SCHOOL: SCHOOL OF INFORMATION AND SCIENCE TECHNOLOGY

DEPARTMENTS: Information Security Assurance, Information Technology &

Software Engineering

NAME: Maibheka Anotidaishe B

DEPARTMENT: HISA
REG No: H230702E

NAME: Tsakani Baloyi

DEPARTMENT: HIIT
REG No: H230365Z

NAME: Brian
DEPARTMENT: HISA
REG No: H230087A

NAME: Grace .T. Jamu

DEPARTMENT: HIIT
REG No: H230158Q
NAME: Ben
DEPARTMENT: HISA
REG No: H230

NAME: Dodo Esther T

DEPARTMENT: HISA
REG No: H230

NAME: Nhumburudzi Royce T

DEPARTMENT: HISE
REG No: H230179A

GROUP ASSIGNMENT QUESTION

Apply the design thinking model to solve a problem affecting businesses in an industry of
your choice. [100]
Design thinking is a human centered approach to innovation. It is a method of focusing on
people and designing based on what people need and want. It also depends on what people like
or dislike. The design thinking model is used to solve a problem and bring about innovation.
Innovation is about introducing change into relatively stable systems.

Designing thinking focuses on understanding human needs generating creative ideas and creating
innovative solutions. The design thinking model process basically involves five stages which are
empathize, define, ideate, prototype and testing.

In order to empathize, we need to understand our users and workers. This can only be done by
researching our market. This stage typically involves conducting research, interviews,
observation and other methods to gain insights to user’s experience. In this problem solving
process we are going to use questionnaires and observations to understand evaluate the people’s
needs and problems.
Salesforce limited
QUESTIONNAIRE
The following questionnaire is to gather information about the problem of data breach on
our organization can you please feel free to express yourself.

 In which department do you work in?

………………………………………………………………………………………………

 How many years have you been working in this industry of cloud computing?
………………………………………………………………………………………………

 Have you ever encountered any Data breaches

……………………………………………………………………………………………

 If yes, can you mention at least one problem you have faced?
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
 If you faced any problems, which measures did you take to reduce the effect of the
issues?
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………
 Were the measures effective though? If not, suggest the reason for the ineffectiveness.
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
 Any other suggestions that could be of benefit to the industry of cloud computing?
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
………………………………………………………………………………………………
…………………………
Thank you for your time
Salesforce is a limited company that was formed in 2018.It have been running day by day
providing cloud services to different companies. As the industry of computers is evolving, we
have been unable to protect our customers data as we have been experiencing data breaches.

We have conducted research and found that the organization is being affected by a various
consequence which follows
1. We have not been able to protect personal information
2. We are not able to conduct to the rules and regulations of privacy
3. We are not able to safeguard business reputation
4. We not been able to keep up to the budget as we try to cover up from data loss
5. We are losing trust of our customer.

Our main goal and aims

 We need to rebuild trust among customers and stakeholders by implementing robust

security measures and transparent communication practices, in order to mitigate customer
churn, safe guard our reputation, prioritizing data privacy and establishing incident
response plan

This ideate stage involves generating ideas and developing new and creative ideas. So
after conducting a research between different teams and individuals, such as IT and
security teams of Salesforce Limited. We found mitigating measures for data breaching.
The first step to this is to be open and honest about the data breach and to provide regular
updates on the steps we are taking to improve the security. This is done so as to provide
transparent communication practices. Then we will start the implementation of strong
access controls which will ensure that only authorized individuals have access to specific
data, systems and networks. These access controls can be enforced through various
mechanisms such as strong passwords, multi-factor authentication which is a security
measure that requires users to provide multiple forms of identification or credentials to
verify their identity before granting access to a system. In addition to the access controls
we might also use role based access controls, which is a security model that restricts
system access based on the roles assigned to individual users within an organization.

Data Encryption is also another method we can use to mitigate data breaching. This is a
technique that converts data into an unreadable format, which can only be decrypted with
the appropriate encryption key. This will protect the data even if it is accessed by the
unauthorized users. In addition we might also make use of Data obfuscation as an
alternative to encryption so as to enhance data protection. This technique involves
modifying, disguising data, making data confusing or unintelligent without altering its
functionality. It is also called data masking or data anonymization.

Firewalls is another method we can use to prevent data breaching. This is a security
network system that monitors and controls incoming and outgoing network traffic. It acts
as a gate keeper allowing or blocking traffic based on a set of rules. They can log
information about attempted attacks which can be used to investigate and prevent future
attacks. They can be used to create a “defense in depth strategy”, where multiple layers of
security are used to protect the system. This will make it more difficult for an attacker to
get through all the layers and access the system. They can also be configured to allow
certain types of traffic through. In addition to firewalls we can use Intrusion Detection
Systems (IDSs). These are tools used to monitor network traffic and identify suspicious
activity too. They are able to detect a wide range of attacks, generate alerts when an
attack is detected and to provide real-time monitoring.

Moreover we might have Regular Audits of Database Access Logs, so as to identify

any suspicious activity or unauthorized access attempts. They do so by reviewing the
access logs, Salesforce will be able to identify IP addresses or user accounts that are
attempting to access the data without proper authorization. This will enable quick action
to be taken before any damage is done. We might also Train Employees on Security
Awareness. As Bruce Schneier would say, “it’s not the technology that fails us, it’s the
people”. Human error remains one of the leading causes of data breaches. So by
reinforcing security best practices through training and awareness campaigns, this can
significantly reduce the likelihood of data breaches caused by human error.

If we are able to implement the ideas above we will be able to gain our customers trust
and safeguard our business reputation. However no single solution can guarantee
complete protection against data breaches, so we will have to combine a number of
strategies to significantly enhance Salesforce security posture.