You start by sorting out the detailed requirements presented to you by John. Highlight the main enterprise data security requirements you will need to consider.
As the information provided to me by john was all verbal and I need to develop a requirement set myself. There are many major data security requirements I should consider, the chief and important among these is to make data accessible and useful. I should keep in mind that there is a need to put data to fuel decisions and shaping company direction. This means that data should be in the form where it is secured and still accessible to users (Abouelmehdi, et. al., 2017).
The major requirements that I should keep in mind are:
- Data must be standardized i.e. converted into useful forms and is user friendly as well as secured.
- Data should be efficient and beneficial in the company’s financial growth.
- Adopting the culture to provide quality data would be beneficial for us.
- The major I should focus is on security, as per the previous company’s experience this point is a must to keep in mind while working.
In your requirements analysis, Which encryption method will you choose and why?
Data encryption translates your data into another form of code that is only accessible by the person you want with the help of some secret keys or passwords. Using week data encryption can cause huge damage to your company as well as its damage to your customers too. As I am working on it I will decide to use the best and secured method to encrypt data. The encryption method I will use should have five security levels, transmission security, data security, system security, application security, and physical security (Cheng, et. al., 2017)..
Important factors from which I will choose the best method of data encryption are:
- Encryption method should easy to use: ease in using a method can help us to secure our data in the best way, and it reduces the accidents in configuration or misuse of a feature.
- Automation: many of the events are automated to prevent mistakes occurring. I will also check whether the automation options within the encryption method flexible enough to be easily modified if conditions change.
2.2.3 Key storage: I will make sure that the encryption method I am choosing has enough storage so that data can be stored and who could potentially access it.
2.2.4 If the encryption keys are available to the cloud infrastructure they should not be considered as secured.
The encryption method fulfilling all these needs is best, and I will choose that one.
2.3 Highlight some points that you have considered.
While presenting my proposal to john, here are some factors which I will keep in mind while I am going to present my assessment which is as per ABC requirements:
- Usability: the system would be user friendly for all the members of staff who need to access it. We should look for the suitability of every member accessing the system.
- Security: as per the company’s previous experiences security is the major issue they were facing. As per there are many security issues, protection of data from physical factors as well as from the risk of hacking are both important levels of security.
- Functionality: the functional modules as per ABC requirements are automation, forecast strategy, result visualization, exact and filter data, campaign planning, and ROI management.
- Development and support: making sure that there are some development plans with selected software so that we will be confident that it will definitely grow with emerging technologies.
- Scalability: data should be regularly planned so that it would be easy to manage millions of data even though your requirements are not huge right now, still it’s better to have scalability.
- Visualization and reporting: It’s important to having a check for any queries and reviewing the data as the ease of visual analysis and displaying results (Tebaa, et. al., 2015).
2.3 What guidelines will you follow in order to successfully implement your plan?
As a successful collaboration across teams to define a plan for moving forward. Invoke relevant executives to get their support and securing a budget and driving plans for the betterment of the company. These are some guidelines which I should follow while implementing my plan. Choosing an encryption provider, with centralized key and policy management allows us to scale easily in the future and exploring encryption techniques. Also, I will identify high value for data for encryption prioritization, this stage in this process may be complex and time-intensive at this time but it would probably play a major role in the future growth and success of the company and definitely provides us with the path of success. Well there is an important role of staff in implementation of this plan, as teamwork is the key point towards the growth of any company. They should plan to take out the responsibilities according to their skills, and the main thing is the staff members should not share the working process to an outsider so that we all are confident enough about the security of data plans (Krippendorff, 2018).
2.4 Explain how ABC should monitor, document, and notify future encryption issues.
Once we have our solution implemented and running, we need to continue to monitor for any outliers and violations. We should plan how our organization is moving more data over the cloud. Checking out with developers, users, and application owners who will influence more on how our company is operating. A solution provider with a broad product and services portfolio will better be positioned to advice, support, and will provide integrated solutions to grow our business (Aumasson, 2017). .
Abouelmehdi, K., Beni-Hssane, A., Khaloufi, H., & Saadi, M. (2017). Big data security and privacy in healthcare: A Review. Procedia Computer Science, 113, 73-80.
Aumasson, J. P. (2017). Serious cryptography: a practical introduction to modern encryption. No Starch Press.
Cheng, L., Liu, F., & Yao, D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), e1211.
Krippendorff, K. (2018). Content analysis: An introduction to its methodology. Sage publications.
Tebaa, M., Zkik, K., & El Hajji, S. (2015). Hybrid homomorphic encryption method for protecting the privacy of banking data in the cloud. International Journal of Security and Its Applications, 9(6), 61-70.