Anda di halaman 1dari 8

ITNET301a

Mobile Computing
ASSIGNMENT 1

Happy Saini

Submitted to: - Nelson Chow

(Mobile computing Teacher)


Contents
INTRODUCTION ....................................................................................................................................... 2
PURPOSE ............................................................................................................................................. 2
BACKGROUND ..................................................................................................................................... 2
MOBILITY USE CASES FOR ABC HEALTHCARE ......................................................................................... 2
Likely Opponents .................................................................................................................................... 3
RATIONALE FOR MOBILITIY POLICY, ITS STANDARDS, BASELINE AND RELEVANT GUIDELINES FOR ABC
HOSPITAL ................................................................................................................................................ 4
Policy Purpose ..................................................................................................................................... 4
Policy Statement ................................................................................................................................. 4
Guidelines assisting with policy compliance ....................................................................................... 5
Allocation ........................................................................................................................................ 5
Company network access ............................................................................................................... 5
Data management .......................................................................................................................... 5
Device care ...................................................................................................................................... 6
Conclusion ............................................................................................................................................... 6
References .............................................................................................................................................. 7
INTRODUCTION
PURPOSE
The purpose of this report is to accomplish the mobility policies and procedures for issuing,
maintaining and utilization of mobile devices to the employees and other stakeholders of
ABC healthcare organization.

BACKGROUND
The aim of ABC hospital is to ensure all the Australian citizens empower with choices and
thus provide high quality hospital care. ABC hospital is distributed among two different
countries and covers two regional campuses and one headquarter in Australia with the
estimation of 250-300 employees in total. ABC hospital wanted to be a champion to deliver
best facilities with affordable care to retain itself in being Australia’ premier healthcare
organization. For this, the organization is planning to employ significant mobile devices for
the purpose of treating huge number of patients and maintain itself to stay updated with the
practices of modern healthcare. The organization has realized the benefits of utilizing mobile
devices in terms of making appropriate assessments, tracking the work of caregivers, and
collaborating with different departments of organization. Subsequently, the company also
realizes the need for ensuring the safety of sensitive information of organization as well as
patients. So, the company asked me, the CIO of the company to furnish a report on
development of mobility of mobile device policy which would help to simulate the awareness
among the community members and would lead to improve the communication and security
between patient and doctor.

MOBILITY USE CASES FOR ABC HEALTHCARE


A) Point of Care Skilled caregiving support
In order to provide point of care and real time support to the patients, the caregivers require
effective measures for collecting and updating health related data of the patients. A miniature
mobile equipment for instance a tablet or a smart phone already loaded with sensors and
applications related to healthcare would make it effortless to conduct these chores with
effortlessness from any geographical location (USA, 2015). This would enable the doctors and
other healthcare staff members to monitor and keep a track of critical signs by virtue of using
some USB sensors in the mobile device or by utilizing the device which is patient wearable in
order to track real time monitoring in contrast to traditional ways involving end of shifts
monitoring. The benefits of this approach also provision remote controlling and security of
the devices thus maintaining confidentiality and integrity of patient’s sensitive data with
increment in compliance.
B) Virtualization and zero-clients for simplifying dictation
The adoption of requirements for EHR for retaining data security and scheduling the doctors
is another challenge for healthcare. Another use case of mobile technology furnishes an
efficient solution for this scenario which involves integration and running of important
applications over the cloud instead of traditional approach of ‘computer on wheels’ setup.
This ensures secure accessibility of data by undertaking zero-client displays which can be
deployed in the patient’s room (USA, 2015). The application would provision the physician
and doctors to log in into the device from any location at any point of time for providing
assistance and dictation to the patients using the interface. Since the data is secured and
stored over the cloud data centre so the risk of losing data confidentiality also diminishes. In
order to monitor that the medication taken by patients is accurate, virtualization is another
aspect which could be undertaken. When the zero clients over cloud are deployed and
integrated with diagnostic devices for images digitally then it becomes effortless to download
scan and other tests directly to the patient’s device.
C) Creation of efficient signage through digital display
Currently the organization solely relies on bulletin boards and printed signs for
communicating and interacting with various patients and other staff members of organization.
In such scenarios integration of LED displays can deploy personalized information, digital
bulletin boards, cafeteria menus, communicate content in patient room, furnish stations for
way finding to nearest elevators and many more facilities. It provides two way benefits,
where on patient side it enables creation of friendly and modern environment by virtue of
communication of content engaging both patients and their family. On administrative side it
enables a central management, updating, and coordination of information regarding all the
facilities thus reducing the printing cost, burden on the staff and preserving their energy.

Likely Opponents
With the involvement of mobility in ABC hospital likely opponents, its profile, likely attack
vectors and mode of operations are discussed below:
 Data interception
The data interception attack may harm the security of network. The attack not only
intercepts the data but also hijack the complete session by issuing commands with the
help of users or patients. Data interception attack is also known as Man-in-middle
attack in which the attacker tries to secretly alters the communication between two
communicating parties who believes that they are directly communicating.
Eavesdropping is one of the most active man-in-middle attack. Thus, data interception
attack may change the patient’s information while transferring the reports from one
place to another and thus lead to a serious problem.
 Fake identity problem
Identity fraud is the another problem that may arise in ABC hospital due to
incorporation of mobility. Fake identity symbolizes the use of one person’s personal
information by another fraud person who wanted to have access on to confidential
information. Thus, mobility would lead to crime or defraud and hacks the personal
information of patients.
 Authorization mechanism implementation issue.
The authorization mechanism implementation problem would lead to unauthorized
access to personal information and thus lead to changes in the health related
information of target information. Thus, mobility in hospital would results to intrusion
of hospital’s system, data loss and also lead to gain access on to hospital’s website,
servers, services and all other systems by using another system’s accounts. Thus,
incorporation of mobility in ABC hospital would results to unauthorized access.
 Loss of devices
If any device of hospital gets stolen or lost, then the confidentiality of information or
data stored would also suffer (Shahzad & Hussain, 2013). After some time if somehow
device is found then it may lose the integrity of device. The possibility of spyware
installation may lead to temptation in the hospital’s system. It may happen that the
mobile devices may get lost due to its small size or its constant move from one place
to another. As in this case, if any device gets lost then all the information present in
the device will also be lost.
 Security breach attack
There are wide variety of attacks that may leverage the connection between two
communicating parties. The mobile devices usually communicate with the help of
wireless connection and thus affected by eavesdropping in order to extract the
personal or confidential information that includes username or passwords. The
wireless attacks would also misuse the identification of hardware that consists of LAN
or MAC addresses to attack the device owner ("MOBILE DEVICE SECURITY
INFORMATION FOR CIOs/CSOs", 2009).
Malware is another software that would patch the applications of third party. The
malware is then passed to mobile devices with the use of Trojan that would appear to
offer complete functionality and consists of malicious programs. The various security
attacks may include virus, Trojan horse, worms, insider attacks etc. According to
research, it is found that the carelessness of employees results to higher chance of
security risks as compared to hackers which therefore reinforces the need of
implementing strong technology and awareness in ABC hospital.
 Secondary storage devices
It is the responsibility of hospital take proper care of all the secondary storage devices
that they should not get stolen or lost. The confidential information that includes
Credentials, passwords or PINs may be present in the secondary storage mobile
devices. If the devices are not secured properly then it may lose the personal
information all other secretive information of hospital (Leung, 2008).
 Data confidentiality
The personal data includes password of ATM, account number of bank in the mobile
devices and the sensitive information of patients or customers covers their phone
numbers, personal details etc. If the devices are not kept securely and safely then it
may happen that the privacy and confidentiality of data may get lost.

RATIONALE FOR MOBILITIY POLICY, ITS STANDARDS, BASELINE AND


RELEVANT GUIDELINES FOR ABC HOSPITAL
Policy Purpose
The policy is imposed on the employees and stakeholder within the structure of ABC hospital
management for governing the authenticated and authorized utilization personal and business
owned mobile devices including smartphones and tablets provisioning the access to
organization’s information system so as to enable them to transfer work related information
and conduct business operations portably ("How to Develop Policies and Procedures | DIY
Committee Guide", 2018).

Policy Statement
The employees of ABC hospital are desiderated to utilize business approved company’s or
personal owned mobile device for accessing the wireless network of corporate and
company’s information system only in the course of normal business related routine for
effectively achieving business objectives and aims.

Guidelines assisting with policy compliance


Allocation
 The allocation of portable computing devices to the employees shall be demonstrated
solely on the basis of business need. ("How to Develop Policies and Procedures | DIY
Committee Guide", 2018)
 The range of operational data provisioning ongoing usage of devices is based on
various criteria, including, the requirement for utilization of mobile devices with
regards to mobility reasons on regular basis;
 The location of the staff members is not any particular site and the availability and
accessibility of information systems is not available.
 The purchasing standards need to be followed in case of purchasing the mobile
devices.
 Generally, the base model will be acceptable and acceptability of higher model will be
based on given justification.
Company network access
 The company resources and information for communication and computing will be
accessible to those authorized mobile devices which are in compliance to operating
environment of organization in terms of its hardware as well as software.
 The installation of anti-virus and other software patches for security will also enact as
the driving forces for authorizing the access of company’s network to mobile
computing devices.
 Also, in case a third party is accessing the network then assurance and verification
will be done by the ICT staff of organization regarding the maintaining of security
measures and compatibility of the devices.
 The organization shall reserve certain rights complying to controls implementation for
the purpose of detecting non-compatible devices and denying the network access to
them
 Certain measures for tracking or management of location will also be implemented
over company’s owned devices for instance RFID tags.
Data management
 Each employee making use of mobile device shall be accountable for data usage as
well as for maintaining secure transmission, storage, accessibility, backup and sharing
of information. This involves making the device utilization comply with the
requirements regarding legislative and other policies. The employees breaching those
requirements shall be subject to certain disciplinary actions or some other punitive
actions on the basis of applicable legislative and criminal code provisions.
 The transmission of unencrypted critical information must not take place over the
unsecured devices and thus the utilization of mobile devices must be cautioned
circumspection to the organization’s human resource.
 Prior to data transmission over the mobile devices, detection of any malicious
software must be scanned and accordingly removed from the device to make it secure
and reliable ("CDER Mobile Device Policy", 2016).
 Immediate backup of the original data must be done over the primary sources of data
storage and management of organization in case the data being transmitted over the
mobile devices is original and new.
 In case a security incident regarding breach is detected and after analysis the incident
is considered to be a breach then following procedure shall be undertaken by the
organization and accordingly disciplinary actions will be taken into consideration:
Procedure for security breach

Device care
 Certain measures must be taken into consideration for the purpose of protecting the
device from unauthorized access or theft.
 All the organization’s staff members are obliged to make use of the mobile devices
allocated to them but in a safe and informed manner.
 The security of the devices will be in the hands of the employees and they shall be
liable to the consequences in case of any negligence. No device must be left in any
unsecured location where it can be exposed to risks.
 In case of a mobile device being theft or lost, the employees are required to report the
same to the relevant ICT business unit of organization.

Conclusion
The purpose of this report was to accomplish the mobility policies and procedures for issuing,
maintaining and utilization of mobile devices to the employees and other stakeholders of
ABC healthcare organization. For this purpose, various mobility use cases were identified,
likely opponents for the mobility policy were defined and a detail description of the mobility
policy along with certain guidelines and procedures were also documented in the report.
References
Shahzad, A., & Hussain, M. (2013). Security Issues and Challenges of Mobile Cloud
Computing. International Journal Of Grid And Distributed Computing, 6(6), 37-50. doi:
10.14257/ijgdc.2013.6.6.04

USA. (2015). Mobile Technology is Making the Rounds. Retrieved from


https://www.slideshare.net/SamsungBusinessUSA/mobile-technology-is-making-the-rounds

Leung, A. (2008). A mobile device management framework for secure service delivery. Information
Security Technical Report, 13(3), 118-126. doi: 10.1016/j.istr.2008.09.003

MOBILE DEVICE SECURITY INFORMATION FOR CIOs/CSOs. (2009). Retrieved from


https://www.tisn.gov.au/Documents/Mobile+Device+-+CIO+Paper+-+Web+Version.pdf

CDER Mobile Device Policy. (2016). Retrieved from


https://www.fda.gov/downloads/AboutFDA/CentersOffices/OfficeofMedicalProductsandTobacco/CDE
R/ManualofPoliciesProcedures/UCM516447.pdf