01/15

GROUP - 7
Lapak, Aban, Racelis

SECURITY
AND LAW
https://cnsc.edu.ph/
 02/15
GROUP - 7

Lapak, John Angelo B. Aban, Alexis Joyce L. Racelis, Winston Hector

https://cnsc.edu.ph/
 03/15
GROUP - 7

IT security is the overarching term used to describe the

collective strategies, methods, solutions, and tools used to
protect the confidentiality, integrity, and availability of the
organization’s data and digital assets.

A comprehensive IT security strategy leverages advanced

technologies and human resources to prevent, detect, and
remediate various cyber threats and cyberattacks. It will
include protection for all hardware systems, software
applications, endpoints, and the network itself and its various
components, such as physical or cloud-based data centers.
(Crowd strike July 29, 2021)

INTRODUCTION
 04/15
GROUP - 7

10 Types of Cybersecurity
 04/15
GROUP - 7

1. Application security

2. Cloud security

3. Critical infrastructure security

10 Types of Cybersecurity
 05/15
Studio Shodwe

Application security Cloud security

Cloud security focuses on protecting
Application security prevents
cloud-based assets and services,
unauthorized access and use of
including applications, data, and
applications and connected data.
infrastructure.

Critical infrastructure security

Special security processes and types of
cybersecurity solutions are used to
protect the networks, applications,
systems, and digital assets depended on
by critical infrastructure organizations.

10 Types of Cybersecurity
 04/15
GROUP - 7

1. Application security

2. Cloud security

3. Critical infrastructure security

4. Data security

5. Endpoint security

6. IoT (Internet of Things) security

10 Types of Cybersecurity
 06/15
GROUP - 7

Data security Endpoint security

A subset of information security, data security
combines many types of cybersecurity
solutions to protect the confidentiality, integrity,
and availability of digital assets at rest (i.e.,
while being stored) and in motion (i.e., while
being transmitted).
Endpoint security protects these devices and the
data they house. It also encompasses other types
of cybersecurity that are used to protect
networks from cyberattacks that use endpoints
as the point of entry.

IoT (Internet of Things) security

IoT security seeks to minimize the
vulnerabilities that these proliferating
devices bring to organizations.

10 Types of Cybersecurity
 04/15
GROUP - 7

1. Application security

2. Cloud security

3. Critical infrastructure security

4. Data security

5. Endpoint security

6. IoT (Internet of Things) security

7. Mobile security

8. Network security
10 Types of Cybersecurity
9. Operational security
 07/15
GROUP - 7

Mobile security Network security

Mobile security encompasses types of
cybersecurity used to protect mobile devices
(e.g., phones, tablets, and laptops) from
unauthorized access and becoming an attack
vector used to get into and move networks.
Network security includes software and
hardware solutions that protect against incidents
that result in unauthorized access or service
disruption.

Operational security
Operational security covers many types of
cybersecurity processes and technology used
to protect sensitive systems and data by
establishing protocols for access and
monitoring to detect unusual behavior that
could be a sign of malicious activity.

10 Types of Cybersecurity
 04/15
GROUP - 7

1. Application security

2. Cloud security

3. Critical infrastructure security

4. Data security

5. Endpoint security

6. IoT (Internet of Things) security

7. Mobile security

8. Network security
10 Types of Cybersecurity
9. Operational security
 04/15
GROUP - 7

1. Application security

2. Cloud security

3. Critical infrastructure security

4. Data security

5. Endpoint security

6. IoT (Internet of Things) security

7. Mobile security

8. Network security
10 Types of Cybersecurity
9. Operational security

10. Zero trust

 08/15
Group - 7

Cyber Law refers to the legal framework

governing the use of the internet, digital devices,
and digital data. As our reliance on technology
grows, so does the need for laws that protect
individuals, businesses, and governments in the
digital space.

Cyber Law covers various legal matters such

as privacy, cybercrime, intellectual property,
and other issues. These regulations are
created to tackle the specific difficulties that
arise in the online realm, guaranteeing that
activities carried out on the internet are
governed and that rights and duties are clearly
outlined.

CYBER LAW
 9/15
GROUP - 7

01 02
R.A. 8792 R.A. 9775 (Anti-Child
(E-Commerce Act) Pornography Act of 2009)
An Act Providing For The Guarantee the
Recognition And Use Of
fundamental rights of
Electronic Commercial And
every child from all forms
Non-Commercial Transactions
of neglect, cruelty, and
And Documents, Penalties For
Unlawful Use Thereof And For other conditions
Other Purposes. prejudicial to his/her
development

PHILIPPINES 5 CYBERSECURITY LAW

 10/15
GROUP - 7

03 04
R.A. 9995 (Anti-Photo and Video R.A. 10173 (Data Privacy
Voyeurism Act of 2009) Act of 2012)
Prohibits and penalizes the
An Act Protecting Individual
exhibition of photos or video,
Personal Information in Information
whether in. print or broadcast
and Communications Systems in the
through VCD/DVD, internet,
Government and the Private Sector,
cellular phones, or. other
devices are also penalized Creating for this Purpose a National
under this law. Privacy Commission, and for Other
Purposes.

PHILIPPINES 5 CYBERSECURITY LAW

 11/15
GROUP - 7
05

R.A. 10175 (Cybercrime

Prevention Act of 2012)

is a Philippine law that defines and penalizes

cybercrimes. It includes offenses such as illegal
access, data interference, online fraud, identity
theft, and cybersex. The law also covers libel
committed online and allows law enforcement to
monitor and investigate cybercrime activities. It
aims to protect individuals and organizations
from online threats and ensure the security of
digital transactions.

PHILIPPINES 5 CYBERSECURITY LAW

Foundation of Cyber
Security
Presented by: Winston Hector B. Racelis
What is Cyber
Security?
The practice of protecting systems,
networks, and data from digital
attacks aimed at stealing, damaging,
or disrupting information and
operations.
Importance of
Cybersecurity
Ensures the confidentiality (keeping
information secret), integrity
(ensuring information is not altered),
and availability (making sure systems
are operational when needed) of
information.
Cyber Threats and attacks
What is a Cyber
Threath?
Cyber threats: A potential attempt to
damage data, steal sensitive
information, or disrupt digital
systems.
Common Cyber
Threaths:
Malware Zero-Day Exploits
Phishing Brute Force attacks
Ransomware
DDos
SQL Injection
Insider Threaths
Malware
Viruses: Attaches to legitimate software and
spreads.
Worms: Replicates without human interaction.
Trojan Horses: Disguised as legitimate software.
Ransomware: Locks or encrypts data until ransom
is paid.
Spyware: Collects information without consent.
Phishing
Fraudulent emails or messages
tricking users into revealing sensitive
data, such as passwords or credit card
information.
Ransom
is a type of malware that encrypts a victim's files or
locks them out of their systems, demanding a ransom
payment to restore access. It can spread through
phishing emails, malicious downloads, or unsecured
networks. Ransomware attacks can cause significant
disruption and financial loss, especially if backups are
not available.
DDoS (Distributed Denial-of-Service)
A Distributed Denial-of-Service (DDoS) attack is an attempt
to make a service unavailable by overwhelming it with a flood
of internet traffic. This is typically accomplished by using
multiple compromised computers or devices (often part of a
botnet) to send excessive requests to a targeted server.
DDoS attacks can disrupt operations and render websites or
services inaccessible to legitimate users.
SQL Injection
SQL injection is a web security vulnerability that occurs when
an attacker inserts or "injects" malicious SQL code into a
database query through a vulnerable input field (such as a
form or URL). This can allow the attacker to manipulate the
database, gaining unauthorized access to sensitive data,
modifying or deleting records, and executing administrative
operations.
Insider Threats
Insider threats are security risks that originate from within an
organization. They can involve current or former employees,
contractors, or business partners who have legitimate access
to the organization's systems and data. Insider threats can be
malicious (intentional data theft or sabotage) or
unintentional (negligence or poor security practices), and
they can lead to significant data breaches and loss of
sensitive information.
Zero-Day Exploits
Zero-day exploits take advantage of software vulnerabilities
that are unknown to the software vendor and have not yet
been patched. Because these vulnerabilities are undisclosed,
there are no defenses in place, making zero-day attacks
particularly dangerous. Once a vulnerability is discovered, it
is crucial for the vendor to issue a patch to mitigate the risk.
Brute Force Attacks
Brute force attacks are a method used by attackers to gain
unauthorized access to accounts or systems by
systematically trying every possible combination of
passwords or encryption keys until the correct one is found.
This method can be time-consuming, especially with complex
passwords, but automated tools can significantly speed up
the process. To defend against brute force attacks, systems
often implement account lockout policies or multi-factor
authentication.
Risk Management in IT Security
What is Risk Management
in IT Security?
Risk management in IT security is the process of identifying,
assessing, and mitigating risks that could harm an
organization’s data, networks, and services. This involves
continuous evaluation of security controls, ensuring
compliance with regulations, and developing response plans
to handle potential incidents.
Key Processes in
Risk Management:
Risk Identification
Risk Assessment
Mitigation Strategies
Monitoring and Review
Importance of Risk
Management in IT Security
Regulatory Compliance
Incident Response Planning
Business Continuity
 GROUP - 7

Legal frameworks for cybersecurity are rules or laws that help protect
personal information and ensure that companies handle data responsibly.

1. General Data Protection Regulation

Protects the privacy of EU citizens by ensuring companies gather, store, and

manage data responsibly. It requires consent from individuals before collecting
data and enforces strict regulations on data storage.

2. California Consumer Privacy Act

Gives Californians control over their personal data, allowing them to request
deletion or prevent companies from selling it.
 GROUP - 7

3. PCI DSS aka Payment Card Industry Data Security Standard

Sets standards for protecting credit card data, especially for businesses handling
credit transactions, to prevent breaches and unauthorized access.

4. Federal Information Security Management Act

Requires U.S. federal bodies to implement cybersecurity measures for government
information systems, ensuring the security of government data.

5. Health Insurance Portability and Accountability Act

Ensures that health information remains private and protected, especially against
public access or misuse.
1. Cybercrime Prevention Act Defines cybercrimes and provides penalties for
of 2012 (CPA): offenses related to illegal access, data interference,
identity theft, and more.

2. Data Privacy Act of 2012 Protects personal data privacy, requiring

(DPA): organizations to implement safeguards and report
data breaches.

3. Electronic Commerce Act of Legalizes electronic documents and signatures and

2000 (ECA): criminalizes hacking and piracy in electronic
transactions.

4. Access Devices Regulation Governs the use of access devices, such as cards
Act of 1998 (ADRA): and account numbers, and includes penalties for
access device fraud.
The Cybercrime Prevention Act (CPA) categorizes offenses into three main types:

1. Offenses Against Data and Systems:

Illegal Access: Unauthorized access to computer systems or data.

Data and System Interference: Altering, damaging, or disrupting computer
data or systems.
Misuse of Devices: Using or selling devices intended for cyber offenses.

2. Computer-Related Offenses:

Computer-Related Forgery and Fraud: Manipulating data or systems for

fraudulent purposes.
Identity Theft: Illegally obtaining and using someone else’s digital identity.

3. Content-Related Offenses:

Cybersex: Using technology for sexual exploitation.

Child Pornography: Producing, distributing, or accessing child sexual abuse
material online.
Online Libel: Defamation using the internet or digital platforms.
Critical Information Infrastructure (CII) sectors are crucial to national
security and include transportation, energy, water, health, emergency services,
finance, telecommunications, and government networks. These sectors must
comply with the Department of Information and Communications Technology
(DICT) regulations to ensure data security and system integrity:

Requirements:
Adoption of ISO standards.
Computer Emergency Response Teams (CERTs).
Annual assessments by DICT.
 Under the Data Privacy Act (DPA), organizations are required to promptly
report data breaches that involve sensitive personal information or may cause
harm to data subjects. Reporting timelines include:

72 Hours to Notify the NPC: Organizations must notify the National Privacy
Commission (NPC) within 72 hours of discovering a breach.
Notification to Data Subjects: Affected individuals must be informed if the
breach poses a risk to their personal information, identity, or privacy.

For Critical Information Infrastructures (CIIs), any cybersecurity incident

must be reported to the DICT’s National CERT within 24 hours of detection.
1. National Bureau of Investigation (NBI) and Philippine National Police (PNP):
Investigate and enforce laws against cybercrimes.

2. Department of Justice - Office of Cybercrime (DOJ-OC):

Handles prosecution of cybercrimes and international cooperation.

3. Cybercrime Investigation and Coordinating Center (CICC):

Coordinates cybersecurity policies and the national cybersecurity plan.

4. National Privacy Commission (NPC):

Oversees data privacy compliance, ensuring organizations protect personal
information and report breaches.

5. Bangko Sentral ng Pilipinas (BSP):

Enforces cybersecurity regulations specifically for financial institutions.
1. Children’s Online Privacy Protection Provides data protection requirements for children’s
Act: information collected by online operators.

2.Communications Act of 1934: Protects data shared through common carriers like
cable and satellite services.
3. Computer Fraud and Abuse Act: Criminalizes unauthorized access to protected computers.

4. Health Insurance Portability and Protects health information, regulating data

Accountability Act: handling by healthcare providers.

5. Video Privacy Protection Act: Protects user privacy related to video rentals and
streaming.
7. Consumer Financial Prevents unfair or deceptive practices in financial
Protection Act: services.

8. Fair Credit Reporting Act: Regulates the collection and use of credit information.

9. Federal Securities Laws: May require cybersecurity standards in financial

reporting.

8. Electronic Communications Prevents unauthorized access to electronic

Privacy Act:

10. Gramm-Leach-Bliley Act: Regulates use of personal information by financial

institutions.

11. Federal Trade Commission Prevents deceptive practices, including false

Act: advertising.
 GROUP - 7

What are cybersecurity ethics?

Why are cybersecurity ethics important?

Ethical Considerations in IT Security

 GROUP - 7

What are cybersecurity ethics?

Cybersecurity ethics involve principles and

standards that guide the behavior of
individuals and organizations in protecting
digital systems and data.

Why are cybersecurity ethics important?

Ethical Considerations in IT Security

 GROUP - 7

What are cybersecurity ethics?

Cybersecurity ethics involve principles and

standards that guide the behavior of
individuals and organizations in protecting
digital systems and data.

Why are cybersecurity ethics important?

The importance of cybersecurity ethics is best

understood through its role in preserving the
integrity, functionality, and reliability of human
institutions and practices reliant on data, systems,
and networks.

Ethical Considerations in IT Security

GROUP - 7

WHAT ARE THE ETHICAL CONSIDERATIONS IN CYBERSECURITY?

Ethical Considerations in IT Security

GROUP - 7

WHAT ARE THE ETHICAL CONSIDERATIONS IN CYBERSECURITY?

Ethical considerations in cybersecurity involve

ensuring privacy, fairness, transparency, and
accountability in handling data, implementing security
measures, and responding to threats.

Ethical Considerations in IT Security

 (Crowd strike July 29, 2021 ; https://www.crowdstrike.com/cybersecurity-101/it-security/ )
(SailPoint, September 30, 2023 ; https://www.sailpoint.com/identity-library/five-types-of-cybersecurity )

1. R.A. 8792 (E-Commerce Act): https://dict.gov.ph/wp-content/uploads/2014/07/RA8792_ECommerceAct.pdf

1. R.A. 9775 (Anti-Child Pornography Act of 2009): https://dict.gov.ph/wp-
content/uploads/2014/07/RA9775_AntiChildPornographyActof2009.pdf
1. R.A. 9995 (Anti-Photo and Video Voyeurism Act of 2009):
https://lawphil.net/statutes/repacts/ra2010/ra_9995_2010.html
1. R.A. 10173 (Data Privacy Act of 2012): https://privacy.gov.ph/data-privacy-act/#w3
1. R.A. 10175 (Cybercrime Prevention Act of 2012): https://ihl-databases.icrc.org/en/national-
practice/implementing-rules-and-regulations-cybercrime-prevention-act-2015
https://dict.gov.ph/cybersecurity/
https://www.ollusa.edu/blog/cybersecurity-
ethics.html#:~:text=Ethical%20considerations%20in%20cybersecurity%20involve,measures%2C%20and%20
responding%20to%20threats.
chrome-extension://mhnlakgilnojmhinhkckjpncpbhabphi/pages/pdf/web/viewer.html?
file=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fcrsreports.congress.gov%2Fproduct%2Fpdf%2FIF%2FIF11207
chrome-extension://mhnlakgilnojmhinhkckjpncpbhabphi/pages/pdf/web/viewer.html?
file=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fwww.rgmcet.edu.in%2Fassets%2Fimg%2Fdepartments%2FCIVIL%2Fmat
erials%2FR15%2F3-2%2FPESS%2Funit-6.pdf
GROUP - 7

THANK
YOU!