Scenario You are the principal consultant for a community based Charity. The Charity is involved in...

Question

Scenario
You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to disadvantaged people in the community.
The Charity cu
ently runs a small data centre that has some 50 x86 64 bit servers running mainly Windows Server 2008 R2 for desktop services, database and file services. It also has 10 Red Hat Enterprise Linux 5 servers to service public facing Web pages, Web services and support.
The Charity is considering joining a community cloud provided by a public cloud vendor in order to provide a number of applications to all 500 support staff and administrative users. A small number of the Charity's applications are mission critical and the data that those applications use is both confidential and time sensitive.
The community cloud would also be used to store the Charity's 200TB of data. The data would be held in a SaaS database run by the public cloud vendor. The Charity's data contains a considerable amount of confidential information about the people to whom the Charity provides services.
The Charity collects PII data on the clients who use its services so that it can assist them to manage their different service requirements. This PII data also includes holding some digital identity data for some of the more disadvantaged clients, particularly if they also have mental health issues.
The cloud vendor has made a presentation to management that indicates that operational costs will drop dramatically if the cloud model is adopted. However, the Board of the Charity is concerned with the privacy and security of the data that it holds on the people that it provides services to in the community. It is concerned that a data
each may cause considerable damage to substantially disadvantaged people in the community.
The Board asks that you prepare a report that proposes appropriate privacy and security policies for the Charity's data.
The charity has also decided to:
· Purchase a HR and personnel management application from a US based company that provides a SaaS solution.
· The application will provide the charity with a complete HR suite, which will also include performance management. The application provider has advised that the company's main database is in California, with a replica in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider's processing centre in Bangalore, India.
· Employee data will be uploaded from the charity daily at 12:00 AEST. This will be processed in Bangalore before being loaded into the main provider database.
· Employees can access their HR and Performance Management information through a link placed on the Charity intranet. Each employee will use their internal charity digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by the charity's Active Directory instance and is used for internal authentication and authorisation.
· Move the charity payroll to a COTS (Commercial Off The Shelf) application that it will manage in a public cloud;
· Move the charity Intranet into a Microsoft SharePoint PaaS offering so that it can provide Intranet services to all agencies in the WofG.
Tasks
You have been engaged to provide a risk assessment for the planned moves to SaaS application offerings.
You are to write a report that assesses the risks to the charity for just their planned moves in the HR area:
1. Consider the data and information that the charity holds on its employees in the cu
ent HR system.
1. Establish the existing threats and risks to the security of that data and information contained in the in-house HR database. (10 marks)
2. Are there any additional risks and threats to employee data that may arise after migration to an SaaS application? (10 marks)
3. Assess the resulting severity of risk and threat to employee data. (10 marks)
2. Consider the privacy of the data for those employees who will move to an SaaS application.
1. Establish the existing threats and risks to the privacy of that data and information contained in the in house HR database. (10 marks)
2. Are there any additional risks and threats to the privacy of the employee data after migration to an SaaS application? (10 marks)
3. Assess the resulting severity of risk and threat to the privacy of employee data. (10 marks)
3. What are the threats and risks to the digital identities of charity employees from the move to SaaS applications? (10 marks)
4. Consider the operational solution and location(s) of the SaaS provider for HR management. Does either the operational solution, or the operational location, or both, increase or mitigate the threats and risks identified for the security and privacy of employee data? (20 marks)
5. Are there any issues of ethics, data sensitivity or jurisdiction that should be considered by the charity? (10 marks)
You are to provide a written report with the following headings:
· Security of Employee Data
· Privacy of Employee Data
· Digital Identity Issues
· Provider Solution Issues
· Data Sensitivity
As a rough guide, the report should not be longer than about 5,000 words.

tae_636691538617912628_120094_1.docx

Amit · Accepted Answer

Full Name : 
	
	Student ID : 
	
	Subject : 
	
	Assignment No : 
	
	Due Date : 
	
	Lecturer’s Name : 
	
ITC – 568 (Assignment - 2)
Your Name:
Your Email:
College name, University name, Country name
Table of Contents
A.	Introduction	3
B.	Importance of database security to working employees	4
1.	Possible threats and related risks for database security	4
2.	Additional risks to security of database because of SaaS application installation	5
3.	Severity and strictness to provided risk of data to working employees	7
C.	Privacy of database to working employees	8
1.	Possible threats and related risks for database security	8
2.	Additional risks to security of database because of SaaS application installation	9
3.	Severity and strictness to provided risk of data to working employees	10
D.	Issues related to implementation of digital identification	10
E.	Possible supplied solutions for identified issues	12
F.	Data sensitivity	14
G.	References:	15
A. Introduction
For protecting databases and stored information from any type of unauthorized access (Hackers or other individuals), security is being implemented on databases. The direct financial losses can be caused because of any information loss from the databases. Thus a configuration which can provide a secure platform to sensitive and confidential data is being required from the cloud services. The chance of data loss or any data breach is very high in case of cloud implementation. Here, for the Australia based charity, the possible threats to cloud based network are being identified and solution is being provided. On bases of severity of SaaS application installation, the privacy issues and additional security issues are being analyzed. The faced issues for using digital identity on SaaS based applications and their solutions from Australia and USA are also compared in this report. The issues related to data sensitivity and laws for cyber crime in USA and Australia are also evaluated [Singh & Chatterjee, 2017]. 
Most of the organizations make use of servers which may be internal or external to store the information related to organization, so, security of such databases stored on servers is always a big and important concern for organizations. Br rest6ricting any type of unauthorized access to the organizational database can easily solve the privacy and security requirements of any organization. The servers of cloud are being used by different organizations and different individuals which can cause security issues to organization. The privacy issues and security issues before and after the implementation of applications based on SaaS cloud services on charity community are being analyzed in my report. The data sensitivity problems with related issues which may be ethical or legal are also analyzed in my presented report. The advantages of movement to SaaS based applications for charity community are also analyzed in my report. 
B. Importance of database security to working employees 
1. Possible threats and related risks for database security 
From the supplied case description, it can easily be observed that a small data center with window server 2008 is being utilized by charity homes for complete desktop services. The software based on some third party is being utilized for storing the employee’s databases, so, it can only store small amount of data. The database related workload of employee’s working at charity cannot be handled by this application. Because of small storage abilities, the security problems for confidential data are arrived at charity. The second issues are related to data fetching capabilities which is also very time consuming. Because of these reasons, the movement to cloud services for its 500 employees through a cloud vender is proposed here. On bases of case study, it is also observed that the time sensitive and confidential data is used by the employees of Charity. From given case, it is clear that a 200 TB of data space is being used by charity by the means of SaaS based cloud services. The complete database is stored on the small application based server and SaaS based cloud which is accessed by the authorized individual employees of the charity. It is possible that any unauthorized person may use some unsecured API for creating data breach. The injection of any malware can easily create data losses for any organization. The security issues can be raised to database of charity because of some unauthorized access for fetching the information through the cloud based servers. Most of the cloud based servers are open ended and any individual who can manage to some fake ID of Charity can easily access the database stored on SaaS based cloud. The unauthorized access can cause denial of service, malware injection, and other possible attacks to steal the confidential information of charity. The unauthorized access can cause data modification of database hijack through cloud services. The information stored on end server of cloud can also be destroyed so that services of mental health can be affected for charity. This can lead to treatment delay for mentally suffering patients. The complete database system can also be controlled by any such data attack which can cause huge losses to charity. For clearing the attacked surfaces of servers, the system with multiple tenancies will be required by the charity. 
2. Additional risks to security of database because of SaaS application installation 
On bases of supplied case description, it is known that the HR management of the charity is bringing the SaaS solution for data storage and a vender from USA is being appointed for this. The SaaS cloud will provide effective solutions to the data storage issues and security issues to all the employees.  The SaaS based cloud services will also reduce the operational costing to the charity because of no installation requirements. The data location uncertainty and data transparency lacks are the main identified security problems with implementation of SaaS based cloud. The data location uncertainty can increase the data access time for authorized users and it can also lead to sensitive database access to some unauthorized individuals. The data transparency lacks can cause increased distrust between the charity employees which is a huge disadvantage to the individuals working at charity. The security protocol hacking and data corruption from cloud based applications can also be caused by it [Puthal et al, 2015]. 
The complete responsibilities related to data storage on SaaS cloud are managed by service provider and any individual is not allowed to manage his/her database separately. For the given case of charity system, the database is only accessed through the charity internet link provided by the HR management and PMS (performance management system). A digital ID is provided by the HR management to all the authorized employees. This digital ID of authentication is directly generated through the charity directory and PMS. So, the possibility of data breach increases here. Because of implemented encryption protocols on stored databases, the data hacking risks can be minimized. The identity theft is main issues associated to implementation of SaaS based cloud who are using credit card information (employees of charity). So, implementation of encryption protocols can minimize the data breach for identity theft and increases the information security to credit card information of charity employees. 
But we all know that system instability is also increased by the implementation of SaaS based applications.

Scenario You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to...

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment