Tuesday, 22 December 2020

How the Homeland Security (DHS), collect, Use, Protect the personal data of U.S citizens, Residents, B1/B2 visitors?


 

★Today, many government organizations have been looking for a cloud computing solution to fulfill their IT requirements. At present, all sizes of Organizations are increasingly adopting cloud computing-based solutions to drive core business value. That’s mainly because the cloud computing benefits are many, including enhanced flexibility and scalability, resource provisioning, and reduce total expenses.

The DHS Cloud Approach:

★Cost of ownership (TCO), Time consuming, and time-to-market. Likewise, government organizations in the developed and developing countries’ put government “cloud-first” approach to persuade the service departments and agencies to adopt the cloud-based solutions to support and centralize information sharing across the organization is the scalable, secure, and most cost-effective way. Due to the technology acceleration in the cloud industry, the traditional approach has been changed over the decades. Government departments are focused on core competencies while transferring IT services to external providers has also boosted the demand for cloud computing in the industry. As a result, the cloud has changed the way that IT services are sourced, delivered, and are driving business value.


Feel free to get in touch with us for any inquiries :

Follow my tech blog to get weekly feeds : 

https://hackernoon.com/u/gtmars.com  

https://gtmars.medium.com/

Space and Mars Colonization Website: https://gtmars.com

Free travel itinerary planning Website: plan2trip.com


★The Department of Homeland Security (DHS), collects, records, use, Personally Identifiable Information (PII), from U.S citizens, Permanent Residents (PR), Public employees, service contractors, agency, and visitors (TouristThe DHS obligated by congress and law to protect the PII of every people who reside in the U.S territory to prevent privacy, security, and sovereignty.

★The PII exercised to handle how the data should be collected which increased the risk of harm if it is getting compromised. In DHS majority of the privacy incidents and incident responses are accidental. So, the DHS introduced serious guidelines to prevent further incidents in the future. The specific DHS policy and regulations were inherited according to the sensitivity of the information of handling.

Why is it important?

★The PII and SPII information is much more important to ensure adequate compliance and requirements to meet the privacy Act. If any private and public personal mishandle information of its customer and citizens can cause serious harm to the reputation.

Federal Statutes: A law that has been formally approved and written down in congress.

Image for post
Figure 1. Federal Statutes-Policy & Regulations.
Image for post
Figure 2. Office of Management & Budget (OMB)-Policy and Regulations.

DHS Policy:

★In recent years, risk and threats posed to an individual PII. The PII contains information that permits the identity of each and every individual lawful citizen directly or indirectly inferred. DHS should incorporate reasonable steps to identify, protect, collect, use, misuse, data loss, data theft, unauthorized access, data modification, data leak, and data disclosure. The guidelines focused on how the data is accessed such as data elements, SSN, non-immigration data, Health records, ethnic & religious data, internet data, and lifestyle information in conjunction with the identity of PII.

PII and SPII security:

★When the DHS agency determines the overall sensitivity of the PII, how agencies should evaluate the data sensitivity, data classification, data labeling according to the sensitivity level of each data element. For instance, the data in the table defined the sensitivity approach on the data, level of required privacy, security, to the PII, and SPII. It helps to identify a particular individual or a group of individuals based on reasonably identifiable data circumstances.

SECTION:1

Image for post
Figure 3. Personally identifiable information (PII)-Section1.
Image for post
Figure 4. Personally identifiable information (PII)-Section2.

The information lifecycle:

★The DHS and other federal agencies follow the information protection lifecycle of Personally identifiable information (PII) through the lifecycle elements.

Image for post
Figure 5. Data lifecycle-Department of Homeland security (DHS).

★Federal agencies should aware of the data collection process on when, where, how the data are collected (online/offline), and how to hold it. As I said earlier, the PII/SPII data can be static or dynamic based on the data circumstances such as data at rest, data on transit, processing center, data stored on third party centers, or data destruction.

Factors affecting successful assessment:

★If agencies did not take reasonable measures to ensure the security of the data it may affect these factors.

(i) Nature of your entity

(ii) Amount of data sensitivity

(iii) Consequences of data breaches

(iv) Security implications, and

(v) Data Privacy

★Steps and strategies: 8 security measures at DHS

Appropriate security measures to take and consider while collecting the PII data.

Image for post
Figure 6. PII-Eight security measures at DHS.

Fair Information Practice Principles (FIPP):

★The DHS defined 8 FIPP principles to enhance the information principles of the Agency’s privacy, compliance, policies, and procedures governing the collection of PII and SPII to fulfill DHS’s vision & mission.

Image for post
Table 1. Fair Information Practice principles.

Why else we Need to Know:

★The United States privacy Act authorizes the agency personally to protect and use the PII to fulfill their job responsibilities for necessary, purposes, and mission needs. It allows agency to agency to use, disclose, and protect the data according to the 552a(b)(1).

★In the privacy Act, few information disclosures are not covered for general personal, few disclosures require security clearance to access certain information. To access the data you should inquire about the officials of the supervisor to determine the PII/SPII.

Image for post
Figure 7. United States Privacy Act-552a(b)(1) on PII/SPII.
Image for post
Figure 8. United States Privacy Act-552a(b)(1) on PII/SPII.
Image for post
Figure 9. United States Privacy Act-552a(b)(1) on PII/SPII.

Note DHS important mission: To secure the nation from the many threats we face!!!

The contents in this article do not use any images of a DHS nor introduced, modified DHS policies on data collection. It is solely represented the DHS privacy and standards on data collection of the US, non-residents, and visitors to the United States.

— — — — — — — — — — — — THE END — — — — — — — — — — — — — — —

Popular and Trending: Most viewed Medium articles:

How to create a Vulnerability management security team, roles & responsibilities in your organizations?

How can I permanently turn off or disable the Microsoft Compatibility Telemetry service causing High CPU usage?

Top-14 OWASP Secure Coding Practices for software developers

How the Department of Homeland Security (DHS), collect, use, protect the PII data of U.S citizens & Lawful Residents & Visitors?

Australia’s CovidSafe App Report on Privacy, Security, Compliance & Data Sovereignty Information and Issues on Australian citizens/lawful residents?

What is the HMAC message authentication system in cryptography? How to deploy it on cryptool2.1 open-source software?

Risk Management Overview & Integration of Risk management into SDLC

Employee’s Endpoint security Internal Survey-Template

Quote of the day: 井の中の蛙、大海を知らず(I no naka no kawazu, taikai wo sirazu)

Explanation: A frog in a well never knows the vast ocean

Thanks for reading!

Have a pleasant day!













No comments:

Post a Comment

How can I permanently turn off or disable the Microsoft Compatibility Telemetry service causing High CPU usage?

  You may or may not noticed that The Microsoft Compatibility Telemetry module occupies your computer's “ CPU memory ” & “ Power usa...