ITC568 | ASSESSMENT ITEM 3 | CLOUD COMPUTING

Tasks 

After your successful engagement to provide a security and privacy risk assessment for the charity, you and your team have again been engaged to develop privacy and personal data protection strategies for the charity.

Team Setup 

This assignment is the first of the team assignments for this subject. The rationale for using a team approach is that most IT policy formulations are normally conducted by teams of between 2-5 Architects, Information Security experts, Operations and Business leaders for each problem. You are already assigned to a team and the team, as a whole, will be responsible for the development of the policies.

Team Member Responsibilities

Each team member will be assessed on:

• The final privacy and personal data protection strategies presented by the team;
• The individual contributions that they have made to the policy formulation. This will be shown by the entries that they have made in the Team forum;

Team members should note that:

• A total of 20% of the total marks for this assignment are for individual contributions. These include:
• Contributions to the development of privacy and data protection policies (10%), and
• Reasoning behind the development of privacy and data protection policies (10%)
• A team member without any individual contributions in the Team Forum will be regarded as having not contributed to the risk assessment. This will result in either reduced marks or no marks being awarded to that team member for this assignment.

The task: 

Your team is to write a report that proposes appropriate policies for DAS in the following areas:

1. Develop a Privacy strategy proposal for the charity. The strategy should include the following items:
   1. Management of personal information,
   2. Collection and management of solicited personal information,
   3. Use and disclosure of personal information,
   4. Use and security of digital identities,
   5. Security of personal information,
   6. Access to personal information,
   7. Quality and correction of personal information.
2. The controls that you recommend that would:
   1. Mitigate the previously identified privacy risks,
   2. Implement the privacy strategy.
3. Develop a personal data protection strategy proposal for the charity. This strategy should include:
   1. Protection of personal information,
   2. Authorised access & disclosure of personal information,
   3. De-identification of personal data,
   4. Use of personal digital identities,
   5. Security of personal data,
   6. Archiving of personal data.
4. The controls that you recommend that would:
   1. Mitigate the previously identified security risks,
   2. Implement the personal data protection strategy.

The team is to provide a written report with the following headings:

• Privacy strategy for personal data
• Recommended Privacy controls
• Personal data protection strategy
• Recommended personal data protection strategy.

As a rough guide, the report should not be longer than about 8,000 words. The report is to be written in Word format and posted in the Team File Exchange area in Interact. 

The Privacy Strategy Group Wiki page in the Team area in Interact should be used to develop the strategy document and gather comments and suggestions from each team member. This Wiki should be exported as a single file and placed in the Team File Exchange area. 

Any strategy discussions in the team forum should be exported into a single document and loaded into the Team File Exchange area in Interact.

Each student is required to submit the following through EASTS when their group assignment is complete. This submission should contain the following:

• Student name
• Team name
• Assignment  number
• Assignment file name
• Copy of the student's answer to the question allocated to them by the team.

This will allow you to receive marks and feedback when your team assignment is marked.

Rationale

This assessment task will assess the following learning outcome/s:

• be able to examine the legal, business and privacy requirements for a cloud deployment model.
• be able to evaluate the risk management requirements for a cloud deployment model.
• be able to critically analyse the legal, ethical and business concerns for the security and privacy of data to be deployed to the cloud.

be able to develop and present a series of proposed security controls to manage the security and privacy of data deployed to the cloud.