ASM655_GROUP_ASSIGNMENT_(MAC 2021)

MANAGEMENT OF INFORMATION SECURITY | ASM655 GROUP ASSIGNMENT

INSTRUCTIONS

1. This group assignment should consist of
THREE (3) or FOUR (4) members.

2. Read the case study carefully and answer
all questions provided.

3. Save your assignment as:
ASM655_GrpAsgCaseStudy_LeaderName_Group
in pdf format.

4. Submit your assignment (with cover page)
at UFuture.

5. Submission date:
25th JUNE 2021 before 11:59PM

Late submission will not be entertained
and shall affect your grades!

Semester March 2021 – August 2021 Page 1/4

MANAGEMENT OF INFORMATION SECURITY | ASM655 GROUP ASSIGNMENT

MANAGEMENT OF INFORMATION SECURITY
(ASM655)

SEMESTER MARCH 2021 – AUGUST 2021
GROUP ASSIGNMENT (20%)

CASE STUDY: SINGHEALTH DATA BREACH

On July 4th 2018, Singapore experienced the most serious data breach in history,
where Singapore’s largest healthcare group SingHealth was targeted. As a result,
1.5 million patients’ records such as NRIC number, address, date of birth, and
including the prescriptions of Singapore Prime Minister Lee Hsien Loong and
several ministers, were stolen (Trustwave, 2018). The unusual activity was detected
by the administrators from Integrated Health Information Systems (IHiS) when they
are doing their daily routine and immediately security measures are put into place
such as changing of all system and database passwords, restricting domain
administration access and blocking of connections to prevent any further access
(Tham, 2018). Investigator found out that one of the front-end workstations was
infected with malware, and the attackers used this particular workstation to get
to their targeted database by moving through the network. It was also reported
that no record was altered and the attacker’s intention was likely to just harvest
the data from the organization (Trustwave, 2018). To prevent such attack,
SingHealth could have requested the administrators from IHiS to schedule daily
routine checks for the system and run antivirus software to search for any virus
such as malware (Tham, 2018). In addition, frequent upgrades of security systems
could have been done so as to help to prevent such attacks from occurring. As
SingHealth is the largest healthcare group in Singapore and has over 1.5 million
patients’ records and thousands of staff, they are prone to such attacks if the
overall security of the organization is not well taken care of. With multiple levels of
management in place, connections throughout the organization are bound to
be weak as communicating through the different level is not an easy task.
Therefore, this will create a loophole for attackers to attack the organization and
penetrate into their systems. The director of SingHealth suggested that their doing
the employee monitoring to help reduce the such attack in the future. In addition,
staff who have set up weak administrator passwords and opening of phishing
emails are making the organization more vulnerable to such attacks. So as to
strengthen its security systems, SingHealth partner up with IHiS an IT leader that
digitises, connects, and analyses Singapore’s health ecosystem (IHiS, n.d.). IHiS
integrates intelligent, and cost-effective technologies to help SingHealth to
safeguard their information. All in all, such attacks can be prevented when there
are adequate planning and a proper strategy. The organization can rolled out
database activity monitoring tools to mitigate the coding vulnerability, setting up
of workshops to train staff and raise awareness, put a heavy fined for such acts,
and keep the threat protection technologies up to date or upgrade when
necessary to prevent such attack from occurring in the future (Tham, 2019).

Semester March 2021 – August 2021 Page 2/4

MANAGEMENT OF INFORMATION SECURITY | ASM655 GROUP ASSIGNMENT

Question 1

Propose the adequate planning and strategy for SingHealth Hospital in order to
prevent such attack.

(15 Marks)

Question 2

Discuss the pros and cons from the director suggestion regarding how to prevent the

attack.
(10 Marks)

Question 3

Discuss privacy in the context of employee monitoring. Give a real case scenario in
which the employee monitoring practices could affect one’s privacy.

(15 Marks)

Question 4

Discuss two policies that can relate with the above situation.

(10 Marks)

Submission date : WEEK 13 (Deadline: 25 June 2021 – before 11:59PM)
Late submission will not be entertained and shall affect your grades!

Semester March 2021 – August 2021 Page 3/4

MANAGEMENT OF INFORMATION SECURITY | ASM655 GROUP ASSIGNMENT

GROUP ASSIGNMENT GUIDELINES

Please follow these guidelines when compiling your assignment:
a) Format: Arial 11, spacing: 1.5 cm.
b) Arrangement of assignment is as follows:

i. Cover page
ii. Table of contents
iii. Question 1, 2, 3……
iv. Reference (APA style)
v. Turnitin report

END OF GROUP ASSIGNMENT GUIDELINES

Semester March 2021 – August 2021 Page 4/4