24 x 7 Online Help
This report will analyse the data security requirements of the 'Safe Journey'. In addition to this, it will also provide the review of the existing data security provision in the organisation. A small discussion will be given on the appropriate security encryption of the company along with the cost associated with it.
Get free samples written by our Top-Notch subject experts for taking assignment help services.
Data security requirements
The data security requirements constitute a wide range of processes and tools that help the company to protect themselves in cyber space (Hashizume, et.al, 2013). The requirements are given below:-
- Risk Management Regime: An organisation should embed with an effective risk management regime. Along with this, there should be a strongly empowered governance structure.
- Secure Configuration:The systems and processes should be built on a secured baseline technology. This would involve configuration management in protecting the systems.
- Network Security:Since most of the data is stored in the cloud storage through the Internet, this may expose the systems to cyber-attacks. Organisations must have a robust architectural and technologically advance response system.
- User Education and Awareness:Organisation should organise the awareness programme and training provide expertise to the users about handling their personal data.
- Incident Management:Security incidents are very common within an organisation. Investing in the efficient incident management systems and policies that will improve the resilience and customer confidence.
- Malware Prevention:The data thefts and hackers get the access to the data by introducing certain malware. These malware can cause serious harms to the systems. Risk can be reduced by developing and applying malware protection.
- Removable Media Control:Removable media access may be the fastest way of sharing information and data, but it increases the chances of introduction of malware. Putting a control over it can be very useful in fighting against data theft.
- Monitoring:Monitoring systems regularly will be helpful in detecting the attempted attacks on the business services and systems (Kaufman, 2013).
Review of existing data security
The existing data security of the 'Safe Journey' can be reviewed on several aspects, namely compliance and awareness, information governance, record retention, and security of personal data.
Compliance and awareness:This would judge the privacy awareness and legislation compliance. The organisation follow the guidelines given in the General Data Protection Regulation, Unsolicited Communication Regulations, Human Rights Act. There are security standards, service agreements, policies, and statutory obligation defined by the management.The company is also providing the training and running client awareness programmes.
Information governance:The Company follows a fair and lawful governance processing. The data is processed with fairness and lawful procedures. In addition to this, the organisation takes care of the adequate level of protection while transferring information from one system to another or one country to another.
Record retention:The information and personal data, such as passport number, date of birth, account details, etc., are stored as per the guidelines given in the GDPR. In addition to this, the company has a well-defined record retention and destruction policies. The storage systems are regularly monitored in order to analyze any data theft (Stuart&Marek, 2016).
Security of personal data: the company is strictly against the use of the USB or disks. It has hired a third-party to provide data security solutions and review logging. The company also conducts regular reviews and assessment of the security system.
Appropriate security encryption
In order to propose a security encryption type, many factors should be seen. The most important of them is the size of the key. Considering this point, RSA encryption is suggested for the company. It make use of the public-key cryptography in order to deliver data through an insecure network. This encryption has two key, namely public key and private key. The former can be accessed by anyone while the private key is always confidential. One needs both keys while encrypting and decrypting an information. The key size is large, thereby increasing its level of security. The size of the key may usually vary between 1024 bits and 2048 bits. This may result in the slower encryption and decryption of the information (Li, et.al, 2014).
Costs associated with encryption
The cost of RSA encryption depends on the several factors but the major part of it depends on the length of the keys that users want. Obviously, the larger key would need more time of the developers or what they say CPU hours. The cost and time complexity for the particular type of key lengths. The estimation is given below:-
- RSA keys of 512 bit- 2 CPU hours- overall cost $ 0.06
- RSA keys of 1024 bit- 97 CPU days- overall cost $40-$80
- RSA keys of 2048 bit- 140.8 CPU years- overall cost $20,000-$40,000
In this report, a discussion on thedata security requirements of the 'Safe Journey' was done, wherein a review of the existing data security provision in the organisation was provided. A small discussion was done on the appropriate security encryption of the company along with the cost associated with it.
- Li, H., Lin, X., Yang, H., Liang, X., Lu, R., &Shen, X. (2014). EPPDR: an efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid. IEEE Transactions on Parallel and Distributed Systems, 25(8), 2053-2064.
- Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.
- Kaufman, L. M. (2013). Data security in the world of cloud computing. IEEE Security & Privacy, 7(4).
- Stuart, A. L., &Marek, T. L. (2016). S. Patent No. 7,107,416. Washington, DC: U.S. Patent and Trademark Office.