Risk Assessment Report: Employee Data Security and Privacy at DAS
VerifiedAdded on 2020/07/23
|19
|6874
|241
Report
AI Summary
This report presents a comprehensive risk assessment of employee data security within the context of the Department of Administrative Services (DAS). The assessment explores various threats and risks associated with the current HR system, including data leakage through remote access software, email, file sharing, and insecure wireless networks. It further investigates the risks introduced by the migration to SaaS applications, such as data security vulnerabilities, cloud provider bankruptcy, malware, and privacy concerns. The report evaluates the severity of these risks and threats, considering potential impacts on employees, including data alteration, deletion, and online scams. It also addresses specific threats like external and internal hackers, data movement issues, excessive privileges, and database injection attacks. The analysis considers human factors, malware, and weak audit trails as contributing factors to data breaches. The report concludes by emphasizing the need for robust security measures to protect sensitive employee information during the migration to SaaS applications and beyond.
Risk Assessment
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................1
Assessment 2....................................................................................................................................1
1. Consider the data and information that DAS holds on the employees in the current HR
system.....................................................................................................................................1
1). Establish the present threats and risks to the security of the data and information.........1
2). Other risks to the data after migration to SaaS application.............................................3
3). Assess the resulting severity of risk and threats to data and information of employees...4
2. Consider the privacy of data for those employees who will move to SaaS application.....4
1). Establish the existing risks and threats to the privacy......................................................4
2). Other risks and threats to the privacy of data and information during migration...........5
3). Resulting severity of risks and threats to the privacy of employees..................................6
3.Threats and risks to the digital identities of government employees from SaaS applications
................................................................................................................................................7
4. Considering operational solutions and locations of SaaS for HR and contractor
management............................................................................................................................9
5. Issues to data sensitivity or jurisdiction............................................................................12
CONCLUSIONS............................................................................................................................13
REFERENCES..............................................................................................................................15
INTRODUCTION...........................................................................................................................1
Assessment 2....................................................................................................................................1
1. Consider the data and information that DAS holds on the employees in the current HR
system.....................................................................................................................................1
1). Establish the present threats and risks to the security of the data and information.........1
2). Other risks to the data after migration to SaaS application.............................................3
3). Assess the resulting severity of risk and threats to data and information of employees...4
2. Consider the privacy of data for those employees who will move to SaaS application.....4
1). Establish the existing risks and threats to the privacy......................................................4
2). Other risks and threats to the privacy of data and information during migration...........5
3). Resulting severity of risks and threats to the privacy of employees..................................6
3.Threats and risks to the digital identities of government employees from SaaS applications
................................................................................................................................................7
4. Considering operational solutions and locations of SaaS for HR and contractor
management............................................................................................................................9
5. Issues to data sensitivity or jurisdiction............................................................................12
CONCLUSIONS............................................................................................................................13
REFERENCES..............................................................................................................................15
INTRODUCTION
The aim of the study is to analyse the risk factors which are emerging under business
organisations. Australian state government has established 'the department of administrative
services' to ensure the services performed under every departments example HR, personnel
department etc. (Zhou & et. al., 2016) policies keep on fluctuating from nation to nation on a
timely basis however, to provide effective information's regarding their regulations to every
organization at different countries has been made possible due to emergence of SAAS provider's.
This assessment covers the entire risks and threats to the employee data and information that has
been revolved in different countries and places for the processing. There are various steps in
sending data from one place and the risks and all these phases involves some issues which needs
to be resolved in order to protect those data. In present report, the need of software up-gradation
has been observed by DAS and thus, the information is being shared at places accordingly. The
level at which the information has threats are the security problems at HR system of DAS
holding employee data, migration to SaaS, etc. and privacy issues at DAS internal system and
SaaS.
Assessment 2
1. Consider the data and information that DAS holds on the employees in the current HR system.
1). Establish the present threats and risks to the security of the data and information.
Current employees are considered as the most important resource for any organisation,
thus, it is mandatory to keep their data and information secure and confidential. It is a myth that
hackers are the main reason that causes security breaches in fact this information is leaker from
the insiders, either intentionally or unintentionally. Initially, when the data and information of the
employees is present in the HR house of the DAS itself, then there are some risks and threats
associated with its security and these are as follows:
Exploitation of information through remote access software: It is an intentional form of
data leakage. In this, some remote accessed software are used for stealing the data such as
terminal services, Citrix and GoToMyPC.
1
The aim of the study is to analyse the risk factors which are emerging under business
organisations. Australian state government has established 'the department of administrative
services' to ensure the services performed under every departments example HR, personnel
department etc. (Zhou & et. al., 2016) policies keep on fluctuating from nation to nation on a
timely basis however, to provide effective information's regarding their regulations to every
organization at different countries has been made possible due to emergence of SAAS provider's.
This assessment covers the entire risks and threats to the employee data and information that has
been revolved in different countries and places for the processing. There are various steps in
sending data from one place and the risks and all these phases involves some issues which needs
to be resolved in order to protect those data. In present report, the need of software up-gradation
has been observed by DAS and thus, the information is being shared at places accordingly. The
level at which the information has threats are the security problems at HR system of DAS
holding employee data, migration to SaaS, etc. and privacy issues at DAS internal system and
SaaS.
Assessment 2
1. Consider the data and information that DAS holds on the employees in the current HR system.
1). Establish the present threats and risks to the security of the data and information.
Current employees are considered as the most important resource for any organisation,
thus, it is mandatory to keep their data and information secure and confidential. It is a myth that
hackers are the main reason that causes security breaches in fact this information is leaker from
the insiders, either intentionally or unintentionally. Initially, when the data and information of the
employees is present in the HR house of the DAS itself, then there are some risks and threats
associated with its security and these are as follows:
Exploitation of information through remote access software: It is an intentional form of
data leakage. In this, some remote accessed software are used for stealing the data such as
terminal services, Citrix and GoToMyPC.
1
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Sending out information through e-mails and instant messaging: This threat involves
sharing of personnel information with the help of E-mails and messaging.
File sharing on P2P: Peer-to-peer file sharing software such as IM is not the problem but
the trouble arises on the way of how it is used. A simple misconfiguration leads to the
network to go public which can be accessed by anyone (Cho & Chan, 2015). This is an
unintentional type of data leakage risk.
Recklessly using wireless networks: It is the biggest unintentional insider threat which
causes due to insecure wireless network usage. The most susceptible of these attacks are
the Wi-Fi networks. In addition to this, the WLANs provided to the employees in the
organisation also results in exploitation of data.
Posting information on the discussion boards: This is the easiest way to steal
information. If the entity reveals the data openly to every department then there are
threats of stealing them.
Moreover, there are various other risks which can be faced by the employees if their data
has been hacked by hackers. Under such circumstances there will be rise in the online scams,
phishing and other similar cases. As in the HR database personal sensitive information is there
that can be easily accessed by such people and they may collect personal information from other
family members through mails or fake websites (Yüksel, Küpçü & Özkasap, 2017) Along with
this, in Australia, cases related to the online theft and cybercrime has doubled. In 2016, many
companies have detected that they are facing the security incidents. A study on the IT companies
and cyber risk to them was commissioned by Telstra reported that the cases has doubled and will
further rise. In IT sector, there is another way by which private information can be accessed by
other people, that is Denial-of-service attack.
As personal information of all the companies will be mentioned in DAS so there can be
condition of cases where multiple outlooks computer-systems attack on the targeted source. Such
attacks increase the vulnerability factor of employee's personal details. By sending unlimited
messages or malformed packets they can directly hit the DAS system and can make it
slower/shut down or even crash (Wallentin & et. al, 2014)
Data breaches is another issue where information can be leaked. Person working in the
organization may also send the information to the other due personal conflict or else reason.
These are the threats and risk which can be generated while storing the data at DAS.
2
sharing of personnel information with the help of E-mails and messaging.
File sharing on P2P: Peer-to-peer file sharing software such as IM is not the problem but
the trouble arises on the way of how it is used. A simple misconfiguration leads to the
network to go public which can be accessed by anyone (Cho & Chan, 2015). This is an
unintentional type of data leakage risk.
Recklessly using wireless networks: It is the biggest unintentional insider threat which
causes due to insecure wireless network usage. The most susceptible of these attacks are
the Wi-Fi networks. In addition to this, the WLANs provided to the employees in the
organisation also results in exploitation of data.
Posting information on the discussion boards: This is the easiest way to steal
information. If the entity reveals the data openly to every department then there are
threats of stealing them.
Moreover, there are various other risks which can be faced by the employees if their data
has been hacked by hackers. Under such circumstances there will be rise in the online scams,
phishing and other similar cases. As in the HR database personal sensitive information is there
that can be easily accessed by such people and they may collect personal information from other
family members through mails or fake websites (Yüksel, Küpçü & Özkasap, 2017) Along with
this, in Australia, cases related to the online theft and cybercrime has doubled. In 2016, many
companies have detected that they are facing the security incidents. A study on the IT companies
and cyber risk to them was commissioned by Telstra reported that the cases has doubled and will
further rise. In IT sector, there is another way by which private information can be accessed by
other people, that is Denial-of-service attack.
As personal information of all the companies will be mentioned in DAS so there can be
condition of cases where multiple outlooks computer-systems attack on the targeted source. Such
attacks increase the vulnerability factor of employee's personal details. By sending unlimited
messages or malformed packets they can directly hit the DAS system and can make it
slower/shut down or even crash (Wallentin & et. al, 2014)
Data breaches is another issue where information can be leaked. Person working in the
organization may also send the information to the other due personal conflict or else reason.
These are the threats and risk which can be generated while storing the data at DAS.
2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2). Other risks to the data after migration to SaaS application.
After migration of data from the DAS to SaaS application, there are some risks and
threats associated with this process. They are as follows:
1. Data security: The confidential data of employees will be processed in the provider's cloud-
based infrastructure which will impact the security of the data. If the provider will be
unauthorised or comprises illegal systems then it is hazardous for the DAS to share this
information with the US and Germany based companies.
2. Bankruptcy or insolvency of the cloud provider: In case if the software provider faces any
financial problem then it will directly impact upon the employee’s security as they will to be able
to find access to recover their data (Wallentin & et. al, 2014). Further, there are also possibilities
that they may sell the data in deed of money.
3.Lacking antivirus- If the antivirus will not be present in the software then there are chances of
losing the data. Also, they are more likely to be hacked.
4. Malware: They are the hostile and annoying software which are generated by hackers in order
to steal the information of the employees. Malware includes the viruses, worms, trojan horses,
spyware and other malicious programs. They are explained further:
a). Virus: These are the written programs of computer or some other scripts that are spread from
one file to other, one computer to other with several methods. (Soni & Panchal, 2017, March)
They does not have any knowledge or computer user. This virus carries data and information of
the employees and propagates through various mediums making the information accessible at all
these areas.
b). Spam: In this the emails are send to unasked bulk messages to everyone which asks for
personal information with some fake questioning. Users being unaware of this scam, share their
data which is harmful for their privacy and security.
c). Cookies: Malware can attack the cookies that contains the data of the employees in form of
cookies. Cookies are the small files which are stored on the computers and laptops of the user.
d). Spyware: It is a type of malware which is installed in computers which gathers the
information of the employees and other user without their consent (Skopik, Settanni, & Fiedler,
2016). The installation is hidden from the user and consequently they share their information.
This can be done by some other workers in order to change the details of their colleagues.
3
After migration of data from the DAS to SaaS application, there are some risks and
threats associated with this process. They are as follows:
1. Data security: The confidential data of employees will be processed in the provider's cloud-
based infrastructure which will impact the security of the data. If the provider will be
unauthorised or comprises illegal systems then it is hazardous for the DAS to share this
information with the US and Germany based companies.
2. Bankruptcy or insolvency of the cloud provider: In case if the software provider faces any
financial problem then it will directly impact upon the employee’s security as they will to be able
to find access to recover their data (Wallentin & et. al, 2014). Further, there are also possibilities
that they may sell the data in deed of money.
3.Lacking antivirus- If the antivirus will not be present in the software then there are chances of
losing the data. Also, they are more likely to be hacked.
4. Malware: They are the hostile and annoying software which are generated by hackers in order
to steal the information of the employees. Malware includes the viruses, worms, trojan horses,
spyware and other malicious programs. They are explained further:
a). Virus: These are the written programs of computer or some other scripts that are spread from
one file to other, one computer to other with several methods. (Soni & Panchal, 2017, March)
They does not have any knowledge or computer user. This virus carries data and information of
the employees and propagates through various mediums making the information accessible at all
these areas.
b). Spam: In this the emails are send to unasked bulk messages to everyone which asks for
personal information with some fake questioning. Users being unaware of this scam, share their
data which is harmful for their privacy and security.
c). Cookies: Malware can attack the cookies that contains the data of the employees in form of
cookies. Cookies are the small files which are stored on the computers and laptops of the user.
d). Spyware: It is a type of malware which is installed in computers which gathers the
information of the employees and other user without their consent (Skopik, Settanni, & Fiedler,
2016). The installation is hidden from the user and consequently they share their information.
This can be done by some other workers in order to change the details of their colleagues.
3
e). Phishing: In this type of malware, masquerading is done to gain the usernames, passwords,
credit card numbers, etc. In this, some entities say themselves as authentic and obtain this data
from the other organisations through e-mails.
3). Assess the resulting severity of risk and threats to data and information of employees.
According to a recent survey it was preserved that 3 out of 4 companies are sicked to the
data security policies. The essentialness of the security can be evaluated from this too. In case
when the risks and threats arises with the security of the data and information then there are
many ways in which employees can get harm (Abbas, Ali, Khan & Khan, 2016) The insecurity
can lead to severe problems which are stated further;
1. The employees with the bad intent who hacked the data can alter or delete the
information, data, contacts and other important files.
2. In case when some employees leave the entity then the HR department deletes their
record which may sometime leads to deletion of some crucial work.
2. Consider the privacy of data for those employees who will move to SaaS application.
1). Establish the existing risks and threats to the privacy.
SaaS is indeed an effective e tool but there are some issues associated with the privacy of
the data and information of the employees. In order to steal the designed data or institutions and
organisations several attacks are made by the hackers. Data bases is the core heart of every
organisation and this is the major reason due to which it is often targeted. The major risks and
threats of SaaS application are present below:
External hackers- These are the outside elements that teals the information of the employees.
They can misuse this data (Beaty & et. al, 2016) For example- They can use the bank account
number, contact number and address of the employee.
Internal hackers: These are other employees who hacks the data and information and alters them
or deletes them in order to compete them.
Data Movement: Data can be moved from one device to other. This can cause sharing of data
which may harm in maintaining the confidentialness of the employee data.
Excessive privileges – when organisation requires more job functions to be performed by their
workers, they aid in benefiting them by initiating several data base privileges. If such benefits are
4
credit card numbers, etc. In this, some entities say themselves as authentic and obtain this data
from the other organisations through e-mails.
3). Assess the resulting severity of risk and threats to data and information of employees.
According to a recent survey it was preserved that 3 out of 4 companies are sicked to the
data security policies. The essentialness of the security can be evaluated from this too. In case
when the risks and threats arises with the security of the data and information then there are
many ways in which employees can get harm (Abbas, Ali, Khan & Khan, 2016) The insecurity
can lead to severe problems which are stated further;
1. The employees with the bad intent who hacked the data can alter or delete the
information, data, contacts and other important files.
2. In case when some employees leave the entity then the HR department deletes their
record which may sometime leads to deletion of some crucial work.
2. Consider the privacy of data for those employees who will move to SaaS application.
1). Establish the existing risks and threats to the privacy.
SaaS is indeed an effective e tool but there are some issues associated with the privacy of
the data and information of the employees. In order to steal the designed data or institutions and
organisations several attacks are made by the hackers. Data bases is the core heart of every
organisation and this is the major reason due to which it is often targeted. The major risks and
threats of SaaS application are present below:
External hackers- These are the outside elements that teals the information of the employees.
They can misuse this data (Beaty & et. al, 2016) For example- They can use the bank account
number, contact number and address of the employee.
Internal hackers: These are other employees who hacks the data and information and alters them
or deletes them in order to compete them.
Data Movement: Data can be moved from one device to other. This can cause sharing of data
which may harm in maintaining the confidentialness of the employee data.
Excessive privileges – when organisation requires more job functions to be performed by their
workers, they aid in benefiting them by initiating several data base privileges. If such benefits are
4
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
not provided by business firms than it will result in reduction of trust as well as loyalty of its
staff members.
Injection attacks of data base – they are comprised of two types such as- SQL injections and
NoSQL injections. Traditional data base systems are targeted by SQL injections whereas big data
platforms are attacked by NoSQL injections. Further, these are beneficial to be adopted because
it restricts the threat and risks of collected data.
Human factor – it has been identified that data breach is often conducted because of the
negligence of human resources (Saki & et. al., 2016) Ponemon institute of data breach has been
identified that lack of expertise under such factors can be overcome by enhancing enforce
policies, security controls and by establishing several processes.
Malware- it is the biggest threat of data exposures because when users maintains its data by
using infected devices it can be easily stole or hacked. Thus, for avoiding such threats,
organisations or institutions must restrict the use of such unprotected websites.
Weak audit trial - threats are emerged due to insufficient internal gaps or processes. However,
failure in monitoring compliance anomalies, appropriate audit details and security can cause
enormous threat or risks for the collected data.
Unsecured storage media – data base backup tapes and disks has encouraged numerous threats
regarding data breaches (Russo & Zou, 2016, May). Data can be of many types including-
duplicate, copy, big data, private data and many more. However, it is crucial to maintain copies
of sensitive data which will develop the security measures under every institution as well as
organisations.
2). Other risks and threats to the privacy of data and information during migration.
Sending of data from DAS to SaaS involves different platforms. All these information is
reached to California, Germany and India; thus, this migration has created so many risks with the
privacy of the information. The data can be accessed at many place and can be stolen at any
5
staff members.
Injection attacks of data base – they are comprised of two types such as- SQL injections and
NoSQL injections. Traditional data base systems are targeted by SQL injections whereas big data
platforms are attacked by NoSQL injections. Further, these are beneficial to be adopted because
it restricts the threat and risks of collected data.
Human factor – it has been identified that data breach is often conducted because of the
negligence of human resources (Saki & et. al., 2016) Ponemon institute of data breach has been
identified that lack of expertise under such factors can be overcome by enhancing enforce
policies, security controls and by establishing several processes.
Malware- it is the biggest threat of data exposures because when users maintains its data by
using infected devices it can be easily stole or hacked. Thus, for avoiding such threats,
organisations or institutions must restrict the use of such unprotected websites.
Weak audit trial - threats are emerged due to insufficient internal gaps or processes. However,
failure in monitoring compliance anomalies, appropriate audit details and security can cause
enormous threat or risks for the collected data.
Unsecured storage media – data base backup tapes and disks has encouraged numerous threats
regarding data breaches (Russo & Zou, 2016, May). Data can be of many types including-
duplicate, copy, big data, private data and many more. However, it is crucial to maintain copies
of sensitive data which will develop the security measures under every institution as well as
organisations.
2). Other risks and threats to the privacy of data and information during migration.
Sending of data from DAS to SaaS involves different platforms. All these information is
reached to California, Germany and India; thus, this migration has created so many risks with the
privacy of the information. The data can be accessed at many place and can be stolen at any
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
level. Further, in recent years situation of Malware is happening to the SaaS application in which
the data are scan through the My document folders and send to the random email contacts of user
(Dhivya, Devi & Shanmugalakshmi, 2016, January) In addition to this, the application creates
increased data access which may results in the risks to the confidentiality if the data and
information of employees. Moreover, the 'access anywhere' tool is good as it enhances the
convenience but there are also some risks associated with the privacy as individual with the log
ins and passwords can access the data and information of others.
In day to day life of every institutions and organisations, migration of data under IT
department has become a big part. This encourages huge challenge for the organisations related
to its confidentiality, availability during its migration (Rahimian, Bajaj & Bradley, 2016). Cloud
based services are often threaten because in enhances the chances of data breaches. Therefore,
many business firms have restricted their employees in migrating their data through such
applications.
It further results in isolation failures. Such threats are occurred due to lack of mechanism,
storage, routing and reputation etc. however, adoption of resource isolation mechanism is
beneficial in eradicating the risks of data breaches (Perruche, Clauzon, Bonnefoy, Toussirot &
Saas, 2014). Moreover, migration of data encourages risks within deletion of incomplete or
insecure data. Timely changes are also restricted under such circumstances which increases the
risks and threats related to collected informations. Thus, these are some other threats and risks of
migration of data from DAS to SaaS which affects the privacy of the employees.
3). Resulting severity of risks and threats to the privacy of employees.
The risks and threats associated with the privacy in SaaS application results in failure in
maintaining confidentiality of the employees (Perruche, Clauzon, Bonnefoy, Toussirot & Saas,
2014). There are severe issues that can be generated with this error. Some major problems
include leaking of contact number that may trouble the holder by fake calls, in addition to this,
when the bank account number will be leaked then some hackers may misuse this and can steal
money.
Proactive or repetitive approach must be initiated by organisations for enhancing security
of the collected data. However, in order to enhance the security system of enterprises several
rationale has been emerged including- productivity, self-analysis, cost justification,
communication, breaking barriers etc. expenses are generally included while adding security
6
the data are scan through the My document folders and send to the random email contacts of user
(Dhivya, Devi & Shanmugalakshmi, 2016, January) In addition to this, the application creates
increased data access which may results in the risks to the confidentiality if the data and
information of employees. Moreover, the 'access anywhere' tool is good as it enhances the
convenience but there are also some risks associated with the privacy as individual with the log
ins and passwords can access the data and information of others.
In day to day life of every institutions and organisations, migration of data under IT
department has become a big part. This encourages huge challenge for the organisations related
to its confidentiality, availability during its migration (Rahimian, Bajaj & Bradley, 2016). Cloud
based services are often threaten because in enhances the chances of data breaches. Therefore,
many business firms have restricted their employees in migrating their data through such
applications.
It further results in isolation failures. Such threats are occurred due to lack of mechanism,
storage, routing and reputation etc. however, adoption of resource isolation mechanism is
beneficial in eradicating the risks of data breaches (Perruche, Clauzon, Bonnefoy, Toussirot &
Saas, 2014). Moreover, migration of data encourages risks within deletion of incomplete or
insecure data. Timely changes are also restricted under such circumstances which increases the
risks and threats related to collected informations. Thus, these are some other threats and risks of
migration of data from DAS to SaaS which affects the privacy of the employees.
3). Resulting severity of risks and threats to the privacy of employees.
The risks and threats associated with the privacy in SaaS application results in failure in
maintaining confidentiality of the employees (Perruche, Clauzon, Bonnefoy, Toussirot & Saas,
2014). There are severe issues that can be generated with this error. Some major problems
include leaking of contact number that may trouble the holder by fake calls, in addition to this,
when the bank account number will be leaked then some hackers may misuse this and can steal
money.
Proactive or repetitive approach must be initiated by organisations for enhancing security
of the collected data. However, in order to enhance the security system of enterprises several
rationale has been emerged including- productivity, self-analysis, cost justification,
communication, breaking barriers etc. expenses are generally included while adding security
6
system under institutions (Pasupuleti, Ramalingam & Buyya, 2016) Development of IT security
software or any other reliable technologies would reduce every risk factors related to safety of
personal data. Effective information among multiple companies before taking necessary
decisions is also helpful in severity of threats among private data of staff members.
3.Threats and risks to the digital identities of government employees from SaaS applications
Saas application is the software in which third party give host application and provide
access to the customers on the internet. Severe issues that several business firms face is basically
related to the information security (Öğütçü, Testik & Chouseinoglou, 2016). Mainly they aid in
assessing, collecting or identifying measures to avoid such risks or hindrances related to privacy
of collected information’s. Basically, they had established SAAS applications which is beneficial
in providing effective information’s to several companies or entities.
Therefore, such factors influence long term risk factors along with involvement of
governance related to approval, ongoing support etc. however, to manage risks effectively is very
crucial to maintain effective structure of the organisations. The main risks and threats of SaaS
application to government employees are defined as follows:
Data breach:
In this there is risk of data stealing and loss. The data is stolen by hackers which stole the
important information regarding company’s business plans and other important business
information. It also hacks the credit card information of the employees (Lin & et. al., 2016).
Further, they can hack all the important details of the company when it hijacks the master
computers of the organisation. This will directly affect the company performance as their all data
are exposed to the hackers.
Service traffic hacking:
In this, accounts are hijacked by the hackers. It is very easy for the hackers to stole the
information of employee’s accounts by using phishing and social engineering methods. (Li, Dai,
Ming & Qiu, 2016). Employees which access their data with the help of cloud facilities then they
are more vulnerable to hijacked as they steal cookies of the user and steal whole information.
Access over personal information’s: -
7
software or any other reliable technologies would reduce every risk factors related to safety of
personal data. Effective information among multiple companies before taking necessary
decisions is also helpful in severity of threats among private data of staff members.
3.Threats and risks to the digital identities of government employees from SaaS applications
Saas application is the software in which third party give host application and provide
access to the customers on the internet. Severe issues that several business firms face is basically
related to the information security (Öğütçü, Testik & Chouseinoglou, 2016). Mainly they aid in
assessing, collecting or identifying measures to avoid such risks or hindrances related to privacy
of collected information’s. Basically, they had established SAAS applications which is beneficial
in providing effective information’s to several companies or entities.
Therefore, such factors influence long term risk factors along with involvement of
governance related to approval, ongoing support etc. however, to manage risks effectively is very
crucial to maintain effective structure of the organisations. The main risks and threats of SaaS
application to government employees are defined as follows:
Data breach:
In this there is risk of data stealing and loss. The data is stolen by hackers which stole the
important information regarding company’s business plans and other important business
information. It also hacks the credit card information of the employees (Lin & et. al., 2016).
Further, they can hack all the important details of the company when it hijacks the master
computers of the organisation. This will directly affect the company performance as their all data
are exposed to the hackers.
Service traffic hacking:
In this, accounts are hijacked by the hackers. It is very easy for the hackers to stole the
information of employee’s accounts by using phishing and social engineering methods. (Li, Dai,
Ming & Qiu, 2016). Employees which access their data with the help of cloud facilities then they
are more vulnerable to hijacked as they steal cookies of the user and steal whole information.
Access over personal information’s: -
7
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
The biggest threat from SAAs applications relies over leakage of personal contents
related to its workers. Every business organisation possesses number of employees; however,
generation of applications has made it easier for the employers to collect information’s about a
particular person (Klein & et. al., 2016, May). Under this factor every individual has certain
rights to know about the information’s that are collected by their business firms or institutions. If
they find any wrong data regarding their personal information they possess rights to correct
them. Therefore, this is the most effective data collection strategy which secures the personal
information among other co-workers.
Denial of service attacks:
Denial of service is the main threat of the employees as they diminish the service before the user
can logout (Kennedy & Millard, 2016). Cloud computing has provided various options for the
hackers to enter and they will expire the cookies of the user which results in closing of the page
on which they are working. The employee's information is stolen in this way as this does not
give chance to the user to logout their window.
Collecting and managing personal information: -
Mainly the threat of government entities lies under gathering of personal data effectively
so that there are less emerging issues related to any misuse or harmful activities. In order to
avoid such factors effective security for collected information need to be generated. Protection of
personal data is appropriately encrypted to maintain sensitive information’s. Security source
code is established to control or manage the collected information related to support or project
activities in secured manner. In order to enhance effectiveness implementation of technical
vulnerability management has been undertaken. Therefore, these measures reduce the risk factors
related to misleading personal information of every individuals (Skopik, Settanni & Fiedler,
2016).
Security and usage of digital identities: -
Such factors provide important information external agent to the employers or managers.
It can be either applications, organisation or any useful devices. Such services are generated with
the help of computers and does not involve any human resources. Therefore, it emerges the
biggest threat related to misuse or misinterpretation of collected data. It is the effective method
8
related to its workers. Every business organisation possesses number of employees; however,
generation of applications has made it easier for the employers to collect information’s about a
particular person (Klein & et. al., 2016, May). Under this factor every individual has certain
rights to know about the information’s that are collected by their business firms or institutions. If
they find any wrong data regarding their personal information they possess rights to correct
them. Therefore, this is the most effective data collection strategy which secures the personal
information among other co-workers.
Denial of service attacks:
Denial of service is the main threat of the employees as they diminish the service before the user
can logout (Kennedy & Millard, 2016). Cloud computing has provided various options for the
hackers to enter and they will expire the cookies of the user which results in closing of the page
on which they are working. The employee's information is stolen in this way as this does not
give chance to the user to logout their window.
Collecting and managing personal information: -
Mainly the threat of government entities lies under gathering of personal data effectively
so that there are less emerging issues related to any misuse or harmful activities. In order to
avoid such factors effective security for collected information need to be generated. Protection of
personal data is appropriately encrypted to maintain sensitive information’s. Security source
code is established to control or manage the collected information related to support or project
activities in secured manner. In order to enhance effectiveness implementation of technical
vulnerability management has been undertaken. Therefore, these measures reduce the risk factors
related to misleading personal information of every individuals (Skopik, Settanni & Fiedler,
2016).
Security and usage of digital identities: -
Such factors provide important information external agent to the employers or managers.
It can be either applications, organisation or any useful devices. Such services are generated with
the help of computers and does not involve any human resources. Therefore, it emerges the
biggest threat related to misuse or misinterpretation of collected data. It is the effective method
8
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
of collecting personnel digital identities if required by the business firms (Sakib & et. al., 2016).
Digital identity involves online search activities, social security, usernames or passwords etc.
however, this ensures security of the collected information and reduces risks factors. Therefore,
it incurs a lot of threat related to identities of government.
Correction and Quality of private information’s: -
It is applicable when any organisation possesses false information of the workers.
Therefore, it is needed to be corrected on a timely basis by adopting several additions,
corrections, deletions etc. (Hemphill & Longstreet, 2016) however, by adopting this privacy
strategy of DAS companies can easily edit the false information by replacing it with the correct
one. Thus, it develops private data of personnel with adequate quality and correctiveness.
Disclosure and usage of personal information:
SAAS is established to protect the personal data of employees and workers under
institutions as well as organisations. However, such information sources ned to be highly
protected to eradicate its misuse or misinterpretation which is the biggest threat that has been
encouraged. Thus, DAS has formulated such privacy strategy to collect all relevant information
of personnel’s which is very beneficial in every management activities. This data provides
accountability of generated information, the purpose of collection, its accuracy, safeguard,
openness etc (Angurala & Pal, 2017). However, any information about some personnel is
disclosed among governments or other authorities if there is any negative occurring or for proof
readings. Likewise, information’s of employees may be shared for encouraging staff
innovations. Therefore, it is effective in providing safeguard to the collected data.
Shared technology:
Cloud computing provides hare technology as they have to provide resources to many
organisations and people. This give rise to insecurities and other risks to the services of other
users. This includes losing of data or problems in resource sharing.
4. Considering operational solutions and locations of SaaS for HR and contractor management.
SAAs provider technology is improvising at huge context in providing several solutions
to the problems that are emerging under organisations and IT departments from last many years.
Maintaining IT is very challenging aspect faced by smaller as well as larger firms (Dhivya, Devi
9
Digital identity involves online search activities, social security, usernames or passwords etc.
however, this ensures security of the collected information and reduces risks factors. Therefore,
it incurs a lot of threat related to identities of government.
Correction and Quality of private information’s: -
It is applicable when any organisation possesses false information of the workers.
Therefore, it is needed to be corrected on a timely basis by adopting several additions,
corrections, deletions etc. (Hemphill & Longstreet, 2016) however, by adopting this privacy
strategy of DAS companies can easily edit the false information by replacing it with the correct
one. Thus, it develops private data of personnel with adequate quality and correctiveness.
Disclosure and usage of personal information:
SAAS is established to protect the personal data of employees and workers under
institutions as well as organisations. However, such information sources ned to be highly
protected to eradicate its misuse or misinterpretation which is the biggest threat that has been
encouraged. Thus, DAS has formulated such privacy strategy to collect all relevant information
of personnel’s which is very beneficial in every management activities. This data provides
accountability of generated information, the purpose of collection, its accuracy, safeguard,
openness etc (Angurala & Pal, 2017). However, any information about some personnel is
disclosed among governments or other authorities if there is any negative occurring or for proof
readings. Likewise, information’s of employees may be shared for encouraging staff
innovations. Therefore, it is effective in providing safeguard to the collected data.
Shared technology:
Cloud computing provides hare technology as they have to provide resources to many
organisations and people. This give rise to insecurities and other risks to the services of other
users. This includes losing of data or problems in resource sharing.
4. Considering operational solutions and locations of SaaS for HR and contractor management.
SAAs provider technology is improvising at huge context in providing several solutions
to the problems that are emerging under organisations and IT departments from last many years.
Maintaining IT is very challenging aspect faced by smaller as well as larger firms (Dhivya, Devi
9
& Shanmugalakshmi, 2016) . Larger firms comprise of large data, variety of external and
internal application, traffic of high volume etc. whereas small or medium firms consists of less
resources and fewer data. Likewise, every organization faces challenges under different aspects.
It is the basic responsibility of every business organisation to identify the prevailing risks and
likewise generate effective measures to overcome those risks. However, there are several risks
which are difficult to overcome. Thus, effective measures are recommended by SAAS to
overcome with the issues of large burdens, storage of huge data effectively etc. Dealing among
low probability risks with high impact cannot be easily covered through contingencies. With the
reduction of likelihood or impact low probability high impact can be easily mitigated. However,
such mitigation of risks incurs huge amount of costs due to which firms or institutions need to
formulate budgets (Batra & Arora, 2016). Therefore, it is very crucial to firstly identify the
prevailing risks and likewise generates measures to track or eradicate them. Risk mitigation
activities are uncertain and cannot be predicted that it will be beneficial or not.
The most effective solution emerged by SAAS is Organizational flexibility. Every
business organisations possess several components that causes uncertainty among business
undertakings. Such uncertainties further cause generation of risk factors that are crucial to be
determined before initiating project planning process (Clement & Obar 2016). Such risk factors
can be controlled if there would be timely reduction by discouraging the influence of uncertain
business environment (Klein & et. al., 2016, May). Moreover, flexibility under institutions as
well as organisations is the best solution of SAAS for HR and contractor management. This
further relies over network consists of virtual servers connected over internet to manage, access,
store or process data to perform the tasks effectively. Therefore, it provides effective services
which decreases the burden or headaches of IT departments (Öğütçü, Testik & Chouseinoglou,
2016).
According to the laws and regulations of Australian laws Privacy act 1988 is developed
to protect personal information’s of every employees which need to be protected from several
misuses, disclosures, modifications etc. however, development of SAAS applications under
organisations or institutions has adopted several services such as APP services, ICT security,
blacklisting and whitelisting, software security, access, data handling, network security,
encryption, backing up , testing, data breaches, physical security, workplace policies, governance
and many more. Therefore, adoption of effective ICT security is beneficial in protecting the
10
internal application, traffic of high volume etc. whereas small or medium firms consists of less
resources and fewer data. Likewise, every organization faces challenges under different aspects.
It is the basic responsibility of every business organisation to identify the prevailing risks and
likewise generate effective measures to overcome those risks. However, there are several risks
which are difficult to overcome. Thus, effective measures are recommended by SAAS to
overcome with the issues of large burdens, storage of huge data effectively etc. Dealing among
low probability risks with high impact cannot be easily covered through contingencies. With the
reduction of likelihood or impact low probability high impact can be easily mitigated. However,
such mitigation of risks incurs huge amount of costs due to which firms or institutions need to
formulate budgets (Batra & Arora, 2016). Therefore, it is very crucial to firstly identify the
prevailing risks and likewise generates measures to track or eradicate them. Risk mitigation
activities are uncertain and cannot be predicted that it will be beneficial or not.
The most effective solution emerged by SAAS is Organizational flexibility. Every
business organisations possess several components that causes uncertainty among business
undertakings. Such uncertainties further cause generation of risk factors that are crucial to be
determined before initiating project planning process (Clement & Obar 2016). Such risk factors
can be controlled if there would be timely reduction by discouraging the influence of uncertain
business environment (Klein & et. al., 2016, May). Moreover, flexibility under institutions as
well as organisations is the best solution of SAAS for HR and contractor management. This
further relies over network consists of virtual servers connected over internet to manage, access,
store or process data to perform the tasks effectively. Therefore, it provides effective services
which decreases the burden or headaches of IT departments (Öğütçü, Testik & Chouseinoglou,
2016).
According to the laws and regulations of Australian laws Privacy act 1988 is developed
to protect personal information’s of every employees which need to be protected from several
misuses, disclosures, modifications etc. however, development of SAAS applications under
organisations or institutions has adopted several services such as APP services, ICT security,
blacklisting and whitelisting, software security, access, data handling, network security,
encryption, backing up , testing, data breaches, physical security, workplace policies, governance
and many more. Therefore, adoption of effective ICT security is beneficial in protecting the
10
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 19
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.