Your team is to write a report that proposes appropriate policies for the Charity in the following areas:
- Conduct a risk assessment for the Charity’s data. Consider the data and information that Charity holds on its clients in its current system.
- Establish the existing threats and risks to the security of that data and information contained in the in house database.
- Are there any other risks and threats to the client data after migration to an SaaS application?
- Assess the resulting severity of risk and threat to client data.
What are the threats and risks to the digital identities of the Charity’s clients from the move to a SaaS database?
Develop a Privacy strategy proposal for the Charity. The strategy should include the following items:
- Management of personal information,
- Collection and management of solicited personal information,
- Use and disclosure of personal information,
- Use and security of digital identities,
- Security of personal information,
- Access to personal information,
- Quality and correction of personal information.
Develop a personal data protection strategy proposal for the Charity. This strategy should include:
Protection of personal information,
Authorised access & disclosure of personal information,
De-identification of personal data,
Use of personal digital identities,
Security of personal data,
Archiving of personal data.
Risk Assessment for the Charity’s data
In this new era of technology, everything is evolving and getting advanced with the advent of information system and information technology. This report put emphasis of similar type of transformation for a community-based charity that is migrating data and information related to the stakeholders to the community cloud provided by a public cloud vendor. The Charity collects PII data that contains personal and sensitive information of the customers availing services from it including the information related to their digital identities. The implementation of Cloud Computing is a cost effective and efficient measures for the data management for the Charity, however there are certain security and privacy issues related to the data or information that is about to be saved in the Cloud. This report focuses on the risk assessment for the data or information of the Charity considering the risk to those data at the present scenario and risk to those data or information after the migration. A severity matrix has been presented in this report in manner to recognize the severity of the identified risks and eliminate the risks of high severity considering first priority. This report presents the objectives related to risks and threats to the digital identities of the consumers after moving the data or information to the SaaS database. Privacy Strategy proposal for the charity has also been discussed in this report considering the aspects of collection, storage, and execution of those data or information. A personal Data Protection Strategy proposal has been presented in the report that will be helpful for the Charity in securing the collected data in an efficient and effective manner.
S No. |
Existing Security Threat/Risk |
Likelihood |
Impact |
Priority |
Description |
Preventive measures |
1 |
Excessive Privileges |
M |
VH |
M |
Granting access to the users (Clients) exceeding the requirement of jobs is considered as the excessive privilege and can be used by them to gain access to the confidential information saved in the house database of the Charity (Kumar & Hasani, 2016) |
Query-level access control to the data stored in house database could be helpful preventive measures in restricting the privileges to sufficient required data and operations |
2 |
Privilege Abuse |
L |
VH |
H |
The users or the employees having access to the house database might abuse the legitimate privilege of data accessing and could use it for the unauthorized purpose. For this case an employee or client might get access of the consumers through MS-Excel client |
Access control policies are the possible solutions for the prevention of privilege abuse (Gahi, Gennoun & El-Khatib, 2015). These policies should include policies for time of day, volume retrieved by the client, location in manner to identify which user is abusing the access privileges |
3 |
Unauthorized Privilege Elevation |
H |
H |
H |
Vulnerabilities in the Database Management Software can be advantageous for the intruders or attackers and could convert the low-level access privileges in a high-level access privilege (Wei et al., 2017) |
Traditional Intrusion Prevention System (IPS) and query-level access control are the preventive measures for such type of intrusion that will be helpful in detecting the users who are using an unusual SQL operation to the particular document in the database. |
4 |
Platform Vulnerabilities |
L |
H |
VH |
Vulnerabilities underlying Outdated and old versions of operating systems and these vulnerabilities could lead to the corruption. For the Charity Windows 200 could be corrupted through blaster worm and vulnerabilities could take down the servers |
IPS tools are the better option for identifying and/or blocking the attacks those have been designed to exploit the platform vulnerabilities of the database (He, 2017) |
5 |
SQL Injection |
L |
VH |
H |
Intruders might take advantage of front-end web applications through SQL injection attacks (Muralidharan & Wong, 2016). They could use the stored procedures in manner to send database queries those are unauthorized |
Query-level access control to the database can be helpful in detecting the unauthorized stored procedures and/or unauthorized queries injected via web application |
6 |
Weak Audit |
VL |
M |
M |
Weak audit technology and policy for the Charity could be represented in terms of deterrence, compliance, forensics, recovery, and detection. |
Network-based audit system for the database of the Charity could be the better solution as appliances like these have no impact on the performance of the database and operate independently for the users through offering granular data collection (Kumar, Lal & Singh, 2017) |
7 |
Denial of Service |
M |
H |
H |
There are many techniques of deploying such attacks whereas, the common DoS attacks can be accomplished through data corruption, buffer overflows, resource consumption, and networking flooding (Rohilla & Mittal, 2013) |
This could be prevented using multiple layers safety at the network, database, and applications. |
8 |
Database Protocol Vulnerabilities |
L |
L |
H |
Database protocols having vulnerabilities could allow the unauthorized user to access the data and manipulate them for personal use ( Thuraisingham, 2015). SQL slammer worm could take the advantage of the Microsoft SQL Server of the Charity in manner to execute the attack on the database servers |
Validating and parsing SQL communication can be helpful in defending such protocol attacks in manner to make sure that they have not been malformed |
9 |
Weak Authentication |
VL |
H |
M |
This could allow the intruders to assume or predict the identity of the database users and thus could access and manipulate those data for personal benefits |
Two-factor password implementation could be helpful in ensuring the maximum security for the Charity’s database and thus preventing the unauthorized user to access the data saved in the database (Bosc et al., 2013) |
10 |
Exposure of Backup Data |
H |
VH |
VH |
Cyberattacks are the concerning topic for the current digital world and would might affect the Charity’s database and thus could affect the data or information in all the ways he or she wants to (Jin et al., 2017). |
Encryption, anti-malware, anti-virus, are some of the vital precaution that should be considered while saving the personal and sensitive information in the house database |
S No. |
Security Threat/Risk after migration to SaaS application |
Likelihood |
Impact |
Priority |
Description |
Preventive measures |
11 |
Data Access Risk |
VH |
VH |
H |
Data or information related to the PII is being uploaded to the public cloud, which is vulnerable to intrusion and many of the intruders might want to get access to those information for personal use and benefits (Almorsy, Grundv & Muller, 2016). This could lead to expose of data, manipulation, or deletion of those data by the people who are not authorized to do so. |
Customers availing services from the SaaS service provider should ensure the policies and procedures are capable of ensuring the security of the data or information. Defining level of access could be possible solution for such issues. |
12 |
Instability |
H |
H |
M |
The popularity of this technology is increasing drastically that makes it double-edged sword and thus has benefits and risks in the application of this technology ( Hashizume et al., 2013). Data portability could be the concerning issue related to the application of Cloud Computing as it can be unpredictable whether it reached to the service provider or not that makes it less reliable. |
Before leaking the data or information (PII), the Charity should read the policies and agreements carefully in manner to make sure that the service provider is providing the same security importance to the data or information. |
13 |
Lack of Transparency |
VH |
L |
H |
There is not any transparency between the service provider and the consumer availing those services as not any of the service provider provides the details about how the data will be processed and where the data is being stored. This leads to a concern for the Charity about the security of the PII that is saved in the SaaS application and the public cloud (Rong, Nguyen & Jaatun 2013). The SaaS providers always assure they will keep the data safe through keeping secrets about the system. |
SaaS providers always argue to keep safe the data through keeping the process secret and thus the policies and agreements should comply with the policies set by the Charity in manner to provide parallel security services to the consumers or the clients availing services. |
14 |
Identity Theft |
VL |
VH |
H |
There is always a unique identity for the individuals for availing SaaS and thus losing it could lead to access of the data or information to an unauthorized user. Identity theft could lead to serious issues to the functioning of the Charity or the privacy of the individuals connected to the organization. |
Proper education and awareness program should be executed within the enterprise in manner to make sure that the employees will be securely protecting their identities (Suo et al., 2013). Physical security of the systems is another option for the precaution of such loss. There should be two-authentication factor for accessing the information and data saved in the Cloud. |
15 |
Uncertainty of the location of Data |
VH |
M |
H |
The SaaS service provider does not provide information about where the data is saved even though the Cloud is a virtual space whose location cannot be detected and thus uncertainty plays a positive role in protecting the data or information related to the users. |
Policy should be crosschecked in manner to ensure penalty if any data or information is exposed or manipulated by the service provider or any unauthorized users (Sun et al., 2014). |
16 |
Paying Long-Term and Upfront |
VH |
VL |
M |
The payment is always asked before availing the services and for long-term that leads the users to be stuck with a single service provider and thus cannot avail services from another service provider (Hashem et al., 2015). |
Agreement should be make after proper investigation on the SaaS provider in manner to confirm its loyalty and reputation in the market |
17 |
Unsure to the agreement |
H |
VH |
H |
There is always terms and services attached with a valuable service that is only favourable for the service provider as all the protection from the legal allegations have been signed by the user |
The terms and conditions should be checked properly even if it takes hours to read them in manner to make sure that their policies comply with the existing policy of the Charity |
18 |
Process of Securing Data is Unknown |
M |
M |
M |
SaaS provider does not expose about the procedures of the protection, it is going tom implement in manner to ensure the security of the data or information collected about the user or user’s customers or clients |
Policy plays the biggest role in availing cloud services and ensuring security and privacy of the data or information sent over the cloud |
19 |
Not updated with Modern Security Standard |
L |
M |
H |
Most of the service providers are providing updates on how to avail the services however, no one is concerning over providing the updates related to the security for the data or information |
Encryption should be made from the side of Charity too in manner to make sure that even if the service provider fails in providing security to those data, the data itself is free from any breach or intrusion (Puthal et al., 2015) |
Probability |
|||||
Very High |
R 16 |
R 13 |
R 15 |
R 11 |
|
High |
R 3 R 12 |
R 10 R 17 |
|||
Medium |
R 18 |
R 7 |
R 1 |
||
Low |
R 8 |
R 19 |
R 4 |
R 2 |
|
Very Low |
R 6 |
R 9 |
R 5 R 14 |
||
Severity |
Very Low |
Low |
Medium |
High |
Very High |
Securing the digital identity in public cloud is much easier than hybrid cloud because a single service provider handles the public Cloud. However, the Charity will need digital identity for availing the services and manage the access control of the data and information saved into the Cloud (Azam et al., 2014). There are different and many kinds of Clouds in the market and each have one or two digital identity management system (Dinh et al., 2013). Application of federated identity management could be helpful in having a unique digital identity for each user and through this identity; the individuals could be able to avail services from different clouds. However, there are certain threats and risks on using digital identity for accessing the information that can be listed as:
`Unauthorized Secondary Usage: This is one of the major challenges on the web application such a social media or networking websites are using the data related to the user for the advertisement (Heydari, Tavakoli & Riazi, 2014). Similarly, the Cloud service providers are using the personal information of the users for the junk advertisement or simple advertisement (Kshetri, 2013). This could lead privacy issue for the users who do not want expose or reveal their personal information.
Lack of User Control: The data or information is saved in the cloud and service provider have the access to all those data or information related to the user and thus, it can be manipulated or tampered by the Cloud service provider or he is controlling all the data related to those individuals. This make a distance from the own data or information (PII) of the user, which could be misused by service provider irrespective of all the strong policies and laws (Xio & Xio, 2013). This could lead to the privacy compromising for the user and there is not any protecting and preserving mechanism for such intrusion rather than policies.
Existing Threats and Risks to the Security of Data
Unclear Responsibility: This one of the privacy issues that a user will not want to expose to the service provider or any third party without having proper authorization or close contact (Ahmed & Hussain, 2014). Many of the times, it became unclear for the users that which service provider will be responsible for the privacy mechanism, policies, and protection that lacks in security of the user.
- b Possible Solutions
There are many factors that is capable of enhancing the security of the digital identity those can be listed as: Firstly, making that the security patches and software updates is handled by a trusted IT advisor on a regular basis and provide updates to the software automatically. Secondly, construction of the protective barriers for the anti-malware, anti-virus, network security, and anti-spam solutions for all of the devices and all the data related to the personal and sensitive information of the individuals (Gubbu et al., 2013). Other solutions are providing care to the annoying pop-ups, suspicious mails and other spam, backing up the data on the regular basis and updating those information and many more. Using the strong passwords for the authentication or using two-factor password, or hiring any third party for the password management such as one log in and others can be a possible solution. Proper education and training could be helpful in increasing the awareness of the individuals on how to keeping the identification secured and safe from others who can take the benefit of those information.Personal Data Privacy Strategy
The Charity is worried regarding their privacy and security of data in the cloud. The services provided by the Charity requires being of good quality. Therefore, a proper strategy has to be planned for providing enhanced quality of services. This is the most essential and basic method for securing information and data from capture attempt (Mishra et al., 2012). Encryption is the way toward encoding a private message or content into a figure message such that exclusive the collector would have the capacity to get to that message or content. It is well known for any association for securing their data. The Charity should execute this safety effort. The initial step of this strategy requires managing and controlling personal information (AlZain et al., 2012). The Charity can maintain their personal information on the cloud server by several steps.
Passwords
Passwords are the most efficient way to securing their private data and information over a server. Passwords required being strong and complex. This helps in maintaining the security of the personal and private data. Passwords need to be of at least 8 characters including the combination of letters, characters and symbols. This increases the complexity of the passwords (Chaisiri, Lee & Niyato, 2012). The use of complex passwords prevents from an access of third party intruders in the server. The Charity have to use these type of passwords by not sharing with anyone in the organization.
Secured Browser
The second method of managing and controlling personal data is using a secured browser. Secured browsers restrict entrance of spam and viruses. Therefore, hackers cannot breach into the server of the Charity (Gampala, Inuganti & Muppidi, 2012). Private and personal information can easily be secured by the use of the secured browser.
Threats and Risks after Migration to an SaaS Application
The second step in the security strategy is to gather and deal with the requested or asked for individual data (Gellman, 2012). The gathering of this information is effectively done by following certain basic advances. These means include:
Reliable Source
Solicited individual data can be gathered and overseen just when every one of the prerequisites is met and the data is very important and are identified with each activity and capacity (Iankoulova and Daneva, 2012). The principal step is to gather, assemble and procure the data from a dependable source. The use of the reliable sources helps in minimizing risks in use of cloud server in the Charity.
Filtering of Information
This is the second most critical advance for secured gathering and administration of individual data. Once the accumulation is done from a solid source, the data ought to be separated (Yang and Jia, 2013). This incorporates the administration partition. The sifting of data will kill all the pointless data and along these lines, just the required data will be gathered. The filtering of nforuamtion in the organisation helps in maintaining a proper approach towards minimizing threats and risks in data and information.
Review
The third step is disclosure of personal information from third-party users. Various strategies are used for this process.
Logging Out
This is the most fundamental method for securing individual data from unauthenticated clients (Gupta, Seetharaman and Raj, 2013). At the point when a client signs in into a record that contains all the classified information, there is dependably a possibility that the information can be lost. The programmers and the interlopers will be effectively ready to get the data on the off chance that he does not log out from that record or he shuts the framework without logging out (Jadeja and Modi, 2012). This wonder prevents the programmers from utilizing the data to some degree. Indeed, the data is not uncovered effectively.
Limited Access to Systems
This is the second method for securing the individual data from being utilized and revealed before the unauthenticated clients (Pearson, 2013). The entrance ought to be constrained with the goal that the programmers are not ready to track them down. Passwords assume a noteworthy part of this marvel.
The information of an organization used for portraying an external representative is called as a digital identity (Hamlen et al., 2012). Digital identity can be anything including organization, person and application. Benefits of digital identities are as follows:
Data Integrity
Digital identity helps in maintaining the integrity of data and information. Therefore, this type of integration of data and information is useful for the Charity to secure their data over the cloud.
Security
Security of data and information is an important aspect of any organization. This help in increasing brand image in the market (Jain & Paul, 2013). Data identity helps in securing data and information of the Charity.
Fast
Digital identity is a fast service that makes it famous amongst all (Wu et al., 2012).
Simple
Digital identities do not have complexities. However, it is simple and easy to implement and use.
Privacy Strategy Proposal
However, out of these advantages, there is a risk of hacking of digital identities. Therefore, it is essential to implement these digital identities with high security and privacy control strategies.
Personal information includes many important and personal information of employees and customers that the Charity wants to preserve (Iankoulova & Daneva, 2012). This information may not leak at any cost, as it might increase vulnerabilities and challenges for the Charity.
Antivirus
This is the first priority for the Charity to install an updated antivirus. Antivirus helps in detecting viruses and malware on the server (Hashizume et al., 2013). It also helps in destroying these harmful viruses and spam activities in the server. Therefore, each system has to be integrated with antivirus for protecting it from cyber-attacks. Antivirus can be implemented in any system by installing the software in the system easily
Passwords
Passwords help in restricting unauthorized use of cloud server by the third party. Keeping strong passwords helps in maintaining the security of the server (Yang & Jia, 2013). Altering and changing of passwords within a specific interval of time helps in increasing security of cloud server and data stored in it.
Pop up Blocking
This kind of programming obstructs pop windows and therefore the data cannot be hacked or barged in (Behl and Behl, 2012). The fly up windows is continually pulling in different programmers for phishing purposes.
These few ways will be useful for the Charity in outlining their own data protection procedure.
The individual data ought not to be available to everybody particularly for the unauthenticated and unsanctioned clients (Yu et al., 2013). There are different approaches to prevent these sorts of clients from getting to the individual data. The Charity need to take certain measures for securing the data. These safety efforts are as per the following:
Access Control
The entrance to the framework ought to be controlled and overseen with the goal that the individual data is gotten to by every one of the clients. This measure is required and required for every one of the frameworks in the Charity.
Using Specific characters in passwords
Passwords need to be encrypted in such a way that it cannot be guessed and decrypted easily by third party intruders (Ryan, 2013). Therefore, use of special characters in passwords is required. Passwords need to be of 8 characters log containing a combination of characters, symbols and letters. Combination of capital and small letters are also required. This enhances complexity level of passwords keeping data and information secured.
Limited Access to Systems
This is the third method for securing the entrance of the individual data from being utilized and unveiled before the unauthenticated clients (Srinivasan et al., 2012). The entrance ought to be constrained with the goal that the programmers are not ready to track them down. Passwords assume a noteworthy part of this wonder.
Private WiFi Connections
Most of the security issues emerge in view of the open access of the Internet or the WiFi associations. These sorts of associations enable various clients to get to the data effortlessly (Srinivasan et al., 2012). Branch of Administrative Services or Charity ought to limit the entrance of the Internet with the goal that not everyone can get to the WiFi association. It ought to be very private and just the confirmed clients would have the capacity to get to them.
Personal Data Protection Proposal
These safety efforts would help Charity for securing and safeguarding their own data and their protection procedure would be finished.
The nature of any data ought to be up to the stamp to guarantee that the association is not securing and putting away wrong data. Bureau of Administrative Services should save their own data by taking a few measures (Behl and Behl, 2012). Nevertheless, it ought to be guaranteed at first that the data, which is being put away, is of the best quality. This will help the association to annihilate all the superfluous data and to store just the essential and imperative data. The second part is to remedy the data. Regardless of whether the data encapsulates a few issues, it ought to be rectified quickly with the goal that Charity does not confront any issues in future (Khalil, Khreishah and Azeem, 2014). This quality and amendment of individual data is an essential advance in the methodology of protection and security. In addition, a framework ought to be actualized to check the general protection and security of the framework and the data. This sort of security hazard is amazingly basic in present day world. At the point when the client sends an information, it goes through an unmistakable way or activity ( Radut, Popa and Codreanu, 2012). An interloper in the end controls the whole movement of the system and the information does not reach to the beneficiary. Firewalls can be effortlessly executed in any framework for security. Programming is accessible for usage of firewalls ( Xiao and Xiao, 2013). It does not bring about complexities. It can be effectively introduced in the framework.
The previously mentioned advances will finish the whole procedure of information control strategy (Popa et al., 2012). Branch of Administrative Services ought to settle on this procedure to control and secure their own data.
Charity is experiencing a few security issues in their own data (Arora, Parashar and Transforming, 2013). The programmers and the interlopers get simple access to the information if the data is not very secured. Individual data ought to be ensured at any cost. There are a few methods for insurance of individual data. They are as per the following:
Passwords
This is the most proficient and fundamental advance for securing data. Passwords ought to be available in all parts of their cloud, so that there exists no escape clause in the security. Additionally, keeping passwords is not sufficient just (Sefraoui, Aissaoui and Eleuldj, 2012). Changing and adjusting these passwords all the time is obligatory for the Charity. The passwords can without much of a stretch manage and secure the data from programmers.
Secured Browser
The second most essential method for overseeing and controlling the individual data in the Charity is using a safe and secure program (Wang et al., 2012). The protected program does not enable any spam or infection to enter through it and even the programmers cannot get into it. The individual data can be effortlessly overseen through a safe and secure program.
The approved access and non-divulgence are critical for any data. The information dependably has the shot of being adjusted or changed by the programmer (Arora, Parashar and Transforming, 2013). The different approaches to keep the entrance approved incorporate introducing and executing firewalls, antivirus, and get to control. This is another most vulnerable risk if there should arise an occurrence of security. A man in display between the client and the system (Xu, 2012). The minute the client sends the information, promptly the programmer can find every one of the information. He does not change the information however, he knows every last bit of it.
De-Identification of Personal Data
The specific procedure that stops and keeps a programmer to know the character of an individual data is known as the de-recognizable proof of individual information. There are different approaches to keep the distinguishing proof of information (Xiao, Song and Chen, 2013). The safety efforts incorporate antivirus, firewalls, security strategies and some more. Charity should actualize these for de-recognizable proof of their own information or data.
Use of Personal Digital Identities
The information of an association, used to depict or speak to an outer delegate is known as an advanced character. This computerized personality can be either an association, an application or a man (Gonzalez et al., 2012). These personalities have different points of interest and advantages. The essential advantages of advanced characters are as per the following:
Data Integrity
Digital personality keeps up the respectability of the information. It is to a great degree helpful for Charity.
Security
The above all else thing that comes to mind if there should arise an occurrence of information is its security (Xiao, Song and Chen, 2013). Computerized personalities help to secure the information totally and subsequently information does not get lost.
Fast
The third preferred standpoint of advanced character is that it is to a great degree quick and the speed of this person makes it well known among all.
Simple
Digital personalities do not have numerous complexities and are to a great degree straightforward. This straightforwardness makes it simpler to actualize and utilize.
The security of the individual information is the first and the principal thing that is making Charity sufficiently stressed. The security ought to be high for the individual information. A few courses are there to secure the individual information (Wang et al., 2012). These measures incorporate antivirus, firewalls, security arrangements, advanced confirmation, computerized marks and some more.
This is the last advance of the individual information assurance methodology. Filing or putting away of all information is obligatory for its security and protection (Gonzalez et al., 2012). It keeps up the privacy and respectability of the information. Additionally, chronicling of information does not enable them to get lost. Charity should consider that their information ought to be filed.
Conclusion
It can be concluded that the cloud computing is a technique that helps in improvising services provided by the Charity. The risk assessment process has helped in identifying various risks prevailing in the Charity. The charity provides various types of computing services to the customers. The security of data and information is important for the Charity. There are various risks discussed in the report related to privacy and security of data and information. The use of cloud server has helped in different ways. However, it has created various security threats for the Charity. Cyber-attacks have been creating problems for the charity for securing personal data and information. Various mitigating strategies are provided in the report. Use of strong passwords, secured browser and antivirus have helped in minimizing these risks to privacy and security of data and information. This report describes personal data privacy strategy. This sort of destruction is for the most part caused by the absence of training of the workers (Almorsy, Grundy and Müller, 2016). They ought to be legitimately prepared with the goal that they doesn't commit any errorThis strategy includes collection and management of personal information, management of private information, usage and disclosure of personal information utilization and security of digital identities, security of personal identities, access to personal information, quality and correction of personal information. The legislature of Australia has as of late changed their approaches. Thus, the Department of Administrative Services is moving and moving to a creative cloud approach. The claim to fame of this approach is that the Charity will oversee and control a consistent and settled number of administrations. Nevertheless, different systems are to be trailed by them. The report depicts about the individual information security methodology. This technique incorporates the administration of individual data, gathering and administration of requested individual data, use and divulgence of individual data, use and security of computerized characters, security of individual characters, and access to individual data, quality and rectification of individual data
Some changes are required in the security protocol of Charity. Some recommendations are provided below:
Upgrading Architecture
The Charity might suffer from loss of storage capacity for storing their personal data and information. Therefore, there is a requirement of the change in the architecture of the storage. The storage has to be integrated with best possible architecture for minimizing the risk of losing storage capacity. The architecture of the storage can be increased by increasing budget for affording better storage facility. This up gradation might help the Charity to store more data and information in a secured manner.
Maintenance
Maintenance of data and information in the storage helps in securing data and information in the storage. Therefore, it is necessary to maintain the data and information in the storage. The storage might be destroyed and damaged in case of no proper maintenance. The Charity has to maintain their important data and information over cloud storage.
Encryption
This is the most basic and important type of securing data and information. Encryption is the process of encoding a confidential message or text into a cipher text in such a way that only the receiver would be able to access that message or text. There is various algorithms used during encrypting data and information. According to the symmetric key algorithm, the key that will open the message is same as the key that has encoded the message. Asymmetric algorithm has two keys involved during encryption.
Virtual Private Network
Virtual Private Network gives a private system in an open system for sending and accepting information ( Lee and Zomaya, 2012). There are few stages to actualize VPN in a framework. At to start with, the remote VPN server ought to be designed (Garg, Versteeg and Buyya, 2013). At that point, the IP address ought to be given lastly the execution gets finished.
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.
Beloglazov, A., Abawajy, J., & Buyya, R. (2012). Energy-aware resource allocation heuristics for efficient management of data centers for cloud computing. Future generation computer systems, 28(5), 755-768.
Chaisiri, S., Lee, B. S., & Niyato, D. (2012). Optimization of resource provisioning cost in cloud computing. IEEE Transactions on Services Computing, 5(2), 164-177.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
Gampala, V., Inuganti, S., & Muppidi, S. (2012). Data security in cloud computing with elliptic curve cryptography. International Journal of Soft Computing and Engineering (IJSCE), 2(3), 138-141.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
Garrison, G., Kim, S., & Wakefield, R. L. (2012). Success factors for deploying cloud computing. Communications of the ACM, 55(9), 62-68.
Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Näslund, M., & Pourzandi, M. (2012). A quantitative analysis of current security concerns and solutions for cloud computing. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), 11.
Gupta, P., Seetharaman, A., & Raj, J. R. (2013). The usage and adoption of cloud computing by small and medium businesses. International Journal of Information Management, 33(5), 861-874.
Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2012). Security issues for cloud computing. Optimizing Information Security and Advancing Privacy Assurance: New Technologies: New Technologies, 150.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5.
Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud computing: a survey. IEEE Communications Magazine, 51(11), 24-31.
Khalil, I. M., Khreishah, A., & Azeem, M. (2014). Cloud computing security: a survey. Computers, 3(1), 1-35.
Kliazovich, D., Bouvry, P., & Khan, S. U. (2012). GreenCloud: a packet-level simulator of energy-aware cloud computing data centers. The Journal of Supercomputing, 62(3), 1263-1283.
Lee, Y. C., & Zomaya, A. Y. (2012). Energy efficient utilization of resources in cloud computing systems. The Journal of Supercomputing, 60(2), 268-280.
Lin, A., & Chen, N. C. (2012). Cloud computing as an innovation: Percepetion, attitude, and adoption. International Journal of Information Management, 32(6), 533-540.
Lin, C., Su, W. B., Meng, K., Liu, Q., & Liu, W. D. (2013). Cloud computing security: architecture, mechanism and modeling. Chinese Journal of Computers, 36(9), 1765-1784.
Mishra, A., Mathur, R., Jain, S., & Rathore, J. S. (2013). Cloud computing security. International Journal on Recent and Innovation Trends in Computing and Communication, 1(1), 36-39.
Nafi, K. W., Kar, T. S., Hoque, S. A., & Hashem, M. M. A. (2013). A newer user authentication, file encryption and distributed server based cloud computing security architecture. arXiv preprint arXiv:1303.0598.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer London.
Popa, L., Kumar, G., Chowdhury, M., Krishnamurthy, A., Ratnasamy, S., & Stoica, I. (2012, August). FairCloud: sharing the network in cloud computing. In Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication (pp. 187-198). ACM.
Radut, C., Popa, I., & Codreanu, D. (2012). Cloud Computing Security. REVISTA ECONOMIC?, 171.
Ren, K., Wang, C., & Wang, Q. (2012). Security challenges for the public cloud. IEEE Internet Computing, 16(1), 69-73.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263-2268.
Sefraoui, O., Aissaoui, M., & Eleuldj, M. (2012). OpenStack: toward an open-source solution for cloud computing. International Journal of Computer Applications, 55(3).
Srinivasan, M. K., Sarukesi, K., Rodrigues, P., Manoj, M. S., & Revathy, P. (2012, August). State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud computing environment. In Proceedings of the international conference on advances in computing, communications and informatics (pp. 470-476). ACM.
Wang, C., Wang, Q., Ren, K., Cao, N., & Lou, W. (2012). Toward secure and dependable storage services in cloud computing. IEEE transactions on Services Computing, 5(2), 220-232.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
Wu, L., Garg, S. K., & Buyya, R. (2012). SLA-based admission control for a Software-as-a-Service provider in Cloud computing environments. Journal of Computer and System Sciences, 78(5), 1280-1299.
Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.
Xiao, Z., Song, W., & Chen, Q. (2013). Dynamic resource allocation using virtual machines for cloud computing environment. IEEE transactions on parallel and distributed systems, 24(6), 1107-1117.
Xu, X. (2012). From cloud computing to cloud manufacturing. Robotics and computer-integrated manufacturing, 28(1), 75-86.
Yang, K., & Jia, X. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE transactions on parallel and distributed systems, 24(9), 1717-1726.
Yu, N. H., Hao, Z., Xu, J. J., Zhang, W. M., & Zhang, C. (2013). Review of cloud computing security. Dianzi Xuebao(Acta Electronica Sinica), 41(2), 371-381.
Gahi, Y., Guennoun, M., & El-Khatib, K. (2015). A secure database system using homomorphic encryption schemes. arXiv preprint arXiv:1512.03498.
Wei, C. Y., Cai, X. Q., Liu, B., Wang, T., & Gao, F. (2017). A generic construction of quantum-oblivious-key-transfer-based private query with ideal database security and zero failure. IEEE Transactions on Computers.
Subramanian, S. R., & Iruku, S. V. R. (2016). U.S. Patent Application No. 15/132,550.
Muralidharan, N., & Wong, D. M. (2016). U.S. Patent No. 9,323,922. Washington, DC: U.S. Patent and Trademark Office.
Kumar, A., Lal, R., & Singh, G. (2017). Review on QoS and Security of Database System using Genetic Algorithm. International Journal of Computer Applications, 163(3).
Rohilla, S., & Mittal, P. K. (2013). Database Security: Threats and Challenges. International Journal of Advanced Research in Computer Science and Software Engineering, 3(5).
Bosc, P. (Ed.). (2013). Fuzziness in database management systems (Vol. 5). Physica.
AlZain, M. A., Pardede, E., Soh, B., & Thom, J. A. (2012, January). Cloud computing security: from single to multi-clouds. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 5490-5499). IEEE.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Jadeja, Y., & Modi, K. (2012, March). Cloud computing-concepts, architecture and challenges. In Computing, Electronics and Electrical Technologies (ICCEET), 2012 International Conference on (pp. 877-880). IEEE.
Liu, W. (2012, April). Research on cloud computing security problem and strategy. In Consumer Electronics, Communications and Networks (CECNet), 2012 2nd International Conference on (pp. 1216-1219). IEEE.
Iankoulova, I., & Daneva, M. (2012, May). Cloud computing security requirements: A systematic review. In Research Challenges in Information Science (RCIS), 2012 sixth international conference on (pp. 1-7). IEEE.
Bonomi, F., Milito, R., Zhu, J., & Addepalli, S. (2012, August). Fog computing and its role in the internet of things. In Proceedings of the first edition of the MCC workshop on Mobile cloud computing (pp. 13-16). ACM.
Gellman, R. (2012, August). Privacy in the clouds: risks to privacy and confidentiality from cloud computing. In Proceedings of the World privacy forum,.
Behl, A., & Behl, K. (2012, October). An analysis of cloud computing security issues. In Information and Communication Technologies (WICT), 2012 World Congress on (pp. 109-114). IEEE.
Herbst, N. R., Kounev, S., & Reussner, R. H. (2013, June). Elasticity in Cloud Computing: What It Is, and What It Is Not. In ICAC (Vol. 13, pp. 23-27).
Thuraisingham, B. (2015, June). Database Security: Past, Present, and Future. In Big Data (BigData Congress), 2015 IEEE International Congress on (pp. 772-774). IEEE.
Kumar, B., & Al Hasani, M. H. S. (2016, October). Database security—Risks and control methods. In Computer Communication and the Internet (ICCCI), 2016 IEEE International Conference on (pp. 334-340). IEEE
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Proposed Policies For Data Security And Privacy For Charity In Essay.. Retrieved from https://myassignmenthelp.com/free-samples/itc568-cloud-privacy-and-security/analysis-of-cloud-privacy-personal-security.html.
"Proposed Policies For Data Security And Privacy For Charity In Essay.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/itc568-cloud-privacy-and-security/analysis-of-cloud-privacy-personal-security.html.
My Assignment Help (2021) Proposed Policies For Data Security And Privacy For Charity In Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/itc568-cloud-privacy-and-security/analysis-of-cloud-privacy-personal-security.html
[Accessed 14 November 2024].
My Assignment Help. 'Proposed Policies For Data Security And Privacy For Charity In Essay.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/itc568-cloud-privacy-and-security/analysis-of-cloud-privacy-personal-security.html> accessed 14 November 2024.
My Assignment Help. Proposed Policies For Data Security And Privacy For Charity In Essay. [Internet]. My Assignment Help. 2021 [cited 14 November 2024]. Available from: https://myassignmenthelp.com/free-samples/itc568-cloud-privacy-and-security/analysis-of-cloud-privacy-personal-security.html.