Privacy And Security Risks In SaaS Implementation For Department Of Administrative Service (DAS) In Australia

Overview of DAS and their Data Centre

Department of Administrative Service (DAS) is delivering various services for the different departments of the state government in Australia. The data centre of the department of DAS is delivering the services for the department.

A new service provider is being introduced to DAS to implement new program in the system that is Software as a Service (Saas) which is a centrally hosted licensing model and software delivery. A team has been introduced to deliver a risk management program that will identify the threats and risks to the privacy and security of data of employee working in DAS. A severity matrix have also been proposed to validate which risk is most critical, which needs least consideration and which can cause medium impact to the privacy and security of the employees of DAS.

• Existing security threats to Employee data

Likelihood –   VL, L, M, H, VH

Impact- –   VL, L, M, H, VH

Priority- –   VL, L, M, H, VH

1. Non-existent of Security Architecture in the system of an organization: Insufficient network protection can result in the vulnerability of data, software and hardware which can result the expose and loss of information by malicious software, hacking and viruses.
2. Un-patched Client Side Software and Applications: Malicious attackers can take the benefit of the systems that are running old versions of the software which are being installed in that system.
3. Phishing and Spear Phishing (target attacks): Unauthorized users or hackers can use malicious codes in the emails and gain access to the personal information of the employees or the organization (Sood & Enbody, 2013).
4. Internet Web sites: Browsing web pages may also contain malicious codes which can be helpful for the hackers or unauthorized person in manipulating or exploring the data saved in the database.
5. Poor Configuration Management: Any computer system connected to the internet can be a prey to malicious activities if it does not follow the configuration management policy and becomes vulnerable to the data loss threats.

Likelihood –   VL, L, M, H, VH Impact- –   VL, L, M, H, VH Priority- –   VL, L, M, H, VH

1. Insider: Someone who has legitimate access to the network can be defined as insider. Information accessed by the insider can be easily manipulated, stolen, or misfiled which can most damaging to the privacy of an employee regardless of the issues whether they occur due to the carelessness of the user or by malicious attempts.
2. Poor Passwords: With the help of today’s technology it is very easy to crack easy passwords which contain common words. Randomly generated password can be recommended as the best password protection for a system (Juels & Rivest, 2013).
3. Physical Security: there should be proper fences and boundaries and biometric entry for the protection of the main database system eventually called ‘super computer for the organization’ where the whole data is stored in order to prevent unauthorized access of any unwanted individual.
4. Social Engineering: data breach may also occur by making trust to an employee and collect technical information about the authentication of the system and one can manipulate or access the data saved in  that database.

1. Computer monitoring: Many employers may want to monitor the computer of an employee may be that is beneficial for the organization but it also affects the privacy of an employee.
2. Telephone monitoring: Many organizations tape the phone calls of the employee or want to tape them so that no one will be able to give internal information to anyone who can put harm to the information saved ion the database.
3. Video Surveillance: Video surveillance is done in manner to protect the assets of the organization so that no one can theft any asset that belongs to the organization but the employees may face privacy problems by this implication.
4. Monitoring emails: Monitoring email is the most practicable practice every organization doing nowadays to keep eye on the employees. But reading or knowing about personal mails will must violate the privacy policy and hamper the privacy of an employee
5. Monitoring Internet Usage: This can cause very much beneficial effects for the organization but definitely affect the privacy (Navimipour & Zareie, 2015). 

• New Security Threat to Employee data(after moving to SaaS)

Likelihood –   VL, L, M, H, VH

Impact- –   VL, L, M, H, VH

Priority- –   VL, L, M, H, VH

1. Distant location of the corporate control: Distant location may cause problems in various aspects as there may be chances of natural calamity at one place and other need help for any malicious act but the service provider won’t be able to function properly and effectively as promised.
2. Information saved in the cloud may be compromised: Hacking is one of the biggest and known data breaches that his happening and can happen to DAS’s database system.
3. Malicious viruses can attack the system and destroy personal information (Miller & Rowe, 2012).
4. Types of information stored in the cloud should be not very personal.

1. Actions of employee become associated to the identity:
2. Legal Issues: Identity Card Acts unfolded new legal concept that involves database identity which is a collection of data stored about an employee in the database by HR.
3. Tailoring of online store to customer.
4. Privacy becomes subverted for an employee using digital identity.
5. Anonymous attributes: An anonymous attribute system will identify the employee only once.
6. Pseudonymous attributes: It can identify an individual more than once without any permanent identifier.
7. Identity theft: there are chances that a hacker can make coding in the system to manipulate the identity of an employee or can get access to the system and harm the organization by various ways (Ghazizadeh et al., 2012).

1. The process could be highly private, in which DAS manages the HR and contract managers:  For any case which is irrelevant and not appropriate for the data stored in the system, managers should look onto features and capabilities of DAS.
2. Applicant tracking: It considers managers capability of posting jobs for the employees, applications and boarding latest employers.
3. HRMS software offered can have beneficial effects to the administration: This can help in offering beneficial plans to the clients by varying easy managing of employee enrollment.
4. Performance management: It is the ability to keep records of the aims of employees and can manipulate them in manner to enhance the performance of an organization (Uddin, Luva & hossain, 2012).

                                                          Figure: Solution Architecture including security and privacy

                                                                                   (Source: Created by author)

Sensitive data and issues related to sensitive data

There are various considerable issues of data sensitivity or jurisdiction in this case makes iot crucial to list out each relevant consideration that can be implemented in data sensitivity policies.

There are not same requirements for the protection of each data such as intellectual property and financial records of the corporate of the DAS. It can be seen that the availability of the data on which the business’s life and continuity was dependent are critical.  The spoofing and substituting of data or other malicious matters that can cause system to behave improperly are the moment assuring data integrity.

Conclusion:

Based on the above report it can be concluded that the privacy and security issues in the implementation of new SaaS program into DAS has been successfully examined based on the severity matrix which is proposed above in the report. There are various risks in implementing this new SaaS software in DAS which can seriously affect the organization but it can be mitigated or completely eliminated by the measures discussed above. Data Control location was established far away which can also result in various security and privacy threats to the data of the employee saved in the HR database.

References:

Asghari, H., van Eeten, M. J., & Bauer, J. M. (2015). Economics of fighting botnets: Lessons from a decade of mitigation. IEEE Security & Privacy, 13(5), 16-23.

Carroll, J. M. (2014). Computer security. Butterworth-Heinemann.

Ghazizadeh, E., Zamani, M., Khaleghparast, R., & Taherian, A. (2012, December). A trust based model for federated identity architecture to mitigate identity theft. In Internet Technology And Secured Transactions, 2012 International Conference for (pp. 376-381). IEEE.

Humphreys, E. (2016). Implementing the ISO/IEC 27001: 2013 ISMS Standard. Artech House.

Juels, A., & Rivest, R. L. (2013, November). Honeywords: Making password-cracking detectable. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp. 145-160). ACM.

Mann, M. I. (2012). Hacking the human: social engineering techniques and security countermeasures. Gower Publishing, Ltd..

Miller, B., & Rowe, D. (2012, October). A survey SCADA of and critical infrastructure incidents. In Proceedings of the 1st Annual conference on Research in information technology (pp. 51-56). ACM.

Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. It Professional, 14(5), 53-55.

Navimipour, N. J., & Zareie, B. (2015). A model for assessing the impact of e-learning systems on employees’ satisfaction. Computers in Human Behavior, 53, 475-485.

Sood, A. K., & Enbody, R. J. (2013). Targeted cyberattacks: a superset of advanced persistent threats. IEEE security & privacy, 11(1), 54-61.

Sun, X. (2012). A systematic approach for migrating enterprise networks(Doctoral dissertation, Purdue University).

Uddin, M. J., Luva, R. H., & Hossain, S. M. M. (2012). Impact of organizational culture on employee performance and productivity: a case study of telecommunication sector in Bangladesh. International Journal of Business and Management, 8(2), 63.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order