User Account

All Pages

Establish the existing threats and risks to the security

Assignment Help Business Management
Reference no: EM132078282

Scenario

You are the principal consultant for a community based Charity. The Charity is involved in locating and providing accommodation, mental health services, training and support services to disadvantaged people in the community.

The Charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly Windows Server 2008 R2 for desktop services, database and file services. It also has 10 Red Hat Enterprise Linux 5 servers to service public facing Web pages, Web services and support.

The Charity is considering joining a community cloud provided by a public cloud vendor in order to provide a number of applications to all 500 support staff and administrative users. A small number of the Charity's applications are mission critical and the data that those applications use is both confidential and time sensitive.

The community cloud would also be used to store the Charity's 200TB of data. The data would be held in a SaaS database run by the public cloud vendor. The Charity's data contains a considerable amount of confidential information about the people to whom the Charity provides services.

The Charity collects PII data on the clients who use its services so that it can assist them to manage their different service requirements. This PII data also includes holding some digital identity data for some of the more disadvantaged clients, particularly if they also have mental health issues.

The cloud vendor has made a presentation to management that indicates that operational costs will drop dramatically if the cloud model is adopted. However, the Board of the Charity is concerned with the privacy and security of the data that it holds on the people that it provides services to in the community. It is concerned that a data breach may cause considerable damage to substantially disadvantaged people in the community.

The Board asks that you prepare a report that proposes appropriate privacy and security policies for the Charity's data.

The charity has also decided to:

  • Purchase a HR and personnel management application from a US based company that provides a SaaS solution.
    • The application will provide the charity with a complete HR suite, which will also include performance management. The application provider has advised that the company's main database is in California, with a replica in Dublin, Ireland. However, all data processing, configuration, maintenance, updates and feature releases are provided from the application provider's processing centre in Bangalore, India.
    • Employee data will be uploaded from the charity daily at 12:00 AEST. This will be processed in Bangalore before being loaded into the main provider database.
    • Employees can access their HR and Performance Management information through a link placed on the Charity intranet. Each employee will use their internal charity digital ID to authenticate to the HR and Performance management system. The internal digital ID is generated by the charity's Active Directory instance and is used for internal authentication and authorisation.
  • Move the charity payroll to a COTS (Commercial Off The Shelf) application that it will manage in a public cloud;
  • Move the charity Intranet into a Microsoft SharePoint PaaS offering so that it can provide Intranet services to all agencies in the WofG.

Tasks

You have been engaged to provide a risk assessment for the planned moves to SaaS application offerings.

You are to write a report that assesses the risks to the charity for just their planned moves in the HR area:

  1. Consider the data and information that the charity holds on its employees in the current HR system.
    1. Establish the existing threats and risks to the security of that data and information contained in the in-house HR database.
    2. Are there any additional risks and threats to employee data that may arise after migration to an SaaS application?
    3. Assess the resulting severity of risk and threat to employee data.
  2. Consider the privacy of the data for those employees who will move to an SaaS application.
    1. Establish the existing threats and risks to the privacy of that data and information contained in the in house HR database.
    2. Are there any additional risks and threats to the privacy of the employee data after migration to an SaaS application?
    3. Assess the resulting severity of risk and threat to the privacy of employee data.
  3. What are the threats and risks to the digital identities of charity employees from the move to SaaS applications?
  4. Consider the operational solution and location(s) of the SaaS provider for HR management. Does either the operational solution, or the operational location, or both, increase or mitigate the threats and risks identified for the security and privacy of employee data?
  5. Are there any issues of ethics, data sensitivity or jurisdiction that should be considered by the charity?

You are to provide a written report with the following headings:

  • Security of Employee Data
  • Privacy of Employee Data
  • Digital Identity Issues
  • Provider Solution Issues
  • Data Sensitivity

As a rough guide, the report should not be longer than about 5,000 words.

Reference no: EM132078282

Questions Cloud

Review articles on cyber security and risk management : According to the first article a cyber physical system is something that is used in power systems, communications, and transportation.
What is the recognized and realized gain : Taxpayer puts in $2,000,000 of assets (FMV) into a corporation in exchange for common stock. What is the Recognized and Realized gain
Strategic operations management decision area : In column 3, describe a scenario from your work life that exemplifies the same Strategic Operations Management Decision area.
How would you implement the different types of glass : You are the Executive Safety Officer (ESO) and was tasked to ensure that the facility is secure. In this assignment discuss "How does the different types.
Establish the existing threats and risks to the security : Establish the existing threats and risks to the security of that data and information contained in the in-house HR database.
What are the tax consequences to the shareholder : JJB Corporation, an accrual basis taxpayer, has struggled to survive since its formation, six years ago. What are the tax consequences to the shareholder
What are the best practices for cctv : What are the best practices for CCTV. In proper APA format, write a minimum of 2 paragraphs. The response must be typed.
Reflect on how you applied the knowledge gained in security : Reflect on how you applied the knowledge gained in Security Architecture and Design & Physical Security classes this semester to your internship or work.
What are the tax implications of this distribution : Cash of $50,000 is distributed to Pearlie on November 15. What are the tax implications of this distribution

Reviews

Write a Review

Business Management Questions & Answers

  Caselet on michael porter’s value chain management

The assignment in management is a two part assignment dealing 1.Theory of function of management. 2. Operations and Controlling.

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. Due to increase in the preference for light beer drinkers, Chris Prangel wants to introduce light beer version in Mountain Man. An analysis into the la..

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. An analysis into the launch of Mountain Man Light over the present Mountain Man Lager.

  Analysis of the case using the doing ethics technique

Analysis of the case using the Doing Ethics Technique (DET). Analysis of the ethical issue(s) from the perspective of an ICT professional, using the ACS Code of  Conduct and properly relating clauses from the ACS Code of Conduct to the ethical issue.

  Affiliations and partnerships

Affiliations and partnerships are frequently used to reach a larger local audience? Which options stand to avail for the Hotel manager and what problems do these pose.

  Innovation-friendly regulations

What influence (if any) can organizations exercise to encourage ‘innovation-friendly' regulations?

  Effect of regional and corporate cultural issues

Present your findings as a group powerpoint with an audio file. In addition individually write up your own conclusions as to the effects of regional cultural issues on the corporate organisational culture of this multinational company as it conducts ..

  Structure of business plan

This assignment shows a structure of business plan. The task is to write a business plane about a Diet Shop.

  Identify the purposes of different types of organisations

Identify the purposes of different types of organisations.

  Entrepreneur case study for analysis

Entrepreneur Case Study for Analysis. Analyze Robin Wolaner's suitability to be an entrepreneur

  Forecasting and business analysis

This problem requires you to apply your cross-sectional analysis skills to a real cross-sectional data set with the goal of answering a specific research question.

  Educational instructional leadership

Prepare a major handout on the key principles of instructional leadership

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd