ICT System Administration: Data Breach Analysis & NDB Scheme Report

Verified

Added on 2023/06/07

AI Summary

This report provides a comprehensive analysis of a data breach incident, focusing on the Page Up data breach that affected Tasmania University. It assesses the vulnerabilities exposed by the breach, discusses the Notifiable Data Breach (NDB) scheme under the Privacy Act 1988, and evaluates measures to prevent future incidents. The report outlines the responsibilities of organizations under the NDB scheme, including notification procedures and pre-requisites for adopting the scheme. Mitigation techniques and required measurements for data security are discussed, emphasizing the importance of security audits, data breach response plans, staff training, and secure data handling practices. The report concludes that the NDB scheme is crucial for companies to protect data, respond effectively to breaches, and maintain transparency.

Running head: ICT SYSTEM ADMINISTRATION
ICT System Administration
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ICT SYSTEM ADMINISTRATION
Introduction:
In this report the topic that will be discussed is of the data beach. The incident that
will be evaluated in the report is of the data breach that happen in the company named Page
Up which affected the Tasmania University. In this report the assessment will be made on the
data breach. The report will show the vulnerabilities of the data breach. The scheme of the
federal data Breach Notification (NDB). In this report assessment will be on the fact that how
the company can take some measurement to avoid these kind of data breach (Leonard and
Principal 2018). The responsibilities of the company will be discussed in the report on the
context of Federal Data Breach Notification scheme. In the further report the mitigation
techniques will be given according to the data breaches.
Notifiable Data Breach Scheme:
This is one kind of scheme that protects the data from getting breach, this act comes
under the privacy Act 1988 under Part3C. This enables the procedure that required after a
potential data breach. When a data breach occurs it affects the individuals and the
organizations because the data contains lots of confidential information about the companies
or about the human beings (Feary 2018). The notifiable data breach scheme helps the
company to get notified of the potential data breach. It states various aspects that how the
companies will be able to take care of the situation when a data breach occurs. It considers
the suspected data reach and then notify the users about the potential harm.
Data breach mainly happens when a data is manhandled by the unauthorized user and
use the data without the consent of the owner. There are several situation that is known to be
the eligible for data breach like when a device of that contains confidential information get
stolen or lost, when the confidential data base hacked, when the personal information is
accessed by the unauthorized user (Bird 2017).

2ICT SYSTEM ADMINISTRATION
Importance of NDB scheme:
The Notifiable Data Breach (NDB) scheme is required it helps the individuals and the
companies to act properly after a data breach. This scheme helps the users for the protection
against the data breach. This scheme enables the transparency of the companies when they
require to respond to a data breach. The NDB provide support to the data of the companies
and it increases the information security of the industries in Australia. The NDB scheme also
provide required steps to decrease the portion of the damage due to the data breach (Brown
2017). So it is necessary for the every company to adapt the Notifiable data Breach Scheme.
Organizations Responsibilities:
The university must adapt the scheme of notifiable data breach. The scheme of the
NDB is mainly applied to the organization those are in need to protect the data from a data
breach and to get notified of the harm. The NDB covers several different area like the
government agencies of Australia, businesses, non-profit organisations, universities, health
care sectors, and the other major industries. The notifiable data breach notify the individuals
about the eligible data breaches (Subocz 2018). The company that will adapt the scheme will
be beneficial immensely as it covers the act of the privacy for the data. The NDB advices
several recommendations that whet is needed to be done in case of a data breach.
NDB covers a wide range of data breaches and then notify. The unauthorised access
to the personal data or stolen the data of other people without their permission is a data
breach that will be notified. Many industries affected by this like the University of Tasmania
because of the page up attack. The data breach have the potential to harm very seriously,
NDB identify the data breach that how much it will affect the organization. All kind of data
breaches are not notified as there are several exceptions are present in the case of the data
breaches. To protect the data the whole responsibility lies on the organization.

3ICT SYSTEM ADMINISTRATION
Techniques of Notification:
The companies and the organizations are notified to be aware of the data breaches that
are eligible. The scheme tells the individuals about the risk of the harm. It is required to send
the notification to the organisations to take immediate action against the data breach. The
notifications that are send to the individuals and the companies include several information.
The informations are as follows:
 Data breach description
 Contact details and the identity of the individual or of the organizations
 The informations that are of concerned data breach
 The recommendation of the further steps that the individuals must take after an
eligible data breach.
It is necessary for the all staffs of the organization to take care of the data of the
organizations. The company must take three steps to see the privacy law and make the
assessment. The three steps are given below:
The first step is to decide if the assessment is required or not to identify the
person or the resource that is used for the data breach. In the second step the investigation is
made. In this step the required informations are gathered first and then investigation is done.
It looks for the all aspect that were associated with the data that were breached (Johnston
2018). In the third and the last step the decisions that are taken basis on the pervious gathered
information are evaluated.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ICT SYSTEM ADMINISTRATION
Pre-Requirements:
In order to adapt the notifiable data breach scheme in a company several steps are
needed to be taken care off. The recommended steps are given below:
In the first step security audit is needed to be conduct to see the security of the
information. In the audit data security is gathered for further use. Then in the next step a data
breach is established to response the team of the company about the data breach. Then as per
the data breach a plan is made to respond to the situation and then update the plan if required.
In this stage the staffs of the company in needed to be trained properly so that they will be
able to response properly in case of any data breach (Selvadurai, Kisswani and Khalaileh
2017). The internal security of the company is also needed to be taken care of properly. In the
final step the key contracts will be reviewed properly with the software providers of third
parties. So it is required for the all company to take care of the above steps in order to adapt
the Notifiable Data Breach (NDB) Scheme.
Required Measurement:
It is required for the company to take care of the security of the data in order to
escape from a potential data breach. It is the responsibility of the employees of the company
to adapt the proper measurements for providing the security to prevent the data breach. The
NDB provided various situations that are eligible for data breach. These situation need to be
mitigated. The company need to assess the data breach that are suspected (Annetts 2018). It is
required for the company to mitigate these kind of situation that is lead to the data breaches.
The company must make sure that the data of the company which consists of the
confidential data must kept in a proper security so that it cannot be accessed by any third
party those do not have the authenticity. The employee of the company must use the
information in an efficient way so that any kind of vulnerabilities. Proper measurement is

5ICT SYSTEM ADMINISTRATION
needed to be taken care of by the company like they must use proper firewall so that the data
base cannot be hacked (Surrett 2018). The data breach can be only called as an eligible data
breach if because of the data breach an organization if affected. It is necessary to identify
whether the data breach has serious impact or not. The devices that consist the data must be
secured properly so that the device is not stolen or get lost. If this kind situation occurs that
the data devices get stolen or lost, so it is necessary to encrypt the data properly. Other
security measurements are also needed to be taken care of properly (Feltham 2017).
Conclusion:
From the above report it can be concluded that the Notifiable Data Breach Scheme is
very helpful for the companies at it provide many benefits. The main feature of the notifiable
data breach is to send notification after the data breach occur in a company. In the above
report assessment and identification is made on the data breach. The situation of the data
breach is described in the above report. The responsibilities of the company is described in
the context of the notifiable data breach scheme. The required measurement that the company
need to be taken care off is also discussed on the above discussion. The pre requirements that
are required to adapt the notifiable data breach scheme is also discussed with the all steps.
These steps will be able to help the company to gather the information about the data security
and the impact of the data breach.

6ICT SYSTEM ADMINISTRATION
References:
Annetts, D., 2018. Webwaves: Data protection. Preview, 2018(194), pp.38-38.
Bird, S., 2017. Mandatory notifiable data breaches. Good Practice, (12), p.26.
Brown, H., 2017. Privacy law and cyber security: Is your practice secure?: Client
confidentiality and data breach. LSJ: Law Society of NSW Journal, (39), p.88.
Daly, A., 2018. The introduction of data breach notification legislation in Australia: a
comparative view. Computer Law & Security Review, 34(3), pp.477-495.
Feary, G., 2018. Risk watch: Notifiable data breaches and the privacy act: Is your law
practice bound?. Bulletin (Law Society of South Australia), 40(2), p.21.
Feltham, M., 2017. Three things you need to know about cybersecurity and some recent
regulatory changes in Australia trends and special topics. Governance Directions, 69(3),
p.152.Feltham, M., 2017. Three things you need to know about cybersecurity and some
recent regulatory changes in Australia trends and special topics. Governance Directions,
69(3), p.152.
Johnston, A., 2018. 2018: A year of significant changes to privacy law. LSJ: Law Society of
NSW Journal, (41), p.84.
Leonard, P. and Principal, D.S., 2018. The new Australian Notifiable Data Breach Scheme.
Selvadurai, N., Kisswani, N. and Khalaileh, Y., 2017. Strengthening data privacy: the
obligation of organisations to notify affected individuals of data breaches. International
Review of Law, Computers & Technology, pp.1-14.
Subocz, C., 2018. Providers face new data breach rules. Australian Ageing Agenda, (Mar/Apr
2018), p.34.