ITC 568 PII STRATEGY

Appendix D

4. Develop an outline plan for the Governance 

1. PII data and digital identities for users of the My Licence portal

Plan for control of PII

Organisation needs to control and collect the alternative for collecting the data and storing it with extensive security. However, PII needs to have the stronger protection and procedures of handling the secure data. Concerns regarding PII are being risen from past years as this is increasing the chance of being a loss of theft with securing the personal information in the charity. 

Federal requirements of protecting an information system 

It is necessary for an organisation to have the federal requirements in the form of developing, documenting and implementing programs that protect the information system. This policy is concerned with supporting the operations. This is effective to issue the guidance that is concerned with operating the information with unauthorised access, use and protection of the information Pentland et.al. (2016). Also, audit is needed to be kept regarding identifying the security breaches and develop policies against identifying these breaches. 

Residing in an organisational environment

PII should be identified on all the systems that include databases, shared network drivers and backup tapes. It must display the characteristics of having a domain name, personal identification number, and address information such as street address with the personal characteristics of securing with the person fingerprint, handwriting, biometric; etc to that’s the organisation is being offered access. In order to minimise the cause of breach, it is necessary for reviewing the current holdings of PII timely, reduce PII holdings to have the schedule of PII holdings and establishing the plan for using social security numbers (SSN). 

Strategies to mitigate the risk of data loss and leakage 

Encryption:  It is the well-known strategy for preventing the data loss that will protect the business from cybercriminals, assessing sensitive data and making mistake. Encryption is almost done regarding protection of intellectual property, maintaining financial records, customer data, etc. In outlook, email security can be selected within the setting and encryption is being done with the trust centre Arroyo et.al. (2015). 

                                   Figure 1: Email encryption

Avoid uploading a sensitive document to cloud: There are different cloud services such as Google drive, Box.com and icloud may be using automatic backups. It is necessary for an organisation to perform the audit of regarding backup of the data and what type of data is being backed up. Backups are the most overlooked steps for protecting the PII and sensitive data. This is needed to be used effectively by IT managers for backup and restore of organisational data. 

                                       Figure 2: Backing up data

Use firewall and antivirus: Firewall is also the wall against securing the data that act as the barrier between internet connection and the device. The firewall will protect PII that will examine the content and data packets where it should be sent. Antivirus is the solution that compiles a database that will obtain access to your device and sensitive data Sher-Jan et.al. (2017). Along with this malware support to create a layered defence with the security that will lead to multiple protections of the data and PII. 

Holistic approach to PII protection 

Consider ISO 27001 that is the information security management standard that helps in guidance to development, implementation and maintenance of the security management system. Data encryption, staff training, policies and procedures are concerned elements of the PII protection. It is necessary for an organisation to monitor where PII is being stored, know who sees the data, creating policies of data handling, educating users and having the encryption of desktop and mobile devices Holt and Malčić,  (2015.).