University: Risk Assessment for DAS - Data Security and Privacy Report
VerifiedAdded on  2022/09/18
|23
|6822
|19
Report
AI Summary
This report provides a comprehensive risk assessment for the Department of Administrative Services (DAS), focusing on data security and privacy concerns associated with its operations, especially with the adoption of a new HR and personnel management application. The report addresses the challenges of managing personal information, digital identities, and the implications of data transfer to external locations. It proposes a privacy strategy, detailing the management of personal information, use and disclosure, and the security of digital identities. Furthermore, the report outlines recommended privacy and data protection controls to mitigate risks and ensure compliance with relevant privacy principles. The report also discusses the enactment procedures for the proposed strategies, emphasizing the importance of data protection in the context of government policy changes and the adoption of cloud-based services. The report analyzes the existing threats and vulnerabilities, including cyber security threats and unauthorized access, and suggests ways to mitigate these risks. This report aims to provide insights into the protection of employee and business data, ensuring confidentiality and reliability.
Running head: RISK ASSESSMENT FOR THE DAS
Risk assessment for the DAS
Enter: Name of the Student
Enter: Name of the University
Author Note
Risk assessment for the DAS
Enter: Name of the Student
Enter: Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1RISK ASSESSMENT FOR THE DAS
Executive Summary
There are diverse categories of security concerns which are related with the employee data
and business data which are associated with Department of Administrative Services (DAS)
which provides a wide range of facilities to the other branches of Australian State
government. The changes on the government policy has resulted in the amalgamation of a
HR and personnel management systems which was supposed to improve the performance of
each of the stakeholders associated with DAS. There are different categories of risks
associated with the business data which are circulated in the business environment of DAS in
terms of both internal and external threats. This report shall be discussing a privacy strategy
proposal as well as a personal data protection strategy which can be very much useful for
DAS to safeguard the data from each of these threats. The enactment procedure of each of the
two different strategy shall also be focussed in this report.
Executive Summary
There are diverse categories of security concerns which are related with the employee data
and business data which are associated with Department of Administrative Services (DAS)
which provides a wide range of facilities to the other branches of Australian State
government. The changes on the government policy has resulted in the amalgamation of a
HR and personnel management systems which was supposed to improve the performance of
each of the stakeholders associated with DAS. There are different categories of risks
associated with the business data which are circulated in the business environment of DAS in
terms of both internal and external threats. This report shall be discussing a privacy strategy
proposal as well as a personal data protection strategy which can be very much useful for
DAS to safeguard the data from each of these threats. The enactment procedure of each of the
two different strategy shall also be focussed in this report.
2RISK ASSESSMENT FOR THE DAS
Table of Contents
1. Introduction............................................................................................................................4
2. Privacy strategy for personal data..........................................................................................5
a. Management of personal information................................................................................6
b. Collection and management of solicited personal information..........................................6
c. Use and disclosure of personal information.......................................................................7
d. Use and security of digital identities..................................................................................8
e. Security of personal information........................................................................................9
f. Access to personal information.........................................................................................10
g. Quality and correction of personal information...............................................................11
3. Recommended privacy controls...........................................................................................12
a. Mitigate the previously identified privacy risks...............................................................12
b. Implement the privacy strategy........................................................................................14
4. Personal data protection strategy.........................................................................................14
a. Protection of personal information...................................................................................15
b. Authorized access & disclosure of personal information................................................15
c. Use of personal digital identities......................................................................................15
5. Recommended personal data protection controls................................................................16
a. Mitigate the previously identified data security risks......................................................17
b. Implement the personal data protection strategy.............................................................18
6. Conclusion............................................................................................................................18
7. Reference..............................................................................................................................20
Table of Contents
1. Introduction............................................................................................................................4
2. Privacy strategy for personal data..........................................................................................5
a. Management of personal information................................................................................6
b. Collection and management of solicited personal information..........................................6
c. Use and disclosure of personal information.......................................................................7
d. Use and security of digital identities..................................................................................8
e. Security of personal information........................................................................................9
f. Access to personal information.........................................................................................10
g. Quality and correction of personal information...............................................................11
3. Recommended privacy controls...........................................................................................12
a. Mitigate the previously identified privacy risks...............................................................12
b. Implement the privacy strategy........................................................................................14
4. Personal data protection strategy.........................................................................................14
a. Protection of personal information...................................................................................15
b. Authorized access & disclosure of personal information................................................15
c. Use of personal digital identities......................................................................................15
5. Recommended personal data protection controls................................................................16
a. Mitigate the previously identified data security risks......................................................17
b. Implement the personal data protection strategy.............................................................18
6. Conclusion............................................................................................................................18
7. Reference..............................................................................................................................20
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3RISK ASSESSMENT FOR THE DAS
1. Introduction
Privacy and personal data protection strategy can be defined as the strategy which are
very much helpful to shield the organizational data as well as the employee data from diverse
categories of security threats coming from both inside the organization as well as from
external threats coming from the social engineers.
Every organization has different categories of data in their business environment such
as the employee data where detailed information of the workers are stored, payroll data,
contractual data and procurement data. Each of these different categories of data has to be
stored and monitored on regular intervals because organizational targets depend upon the
protection of these data (Hervas-Drane & Casadesus-Masanell, 2018). Confidentiality of the
data is generally maintained if the data is secured from any sort of unauthorised access.
Maintaining the reliability of the data is one of the most significant technical issues which are
faced by most of the business organizations all over the world (Gai et al., 2016). Privacy
strategy can be defined as the legal documentation procedure which are enacted by different
business organizations to protect the employee data and the customer data.
DAS is one of the most significant department of the Australian State Government
(ASG). DAS is responsible to provide wide range of service to the other departments of ASG
such as the payroll and contract tendering management (Ghezzi, Cortimiglia & Frank, 2015).
However, the changes in government policy has resulted in the incorporation of many new
approaches such as the centralized database and cloud first approach regarding the use of the
software and services which are used in DAS.
DAS is looking forward to purchase a HR and personnel management application
from a US based application development organization. This US based organization provides
SaaS applications to each of their clients. The incorporation of the new application is
1. Introduction
Privacy and personal data protection strategy can be defined as the strategy which are
very much helpful to shield the organizational data as well as the employee data from diverse
categories of security threats coming from both inside the organization as well as from
external threats coming from the social engineers.
Every organization has different categories of data in their business environment such
as the employee data where detailed information of the workers are stored, payroll data,
contractual data and procurement data. Each of these different categories of data has to be
stored and monitored on regular intervals because organizational targets depend upon the
protection of these data (Hervas-Drane & Casadesus-Masanell, 2018). Confidentiality of the
data is generally maintained if the data is secured from any sort of unauthorised access.
Maintaining the reliability of the data is one of the most significant technical issues which are
faced by most of the business organizations all over the world (Gai et al., 2016). Privacy
strategy can be defined as the legal documentation procedure which are enacted by different
business organizations to protect the employee data and the customer data.
DAS is one of the most significant department of the Australian State Government
(ASG). DAS is responsible to provide wide range of service to the other departments of ASG
such as the payroll and contract tendering management (Ghezzi, Cortimiglia & Frank, 2015).
However, the changes in government policy has resulted in the incorporation of many new
approaches such as the centralized database and cloud first approach regarding the use of the
software and services which are used in DAS.
DAS is looking forward to purchase a HR and personnel management application
from a US based application development organization. This US based organization provides
SaaS applications to each of their clients. The incorporation of the new application is
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4RISK ASSESSMENT FOR THE DAS
supposed to improve the organizational performance of each of the stakeholders of this
organization. Employee data shall be uploaded from DAS and these data shall be processed
in Bangalore, India. The new application shall be allowing the employees working in DAS to
access the HR and performance management system using the DAS digital identify which are
generated from the DAS active directory. The entire authorization procedure will be validated
by SAML 2.0 certificate.
Security Assertion Mark-up Language (SAML) is uses the XML framework which
are deployed to exchange authentication and authorization of data amongst the security
domains of business organizations. Digitally signed XML documents are deployed in this
authentication procedure (Franczyk & Ludwig, 2018). The ensuing unit of the paper shall be
developing a privacy strategy proposal for DAS so that they can secure the organization data
and business data from both external and internal threats.
2. Privacy strategy for personal data
There are diverse categories of departments which are there associated with the DAS
which provides a wide variety of services are provided by this department. Maintaining the
reliability and the availability of the organizational data is very much significant for this
organization (Hoepman, 2018). However, there are different categories of threats and
vulnerabilities associated with the business data which are accessed in this department
coming from both inside the organization as well from outside (Edgar, 2015). The external
threats include the cyber security threats like ransomware. The access of the business data is
not limited in this organization which is the other source of concern which has to be resolved
in the first place so confidentiality of the business data is sustained.
supposed to improve the organizational performance of each of the stakeholders of this
organization. Employee data shall be uploaded from DAS and these data shall be processed
in Bangalore, India. The new application shall be allowing the employees working in DAS to
access the HR and performance management system using the DAS digital identify which are
generated from the DAS active directory. The entire authorization procedure will be validated
by SAML 2.0 certificate.
Security Assertion Mark-up Language (SAML) is uses the XML framework which
are deployed to exchange authentication and authorization of data amongst the security
domains of business organizations. Digitally signed XML documents are deployed in this
authentication procedure (Franczyk & Ludwig, 2018). The ensuing unit of the paper shall be
developing a privacy strategy proposal for DAS so that they can secure the organization data
and business data from both external and internal threats.
2. Privacy strategy for personal data
There are diverse categories of departments which are there associated with the DAS
which provides a wide variety of services are provided by this department. Maintaining the
reliability and the availability of the organizational data is very much significant for this
organization (Hoepman, 2018). However, there are different categories of threats and
vulnerabilities associated with the business data which are accessed in this department
coming from both inside the organization as well from outside (Edgar, 2015). The external
threats include the cyber security threats like ransomware. The access of the business data is
not limited in this organization which is the other source of concern which has to be resolved
in the first place so confidentiality of the business data is sustained.
5RISK ASSESSMENT FOR THE DAS
a. Management of personal information
Personal information management is incorporated in DAS as it can help to organize,
acquire, maintain and retrieve business data from each of the different departments. The data
from each department as well as the services provided in HR and management, procurement
management, contractor management, and payroll can be secured using the personal
information management (Culnan, 2019). Designation, trading period and attendance of each
of the employees working in this organization can be managed and monitored using the
personal information system. Thus, the incorporation of personal information can be very
much useful in DAS as it can help them to secure the organizational data from data security
threats.
Description of the ways to manage personal information
Collection of the data Only the necessary data must be collected from each of the stakeholder
holders of this organization.
Accuracy Only the current data must be accessed in DAS.
Storage and security Data should be protected from getting misused and inappropriate
access
Use Any sort of third party access must be restricted.
Disclosure Inappropriate disclosure of the data must be restricted.
Transparency Accessibility of the employee data as well as the organizational data
must be set by network administrators.
Table 1: Ways to manage personal information
(Source: Created by author)
b. Collection and management of solicited personal information
There are numerous stakeholders who involved in this business, the incorporation of
the HR and personal management application which is going to be installed in the working
environment of DAS. Collection as well as the management of the personal information is a
significant challenge which can be observed in DAS due to the increasing number of cyber
security incidents (Cortimiglia, Ghezzi & Frank, 2016). The personal data has to travel from
California to Bangalore, as a result, effective security policies and protocols must be
a. Management of personal information
Personal information management is incorporated in DAS as it can help to organize,
acquire, maintain and retrieve business data from each of the different departments. The data
from each department as well as the services provided in HR and management, procurement
management, contractor management, and payroll can be secured using the personal
information management (Culnan, 2019). Designation, trading period and attendance of each
of the employees working in this organization can be managed and monitored using the
personal information system. Thus, the incorporation of personal information can be very
much useful in DAS as it can help them to secure the organizational data from data security
threats.
Description of the ways to manage personal information
Collection of the data Only the necessary data must be collected from each of the stakeholder
holders of this organization.
Accuracy Only the current data must be accessed in DAS.
Storage and security Data should be protected from getting misused and inappropriate
access
Use Any sort of third party access must be restricted.
Disclosure Inappropriate disclosure of the data must be restricted.
Transparency Accessibility of the employee data as well as the organizational data
must be set by network administrators.
Table 1: Ways to manage personal information
(Source: Created by author)
b. Collection and management of solicited personal information
There are numerous stakeholders who involved in this business, the incorporation of
the HR and personal management application which is going to be installed in the working
environment of DAS. Collection as well as the management of the personal information is a
significant challenge which can be observed in DAS due to the increasing number of cyber
security incidents (Cortimiglia, Ghezzi & Frank, 2016). The personal data has to travel from
California to Bangalore, as a result, effective security policies and protocols must be
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6RISK ASSESSMENT FOR THE DAS
incorporated in DAS which can be very much useful to preserve the reliability of the personal
information. Sensitivity of the personal information has to be checked in the first place before
the data is fetched or retrieved from the databases.
The availability of the data also has to be checked so that each stakeholder or
departments of the business gets the access of this data in a secure manner. Each entity of this
business has to be secured from the data security threats so that the collection and
management of the data is done in an organized manner (Choi, Lee & Sohn, 2017). Each data
request which are related with personal information has to be validated by efficient protocols
and procedure so that these data are not exposed outside DAS. The transfer of personal data
considering the DAS digital ID has to be secured from the external threats. Assemblage of the
solicited personal information should be considering Australian Privacy principles (APP) as
well, as it can ensure the assortment of sensitive information.
c. Use and disclosure of personal information
Disclosure of information usually have a huge influence on the reputation of DAS.
Disclosure of personal information must be focussed in DAS as it can ensure organizational
growth. Any leakage of leakage of data can have a negative impact on both the employees as
well as organizational growth (Casanovas et al., 2017). There are diverse categories of
stakeholders which are associated with DAS such as the configuration team, maintenance
team, feature enhancing team and the processing ream. Privacy Act is one of the other way
which can be very much useful to protect the business data from the different types of threats
(Kumari & Chakravarthy, 2016). There are different categories of privacy legislations which
can have a massive impact on the business growth of DAS.
incorporated in DAS which can be very much useful to preserve the reliability of the personal
information. Sensitivity of the personal information has to be checked in the first place before
the data is fetched or retrieved from the databases.
The availability of the data also has to be checked so that each stakeholder or
departments of the business gets the access of this data in a secure manner. Each entity of this
business has to be secured from the data security threats so that the collection and
management of the data is done in an organized manner (Choi, Lee & Sohn, 2017). Each data
request which are related with personal information has to be validated by efficient protocols
and procedure so that these data are not exposed outside DAS. The transfer of personal data
considering the DAS digital ID has to be secured from the external threats. Assemblage of the
solicited personal information should be considering Australian Privacy principles (APP) as
well, as it can ensure the assortment of sensitive information.
c. Use and disclosure of personal information
Disclosure of information usually have a huge influence on the reputation of DAS.
Disclosure of personal information must be focussed in DAS as it can ensure organizational
growth. Any leakage of leakage of data can have a negative impact on both the employees as
well as organizational growth (Casanovas et al., 2017). There are diverse categories of
stakeholders which are associated with DAS such as the configuration team, maintenance
team, feature enhancing team and the processing ream. Privacy Act is one of the other way
which can be very much useful to protect the business data from the different types of threats
(Kumari & Chakravarthy, 2016). There are different categories of privacy legislations which
can have a massive impact on the business growth of DAS.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7RISK ASSESSMENT FOR THE DAS
Consent from individuals are very much required in order to pass data across each of
the departments. Disclosure forms and Non-disclosure forms are the two other ways which
can ensure the reliability of the organizational data.
d. Use and security of digital identities
Digital identity is defined as a network identified protocol which are used to protect
the secrecy and security of employee data. The use and security of digital identify is very
much useful in DAS as it can ensure that the organizational data is secure from external
threats which can compromise those data. Digital authentication procedure is very much
useful to maintain and monitor security of the data which are accessed in each of the
departments of DAS. Digital footprint and internet privacy are the two main aspects of digital
identities (Laudon & Traver, 2016). Computer systems of each department of DAS have a
unique IP address which is generally randomly generated. Controlling the access to each of
the resources is one of the top priority of the management team of DAS and incorporation of
the digital identity management procedures is very much significant to reduce the chances of
the fraudulent activities (Levenstein, 2019). The personal privacy issues of each of the
workers of the departments of DAS can be resolved if the digital identified are secured from
the security threats (Blanchard, 2016). Thus, it can be said that the privacy as well as the
security settings of the HR and personnel management system has to be checked frequently
so that any sort of vulnerability associated with this systems which might cause privacy
concerns in DAS gets resolved. Security of digital identities can be maintained using different
categories of methods which is described in the following table.
Ways to secure digital identity Explanation
Passwords The use of alphanumeric passwords can be very much
useful to protect the digital identify of each of the
employees working in this organization.
Consent from individuals are very much required in order to pass data across each of
the departments. Disclosure forms and Non-disclosure forms are the two other ways which
can ensure the reliability of the organizational data.
d. Use and security of digital identities
Digital identity is defined as a network identified protocol which are used to protect
the secrecy and security of employee data. The use and security of digital identify is very
much useful in DAS as it can ensure that the organizational data is secure from external
threats which can compromise those data. Digital authentication procedure is very much
useful to maintain and monitor security of the data which are accessed in each of the
departments of DAS. Digital footprint and internet privacy are the two main aspects of digital
identities (Laudon & Traver, 2016). Computer systems of each department of DAS have a
unique IP address which is generally randomly generated. Controlling the access to each of
the resources is one of the top priority of the management team of DAS and incorporation of
the digital identity management procedures is very much significant to reduce the chances of
the fraudulent activities (Levenstein, 2019). The personal privacy issues of each of the
workers of the departments of DAS can be resolved if the digital identified are secured from
the security threats (Blanchard, 2016). Thus, it can be said that the privacy as well as the
security settings of the HR and personnel management system has to be checked frequently
so that any sort of vulnerability associated with this systems which might cause privacy
concerns in DAS gets resolved. Security of digital identities can be maintained using different
categories of methods which is described in the following table.
Ways to secure digital identity Explanation
Passwords The use of alphanumeric passwords can be very much
useful to protect the digital identify of each of the
employees working in this organization.
8RISK ASSESSMENT FOR THE DAS
Antivirus software The deployment of anti-virus software can be very much
useful to deal with external threats such as the cyber
security threats like ransomware.
Update the software The updating of the software which are used in DAS is
very much useful order to protect the digital identity
from the data security threats.
Checking security settings The security settings of the central networking computers
must be checked accordingly so that any sort of
accuracies of the data is eliminated.
Table 2: Protection of digital identity
(Source: Created by the author)
e. Security of personal information
Managing and maintaining personal information of each entity associated with DAS
is a huge challenge for this organization even after the successful incorporation of the HR and
personal management system which is supposed to enhance the performance of each
employee working in DAS (Asharov et al., 2017). There are numerous departments which
gets themselves associated with DAS such as payroll, contractor management, contract
tendering and procurement. Considering the deployment of the centralized database it can be
said that vulnerability of the centralised data is much more than the departmental data stores
(Madsen & Walker, 2015).
Security of personal information is also very much desired to prevent sort of data
leakage. Storing and monitoring of data has to be analysed and maintained in such way so
that originality of the personal information is sustained. The business transactions, financial
transactions and most of the ramification issues in the government offices occurs due to the
security concerns (Ali, Khan & Vasilakos, 2015). Sharing database also has security
concerns which has to be addressed in the first place so that the data security of the
Antivirus software The deployment of anti-virus software can be very much
useful to deal with external threats such as the cyber
security threats like ransomware.
Update the software The updating of the software which are used in DAS is
very much useful order to protect the digital identity
from the data security threats.
Checking security settings The security settings of the central networking computers
must be checked accordingly so that any sort of
accuracies of the data is eliminated.
Table 2: Protection of digital identity
(Source: Created by the author)
e. Security of personal information
Managing and maintaining personal information of each entity associated with DAS
is a huge challenge for this organization even after the successful incorporation of the HR and
personal management system which is supposed to enhance the performance of each
employee working in DAS (Asharov et al., 2017). There are numerous departments which
gets themselves associated with DAS such as payroll, contractor management, contract
tendering and procurement. Considering the deployment of the centralized database it can be
said that vulnerability of the centralised data is much more than the departmental data stores
(Madsen & Walker, 2015).
Security of personal information is also very much desired to prevent sort of data
leakage. Storing and monitoring of data has to be analysed and maintained in such way so
that originality of the personal information is sustained. The business transactions, financial
transactions and most of the ramification issues in the government offices occurs due to the
security concerns (Ali, Khan & Vasilakos, 2015). Sharing database also has security
concerns which has to be addressed in the first place so that the data security of the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9RISK ASSESSMENT FOR THE DAS
organization is improved. Most of the sensitive information of DAS is related with personal
data, hence the incorporation of the HR and personnel management system has to be
conducted so that privacy of the personal information is retained (Meadows & Hatzakis,
2018). The following table can be very much useful to understand the steps which can be
very much useful to secure the privacy of the personal information.
Steps Explanation
Impersonators Any sort of impersonation activity must be stopped in the
first place so that the personal information is secured
from the privacy and security issues.
Data encryption Personal data of DAS can be secured from different
categories of threats such as DES. Both the symmetric as
well as the asymmetric encryption method can be very
much useful to protect the data from getting altered by
the cyber criminals.
Privacy The impact of maintaining privacy of the data has to be
understood by each stakeholders of the business.
Phishing emails The incorporation of the phishing emails can be very
much useful to shield the integrity of the personal data.
Table 3: Steps to ensure the security of personal information
(Source: Created by author)
f. Access to personal information
Considering the enactment of the centralized database for the HR and personnel
management system it can be said that access to the data has to be done by professional
database administrators who has years of experience working with relational databases. The
most sensitive data of DAS includes the data collected from the consumers, data coming from
the payroll invoices, transaction statements, employee data, and audit data (Akter et al.,
2016). Personal as well as the organizational identity is hugely depended on the access which
has to set by the stakeholder who will be looking forward to work with HR and personnel
management system.
organization is improved. Most of the sensitive information of DAS is related with personal
data, hence the incorporation of the HR and personnel management system has to be
conducted so that privacy of the personal information is retained (Meadows & Hatzakis,
2018). The following table can be very much useful to understand the steps which can be
very much useful to secure the privacy of the personal information.
Steps Explanation
Impersonators Any sort of impersonation activity must be stopped in the
first place so that the personal information is secured
from the privacy and security issues.
Data encryption Personal data of DAS can be secured from different
categories of threats such as DES. Both the symmetric as
well as the asymmetric encryption method can be very
much useful to protect the data from getting altered by
the cyber criminals.
Privacy The impact of maintaining privacy of the data has to be
understood by each stakeholders of the business.
Phishing emails The incorporation of the phishing emails can be very
much useful to shield the integrity of the personal data.
Table 3: Steps to ensure the security of personal information
(Source: Created by author)
f. Access to personal information
Considering the enactment of the centralized database for the HR and personnel
management system it can be said that access to the data has to be done by professional
database administrators who has years of experience working with relational databases. The
most sensitive data of DAS includes the data collected from the consumers, data coming from
the payroll invoices, transaction statements, employee data, and audit data (Akter et al.,
2016). Personal as well as the organizational identity is hugely depended on the access which
has to set by the stakeholder who will be looking forward to work with HR and personnel
management system.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10RISK ASSESSMENT FOR THE DAS
Data from each relational table, must be taken under consideration to set the access
limit of the data. Taking stock and scaling down of the data is very much required in the first
place in order set the data access limit. The following step can be locking the data from the
stakeholders of the business. Planning is one of the key aspect regarding the limiting of the
organizational data of DAS as there are different categories of departments which must get
the shared data (Pelteret & Ophoff, 2017). The continuously changing business environment
of DAS has to be reviewed in the first place so that data access can be set in an organized
manner. The access controls systems which can be deployed in this organization are Role
Based Access Control (RBAC) and Mandatory Access Control (MAC).
g. Quality and correction of personal information
The introduction of the HR and personnel management system must be having a
positive impact on the personal information of each of the staffs working in this organization.
Criteria must be checked and monitored, at the same time burden of proof must be kept in the
first place so that any sort of privacy issues are avoided. Reasonable steps must be taken so
that the personal information of each of the stakeholders are saved by cyber criminals and
social engineers (Madsen & Walker, 2015). Quality of the information must be ensured in
each of the data processing units of DAS. Update and feature of each services provided must
be updated in the first place due to the cloud first approach adopted by DAS. The security of
the cloud based services is a huge source of concern for DAS as new approaches and security
measures are adopted by the social engineers (Plangger & Watson (2015). These security
issues can have a huge impact on the organizational productivity, it may also result in
organizational loss for DAS. The superiority of the employee data has to be of the highest
order as it can help DAS to identify the useful resources in this organization (Sharma &
Kaushik, 2017). The authorisation as well as the authentication of the data has to be very
much transparent so that the security issues associated with the business data is avoided.
Data from each relational table, must be taken under consideration to set the access
limit of the data. Taking stock and scaling down of the data is very much required in the first
place in order set the data access limit. The following step can be locking the data from the
stakeholders of the business. Planning is one of the key aspect regarding the limiting of the
organizational data of DAS as there are different categories of departments which must get
the shared data (Pelteret & Ophoff, 2017). The continuously changing business environment
of DAS has to be reviewed in the first place so that data access can be set in an organized
manner. The access controls systems which can be deployed in this organization are Role
Based Access Control (RBAC) and Mandatory Access Control (MAC).
g. Quality and correction of personal information
The introduction of the HR and personnel management system must be having a
positive impact on the personal information of each of the staffs working in this organization.
Criteria must be checked and monitored, at the same time burden of proof must be kept in the
first place so that any sort of privacy issues are avoided. Reasonable steps must be taken so
that the personal information of each of the stakeholders are saved by cyber criminals and
social engineers (Madsen & Walker, 2015). Quality of the information must be ensured in
each of the data processing units of DAS. Update and feature of each services provided must
be updated in the first place due to the cloud first approach adopted by DAS. The security of
the cloud based services is a huge source of concern for DAS as new approaches and security
measures are adopted by the social engineers (Plangger & Watson (2015). These security
issues can have a huge impact on the organizational productivity, it may also result in
organizational loss for DAS. The superiority of the employee data has to be of the highest
order as it can help DAS to identify the useful resources in this organization (Sharma &
Kaushik, 2017). The authorisation as well as the authentication of the data has to be very
much transparent so that the security issues associated with the business data is avoided.
11RISK ASSESSMENT FOR THE DAS
Auto-correction requests is very much desired which can help this organization to secure the
data from the threats coming from inside this organization such as data alteration (Meng et
al., 2018). The role of the database administrators are very much significant as it can ensure
the security of each of the requests. The exemptions of the individual right to access can also
be set if the personal information are properly set in the organizational database. Additional
legal test can be very much useful in order to enhance of the quality of data. Any sort of
unjustified means of data invasion can be avoided if the personal information is secured from
the data security threats.
3. Recommended privacy controls
Personal as well as the organizational data of DAS must be secured using different
categories of privacy controls (Noe et al., 2017). This unit of the report shall be focussing on
the list of recommendations which can ensure security and privacy regarding the circulation
of different categories of data associated with the business environment of DAS. The controls
which can be recommended to DAS shall be identified in the following paragraphs.
a. Mitigate the previously identified privacy risks
There are different categories of privacy risks which are related with both the personal
data as well as the organizational data. These risks includes loss of customers due to loss of
faith, failing to appeal new clients, class actions, and enforcements regulations (Shuen, 2018).
The other privacy risks associated with DAS are exposure of the data, poorly trained
employees, lack of security breach and inadequate data disposal policy. There are numerous
unnecessary data which are associated with DAS which is also a source of concern for the
stakeholders of this organization (Spieth, Schneckenberg & Matzler, 2016). The risk
mitigation procedure associated with each of the risks can be identified from the following
tabular description.
Auto-correction requests is very much desired which can help this organization to secure the
data from the threats coming from inside this organization such as data alteration (Meng et
al., 2018). The role of the database administrators are very much significant as it can ensure
the security of each of the requests. The exemptions of the individual right to access can also
be set if the personal information are properly set in the organizational database. Additional
legal test can be very much useful in order to enhance of the quality of data. Any sort of
unjustified means of data invasion can be avoided if the personal information is secured from
the data security threats.
3. Recommended privacy controls
Personal as well as the organizational data of DAS must be secured using different
categories of privacy controls (Noe et al., 2017). This unit of the report shall be focussing on
the list of recommendations which can ensure security and privacy regarding the circulation
of different categories of data associated with the business environment of DAS. The controls
which can be recommended to DAS shall be identified in the following paragraphs.
a. Mitigate the previously identified privacy risks
There are different categories of privacy risks which are related with both the personal
data as well as the organizational data. These risks includes loss of customers due to loss of
faith, failing to appeal new clients, class actions, and enforcements regulations (Shuen, 2018).
The other privacy risks associated with DAS are exposure of the data, poorly trained
employees, lack of security breach and inadequate data disposal policy. There are numerous
unnecessary data which are associated with DAS which is also a source of concern for the
stakeholders of this organization (Spieth, Schneckenberg & Matzler, 2016). The risk
mitigation procedure associated with each of the risks can be identified from the following
tabular description.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 23
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.