With DTGOV’s client portfolio expanding to include public-sector organizations,

Question

With DTGOV’s client portfolio expanding to include public-sector organizations, many of its cloud computing policies have become unsuitable and require modification. Considering that public-sector organizations frequently handle strategic information, security safeguards need to be established to protect data manipulation and to establish a means of auditing activities that may impact government operations. DTGOV proceeds to implement the digital signature mechanism specifically to protect its Web-based management environment (Figure 10.6). Virtual server self-provisioning inside the IaaS environment and the tracking functionality of realtime SLA and billing are all performed via Web portals. As a result, user error or malicious actions could result in legal and financial consequences. Image Figure 10.6 Whenever a cloud consumer performs a management action that is related to IT resources provisioned by DTGOV, the cloud service consumer program must include a digital signature in the message request to prove the legitimacy of its user. Digital signatures provide DTGOV with the guarantee that every action performed is linked to its legitimate originator. Unauthorized access is expected to become highly improbable, since digital signatures are only accepted if the encryption key is identical to the secret key held by the rightful owner. Users will not have grounds to deny attempts at message adulteration because the digital signatures will confirm message integrity. Answer the following questions in a substantive manner: Do you agree that digital signatures are the best way to protect the data in question? Do you agree with the author’s statement that digital signatures provide a guarantee that every action performed is linked to its legitimate originator? DTGOV appears to be Canadian based. Does PIPEDA have any rulings on digital signatures?

Explanation / Answer

Q-1 : Do you agree that digital signatures are the best way to protect the data in question?

Solution : Yes , Definitely , i am agree , This is most relevant method / way to protect the data because only the authorized user would get access of the server. Unauthorized user would not get access.

Q-2 : Do you agree with the author’s statement that digital signatures provide a guarantee that every action performed is linked to its legitimate originator?

Solution : Yes , Completely agree with author's statement because to give the digital signatures , only you need to be present there , noone can have your access. Because Earlier , in Public sector organizations , most of the user tried to make the benefit from the system in their absence also. But now , Digital Signatures will only accepted if the encryption key is identical to the secret key held by the rightful owner. So , the User have to be present to give their signature self.

Q-3 : Does PIPEDA have any rulings on digital signatures?

Solution : Yes , PIPEDA ( Personal Information Protection and Electronic Documents Act ) have some ruilings for digital signatures like :

(i) It governs only for private sector organizations.

(ii) For Commercial Business , It uses electronic documents to collect , use and disclose personal information.

(iii) It has to follow the Federal government rules and policies to disclose personal information.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.