OBL Module GIT Class Notes, 2025 Edition
OBL Module GIT Class Notes, 2025 Edition
Table of Contents
MODULE 1: Information Technology in Basics..............................................................3
MODULE 2................................................................................................................. 43
Appendix................................................................................................................... 88
2
MODULE 1: Information Technology in Basics
Information is now a necessity in today’s society, sometimes even provided real-time and
reaches people in different parts of the world. This is an engagement in the 21st century that is
lucrative in a business setting. IT, beyond communications, offers many personal career paths
and company growth leading to competitive advantage in each respective field. To become
more competent in each respective field, one must know basic computer skills and must build a
foundation using the fundamental technology concepts.
We go beyond learning the basic definition of information technology in the classroom, but also
in an online or digital presence. An individual’s ability to find, evaluate, and compose clear
information through writing and other media on various digital platforms is known as digital
literacy. Computer literacy is also known as digital literacy. An individual must keep up with the
changes in technology and become computer literate.
Now why do we need to study information technology? Simply because we use these
technologies in our everyday lives, and we need to further understand how these hardware and
software are working. Computer skills are needed regardless of setting and field, whether at
home, work, school or play. By understanding computers, you become self-sufficient whether
you use it for research, communications or time management. By mastering fundamentals, you
will develop a strong base to support furthering your knowledge in the years to come.
3
3. An estimated 10 mil people work from home instead of commuting to work because of
PCs and networking technologies
4. People use social media for communications nearly 10 times as often as snail mail and 5
times more than a telephone.
5. Routine daily tasks such as banking, buying groceries are affected by computer
technologies
In a world that is defined by technology and digital trends, the demand for digital literacy has
increased exponentially. We need to expand our knowledge to avoid unfamiliar situations and
modernize our skills to stay relevant in a dynamic work environment. That is why it is important
for us to learn the fundamentals of information technology.
As previously discussed, a computer is a machine, a collection of parts that work together. The
collection of parts is categorized in many ways, in this case they are categorized according to
their function. In this unit, we learn the different components (parts) of a computer system. The
most important parts, how the different components work together to achieve success in terms
of using a computer will be shown.
4
A computer system is a combination of hardware and software that can be programmed to
perform a variety of tasks. Computer system has four components: COMPUTER HARDWARE,
SOFTWARE, DATA, and USER.
COMPUTER HARDWARE
This is the first component of a computer system. It refers to the tangible, physical computer
equipment and devices which provide support for the major functions of the computer system.
Mainly the mechanical aspects of the computer. As seen in Figure 03-A, the hardware controls
the input of data into the computer system and the output of information from the computer
system. All these devices are interconnected with each other. Below are some classifications of
hardware based on their functions.
1. Input Devices – Used to enter data or instructions into a computer system. Input devices fall
into two categories: manual input devices (needs to be operated by a human to input data)
and automatic input devices (can input data on their own). Each input device is concerned
with a specific type of data: Scanner – documents or images, Digital Camera – still and
moving images
Figure 03-B: Common Manual Figure 03-C: Common Automatic
Input Devices Input Devices
2. Output Devices – Used to convey information from the computer system to one or more
people. When raw data has been processed it becomes usable information. Output devices
are pieces of hardware that send this usable information out of the computer. Output
devices send information out temporarily and some send information out permanently:
temporary output devices (monitors) and permanent output devices (printers which output
information onto paper as hard copy).
5
Figure 03-D: Common Output Devices
Almost all input and output devices are known as ‘Peripheral Devices’. These are
non-essential hardware components that usually connect to the system externally.
Peripherals are called non-essential because the system can operate without them.
7
⬥ RAM (Random Access Memory)
- RAM is used to temporarily store information that is currently in use by the
computer. This can include anything from word documents to videos.
- RAM can be read from and written to and so the information stored in RAM can
change all the time (it depends what tasks you are using the computer for).
- RAM is a fast memory. Data can be written to and read from RAM very quickly.
RAM is generally measured in GB (Gigabytes).
- RAM is Volatile Memory and stores date ‘non-permanently’. This means that
information stored in RAM is deleted as soon as the computer is turned off.
- The more RAM you have installed in your computer -- the faster it can perform.
You can open and use more programs at the same time without slowing the
computer down.
4. Storage Devices – Holds data, instructions and information permanently for future use. It
records (writes) and/or retrieves (reads) items to and from storage media. Secondary
storage devices are used to store data that is not instantly needed by the computer.
Secondary storage devices permanently store data and programs for as long as we need.
These devices are also used to back-up data in case original copies are lost or damaged.
There are two categories of storage devices: internal storage (internal hard disk drives) and
external storage (external hard disk drive, memory sticks, etc.)
Example of Storage Devices
▪ Magnetic Storage Device - one of the most popular types of storage used.
⬥ Magnetic Disc – commonly referred to as a hard disk drive (HDD) is a storage device
in a computer that uses a magnetization process to read, write, and rewrite data on
a magnetic disc.
⬥ Magnetic Tape – a type of storage medium that consists of a thin plastic strip with a
magnetic coating that are wound around two reels, allowing data to be stored
sequentially
8
▪ Optical Storage Device – uses laser lights as its mode of saving and retrieving data.
⬥ Blu-ray disc – A digital optical storage device which was intended to replace the DVD
format.
⬥ CD-ROM disc – An optical storage device that is read-only or cannot be modified or
deleted.
⬥ CD-R and CD-RW disc – CD-R is a recordable disc that can be written to once, while
CD-RW is a rewritable disc that can be written to multiple times.
⬥ DVD-R, DVD+R, DVD-RW and DVD+RW disc – DVD-R and DVD+R are recordable discs
that can be written to once, while DVD-RW and DVD+RW are rewritable discs that
can be written to multiple times. The difference between the + and – is in the
formatting and compatibility.
▪ Flash Memory – an electronic non-volatile computer memory storage medium that can
store data in electronic form functionally similar to rechargeable batteries. Flash
memory devices vary depending on their form factors:
⬥ Memory card – flash memory in the form of a “card” inserted inside the device
⬥ Memory stick – flash memory in the form of a “stick” as an external storage medium
of which the most common form factor is the USB flash drive
⬥ Solid State Drive (SSD) – flash memory in the form of a hard disk drive (HDD) as a
more efficient replacement of the aforementioned type of storage device
▪ Online and Cloud Storage – is now becoming widespread as people access data from
different devices.
⬥ Cloud storage – Data is managed remotely and made available over a network. Basic
features are free to use but the upgraded version is paid monthly as a per
consumption rate.
⬥ Network media – Audio, Video, Images or Text that are used on a computer
network. A community of people create and use the content shared over the
internet.
9
● According to Access Technique
a. Random Access
▪ Data stored in the device can be accessed in any order, i.e. random
b. Sequential Access
▪ Data stored in the device can be accessed only in sequential order from start
to finish
▪ Example: A movie stored in a BluRay Disc is accessed in sequential order so
that the movie stored therein can be viewed from start to finish
5. Communication Devices – Enables a computer to send and receive data, instructions, and
information to and from one or more computers. A hardware device capable of transmitting
an analog or digital signal over the telephone, other communication wire, or wirelessly.
Examples: Bluetooth devices, Infrared devices, Modem (over phone line), Network card
(using Ethernet), Smartphone, Wi-Fi devices (using a Wi-Fi router)
SOFTWARE
This is the second component of a computer system. Software is known as the series of related
instructions that make the computer perform tasks. In other words, software tells the computer
what to do. The term ‘program’ or ‘application’ refers to any piece of software. Some software
exists to help the computer perform tasks and manage resources; some software performs
tasks that are more specific. The types of software are systems software and application
software.
10
● Systems Software – Systems software includes the programs that are dedicated to
managing the computer itself, such as the operating system, file management utilities,
and disk operating system (or DOS). Without systems software installed in your
computers, no instructions would be executed for the tasks needed to be done.
Examples: Utility software (antivirus, disk tools), system servers, device drivers,
operating systems, windows/graphical user interface (GUI) systems
DATA
This is the third component of a computer system. It consists of individual facts or pieces of
information that are used by the computer system to produce information. Data by themselves
may not make much sense to a person. The computer’s primary job is to process data in various
ways, making them useful. Without data, the computer wouldn’t be able to function properly.
Example: The grades of fifty students in one class, all different pieces of data which doesn’t
make much sense yet, but when a chart is created from the data, and frequencies are
developed. This now makes sense at a glance.
USERS
This is the fourth component of a computer system. Also referred to as the ‘peopleware’, users
are the ones who operate the computer system to perform a variety of computer-related tasks.
Some computer systems can operate without a human user, but not all computers are totally
autonomous.
11
Unit 03: Computer Types and Varieties
Before we learn the types of computers still being used today, let us define what a computer is.
A computer is defined by Peter Norton as “An electronic device that processes data according to
a predetermined set of instructions that convert data info information useful to people. They
perform specific tasks based on the instructions provided by a software or hardware program”.
Also, according to Gary Shelly, a computer is defined as “An electronic device operating under
the control of instructions stored in its memory that can accept data, process the data, produce
and store results for future use”. Computers can also store data for future use with the
appropriate storage devices.
A supercomputer is a computer at the leading edge of data processing capability, with respect
to calculation speed. Supercomputers are used for scientific and engineering problems
(high-performance computing) which crunch numbers and data, while mainframes focus on
transaction processing.
12
These are used in moderate data processing, banking, and insurance. It handles bulk data
processing, statistics, and analysis.
The term originally referred to the large cabinets called “main frames” that housed the central
processing unit and main memory of early computers. Later, the term was used to distinguish
high-end commercial machines from less powerful units. Most large-scale computer system
architectures were established in the 1960s, but continue to evolve. Mainframe computers are
often used as servers.
Personal computers come in two general form factors: desktop computer (as shown in the
picture above) or laptop.
13
(06) Wearable technology refers to any kind of electronic device that is
meant to be worn on the body. These include smart watches, noise
cancelling ear phones, VR glasses, fitness trackers, and medical
trackers (that monitors a patient’s heart rate, blood sugar level, etc.)
among others.
Examples would include smart appliances, smart doors, smart gates, cars, aircrafts, elevators,
security systems, and military grade weapon systems among others.
14
I. Pre-Computer Era (Pre-20th Century)
A. Abacus: One of the earliest known calculating devices, the abacus has roots dating back
to around 2400 BCE in ancient Mesopotamia and China. It allowed users to perform
basic arithmetic operations through the manipulation of beads on rods.
B. Pascaline: Invented by Blaise Pascal in 1642, the Pascaline was an early mechanical
calculator capable of performing addition and subtraction. It featured gears and wheels
to handle numerical computations.
15
II. Mechanical Computers (19th Century)
A. Analytical Engine: Designed by Charles Babbage in the 1830s, the Analytical Engine was
a conceptual mechanical computer that laid the groundwork for modern computing. It
featured basic arithmetic operations, loops, and conditional branching.
B. Jacquard Loom: In the early 1800s, Joseph-Marie Jacquard developed a loom that used
punched cards to control the weaving patterns, effectively introducing the concept of
programming through punched cards.
16
III. Early Electronic Computers (20th Century)
A. Colossus: During World War II, British engineer Tommy Flowers developed Colossus, the
world's first programmable electronic digital computer. It was used to break encrypted
German codes and played a crucial role in the Allied victory.
B. ENIAC: Completed in 1945, the Electronic Numerical Integrator and Computer (ENIAC)
was the first general-purpose electronic computer. It was massive and used vacuum
tubes for computation.
17
C. UNIVAC I: Developed by J. Presper Eckert and John Mauchly in 1951, UNIVAC I was the
first commercially available computer, widely used for scientific and business
applications.
18
B. IBM 360: Introduced in 1964, the IBM System/360 series was a family of mainframe
computers that offered compatibility across models, setting a new standard for
computer architecture.
C. ARPANET: In the late 1960s, the U.S. Department of Defense's Advanced Research
Projects Agency (ARPA) created ARPANET, the precursor to the modern internet, which
allowed computers to communicate with each other for the first time.
19
V. The Rise of Microcomputers (1970s-1980s)
A. Altair 8800: In 1975, the MITS Altair 8800 became one of the first commercially
successful microcomputers, inspiring hobbyists and entrepreneurs like Bill Gates and
Paul Allen to develop software for it.
B. Apple II: Introduced in 1977, the Apple II was one of the first mass-produced,
user-friendly personal computers, making a significant impact on the home computing
market.
C. IBM PC: Launched in 1981, the IBM Personal Computer (IBM PC) became the industry
standard, accelerating the adoption of personal computers in businesses and homes.
20
VI. The Internet Era (1990s)
A. World Wide Web: In 1989, Tim Berners-Lee invented the World Wide Web, making the
internet accessible to non-technical users and transforming the way we access and share
information.
B. Dot-com Bubble: The late 1990s saw a surge of internet-based companies, leading to
the dot-com bubble, with examples like Pets.com and Webvan, which eventually burst in
the early 2000s.
B. Cloud Computing: Cloud computing services, such as Amazon Web Services (AWS) and
Microsoft Azure, provide scalable and on-demand computing resources over the
internet, enabling businesses and individuals to access data and applications from
anywhere.
21
C. Artificial Intelligence and Machine Learning: Advancements in AI and ML have led to
breakthroughs in natural language processing, image recognition, autonomous vehicles,
and more.
D. Quantum Computing: Quantum computers, exemplified by companies like IBM and
Google, leverage the principles of quantum mechanics to perform complex calculations
exponentially faster than traditional computers.
22
Unit 05: Information Technology and Emerging Trends
Objectives: By the end of this lesson, the student will be able to
1. discuss and describe the different industrial revolutions,
2. describe what is the difference between innovation and invention
3. compute for productivity as an effect of information technology on workers or on the
organization as a whole.
We are living in extraordinary times where extraordinary technologies are within reach from
anywhere, by anyone. We almost always take these technologies for granted because they have
become part of the everyday life of people.
To start with this module, see the presentation for IT Trends: Lesson04GITTechTrends
The rise of information and communication technologies (ICT) – that is, computers, software,
telecommunications and the internet – and the large impact that these new technologies are
having on the way that society functions, have prompted many to claim that we have entered a
new era.
Industrial Revolutions
A period of development in the latter half of the 18th century, where there is change
from one economy to another.
23
Generally, the term refers to eras when rapid and significant technological changes
fundamentally alter the way that production is carried out in society, affecting not only how
people work but also how they live their lives.
24
Machines Telephones Automobiles Television
Product innovations result in the production of a new product, such as the change from
a three-wheel car to a four-wheel car, or the change from LP (Long Play/Playing) records to CDs
(Compact Discs). Process innovations increase the efficiency of the methods of production of
existing products, for example the invention of the assembly-line technique.
Here are the different Industrial Revolutions with their products / services,
transportation, production system, and communication.
25
FIRST INDUSTRIAL REVOLUTION - 1765
Started in England during the late 18th century, concentrated in Britain and initially focused on
textile manufacturing.
● Significant evolutions: Cort’s puddling; rolling process for making iron, Crompton’s mule
for spinning cotton, Watt steam engine
● Products / Services – Vegetables, Coal, Iron, Discovery of chemicals
● Transportation – Railroads, Basic farming
● Production System – Manual Labor to mechanical
● Communication - Printed materials
26
THIRD INDUSTRIAL REVOLUTION - 1969
● Started with the development of transistors and the rise of electronics and digital
technology.
● Products / Services – Internet, rise of electronics, source of energy: nuclear power
● Production System - Automation
27
FIFTH INDUSTRIAL REVOLUTION
Because the Fourth Industrial Revolution failed to incorporate sustainability into its approach,
countries are looking towards Industry 5.0 to meet a wide range of social demands including
addressing the global environment, human preferences, and a circular economy.
There are different viewpoints as to what the ideal Industry 5.0 would look like. According to
the European Commission, it should be one that is based on sustainability,
human-centeredness, and resilience. Germany proposes a framework of autonomy,
interoperability, and sustainability. In comparison, Japan wants to balance economic
development with the resolution of social issues through systems that integrate cyberspace and
physical space at a high level.
In the Philippines, we take the concept of sustainability and make it personal by emphasizing
the conservation of cultural heritage and its related practices.
IT and PRODUCTIVITY
Economists interested in the pervasive effects of technological change in different
industrial revolutions have devised the concept of a General Purpose Technology (GPT). It is a
technology of wide application used in various industries and whose impact is strong on their
functioning.
● It must have a wide scope for improvement and elaboration - this means that the
technology does not appear as a complete and final solution, but as a technology that
can be improved through the different opportunities for technological change that
surround it.
● It must be applicable across a broad range of uses - this means that its use is not
restricted, for example, to only one industry but open to many different types of
industries and consumers.
● It must have a potential use in a wide variety of products and processes - this means that
the new technology should not result in the creation of only one set of products (such as
a computer), but a wide set of products (such as complex new air-traffic control systems
or new inventory controls).
● It must have strong complementarities with existing or potential new technologies - this
means that the technology does not only replace existing methods but also works with
them, ensuring an even broader impact on the systems of production and distribution.
28
Productivity
Productivity is the quality of producing something. It is a measure of the efficiency of a person,
machine, factory, system, etc., in converting inputs into useful outputs. It is an indication of the
efficiency of production or distribution.
So, output increased by 20 percent. As the number of workers stayed the same, this is also
an increase in productivity.
Question2: Calculate the percentage increase in productivity if the output expands from 12,000
in year 2 to 15,000 in year 3.
Answer:
29
Division of Labor and Productivity
The division of labor refers to the degree to which the various tasks involved in the
production of a good or service are divided among different workers.
Productivity increases when the division of labor increases. Increases in productivity can
be transmitted throughout the economy for several reasons:
Productivity – Income
Increases in productivity can lead to higher incomes for an economy's citizens. All output
must be transformed, through the process of production and sale, into someone's income (e.g.
the boss's profits and the workers’ wages).
Hence, increases in productivity, which allow more output to be produced by a given
amount of inputs, also lead to more income per head, that is, greater wealth for society. For
example, if more cars can be produced due to increases in the productivity of car production,
more cars are sold, which means that the car manufacturers’ revenues increase.
Sustainability of Productivity
All economies fluctuate in a business cycle. For a few years, growth is quite rapid, output
and incomes rise, and unemployment falls. This is the ‘boom’. Then the cycle turns. Growth
slows, and in a true recession the total output of the economy falls. This is the down-turn of the
cycle. The industry life cycle focuses on those economic mechanisms that cause firms to be born
(to ‘enter’ an industry), to grow, and to die (to ‘exit’ an industry).
31
Game Changing Technologies
See Work-in-the-Digital-Age-1.pdf pages 133-140
● Advanced Industrial Robotics - Involves machines which are designed to perform
industrial tasks automatically, with high programmability and the capacity to interact
with their environment thanks to the use of digital sensors, usually seen in
manufacturing or production lines.
● Industrial Internet of Things - the use of connected sensors attached to different objects
throughout the production process to feed live data to central computers, usually seen
on the factory floor.
32
● Electric Vehicles - vehicles whose main system of propulsion depends on (externally
generated) electricity rather than fuel. (e.g. Tesla)
● Industrial Biotech - the use of biological processes of living organisms for industrial
purposes, drawing on recent scientific insights such as systems genomics and
metabolomics. Uses enzymes and microorganisms to make bio-based products in sectors
such as chemicals, food ingredients, detergents, paper, textiles and biofuels.
33
Effects of Game Changing Technologies on Work and Employment
1. Upgrading of occupations
2. Higher level of ICT competence
3. Decline of repetitive and routine industrial work brought about by digital factories
34
The Platform Economy
Platforms don’t own the resources that create value, they can grow much faster than
pipeline businesses. These businesses make up a platform-based economy. Some key features
of a platform will include:
● Using sophisticated logistics software for matching and payment
● Providers on the platforms are independent contractors
● Very low barriers to entry for providers on most platforms
● Trust is achieved via crowdsourcing of ratings and reputational data.
Platform Model
● Platform - controller of the channel or platform and arbiter of the participants in the
platform
● Consumers / Customers - buyers or users of the outputs offered through the platform
● Producers / Providers - supplier of the outputs sold through the platform
35
References
● NEUFEIND, M., RANFT, F., AND O’REILLY, J. (2018) Work in the Digital Age: Challenges of
the Fourth Industrial Revolution. Rowman & Littlefield International Ltd
● The Open University (2016). Information Technology: a new era. Walton Hall, Milton
Keynes, MK7 6AA.
https://www.open.edu/openlearn/people-politics-law/politics-policy-people/
sociology/information-technology-new-era/content-section-1
GRADED ACTIVITY 1
Part 1: Unit 1 (10 pts)
1. What do technologies look like when they are still being discovered?
2. How did the lives of people change back then?
3. Are we going through a similar change right now?
4. What’s in store for the future?
5. Have we actually progressed as a result of the technologies that we have discovered
throughout time? Explain in 2-3 sentences.
36
Unit 06: Information Systems
Going over the technologies in the past and how it has evolved to the technologies we
have in the present gave us an idea of what is possible in the future. It is with the creativity and
ingenuity of us, human beings, that we are able to make sense of technological developments
and turn them into productivity boosting tools.
But technologies are not developed to match exactly what every person needs. After all,
each person has something different to do and to work on. It is thus important for
these technologies to be transformed into something that is geared towards making
every person productive despite the difference in their needs. Technologies are
being specialized. So how exactly does these technologies work?
Data are facts that are recorded and stored. Information is processed data used in
decision making. The value of information is the benefit produced by the information minus the
cost of producing it.
37
Information Systems
An information system refers to the systematic way to collect, process, store, and
distribute information to support decision making, coordination, and control.
In a business setting, information systems may help managers and employees analyze
problems, visualize complex subjects and create new products. On a personal level, it helps you
plan out how to go about your daily activities – how would you know if it will rain tomorrow and
how would you proceed with your planned activity if it does rain?
With regards to how businesses sell their products, businesses can choose from one of the
three types of MARKETING MODELS:
● B2C (Business-to-Consumer) is the process of selling products and services directly
between a business and consumers who are the end-users of its products or services.
● B2B (Business-to-business) is a form of transaction between businesses, such as one
involving a manufacturer and wholesaler, or a wholesaler and a retailer.
● D2C (Direct-to-Consumer) are brand owners who produce their own products and sell
them directly to their customers without resellers, wholesalers, or some middlemen.
39
Business and Information Systems
In the past, IT managers divided systems into categories based on the user group the
system served. Categories and users included office systems (administrative staff), operational
systems (operational personnel), decision support systems (middle-managers and knowledge
workers), and executive information systems (top managers). Today, traditional labels no longer
apply. For example, all employees, including top managers, use office productivity systems.
Similarly, operational users often require decision support systems. As business changes,
information use also changes in most companies. Today, it makes more sense to identify a
system by its functions and features, rather than by its users.
40
Examples of Information Systems according to support provided
● Inventory Control (TPS)
● Reservations (TPS, MIS)
● Customer Order Processing / Point-of-Sale (TPS)
● Records Management (MIS)
● Enrollment System (TPS)
● Attendance Monitoring (MIS)
● Payroll (TPS)
41
Top managers
● Strategic plans
Operational Employees
● Operational employees include users who rely on TP systems to enter and receive data
they need to perform their jobs.
42
MODULE 2
Unit 07: Systems Development Life Cycle
The aim of an SDLC methodology is to give IT project managers the tools they need to assure
the effective deployment of systems that meet an organization’s strategic and business goals.
SYSTEMS DEVELOPMENT
Systems development is the process of defining, designing, testing and implementing a software
application to create a computerized information system or maintain an existing one.
43
SYSTEMS DEVELOPMENT LIFE CYCLE (SDLC)
Stage 1. PLANNING – It is the initial stage in the systems development life cycle (SDLC). It is the
fundamental process of understanding why an information system should be built and
determining how the project team will go about building it. It describes how IT projects
get started, how systems analysts evaluate proposed projects, the feasibility of a project,
and the reasoning behind the proposed system development.
Stage 2. ANALYSIS – System analysts must do analysis activities when creating a new system or
improving an old system. If an information system is built properly, it will give the
expected benefits to the company. To achieve this goal, system analysts define what the
information system requires by performing the analysis activities.
Stage 3. DESIGN – Now you are ready to begin the physical design of the system that will meet
the specifications described in the system requirements document. Systems design tasks
include output and user interface design, data design, and system architecture.
A video by Johnny Khoury has explained how the Design Phase in SDLC (Lesson07
video01 Design Phase in SDLC) works. It is all about the design phase of creating a
system.
Stage 5. TESTING and DEPLOYMENT – This stage begins by letting users test the system and
deploy such system once it gets user approval. The system is installed at this phase to
support the specified business functions. The performance of the system is compared to
the performance targets defined during the planning phase.
44
SYSTEMS ANALYSIS REVISITED
The systems analysis phase consists of requirements modeling, and process modeling, object
modeling, and consideration of development strategies.
Flowchart
● Business flowchart shows the steps that make up a business process, along with who's
responsible for each step.
● They are useful for analyzing current processes, planning improvements, and
crystallizing communication between process participants
45
Types of Flowchart:
● Document
▪ Illustrates the flow of documents and information between areas of
responsibility within an organization.
▪ A document flowchart is particularly useful in analyzing the adequacy of
control procedures.
● System
▪ System flowcharts depict the relationship among the input, processing,
and output of an AIS
● Program
▪ A program flowchart describes the specific logic to perform a process
shown on a systems flowchart
Check the following videos for further discussion on the Flowcharting process.
● Lesson 08 FlowCharting.mp4
● Flowchart Tutorial (with Symbols, Guide and Examples)
Non-Functional Requirements: Define the attributes and qualities that describe how the
system should perform to enhance customer satisfaction. These requirements focus on aspects
related to system behavior, performance, security, and user experience. Non-functional
requirements answer the question, "How well does the system perform?"
It's important to note that both functional and non-functional requirements are crucial for
successful system development. Functional requirements define what the system should
achieve in terms of features and capabilities, while non-functional requirements ensure the
system meets the desired levels of performance, quality, and user satisfaction. Both sets of
requirements play a key role in guiding the design, development, testing, and validation of the
system.
47
SYSTEMS DESIGN REVISITED
The systems analyst must understand the logical design of the system.
● Data design
● User interface
● Architecture
● System design specification
● Data Considerations
■ Data should be entered into the system where and when it occurs because delays
cause data errors
■ Data should be verified when it is entered, to catch errors immediately
■ Automated methods of data entry should be used whenever possible
■ Audit trail
■ Every instance of entry and change to data should be logged
■ Data should be entered into a system only once
■ Data duplication should be avoided
● Design Trade-Offs
■ Most design trade-off decisions that you will face come down to the basic
conflict of quality versus cost
■ Avoid decisions that achieve short-term savings but might mean higher costs
later
48
Prototyping
The method by which a prototype is developed. It involves a repetitive sequence of
analysis, design, modeling, and testing. It is a common technique that can be used to design
anything from a new home to a computer network.
Prototyping Methods
● System prototyping - produces a full-featured, working model of the information system.
Because the model is “on track” for implementation, it is especially important to obtain
user feedback, and to be sure that the prototype meets all requirements of users and
management.
● Design prototyping or Throwaway prototyping – method of development that employs
technical mechanisms for reducing risk in a project, when the project needs are vaguely
and poorly laid out. The end product of design prototyping is a user-approved model
that documents and benchmarks the features of the finished system.
● Prototyping offers many benefits
■ Users and systems developers can avoid misunderstandings
■ Managers can evaluate a working model more effectively than a paper
specification
● Consider potential problems
■ The rapid pace of development can create quality problems
■ In very complex systems, the prototype becomes unwieldy and difficult to
manage
49
Prototyping Tools – systems analysts can use powerful tools to develop prototypes
● CASE tools - Computer-aided systems engineering (CASE), also called computer-aided
software engineering, is a technique that uses powerful software, called CASE tool, to
help systems analysts develop and maintain information systems.
● Application generators -A tool that supports the rapid development of computer
programs by translating a logical model directly into code. Also called a code generator.
● Report generators - a computer program whose purpose is to take data from a source
such as a database, XML stream or a spreadsheet, and use it to produce a document in a
format which satisfies a particular human readership
● Screen generators - or form painter, is an interactive tool that helps you design a custom
interface, create screens forms, and handle data entry format and procedures.
Limitations of Prototypes
● A prototype is a functioning system, but it is less efficient than a fully developed system
● Systems developers can upgrade the prototype into the final information system by
adding the necessary capability. Otherwise, the prototype is discarded
50
User Interface
Describes how users interact with a computer system, and consists of all the hardware,
software, screens, menus, functions, output, and features that affect two-way communications
between the user and the computer.
Graphical User Interface - uses visual objects and techniques that allow users to communicate
effectively with the system.
Usability – user satisfaction, support for business functions, and system effectiveness
● Process-control systems – allow users to send commands to the system
● User-centered systems – how users communicate with the information system, and how
the system supports the firm’s business operations
Human-Computer Interaction (HCI) describes the relationship between computers and people
who use them to perform their jobs
51
Seven Habits of Successful Interface Designers:
1. Understand the Business
The interface designer must understand the underlying business functions and how the
system supports individual, departmental, and enterprise goals. The overall objective is to
design an interface that helps users to perform their jobs.
52
Unit 08: Computer and Internet Etiquette
As people continue to use technology in their everyday lives, from communications to making
transactions online, many have forgotten their proper etiquette when using their computer
systems and when interacting using the Internet.
There is no official list of netiquette rules or guidelines, the idea is to respect other users and
those online.
53
11.Some emotions and meanings do not transmit very well in an email or a post. However,
do not use all caps if you want to communicate strong emotion. All caps will make you
look like you’re shouting. Don’t overuse smileys and emoticons because they make you
look unprofessional. Constructing your sentences carefully and editing what you write
before hitting send is often enough.
12.Remember that your posts and account can be easily traced back to you even if you
write under an alias or a made-up handle. You leave data footprints whenever you’re
online. These are stored and can be retrieved. Even when using incognito. Always be a
decent and responsible netizen.
2. Thou shalt not interfere with other people’s computer work – Computer viruses are
small programs that disrupt other people’s computer work by destroying their files,
taking huge amounts of computer time or memory, or by simply displaying annoying
messages. Generating and consciously spreading computer viruses is unethical.
3. Thou shalt not snoop around in other people’s computer files – Reading other people’s
e-mail messages is as bad as opening and reading their letters: This is invading their
privacy. Obtaining other people’s non-public files should be judged the same way as
breaking into their rooms and stealing their documents.
4. Thou shalt not use a computer to steal – Using a computer to break into the accounts of
a company or a bank and transferring money should be judged the same way as robbery.
It is illegal and there are strict laws against it.
5. Thou shalt not use a computer to bear false witness – The Internet can spread untruth
as fast as it can spread truth. Putting out false "information" to the world is bad. For
instance, spreading false rumors about a person or false propaganda about historical
events is wrong.
6. Thou shalt not copy or use proprietary software for which you have not paid –
Software is an intellectual product. In that way, it is like a book: Obtaining illegal copies
of copyrighted software is as bad as photocopying a copyrighted book. There are laws
against both. Information about the copyright owner can be embedded by a process
called watermarking into pictures in the digital format.
54
7. Thou shalt not use other people’s computer resources without authorization or proper
compensation – Multiuser systems use user id’s and passwords to enforce their memory
and time allocations, and to safeguard information. You should not try to bypass this
authorization system. Hacking a system to break and bypass the authorization is
unethical.
8. Thou shalt not appropriate other people’s intellectual output – For example, the
programs you write for the projects assigned in this course are your own intellectual
output. Copying somebody else’s program without proper authorization is software
piracy and is unethical. Intellectual property is a form of ownership, and may be
protected by copyright laws.
9. Thou shalt think about the social consequences of the program you are writing or the
system you are designing – You have to think about computer issues in a more general
social framework: Can the program you write be used in a way that is harmful to
society? For example, if you are working for an animation house, and are producing
animated films for children, you are responsible for their contents. Do the animations
include scenes that can be harmful to children? In the United States, the
Communications Decency Act was an attempt by lawmakers to ban certain types of
content from Internet websites to protect young children from harmful material. That
law was struck down because it violates the free speech principles in that country's
constitution. The discussion, of course, is going on.
10.Thou shalt always use a computer in ways that ensure consideration and respect for
your fellow humans – Just like public buses or banks, people using computer
communications systems may find themselves in situations where there is some form of
queuing and you have to wait for your turn and generally be nice to other people in the
environment. The fact that you cannot see the people you are interacting with does not
mean that you can be rude to them.
55
Unit 09: Computer and Cybersecurity
The vulnerabilities of a computer system should not be left alone for perpetrators. We should
prevent perpetrators from gaining access to our computer systems. To ensure that information
presented by your computer system is reliable and not prone to computer fraud and malware.
Computers and the internet have transformed the lives of many people in many good ways.
Unfortunately, this vast network and its associated technologies also have a number of security
threats. It is our duty to protect ourselves from these threats and attacks. Scammers, hackers
and identity thieves are looking to steal your personal information - and your money.
Computer security, the protection of computer systems and information from harm, theft, and
unauthorized use. Computer hardware is typically protected by the same means used to protect
other valuable or sensitive equipment, namely, serial numbers, doors and locks, and alarms. The
protection of information and system access, on the other hand, is achieved through other
tactics, some of them quite complex. Computer security deals with the protection of computer
systems and information from harm, theft, and unauthorized use.
Cyber security is the practice of defending computers, servers, mobile devices, electronic
systems, networks, and data from malicious attacks. It's also known as information technology
security or electronic information security. The term applies in a variety of contexts, from
business to mobile computing, and can be divided into a few common categories.
● Network security is the practice of securing a computer network from intruders,
whether targeted attackers or opportunistic malware.
● Information security protects the integrity and privacy of data, both in storage and in
transit.
● Operational security includes the processes and decisions for handling and protecting
data assets. The permissions users have when accessing a network and the procedures
that determine how and where data may be stored or shared all fall under this umbrella.
56
● Disaster recovery and business continuity define how an organization responds to a
cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
Security is a constant worry when it comes to information technology. Data theft, hacking,
malware and a host of other threats are enough to keep any IT professional up at night. We’ll
look at the basic principles and best practices that allow users to keep their systems safe.
Individuals and companies must employ the best security measures suitable to their needs to
prevent fraudulent activities.
The goal of information security follows three main principles:
1. CONFIDENTIALITY is ensuring that information is available only to the intended audience
– An organization obtains or creates a piece of sensitive data that will be used in the
course of its business operations. Because the data is sensitive, that data should only be
able to be seen by the people in the organization that need to see it in order to do their
jobs. It should be protected from access by unauthorized individuals.
57
2. INTEGRITY is protecting information from being modified by unauthorized parties –
Integrity involves maintaining the accuracy, consistency and trustworthiness of data.
Data must not be changed whilst at rest or in transit by unauthorized individuals (which
would demonstrate a breach of confidentiality). Integrity of data is commonly ensured
by implementing security measures such as file permissions and access control models.
Version controls can also be utilized to avoid changes to data made accidentally by
authorized individuals.
Effectively executing all three principles of the Security Triad creates an ideal outcome from an
information security perspective.
58
4. Save and Back up
Some events may be inevitable like hardware failure and virus infection, so be sure to
save every now and then. Also back up important information that is important to you.
Make sure to verify if the files you’ve saved can be easily restored.
59
Definition of terms
● Firewall: A firewall is a network security device that monitors incoming and outgoing
network traffic and decides whether to allow or block specific traffic based on a defined
set of security rules.
● Hackers: A hacker is a person who breaks into a computer system. The reasons for
hacking can be many: installing malware, stealing or destroying data, disrupting service,
and more. But, hacking can also be done for ethical reasons, i.e. finding vulnerabilities.
● Threats: A threat is anything that can compromise the confidentiality, integrity, or
availability of an information system.
● Vulnerability: A vulnerability is any weakness in the information technology (IT)
infrastructure that hackers can exploit to gain unauthorized access to data.
60
Unit 10: Cybercrime Law
DISCLAIMER: The following material was copied with permission from the GIT Lecture 9 -
Cybercrime Laws in the Philippines.pptx presentation of Atty. Marco Cunanan from PAO.
● When the attachment is opened, the file activates a code that sends an instruction to
forward the same email to all the contacts of the user
● The worm spread to e-mail accounts across the globe – including US and Europe –
overwhelming the email systems of private and government organizations causing them
to shut down resulting to estimated damages worth millions of USD
● This prompted the FBI to identify the source of the worm, which was then traced back to
the Philippines
61
“It is not clear whether the author of the virus can even be prosecuted in the Philippines, where computer
use is still uncommon among ordinary citizens and cyber-crimes are not yet defined in the legal code.”
● Onel De Guzman was eventually arrested by the Philippine government at the request of
the FBI but was released shortly afterwards because there was NO pre-existing
Philippine laws that he violated
62
Section 7. LEGAL RECOGNITION OF ELECTRONIC DOCUMENTS
● ELECTRONIC DOCUMENTS shall have the legal effect, validity or enforceability as any other
document or legal writing.
NOTE: This provision gives softcopy of authentic documents the same legal validity as
physical documents
Chapter III of R.A. 8792 states the following penalties in violation of this law:
Section 33. PENALTIES
The following acts shall be penalized by fine and/or imprisonment:
1. HACKING/CRACKING
● Unauthorized access into a computer system/server or information and
communication system
● Any access with the intent to corrupt, alter, steal, or destroy using a computer or
computer system without the knowledge and consent of the owner of the system
2. PIRACY
● Unauthorized copying, reproduction, storage, uploading, downloading,
communication, or broadcasting of protected material [..] through the use of
telecommunication networks, e.g. the Internet, in a manner that infringes intellectual
property.
3. Violations against R.A. 7394: The Consumer Act Of The Philippines
● R.A. 7394 was enacted primarily to protect the consumers …
… against hazards to health and safety, and
… against deceptive, unfair and unconscionable sales acts and practices.
NOTE:
● Penalty for HACKING/CRACKING and PIRACY:
▪ Pay a fine amounting to a minimum of one hundred thousand pesos (PhP 100,000)
and a maximum that is commensurate with the damage incurred and …
▪ Mandatory imprisonment of 6 months to 3 years.
● Penalty for violations against R.A. 7394 will be the same penalties as provided by same
law which is to pay a fine of PhP 20,000 to PhP 2000,000 and/or imprisonment of 3 to 6
years
63
GUIDE QUESTION: R.A. 8792
Does connecting to an open WIFI network (e.g. WIFI with no password), without the consent
of the network owner, constitute a violation of RA 8792?
NO! By merely accessing it, there is no clear intent to “corrupt, alter, steal or destroy”
R.A. 10175 defines CYBERCRIME as a crime committed with or through the use of information
and communication technologies such as radio, television, cellular phone, computer and
network, and other communication device or application.
64
SECTION 4 (a) OFFENSES against the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY (CIA) of
COMPUTER DATA and COMPUTER SYSTEMS
The following acts under this cybercrime includes the following:
1. ILLEGAL ACCESS
The access to the whole or any part of a computer system without right.
NOTE:
● “access” is the instruction, communication with, storing/retrieving data from or use
of any resources of a computer system of network
● “without right” means having no consent from the owner of the computer system
Does connecting to an open WIFI network (e.g. WIFI with no password), without the
consent of the network owner, constitute a violation of RA 8792?
NO! By merely accessing it, there is no clear intent to “corrupt, alter, steal or destroy”
Does connecting to an open WIFI network (e.g. WIFI with no password), without the
consent of the network owner, constitute a violation of RA 10175?
YES! Illegal access is to “make use of any resources” without right (consent)
65
3. DATA INTERFERENCE
The intentional or reckless alteration, damaging, deletion or deterioration of computer
data, electronic document or electronic data message without right – including the
introduction or transmission of viruses
NOTE:
GUIDE QUESTION: R.A. 10175
NOTE:
● This is more or less an extension of the previous offense whereby the affected entity
is not just data but the whole system
66
YES! Although it may be unintentional, data interference and system interference was
committed
67
6. CYBERSQUATTING
The acquisition of a domain name on the internet in bad faith to profit, mislead,
destroy reputation, and deprive others from registering the same
NOTE:
● CYBERSQUATTING SAMPLE CASE: MikeRoweSoft.com
⬥ In January 2004, Mike Rowe was a grade 12 student who operated a profitable
web design business as a part time job.
⬥ He registered the website with the domain name MikeRoweSoft.com
⬥ Lawyers from Microsoft asked him to stop using the website and Mike Rowe
complied after an undisclosed settlement with the company
NOTE:
● COMPUTER-RELATED FORGERY EXAMPLE:
Hacking into the SLU Student Portal to change your grade from 65 to 95. Since NO
MONETARY VALUE is involved, this is considered as “forgery” and not “fraud”
68
2. Computer-related FRAUD
The unauthorized input, alteration, or deletion of computer data or program or
interference in the functioning of a computer system, causing damage resulting to
monetary loss
NOTE:
● COMPUTER-RELATED FRAUD EXAMPLES:
⬥ Hacking into a bank’s database to change your balance from 500 to 5000 pesos
⬥ People asking for “prepaid load” by pretending to be the victim’s “relative”
Assume that two individuals, who happen to be real-life partners, gave their consent to
each other to record their sexual act.
Is this a case of cybersex?
NO! Since both parties consented and even if these acts are publicly denounced, they
do NOT constitute to cybersex since the act is NOT done for “any favour or
consideration” and without the element of “engagement in business”
NO … unless the hentai clip itself contains a character which is explicitly identified as
a minor. If so, the said material is prohibited and the creator/distributor of the said
material is liable for violation of this law.
NOTE:
GUIDE QUESTION: R.A. 10175
70
GUIDE QUESTION: R.A. 10175
NO! LIKING or REACTING may be a sign of approval to the said post but NO
STATEMENT was mentioned – none of the FOUR ELEMENTS OF LIBEL is present!
NO! The libelous statement was NOT made by the person who SHARED it!
If you COMMENTED on the said post with “OO NGA!”, are you liable?
NO! Similar to LIKING or REACTING, commenting “OO NGA!” does not discredit or
allege Maria David – none of the FOUR ELEMENTS OF LIBEL is present!
If you COMMENTED on the said post with “OO NGA! MAGNANAKAW KAYONG
MAG-INA”, are you liable?
YES! This statement is not merely an approval but also states an allegation towards
Maria David and her mother. This makes the person liable for libel since the comment
can be seen publicly as well.
To augment your understanding of R.A. 10175, please read the following cases:
1. On the constitutionality of the law | Disini v. Secretary of Justice, G.R. No. 203335
2. On child pornography | Cadajas v. People of the Philippines, G.R. No. 247348
3. On cyberlibel | Dio v. People of the Philippines and Desmond, G.R. No. 208146
In DISINI VS. SECRETARY OF JUSTICE, G.R. No. 203335, the Supreme Court identified two
categories of the right to privacy:
1. Decisional privacy which involves the right to independence in making certain decisions
of great importance; and
2. Informational privacy which involves the right
a. to not have private information disclosed; and
b. to live freely without surveillance and intrusion.
71
THE 1987 PHILIPPINE CONSTITUTION
THE RIGHT TO PRIVACY
Section 2, Article II:
The Philippines renounces war as an instrument of national policy, adopts the generally
accepted principles of international law as part of the law of the land and adheres to the
policy of peace, equality, justice, freedom, cooperation, and amity with all nations.
This provision is also known as the Doctrine of Incorporation. The Philippines has incorporated
the right to privacy because it is an internationally recognized right in documents such as the:
1. United Nations Declaration of Human Rights (Article 12)
2. International Covenant on Civil and Political Rights (Article 17)
3. World Summit on Information Society Declarations (B5, Item 35)
72
Assume that your classmate, without your consent, decided to read your private
messages. Can you accuse them of violating your constitutional right to privacy?
NO! Your classmate is a private individual. The constitutional right to privacy may only
be raised against the State, e.g. barangay officials, police, government personnel, etc.
The following and similar acts, though they may not constitute a criminal offense, shall produce
a cause of action for damages, prevention and other relief:
1. Prying into the privacy of another's residence;
2. Meddling with or disturbing the private life or family relations of another;
3. Intriguing to cause another to be alienated from his friends;
4. Vexing or humiliating another on account of his religious beliefs, lowly station in life,
place of birth, physical defect, or other personal condition.
73
Sample Case: (Zulueta vs C.A., 1996)
Situation:
Cecilia entered the clinic of Dr. Martin – her husband – and in the presence of
witnesses, forcibly opened the drawers and cabinet and took 157 documents and
papers consisting of greetings cards, cancelled checks, diaries, and photographs
between Dr. Martin and his alleged paramours.
YES! In the decision of the court: “A person, by contracting marriage, does not shed
his/her integrity or his right to privacy as an individual and the constitutional
protection is ever available to him or her.”
The documents and papers are inadmissible as evidence since the way they were
gathered violated the right to privacy of Dr. Martin
74
REPUBLIC ACT 9995: ANTI-PHOTO AND VIDEO VOYEURISM ACT OF 2009
Included under the REASONABLE EXPECTATION OF PRIVACY is that any person believes that:
● He/she could disrobe in privacy, without being concerned that an image or a private
area of the person was being captured;
● The private area of the person would not be visible to the public, regardless of whether
that person is in a public or private place.
The “private area of a person” includes naked or undergarment-clad genitals, pubic area,
buttocks, or the female breast of an individual
Will one be liable for the non-commercial copying or reproduction of said photo or video –
e.g. copy or reproduce for free without asking for money?
YES! The mere copying or reproduction of said material will make one liable under the law
regardless of the reason or whether one profits or not from such act.
If the persons in the photo knew and consented to the video recording or taking of the photo,
can anyone reproduce, distribute, or broadcast it?
NO! The person merely consented to the taking of the photo or the video recording and did
not give written consent for its reproduction, distribution, and broadcasting.
75
Section 4: PENALTIES.
The penalty for the commission of any of the prohibited acts above are as follows:
● Imprisonment of 3 years to 7 years imprisonment; and
● Fine of Php 100,000.00 to Php 500,000.00
DEFINITION OF TERMS
1. PERSONAL INFORMATION CONTROLLER (PIC)
The individual, corporation, or body who decides what to do with data.
4. BREACH
A security incident that:
a. Leads to unlawful or unauthorized processing of personal, sensitive, or
privileged information;
b. Compromises the availability, integrity, or confidentiality of personal data.
76
PERSONAL INFORMATION vs SENSITIVE PERSONAL INFORMATION
PERSONAL INFORMATION SENSITIVE PERSONAL INFORMATION
Any personal information about a particular Any information or opinion about a particular
individual that can be used in identifying a individual that may be used to harm or
person. discriminate against a person.
This includes, but not limited to: This includes, but not limited to:
▪ Name ▪ Phone number ▪ Race or ethnic origin
▪ Address ▪ E-mail address ▪ Religious affiliations ▪ Criminal record
▪ Medical record
77
PROCESSING OF SENSITIVE PERSONAL INFORMATION
The processing of sensitive personal information shall be allowed if it adheres to ONE of the
following:
1. The consent of data subject has to be given;
2. The processing is necessary and is related to the fulfillment of a contract with the data
subject or in order to take steps at the request of the data subject prior to entering into
a contract;
3. The processing is necessary for compliance with a legal obligation to which the PIC is
subject;
4. The processing is necessary to protect vitally important interests of the data subject,
including life and health;
5. The processing is necessary in order to respond to national emergency, to comply with
the requirements of public order and safety, or to fulfill functions of public authority
[…]; or
6. The processing is necessary for the purposes of the legitimate interests pursued by the
PIC […], except where such interests are overridden by fundamental rights and
freedoms of the data subject […]
78
4. Right to RECTIFICATION
● This involves the right to dispute the inaccuracy or error in the personal data and
have the PIC correct it immediately.
● It also includes access to new and retracted information, and simultaneous
receipt thereof.
● Recipients previously given erroneous data must be informed of inaccuracy and
rectification upon reasonable request of the data subject.
79
GUIDE QUESTION: R.A. 10173
NO! Any search through a student’s cellular phone without justification under a law or
regulation is UNLAWFUL, and may be considered as “unauthorized processing of data”
However, there are exceptions:
● If it was done with student’s consent [except if the student is a minor]
● If it is required by the student’s life and health, or by national emergency.
NO! Consent under the Data Privacy Act has three requirements, none of which are seen in
an implied consent:
● Consent must be freely given;
● Details about what consent is being asked must be specific; and
● There must be an informed indication of will.
NO! It is possible that one may share a similar signature as another person. Moreover,
some signatures do not, in any way, show signs of identity of a person.
However, these may be considered personal information when used to identify an
individual such as a signature affixed on the name of a person.
Are usernames, password, IP and MAC address, location cookies and birthday (month and day
only) considered personal information?
YES!*
* Only when they are combined with other pieces of information that may allow an
individual to be distinguished from others.
80
PROHIBITED ACTS OF R.A. 10173
1. Unauthorized processing of personal information and sensitive personal information
Process (sensitive) personal information without the consent of the data subject or
without being authorized under the Data Privacy Act or any other law.
2. Accessing personal information and sensitive personal information due to negligence
Provided access to (sensitive) personal information due to negligence or was
unauthorized under the Data Privacy Act or any existing law.
To augment your understanding of R.A. 10173, please read the following cases:
1. Right to Privacy | Cadajas v. People of the Philippines, G.R. No. 247348
2. Right to Privacy | People of the Philippines v. Rodriguez, G.R. No. 263603
3. Privileged Communications | Josielene Chan v. Johnny Chan, G.R. No. 179786
4. Reasonable Expectation of Privacy | Ople v. Torres, G.R. No. 127685
5. CCTVs | Spouses Hing v. Choachuy, G.R. No. 179736
6. Privacy in Relationships | Zulueta v. Court of Appeals, G.R. No. 107383
7. a. Social Media | Vivares v. St. Theresa's College, G.R. No. 202666
b. Social Media | Demata v. People of the Philippines, G.R. No. 228583
8. Data Privacy | JV v. JR of SM Bicutan, NPC Case No. 17-047
81
Unit 11: Security Controls
Security controls are a set of procedures and technological measures to ensure secure and
efficient operation of information within an organization, both general and application controls
for safeguarding information. These control activities are applied throughout an organization.
The most important general controls are the measures that control access to computer systems
and the information stored or transmitted over telecommunication networks. General controls
include administrative measures that restrict employee access to only those processes directly
relevant to their duties, thereby limiting the damage an employee can do.
IT security is about protecting things that are of value to an organization. Security controls exist
to reduce or mitigate the risk to those assets. They include any type of policy, procedure,
technique, method, solution, plan, action, or device designed to help accomplish that goal.
Recognizable examples include firewalls, surveillance systems, and antivirus software.
There are two ways to classify controls in an organization: by type – physical, technical, or
administrative – and by function – preventive, detective, and corrective.
Control Types
● Physical Controls – Describes anything tangible that’s used to prevent or detect
unauthorized access to physical areas, systems, or assets. This includes gates, access
cards, CCTVs, and motion sensors.
● Technical Controls – (also known as logical controls) Includes hardware or software
mechanisms used to protect assets. Common examples are authentication solutions,
firewalls, and antivirus software.
● Administrative Controls – Refers to policies, procedures, or guidelines that define
personnel or business practices in accordance with the organization's security goals.
These can apply to the hiring and termination of employees, equipment and Internet
usage, separation of duties, and auditing.
82
Control Functions
● Preventive Controls – This is any security measure that is designed to prevent or stop
any malicious activity from happening. These can be fences, alarms, and antivirus
software.
● Detective Controls – These are any security measures taken or implemented to detect
and alert to unwanted or unauthorized activity in progress or after it has occurred. It can
be alerting guards or notifications from a motion sensor.
● Corrective Controls – Any measures taken to repair damage or restore resources and
capabilities following an unauthorized or unwanted activity. This may include rebooting
the system, or terminating a process, or quarantining a virus.
CONTROL FUNCTIONS
Preventive Detective Corrective
83
GRADED ACTIVITY 2
0 -1000 -1000
1 600 100
2 400 400
3 200 600
4 200 600
5 100 700
Solution:
84
Part 5: Unit 5 (15 pts)
References
● https://explorable.com/hawthorne-effect
● https://methods.sagepub.com/book/key-concepts-in-social-research/n22.xml
● https://online.visual-paradigm.com/diagrams/tutorials/use-case-diagram-tutorial/
● https://sites.google.com/site/2012itcs371devsec3fuzzysystem3/3
● https://www.investopedia.com/terms/c/click_and_mortar.asp
● https://www.mbaskool.com/business-concepts/marketing-and-strategy-terms/2587-clic
k-only-companies.html
● https://www.sciencedirect.com/topics/computer-science/sequence-diagram
● https://www.slideshare.net/fajarbaskoro/systems-request
● https://www.tutorialspoint.com/software_engineering/case_tools_overview.htm
● https://www.visual-paradigm.com/support/documents/vpuserguide/2821/286/7114_dr
awingbusin.html
● https://www.youtube.com/watch?v=DMPxxijmG7M&fbclid=IwAR0hx6Uo4PSlgqmMmA
OeX4e_R6mq0s4nMw-iwcXUOiixRkvkHeWxK8UTQj8
85
● https://www.youtube.com/watch?v=rAR5sbaphwU&fbclid=IwAR3EXVa8Rag6iV8zFswXcF
hRFOB_FaiEa7QD6QMukGoyaiQ6cRLH30xiCtY
● McCombes, S. (2020, January 13). How to Do a Case Study: Examples and Methods.
Retrieved June 7, 2020, from https://www.scribbr.com/methodology/case-study/
● NewLeaf. (2012). ROI or Payback Period? Retrieved June 7, 2020, from
https://newleaf-llc.com/2012/08/roi-or-payback-period/
● Requirements Modeling. Part 1 https://www.youtube.com/watch?v=2t0ichoFHG8 Part 2
https://www.youtube.com/watch?v=1u5KQh_B1_U
● ROSENBLATT, H. (2014) Systems Analysis and Design, 10th edition. Shelly Cashman
Series. Cengage Learning
● Top five causes of scope creep ... and what to do about them. A Guide to the Project
Management Body of Knowledge (PMBOK® Guide)—Fourth edition
https://www.pmi.org/learning/library/top-five-causes-scope-creep-6675
With the internet being the center for acquiring information nowadays, and more and more
systems being developed to suit the needs of different businesses, all of which make use of the
internet as a medium for marketing and operations, there is a question of how the security of
everyone is maintained. Having a singular tool used as a platform by different businesses and
individuals alike has definitely made it easier for everyone to communicate and do transactions.
But it has also made it easier for others to exploit the vulnerability of persons who are not
knowledgeable about the risks of using the internet.
To start with this module, take some time to reflect on the following questions:
1. Have you ever felt that your security is compromised while using the internet?
2. Do you think you have done something that might have been illegal?
3. Have you ever searched anything in Google and used it as part of one of your outputs?
4. Have you created anything that was used by someone else without your consent
86
Explore Activity
1. Search for an example of an apparent cybercrime. From this example, give your thoughts on
how you think that could have been prevented.
2. Downloading files through the internet is rampant, whether legal or not. An example of
which is downloading movies, TV series, or animes via a torrent client. Currently, this is an
illegal act, but authorities have little resources to stop this completely. Do you think this kind
of activity must be stopped, or do you think this is something that must be accepted as
legal?
References:
• Course notes - Atty Marco Polo E. Cunanan. Public Attorney II, PAO San Fernando (P)
District. Lecturer, Tarlac State University School of Law
• Federis & Associates Intellectual Property Firm. (2013). What is Copyright? Retrieved
from FEDERIS Intellectual Property Law:
http://www.federislaw.com.ph/faqs-resources/copyright/
• Lawphil.net and Chanrobles.com
• Republic Act No. 10173. (2012). Retrieved from Official Gazette:
https://www.officialgazette.gov.ph/2012/08/15/republic-act-no-10173/
• Republic Act No. 10175. (2012). Retrieved from Official Gazette:
https://www.officialgazette.gov.ph/2012/09/12/republic-act-no-10175/
87
Appendix
Unit 01 Question2: Calculate the percentage increase in productivity if the output expands from
12,000 in year 2 to 15,000 in year 3.
Answer:
Take the output in year 3 which is 15,000 and subtract it with the output in year 2 which is
12,000 to get the increase from year 2 to year 3.
15,000-12,000 = 3,000
Then divide it from the output from year 2 which is 12,000 then multiply it by 100 to get the
increase by percentage
88