Satisfactory of Computer Security Management in CTU Danao Campus

A Research
Presented to the
College of Technology
CEBU TECHNOLOGICAL UNIVERSITY
Danao City, Cebu

In Partial Fulfillment
of the Requirements for the Course
RESEARCH 2

RESEARCHERS
Candol, Jhon Paulo
Dayday, Jaybe R.
Sarte, Eglecerio Jr.
Batucan, Verniel

INSTRUCTOR
Dr. Jeson A. Bustamante

June 2021
 ACKNOWLEDGEMENT

The researcher’s wishes to express their deepest gratitude to the special people
who have extended their assistance for the success of this study,

The Almighty God, who is the source of life, strength of knowledge and wisdom.

To the fellow classmates, for sharing their knowledge and idea in helping the
researchers in the construction of the project.

To the respondents, for giving their full cooperation and for answering the
questions honestly.

To the beloved parents and guardians for untiring love and support especially
to the researcher financial aspects.

The Lord and Savior Jesus Christ, this piece of work was heartily offered.

And lastly, to Mr. Jeson A. Bustamante, Our instructor in this subject, for his
genuine apprehension, encouragement, patient and guidance and whose expertise and
knowledge were generously shared.
 ABSTRACT

With the increasing development of computer technology growth and increasing

needs and development of computer systems security. The problem of security must be
approached with greater caution. With the development of computer have developed
numerous tools to protect files and other information. A set of tools, procedures, policies
and solutions to defend against attacks are collectively referred to as computer network
security.

Through this research study, the researcher will find out if the computer security
management of CTU Danao campus satisfied students. The researcher will also explore
the ideas of the students based on their actual experience, observations and insights as
well. The respondents of this study are the 25 CTU Danao Campus students who take
up any courses under the school year 2020-2021. In order to come up answers from the
problem statements, the researcher used survey questionnaires and interview guide
questions to gather data. Finally, the researcher used random sampling in choosing its
respondents. Based on the findings, the researcher concludes that the performance of
satisfactory of Computer Security Management in CTU Danao Campus needs
improvement. This Study reveals that the students suffer some issues in computer
security where it can affect to do their task like editing, programs and etc. Thus, the
designed instructional material is recommended for implementation.
 TABLE OF CONTENTS

Page

TITLE PAGE i

ACKNOWLEDGEMENT ii

ABSTRACT iii

TABLE OF CONTENTS iv

CHAPTER

1 THE PROBLEM AND ITS SETTING

INTRODUCTION

Rationale 1

THE PROBLEM

Statement of the Problem 2

Significance of the Study 5

Definition of Terms 5

2 RELATED LITERATURE AND STUDY

Studies 7

3 RESEARCH METHODOLOGY

Research Design 9

Research Environment 9

Research Respondents and Sampling 10

Research Instruments 10

Data Gathering Procedure 11

4 PRESENTATION, ANALYSIS, AND INTERPRETATION OF DATA

5 SUMMARIES OF FINDINGS, CONCLUSION AND RECOMMENDATION

Summary of Findings 16

Conclusion 18

Recommendation 18

BIBLIOGRAPHY 18

APPENDICES

Appendix A

Approval Letter

Appendix B

Research instrument

Appendix C

Documentation

Appendix D

Curriculum Vitae
 CHAPTER ONE

THE PROBLEM AND IT’S SETTING

INTRODUCTION

RATIONALE

Computer security is the practice of defending computers, servers, mobile

devices, electronic systems, networks, and data from malicious attacks. It is also known
as information technology security or electronic information security.

The Computer Security Act of 1987, Public Law No. 100-235 (H.R. 145), (Jan.

8, 1988), was a United States federal law enacted in 1987. It was intended to improve
the security and privacy of sensitive information in federal computer systems and to
establish minimally acceptable security practices for such systems. It required the
creation of computer security plans, and appropriate training of system users or owners
where the systems would display, process or store sensitive information.

Establishes a Computer System Security and Privacy Advisory Board within the
Department of Commerce to identify and advise the Bureau and the Secretary of
Commerce on, issues relating to computer systems security and privacy, and report
findings to the Secretary, the Director of the Office of Management and Budget, the
Director of the National Security Agency, and the appropriate congressional
committees.

Amends the Federal Property and Administrative Services Act of 1949 to require the
Secretary to promulgate standards and guidelines pertaining to Federal computer
systems based on standards developed by the Bureau. Authorizes the President to
disapprove or modify such standards and guidelines if such action would be in the
public interest. Requires that notice of such disapproval or modification be submitted to
the House Committee on Government Operations and the Senate Committee on
Governmental Affairs and published in the Federal Register. Directs the Secretary to
rescind or modify such standards or guidelines as directed by the President.

Requires each agency to provide mandatory periodic training in computer security,

under guidelines developed by the Bureau, for all employees involved with the
management, use, or operation of computer systems. Authorizes the use of an
approved alternative training program determined by the agency head to meet the
objectives of such guidelines.

Requires each agency with a federal computer system to establish a plan for the
security and privacy of sensitive information. Requires the submission of such plans to
the Bureau and the National Security Agency for advice and comment. Subjects such
plans to disapproval by the Office of Management and Budget.

Provides that nothing in this Act shall be construed to: constitute authority to
withhold information sought under the Freedom of Information Act; or authorize any
Federal agency to limit, restrict, regulate, or control the collection, maintenance,
disclosure, use, transfer, or sale of any information that is privately-owned information,
information disclosable under the Freedom of Information Act or other law requiring or
authorizing the public disclosure of information, or information in the public
domain.Schools and universities face a number of challenges that businesses and other
organizations don't have to encounter. Whereas companies have their employees to
monitor and grant access to, schools must worry about teachers and students, who can
range anywhere from five-year-olds to full adults. In the case of schools with young
children, those kids often do not have the same legal obligations or face the same legal
ramifications if they should, intentionally or accidentally, access a network without
authorization. Students also tend to not understand the security threats out there related
to the internet and are more likely to use unsecured networks, download infected files,
or expose devices to malware. School structure can also be a major problem, with many
institutions of higher learning using a decentralized approach that creates multiple
networks that need protection. Schools are also dealing with students bringing more of
their own mobile devices to class, which itself can present many security issues. Couple
all these challenges with shrinking budgets, and it is easy to see how things can quickly
get out of control. All of this underscores the need for an effective network security
strategy.

For many schools, network security is not just an option, it is a necessity. We are
long past the days where each classroom had a single computer; students now
regularly have smartphones and tablets. Online access has also turned into a crucial
tool for learning. To make sure important school data and files are protected,
administrators need a stable security environment, which is where network security
comes in. A well-managed network security system will feature measures where
administrators can efficiently control and monitor what students and teachers access
while online. While web filters can certainly play a role in restricting certain websites,
network security can go much further by taking a more proactive approach in monitoring
online activity and blocking sites that may lead to security compromises.

This blocking action can go beyond the internet. Mobile devices have shown
to be a major source for malware, and oftentimes, students will be using an infected
device without even knowing it. Network security, often through network access control,
can detect when a device has been infected. When this happens, the device is then
blocked from connecting to the network and alerts IT about the infection. IT workers can
then go and clean the infected part of the device, which not only protects the network
but the user as well. Network security systems can also be robust and flexible, allowing
for various types of devices to connect provided they are able to pass the standards set
by administrators.

A good network security system found in schools will feature other security
measures such as anti-virus protection, firewalls, encryption, password protection, and
the latest upgrades and patches. All of these allow administrators to better monitor
individual devices and authenticate them for use on the network. This evaluation before
a device is granted access can be crucial for preventing attacks on network systems.
With so many sensitive records and files, administrators need to know exactly who and
what is accessing the network, which is why network access control is such a vital part
of network security.

Securing educational networks is not something that should be treated lightly.

Security breaches are not a rare thing anymore, which can be seen by the more than
650,000 student records that were compromised a couple years ago at the University of
Nebraska. Schools and universities that recognize the threats and the damage they can
cause will be in a better position to protect their teachers and students. As more and
more come to realize the importance of network security, they will be able to respond
quickly to future attacks and threats.

There are times when computer security is a concern at the Cebu

Technological University Danao Campus. Students and teachers who are unable to
access their accounts on the CTU Danao campus web pages.
Teacher's ' salaries that have been delayed due to information security issues on the
Cebu Technological University Danao campus.
Statement of the problem

The purpose of this study is to check the satisfactory of computer security in CTU
Danao campus.

Specifically, it seeks to answer the following questions:

1. What is the level of performance of the computer security management of CTU

Danao Campus?
2. What are the insights of the students of computer security management in CTU
Danao campus?

Objective of the Study

The main objective of the study is to check the satisfactory of computer security
management in CTU Danao Campus.

1. Determine the level of performance of the computer security management of

CTU Danao Campus.
2. Determine the insights of the students of computer security management in CTU
Danao Campus.

Significance of the Study

The purpose of this study is to present several ways benefitting the following:

Students.

To have them guide and prevent them from the viruses, that may result of hacking
there accounts also to prevent malware, which allows programs to run quicker and
smoother.
Teachers.

To have an idea on how to make their computer security more effective and to prevent,
detect, contain, correct, and recover from security breaches and other information
assurance failures.

School Management

This may result of less computer security risk and helps the management to make their
computer security management more effective and efficient.

Future Researchers.

The result of this study will give a positive and negative result that future generations
may use to their study to develop more effective Computer security management and to
improve their strategy and knowledge in engaging research studies.

OPERATIONAL DEFINITION OF TERMS

Security Management - involves identifying the assets, threats, vulnerabilities, and

taking protective measures, which if not done may lead to unintended use of computing
systems.

Information security - securing information from unauthorized access, modification &

deletion.

Application Security - securing an application by building security features to prevent

from Cyber Threats such as SQL injection, DoS attacks, data breaches etc.

Computer Security - Securing a standalone machine by keeping it updated and

patched.

Network Security - Securing both the software and hardware technologies.

Cybersecurity - Protecting computer systems, which communicate over the computer

networks.
Computer virus - A malicious program which is loaded into the user’s computer without
user’s knowledge. It replicates itself and infects the files and programs on the user’s PC.

Satisfaction - The act of fulfilling a need, desire, or appetite, or the feeling gained from
such fulfillment.

CHAPTER TWO

REVIEW OF RELATED LITERATURE

The task of keeping a business network secure can be a daunting one, full of its
own challenges and setbacks. Now imagine the added complexities of network security
when the organization involved is a school or university.

According to Dieter Gollmann in Wiley Interdisciplinary Reviews: Computational

Statistics 2 (5), 544-554, 2010 Computer security encompasses concepts and methods
for protecting sensitive resources in computer systems. Computer security starts from
the policies that regulate access to protected resources. In technology, the focus is on
mechanisms for enforcing these policies. We will put various enforcement mechanisms
into context with the policies and the IT architectures they were originally designed for.
We will also briefly touch on network security and conclude with remarks on security
evaluation.

According to Carl E Landwehr in International journal of information security 1

(1), 3-13, 2001 A strong factor in the early development of computers was security – the
computations that motivated their development, such as decrypting intercepted
messages, generating gunnery tables, and developing weapons, had military
applications. But the computers themselves were so big and so few that they were
relatively easy to protect simply by limiting physical access to them to their
programmers and operators. Today, computers have shrunk so that a web server can
be hidden in a matchbox and have become so common that few people can give an
accurate count of the number they have in their homes and automobiles, much less the
number they use in a day. Computers constantly communicate with one another; an
isolated computer is crippled. The meaning and implications of “computer security” have
changed over the years as well. This paper reviews major concepts and principles of
computer security as it stands today. It strives not to delve deeply into specific technical
areas such as operating system security, access control, network security, intrusion
detection, and so on, but to paint the topic with a broad brush.

According to Donn B Parker Reston Publishing Company, 1981 The text

describes types of information systems and analyzes the relationships between data
processing services and the rest of an organization. The text also defines security, risk
avoidance, assets, and threats; discusses the characteristics of accidental and
intentional acts that undermine data security; and illustrates security strategies. It
explains the application and organization of security functions (deterrence, prevention,
detection, recovery, and correction). The text delineates computer privacy and security
laws (Privacy Act of 1974, Foreign Corrupt Practices Act, State computer crime laws)
and assesses their impact on computer security. The book also details strategies for
establishing and implementing computer security programs, beginning with the conduct
of a computer security review, which identifies, quantifies, and ranks vulnerabilities for
resource allocation and safeguard selection. The text suggests steps to reduce risks
based on a threat scenario and risk analysis methodology. These steps include forming
a task force to perform the security review and presenting an evaluation and
implementation plan to management. The implementation strategy features assessment
of the scope of responsibility, development of an assets model and inventory file, threat
and risk assessment measurements, selection and evaluation of safeguard selections,
and recommendations regarding safeguard implementation. Tables, organizational
charts, sample forms, and an index are provided. Appendixes include Federal and State
computer crime legislation; discussions of computer-related crime methods, principles
of business conduct, data processing organization standards of conduct, and computer
controls and audit tools; a computer security survey questionnaire; and examples of
computer crime scenarios.
 The researcher is a student from Cebu Technological University Danao Campus
conducting a study as a completion of partial requirement in the field of Information
Technology whose purpose is to know the computer security management in CTU
Danao Campus. Furthermore, the researcher is expected to gain knowledge that is
applicable in their specific field of practice.

CHAPTER THREE

RESEARCH METHODOLOGY

Research Design

The study will use an online survey using google docs. This type of research is a
qualitative research which aims to know and explain further the satisfactory of computer
security management in CTU Danao Campus. This method is suited to identify the
opinion of the respondents as regards to the level of performance of the computer and
the insights of the students.

Research Environment

The researchers will conduct the survey at CTU Danao Campus. This is located in
Sabang, Danao City along the Central Nautical Highway, with beyond 3,000 students.
 Source: Google Map

Figure 1: Map of Cebu Technological University Danao City Campus.

Research Respondents

The researcher will use random sampling in determining the satisfactory of

computer in the study. Random students from the premises in Cebu Technological
University Danao Campus are the respondents of this study.

Population and Sampling

The respondents of the study include twenty-five (25) college students enrolled in Cebu
Technological University Danao Campus year 2020-2021. The random sampling as a
sampling technique was utilized.

Research Instruments

The instrument to be used in the study is a researcher-made survey

questionnaire.

These survey questionnaires are prepared to have it answered by the randomly

selected participants in order to know their insights about the computer security. It aims
to assess the satisfactory of the computer security management of Cebu Technological
University Danao Campus.

Data Gathering Procedure

In gathering data for this research, the researcher prepares the instruments or
materials to be used. The researcher asked for approval of the data through a
transmittal letter before conducting the study. After the approval, the researcher
manages to send the approval letter to the respondents where the prospective
respondents are situated. Once approved, consent forms of the respondents to verify.
The researcher will gather information using a questionnaire to the respondents. With
the help of Random Sampling, the researcher will be able to find other respondents
within the school campus. The result of the findings was collected, tabulated, analyzes,
and interpreted as a basis for the conclusion and recommendation of this study.

CHAPTER FOUR

PRESENTATION, ANALYSIS AND INTERPRETATION OF DATA

This chapter presented, analyzed and interpreted all the data interpreted all the data
gathered in this study. Presentation was done using table and graphs.

STUDENT’S SATISFACTION OF COMPUTER SECURITY MANAGEMENT IN CTU

DANAO CAMPUS

GRAPH 1.
. There are 48% of students who answered that sometimes they are satisfied about the
computer security management in CTU Danao Campus, 36% of students feel satisfied,
the 12% of students answered very satisfied and 4% feels not at all satisfied.

CHALLENGES FACED DURING IMPLEMENTING AN APPLICATION SECURITY

PROGRAM

GRAPH 2.

There are 36%

of students saying that the challenges they face in implementing an application security
program is the lack of support or management buy-in, 24% of students said that it is the
lack of budget, lack of skills is what the 20% of students said, lack of human resources
is the challenges of the 16% of students and the 4% said there is no challenges.
 GRAPH 3. STUDENT’S OBSERVATIONS IN COMPUTER SECURITY
MANAGEMENT

80%
70%
60%
50%
40%
30%
20%
10%
0%
STUDENTS PREFFERED ABOVE AVERAGE LEVEL GUARANTEE 100% OF PRACTICE OF
TO USE CTU GMAIL OF COMPUTER SAFENESS IN DEFENDING COMPUTER
ACCOUNT SECURITY COMPUTER SECURITY OR ELECTRONICS
SYSTEMS HELP
STUDENTS AVOID FROM
MALICIOUS ATTACKS OR
YES NO MAYBE SOMETIMES VIRUSES
 STUDENT’S INSIGHTS AND RECOMMENDATION OF COMPUTER SECURITY
MANAGEMENT IN CTU DANAO CAMPUS

STATEMENT ANSWERS

WAYS TO ENHANCE CYBER  They should conduct a research

about how to develop better cyber
SECURITY IN SCHOOL
security.
 Be more cautious in handling
personal information and account.
 Study about Cyber security
 Avoid posting bad habit.
 Improving the device management
strategy.
 They should update their security
apps always.
 Always check the student network
if there is a Malicious intruder and
must keep their security much
more secured in order to avoid
cyber-attacks.
 awareness
 Think before you click.
 Studying more and understand
everything about security, can help
enhance cyber security.
 CTU Danao students should make
sure that they are using a strong
password.
 CHAPTER FIVE

SUMMARY OF FINDINGS, CONCLUSION AND RECOMMENDATION

Summary of Findings

The study is about the "Satisfactory of Computer Security Management in CTU Danao
Campus. Specifically, it seeks the answer to the main problem of determining the
insights of the students and the level of performance of the computer security
management in CTU Danao Campus.

Based on the results gathered, the following are hereby presented:

GRAPH 1. Based on the findings, majority of the students answered that sometimes
they are satisfied about the computer security management in CTU Danao Campus
which is 48%, 36% of students feel satisfied, the 12% of students answered very
satisfied and 4% feels not at all satisfied.

GRAPH 2. Based on the findings, 36% of students saying that the challenges they face
in implementing an application security program is the lack of support or management
buy-in, 24% of students said that it is the lack of budget, lack of skills is what the 20% of
students said, lack of human resources is the challenges of the 16% of students and the
4% said there is no challenges.

STUDENT’S OBSERVATIONS IN COMPUTER SECURITY MANAGEMENT

GRAPH 3. In this area, 68% of the students answered "Yes", that they preferred to
make an account using the CTU Gmail, 12% of students who answered "Maybe" and
"Sometimes", both choices got 12% whom students are still undecided. The lowest
percentage is 8%, those are the students who answered "No" or who do not prefer to
make an account using the CTU Gmail.

There are 58.3% of students who answered maybe that the security level of CTU
Danao Campus is above average. 29.2% who said Yes that it is above average, 12.5%
answered no it is not above average. 62.5% of students said that maybe the computer
security in CTU Danao Campus is guaranteed 100% safeness, 25% of students who
said, " No it is not 100% safe" and the 12.5% of students answered "yes, it is 100%
safe".

In browsing the internet, there are 64% of students who feels neutral about the security
of their devices, 20% of the students who feels not secure at all, 16% of students who
somewhat feel secure and 0% of students who does feel very secure.

There are 44% who answered "Yes", that the practice of defending computers
servers, mobile devices, electronic systems, networks, and data helps students to avoid
from malicious attacks or viruses, and 32% of students who answered "Maybe", 20% of
students who answered "Sometimes" and 4% of students who answered "No".

The CTU Danao Campus Security can detect a successful or attempted

cybersecurity incident or breach, out of 100% there are 60% of students who answered
"Maybe", only 24% answered "Yes" it can detect, and 16% who answered "No" it cannot
detect.

STUDENT’S INSIGHTS AND RECOMMENDATION OF COMPUTER SECURITY

MANAGEMENT IN CTU DANAO CAMPUS

Based on the lived experiences and observations of the students, Computer Security
Management in CTU Danao Campus should enhance their abilities to protect the
computer from malicious attacks and breaches. They tend to recommend some ways to
help like be cautious all the time, do not to access websites that are new to you. Those
websites that will give you uncertainties and compromise your security. Be more
cautious in handling personal information and accounts.

There are lots of ways to enhance student’s cyber security and one example of this is
the Web Application Protector this is a powerfully simple website protection against
DDoS and web application attacks. It reduces risks of downtime, data theft, and website
defacement. Protects against web attacks and DDoS. And Implements rule updates
automatically.
CONCLUSION

Based on the findings of the study, it can be drawn that the performance of
satisfactory of Computer Security Management in CTU Danao Campus needs
improvement.

This Study reveals that the students suffer some issues in computer security
where it can affect to do their task like editing, programs etc. Thus, the designed
instructional material is recommended for implementation.

RECOMMENDATION

Based on the findings and conclusion presented, the following recommendations are
suggested:

1. The researchers recommend that the CTU Danao Campus should take steps to
ensure that students are completely confident in their computer security when
accessing and browsing the internet.

2. The researchers recommend that the CTU Danao Campus should guarantee 100%
assurance in addressing network security system in school.

3. The researchers recommend that the CTU Danao Campus should install or develop
tools to identify cyber security breaches. This will cause a prompt to appear on the
computer that the student is using, alerting them to the attempted cyber security breach.
BIBLIOGRAPHY

Dieter Gallman Reviews (2010) Computer security

Source: https://scholar.google.com.ph/scholar?
q=computer+security+research+articles&hl=en&as_sdt=0&as_vis=1&oi=scholart
#d=gs_qabs&u=%23p%3DUNA5SC0pMHUJ

Carl E Landwehr (2001) International journal of information security 1

Source: https://scholar.google.com.ph/scholar?
q=computer+security+research+articles&hl=en&as_sdt=0&as_vis=1&oi=scholart
#d=gs_qabs&u=%23p%3Dkm9n6jxEgwwJ

Donn B Parker Reston (1981) The text describes types of information systems.

Source: https://scholar.google.com.ph/scholar?
q=computer+security+research+articles&hl=en&as_sdt=0&as_vis=1&oi=scholart
#d=gs_qabs&u=%23p%3DUNA5SC0pMHUJ
APPENDICES

Appendix A

APPROVAL LETTER

Appendix B
INFORMANT CONSENT

Appendix C

RESEARCH INSTRUMENT
Appendix D

DOCUMENTATION
Appendix E

RESEARCHERS CURRICULUM VITAE