ETHICAL AND SECURITY ISSUE IN INFORMATION SYSTEM Matrics Number Name MC220516788 Yuvatarishinie Kejendran MC220517514 Deepan A/L Munian MC220917925 Malcolm Gabriel John MC220917961 Marisen A/L Paramasivan
01 Definition of Ethics and Security in Information System? Definition of ethical and security issues Introduction to MySejahtera Application Background of MySejahtera Ethical and Security Issue in MySejahtera One issue faced by MySejahtera application: Data Breach 02 03 04 05 Lessons & Precautions Combatting on the Issues Conclusion Overall point of view on the issue
What is Ethical and Security Issue? Definition of ethical and security issues 01
Ethics in Information System Rules or policies created by related authorities to differentiate between the right and wrong involving actions of people in information system. Ethics is really important to maintain and prolong the usage of the information system in most useful way. Besides, ethics sets a boundary to human attitudes, action and behaviour.
Security in Information System Mechanism used to secure and defend the digital asset of the information system against occurrence of an undesirable events. An information system doesn’t exist without any vulnerabilities or threats so security ensures the integrity and availability of data and information to the public literally. SECURITY
Introduction to MySejahtera Application Background of MySejahtera 02
Collaboration (MKN) National Security Council Ministry of Health (KKM) Malaysia Communications and Multimedia Council (MCMC) Malaysian Administrative Modernisations and Management Planning Unit (MAMPU) KPISoft
Launching of MySejahtera Application 20th April 2020 Dato Sri Dr. Adham Baba Former Health Minister Prevention and Control of infectious Diseases Act 1988 [Act 342]
Purpose of MySejahtera Progress Vaccination It helps to track and update users on the total covid cases across nationwide and globally Assist users to setup appointment and receive follow ups with also a digital certificate as proof of vaccination without the hassle to move around
38,270,000 Estimated total amount of population on the year 2020 Full Name Identity Card Number Address Location
CodeBlue Survey Poll Unsure about the safety of their information No trust towards the confidentiality of the information shared Believes that their information is safe and secure 17% 62% 21%
Databases and Digital Footprint Database in the app is bigger with almost 80 Million check-ins each day Digital Footprint is left behind if not cleared in correct way.
Ethical and Safety Issue in MySejahtera One issue faced by MySejahtera application: Data breach 03
What is Data Breach - will happen when data and information is stolen from a system or server without the owner's authorization or consent will be known as a data breach - Which some confidential information and data the hacker have it, it will have some consequences
How Data Breach Happen? Here are a few methods used by the hackers : Phishing A tool use to pretend to be a person or organization and will try to persuade you to give them confidential information or to provide them the data directly Brute force attacks A tactic use to try and guess your passwords in a way more aggressive manner and try every possible combination of your password until they get it right. Malware Will occur when there are security flaws on the user personal device’s software, hardware, or the network and servers they connected to.
The Controversy - The government-owned application has been allegedly exposed by hackers which contains confidential information of users - This caused users have lose trust on the government for their negligence.
MySejahtera vs TousAntiCovid - The app state exactly when “applicable laws” would be implemented in relation to MySejahtera’s data protection. - The app's data protection is being heavily regulated by the European Union’s (EU) General Data Protection Regulation (GDPR) by having stricter privacy laws - MySejahtera did not mention any of these user rights such as whether users can uninstall the app. - French government also specifies the rights of every users to delete data by unsubscribing and uninstalling the app. - The retention period that keep our data on MySejahtera users’ check-ins history for three months, which is primarily used for contact tracing - The retention period on TousAntiCovid only keeps proximity history data users who were in close contact with another Covid-19 positive patient for a maximum of 14 days from their issue.
Lessons & Precautions 04
WHAT NEEDS TO BE DONE... enforcement and a clear sense of establishment of ownership discretion upon disclosing personal information between parties purpose-oriented data application • all parties involved in the practice of data exchange need to clearly specify the right to information to the user • organizations need to protect every users right to privacy by maintaining utmost discretion trading information • personal data should be processed by businesses only for the purpose for which it was collected
Conclusion 05 Overall point of view on the issue
TO SUMMARIZE ● Developed by KPISoft in collaboration with government agencies. ● All-In-One center to collect Malaysian citizen data on Covid-19 statuses. MySejahtera ● Data Breach and Privacy Policy Ethical & Security Issue ● Provide transparent ownership of data. ● Higher security of user's privacy ● Make sure the intent aligns with the actual purpose Dealing with the Issues
CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, infographics & images by Freepik and illustrations by Stories THANK YOU ~ Ethics is knowing the difference between what you have a right to do and what is right to do ~ Hope the audience gain some insights from us !