Wednesday, May 6, 2020

Privacy Strategy Proposal for the DAS †MyAssignmenthelp.com

Question: Discuss about the Privacy Strategy Proposal for the DAS. Answer: The DAS or Department of Administrative service provides for the other sectors in an Australian state government. These services are provided from the various data centre of that department. The Software as a Service or SaaS is regarded as the centrally hosted delivery of software and the model of licensing. The team at DAS is performing tasks to deliver the risk analysis for the planned moves in offering the SaaS application. The report has developed the privacy strategy proposal for the DAS. Then it has recommended the controls and developed the personal data protection strategies. Lastly, it has recommended the controls. Personal Data Privacy Strategy (Proposal Document) Management of personal information The management of personal data has been all about seeking, keeping, controlling and maintaining the data. This has also regarding the management of the privacy and the information flow. DAS requires keeping others from getting the information instead if the permission from the cloud providers. DAS also requires protecting their time and focusing on getting the data without their permission from the email messages, and web (Lafuente, 2015). The personal information management has been all about the measurement and the evaluation. It must be determined whether the new tool has been worth the trouble. Das must also think how to alter the present strategies. The managing of the personal data has been including the efforts for making sense of the data. The managing of the personal information has been referring to the studies and practices of the individual activities for acquiring creating, storing, organizing maintaining, retrieving, using and distributing the data required to meet man y goals. Moreover, it has been placing emphasis over the controlling of the collection of personal data. This includes how the items like the electronic documents, paper documents, web references and the handwritten notes have been stored for later usage and the repeated re-usage. One of the ideals of the personal information management has that whether DAS has been having the proper data at the proper place, in the proper form, and in proper quantity. This is done to face the present needs of DAS (Felbermayr, Hauptmann Schmerer, 2014). However, in reality, DAS might spend a significant amount of the time done through overcoming the pervasive problems of the fragmentation of data. This is done making the tools worse that are designed to help. Collection and management of solicited personal information As the SaaS has been delivering the services, worked with the partners, employees, clients and the engaged volunteers, then it has been obvious that they require collecting and managing the solicited personal data regarding the people. This has been bringing the critical legal and the ethical responsibilities. DAS needs to be aware of the legal requirements to manage the data and information of the people. They have been responsible for the activities and ensure that it has been aligning with the relevant laws governing the gathering, strong and using the information and data of people. Beyond the legal necessities, they have been various community expectations the way in which DAS could manage the data and information. The understanding and then meeting these expectations have been vital to proper the reputation of DAS and the public support for their activities. The individuals have been becoming highly aware of the significance of the privacy and information of the data protection . DAS should consider their process very carefully to manage the information and data of the people. This must ensure to reflect the value of DAS and meeting the reasonable expectations of the users. APP3 has been outlining the APP entity that might gather the solicited personal data. The APP has been distinguishing between the APP entity gathering the solicited personal data and retrieving the unsolicited personal data. The APP has been dealing with the two aspects to collect the collect the solicited personal data. As the APP has been collecting the personal data, the necessities have been varying as per the personal data has been sensitive or not (Pfeifer, 2016). Moreover, it has been also considering the entity has been an agency or any company. This has been including how the APP entity has been gathering the personal data. This has been the similar requirements applying to every APP entities and to every kind of the personal data. Use and disclosure of personal information This purpose of APP is the reason other than the primary reason for which the APP entity has been collecting the personal data. The platform where the APP entity has been using or disclosing the personal data has been discussed now. It has been the nevertheless disclosed to the entity to depend on any such ground and to decide not to close or shut the personal information till the use or disclose has been needed by the law. The APP has been permitting the entity to use or disclose the personal data for the secondary purpose where the people have consented to the disclosure or usage. The consent in section 6.1 of the APP standards is defined as the express consent or the implied consent (Kristal, 2017). One of the 4 elements of the consent has been the individual has been sufficiently informed till the consent is provided. The next one is the checking whether the individual has been giving the consent voluntarily. The consent has been the specific and the current and the people have t he ability to make sense and interact with the consent. Regarding the usage pr disclosing of the personal data where the reasonably expected by the people and the related to the fundamental purpose of gathering there has been some guidelines. The APP has been the permitting the APP to use and disclose the data for the additional purpose (Mller Neumann, 2015). This takes place as the people expect the entity to use or disclose the data for this secondary purpose. This includes the determination whether the sensitive or not. The secondary reason has been related directly to the fundamental purpose of the collection. This has been also including the determination whether the data has been sensitive. Here the secondary purpose has related to the fundamental reason for collection. Use and security of digital identities There have been trends that have been driving the necessities for the digital identity systems. The first one is the rise of the transaction volume. The amount of the identity dependent transactions has been rising through the rise in usage of the digital channels. The next one is the increasing transaction complexity. The transactions have been rising involving the very disparate entities instead of the prior established relationships. Examples of this include the cross-border transactions. Then there is the rising customer expectation. The customer has been expecting the seamless, omnichannel service deliveries and mitigating the services offering the best experience for the customers. The next one is the more stringent regulatory necessities. The regulators have been demanding the rise of transparent across the transactions. This has needed the higher accuracy and the protection of the identity information that has been sensitive. There has been a rise in the speed of the economic and the reputational harms. The inefficient actors have been the economic systems that have been increasingly sophisticated in the tools and technologies used by them. This is done to manage the illicit activities. This also includes the rising ability to cause the reputational and the economic reasons through exploiting the weal identity systems. Commonly the digital identity system has comprised of various layers. Each of them has been serving various purposes (Smith Ross, 2014). According to WEF report, there have been 6 different layers. The first one is the standard. They have been governing the entire operation for avoiding the coordination and the consistency issues. The next one is the attribute collection. Here the necessary user attributes have been properly achieved, stores and then protected. Then there is the authentication. The mechanisms have been providing to link the users to the attributes for avoiding the inconsistent verification. Then there is the attribute ex change. Here the mechanisms have been providing to exchange the attributes among various parties. This is done without any compromise on the security and the privacy. Then there is the authorization. The appropriate rule and the relationships should be implemented for authorizing what the service users have been entitled to access on the basis of the attributes. The last one is the service delivery. Here the users should be supplied with easy-to-use, effective and the efficient services. Security of personal information The security considerations have been consisting of various terms listed in the APP 11. They are the misuse, interference, unauthorized access, loss, unauthorized disclosure and the unauthorized modification. There have been various analysis and examples through these terms have been drawing the ordinary meanings. The first one is the misuse. The personal data could be misused as it is used by the APP entity for the purpose that has not been permitted by this Act. The next one is the interference. This has been occurring has there has been an attack on the personal data. This has been held by the APP entities and interfacing with the personal data. However, this has not been modifying the content necessarily. Then there is the loss (Kristal, 2017). The loss of the personal data has been covering the inadvertent or accidental loss of the personal data held by the APP entity. This has been including the APP entity physically losing the personal data and the electronically losing the pe rsonal data. Then there is the unauthorized access. This has been occurring as the personal data that the APP entity could hold is accessed by anyone who has not been permitted to do that. The unauthorized modification is the next step. This takes place as the personal data holding the APP entity has been changed by anyone who has been not allowed to do so. (Rusinek Rycx, 2013) Then there is the unauthorized disclosure. This takes place as the APP entity makes the personal data accessible or visible to the other people external to the entity. This has been releasing the data from the effective control in the way that has been not permitted by the Act. Access to personal information The APP 12 has needed the APP entity for providing the access to the personal data. It has not been delivering the proper access to the other types of data. The personal data has been defined as the opinion or information regarding the identified individual or the people who have been identifiable reasonably. This determines whether the opinion or the data has been true and the recorded in the material format or not. The personal data of one might be also the personal data of others. Moreover, the opinion might be personal data of the subject and the giver of the choices (Finkin, 2015). The APP 12 has needed the APP entity to deliver the access to ever all the personal data of the people it has been holding. The requested data that has not been the personal data is as the APP entity has been organized. it must consider whether an individual possesses the right to access the data under other legislation. Quality and correction of personal information The quality considerations have been defined by the terms like complete, up-to-date, accurate and relevant. The personal data might be poor quality. This has been regarding one purpose for what it has been used, disclosed, collected. The first purpose is the accuracy. The personal data has been inaccurate as it contains the defect or the error. The data could be also inaccurate as it gets misleading. The next one is up-to-date. The data turns out to be out-of-date as it possesses the opinions, facts and extra information that have been not current. The instance of this is the statement that where the people have been lacking a special expertise that the person could obtain subsequently. The personal data of the past could be also accurate at the time that was recorded. However, it has been overtaken by the later government (Hudson Pollitz, 2017). The next one is the completion. The personal data become incomplete has it presents the misleading picture or the partial scenario. The example of this could be the tenancy database that has been recording what the tenant has owed as the debt that is needed to be repaired. Here the APP entity has been needed to gather the additional personal data for assuring that the information has been completed. This has been regarding the cause for which the data has been used, collected or disclosed. The last one is the relevance. The data turns out to be irrelevant as it does not have the capacity to tolerate o connect to the reason with which the personal data has been disclosed or used. The example of this has been the client collected for the reason to deliver the financial advice (Abowd, McKinney Zhao, 2015). This takes place as the entity has been disclosing the personal data to purchase the shares on the behalf of the client. It has been disclosing the sections of the personal data rele vant to the secondary purpose. Privacy Controls Recommendations S.No Privacy Controls Description (Personal data) Mitigation Plans Implementation Student 1 Student ID 1. The cloud computing rinks has been recognized by various researchers and practitioners in the sectors of the privacy protection. This has resulted in the schemes of mitigation and the most effective practices put forward for assisting both corporations and the public bodies with the decision for choosing to cloud or not. The most popular tools to assess the risks in the privacy is the PIA in the Privacy Impact ASSESSMENT. This has been a way for the companies like DAS, to address system and recognize the privacy concerns within the information. At the same time, they must consider the future results of the proposed or the current action. The risk management has been the method to manage the inherent risk. This has been including the fraud, non-compliance with the regulations, laws expenses competition and the change through identifying the potential impact and the risks of the risk of DAS. It has been controlling the risk reduction techniques, quality controls and the possible effect of the residual risks. The query that has been arising as the PIA is considered. This indicates in what situations and at what stage does DAS require to complete the PIA. The criteria identified are as follows. They are the major alterations to the current projects, the new projects, the lasts structures of delivery and the partnerships the changes in technology, the extra system linkages, and the enhanced accessibility. Then there has been also the service monitoring, delivery of the channel management, data warehousing and the re-engineering the business processes. The cloud users have been required to assure that the personal data has been stored properly, protected and processed. Through combining various cloud deployment models, DAS could better address the privacy concerns in the cloud. Going for the proper cloud deployment model and the proper cloud providers for delivering, the basic components have been assuring the long-term and the successful privacy strategy at the cloud. Compared to the on-premise deployment the storage of data and then deploying the solutions of IT has been the off-premise cloud resulting in the much effective solution for the personal data privacy. Since the on-premise solutions have been providing some benefits, it could also expose the data to higher risk as DAS never have the enough security, expertise and the resources for supporting it all the day long. The on-premise solutions have been requiring the dedicated space for the servers, hardware and the solutions systems and the system redundancy for ensuring the integrity and the availability of the data. Moreover, the on-premise deployments have been heavy over the capital expenses for DAS. This is because DAS should be a dedicated area, solutions, software, hardware and the human expertise for supporting that. The understanding of the cloud has been just a step in the process of IT transformation. The most important step to build the privacy strategy of the organization has been the understanding the data landscape that is bought from the specific cloud provider. The plans to mitigate the cloud while making a consideration of the points below have been imperative to address the privacy necessities sufficiently and implement the privacy policy of DAS and the processes around the clouds. Assessing the readiness of DAS for the cloud: This has been imperative that the privacy professionals have been initiating the readiness of the cloud before transforming the data to the cloud. The proper cloud readiness analysis could enable the data-informed to migrate to the cloud and make sense of the security controls that are needed to be placed adequately to protect the data and then address the compliance requirements. While determining what model is to be deployed for cloud and for what workloads and the data, the privacy experts require to assess some features. The first one is the business needs and goals of DAS to migrate to the cloud. The data landscape of the DAS and the information governance. The kind of data DAS should be transmitted to the cloud is also considered along with the data flows from where the data has been coming from and where it has been going to stored and processed. This also includes the specific privacy requirements needed to be met on the basis of the data types. Moreover, there should be a de termination of the restrictions on the transferring of the personal data to other nations, the risk profile and the determining that could mitigate the risk, how DAS would be able to implement any specific organizational measures to protect the personal data. Then there is also of the determination of the in-house technical capabilities of DAS offering the multi-cloud optional and the technical abilities for supporting that. There is also determined whether various providers of cloud have been needed for particular workloads, the capacity in deploying the proper organizational and technical security measures around the on-premise and the off-premise solutions of DAS. Then there is the capacity in deploying the proper technique and the security measures of DAS around the off-premise and on-premise solutions of DAS. Then there is the support and the service model delivered by the cloud providers. 2. 3. Student 2 Student ID 4. The below assumption is that the system or the project should be dealing with the gathering, usage and the disclosure of the personal data. There have been various stages of the PIA processes. This has been including the determining of the project initiation as the PIA is needed. Whether the personal data is collected is required to be determined. Then there is the data flow analysis. This examines how the personal data could be gathered, disclosed, used and retained. Then there is the privacy impact analysis. This is the discussion of the possible risks, related implications, and the possible remedies. The eight critical principles that are put forward for dealing with the cross-border with the privacy impact analysis. They are the organizational rules regarding the ownership of the PI or the personal information. Then there is the recognition of the reason for what the PI has been kept. Then there are the limitations on retaining the PI information, the data security, the accuracy of the data and the communication and training. For every principle the series of queries, DAS could delve deeper into every aspect that is needed to be asked and replied very progressively. This is to arrive at the fully informed decision for determining whether or not the expected migration of cross-border has been totally compliant with the data security and the jurisdictional necessities. This has been imperative that the queries are to be answered for the comprehensive and the truthful manner. Due to lack of the international standardization, for the PIA process, the principles mentioned above have been of the critical importance ensuring that all the issues of the jurisdictional and the legislative differences are addressed. Planning the migration to cloud: DAS must not transform the mission-critical data without any prior study. While planning the migration to the cloud, the experts from DAS must engage the proper expertise in conducting the due diligence on the basis of the application portfolio of DAS, the compliance requirements, data types, business needs. Then there must be the understanding of the cross-cloud connection points with the third-party systems, infrastructures and the software. The robust disaster recovery, redundancy, and the data backup plan are needed to be put in place. Lastly then is the identification who has been responsible for the various aspects of the security and the data protection. Designing the cloud solutions keeping the privacy in mind: This phase must permit DAS to integrate the privacy policies with the technologies. While designing the cloud deployment, the DAS must consider the internal capabilities supporting that as the abilities of the prospective cloud providers. There must be assured that the privacy professional should deliver the insight on the privacy requirements in this phase. This has been defining the clear objectivities and implementing the proper measures for protecting the personal data and then addresses the compliance necessities. The solution has been the multi-cloud approach the assimilation of the private and the public cloud. 5. 6. Student 3 Student ID 7. Another approach characterized as the complementary to the conventional PIAs has been the idea of the PbD or the Privacy by Design. The main concept of the PbD has been relying highly on the promotion of the implementing the PET or the Privacy Enhancing Technologies. The PETs are discriminated into four different functionalities. Each of the different focuses on the objective of all of them is to protect the personal privacy. The first one is the subject-oriented PET. Its aim is to anonymize the data-subject or to supply the pseudo-identity. The next one is the object-oriented PET. Its aim has been to conceal with what has been exchanged. The next one is the transaction-oriented PET. Its aim is to conceal with the occurrence of the transaction. The last one is the system oriented PET. This has been the assimilation of the prior three orientations. All the functionality and the characteristics have been the assimilated format of the more decisive mechanisms of the privacy-protecting and enhancing. They have been also the primary players in the techniques and the strategies to mitigate the privacy risks in the environments of cloud computing. They are characterized by the disruptive innovation challenging the norms as the consumers both individually or at the enterprise level run away to the privacy concerns. This has been obviously the case that the implementation of the privacy mechanisms that the cloud providers could elevate the fears and the concerns communicates by DAS and the government. These two has been standing as the barriers to adopting the technology. A current survey done by IBM found that about 70% of the respondents have been believing in the adoption of the cloud computing making the protecting the privacy more than fifty percent expressed concern regarding the data loss and breaches. These viewpoints have been the clear indicators to direct what DAS has been needed to undertake. This is to assure more up-taking of the technology. This must also provide the guarantee that the providers have been following the good security practices to mitigate the risk facing both the provider and the customer. However, this has not been the scenario as the recognition of the issues enclosing the adoption of the schemes such as the PbD. This has been posing serious obstacles towards adopting the CSPs. Multi-cloud flexibility: This has been the privacy benefits of the hybrid and the private cloud. The public cloud has been ideal for the fast deployment, utility billing models, rapid scalability. However few applications and data have been demanding the dedicated infrastructure and the single-tenant hosting. The dedicated infrastructure and the private cloud has been the critical component of the ecosystem of the cloud. This has been providing higher control of the surroundings and the rise in security for the complex workloads. Through deploying the proper hybrid cloud and connecting the dedicated private infrastructure to the public format of the cloud could enable DAS in protecting the business-critical data with the private circuit bypassing the internet for the most secure connectivity to the data centers and cloud environment of DAS. Personal Data Protection strategies Protection of personal information, In order to achieve the goals, DAS must strive to establish the better relationship not only with the clients but also with the stakeholders. The stakeholders have been including the employees, shareholders and the business partners and so on. As the part of the efforts, DAS could be implementing some of the policies as mentioned hereafter. This must protect and handle their personal data properly. DAS must appoint the personal data protection manager in every organization where the personal data has been handled. His role must be to manage the information properly. DAS should collect the personal data with the consent of the individuals (Feher, 2016). This is done after specifying the reason to use, contract for the inquiries. DAS should also use the personal data within the scope of the purpose after particularizing the reason to use, contact for the inquiries and so on. DAS should use the personal data only under the scope of the purpose of usage consented through the information subject. DAS must respond to the inquiries from the people regarding their personal data. For preventing the unauthorized access to the loss, destruction, leakage or falsification of the personal information, DAS must control the personal data safety and create efforts guaranteeing and enhancing the information security. Moreover, to comply with the relevant regulations and laws, DAS must continue to develop the personal information activities. This is done by taking the environmental changes under consideration. Authorised access disclosure of personal information, Regarding the authorized access and the disclosure of the personal data, the people, and personal data must be provided by DAS under their control, They must also provide the information regarding the manners by what the person is utilized by DAS. The names of the organizations and the people must disclose by the company. DAS should also provide the individual with the identification of the sources from where it has been received. This has been until it has been reasonable to assume the people could ascertain those sources (Taylor, Fritsch Liederbach, 2014). The information must be protected by the privilege of the solicitor-client. The disclosing of data must reveal the confidential information that has been commercial. As that is disclosed it could damage the competitive position of the company. The credit reporting agency has not been needed to disclose the names of the people and the organizations to which the data has been last revealed by the agency. The disclosure could be reasonably being expected to be threatened by the safety and the mental or physical health of the people other than the people who made the request. The disclosure could be reasonably be expected to cause the immediate or damage the safety of the health of the people who have made the request (Sundararajan, 2014). The disclosure could reveal the personal data about other people. DAS must also able to eradicate the information from the document containing the personal data regarding the people who requested that. DAS should also provide the people with the access to the personal data after the data is removed. De-identification of personal data, The de-identification has been aiming to allow the data to be utilized by other people. This has been without the possibility of the people being identified. The data-identification is utilized for protecting the privacy of the people and the DAS. It must also include the ensuring the spatial location of the users. The data which is identifiable, or contain the personal data is required to be controlled carefully. This is to be done through the access control and security measures of data security. The ANDS De-Identification Guide has been collating the choosing of international and national practice guidelines and the resources regarding how to de-identify the datasets (Lewis, 2013). All the personal data, when combined especially has been painting the in-depth picture regarding the individuals. This has been including their choices and the dislikes, what they have been doing and where and when they have been doing that. This has been raising the important and the highly sensitive issues of privacy. There has been debate, arguments, and deliberation on this subject. Use of personal digital identities, The identity theft would start has DAS start to begin with a particular set of data. The number of resources has been listed below regarding the identity theft checking the review of the personal digital identity. Confidential information contained on the computer: The malicious users could conduct the port scans as any unauthorized entry is seen the computer. Any successful intruder could install the key-logger and record all the things entered by the user. The chances have been that there is the invasion of this type allowing quickly the hacker to steal the identity (Frankenberger, Weiblen Gassmann, 2013). Information freely given up on social media sites and shared with others: The social media users must shudder to consider the data being heaped into the personal digital identities. Hence there has been a possibility that identity thieves could retrieve a huge amount of useful data regarding the users without the users consciousness. The commercial background that are checking organizations: Various sites have been allowing the people to analyze the background checks. The varied data is needed to be examined that DAS could deliver. Commercial search engines that may contain personal information of which you might be unaware: There have been little other methods that the ID thieves could retrieve the private data. Cookies placed on the computer: The cookies have been little text files. They are written to the computer for tracking the online movements. They could also reveal the personal preferences and various other data. The information falling into the wrong hands could be utilized by the identity thieves. Discarding storage media without permanently erasing, degaussing or destroying it: The computer disks have been indefinitely retaining the data that has been written on them. These people have been selling or discarding the old machines. This is done through believing that eradicating the files indicates that they have been out (Sari, 2013). The skilled hacker could restore the deleted files. The identity thieves have been literally shopping on the Internet for the used computers for obtaining the confidential records. Security of personal data, It includes the security of various systems. They are described below: The security of the electronic information system: The information security has been one of the most important assets. Both DAS and the people are responsible for assuring that the information is protected. The manual and the physical data security policies: For meeting the requirements of the Data Protection Act of the nation, DAS has been obliged to possess the framework designed for assuring the security of every personal data. Protecting the identity from theft: There have been various attacks happening nowadays. Besides being prudent and not getting the lured into the phishing scam or the turning out to be the new victim of the ransomware, virus, and malware, the options have been limited fairly to protect the personal data and identity from the theft. The fact has been that it has been highly unlikely that any person whether a person or a business could thwart this type of attacks (Pandey, 2016). They have been designed and tested for poking the prodding the most vulnerable elements of the human and technology interaction. They have been going after any person that has seemed such as the lucrative targets or the organizations such as DAS that has been marketing successfully online. As DAS is determined, it has been clear that nothing could stop them virtually. Despite that, they never indicate that DAS must not try. Moreover, that also does not indicate that DAS must not consider all the possibilities about the necessary precautions that c ould deter those attacks. However, there has been still a concern from where to start and from where to end. The data handed down through some of the foremost purveyors of the legal and the technical knowledge of the world has the lot to state regarding the topic. From some of the popular attorneys in the data security and the private space, the companies taking charge in the effort for protecting from the prying eyes could use few options that many individuals of business has not been knowing. Archiving of personal data. The data archives have been generally confused with the data backups. Both are data copies. The data archives have been protecting the prior information that has not been required for the daily operations. However, this has been required to be accessed occasionally. The data archives have been serving the way to reduce the primary storage consumption along with the related costs. This has been instead of rather than acting as the mechanism of the data recovery. Few data archives have been treated to archive data as the read-only for protecting that from modification (Gaddam, Aissi Kgil, 2014). The other data archiving items have been treated the data as the writeread. The data archiving has been most appropriate for the data that has been retained because of the regulatory or the operational necessities. This includes the email messages, document files and the old records in the database. The greatest benefit of data archiving has been it has been reducing the expense of the primary storage. The primary storage has been typically costly due to the reason that the storage array has been producing the enough level of the IOPS for meeting the operational necessities for the users writeread activities. On the other hand, the archive storage has been costing less due to the fact it has been typically lying on the basis of the high-capacity storage medium and the low-performance. The archiving storage has been reducing the amount of data that is needed to be backed up. Eradicating the infrequently access of the data from the backup of the data set has been enhancing the backups and restoring performance. Moreover, it has been lowering the costs of secondary storage (Gholami Laure, 2016). The data archives have been taking various numbers of distinct forms. Few systems have been making the use of the online data storage. This has been placing the archive data onto the systems where it could be accessed readily. The archives have been frequently file-based. However, the object storage has been rising in popularity. The other archival systems have been using the offline data storage where the achieve data has been written to the tape or the other removable media through using the data archiving software instead than being kept online. As the tape could be removed, the tape-based archives have been consuming much lesser power than the disk systems. This has been translating to the lowering the archiving costs. The cloud storage has been the other possible sector of the archive target. The Amazon Glacier has been designed for the data archiving. The cloud storage has been inexpensive. However, it has needed the current investment. Moreover, the costs could grow over time since much more data is needed to the cloud archive. The archival process has been almost always the automated through using the archiving software. The abilities of that software have been varying from vendor to vendors. However, the software has been automatically moving the old data to the archives as per as the data archival policy as set by the storage administrator. This policy has been including particular retention necessities for every kind of the data. Few of the archiving software have been automatically purging the data from the archives (Gaddam, Aissi Kgil, 2014). This is done once it exceeds the lifespan mandated by the data retention policy of DAS. Various backup software platforms have been incorporating the archiving functionalities to the products. As per the necessities, this has been very much cost-effective and the smart way to archive the data. Despite all this, the products might include all the functionalities found in the dedicated archive software product S.No Security Mechanism (Personal data) Mitigation Plans Implementation Methods Student 1 Student ID 1. There has been the conventionally embraced layered method to security. The cloud security has not been different. Every layer alone has been valuable but not been impenetrable. All the layers together have been forming the effective protection. Any layer delivered by the cloud vendor has been a good thing. They are to be relied on. However various customers have been seeing that with homogeneous security that delivers an attractive attack surface and one with which the bad guys could easily experiment. It has also been making the change management very hard. The cloud vendor could get signed-off from the customers. This has been before making the change. The vendor switching turns out to be the harder. This is because the crucial external and internal audits have needed the renewing of the latest vendors. They have been both costly and time-consuming. Hence some the recommendations are made been providing their own layers of the security apart from whatever the cloud provider has bee n bringing in the table. This includes the encrypting of the sensitive data. This is the data that has been exclusive and owned by DAS. The operating system and the applications have been least significant here. This has been typically in the cloud that they have been having the standard images. These could be recycled back simply back to the master image during the shutdown. This has been the information proprietary and is collected from the clients and the business partners. They have been having the general legal obligation to the security. Then there has been the ensuring the IDS, Firewall, IPS protecting all the virtual machines differently. Especially in the environment of the Public Cloud, the virtual machines have been running on the similar physical hardware as DAS must be considered hostile. The firewall at the cloud providers boundary could not help DAS here. Just by decryption of the data under the secure container, DAS could establish the virtual machine. DAS must be sure to check the tampering and the malware of the data-stealing before the data is decrypted. Moreover, it should be assured that DAS has been in control to the encryption of the leys. The layered approach discussed below could help to mitigate the top threats. As all the related stakeholders are found, the compliance managers and the IT security managers must start the process of discovery through asking some queries. Firstly they must determine whether DAS possess the intellectual property policies defining what the property has been and how it could be treated and has there been any inventory of the formal property that has been including the patents, copyrighted materials, and the trademarks. They must also determine whether there has been an inventory of every source code owned by DAS including the source code under the escrow. They should determine whether there has been the inclusion of the organizational and the security procedures and policies in the inventory and could the organization determine every operational processes, training materials and the user guides that are invested in the development, has there been any protective control across the data. They must also find out the roadblocks for developing the IP assets of the inv entory, whether DAS has been performing the audits on the regular basis of their intellectual assets. They must also find out whether DAS has been conducting the exercises of counterintelligence for testing the efficiency of the IP protection, whether DAS has been classifying the data and labeling that as per nature and the sensitivity. There has been the efficient strategy of data protection that should be determined. It must be checked whether that been holistic and having the well-rounded concentration of the information and distinguished by the business function and not by the file or the database names. For instance rather than cataloging the employee database and the file system, the inventory must list the information assets under the categories. All these categories could also be seen as the domains of information. These must be then be subjected to the controls as per the privacy and sensitivity. Moreover to develop the information domains, the strategy of enterprise application has been considering some percepts of the information management. They are as follows. The information classification and categorization: DAS has been claiming to possess the scheme of information classification and not the data or the system from where it has been coming. Even the system has been declared and classified as being largely sensitive, it has been generally intertwined with the low-sensitivity frameworks and the interfaces. At such scenarios the digital watermark has been assumed to be lower rather than being high it has needed to be. The data has been required to be distinguished as high, medium or low according to the sensitivity and categorized to the business function. The flows of data must be documented for understanding how the data has been controlled and where it could be vulnerable to exposure, misuse, and loss. The periodic checking of the data correlation: At various times, the information element by itself has not revealed much. The correlating of the aspect with the other pieces of data has been however stating a distinct tale. DAS requires reviewing the data posted at their online sites for determining as it has been manipulated to extract the more sensitive data. They also require testing the extracts from the database and finding out as there has been any chance that the public information has been converted into the PII through matching or merging the data. 2. 3. Student 2 Student ID 4. The nefarious use and abuse of the cloud computing: This has not been the particular threat to the cloud computing. This is because it has to apply to the physical servers equally in the data center. Hence the approach outlines have not been targeted in solving this. Despite all this, the security solution has been assimilating the web, email and the file reputation with the behavior analysis and correlation. They have been able to recognize the usage patterns and blocking the IP addresses. We must consider the required component of the current malware protection applied equally for every device from the virtual servers that are cloud-based by the smart-phones or notebooks. The insecure application of the programming interfaces: Through encryption, the data cybercriminals have been unable to access the data. This is because Das has not authorized the release of the keys. They might be able to use the insecure API starting up the copy of the machine under the userspace. Malicious insiders: There have been particular technical supports of arguments. This has been one of the primary drivers to suggest that DAS has been providing the individual security. This has been independent of the cloud provider. The security has been protecting against the malicious insiders. The information leak prevention Apart from the control levels at the place, there has been the probability that few tasks could task. This has been because of the distributed nature of the computing that touches the data throughout the lifecycle as it received. There has been no matter how careful that the employees have been sending emails, and once these are gained at the other end. Moreover, the IT taskforce of the current has been more transient than previous. Hence the constraint has been draining the intellectual property as expected. The prevention of the current data leakage has been placing the controls on the present employees. However, there has been no way to control that the employee has been about to leave or has left already. The gap of technology at the sector has needed to be filled as the enterprise was going to have the effective strategy of data protection. 5. 6. Student 3 Student ID Mitigating the previously identified privacy risks: The cloud computing rinks has been recognized by various researchers and practitioners in the sectors of the privacy protection. This has resulted in the schemes of mitigation and the most effective practices put forward for assisting both corporations and the public bodies with the decision for choosing to cloud or not. The most popular tools to assess the risks in the privacy is the PIA in the Privacy Impact ASSESSMENT. This has been a way for the companies like DAS, to address system and recognize the privacy concerns within the information. At the same time, they must consider the future results of the proposed or the current action. The risk management has been the method to manage the inherent risk. This has been including the fraud, non-compliance with the regulations, laws expenses competition and the change through identifying the potential impact and the risks of the risk of DAS. It has been controlling the risk reduction techniques, quality controls and the possible effect of the residual risks. The query that has been arising as the PIA is considered. This indicates in what situations and at what stage does DAS require to complete the PIA. The criteria identified are as follows. They are the major alterations to the current projects, the new projects, the lasts structures of delivery and the partnerships the changes in technology, the extra system linkages, and the enhanced accessibility. Then there has been also the service monitoring, delivery of the channel management, data warehousing and the re-engineering the business processes. The stakeholder education and the awareness: The employees have been required to know what they could or could not access, print, copy or go home along. DAS has the right to demand the behavior from the staffs that do not place their earning capacity at risks. Despite that, they require understanding that unless they communicate their expectations. Thus they have been risking the possibility that the employees might inadvertently show, dispose or disregard the data. This has been the reason why the drafting and distributing the online policies of the privacy has been essential. The effective strategy of data protection has been comprehensive. It has needed to include every data and information on what has making DAS competitive on where it has been existing as the possibility of the data loss. DAS requires starting through seeing every data as the business IP. As they recognize where the IP resources have been, they should develop, impose and continuously examine the efficiency of the strategies providing the needed protection. In the constantly extending digital word, the information has been the power. The efficient data strategy of data protection could serve to control the efficiency. References Abowd, J. M., McKinney, K. L., Zhao, N. (2015). Earnings Inequality Trends in the United States: Nationally Representative Estimates from Longitudinally Linked Employer-Employee Data.NBER Chapters. Amendola, S., Lodato, R., Manzari, S., Occhiuzzi, C., Marrocco, G. (2014). RFID technology for IoT-based personal healthcare in smart spaces.IEEE Internet of Things Journal,1(2), 144-152. Brindley, C. (Ed.). (2017).Supply chain risk. Taylor Francis. Ciftler, B. S., Kadri, A., Guvenc, I. (2017). IoT Localization for Bistatic Passive UHF RFID Systems with 3D Radiation Pattern.IEEE Internet of Things Journal. CPDP - Home. (2017).Cpdp.vic.gov.au. Retrieved 21 August 2017, from https://www.cpdp.vic.gov.au/10-data-security Davies, J. C. (2014).Comparing environmental risks: tools for setting government priorities. Routledge. Drennan, L. T., McConnell, A., Stark, A. (2014).Risk and crisis management in the public sector. Routledge. Feher, K. (2016). Digital identity: The transparency of the self. InApplied Psychology: Proceedings of the 2015 Asian Congress of Applied Psychology (ACAP 2015)(pp. 132-143). Felbermayr, G., Hauptmann, A., Schmerer, H. J. (2014). International trade and collective bargaining outcomes: Evidence from German employeremployee data.The Scandinavian Journal of Economics,116(3), 820-837. Finkin, M. (2015). The Acquisition and Dissemination of Employee Data: the Law of the European Union and the United States Compared.Studia z zakresu prawa pracy i polityki spo?ecznej,2015. Frankenberger, K., Weiblen, T., Gassmann, O. (2013). Network configuration, customer centricity, and performance of open business models: A solution provider perspective.Industrial Marketing Management,42(5), 671-682. Gaddam, A., Aissi, S., Kgil, T. (2014).U.S. Patent Application No. 14/303,461. Gholami, A., Laure, E. (2016). Security and privacy of sensitive data in cloud computing: a survey of recent developments.arXiv preprint arXiv:1601.01498. Gope, P., Amin, R., Islam, S. H., Kumar, N., Bhalla, V. K. (2017). Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment.Future Generation Computer Systems. Haimes, Y. Y. (2015).Risk modeling, assessment, and management. John Wiley Sons. Heining, J., Klosterhuber, W., Seth, S. (2014). An Overview on the Linked Employer-Employee Data of the Institute for Employment Research (IAB).Schmollers Jahrbuch,134(1), 141-148. Hopkin, P. (2017).Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers. Hua, M. C., Peng, G. C., Lai, Y. J., Liu, H. C. (2013, August). Angle of arrival estimation for passive UHF RFID tag backscatter signal. InGreen Computing and Communications (GreenCom), 2013 IEEE and Internet of Things (iThings/CPSCom), IEEE International Conference on and IEEE Cyber, Physical and Social Computing(pp. 1865-1869). IEEE. Hudson, K. L., Pollitz, K. (2017). Undermining Genetic Privacy? Employee Wellness Programs and the Law.New England Journal of Medicine. Ip, W. H. (2014). RFID/IOT applications and case study in a smart city. Kang, Y. S., Park, I. H., Rhee, J., Lee, Y. H. (2016). MongoDB-based repository design for IoT-generated RFID/sensor big data.IEEE Sensors Journal,16(2), 485-497. Kim, T. H., Lee, B. H., Park, B. K., Choi, S. P., Moon, Y. S., Jung, J. W., ... Choi, H. R. (2015). Active IP-RFID System for Maritime Logistics.The Journal of Korean Institute of Communications and Information Sciences,40(12), 2511-2519. Kristal, T. (2017). Who Gets and Who Gives Employer-Provided Benefits? Evidence from Matched Employer-Employee Data.Social Forces, 1-33. Kristal, T. (2017). Who Gets and Who Gives Employer-Provided Benefits? Evidence from Matched Employer-Employee Data.Social Forces, 1-33. Kypus, L., Vojtech, L., Kvarda, L. (2015, July). Qualitative and security parameters inside middleware centric heterogeneous RFID/IoT networks, on-tag approach. InTelecommunications and Signal Processing (TSP), 2015 38th International Conference on(pp. 21-25). IEEE. Lafuente, G. (2015). The big data security challenge.Network security,2015(1), 12-14. Lam, J. (2014).Enterprise risk management: from incentives to controls. John Wiley Sons. Lewis, L. (2013). Digital identity: are students' views regarding digital representation of'self'gendered?. Libich, J., Mach?ek, M. (2017). Insurance by government or against government? Overview of public risk management policies.Journal of Economic Surveys,31(2), 436-462. McNeil, A. J., Frey, R., Embrechts, P. (2015).Quantitative risk management: Concepts, techniques and tools. Princeton university press. Mcube, U., Gerber, M., Von Solms, R. (2016, May). Scenario-based IT risk assessment in local government. InIST-Africa Week Conference, 2016(pp. 1-9). IEEE. Mller, K. U., Neumann, M. (2015). How reliable are incidence estimates based on cross-sectional distributions? Evidence from simulations and linked employer-employee data. Naskar, S., Basu, P., Sen, A. K. (2017). A Literature Review of the Emerging Field of IoT Using RFID and Its Applications in Supply Chain Management. InThe Internet of Things in the Modern Business Environment(pp. 1-27). IGI Global. Occhiuzzi, C., Manzari, S., Amendola, S., Marrocco, G. (2017, March). RFID sensing breadboard for industrial IoT. InApplied Computational Electromagnetics Society Symposium-Italy (ACES), 2017 International(pp. 1-3). IEEE. Olson, D. L., Wu, D. D. (2015).Enterprise risk management(Vol. 3). World Scientific Publishing Co Inc. Pandey, S. C. (2016, October). An efficient security solution for cloud environment. InSignal Processing, Communication, Power and Embedded System (SCOPES), 2016 International Conference on(pp. 950-959). IEEE. Pfeifer, C. (2016). InTRA-fIRM WAge COMPRessIOn AnD COveRAge Of TRAInIng COsTs: evIDenCe fROM LInkeD eMPLOyeR-eMPLOyee DATA.ILR Review,69(2), 435-454. Pritchard, C. L., PMP, P. R. (2014).Risk management: concepts and guidance. CRC Press. Rusinek, M., Rycx, F. (2013). Rent?Sharing under Different Bargaining Regimes: Evidence from Linked EmployerEmployee Data.British Journal of Industrial Relations,51(1), 28-58. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Sari, K. (2013). Selection of RFID solution provider: a fuzzy multi-criteria decision model with Monte Carlo simulation.Kybernetes,42(3), 448-465. Seo, D. S., Kang, M. S., Jung, Y. G. (2017). The Developement of Real-time Information Support Cart System based on IoT.The International Journal of Advanced Smart Convergence,6(1), 44-49. Smith, M., Ross, A. (2014). Workplace law: Employee privacy: Take care when dealing with records.Proctor, The,34(4), 42. Sundararajan, A. (2014). Peer-to-peer businesses and the sharing (collaborative) economy: Overview, economic effects and regulatory issues.Written testimony for the hearing titled The Power of Connection: Peer to Peer Businesses. Taylor, R. W., Fritsch, E. J., Liederbach, J. (2014).Digital crime and digital terrorism. Prentice Hall Press. Vikram, N. (2016, March). Design of ISM band RFID reader antenna for IoT applications. InWireless Communications, Signal Processing and Networking (WiSPNET), International Conference on(pp. 1818-1821). IEEE. Webster, D. (2014). Effective Enterprise Risk Management: Mapping the Path Forward.Managing Risk and Performance: A Guide for Government Decision Makers, 267-292. Webster, D. W. (2014). Introduction to Enterprise Risk Management for Government Managers.Managing Risk and Performance: A Guide for Government Decision Makers, 113-136. Zhao, F., Li, C., Liu, C. F. (2014, February). A cloud computing security solution based on fully homomorphic encryption. InAdvanced Communication Technology (ICACT), 2014 16th International Conference on(pp. 485-488). IEEE.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.