IT RISK MANAGEMENT AND CYBER SECURITY

CLASS ACTIVITY

Submitted to:

Prof. Gurudutt Nayak

By:

GROUP – 5

Name Roll No.

Aditya Mahajan 21F205
Anshul Bhatt 21F210
Divyanshu Kishore 21F218
Diya Bandyopadhyay 21F219
Fateh Singh Khurana 21F220
Krishnajith S 21F230

Date: 23-07-2022
Prelude:

Aadhaar was implemented in India as ID proof. It created a lot of concern about security
issues.

Your Tasks:

1. Issues/risks listed by opponents.

2. What could have been done to address those “IT risks” (Mitigation Plan)
3. Prepare Contingency plans.

Solution:

1.
 Protection of Information and Data:
Identity, information, demographic information, and bank account information was
vulnerable to hacking and information leak.
 Biometric Authentication:
 Flaws in the biometric system while the Aadhaar implementation process was
ongoing. So, accuracy of data was compromised and duplication of aadhar
cards happened in this process.
 Withdrawal of money can be done now using biometric. So, people with
minimal IT knowledge are at risk.
 PAN Aadhar Link:
Banks were moving towards digitization at that time and along with that the linking of
Aadhar and Pan was going on. So, private data received from people were at risk.
 Illegal profiling:
Through insider leaks or external hacks of central database, the illegal profiling can
happen for individuals.
 Illegal tracking of Individuals:
Using the authentication and identification records, individuals can be tracked without
proper consent from them.
 Third Party Application:
Inadequate facilities for Aadhar enrollment resulted in to be dependant on third party
applications for feeding the data in their own databases.
 Lack of security:
There were independent agencies authorized to collect Aadhaar information from
public are not regulated enough.
 Impact of AI:
As government has access to the data of all the citizens, they will be able to track the
suspicious activities of people by tracking them. But if there are no proper data
regulation policies in place data privacy will be at risk.
2. Mitigation Plan:
 A new authentication process to be introduced where the third party must go
through verifications before accessing the data.
 Proper data protection law should be implemented so that no person’s data is
getting misused.
 In case of data breach, biometrics is not a proper authentication process, so,
unique passcode system or pin can be introduced which can be changed later
when required.
 Special ethical hacking team can be formed who will find out the
vulnerabilities in the current system. Also, organizing big bounty program to
identify the loopholes in the system.
 Implementing dummy Aadhar number protocol where the actual Aadhar ID
can be masked with a random number, which will add another layer of
protection.
 Proper IT protocols and policies so that the duplication and misuse of Aadhar
card can be reduced.

3. Contingency Plan:

Govt Of India and UIDAI

Data privacy Ethical

IT security
issues Notifications Hacking
Team
Team

 Announcing downtime for  Analyzing the root cause

the services
 Inform and educate users
about the data leakage
 Password or PIN reset
option enabled for the
people whose data has got
compromised
of data breach
 Getting track of how many
Aadhaar data are at risk
 Try to retrieve the data
 Documenting future plans
to avoid such risks

Stage 2 plans

The leaked Aadhar data has to be reset and for that users will be given specific
time frame within which they will visit the Aadhar card centre where they can
update their details to reset.