It Era Finals Reviewer

Download as pdf or txt
Download as pdf or txt
You are on page 1of 9

INFORMATION CONTROL AND PRIVACY 3.

PRIVILEGED INFORMATION - refers to


information protected bi attorney-client
DATA PRIVACY - refers to the right of individuals to privilege, doctor-patient confidentiality, or
control their personal data and ensure that it is similar legal privileges.
handled, processed, and stored in a way that respects 4. CONFIDENTIAL INFORMATION - this
their privacy and confidentiality. category includes business or trade secrets,
propriety, and any data that an organization
Data Privacy Act No. 10173 (also known as the deems confidential.
‘Data Privacy Act of 2012 (DPA)) - is an act 5. PUBLICLY AVAILABLE INFORMATION -
protecting individual personal information in some data privacy laws exclude information
information and communications systems in the that is publicly available or easily accessible
government and the private sector, creating for this from their scope.
purpose a national privacy commission, and for other 6. ANONYMIZED DATA - information that has
purposes. been processed or modified in such a way
that it can no longer be used to identify an
WHY DOES DATA PRIVACY ACT IS IMPORTANT? individual is often considered anonymized
- Protection of Personal Data data.
- Privacy Rights 7. EMPLOYEES DATA - employee-related
- Data Security information, such as HR records, payroll
- Cross-Border Data Transfer data, and performance evaluations, is often
- Accountability treated separately and subject to specific
- Consent privacy and confidentiality requirements.
- Penalties 8. CHILDREN’S DATA - many data privacy
- International Recognition laws provide special protections for the
personal data of children, often requiring
HOW DOES R.A. 10173 PROTECTS DATA parental consent for data processing.
PRIVACY? 9. FINANCIAL DATA - this category includes
sensitive financial information, such as bank
Republic Act No. 10173 protects account numbers, credit card details, and
data privacy by establishing rules financial transaction records.
and principles for the responsible 10. HEALTH DATA - information related to an
handling of personal information. individual’s health or medical history is
- Consent considered highly sensitive and is often
- Transparency subject to additional privacy protections.
- Data Security
- Data Minimization
- Data Portability
- Penalties INFORMATION AND PRIVACY
- Data Subject Rights - Information privacy refers to control over
- Data Breach Notification individuals' personal data, such as
personally identifying information (PII) or
DATA SUBJECT - is an individual whose personal personal health information (PHI). In the
data is being collected, processed, stored, or United States and many other countries,
otherwise handled by an organization or entity. these types of personal information receive
legal protections.
TYPES OF INFORMATION
1. PERSONAL DATA - This is the broadest DATA LIFE CYCLE
category and includes any information that 1. CREATE AND COLLECT - collection of
relates to an identified or identifiable information through all available channels.
individual. 2. STORE AND TRANSMIT - storage and
2. SENSITIVE PERSONAL DATA - some laws transmittal of collected information for
designate a subset of personal data as processing through: IT systems, physical
“sensitive”. filing & transport.
3. USE AND DISTRIBUTE - processing of -Personal data can be misused in a number of ways if
collected information & internal distribution. it is not kept private or if people don’t have the ability
4. RETAIN - retention of processed information to control how their information is used: criminals can
due to: possible use and statutory use personal data to defraud or harass users, entities
requirements. may sell personal data to advertisers or other outside
5. DISPOSE AND DESTROY - disposal of parties without user consent. Which can result in
processed information once retention period users receiving unwanted marketing or advertising,
lapses. and when a person’s activities are tracked and
monitored, this may restrict their ability to express
SECURITY MEASURES - aim to maintain the themselves freely, especially under repressive
availability, integrity, and confidentiality of personal governments.
data and protect them against natural dangers such
as accidental loss or destruction, and human dangers THE NATIONAL PRIVACY COMMISSION
such as unlawful access, fraudulent, misuse, unlawful - To administer and implement the provisions of the
destruction, alteration, and contamination. act, and to monitor and ensure compliance of the
country with international standards set for data
3 SECURITY MEASURES protection.
1. ORGANIZATION SECURITY MEASURES - -under section 7 of RA 10173, the NPC has 16
every personal information controller and functions. In a nutshell, the main goal of the law is to
personal information processor must also safeguard an individual’s rights to privacy while
consider the human aspect of data allowing the free flow of information. It also
protection. emphasizes the role of technology in ensuring that
2. PHYSICAL SECURITY MEASURES - this
portion shall feature the procedures intended
to monitor and limit access to the facility
containing the personal data, including the
activities therein.
3. TECHNICAL SECURITY MEASURES -
each personal information controller and
personal processor must implement
technical security measures to make sure
that there are appropriate and sufficient
safeguards to secure the processing of
personal data, particularly the computer
network in palace, including encryption and
data remains secure.
authentication processes that control and
limit access.
PILLAR 1: APPOINT A DATA PROTECTION
OFFICER
DATA QUALITY - refers to the accuracy and reliability
-Appointing a data protection officer (DPO) is a legal
of the data itself, data governance is how the
requirement for personal information controllers
organization manages its data on a high level.
(PICS) and personal information processors (PIPS),
under data privacy act of 2012.
INFORMATION SECURITY - The principal legislation
in the Philippines on cybersecurity is the Cybercrime
COMPLIANCE OFFICER FOR PRIVACY (COP) - is
Prevention Act and the Implementing Rules and
an individual or individuals who perform some of the
Regulations of Republic Act No. 10175 ('the
functions of a DPO in these cases:
Cybercrime IRRs').
- LOCAL GOVERNMENT UNITS (LGUs)
- PRIVATE SECTOR
- OTHER ANALOGOUS CASES
INTRODUCTION TO THE 5 PILLARS OF
COMPLIANCE
DIFFERENCE OF COP AND DPO

DPO - the position of the DPO remains a legal


DATA PRIVACY RISKS
requirement that companies must comply with
COP - are a mark of an organization that takes
privacy seriously at the highest level. PRIVACY IMPACT ASSESSMENT (PIA)
- is an instrument for assessing the potential impacts
on privacy of a process, information system, program,
software
DATA PROCESSING SYSTEM module, device or other initiative which
- is a combination of machines, people, and processes personal information and in
processes that for a set of inputs produces a defined consultation with stakeholders, for
set of outputs. taking actions as necessary to treat privacy risk.
-inputs and outputs are interpreted as data, facts,
information, etc. REASONS TO CAUSE PRIVACY IMPACT
ASSESSMENT
MANDATORY REGISTRATION
- Please note that not all entities are required to - Collects personal data
create an account with the NPCRS. Only the following - Change in applicable privacy related laws
PICs or PIPs are mandated to register its data and regulations
processing systems: - New or prospective technology, service
- Sensitive personal information
a.A PIC or PIP that employs two hundred fifty (250) - Privacy violation complaint
or more persons; or
b.Those processing sensitive personal information of WHO CONDUCTS PIA
one thousand (1,000) or more individuals; or
c.Those processing data that will likely pose a risk to 1. Personal Information Controller (PIC)
the rights and freedoms of data subjects shall register 2. Personal Information Processor (PIP)
all Data
Processing Systems; or BENEFITS OF PIA
d. Government Agency or Instrumentality.
- Demonstrate commitment to privacy
VOLUNTARY REGISTRATION protection
- PICs or PIPs whose Data Processing System does - Enhances trust with individuals and
not operate under any of the conditions set out above stakeholders
may register voluntarily. - Minimizes privacy risk and potential legal
consequences
REGISTRATION PROCESS
- A PIC or PIP shall create an account by signing up
in the NPC’s official registration platform through the
NPCRS. The prescribed application form shall be PILLAR 3: CREATE A PRIVACY MANAGEMENT
accomplished and shall be uploaded together with all PROGRAM
the supporting documents.
- The NPC shall issue a Certificate of Registration in PRIVACY MANAGEMENT PROGRAM (PMP) - is a
favor of a PIC or PIP that has successfully completed holistic approach to privacy and data protection,
the registration process. important for all agencies, companies or other
organizations involved in processing of personal data.
REQUIREMENTS FOR DATA PROCESSING
REGISTRATION IMPORTANCE OF PRIVACY MANAGEMENT
- Fee(s) PROGRAM (PMP)
- Provision of detailed information
- Puts everyone on the same page
PILLAR 2: CONDUCT A PRIVACY RISK - Compliance with the Act becomes more
ASSESSMENT manageable
- is a risk management framework for - Gives PICs and PIPs competitive advantage
determining the risk of holding and - Saves PICs and PIPs from avoidable
maintaining PII (Personal Identifiable expenses
Information).
PRIVACY MANUAL What should be encrypted?
- serves as a guide or handbook for ensuring - Emails
the compliance of an organization or entity - Portable Media
with the DPA, its Implementing Rules and - Links (URL)
Regulations (IRR), and other relevant issues
of the National Privacy Commission (NPC). It DATA SHARING - is the disclosure or transfer to a
also encapsulates the privacy and data third party of personal
protection protocols that need to be data under the custody of a personal information
observed and carried out within the controller or
organization for specific circumstances (e.g., personal information processor.
from collection to destruction), directed
toward the fulfillment and realization of the Personal Information Controllers (PIC) are those
rights of data subjects. who decide what types of data are collected and how
they are processed (i.e. Ayala Land).
WHAT IS THE PLAN DO CHECK ACT MODEL
(PDCA)? Personal Information Processors (PIP) are those
- Plan-Do-Check-Act is also called the Deming who process data as instructed by the controllers (i.e.
Cycle because it was popularized by William HR Mall).
Edwards Deming.
- The cycle is called Plan-Do-Check-Act DATA SHARING AGREEMENT- refers to a contract,
because it consists of these four steps (plan, joint issuance, or any similar document that contains
do, check and act). the terms and conditions of a data sharing
- The cycle was invented for improvement of arrangement
manufacturing processes, but is now used between two or more parties provided that only
for all kinds of processes, including personal information controllers shall be made parties
enterprise processes such as information to a data sharing agreement.
security.
TYPES OF SECURITY CONTROL
1. PHYSICAL CONTROLS - describe anything
PILLAR 4: IMPLEMENT YOUR PRIVACY tangible that’s used to prevent or detect
AND DATA PROTECTION MEASURES unauthorized access to physical areas,
systems, or assets.
ACCESS CONTROL POLICY - sets 2. TECHNICAL CONTROLS - Also known as
requirements of credentials logical controls include hardware or software
and identification that specify how access to mechanisms used to protect assets.
computers, 3. ADMINISTRATIVE CONTROLS - It refers to
systems, or applications is managed and policies, procedures, or guidelines that
who may define personnel or business practices in
access the information in most accordance with the organization's security
circumstances. goals.

DATA CENTER - is a facility housing PILLAR 5: REGULARLY EXERCISE YOUR


electronic equipment BREACH REPORTING
used for data processing, data storage, and PROCEDURE.
communications networking.
SECURITY INCIDENT - is any event or occurrence
ENCRYPTION - protects emails, bank that affects or tends to affect data protection, or may
accounts, transactions, and compromise the availability, integrity, and
messages. In general, it protects data by confidentiality of personal data. It includes incidents
encoding the information in that would result in a personal data breach, if
such a way that it is only accessible to not for safeguards that have been put in place.
authorized parties or
individuals. DATA BREACH - is a kind of security incident. It
happens when there is a breach of security leading to
the accidental or unlawful destruction, loss, alteration, 2. Data governance policy - that ensures
unauthorized disclosure of, or access to, adherence to the principles of transparency,
personal data transmitted, stored, or otherwise legitimate purpose, and proportionality
processed. 3. Implementation of appropriate security
3 KINDS OF DATA BREACHES: measures - that ensure the accessibility,
1. AVAILABILITY BREACH - from the loss consistency, and privacy of personal data being
accidental or unlawful destruction of handled
personal data 4. Regular monitoring for security breaches -
2. INTEGRITY BREACH - from the vulnerability scanning of computer networks
unauthorized alteration of personal data; 5. Capacity building of personnel - to ensure
3. CONFIDENTIALITY BREACH - from the understanding of company policies for handling
unauthorized disclosure of or access to security incidents and information breach
personal data. management principles
6. Procedure for the regular review of policies and
THE SECURITY INCIDENT MANAGEMENT - is the procedures - testing, evaluating, and assessing the
process of identifying, managing, recording and effectiveness of the security measures
analyzing security threats or incidents in real-time. It
seeks to give a robust and ANNUAL REPORTS - where all security incidents
comprehensive view of any security issues within an and personal data breaches must be documented
IT infrastructure. through written reports, including those not covered
by the notification requirements.
1. Creation of a security MANDATORY NOTIFICATION - refers to the legal
incident response team requirement for organizations to notify individuals
2. Implementation of organizational, whose personal data has been compromised in a
physical and technical security data breach.
measures and personal data
privacy policies.
3. Implementation of an incident
response procedure AUTOMATION AND EMPLOYMENT
4. Mitigation of possible harm
and negative consequences to 1. AUTOMATION AND JOB DESTRUCTION
a data subject in the event 2. AUTOMATION AND JOB CREATION
of a personal data breach 3. EFFECTS OF INCREASE IN
5. Compliance with the Data Privacy PRODUCTIVITY
Act, its IRR, and all related
issuances by the NPC pertaining to
personal data breach notification
WORKPLACE CHANGES
INCIDENT RESPONSE TEAM - analyzes
information, discusses observations ORGANIZATIONAL CHANGES - are the
and activities, and shares important reports and structured and strategic approaches used by
communications across the company. corporations and company businesses to manage
and handle adjustments and improvements within
The Security Incident Management Policy must their organizations.
also include measures intended to prevent or
minimize the occurrence of a personal data TELEWORK (also known as
breach. These measures include: telecommuting) - is a work arrangement in which
employees spend a significant portion of their
1. Conduct of a privacy workday away from their employer or traditional place
impact assessment - to identify attendant risks in the of employment.
processing of personal data. It shall take into account
the size and sensitivity of the personal data being
processed, and impact and likely harm of a personal
data breach.
COMPUTER SIMULATION-USES AND
VALIDATION:

COMPUTER SIMULATIONS
The use of a computer to represent the
dynamic responses of one system by the
behavior of another system modeled after it.

USES OF SIMULATION
- Computer simulations have been used to
design nuclear weapons, search for oil,
create pharmaceuticals, and design safer,
more fuel efficient cars.
- A second use of computer simulations is to
understand the world around us .
GIG ECONOMY - refers to service workers who make
- Computer simulations are also used to
a living by completing these types of short-term jobs
predict the future.
for clients.
VALIDATION OF SIMULATION
MONITORING - Its principal purpose is to identify
inappropriate use of company resources.
VERIFICATION - is the process of
- Monitoring can help detect illegal activities of
determining if the computer program
employees as well. By monitoring instant
correctly implements the model.
messaging conversations.
VALIDATION - is the process of determining
- Monitoring is also used to ensure that
if the model is an accurate representation of
customers are getting the products and
the real system.
services they need. Reviewing customer
phone calls to help desks can reveal if the
company ought to be providing its customers
with better documentation or training.
SOFTWARE ENGINEERING
- Monitoring can help an organization assess
- is the process of designing, creating, testing
the quality of the work done by its
and maintaining software.
employees.
- The term software engineering became
prominent when Margaret Hamilton used it to
MULTINATIONAL TEAMS - also known as
describe her work on the Apollo spaceflight
international teams or cross-border teams, are groups
program in the 1960s.
of people from various national
and cultural backgrounds who work together within an
SOFTWARE PROCESS - a set of related activities
organization on projects, tasks, or objectives.
that will lead to the creation of a software product.

4 FUNDAMENTAL ACTIVITIES OF SOFTWARE


ENGINEERING:
THE INFLUENCE OF IT ON CULTURE AND
- Software Specification
SOCIAL BEHAVIOR
- Software Development
- Software Validation
INFLUENCE ON CULTURE:
- Software Evolution
- Online Reviews
- Weblogging/Social Media
COMPUTER-AIDED SOFTWARE ENGINEERING -
- YouTube learners
describes a broad set of labor-saving tools used in
INFLUENCE ON SOCIAL BEHAVIOR:
software development. They create a framework for
- Cyberbullying - is an unwanted, hostile
managing projects and are intended to help users
behavior done by individuals to other people
stay organized and improve productivity.
in the hope of gaining control over them.
OBJECT ORIENTED DESIGN - The process of SOCIAL ENVIRONMENT - can be also called as
creating a software system or application utilizing an “networked publics” according to boyd.

SNS FEATURES:
- Persistence
- Replicability
- Scalability
- Searchability

ONLINE STRANGERS - A person who has not yet


met the individual physically but has interacted
through the internet.

ONLINE AND TECHNOLOGY THREATS - SOCIAL


NETWORKING ISSUES
object-oriented paradigm.
CYBER ABUSE - is any form of mistreatment or lack
of care, both physical and mental, based on the use
NECESSITIES OF SOFTWARE EVOLUTION
of an electronic communications device that causes
- Change in requirement in time
harm and distress to others.
- Bug Fixing
- Technology Advancement
CYBERHARASSMENT - is a form of cyber abuse in
- Security Updates
which the abusive behavior, which involves the use of
an electronic communications device, is degrading,
humiliating, hurtful, insulting, intimidating, malicious,
or otherwise offensive to an individual or group of
THE INTERNET AND ITS EFFECTS TO THE
individuals causing substantial emotional distress.
YOUTH

CYBERSTALKING - is a subcategory of cyber abuse


ONLINE COMMUNITIES - are designated group
that consists of a long-term pattern of unwanted,
where people regularly interact
persistent pursuit and intrusive behavior (involving the
though some specific virtual environment, such as
use of an electronic communications device) that is
web sites, blogs, or social network
directed by one person against another and that
site.
causes fear and distress in the victim.
BENEFITS:
- Control over self- presentation
- Be anonymous
WEB FILTERS - is a piece of software that prevents
- Interact at a comfortable distance
certain Web pages from being displayed by your
- Store information and materials.
browser.
- Accessibility
- Can be visited and joined by anyone.
TWO DIFFERENT METHODS TO DETERMINE IF A
PAGE SHOULD BE BLOCKED:
DRAWBACKS:
- The first method is to check the URL of the
- Limitation in self- expression and mutual
page against a blacklist of objectionable
understanding.
sites.
- Anonymity causes disinhibited behavior
- The second method is to look for
(benign and toxic).
combinations of letters or words that may
indicate a site has objectionable content.
SOCIAL NETWORK SITE (SNS) - is a website
whose purpose is to make people socialize through
the internet and its vast networks.
SEXTING - refers to sending sexually suggestive text
messages or emails containing nude or nearly nude TRADE SECRETS - are confidential information that
photographs. provide businesses with a competitive advantage.

IDENTITY THEFT - the misuse of another person’s TRADEMARKS - distinguish products or services
identity, such as name, Social Security number, from competitors and can include logos, names, and
driver’s license, credit card numbers, and bank symbols.
account numbers. (Dorothy Denning)
SERVICE MARKS - are specific to services rather
IDENTITY THIEVES: than physical products. They represent the quality
and standards associated with a particular service
1. DUMPSTER DIVING - looking for personal provider.
information in garbage cans or recycling
bins. COPYRIGHT - protects original works of authorship.
2. SHOULDER SURFING - looking over the
shoulders of people filling out forms. PATENT - provides investors with exclusive rights to
3. SKIMMERS - waiters or store clerks match their inventions for a limited period.
each legal swipe through a cash register with
an illegal swipe through a skimmer, a small,
battery powered credit card reader.
4. PHISHING - gathering financial information TRENDS
via spam is called phishing (pronounced
“fishing”). INTERNET OF THINGS - network of physical objects
–”things”--that are embedded with sensors, software,
FAKE REVIEWS - Some businesses try to boost and other technologies for the purpose of connecting
sales by posting fake positive reviews of their and exchanging data with other devices and systems
enterprises or posting fake negative reviews of their over the internet.
competitors.

IT AUTOMATION - instructions to create a repeated


process that replaces an IT professional’s manual
CENSORSHIP work in data centers and cloud deployments.
- occurs when individuals or groups try to
prevent others from saying, printing, or ● Banking
depicting words and images. ● Education
2 TYPES OF CENSORSHIP ● Business
- Direct Censorship ● Health
- Self Censorship

TRENDS AND DIGITAL GAMES


ONLINE AND TECHNOLOGY THREATS
CLOUD COMPUTING - is the on-demand availability
THREATS - refer to factors that have the potential to of computer system resources, especially data
harm. storage and computing power, without direct active
management by the user.
INTELLECTUAL PROPERTY (IP) - refers to
creations of the mind, such as inventions, literary and PROS AND CONS OF THIS NOT-SO-NEW
artistic works, designs, symbols, names and images TECHNOLOGY:
used in commerce.
COMMON TYPES OF IP ADVANTAGES:
- Counterfeit Goods - DISASTER RECOVERY (DR)
- Software Piracy - ACCESS YOUR DATA ANYWHERE.
- Plagiarism - LOW COST.
- SCALABILITY. DENIAL-OF-SERVICE (DoS) - is an intentional action
- SECURITY. designed to prevent legitimate users from making use
of a computer service.
DISADVANTAGE:
- LACK OF TOTAL CONTROL.
- DIFFICULT TO MIGRATE.
- REQUIRES INTERNET GAMBLING
- Is an activity in which a person risks
something valuable to themselves in order to
win something valuable in return.
COMPUTER AND NETWORK SECURITY
GAMBLING MECHANISMS - it can be described as
HACKING - (understandable) a coping strategy.

FIRESHEEP - is a Mozilla Firefox extension that uses TYPES OF GAMBLING:


packet sniffing to hijack unsecured Wi-Fi network 1. ELECTRONIC MACHINE DEVICES
sessions and capture unencrypted website cookies 2. BETTING
during network data transmission. 3. POKER AND OTHER TABLE AND
TOURNAMENT CARD GAMES
3 TYPES OF ANALYSIS IN FIRESHEEP 4. CASINO GAMES
- ACT UTILITARIAN ANALYSIS
- KANTIAN ANALYSIS LIVE ONLINE BETTING - is the kind of gambling that
- VIRTUE ETHICS ANALYSIS is very specific to the online environment.

MALWARE (Malicious Software) ONLINE CASINO - (understandable)

VIRUSES - is a piece of self-


replicating code embedded within another program
called the host.
MASSIVELY MULTIPLAYER ONLINE GAMES
INTERNET WORM - sasser, instant messaging (MMOG)
worms, conficker, cross-site scripting.
CHARACTERISTICS:
DRIVE BY DOWNLOADS - Flow and dissociation
TROJAN HORSES - is a program with a benign - Availability
capability that conceals a - Proximity
sinister purpose. - Social Availability
- Financial availability
BACKDOOR HORSES - is a Trojan horse that gives - Social status and a feeling of
the attacker access to experience
the victim’s computer.
CONFLICT IN ONLINE GAMING:
ROOTKITS - is a set of programs that provide - Interaction influenced by the
privileged access to a computer. Once installed, a character
rootkit is activated every time the computer is booted. - Internet connection issue

SPEAR PHISHING - phishing is a variant of phishing ENVIRONMENT:


in which the attacker selects email addresses that - Family - personal - gaming society
target a particular group of recipients.
SOCIALIZATION:
SQL INJECTION - injection is a method of attacking a - Family (outside)
database-driven Web application that has improper - Personal (inside)
security. - Gaming society (outside)

You might also like