- This topic has 16 replies, 13 voices, and was last updated 3 years, 9 months ago by
.
-
Posts
-
-
According to the principle of information security or CIA Triad, have you ever had experience about not being able to preserve the confidentiality or Integrity or Availablity of your information system? Please share that experience.
What happened?
How did it affect the system or users?
And how to prevent it?
-
According to my experience, it was not about information system directly, but I prefer to share some story. I ‘m not sure what happened exactly but I believed that my Facebook and Line account was hacked by someone. My confidentiality was broken. It was sending some message to somebody that I did not write it. It affected me about the credibility of my account and my personal. So, I decided to suspend both Facebook and Line account and make the new one. At this time, I use new set of passwords contained around 15 character and log out every time I did not use my personal PC or mobile phone.
-
I never had an experience with preserving the confidentiality or Integrity or availability in my division’s information system directly. However, a couple of weeks ago, 3BB was hacked and customer information such as email, mobile number, date of birth was released to the public so 3BB was increased the cybersecurity in the organization.
From my online behavior, I always use two-factor authentication to ensure and secure my online account. Moreover, I often to see the SSL certificate [https:] to make sure that the website is secure and protected CIA. -
In my experience I have problem in my official hospital website in confidentiality. Website was hacked because old php framework that have low security. Some data in website was destroyed but I website was backup regularly then I restore data and replace new php framework to prevent from attacker. I replaced firewall and update antivirus in firewall to prevent from data hacking.
-
-
I’ve encountered difficulty in CIA triad in term of availability, because my workplace used servers that established in remote location and required internet connection to transfer data so when the internet down, we cannot access information nor upload data to the server. In order to continue our work, we have to use manual system such as Record in Excel and print out in paper. However, I still don’t know the solution that our IT personnel would do apply to.
-
In my work, most of them will encounter problems with the availability of services (Availability) due to a long power outage. Sometimes the Internet system crashes. Thus making service recipients at different levels Unable to use services such as report Lab results.
Prevention and solution to this problem are to switch to the government cloud.
-
I am anticipating problems concerning integrity in the online reporting system for my project currently in the development process. Since there are different levels of users to be included in the system, planning which users can assess to which data is a bit challenging to me. To maintain the integrity, in my opinion, strict access control is essential so that unauthorized or erroneous modifications cannot be done.
-
I never have directly problem about the security CIA of the information system under my control. But my Instagram account be access by other people (Hacker) last year. This is the confidentiality problem that my information were accessed by unauthorized person. It didn’t have big effect or damage, just he/she posted a picture in my account. After that I changed my password and not thing continue happened. Although this problem didn’t largely affect to me, but my confidence with the application was loss. To prevent the problem, the application developers should fix the security of the system and I should check my security of my phone or my web browser that be use to log in the application such as encryption protocol.
-
-
I never had any experiences about not being able to preserve the confidentiality or Integrity or Availability of the information system because I have to follow the policy of the office in using IT or related (collect, store, share, and communicate), follow the practices to keep the information secure such as
– Encrypt data and hatch function
– Use 2FA
– ACL (Access Control List)
– Keep passwords private
– Use Security Software -
So far, I had not experienced CIA not being preserved purely. However, confidentiality is vital part to protect patient data and it is important to train frequently about confidentiality for all users at all level. Integrity should be reinforced with authorized steps in monitoring system but it is also not an easy part.
The last but not the least, data back up and secured software and hardware system is required to protect from unnecessary data loss or being hacked. All three facts bring together to ensure ePHI and this lecture guided me what to consider in my M&E web based and mobile based recording and reporting system. -
I don’t have any experience on not being able to preserve the confidentiality and integrity, but I think I do have some experience on availability problem of my organization’s information system. I ,as a user, needed data on the mental health database, but the system always disappoint me when I am in hurry to use the data. It was frustrating and annoying because our works rely on the data, no data, no work. There are few ways to ensure the availability of the system as the following;
– Hardware maintenance;
– Software patching and update;
– Network optimization. -
-
For me , I have no any experienced about the security CIA of the information system. However, my workplace regularly offers annualy training on the subject of cyber security to keep up with the threats posed by the various forms of information systems that are essential to protecting data information, which is of the most importance in every organizations. For the website that got high risk to enttering, the information system unit department always update and block these website for make sure that no one entering these website.
-
Regarding the CIA Triad, I’ve never had serious experiences in trying to preserve that triad. Anyway, there were challenges, especially with the confidentiality issues. And I like to share a particular event relating to this issue. There are several service delivery sites at my organization, and though they use the same EMR system, the databases are stored separately. This, over time, became a barrier in sharing patient information among the service delivery sites. This led the site officers to share the patient information via Facebook messenger group. Sharing the data through such media is definitely unsafe, and may sometimes lead to the exposure of the patient data to unauthorized people or system. Anyway, the problem is now solved after our unit has established a secure and own platform to share the patient data.
-
You must be logged in to reply to this topic. Login here