRA there is a significant risk present related to the personal data analysis.
Hence, it is recommended to enable the strategy in which it will inform the users about the
data processing and only after the approval of the user the personal data will be collected.
Implementation of Privacy Strategy-
Followed by the above identified limitations in the nominated technology AFRA, it is
now essential to implement effective privacy strategies within the organizations operations in
order to protect the privacy data to the organization as well as to maintain the privacy of the
users. Hence, considering this aspect it is suggested to AFRA to incorporate below mentioned
strategies:-
Since, it has been noticed that in the AFRA system there is significant impact of less
effective communication system which is effecting the privacy of the nominated IT
system due to which a concern has been raised. In order to mitigate the identified
problem it is highly essential to incorporate effective communicate medium in order to
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9Cloud Security and Privacy Policy
enhance the interaction between the systems with the administrator. Follow by this
aspect it is recommended to adopt effective communication system for AFRA.
Followed by this aspect it has been also noticed that storage is one of the most impactful
issues present in the system AFRA thus, it is essential to implement effective information
storage system due to which it is recommended to implement the feature of cloud
computing in order to enable the features of cloud into the AFRA system which will help
to enhance the operation of data storage. As AFRA needs to work by analysing the facial
expression which are inbuilt in the system database. Followed by this aspect it can be
stated that since this system may be used for high number of users there is a huge
necessity to incorporate effective as well as expandable storage. Considering this aspect
the application of Cloud storage will be appropriate as cloud offers the ability to expand
data storage as per their need of the organization. Along with that incorporation of cloud
will be cost effective as well.
Considering the above mentioned implantation the approached strategy will included
effective compliance and supervision support as it will surely help to reduce the risk
related to the data misuse.
Followed by this AFRA should appoint an Information Protection Officer (IPO) who will
look after the all of the data by forming necessary team which will provide effective
protection to the information of AFRA system.
Followed by the above mentioned strategies the organization should also conduct an
awareness meeting in which it will discuss about the how the employ should work and
how they should utilize the organizational resources in order to mitigate the possibilities
of data vulnerability (Ijaz et al., 2016).
Along with this it has been also noticed that there is a huge necessity to revise the data
analysis policy in which it needs to implement several clause related to providing the
enhance the interaction between the systems with the administrator. Follow by this
aspect it is recommended to adopt effective communication system for AFRA.
Followed by this aspect it has been also noticed that storage is one of the most impactful
issues present in the system AFRA thus, it is essential to implement effective information
storage system due to which it is recommended to implement the feature of cloud
computing in order to enable the features of cloud into the AFRA system which will help
to enhance the operation of data storage. As AFRA needs to work by analysing the facial
expression which are inbuilt in the system database. Followed by this aspect it can be
stated that since this system may be used for high number of users there is a huge
necessity to incorporate effective as well as expandable storage. Considering this aspect
the application of Cloud storage will be appropriate as cloud offers the ability to expand
data storage as per their need of the organization. Along with that incorporation of cloud
will be cost effective as well.
Considering the above mentioned implantation the approached strategy will included
effective compliance and supervision support as it will surely help to reduce the risk
related to the data misuse.
Followed by this AFRA should appoint an Information Protection Officer (IPO) who will
look after the all of the data by forming necessary team which will provide effective
protection to the information of AFRA system.
Followed by the above mentioned strategies the organization should also conduct an
awareness meeting in which it will discuss about the how the employ should work and
how they should utilize the organizational resources in order to mitigate the possibilities
of data vulnerability (Ijaz et al., 2016).
Along with this it has been also noticed that there is a huge necessity to revise the data
analysis policy in which it needs to implement several clause related to providing the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10Cloud Security and Privacy Policy
awareness of about the aspect of the data which are being gathered as well as which are
being analysed. The primary objective behind this strategy is to make sure that
information are being gathered and analysed after concerning with the owner of the
information.
Along with the above strategy it should also include a strategy on data protection in
which it will control the data access. As controlling the data access can significantly
reduce that chance of data leakage.
Effective firewall protection needs to be implemented with the purpose to detect and
prevent suspicious activities of the data server of AFRA as it will help to protect the
information from external threats.
Along with this AFRA needs to adopt more effective encryption process in order to
protect the data from external threats.
Personal Data Protection of DAS:
Followed by the above discussion it has been noticed that in the Department of
Administrative services, there is a huge necessity to incorporate effective data protection
services into their infrastructure. Since, DAS has expressed interest towards converting their
organizational infrastructure into an advance one hence in this scope it has been noticed that
in order to develop that approached infrastructure it is very essential to implement advance IT
system. However, while investigating the features and application of the identified IT system
it has been noticed that those IT system has significant vulnerabilities which holds a huge
impact on the privacy of the organizational data. Considering this aspect a thorough
investigation has been conducted, based on that result a data protection strategy is mentioned
below:-
awareness of about the aspect of the data which are being gathered as well as which are
being analysed. The primary objective behind this strategy is to make sure that
information are being gathered and analysed after concerning with the owner of the
information.
Along with the above strategy it should also include a strategy on data protection in
which it will control the data access. As controlling the data access can significantly
reduce that chance of data leakage.
Effective firewall protection needs to be implemented with the purpose to detect and
prevent suspicious activities of the data server of AFRA as it will help to protect the
information from external threats.
Along with this AFRA needs to adopt more effective encryption process in order to
protect the data from external threats.
Personal Data Protection of DAS:
Followed by the above discussion it has been noticed that in the Department of
Administrative services, there is a huge necessity to incorporate effective data protection
services into their infrastructure. Since, DAS has expressed interest towards converting their
organizational infrastructure into an advance one hence in this scope it has been noticed that
in order to develop that approached infrastructure it is very essential to implement advance IT
system. However, while investigating the features and application of the identified IT system
it has been noticed that those IT system has significant vulnerabilities which holds a huge
impact on the privacy of the organizational data. Considering this aspect a thorough
investigation has been conducted, based on that result a data protection strategy is mentioned
below:-
11Cloud Security and Privacy Policy
Personal Data Protect Strategy-
After analysing the case scenario it has been noticed that there is a significant
importance of implanting an effective data protection strategy in order to protect the
information of DAS. As after investigating the organizational operations it has been
determined that DAS will work with the personal data of individual, which will consist
several essential as well as sensitive data of the people. Considering the industrial growth it
has been noticed that since, DAS will be expand its services by implementing IT system
hence the vulnerabilities of personal data security is very high. While investigating this it has
been also noticed that there is huge risk present in the data protection if there is no such
policy to differentiate important data from the large set of data. Along with that outsourcing
of information will be enhance the security vulnerability. Followed by this aspect it has been
noticed that in order to protect the organizational data it is first essential to implement an
effective security standard to protect the personal data (Jouini & Rabai 2019). However,
studies has proven that personal information protection strategies are no limited to by
implementing IT technologies, rather this will work by modifying the organizational services,
stakeholders interference as well as the utilization of human resources. Considering the above
discussed aspect it is recommended to implement effective compliance and standards which
must hold the capabilities to incorporate government legislation. In the personal data
protection strategy it must include an awareness programme in which it will discuss about the
data protection procedure. Followed by this in DAS should revise their data protection policy
in which it must include detail regulation about the data which will be gathered in by DAS as
well as it will include the policy to structure sensitive data from the large set of collected data
(Khan 2016).
Personal Data Protect Strategy-
After analysing the case scenario it has been noticed that there is a significant
importance of implanting an effective data protection strategy in order to protect the
information of DAS. As after investigating the organizational operations it has been
determined that DAS will work with the personal data of individual, which will consist
several essential as well as sensitive data of the people. Considering the industrial growth it
has been noticed that since, DAS will be expand its services by implementing IT system
hence the vulnerabilities of personal data security is very high. While investigating this it has
been also noticed that there is huge risk present in the data protection if there is no such
policy to differentiate important data from the large set of data. Along with that outsourcing
of information will be enhance the security vulnerability. Followed by this aspect it has been
noticed that in order to protect the organizational data it is first essential to implement an
effective security standard to protect the personal data (Jouini & Rabai 2019). However,
studies has proven that personal information protection strategies are no limited to by
implementing IT technologies, rather this will work by modifying the organizational services,
stakeholders interference as well as the utilization of human resources. Considering the above
discussed aspect it is recommended to implement effective compliance and standards which
must hold the capabilities to incorporate government legislation. In the personal data
protection strategy it must include an awareness programme in which it will discuss about the
data protection procedure. Followed by this in DAS should revise their data protection policy
in which it must include detail regulation about the data which will be gathered in by DAS as
well as it will include the policy to structure sensitive data from the large set of collected data
(Khan 2016).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 25
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.