Personal Identifiable Information Strategy for DAS MY License Portal

Verified

Added on 2020/05/11

AI Summary

This report presents a detailed analysis of a Personal Identifiable Information (PII) strategy, focusing on the DAS MY License portal. It begins with a thorough threat and risk assessment, categorizing risks like encryption failures, inadequate security measures, human error, and governance loss. Each risk is evaluated based on probability, impact, and potential responses. The report then proposes a PII strategy for the DAS MY License portal, addressing data loss, malware attacks, and data breaches. It emphasizes the importance of encryption, access control, employee training, and adherence to relevant laws and regulations such as COPPA, GLB, and HIPAA. The report also covers the identification of PII within the system, auditing data flow, and the application of risk management strategies like mitigation, avoidance, acceptance, and sharing to ensure data security and privacy. The report underscores the necessity of corporate governance and compliance to safeguard PII and maintain a secure operational environment.

Running head: PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Personal Identifiable Information Strategy
Name of Student
Name of University

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
Table of Contents
1. Threat and Risk Assessment.........................................................................................................................................................................2
2. PII strategy proposal for DAS MY License portal.....................................................................................................................................12
3. Protection of Informal digital identity........................................................................................................................................................16
4. Governance of PII and digital identities for users of the portal.................................................................................................................19
4.1. PII and digital identities for the users of My license Portal................................................................................................................20
4.2. Personal and PII data for DAS users of the HR personnel Management Suite...................................................................................21
4.3. Personal and PII data for Contractors..................................................................................................................................................22
4.4. Personal and PII data for users and DAS staffs...................................................................................................................................23
Bibliography:..................................................................................................................................................................................................24

2
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
1. Threat and Risk Assessment
Rank Risk Description Category Cause Potential
Response
Affected assets Probability Impact Status or recovery time
1. Encryption
methods are
not correctly
implemented.
If there is the
absence of data
encryption,
then the system
is not secure.
Sometimes the
data present in
the system
might not be
encrypted in a
proper manner.
This makes the
system
Data
protection
and
privacy
Improper
implementation
or lack of
suitable
encryption
methods and
algorithms are
the root cause
of this type of
risk.
Immediate
actions can
be taken
before the
data moves
to a different
network. The
data can be
protected by
encryption
methods and
algorithms
before it
The personal
data of the users
and company
reputation are
the affected
assets.
Low High It will require approximately
1 month for setting up a
well-secured system.

3
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
susceptible to
various
security threats
and risks.
External
intruders can
hack the
system and
misuse the
data.
moves to
other
networks.
2. Security
measures that
are not
appropriate.
If appropriate
and strong
security
policies are not
incorporated in
the system then
Data
protection
The System
Administrator is
responsible for
incorporating
strong security
features in the
Strong
monitoring
of the system
as well as the
incorporation
of strong
The personal
data of the users
and company
reputation are
the affected
Medium High It will take approximately 2
weeks to set up.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
the information
is subjected to
various types
of attacks. This
can cause
information
loss as well as
modification of
data.
system. Any
kind of
negligence can
lead to the
improper
implementation
of security
measures.
security
policies.
assets.
3. Human Error These types of
risks fall under
the category of
accidental risk.
Most of the
organizations
can lose their
Data
protection
and
The employees
of the
organizations
are responsible
for the
occurrence of
these types of
Immediate
actions must
be taken to
protect the
data. Correct
encryption
methods can
Organization and
the sensitive data
of the users are
the affected
assets.
Medium Medium Proper training of will help
to mitigate the risk. It will
take approximately 1 month.

5
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
sensitive
information
because of
human error.
risks. be used for
protecting
the data. The
errors can be
corrected and
rectified after
it has been
detected.
4. Lock-in If there is lack
of proper
standard
solutions and
technologies
then it can lead
to data lock-in
where the users
Data
protection
and third-
party risk
Lack of proper
and standard
solutions and
technologies
along with an
improper
selection of
vendor can
The potential
response will
be to
immediately
switch to
another
vendor.
The sensitive
information,
personal data
and company’s
reputation are
the affected
assets. The real-
time service
High Medium It will take approximately 2
weeks to switch to another
vendor.

6
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
get totally
dependent on
the vendors of
the cloud
provider.
cause these
risks.
delivery is also
affected.
5. Governance
loss
If the service
agreement
between the
cloud provider
and the users
does not
provide proper
tools then it
leads to such
issues. If the
users are
Data
security
and
privacy
If there is
improper
synchronization
of the
responsibilities
extrinsic to the
cloud, unclear
roles and data
are stored in
several
locations then it
The potential
response will
be to
incorporate
strong
governance
in the
organization.
The customer
trust, company
reputation,
personal user
data and the
employee loyalty
will be affected.
Very High Very High It will take about 1 month to
recover.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
unable to get
proper and
timely backup
then it leads to
this risk.
leads to loss of
governance.

8
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
6. Compliance
challenge
If the
employees do
not conform to
rules like
policies,
specifications,
standards as
well as laws
then it leads to
compliance
challenges.
Data
privacy
If the
certification or
audit is
unavailable to
the customers,
there is no
completeness in
the terms of
use.
The
organization
must
immediately
abide by the
rules and
incorporate
strong
security
measures in
the system.
Certification of
the company is
the affected asset
in this case.
Very High High It will take approximately 2
weeks to set up.
7. Activities of
the co-tenant
If the co-tenant
carries out
malicious
activities and
have malicious
Data
privacy
If there is no
resource
isolation and
reputational
isolation then it
The activities
of the tenants
need to be
monitored in
a proper
Service delivery,
personal data,
sensitive
information and
the company
Low High It will take about 1 month to
set up proper security
measures.

9
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
intentions then
it can harm the
information
present in the
cloud storage.
leads to this
type of risk.
manner.
Strong
security
policies must
be
implemented
in the cloud
infrastructure
.
reputation will
be affected by
this type of risk.
8. Failure or
termination
of cloud
service
If there is lack
of proper
business
strategy, high
competition
and no
financial
Data
privacy
If there is no
completeness in
the terms of use
and there is no
supplier
redundancy
then it causes
The Proper
vendor must
be selected
by evaluating
their
financial and
business
Employee
loyalty, company
reputation,
service delivery
and customer
trust are the
affected assets of
NA Very High It will take approximately 2
weeks to overcome this
situation.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
support can
cause the cloud
providers to
terminate their
services.
this type of risk. capabilities. the organization.
9. Exhaustion
of resources
The allocation
of resources
takes place
based on
statistical
projections and
because this is
an on-demand
service then it
leads to
exhaustion of
Authentic
ation and
access
control
If there is no
supplier
redundancy, no
accurate
resource usage
modelling and
improper
resource
provisioning is
the cause
behind these
Accurate
resource
usage
modelling
must be done
in order to
keep proper
track of
resource
usage.
Company
reputation,
service delivery
and customer
trust are the
affected assets of
the organization.
Additional
capacity
cannot be
provided to
customers:
Medium
Agreed
capacity
cannot be
provided:
Low
Low or
medium
It will take about 1 month to
overcome this situation.

11
PERSONAL IDENTIFIABLE INFORMATION STRATEGY
resources. risks.
High
10. Malicious
insiders
Insiders are the
people who
have access to
sensitive
information of
the
organization.
These people
can leak the
data to the
external
attackers for
harming the
Deliberate
insider
attack
The insiders
might transfer
information to
the competitor
organization.
Strong
security
policies must
be
implemented
and the
organization
must monitor
the activities
of the people.
The user data
and company
reputation will
be affected.
Low Medium It will take around 2 months
to set up a proper employee
monitoring system in the
organization.