PricingBlogAbout Us

Personal Identifiable Information (PII) Risk Management Strategy

Verified

Added on  2020/05/11

|11
|1182
|207
AI Summary
This assignment presents a comprehensive strategy for managing the various threats and risks associated with Personal Identifiable Information (PII). It includes an in-depth threat and risk assessment focusing on ten primary areas: improper encryption methods, inadequate security measures, human error, data lock-in issues, governance loss, compliance challenges, co-tenant activities, cloud service failure or termination, resource exhaustion, and malicious insiders. Each area is evaluated based on its description, root cause, potential response, affected assets, probability of occurrence, impact level, and recovery time. The document prioritizes the implementation of robust encryption techniques, strong security policies, accurate resource modeling, and effective governance to protect sensitive data from external threats and internal vulnerabilities. Additionally, it emphasizes the importance of vendor selection, compliance with regulations, monitoring tenant activities, and insider threat management. This strategic approach aims to safeguard user privacy, maintain company reputation, ensure service delivery, and build customer trust in cloud-based environments.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Personal Identifiable Information Strategy
Name of Student
Name of University
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Appendix A
1. Threat and Risk Assessment
Rank Risk Description Category Cause Potential
Response
Affected assets Probability Impact Status or recovery time
1. Encryption
methods are
not correctly
implemented.
If there is the
absence of data
encryption,
then the system
is not secure.
Sometimes the
data present in
the system
might not be
encrypted in a
proper manner.
Data
protection
and
privacy
Improper
implementation
or lack of
suitable
encryption
methods and
algorithms are
the root cause
of this type of
risk.
Immediate
actions can
be taken
before the
data moves
to a different
network. The
data can be
protected by
encryption
methods and
The personal
data of the users
and company
reputation are
the affected
assets.
Low High It will require approximately
1 month for setting up a
well-secured system.
Document Page
2
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
This makes the
system
susceptible to
various
security threats
and risks.
External
intruders can
hack the
system and
misuse the
data.
algorithms
before it
moves to
other
networks.
2. Security
measures that
are not
appropriate.
If appropriate
and strong
security
policies are not
Data
protection
The System
Administrator is
responsible for
incorporating
Strong
monitoring
of the system
as well as the
The personal
data of the users
and company
reputation are
Medium High It will take approximately 2
weeks to set up.
Document Page
3
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
incorporated in
the system then
the information
is subjected to
various types
of attacks. This
can cause
information
loss as well as
modification of
data.
strong security
features in the
system. Any
kind of
negligence can
lead to the
improper
implementation
of security
measures.
incorporation
of strong
security
policies.
the affected
assets.
3. Human Error These types of
risks fall under
the category of
accidental risk.
Most of the
Data
protection
and
The employees
of the
organizations
are responsible
for the
Immediate
actions must
be taken to
protect the
data. Correct
Organization and
the sensitive data
of the users are
the affected
Medium Medium Proper training of will help
to mitigate the risk. It will
take approximately 1 month.
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
organizations
can lose their
sensitive
information
because of
human error.
occurrence of
these types of
risks.
encryption
methods can
be used for
protecting
the data. The
errors can be
corrected and
rectified after
it has been
detected.
assets.
4. Lock-in If there is lack
of proper
standard
solutions and
technologies
then it can lead
Data
protection
and third-
party risk
Lack of proper
and standard
solutions and
technologies
along with an
improper
The potential
response will
be to
immediately
switch to
another
The sensitive
information,
personal data
and company’s
reputation are
the affected
High Medium It will take approximately 2
weeks to switch to another
vendor.
Document Page
5
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
to data lock-in
where the users
get totally
dependent on
the vendors of
the cloud
provider.
selection of
vendor can
cause these
risks.
vendor. assets. The real-
time service
delivery is also
affected.
5. Governance
loss
If the service
agreement
between the
cloud provider
and the users
does not
provide proper
tools then it
leads to such
Data
security
and
privacy
If there is
improper
synchronization
of the
responsibilities
extrinsic to the
cloud, unclear
roles and data
are stored in
The potential
response will
be to
incorporate
strong
governance
in the
organization.
The customer
trust, company
reputation,
personal user
data and the
employee loyalty
will be affected.
Very High Very High It will take about 1 month to
recover.
Document Page
6
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
issues. If the
users are
unable to get
proper and
timely backup
then it leads to
this risk.
several
locations then it
leads to loss of
governance.
6. Compliance
challenge
If the
employees do
not conform to
rules like
policies,
specifications,
standards as
well as laws
then it leads to
Data
privacy
If the
certification or
audit is
unavailable to
the customers,
there is no
completeness in
the terms of
The
organization
must
immediately
abide by the
rules and
incorporate
strong
security
Certification of
the company is
the affected asset
in this case.
Very High High It will take approximately 2
weeks to set up.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
compliance
challenges.
use. measures in
the system.
7. Activities of
the co-tenant
If the co-tenant
carries out
malicious
activities and
have malicious
intentions then
it can harm the
information
present in the
cloud storage.
Data
privacy
If there is no
resource
isolation and
reputational
isolation then it
leads to this
type of risk.
The activities
of the tenants
need to be
monitored in
a proper
manner.
Strong
security
policies must
be
implemented
in the cloud
infrastructure
Service delivery,
personal data,
sensitive
information and
the company
reputation will
be affected by
this type of risk.
Low High It will take about 1 month to
set up proper security
measures.
Document Page
8
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
.
8. Failure or
termination
of cloud
service
If there is lack
of proper
business
strategy, high
competition
and no
financial
support can
cause the cloud
providers to
terminate their
services.
Data
privacy
If there is no
completeness in
the terms of use
and there is no
supplier
redundancy
then it causes
this type of risk.
The Proper
vendor must
be selected
by evaluating
their
financial and
business
capabilities.
Employee
loyalty, company
reputation,
service delivery
and customer
trust are the
affected assets of
the organization.
NA Very High It will take approximately 2
weeks to overcome this
situation.
9. Exhaustion
of resources
The allocation
of resources
takes place
Authentic
ation and
access
If there is no
supplier
redundancy, no
Accurate
resource
usage
Company
reputation,
service delivery
Additional
capacity
cannot be
Low or
medium
It will take about 1 month to
overcome this situation.
Document Page
9
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
based on
statistical
projections and
because this is
an on-demand
service then it
leads to
exhaustion of
resources.
control accurate
resource usage
modelling and
improper
resource
provisioning is
the cause
behind these
risks.
modelling
must be done
in order to
keep proper
track of
resource
usage.
and customer
trust are the
affected assets of
the organization.
provided to
customers:
Medium
Agreed
capacity
cannot be
provided:
Low
High
10. Malicious
insiders
Insiders are the
people who
have access to
sensitive
information of
Deliberate
insider
attack
The insiders
might transfer
information to
the competitor
organization.
Strong
security
policies must
be
implemented
The user data
and company
reputation will
be affected.
Low Medium It will take around 2 months
to set up a proper employee
monitoring system in the
organization.
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
the
organization.
These people
can leak the
data to the
external
attackers for
harming the
organization.
and the
organization
must monitor
the activities
of the people.
chevron_up_icon
1 out of 11
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.