Q Discusses the possible threats and risks to the security of user data on mobile phones, and in linked Cloud Home, - Discusses the possible threats and risks Scenario - The sudden increase in COVID-19 cases worldwide has caused considerable disruption in many countries. However, a number of countries have started to use an individual tracking approach to try and contain the spread of the virus. Task - After your successful engagement to develop privacy and personal data protection strategies for DAS, you have been engaged by the Department of Health (DoH) to advise on the development of privacy and data protection for CovidSafe users. DoH expect up to 16 million Australian mobile users to download and use this app. DoH have announced that they will be using a major U.S. based public cloud provider to host the CovidSafe data, but claim that the data will always be under Australian Government control. You are to provide a report to DoH that: Question - Discusses the possible threats and risks to the security of user data on mobile phones, and in linked Cloud and financial accounts from the use of the CovidSafe app. Answer - Security threats and issues to user data of COVIDsafe application The CovidSafe application was decided to host on the public cloud provider so that the citizens of the Australia can access this application in their mobile phones. The Covidsafe application mainly employed to reduce the spread of this virus. The affected individual can use this application and enter their personal details (Steve, 2016). Then the suitable advice will be given by the medical experts and quarantine period will be mentioned. And also surrounding people are advised to not to meet the affected individual. The patient will be monitored with the help of this application. Thus the application withholds various personal details of the patients and also has some financial details exist in the phone. The hackers sometimes attempt to hack the data present in the mobile and it significantly leads to security issues. The collection of the individual movement data in context of tracing applications can violate the data minimisation principle and cause the security and privacy issues. The following are the data that has been collected by the COVIDsafe application such as: Name Age Postcode Mobile number The collection and disclosure of the personal data must be in accordance with the privacy act otherwise the security and threats will evolve. Some of the security issues and threats evolve to the user data and they are (Al-Fedaghi, 2018): Data leakage Due to improper disclosure of the personal details of the patients, the data leakage occurs. The mobile based COVIDsafe application often causes the unintentional data leakage. The cloud based application contains some financial account details and thus the leakage of those details causes the serious concerns to the Australian government as well as users of this application (Shabtai, 2012). Network spoofing The hackers sometimes set up the free access point to look like the private Wi-Fi networks and thus usage of those network will completely paves the way for the intruders. Sometimes, the users are required to create the account to access these services and thus the password and email combinations are required. Many users use the same passwords for several applications and thus the guessing of the password is possible by making this attack. Phishing attacks As per the study, it has been seen that the mobile users always affected with this attack because they often involved in monitoring of the emails. The users of the mobile devices will be susceptible to the attacks because the email application displays the lesser information to use the smaller screen sizes. Sometimes, the hackers format the emails as per the normal emails and thus the user may attempt to click those mails. The user will be directed to unprotected websites and thus the intrusion of virus and attack can be made (Shreeram, 2010). Spyware The malicious software will be installed in the mobile device without the knowledge of user and thus stealing of the data occurs. The whereabouts and activity of the user were steal by the hackers. Improper session handling In order to facilitate the easy access of the mobile devices transactions, many applications employ tokens and it may permit the users to carry out multiple actions without enforced to re-authenticate their digital identity. The COVIDsafe app may generate the tokens for easy access and thus the session must be kept confidential. The improper session handling takes place whenever the application shares the session tokens in unintentional manner. The intruders may attempt to access the confidential data when the session has been opened for longer time even after the user navigates away from the website or applications. Vulnerability to data interception Whenever the user'stests become positive for the COVID 19 and then their data will be uploaded in the web servers. Data from the COVIDsafe application will be reserved o user device and transferred in encrypted way to the server. Thus the attacker can be able to intercept such kind of communication (Savola, 2014). Bluetooth hacking The COVIDsafe app is integrated with the Bluetooth technology and thus the Bluetooth hacking will be performed by the intruders to obtain full control over the mobile devices. It is advised not to accept unsolicited transferring of files or requests from the unknown devices. Out-dated issues The health departments engaged in accessing of the user details and thus the storing it in their system for providing suitable advice to the users. Thus the usage of out-dated security applications and system can made the attackers to the private information of the users and thus the whole security in the network will get affected. Related: Discusses the possible threats and risks Discusses the possible threats to the privacy of a user data Discusses the issues of data sovereignty Possible security controls that would prevent the loss
Related :- Q How they can protect companys data and resources how they can protect companys data and resources - ITC596 IT Risk Management - A security policy that would act to preserve the Confidentiality of their data. Q Need for security policies at DR Alarms need for security policies at dr alarms - ITC596 - How these policies will enhance DR Alarms security and help to raise their level of cyber security maturity Q Write a proposal for DR alarms write a proposal for dr alarms - Discuss and propose security policies to protect their data and resources. Q Discuss HR policies and company-wide thinking discuss hr policies and company-wide thinking - manage the business regionally managing the issues and conflict builds and retain the best performer. Q Define Global Human resource management define global human resource management - models in the international globalization - Influence of the internationalization on the associated work Q What is equitable application of the HR policies what is equitable application of the hr policies - Focus on the local culture along with the companys mission and objectives. Q Evaluate HR policies of MNCs and associated issues evaluate hr policies of mncs and associated issues - Ensure the policies are implemented equitably within the organisation without any bias. Q Discuss Multinational firms and their human resources discuss multinational firms and their human resources - Nature of human resource policy and procedure. Q Develop a short procedure for a mass letter Develop a short procedure for either (a) a mass letter mail-out or (b) the creation of an expense report. Q Identify three types of documents used Referring to the Adept Owl style guide and procedures, identify three types of documents used and required by the organisation