University Report: Security and Privacy of Employee Data Analysis
VerifiedAdded on 2022/10/02
|25
|6301
|272
Report
AI Summary
This report examines the security and privacy of employee data within the context of an Australian state government's shift to a "Shared Services" model using SaaS. It identifies and assesses various security and privacy threats, including data integrity issues, secrecy concerns, availability challeng...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: SECURITY AND PRIVACY OF EMPLOYEE DATA
Security and Privacy of Employee Data
Name of the Student:
Name of the university:
Author note:
Security and Privacy of Employee Data
Name of the Student:
Name of the university:
Author note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2SECURITY AND PRIVACY OF EMPLOYEE DATA
Introduction:
The state government of Australia receives a number of services from an
organization known as the department of Administrative Services or DAS. This service provider
provided them with many services that included management, payroll, tendering and many more.
There were a few risk that were identified in this system for which the DAS Company wanted to
shift the information to the cloud as “shared services” (McIlwraith, 2016) Shared Services works
with the help of SaaS model of the cloud computing technology. Though there are many
advantages of developing cloud access to the users, there are few constraints of using them too.
This report discuss all about the privacy and the security threats that the organization’s users can
face when a whole information system is shifted from minor data centers to clouds. They are
then put into the risk management register for the assessment of their priority (Haney et al,
2017). The priority level shows how much importance the issue has and how early does it needed
to be fixated.
Introduction:
The state government of Australia receives a number of services from an
organization known as the department of Administrative Services or DAS. This service provider
provided them with many services that included management, payroll, tendering and many more.
There were a few risk that were identified in this system for which the DAS Company wanted to
shift the information to the cloud as “shared services” (McIlwraith, 2016) Shared Services works
with the help of SaaS model of the cloud computing technology. Though there are many
advantages of developing cloud access to the users, there are few constraints of using them too.
This report discuss all about the privacy and the security threats that the organization’s users can
face when a whole information system is shifted from minor data centers to clouds. They are
then put into the risk management register for the assessment of their priority (Haney et al,
2017). The priority level shows how much importance the issue has and how early does it needed
to be fixated.
3SECURITY AND PRIVACY OF EMPLOYEE DATA
1. Security of Employee Data
Sl.
No.
Security
Threat/Ris
k
Description
Likelihood
Impact
Priority
Preventive
Actions
Contingency Plans
1. Data
Integrity
High (H) High(H) Very
High(VH)
1.
Maintenance
.
2. Digital
Signatures.
1. staff training required
2. storage in cloud
2. Secrecy Medium(M) High(H) Medium(M) 1. Upgrade
Procedures.
2. Safeguard
Data.
1. encryption of data required
3. Availability Low(L) Medium(M) Medium(M) 1.
Monitoring
Processes.
1. Perform Risk Analysis.
4. Malware High(H) Very
High(VH)
High(H) 1. Update the
system.
1. Update anti malware
software regularly.
5. Database
Injection
Attacks
High(H) Very
High(VH)
High(H) 1. Usage of
Prepared
Statements.
2. Usage of
Stored
Procedures.
1. SQL input Validation is
required
2. Usage of prepared
statements instead of using
dynamic queries.
o Existing security threats to Employee data
Likelihood - VL, L, M, H, VH
Impact- - VL, L, M, H, VH
Priority- - VL, L, M, H, VH
1. Security of Employee Data
Sl.
No.
Security
Threat/Ris
k
Description
Likelihood
Impact
Priority
Preventive
Actions
Contingency Plans
1. Data
Integrity
High (H) High(H) Very
High(VH)
1.
Maintenance
.
2. Digital
Signatures.
1. staff training required
2. storage in cloud
2. Secrecy Medium(M) High(H) Medium(M) 1. Upgrade
Procedures.
2. Safeguard
Data.
1. encryption of data required
3. Availability Low(L) Medium(M) Medium(M) 1.
Monitoring
Processes.
1. Perform Risk Analysis.
4. Malware High(H) Very
High(VH)
High(H) 1. Update the
system.
1. Update anti malware
software regularly.
5. Database
Injection
Attacks
High(H) Very
High(VH)
High(H) 1. Usage of
Prepared
Statements.
2. Usage of
Stored
Procedures.
1. SQL input Validation is
required
2. Usage of prepared
statements instead of using
dynamic queries.
o Existing security threats to Employee data
Likelihood - VL, L, M, H, VH
Impact- - VL, L, M, H, VH
Priority- - VL, L, M, H, VH
4SECURITY AND PRIVACY OF EMPLOYEE DATA
Explain issues
1. Data Integrity: The consistency and accuracy of data is termed as data integrity. Data
integrity provides protection from inappropriate modification of information.
Modification involves insertion, creation, deletion and status change of data.
Maintenance of data integrity is keeping data intact and same throughout the full life
cycle. This consists of data capture, updates, storage, backups and transfers. Whenever
data procession takes place, a risk is always present for data corruption (Kearns, 2016).
Integrity may be lost if unappropriated changes occur with intention or by accidental acts.
Data integrity is essential for quality control and handling OOS results. Data integrity
also introduces the data safety with respect to regulatory compliance. It is maintained by
collection of processes, standards and rules implementation during design phase.
2. Secrecy: The act of information hiding from individuals or from groups is termed as
secrecy. Revealing of data should not take place to users who are not authorized. Secrecy
can be controversial which depends on the nature and content of the secret. Excessive
revealing of information can dispute with morality of confidentiality and privacy (Kearns,
2016). Secrecy exists in different ways such as encryption where technical and
mathematical strategies can be used for hiding messages, true secrecy where participants
are given certain restrictions and obfuscation where data is hidden in plane observation.
3. Availability: Availability is a condition where consumers can access a provided data. So,
with respect to database, data availability refers to if there is a database available, that
data can be accessed by the data users, that is, customers, business and application users.
Any criteria that makes the data inaccessible is the opposite of availability. Another
Explain issues
1. Data Integrity: The consistency and accuracy of data is termed as data integrity. Data
integrity provides protection from inappropriate modification of information.
Modification involves insertion, creation, deletion and status change of data.
Maintenance of data integrity is keeping data intact and same throughout the full life
cycle. This consists of data capture, updates, storage, backups and transfers. Whenever
data procession takes place, a risk is always present for data corruption (Kearns, 2016).
Integrity may be lost if unappropriated changes occur with intention or by accidental acts.
Data integrity is essential for quality control and handling OOS results. Data integrity
also introduces the data safety with respect to regulatory compliance. It is maintained by
collection of processes, standards and rules implementation during design phase.
2. Secrecy: The act of information hiding from individuals or from groups is termed as
secrecy. Revealing of data should not take place to users who are not authorized. Secrecy
can be controversial which depends on the nature and content of the secret. Excessive
revealing of information can dispute with morality of confidentiality and privacy (Kearns,
2016). Secrecy exists in different ways such as encryption where technical and
mathematical strategies can be used for hiding messages, true secrecy where participants
are given certain restrictions and obfuscation where data is hidden in plane observation.
3. Availability: Availability is a condition where consumers can access a provided data. So,
with respect to database, data availability refers to if there is a database available, that
data can be accessed by the data users, that is, customers, business and application users.
Any criteria that makes the data inaccessible is the opposite of availability. Another
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5SECURITY AND PRIVACY OF EMPLOYEE DATA
outlook of availability is the amount of time a system is used for production work (Bosch
& Micevska-Scharf, 2017). The application’s availability will change for different
organizations, for different systems of the organization and even for different users. Data
with poor performance can be accessed, however accessing a database which is
unavailable is not possible. The users cannot perform their respective job if there is
suffering in performance (Beautement, Becker, Parkin, Krol & Sasse, 2016). Availability
consists of four primary components that assures that the systems are up to the mark and
business can be done.
4. Malware: Malware is a software that is designed intentionally for causing damage to a
server, client, network or a computer. Malware causes the damage after its
implementation or implanted to a computer and perform direct executable scripts, codes
and other data. Malware is known as computer worms, viruses, Trojan horses, spyware,
scare ware, random ware and adware in media. Malware contains malicious intent that
acts against computer user’s interest and does not consist of software which creates
unintentional harm that is termed as a bug (Kent, 2016). Programs that are supplied
officially by the companies is considered as malware if they perform secretly against the
computer user’s interest. Sensitive data can be stolen by perennial threat malware through
infected devices.
5. Data Injection Attacks: Two types of data injection attacks are present such as SQL
injection which mark the conventional database systems and NoSQL injection which
target “big data” policy. A SQL injection attack have SQL query’s insertion from client
with input data into application. Sensitive data can be read from database through a
successful SQL injection, database can be modified, administration operations can be
outlook of availability is the amount of time a system is used for production work (Bosch
& Micevska-Scharf, 2017). The application’s availability will change for different
organizations, for different systems of the organization and even for different users. Data
with poor performance can be accessed, however accessing a database which is
unavailable is not possible. The users cannot perform their respective job if there is
suffering in performance (Beautement, Becker, Parkin, Krol & Sasse, 2016). Availability
consists of four primary components that assures that the systems are up to the mark and
business can be done.
4. Malware: Malware is a software that is designed intentionally for causing damage to a
server, client, network or a computer. Malware causes the damage after its
implementation or implanted to a computer and perform direct executable scripts, codes
and other data. Malware is known as computer worms, viruses, Trojan horses, spyware,
scare ware, random ware and adware in media. Malware contains malicious intent that
acts against computer user’s interest and does not consist of software which creates
unintentional harm that is termed as a bug (Kent, 2016). Programs that are supplied
officially by the companies is considered as malware if they perform secretly against the
computer user’s interest. Sensitive data can be stolen by perennial threat malware through
infected devices.
5. Data Injection Attacks: Two types of data injection attacks are present such as SQL
injection which mark the conventional database systems and NoSQL injection which
target “big data” policy. A SQL injection attack have SQL query’s insertion from client
with input data into application. Sensitive data can be read from database through a
successful SQL injection, database can be modified, administration operations can be
6SECURITY AND PRIVACY OF EMPLOYEE DATA
modified in the database, a provided file’s content can be recovered from file system of
database and in few cases commands can be issued to operating system (Malik & Patel,
2016). SQL injection attacks are one kind of injection attack where the predefined SQL
commands are effected by the injection of SQL commands to data-plane input. Identity,
causing repudiation issues like change in balance or transaction void, tempering with data
present can be spoofed by attackers through SQL injection attacks allow revelation of
complete data available in the system, data destruction and making the data unavailable
and becoming database server’s administrators. ASP and PHP applications have SQL
injection as for generality of older interfaces (Kotenko, Levshun, & Chechulin, 2016). As
for the availability of programmatic interfaces, ASP.NET and J2EE applications have
less chance of being exploited by SQL injections.
modified in the database, a provided file’s content can be recovered from file system of
database and in few cases commands can be issued to operating system (Malik & Patel,
2016). SQL injection attacks are one kind of injection attack where the predefined SQL
commands are effected by the injection of SQL commands to data-plane input. Identity,
causing repudiation issues like change in balance or transaction void, tempering with data
present can be spoofed by attackers through SQL injection attacks allow revelation of
complete data available in the system, data destruction and making the data unavailable
and becoming database server’s administrators. ASP and PHP applications have SQL
injection as for generality of older interfaces (Kotenko, Levshun, & Chechulin, 2016). As
for the availability of programmatic interfaces, ASP.NET and J2EE applications have
less chance of being exploited by SQL injections.
7SECURITY AND PRIVACY OF EMPLOYEE DATA
o New Security Threat to Employee data (after moving to SaaS)
Sl.
No.
New Security
Threat/Risk of
employee data
Description (after
moving to SaaS)
Likelihood
Impact
Priority
Preventive
Actions
Contingency Plans
1. Data Breaches High(H) High(H) High(H) 1. Legal
Obligations
2. Use
Encryption
Limiting liability
The policies has to
be made clear by the
lawyer.
2. Data Loss High(H) Very
High(VH)
Very
High(VH)
1. Backup
files
regularly.
2. Don’t open
suspicious
attachments
1. storage in remote
location not within
the system server
3. Lack of
Transparency
Medium(M) Medium(M) Medium(M) 1. Backup
files.
2. Reliability.
1. implementation of
policies regarding
reliability and
developing trust
4. Identity Theft Medium(M) High(H) High(H) 1. Shred
sensitive
documents.
2. Using a
locking
mailbox.
1. data encryption
method to be
implemented
5. Uncertainty of
Data’s Location
Medium(M) Medium(M) Medium(M) Conducting
self-
assessment.
Tracking the storage
of data in the cloud
too.
Controlled access to
the data required
o New Security Threat to Employee data (after moving to SaaS)
Sl.
No.
New Security
Threat/Risk of
employee data
Description (after
moving to SaaS)
Likelihood
Impact
Priority
Preventive
Actions
Contingency Plans
1. Data Breaches High(H) High(H) High(H) 1. Legal
Obligations
2. Use
Encryption
Limiting liability
The policies has to
be made clear by the
lawyer.
2. Data Loss High(H) Very
High(VH)
Very
High(VH)
1. Backup
files
regularly.
2. Don’t open
suspicious
attachments
1. storage in remote
location not within
the system server
3. Lack of
Transparency
Medium(M) Medium(M) Medium(M) 1. Backup
files.
2. Reliability.
1. implementation of
policies regarding
reliability and
developing trust
4. Identity Theft Medium(M) High(H) High(H) 1. Shred
sensitive
documents.
2. Using a
locking
mailbox.
1. data encryption
method to be
implemented
5. Uncertainty of
Data’s Location
Medium(M) Medium(M) Medium(M) Conducting
self-
assessment.
Tracking the storage
of data in the cloud
too.
Controlled access to
the data required
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8SECURITY AND PRIVACY OF EMPLOYEE DATA
Likelihood - VL, L, M, H, VH
Impact- - VL, L, M, H, VH
Priority- - VL, L, M, H, VH
Explain issues
1. Data Breaches: Though security measures are implemented by cloud storage suppliers,
similar threats which impact storage networks threats the cloud environment as well. Customer
information, trade secrets and intellectual property can be exposed by data breach, which causes
serious consequences. A user can listen to activity from one virtual machine which signals the
encryption key’s arrival on another virtual machine within the same host. This is known as “side
channel timing exposure” which results in falling of organization’s internal data to competitors.
Many security protocols are being placed by the reputed cloud services for protecting the
confidential information (Chang, Kuo & Ramachandran, 2016). The most useful method is using
multi-factor authentication and encryption. If a breach occurs with sensitive data available in
cloud, the breach needs to be disclosed by the company and notifications should be sent to
possible victims.
2. Data Loss: The result of intrusive action and malicious action is the data breach. Data
loss can occur when a hard disk crashes and the owner of the hard disk have not kept a backup.
Data loss occurs when the key of the encrypted data is lost by the owner which unlocks it. Data
loss can occur with intention in case of malicious attack. Though chances of data loss are
minimum in cloud, cloud data centres are hacked by hackers for wiping data and gaining access.
Likelihood - VL, L, M, H, VH
Impact- - VL, L, M, H, VH
Priority- - VL, L, M, H, VH
Explain issues
1. Data Breaches: Though security measures are implemented by cloud storage suppliers,
similar threats which impact storage networks threats the cloud environment as well. Customer
information, trade secrets and intellectual property can be exposed by data breach, which causes
serious consequences. A user can listen to activity from one virtual machine which signals the
encryption key’s arrival on another virtual machine within the same host. This is known as “side
channel timing exposure” which results in falling of organization’s internal data to competitors.
Many security protocols are being placed by the reputed cloud services for protecting the
confidential information (Chang, Kuo & Ramachandran, 2016). The most useful method is using
multi-factor authentication and encryption. If a breach occurs with sensitive data available in
cloud, the breach needs to be disclosed by the company and notifications should be sent to
possible victims.
2. Data Loss: The result of intrusive action and malicious action is the data breach. Data
loss can occur when a hard disk crashes and the owner of the hard disk have not kept a backup.
Data loss occurs when the key of the encrypted data is lost by the owner which unlocks it. Data
loss can occur with intention in case of malicious attack. Though chances of data loss are
minimum in cloud, cloud data centres are hacked by hackers for wiping data and gaining access.
9SECURITY AND PRIVACY OF EMPLOYEE DATA
It’s essential for distributing applications in several areas and keep backup of data through off-
site storage whenever possible (Razak, Othman, Aldolah & Ngadi, 2016). Compliance policies
should also be kept in mind what the limitations are with the collected data. The data will be
protected with these rules in case of data breach.
3. Lack of Transparency: SaaS suppliers are secretive and the clients are assured that the
data is being kept safe. SaaS suppliers guarantee that the data will be more secure and files will
be more proficient with them more than the customers. There are several concerns with lack of
transparency of the supplier on how the overall security protocol is handled. Distrust can be
caused to customers by the lack of transparency. Both the industry analysts and the clients do not
get answers of many security questions (Barona & Anita, 2017). However, the lack of
transparency keeps security of the services provided by the SaaS providers. Information divulge
about data centres can compromise the client’s security.
4. Identity Theft: Payments are always required by SaaS providers and done remotely
with credit cards. It causes some concern few users about possible risk. Such problems are
prevented using several security protocols. Availability of identity management may be in the
LDAP directions of the company, on site of SaaS provider or inside the firewall of the firm. It is
also flawed severely as it is an old process. Identity theft is an important concern which is
prevented using several security tools implying usage of additional software and services
payment which guarantee information of credit card’s safety (Saa et al 2017). It is a concern
which is initiated from access managing and the technology might change in time. This can
create concerns for new users having no idea about the supplier before payment.
It’s essential for distributing applications in several areas and keep backup of data through off-
site storage whenever possible (Razak, Othman, Aldolah & Ngadi, 2016). Compliance policies
should also be kept in mind what the limitations are with the collected data. The data will be
protected with these rules in case of data breach.
3. Lack of Transparency: SaaS suppliers are secretive and the clients are assured that the
data is being kept safe. SaaS suppliers guarantee that the data will be more secure and files will
be more proficient with them more than the customers. There are several concerns with lack of
transparency of the supplier on how the overall security protocol is handled. Distrust can be
caused to customers by the lack of transparency. Both the industry analysts and the clients do not
get answers of many security questions (Barona & Anita, 2017). However, the lack of
transparency keeps security of the services provided by the SaaS providers. Information divulge
about data centres can compromise the client’s security.
4. Identity Theft: Payments are always required by SaaS providers and done remotely
with credit cards. It causes some concern few users about possible risk. Such problems are
prevented using several security protocols. Availability of identity management may be in the
LDAP directions of the company, on site of SaaS provider or inside the firewall of the firm. It is
also flawed severely as it is an old process. Identity theft is an important concern which is
prevented using several security tools implying usage of additional software and services
payment which guarantee information of credit card’s safety (Saa et al 2017). It is a concern
which is initiated from access managing and the technology might change in time. This can
create concerns for new users having no idea about the supplier before payment.
10SECURITY AND PRIVACY OF EMPLOYEE DATA
5. Uncertainty of Data’s Location: The position of data centres are not revealed by the
SaaS providers, so buyers are not aware of where the data is stored actually. They must be well
informed of the rules given by the Federal Information Security Management Act (FISMA) also
that states the customers are to keep their sensitive data inside the country. If a customer travels
abroad, the transfer of the client’s information to another SaaS data centres is notified by the
SaaS provider (Singh & Chatterjee, 2017). This signifies that the data which is sensitive of the
client is transferred for client’s own access and convenience, however the user wonders where
the data is stored.
o Severity of risk and threat to security employee data
LIKELIH
OOD
Very High
High 1 2
Medium 3,5 4
Low
Very Low
IMPACT
V
ery Low
L
ow
Medi
um
H
igh
Very
High
5. Uncertainty of Data’s Location: The position of data centres are not revealed by the
SaaS providers, so buyers are not aware of where the data is stored actually. They must be well
informed of the rules given by the Federal Information Security Management Act (FISMA) also
that states the customers are to keep their sensitive data inside the country. If a customer travels
abroad, the transfer of the client’s information to another SaaS data centres is notified by the
SaaS provider (Singh & Chatterjee, 2017). This signifies that the data which is sensitive of the
client is transferred for client’s own access and convenience, however the user wonders where
the data is stored.
o Severity of risk and threat to security employee data
LIKELIH
OOD
Very High
High 1 2
Medium 3,5 4
Low
Very Low
IMPACT
V
ery Low
L
ow
Medi
um
H
igh
Very
High
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
11SECURITY AND PRIVACY OF EMPLOYEE DATA
2. Privacy of Employee Data:
Existing privacy threats and risks to the privacy of employee data:
Sl.
No.
Privacy
Threat/Risk
Description
(Employee
data)
Likelihood
(Probability)
Impact
(Severity)
Priority
Preventive Actions Contingency Plans
1. Vulnerabilities
of the Web
Applications
High
(H)
Very
high
(VH)
High
(H)
Developing applications
that are more secure.
Application which uses
common user names
must be avoided as the
password is the only
requirement for the
hackers in that case and
that too can be realised
using brute force.
Vulnerability is assessed
Procedure of patch
management.
Management of security
configuration
Auditing of high risk
software
Mitigating zero-day
vulnerability.
2. Non transparent
terms or
policies
High
(H)
High
(H)
Very
high
(VH)
The policies must be
made as clear as
possible.
A proper explanation
must be provided by the
company for the users
for better understanding
of the terms of the
policies
The policies terms must be
provided by the company
in simple words for the
users benefit. The claims
made by the users must be
fulfilled on the basis of the
terms and conditions of
the policy.
3. Unnecessary
data collection
Medium
(M)
High
(H)
Very
high
(VH)
Only that much amount
of data must be
collected by the system
The lost data of the system
must be retained at any
cost.
2. Privacy of Employee Data:
Existing privacy threats and risks to the privacy of employee data:
Sl.
No.
Privacy
Threat/Risk
Description
(Employee
data)
Likelihood
(Probability)
Impact
(Severity)
Priority
Preventive Actions Contingency Plans
1. Vulnerabilities
of the Web
Applications
High
(H)
Very
high
(VH)
High
(H)
Developing applications
that are more secure.
Application which uses
common user names
must be avoided as the
password is the only
requirement for the
hackers in that case and
that too can be realised
using brute force.
Vulnerability is assessed
Procedure of patch
management.
Management of security
configuration
Auditing of high risk
software
Mitigating zero-day
vulnerability.
2. Non transparent
terms or
policies
High
(H)
High
(H)
Very
high
(VH)
The policies must be
made as clear as
possible.
A proper explanation
must be provided by the
company for the users
for better understanding
of the terms of the
policies
The policies terms must be
provided by the company
in simple words for the
users benefit. The claims
made by the users must be
fulfilled on the basis of the
terms and conditions of
the policy.
3. Unnecessary
data collection
Medium
(M)
High
(H)
Very
high
(VH)
Only that much amount
of data must be
collected by the system
The lost data of the system
must be retained at any
cost.
12SECURITY AND PRIVACY OF EMPLOYEE DATA
which is actually
required for the user’s
interaction to the
system.
The remaining data of the
system is kept secured.
4. Third party
sharing of data
Medium
(M)
High
(H)
Medium
(M)
Third party access of
the data must be
prevented by providing
access control measures
to the system.
Implantation of
biometrics
Implementation of
encrypted data can help.
5. Transferring
data in an
insecure
manner.
Medium
(M)
Very
high
(VH)
High
(H)
The transfer of data
should take place within
end to end encrypted
system.
No third party invasion
must be neglected
Employees must be trained
in a way such that they can
handle issues like this and
prevent this mistake from
repeating.
The risk regarding the old system of data management are discussed below:
1. Vulnerabilities of the web applications: There is one problem that persists in all the
system that guards sensitive data or operates on them; vulnerabilities. Privacy breach
occurs in a system when there is a failure in designing a suitable application or its’ proper
implementation. Failure of problem detection or failure in applying a patch fixation also
results in a privacy breakage.
These vulnerabilities are firstly assessed. Assessment of vulnerability is
mandatory as identification of the cause of the risk is important for mitigating the issue
(Haney et al, 2017). Orchestration, customization and automation of the entire patch
process is necessary. Downloading, testing and deploying the patches automatically to
Mac, Windows, Linux and over as many as 250 third party application at no extra cost,
with a patching module which is integral. Enforcing stronger passwords to the system for
which is actually
required for the user’s
interaction to the
system.
The remaining data of the
system is kept secured.
4. Third party
sharing of data
Medium
(M)
High
(H)
Medium
(M)
Third party access of
the data must be
prevented by providing
access control measures
to the system.
Implantation of
biometrics
Implementation of
encrypted data can help.
5. Transferring
data in an
insecure
manner.
Medium
(M)
Very
high
(VH)
High
(H)
The transfer of data
should take place within
end to end encrypted
system.
No third party invasion
must be neglected
Employees must be trained
in a way such that they can
handle issues like this and
prevent this mistake from
repeating.
The risk regarding the old system of data management are discussed below:
1. Vulnerabilities of the web applications: There is one problem that persists in all the
system that guards sensitive data or operates on them; vulnerabilities. Privacy breach
occurs in a system when there is a failure in designing a suitable application or its’ proper
implementation. Failure of problem detection or failure in applying a patch fixation also
results in a privacy breakage.
These vulnerabilities are firstly assessed. Assessment of vulnerability is
mandatory as identification of the cause of the risk is important for mitigating the issue
(Haney et al, 2017). Orchestration, customization and automation of the entire patch
process is necessary. Downloading, testing and deploying the patches automatically to
Mac, Windows, Linux and over as many as 250 third party application at no extra cost,
with a patching module which is integral. Enforcing stronger passwords to the system for
13SECURITY AND PRIVACY OF EMPLOYEE DATA
better protection of the user data is important. Getting rid of the unauthorized software or
the software which are not supported by the system must be inspected (Khan & Latiful
Hoque, 2016). Remote desktop sharing, software that are marked as unsafe needs to be
removed in no time.
2. Non transparent terms or policies: Providing insufficient information on the privacy
terms and policies of the company leads to misguidance regarding the process of data
collection, its storage. Thus, the information are not properly understood by the non-
lawyer personnel. The non-lawyer personnel includes the normal people who depends on
the company for their data security and retaining of privacy of data. The policies has to
be written down in a simpler language such that the users can understand them without
hindrance (Esposito, 2018). The employee must be trained enough to make the policies
understood by the users approaching them for help.
3. Unnecessary data collection: the company collects many data which are irrelevant. These
data are not required by the company’s primary purpose. Demographic or descriptive
data collection is not required by the system. There are a few data which are not
consented by the user. The user data protection is one of the main function of any
organisation like DAS. There are certain data collected by the organisation like the
personal interests, places visited often and many more are not only irrelevant but also of
not much importance for the organisation (Hahn & Hur, 2016). These are private
information which can be accessed and misused once the data is leaked. Hence, the risk
becomes high.
4. Third party sharing of data: third party data sharing is ethically illegal as it done without
the user’s consent. There are data which are shared by the third party on the basis of trust
better protection of the user data is important. Getting rid of the unauthorized software or
the software which are not supported by the system must be inspected (Khan & Latiful
Hoque, 2016). Remote desktop sharing, software that are marked as unsafe needs to be
removed in no time.
2. Non transparent terms or policies: Providing insufficient information on the privacy
terms and policies of the company leads to misguidance regarding the process of data
collection, its storage. Thus, the information are not properly understood by the non-
lawyer personnel. The non-lawyer personnel includes the normal people who depends on
the company for their data security and retaining of privacy of data. The policies has to
be written down in a simpler language such that the users can understand them without
hindrance (Esposito, 2018). The employee must be trained enough to make the policies
understood by the users approaching them for help.
3. Unnecessary data collection: the company collects many data which are irrelevant. These
data are not required by the company’s primary purpose. Demographic or descriptive
data collection is not required by the system. There are a few data which are not
consented by the user. The user data protection is one of the main function of any
organisation like DAS. There are certain data collected by the organisation like the
personal interests, places visited often and many more are not only irrelevant but also of
not much importance for the organisation (Hahn & Hur, 2016). These are private
information which can be accessed and misused once the data is leaked. Hence, the risk
becomes high.
4. Third party sharing of data: third party data sharing is ethically illegal as it done without
the user’s consent. There are data which are shared by the third party on the basis of trust
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
14SECURITY AND PRIVACY OF EMPLOYEE DATA
towards the company. The sharing of results of the transactions which may be monetary
or conversational leads to the leakage of unconsented data release to the third party;
causing privacy breach (Joshi, Joshi & Rani, 2017). It is the responsibility of the
company to swear for the protection of the data at any cost. End to end encryption may be
used to stop access of third party to the system’s data.
5. Transferring data in an insecure manner: the data transferring policy of different company
varies from the others. Data files are to be transferred in encrypted manner. The failure to
provide proper encryption to the data makes it vulnerable (Abuhussein, 2016). Leakage
of non-encrypted data exposes every single information stored in the data.
Training the employees well enough to transfer the data in a secured manner is
essential. Handling encrypted data must be let known to the employees.
towards the company. The sharing of results of the transactions which may be monetary
or conversational leads to the leakage of unconsented data release to the third party;
causing privacy breach (Joshi, Joshi & Rani, 2017). It is the responsibility of the
company to swear for the protection of the data at any cost. End to end encryption may be
used to stop access of third party to the system’s data.
5. Transferring data in an insecure manner: the data transferring policy of different company
varies from the others. Data files are to be transferred in encrypted manner. The failure to
provide proper encryption to the data makes it vulnerable (Abuhussein, 2016). Leakage
of non-encrypted data exposes every single information stored in the data.
Training the employees well enough to transfer the data in a secured manner is
essential. Handling encrypted data must be let known to the employees.
15SECURITY AND PRIVACY OF EMPLOYEE DATA
S.No New Privacy
Threat/Risk of
employee data
Description
(after moving
to Saas)
Likelihood
Impact
Priority
Preventive
Actions
Contingency
Plans
1. Access High
(H)
High
(H)
High
(H )
A very
reasonable
ground for
processing
personal data
must be used.
Access
controllers must
be implemented.
Knowing the
network; as it is
not possible to
have an idea
about what is
going on in the
cloud.
2. Storage Medium
(M)
Medium
(M)
High
(H)
The storage must
be filled in a
segregated
manner
Keeping a track
of what is been
uploaded in the
cloud storage in
a remote device
may help
3. Retention or
Destruction
High
(H)
Medium
(M)
Medium
(M)
Unauthorized
retention or
destruction
should be
stopped strictly.
Back up must
be created,
which shall also
be removed on
request of the
user.
4. Compliance Medium
(M)
High
(H)
High
(H)
Proper
monitoring must
be done.
Monitoring of
data shall be
done in such a
way that the
tracking
S.No New Privacy
Threat/Risk of
employee data
Description
(after moving
to Saas)
Likelihood
Impact
Priority
Preventive
Actions
Contingency
Plans
1. Access High
(H)
High
(H)
High
(H )
A very
reasonable
ground for
processing
personal data
must be used.
Access
controllers must
be implemented.
Knowing the
network; as it is
not possible to
have an idea
about what is
going on in the
cloud.
2. Storage Medium
(M)
Medium
(M)
High
(H)
The storage must
be filled in a
segregated
manner
Keeping a track
of what is been
uploaded in the
cloud storage in
a remote device
may help
3. Retention or
Destruction
High
(H)
Medium
(M)
Medium
(M)
Unauthorized
retention or
destruction
should be
stopped strictly.
Back up must
be created,
which shall also
be removed on
request of the
user.
4. Compliance Medium
(M)
High
(H)
High
(H)
Proper
monitoring must
be done.
Monitoring of
data shall be
done in such a
way that the
tracking
16SECURITY AND PRIVACY OF EMPLOYEE DATA
New Security Threat to Employee data (after moving to SaaS)
Likelihood - VL, L,M, H, VH
Impact- - VL, L,M, H, VH
Priority- - VL, L, M,H, VH
The most evident risk areas with respect to the privacy policy for using SaaS services:
1) Access: SaaS is the part of cloud computing which makes usage of internet for
transmission and storage of data. The secure web services, secure transmissions with the
help of proper encryption, IAM (stands for Identity and Access management) and few
others helps in preventing the data interception while transmission (Yen, 2017). The main
issue rise when the organisation fails to provide every individual with the access to all
personal data.
2) Storage: For an organisation to work successfully with SaaS the most important thing to
take in account is segregation of data. The DAS is an organisation that controls the
payroll, management, contract for tendering management and procurement. In order to
move all of them into the cloud needs proper segregation of data. The different customer
shares similar infrastructure which affects the segregation process. Where the data is
stored collectively in a cloud raises concern. In certain European countries there are laws
for the transfer of information to countries other than European countries (Mahalle,
2018). The data stored in the clouds may be transferred without informing the
organisation in advance or without the knowledge of the organisation at all. This may
cause violation of the local law.
3) Retention and destruction: The data are retained for the sake of ensuring whether the
business are maintaining compliance with the federal law of the state. There are certain
retention schedules that are designed to decide how long the documents are supposed to
stay in the system and when they must be removed from the system. On request or the
demand of the subject, the data may have to be removed completely from the system. The
main concern in case of data retention is the assurance of complete data removal from the
system (Kikitamara, van Eekelen & Doomernik, 2017). It may happen so, the data is not
completely removed or destroyed from the cloud. The risk in cloud assurance; whether
New Security Threat to Employee data (after moving to SaaS)
Likelihood - VL, L,M, H, VH
Impact- - VL, L,M, H, VH
Priority- - VL, L, M,H, VH
The most evident risk areas with respect to the privacy policy for using SaaS services:
1) Access: SaaS is the part of cloud computing which makes usage of internet for
transmission and storage of data. The secure web services, secure transmissions with the
help of proper encryption, IAM (stands for Identity and Access management) and few
others helps in preventing the data interception while transmission (Yen, 2017). The main
issue rise when the organisation fails to provide every individual with the access to all
personal data.
2) Storage: For an organisation to work successfully with SaaS the most important thing to
take in account is segregation of data. The DAS is an organisation that controls the
payroll, management, contract for tendering management and procurement. In order to
move all of them into the cloud needs proper segregation of data. The different customer
shares similar infrastructure which affects the segregation process. Where the data is
stored collectively in a cloud raises concern. In certain European countries there are laws
for the transfer of information to countries other than European countries (Mahalle,
2018). The data stored in the clouds may be transferred without informing the
organisation in advance or without the knowledge of the organisation at all. This may
cause violation of the local law.
3) Retention and destruction: The data are retained for the sake of ensuring whether the
business are maintaining compliance with the federal law of the state. There are certain
retention schedules that are designed to decide how long the documents are supposed to
stay in the system and when they must be removed from the system. On request or the
demand of the subject, the data may have to be removed completely from the system. The
main concern in case of data retention is the assurance of complete data removal from the
system (Kikitamara, van Eekelen & Doomernik, 2017). It may happen so, the data is not
completely removed or destroyed from the cloud. The risk in cloud assurance; whether
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
17SECURITY AND PRIVACY OF EMPLOYEE DATA
the data uploaded in the cloud is actually destroyed or SSP is partially keeping a track of
the data somewhere else.
4) Compliance: Monitoring the activities in the cloud is essential. Reporting is done on the
basis of the monitoring. The question arises as the cloud replicates information in
multiple other system and websites. It is quite challenging for SSP to monitor such an
abundant data (Gozman & Willcocks, 2019). Hence, it is unclear whether the data or the
information can actually be monitored when it is in cloud.
o Severity of risk and threat to privacy employee data
Probabilit
y (Likelihood)
Very
High
High 3 1
Medium 2 4
Low
Very Low
Severity
(Impact)
Ver
y Low Low
Mediu
m
Hig
h
Ver
y High
3. Digital Identity Issues (threats and risks to the digital identities of Government
employees from the move to SaaS applications)
1. Identity Theft: Identity theft is the first threat exposed. Another identity’s digital
identity is used by the attacker for impersonating him. The figure of this threat is “phishing”
attack which impersonate a website and users are invited for logging in through digital identity.
Authentication is a security property which matches the threat of identity theft. The
authentication is available in verification of an entity’s digital identity (Chen, Takabi & Le-Khac,
the data uploaded in the cloud is actually destroyed or SSP is partially keeping a track of
the data somewhere else.
4) Compliance: Monitoring the activities in the cloud is essential. Reporting is done on the
basis of the monitoring. The question arises as the cloud replicates information in
multiple other system and websites. It is quite challenging for SSP to monitor such an
abundant data (Gozman & Willcocks, 2019). Hence, it is unclear whether the data or the
information can actually be monitored when it is in cloud.
o Severity of risk and threat to privacy employee data
Probabilit
y (Likelihood)
Very
High
High 3 1
Medium 2 4
Low
Very Low
Severity
(Impact)
Ver
y Low Low
Mediu
m
Hig
h
Ver
y High
3. Digital Identity Issues (threats and risks to the digital identities of Government
employees from the move to SaaS applications)
1. Identity Theft: Identity theft is the first threat exposed. Another identity’s digital
identity is used by the attacker for impersonating him. The figure of this threat is “phishing”
attack which impersonate a website and users are invited for logging in through digital identity.
Authentication is a security property which matches the threat of identity theft. The
authentication is available in verification of an entity’s digital identity (Chen, Takabi & Le-Khac,
18SECURITY AND PRIVACY OF EMPLOYEE DATA
2019). For authenticating the digital identity present in an entity, a subset which composes the
digital identity should belong with one or more of the classes.
2. Identity Tampering: For establishing trust, an observer is required to make sure of that
an attacker could not tamper with entity’s claims which it requires for identity. It is essential
while conducting with claims which are used in authentication. The property of integrity prevent
such kind of attack on digital identity with assurance of no data modification within the time
when read by observer and the time being released. A key is shared within a sender and a
receiver. The sender evaluate a message’s MAC with the key and it is sent with the message
(Ethelbert et al, 2017). The receiver also evaluates the message’s MAC and compares with the
one received. If both the codes are same, the receiver assures that the message is not altered.
3. Authorization: The authorization property is also addressed as one of the properties of
digital identity. The capacities of an entity can be expressed by the claims so the specific rights
can be referred. In many cases, the claims of capacity are not used and the digital identity’s
rights are defined in particular security policies. The threat related to authorization property is
known as privilege escalation, an attacker attempts to gain more essential rights in a system (Al-
Ruithe, Benkhelifa & Hameed, 2018). This can be done with modification the capacity claims
for impersonating another entity.
4. Linkability -Unlinkability: Unlinkability aims to disclose the link which exists in
between many entities. If two or more digital identities are used by a user, it is not possible for
an attacker in linking them (Sturrus & Kulikova, 2016). This means if two different systems use
the same identity, a link cannot be done between them.
2019). For authenticating the digital identity present in an entity, a subset which composes the
digital identity should belong with one or more of the classes.
2. Identity Tampering: For establishing trust, an observer is required to make sure of that
an attacker could not tamper with entity’s claims which it requires for identity. It is essential
while conducting with claims which are used in authentication. The property of integrity prevent
such kind of attack on digital identity with assurance of no data modification within the time
when read by observer and the time being released. A key is shared within a sender and a
receiver. The sender evaluate a message’s MAC with the key and it is sent with the message
(Ethelbert et al, 2017). The receiver also evaluates the message’s MAC and compares with the
one received. If both the codes are same, the receiver assures that the message is not altered.
3. Authorization: The authorization property is also addressed as one of the properties of
digital identity. The capacities of an entity can be expressed by the claims so the specific rights
can be referred. In many cases, the claims of capacity are not used and the digital identity’s
rights are defined in particular security policies. The threat related to authorization property is
known as privilege escalation, an attacker attempts to gain more essential rights in a system (Al-
Ruithe, Benkhelifa & Hameed, 2018). This can be done with modification the capacity claims
for impersonating another entity.
4. Linkability -Unlinkability: Unlinkability aims to disclose the link which exists in
between many entities. If two or more digital identities are used by a user, it is not possible for
an attacker in linking them (Sturrus & Kulikova, 2016). This means if two different systems use
the same identity, a link cannot be done between them.
19SECURITY AND PRIVACY OF EMPLOYEE DATA
5. Revocation: The claims of identity can be changed over time. When a sensitive data is
accessed by a digital identity, it is crucial for enabling the revocation. A claim with a validity
period is supposed and mechanism of revocation is used for prevention of usage (Vivienne,
2016). Protection of identity theft is also done with revocation property.
6. Confidentiality: Another warning for digital identity is confidentiality or data theft.
The property of confidentiality assures the access of only intended entities to message’s content
(Vivienne, 2016). The usual process of this property is encrypting messages.
Conclusion:
It is quite evident from the above discussion that risk prevails no matter where the data is
moved for more safety. Cloud computing is very effective for all sorts of organization. A huge
quantity of data is stored in the cloud. But there are some risks that prevails even after that.
These risks include the loss of data, data breaches, access control, retention and many more.
Therefore these issues regarding the cloud storage of data using SaaS technology has to be fixed.
Usage of various techniques to mitigate the prevailing risk is discussed in the report. DAS
operating system which used to provide services to the state Government of Australia is made
aware of the risks that are prevailing in the “Shared service” where they have moved their
databases into. It has a lots of benefits on its own but there are certain threats which are very
important for the service holders to pay attention to and try to diagnose and fix them as soon as
possible for smooth running of the organization and preventing all sort of data loss or privacy
breaches in the organization. The integrity of the data should be maintained as per all the
requirements of the organization as well as the users. Security and the privacy of the user’s
databases has to be improved further.
5. Revocation: The claims of identity can be changed over time. When a sensitive data is
accessed by a digital identity, it is crucial for enabling the revocation. A claim with a validity
period is supposed and mechanism of revocation is used for prevention of usage (Vivienne,
2016). Protection of identity theft is also done with revocation property.
6. Confidentiality: Another warning for digital identity is confidentiality or data theft.
The property of confidentiality assures the access of only intended entities to message’s content
(Vivienne, 2016). The usual process of this property is encrypting messages.
Conclusion:
It is quite evident from the above discussion that risk prevails no matter where the data is
moved for more safety. Cloud computing is very effective for all sorts of organization. A huge
quantity of data is stored in the cloud. But there are some risks that prevails even after that.
These risks include the loss of data, data breaches, access control, retention and many more.
Therefore these issues regarding the cloud storage of data using SaaS technology has to be fixed.
Usage of various techniques to mitigate the prevailing risk is discussed in the report. DAS
operating system which used to provide services to the state Government of Australia is made
aware of the risks that are prevailing in the “Shared service” where they have moved their
databases into. It has a lots of benefits on its own but there are certain threats which are very
important for the service holders to pay attention to and try to diagnose and fix them as soon as
possible for smooth running of the organization and preventing all sort of data loss or privacy
breaches in the organization. The integrity of the data should be maintained as per all the
requirements of the organization as well as the users. Security and the privacy of the user’s
databases has to be improved further.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
20SECURITY AND PRIVACY OF EMPLOYEE DATA
21SECURITY AND PRIVACY OF EMPLOYEE DATA
Reference
Abuhussein, A., Alsubaei, F., Shiva, S., & Sheldon, F. T. (2016, June). Evaluating
Security and Privacy in Cloud Services. In 2016 IEEE 40th Annual Computer
Software and Applications Conference (COMPSAC) (Vol. 1, pp. 683-686). IEEE.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018). Key Issues for Embracing the
Cloud Computing to Adopt a Digital Transformation: A study of Saudi Public
Sector. Procedia computer science, 130, 1037-1043.
Backes, M., Berrang, P., Humbert, M., & Manoharan, P. (2016, October). Membership
privacy in MicroRNA-based studies. In Proceedings of the 2016 ACM SIGSAC
Conference on Computer and Communications Security (pp. 319-330). ACM.
Barona, R., & Anita, E. M. (2017, April). A survey on data breach challenges in cloud
computing security: Issues and threats. In 2017 International Conference on
Circuit, Power and Computing Technologies (ICCPCT) (pp. 1-8). IEEE.
Barona, R., & Anita, E. M. (2017, April). A survey on data breach challenges in cloud
computing security: Issues and threats. In 2017 International Conference on
Circuit, Power and Computing Technologies (ICCPCT) (pp. 1-8). IEEE.
Beautement, A., Becker, I., Parkin, S., Krol, K., & Sasse, A. (2016). Productive security:
A scalable methodology for analysing employee security behaviours. In Twelfth
Symposium on Usable Privacy and Security ({SOUPS} 2016) (pp. 253-270).
Reference
Abuhussein, A., Alsubaei, F., Shiva, S., & Sheldon, F. T. (2016, June). Evaluating
Security and Privacy in Cloud Services. In 2016 IEEE 40th Annual Computer
Software and Applications Conference (COMPSAC) (Vol. 1, pp. 683-686). IEEE.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018). Key Issues for Embracing the
Cloud Computing to Adopt a Digital Transformation: A study of Saudi Public
Sector. Procedia computer science, 130, 1037-1043.
Backes, M., Berrang, P., Humbert, M., & Manoharan, P. (2016, October). Membership
privacy in MicroRNA-based studies. In Proceedings of the 2016 ACM SIGSAC
Conference on Computer and Communications Security (pp. 319-330). ACM.
Barona, R., & Anita, E. M. (2017, April). A survey on data breach challenges in cloud
computing security: Issues and threats. In 2017 International Conference on
Circuit, Power and Computing Technologies (ICCPCT) (pp. 1-8). IEEE.
Barona, R., & Anita, E. M. (2017, April). A survey on data breach challenges in cloud
computing security: Issues and threats. In 2017 International Conference on
Circuit, Power and Computing Technologies (ICCPCT) (pp. 1-8). IEEE.
Beautement, A., Becker, I., Parkin, S., Krol, K., & Sasse, A. (2016). Productive security:
A scalable methodology for analysing employee security behaviours. In Twelfth
Symposium on Usable Privacy and Security ({SOUPS} 2016) (pp. 253-270).
22SECURITY AND PRIVACY OF EMPLOYEE DATA
Bosch, N., & Micevska-Scharf, M. (2017). Who bears the burden of social security
contributions in the Netherlands? Evidence from Dutch administrative data. De
Economist, 165(2), 205-224.
Chang, V., Kuo, Y. H., & Ramachandran, M. (2016). Cloud computing adoption
framework: A security framework for business clouds. Future Generation
Computer Systems, 57, 24-41.
Chen, L., Takabi, H., & Le-Khac, N. A. (Eds.). (2019). Security, Privacy, and Digital
Forensics in the Cloud. John Wiley & Sons.
Esposito, C., De Santis, A., Tortora, G., Chang, H., & Choo, K. K. R. (2018).
Blockchain: A panacea for healthcare cloud-based data security and privacy?.
IEEE Cloud Computing, 5(1), 31-37.
Ethelbert, O., Moghaddam, F. F., Wieder, P., & Yahyapour, R. (2017, August). A JSON
token-based authentication and access management schema for Cloud SaaS
applications. In 2017 IEEE 5th International Conference on Future Internet of
Things and Cloud (FiCloud) (pp. 47-53). IEEE.
Gozman, D., & Willcocks, L. (2019). The emerging Cloud Dilemma: Balancing
innovation with cross-border privacy and outsourcing regulations. Journal of
Business Research, 97, 235-256.
Hahn, C., & Hur, J. (2016). Efficient and privacy-preserving biometric identification in
cloud. ICT Express, 2(3), 135-139.
Bosch, N., & Micevska-Scharf, M. (2017). Who bears the burden of social security
contributions in the Netherlands? Evidence from Dutch administrative data. De
Economist, 165(2), 205-224.
Chang, V., Kuo, Y. H., & Ramachandran, M. (2016). Cloud computing adoption
framework: A security framework for business clouds. Future Generation
Computer Systems, 57, 24-41.
Chen, L., Takabi, H., & Le-Khac, N. A. (Eds.). (2019). Security, Privacy, and Digital
Forensics in the Cloud. John Wiley & Sons.
Esposito, C., De Santis, A., Tortora, G., Chang, H., & Choo, K. K. R. (2018).
Blockchain: A panacea for healthcare cloud-based data security and privacy?.
IEEE Cloud Computing, 5(1), 31-37.
Ethelbert, O., Moghaddam, F. F., Wieder, P., & Yahyapour, R. (2017, August). A JSON
token-based authentication and access management schema for Cloud SaaS
applications. In 2017 IEEE 5th International Conference on Future Internet of
Things and Cloud (FiCloud) (pp. 47-53). IEEE.
Gozman, D., & Willcocks, L. (2019). The emerging Cloud Dilemma: Balancing
innovation with cross-border privacy and outsourcing regulations. Journal of
Business Research, 97, 235-256.
Hahn, C., & Hur, J. (2016). Efficient and privacy-preserving biometric identification in
cloud. ICT Express, 2(3), 135-139.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
23SECURITY AND PRIVACY OF EMPLOYEE DATA
Haney, S., Machanavajjhala, A., Abowd, J. M., Graham, M., Kutzbach, M., & Vilhuber,
L. (2017, May). Utility cost of formal privacy for releasing national employer-
employee statistics. In Proceedings of the 2017 ACM International Conference on
Management of Data (pp. 1339-1354). ACM.
Joshi, B., Joshi, B., & Rani, K. (2017). Mitigating data segregation and privacy issues in
cloud computing. In Proceedings of International Conference on Communication
and Networks (pp. 175-182). Springer, Singapore.
Kearns, G. S. (2016). Countering mobile device threats: A mobile device security model.
Journal of Forensic & Investigative Accounting, 8(1), 36-48.
Kent, A. D. (2016). Cyber security data sources for dynamic network research. In
Dynamic Networks and Cyber-Security (pp. 37-65).
Khan, S. I., & Latiful Hoque, A. S. M. (2016). Digital Health Data: A Comprehensive
Review of Privacy and Security Risks and Some Recommendations. Computer
Science Journal of Moldova, 24(2).
Kikitamara, S., van Eekelen, M. C. J. D., & Doomernik, D. I. J. P. (2017). Digital identity
management on blockchain for open model energy system. Unpublished Masters
thesis–Information Science.
Kotenko, I. V., Levshun, D. S., & Chechulin, A. A. (2016, May). Event correlation in the
integrated cyber-physical security system. In 2016 XIX IEEE International
Conference on Soft Computing and Measurements (SCM) (pp. 484-486). IEEE.
Haney, S., Machanavajjhala, A., Abowd, J. M., Graham, M., Kutzbach, M., & Vilhuber,
L. (2017, May). Utility cost of formal privacy for releasing national employer-
employee statistics. In Proceedings of the 2017 ACM International Conference on
Management of Data (pp. 1339-1354). ACM.
Joshi, B., Joshi, B., & Rani, K. (2017). Mitigating data segregation and privacy issues in
cloud computing. In Proceedings of International Conference on Communication
and Networks (pp. 175-182). Springer, Singapore.
Kearns, G. S. (2016). Countering mobile device threats: A mobile device security model.
Journal of Forensic & Investigative Accounting, 8(1), 36-48.
Kent, A. D. (2016). Cyber security data sources for dynamic network research. In
Dynamic Networks and Cyber-Security (pp. 37-65).
Khan, S. I., & Latiful Hoque, A. S. M. (2016). Digital Health Data: A Comprehensive
Review of Privacy and Security Risks and Some Recommendations. Computer
Science Journal of Moldova, 24(2).
Kikitamara, S., van Eekelen, M. C. J. D., & Doomernik, D. I. J. P. (2017). Digital identity
management on blockchain for open model energy system. Unpublished Masters
thesis–Information Science.
Kotenko, I. V., Levshun, D. S., & Chechulin, A. A. (2016, May). Event correlation in the
integrated cyber-physical security system. In 2016 XIX IEEE International
Conference on Soft Computing and Measurements (SCM) (pp. 484-486). IEEE.
24SECURITY AND PRIVACY OF EMPLOYEE DATA
Mahalle, A., Yong, J., Tao, X., & Shen, J. (2018, May). Data Privacy and System
Security for Banking and Financial Services Industry based on Cloud Computing
Infrastructure. In 2018 IEEE 22nd International Conference on Computer
Supported Cooperative Work in Design ((CSCWD)) (pp. 407-413). IEEE.
Malik, M., & Patel, T. (2016). Database securityattacks and control methods.
International Journal of Information, 6(1/2), 175-183.
McIlwraith, A. (2016). Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge.
Ramachandran, M., & Chang, V. (2016). Towards performance evaluation of cloud
service providers for cloud data security. International Journal of Information
Management, 36(4), 618-625.
Razak, S. A., Othman, S. H., Aldolah, A. A., & Ngadi, M. A. (2016). Conceptual
investigation process model for managing database forensic investigation
knowledge. Res. J. Appl. Sci., Eng. Technol., 12(4), 386-394.
Saa, P., Moscoso-Zea, O., Costales, A. C., & Luján-Mora, S. (2017, June). Data security
issues in cloud-based Software-as-a-Service ERP. In 2017 12th Iberian
Conference on Information Systems and Technologies (CISTI) (pp. 1-7). IEEE.
Shakir, M., Hammood, M., & Muttar, A. K. (2018). Literature review of security issues
in saas for public cloud computing: a meta-analysis. International Journal of
Engineering & Technology, 7(3), 1161-1171.
Mahalle, A., Yong, J., Tao, X., & Shen, J. (2018, May). Data Privacy and System
Security for Banking and Financial Services Industry based on Cloud Computing
Infrastructure. In 2018 IEEE 22nd International Conference on Computer
Supported Cooperative Work in Design ((CSCWD)) (pp. 407-413). IEEE.
Malik, M., & Patel, T. (2016). Database securityattacks and control methods.
International Journal of Information, 6(1/2), 175-183.
McIlwraith, A. (2016). Information security and employee behaviour: how to reduce risk
through employee education, training and awareness. Routledge.
Ramachandran, M., & Chang, V. (2016). Towards performance evaluation of cloud
service providers for cloud data security. International Journal of Information
Management, 36(4), 618-625.
Razak, S. A., Othman, S. H., Aldolah, A. A., & Ngadi, M. A. (2016). Conceptual
investigation process model for managing database forensic investigation
knowledge. Res. J. Appl. Sci., Eng. Technol., 12(4), 386-394.
Saa, P., Moscoso-Zea, O., Costales, A. C., & Luján-Mora, S. (2017, June). Data security
issues in cloud-based Software-as-a-Service ERP. In 2017 12th Iberian
Conference on Information Systems and Technologies (CISTI) (pp. 1-7). IEEE.
Shakir, M., Hammood, M., & Muttar, A. K. (2018). Literature review of security issues
in saas for public cloud computing: a meta-analysis. International Journal of
Engineering & Technology, 7(3), 1161-1171.
25SECURITY AND PRIVACY OF EMPLOYEE DATA
Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges: A survey.
Journal of Network and Computer Applications, 79, 88-115.
Sturrus, E., & Kulikova, O. (2016). Identity and Access Management. Encyclopedia of
Cloud Computing, 396, 405.
Venkataramanan, N., & Shriram, A. (2016). Data privacy: principles and practice.
Chapman and Hall/CRC.
Vivienne, S. (2016). Digital identity and everyday activism: Sharing private stories with
networked publics. Springer.
Yen, I. L., Bastani, F., Huang, Y., Zhang, Y., & Yao, X. (2017, June). SaaS for
automated job performance appraisals using service technologies and big data
analytics. In 2017 IEEE International Conference on Web Services (ICWS) (pp.
412-419). IEEE.
Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges: A survey.
Journal of Network and Computer Applications, 79, 88-115.
Sturrus, E., & Kulikova, O. (2016). Identity and Access Management. Encyclopedia of
Cloud Computing, 396, 405.
Venkataramanan, N., & Shriram, A. (2016). Data privacy: principles and practice.
Chapman and Hall/CRC.
Vivienne, S. (2016). Digital identity and everyday activism: Sharing private stories with
networked publics. Springer.
Yen, I. L., Bastani, F., Huang, Y., Zhang, Y., & Yao, X. (2017, June). SaaS for
automated job performance appraisals using service technologies and big data
analytics. In 2017 IEEE International Conference on Web Services (ICWS) (pp.
412-419). IEEE.
1 out of 25
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.