ITEC322 Information Technology Project

Analysis the be a separate project. RAP is hosted on the current virtualised in-house platform in the IIL data centre. The solution must define a single platform to support a large volume of primary and generated data sourced from existing in-house and cloud platforms. Storage Requirements
Key factors: (note changes to factors)
Highly sensitive competitive and personal private data
Very large volumes of data, low transaction volumes
Restricted number of users (six users only in HQ)
Restricted report distribution (six users and CIO)
Episodic localised workday access only
Limited performance expectation
RAP may comprise online and some batch (overnight) processing based on priorities of jobs.

Inshore Insurance ltd. is a regulated financial institution whose head office is situated in Sydney. The general and accidental insurance services are provided by the company. The in-house activities of the company are managed by deploying the IT service. The cloud services are incorporated in the working curriculum of the business.

The problem is to diagnose the time and location which are associated with the crimes and accident to claim for the insurance cost associated with personal, household, and vehicular claims. The company is looking forward for developing the IT solution for predicting the time and location of the crime.

The use of ICT technology in the fraud detection for the insurance company helps in analysing the cause of the victim to claim for the insurance money. “The high level analysis can be effectively done with the ICT information system” (Pandhare, 2014). The cloud platform is deployed within the working curriculum of the organization to know the real cause of claim.

The cloud services helps in developing relationship with different actors to bring transparency, liability, and responsibility in the current working culture. The main purpose of this project is to analyse how cloud services works in different situation.

Constraints related with the data sensitivity and threat model:

The constraints related with the data sensitivity and threat model are reliability, security, availability, cost, complexity, performance, and legal issues migration, performance, lack of standards, reversion, lack of customization, and privacy issues.The new system is designed to exclude the flaws of the traditional working system. The new system is relevant for excluding the cost and time wasted in performing the investigation program for knowing the reason of claim.

List of Actors:

• End User of the business: They are the consumer of the cloud services. They helps in providing in providing the records and analysis of the data.
• Individual end user: There are two types of end user which are categorised as the victim and the friends and relative of the victim.
• Cloud providers: The cloud providers are responsible for providing the cloud services to the multiple cloud users.
• Cloud Auditors: They provide the Norwegian data protection authority for managing the working of cloud services.

Design Overview

“The deployment of the cloud services helps in raising the satisfaction of the customers by making use of behavioural analytics and biometrics for the identification of unauthorised access” (Yang, 2013). The working system can adapt its intelligence with the evolution of the threats. The operational efficiency of the system can be improved with the use of cloud based services by reducing the time and cost spent on the detection and investigation program for insurance claims.The following diagram shows the working architecture of the cloud based services in the Inshore Insurance ltd.

Project governance process aligns to risks in threat model:

The project governance process aligns the risks associated with the threat model by providing security to the computing environment and policies, managing the implementation of the cloud services, management of the demand and supply, management of the relationship between different actors, and managing the application services.

IT infrastructure solution defined at conceptual and logical level:

• Level 1: “The specification of the role helps in identifying the conceptualization model for the associated actors which works in context with the cloud computing technology” (Kirlidog, 2016).
• Level 2: The logical level of the design helps in identifying the behaviour of the actors to complete the associated tasks.
• Level 3: The conceptualization of the components helps in identifying the specification of processes, tasks and activity.
• Level 4: The use of sub-component helps in providing the modular architecture to the working of cloud services.

Infrastructure securities define at generic level:

• “Interaction between personal and confidential data between associated cloud users” (Joudaki, 2013). The use of security procedures helps in overcoming the problem of data leakages and data loss.
• Bring Your Own Device are equipped with security challenges. The policies and procedure should be developed to access the cloud services securely.
• Multi-tenancy: “The conflicts in data governance results in affecting the flow of activities between personal and confidential data” (Morley, 2016).
• Data governance: The data governance procedures should be applied to maintain the flow of material to manage the demand and supply.

Data solution:

The role of the actor should be identified in terms of data controller, data processor, and data subject.

• Data controller: “An entity which determines the control on processing of the personal data” (Hargreaves, 2016)
• Data processor: “An entity which determines the processes on the personal data” (Dora, 2013)
• Data subject: An entity which identifies the personal data.  

Capacity Requirement:

In the proposed architecture:

• Database should be of 10 TB Size which can be expandable between 50% to 7%
• The extension of services to the new location involves the storage of 10 TB sensitive data
• The data retention program should equip with estimated 20 years for home data, 5 years for personal data, and 10 years for vehicle data.

System Interface:

The system interface should have the following features:

• User friendly interface
• 10 nominated workers can works on the desktop devices installed at headquarters.
• Security report should be generated periodically.
• Analysis of the gathered data from different sources.

Constraints and assumption:

“The responsibility, transparency, and liability are the major constraints associated with the deployment of the cloud conceptual framework” (Barret, 2013).The following diagram shows the interface of the sub-system:

Sub-system interface:

• Identification of the relationship with friends, relatives, and victims
• Collecting and processing personal data
• Accessing of personal data from different sources
• Liability of the victim with the insurance company
• Responsibility of the victim

Performance Consideration:

The focus should be given on managing the personal and sensitive data. The performance can be measured with the management of large volume of data stored in the database.

Design Consideration:

The design should focus on the user, distribution of report, prediction of location and incident occurred, and periodically updating of security architecture.

Test criteria:

The testing of the system can be done by focusing on the security system which is used for overcoming the risks associated with the system.

References:

Barret, S. (2013). Insurance fraud and abuse: A very serious problem. 1st ed. [ebook]. https://www.quackwatch.org/02ConsumerProtection/insfraud.html [Accessed 10 Sep. 2017].

Dora, P. (2013). Insurance fraud detection leveraging big data analytics. 1st ed. [ebook]. https://www.ijsr.net/archive/v4i4/SUB153497.pdf [Accessed 10 Sep. 2017].

Hargreaves, C. (2016). Analytics for insurance fraud detection: Na empirical study. 1st ed. [ebook]. https://www.researchgate.net/publication/291833022_Analytics_for_Insurance_Fraud_Detection_An_Empirical_Study [Accessed 10 Sep. 2017].

Joudaki, H. (2013). Using data mining to detect health care fraud and abuse: A literature review. 1st ed. [ebook]. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4796421/ [Accessed 10 Sep. 2017].

Kirlidog, M. (2016). A fraud detection approach with data mining in health. 1st ed. [ebook]. http://www.sciencedirect.com/science/article/pii/S1877042812036099 [Accessed 10 Sep. 2017].

Morley, N. (2016). How the detection of insurance fraud succeeds and fails. 1st ed. [ebook]. http://eprints.lancs.ac.uk/974/2/PsyCrime&Law_06.pdf [Accessed 10 Sep. 2017].

Pandhare, S. (2014). Big data analytics: New Whistleblower on insurance fraud. 1st ed. [ebook]. https://www.infosys.com/industries/insurance/white-papers/Documents/new-whistleblower-insurance-fraud.pdf [Accessed 10 Sep. 2017].

Yang, G. (2013). Using advanced analytics to combat claim and fraud. 1st ed. [ebook]. https://www.cognizant.com/InsightsWhitepapers/Using-Advanced-Analytics-to-Combat-PandC-Claims-Fraud.pdf [Accessed 10 Sep. 2017].