Documente Academic
Documente Profesional
Documente Cultură
Mobile Computing
ASSIGNMENT 1
Happy Saini
BACKGROUND
The aim of ABC hospital is to ensure all the Australian citizens empower with choices and
thus provide high quality hospital care. ABC hospital is distributed among two different
countries and covers two regional campuses and one headquarter in Australia with the
estimation of 250-300 employees in total. ABC hospital wanted to be a champion to deliver
best facilities with affordable care to retain itself in being Australia’ premier healthcare
organization. For this, the organization is planning to employ significant mobile devices for
the purpose of treating huge number of patients and maintain itself to stay updated with the
practices of modern healthcare. The organization has realized the benefits of utilizing mobile
devices in terms of making appropriate assessments, tracking the work of caregivers, and
collaborating with different departments of organization. Subsequently, the company also
realizes the need for ensuring the safety of sensitive information of organization as well as
patients. So, the company asked me, the CIO of the company to furnish a report on
development of mobility of mobile device policy which would help to simulate the awareness
among the community members and would lead to improve the communication and security
between patient and doctor.
Likely Opponents
With the involvement of mobility in ABC hospital likely opponents, its profile, likely attack
vectors and mode of operations are discussed below:
Data interception
The data interception attack may harm the security of network. The attack not only
intercepts the data but also hijack the complete session by issuing commands with the
help of users or patients. Data interception attack is also known as Man-in-middle
attack in which the attacker tries to secretly alters the communication between two
communicating parties who believes that they are directly communicating.
Eavesdropping is one of the most active man-in-middle attack. Thus, data interception
attack may change the patient’s information while transferring the reports from one
place to another and thus lead to a serious problem.
Fake identity problem
Identity fraud is the another problem that may arise in ABC hospital due to
incorporation of mobility. Fake identity symbolizes the use of one person’s personal
information by another fraud person who wanted to have access on to confidential
information. Thus, mobility would lead to crime or defraud and hacks the personal
information of patients.
Authorization mechanism implementation issue.
The authorization mechanism implementation problem would lead to unauthorized
access to personal information and thus lead to changes in the health related
information of target information. Thus, mobility in hospital would results to intrusion
of hospital’s system, data loss and also lead to gain access on to hospital’s website,
servers, services and all other systems by using another system’s accounts. Thus,
incorporation of mobility in ABC hospital would results to unauthorized access.
Loss of devices
If any device of hospital gets stolen or lost, then the confidentiality of information or
data stored would also suffer (Shahzad & Hussain, 2013). After some time if somehow
device is found then it may lose the integrity of device. The possibility of spyware
installation may lead to temptation in the hospital’s system. It may happen that the
mobile devices may get lost due to its small size or its constant move from one place
to another. As in this case, if any device gets lost then all the information present in
the device will also be lost.
Security breach attack
There are wide variety of attacks that may leverage the connection between two
communicating parties. The mobile devices usually communicate with the help of
wireless connection and thus affected by eavesdropping in order to extract the
personal or confidential information that includes username or passwords. The
wireless attacks would also misuse the identification of hardware that consists of LAN
or MAC addresses to attack the device owner ("MOBILE DEVICE SECURITY
INFORMATION FOR CIOs/CSOs", 2009).
Malware is another software that would patch the applications of third party. The
malware is then passed to mobile devices with the use of Trojan that would appear to
offer complete functionality and consists of malicious programs. The various security
attacks may include virus, Trojan horse, worms, insider attacks etc. According to
research, it is found that the carelessness of employees results to higher chance of
security risks as compared to hackers which therefore reinforces the need of
implementing strong technology and awareness in ABC hospital.
Secondary storage devices
It is the responsibility of hospital take proper care of all the secondary storage devices
that they should not get stolen or lost. The confidential information that includes
Credentials, passwords or PINs may be present in the secondary storage mobile
devices. If the devices are not secured properly then it may lose the personal
information all other secretive information of hospital (Leung, 2008).
Data confidentiality
The personal data includes password of ATM, account number of bank in the mobile
devices and the sensitive information of patients or customers covers their phone
numbers, personal details etc. If the devices are not kept securely and safely then it
may happen that the privacy and confidentiality of data may get lost.
Policy Statement
The employees of ABC hospital are desiderated to utilize business approved company’s or
personal owned mobile device for accessing the wireless network of corporate and
company’s information system only in the course of normal business related routine for
effectively achieving business objectives and aims.
Device care
Certain measures must be taken into consideration for the purpose of protecting the
device from unauthorized access or theft.
All the organization’s staff members are obliged to make use of the mobile devices
allocated to them but in a safe and informed manner.
The security of the devices will be in the hands of the employees and they shall be
liable to the consequences in case of any negligence. No device must be left in any
unsecured location where it can be exposed to risks.
In case of a mobile device being theft or lost, the employees are required to report the
same to the relevant ICT business unit of organization.
Conclusion
The purpose of this report was to accomplish the mobility policies and procedures for issuing,
maintaining and utilization of mobile devices to the employees and other stakeholders of
ABC healthcare organization. For this purpose, various mobility use cases were identified,
likely opponents for the mobility policy were defined and a detail description of the mobility
policy along with certain guidelines and procedures were also documented in the report.
References
Shahzad, A., & Hussain, M. (2013). Security Issues and Challenges of Mobile Cloud
Computing. International Journal Of Grid And Distributed Computing, 6(6), 37-50. doi:
10.14257/ijgdc.2013.6.6.04
Leung, A. (2008). A mobile device management framework for secure service delivery. Information
Security Technical Report, 13(3), 118-126. doi: 10.1016/j.istr.2008.09.003